Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 7c0dc21f27e434c9889b00739e62098bd75afb3a / . / README.rst
blob: 0ec06d2062abcbbb5d746611f4fd8f90104b06a9 [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]74 image: mirantis/virtlet:v0.7.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]94Enable Kubenetes Federation control plane
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 federation:
102 enabled: True
103 name: federation
104 namespace: federation-system
105 source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
106 hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
107 service_type: NodePort
108 dns_provider: coredns
109 childclusters:
110 - secondcluster.mydomain
111 - thirdcluster.mydomain
112
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]113Enable external DNS addon with CoreDNS provider
114
115.. code-block:: yaml
116
117 parameters:
118 kubernetes:
119 common:
120 addons:
121 externaldns:
122 coredns:
123 enabled: True
124 externaldns:
125 enabled: True
126 domain: company.mydomain
127 provider: coredns
128
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]129Configure service verbosity
130
131.. code-block:: yaml
132
133 parameters:
134 kubernetes:
135 master:
136 verbosity: 2
137 pool:
138 verbosity: 2
139
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]140Set cluster name and domain
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]141
142.. code-block:: yaml
143
144 parameters:
145 kubernetes:
146 common:
147 kubernetes_cluster_domain: mycluster.domain
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]148 cluster_name : mycluster
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]149
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]150Enable autoscaler for dns addon. Poll period can be skipped.
151
152.. code-block:: yaml
153
154 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]155 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]156 addons:
157 dns:
158 domain: cluster.local
159 enabled: true
160 replicas: 1
161 server: 10.254.0.10
162 autoscaler:
163 enabled: true
164 poll-period-seconds: 60
165
166
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]167Pass aditional parameters to daemons:
168
169.. code-block:: yaml
170
171 parameters:
172 kubernetes:
173 master:
174 apiserver:
175 daemon_opts:
176 storage-backend: pigeon
177 controller_manager:
178 daemon_opts:
179 log-dir: /dev/nulL
180 pool:
181 kubelet:
182 daemon_opts:
183 max-pods: "6"
184
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]185
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]186Containers on pool definitions in pool.service.local
187
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]188.. code-block:: yaml
189
190 parameters:
191 kubernetes:
192 pool:
193 service:
194 local:
195 enabled: False
196 service: libvirt
197 cluster: openstack-compute
198 namespace: default
199 role: ${linux:system:name}
200 type: LoadBalancer
201 kind: Deployment
202 apiVersion: extensions/v1beta1
203 replicas: 1
204 host_pid: True
205 nodeSelector:
206 - key: openstack
207 value: ${linux:system:name}
208 hostNetwork: True
209 container:
210 libvirt-compute:
211 privileged: True
212 image: ${_param:docker_repository}/libvirt-compute
213 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]214
215Master definition
216
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]217.. code-block:: yaml
218
219 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]220 common:
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]221 cluster_name: cluster
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]222 addons:
223 dns:
224 domain: cluster.local
225 enabled: true
226 replicas: 1
227 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]228 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]229 admin:
230 password: password
231 username: admin
232 apiserver:
233 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]234 secure_port: 443
235 insecure_address: 127.0.0.1
236 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]237 ca: kubernetes
238 enabled: true
239 etcd:
240 host: 127.0.0.1
241 members:
242 - host: 10.0.175.100
243 name: node040
244 name: node040
245 token: ca939ec9c2a17b0786f6d411fe019e9b
246 kubelet:
247 allow_privileged: true
248 network:
249 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]250 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]251 hash: fb5e30ebe6154911a66ec3fb5f1195b2
252 private_ip_range: 10.150.0.0/16
253 version: v0.19.0
254 service_addresses: 10.254.0.0/16
255 storage:
256 engine: glusterfs
257 members:
258 - host: 10.0.175.101
259 port: 24007
260 - host: 10.0.175.102
261 port: 24007
262 - host: 10.0.175.103
263 port: 24007
264 port: 24007
265 token:
266 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
267 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
268 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
269 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
270 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
271 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
272 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
273 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
274 version: v1.2.4
275
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]276
277 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]278 pool:
279 address: 0.0.0.0
280 allow_privileged: true
281 ca: kubernetes
282 cluster_dns: 10.254.0.10
283 cluster_domain: cluster.local
284 enabled: true
285 kubelet:
286 allow_privileged: true
287 config: /etc/kubernetes/manifests
288 frequency: 5s
289 master:
290 apiserver:
291 members:
292 - host: 10.0.175.100
293 etcd:
294 members:
295 - host: 10.0.175.100
296 host: 10.0.175.100
297 network:
298 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]299 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]300 hash: fb5e30ebe6154911a66ec3fb5f1195b2
301 version: v0.19.0
302 token:
303 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
304 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
305 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]306
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]307
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]308Kubernetes with OpenContrail network plugin
309------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]310
311On Master:
312
313.. code-block:: yaml
314
315 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]316 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]317 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]318 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]319 enabled: true
320 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]321 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]322 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]323 network:
324 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]325 default_domain: default-domain
326 default_project: default-domain:default-project
327 public_network: default-domain:default-project:Public
328 public_ip_range: 185.22.97.128/26
329 private_ip_range: 10.150.0.0/16
330 service_cluster_ip_range: 10.254.0.0/16
331 network_label: name
332 service_label: uses
333 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]334 config:
335 api:
336 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]337On pools:
338
339.. code-block:: yaml
340
341 kubernetes:
342 pool:
343 network:
344 engine: opencontrail
345
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]346
347Dashboard public IP must be configured when Contrail network is used:
348
349.. code-block:: yaml
350
351 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]352 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]353 addons:
354 public_ip: 1.1.1.1
355
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]356Kubernetes control plane running in systemd
357-------------------------------------------
358
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]359By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]360
361.. code-block:: yaml
362
363 kubernetes:
364 master:
365 container: false
366
367 kubernetes:
368 pool:
369 container: false
370
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]371Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
372
373.. code-block:: yaml
374
375 kubernetes:
376 master:
377 apiserver:
378 secure_port: 8081
379
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]380Kubernetes with Flannel
381-----------------------
382
383On Master:
384
385.. code-block:: yaml
386
387 kubernetes:
388 master:
389 network:
390 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]391 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]392 etcd:
393 members:
394 - host: 10.0.175.101
395 port: 4001
396 - host: 10.0.175.102
397 port: 4001
398 - host: 10.0.175.103
399 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]400 common:
401 network:
402 engine: flannel
403
404On pools:
405
406.. code-block:: yaml
407
408 kubernetes:
409 pool:
410 network:
411 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]412 etcd:
413 members:
414 - host: 10.0.175.101
415 port: 4001
416 - host: 10.0.175.102
417 port: 4001
418 - host: 10.0.175.103
419 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]420 common:
421 network:
422 engine: flannel
423
424Kubernetes with Calico
425-----------------------
426
427On Master:
428
429.. code-block:: yaml
430
431 kubernetes:
432 master:
433 network:
434 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]435 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]436 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]437 etcd:
438 members:
439 - host: 10.0.175.101
440 port: 4001
441 - host: 10.0.175.102
442 port: 4001
443 - host: 10.0.175.103
444 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]445
446On pools:
447
448.. code-block:: yaml
449
450 kubernetes:
451 pool:
452 network:
453 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]454 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]455 etcd:
456 members:
457 - host: 10.0.175.101
458 port: 4001
459 - host: 10.0.175.102
460 port: 4001
461 - host: 10.0.175.103
462 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]463
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]464Running with secured etcd:
465
466.. code-block:: yaml
467
468 kubernetes:
469 pool:
470 network:
471 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]472 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]473 etcd:
474 ssl:
475 enabled: true
476 master:
477 network:
478 engine: calico
479 etcd:
480 ssl:
481 enabled: true
482
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]483Running with calico-policy controller:
484
485.. code-block:: yaml
486
487 kubernetes:
488 pool:
489 network:
490 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]491 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]492 addons:
493 calico_policy:
494 enabled: true
495
496 master:
497 network:
498 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]499 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]500 addons:
501 calico_policy:
502 enabled: true
503
504
505
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]506Enable Prometheus metrics in Felix
507
508.. code-block:: yaml
509
510 kubernetes:
511 pool:
512 network:
513 prometheus:
514 enabled: true
515 master:
516 network:
517 prometheus:
518 enabled: true
519
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]520Post deployment configuration
521
522.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]523
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]524 # set ETCD
525 export ETCD_AUTHORITY=10.0.111.201:4001
526
527 # Set NAT for pods subnet
528 calicoctl pool add 192.168.0.0/16 --nat-outgoing
529
530 # Status commands
531 calicoctl status
532 calicoctl node show
533
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]534Kubernetes with GlusterFS for storage
535---------------------------------------------
536
537.. code-block:: yaml
538
539 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]540 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]541 ...
542 storage:
543 engine: glusterfs
544 port: 24007
545 members:
546 - host: 10.0.175.101
547 port: 24007
548 - host: 10.0.175.102
549 port: 24007
550 - host: 10.0.175.103
551 port: 24007
552 ...
553
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]554Kubernetes namespaces
555---------------------
556
557Create namespace:
558
559.. code-block:: yaml
560
561 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]562 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]563 ...
564 namespace:
565 kube-system:
566 enabled: True
567 namespace2:
568 enabled: True
569 namespace3:
570 enabled: False
571 ...
572
573Kubernetes labels
574-----------------
575
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]576Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]577
578.. code-block:: yaml
579
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]580 kubernetes:
581 master:
582 label:
583 label01:
584 value: value01
585 node: node01
586 enabled: true
587 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]588 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]589
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]590Pull images from private registries
591-----------------------------------
592
593.. code-block:: yaml
594
595 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]596 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]597 ...
598 registry:
599 secret:
600 registry01:
601 enabled: True
602 key: (get from `cat /root/.docker/config.json | base64`)
603 namespace: default
604 ...
605 control:
606 ...
607 service:
608 service01:
609 ...
610 image_pull_secretes: registry01
611 ...
612
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]613Kubernetes Service Definitions in pillars
614==========================================
615
616Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
617
618Deployment manifest
619---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]620
621.. code-block:: yaml
622
623 salt:
624 control:
625 enabled: True
626 hostNetwork: True
627 service:
628 memcached:
629 privileged: True
630 service: memcached
631 role: server
632 type: LoadBalancer
633 replicas: 3
634 kind: Deployment
635 apiVersion: extensions/v1beta1
636 ports:
637 - port: 8774
638 name: nova-api
639 - port: 8775
640 name: nova-metadata
641 volume:
642 volume_name:
643 type: hostPath
644 mount: /certs
645 path: /etc/certs
646 container:
647 memcached:
648 image: memcached
649 tag:2
650 ports:
651 - port: 8774
652 name: nova-api
653 - port: 8775
654 name: nova-metadata
655 variables:
656 - name: HTTP_TLS_CERTIFICATE:
657 value: /certs/domain.crt
658 - name: HTTP_TLS_KEY
659 value: /certs/domain.key
660 volumes:
661 - name: /etc/certs
662 type: hostPath
663 mount: /certs
664 path: /etc/certs
665
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]666PetSet manifest
667---------------------
668
669.. code-block:: yaml
670
671 service:
672 memcached:
673 apiVersion: apps/v1alpha1
674 kind: PetSet
675 service_name: 'memcached'
676 container:
677 memcached:
678 ...
679
680
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]681Configmap
682---------
683
684You are able to create configmaps using support layer between formulas.
685It works simple, eg. in nova formula there's file ``meta/config.yml`` which
686defines config files used by that service and roles.
687
688Kubernetes formula is able to generate these files using custom pillar and
689grains structure. This way you are able to run docker images built by any way
690while still re-using your configuration management.
691
692Example pillar:
693
694.. code-block:: bash
695
696 kubernetes:
697 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]698 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]699 configmap:
700 nova-control:
701 grains:
702 # Alternate grains as OS running in container may differ from
703 # salt minion OS. Needed only if grains matters for config
704 # generation.
705 os_family: Debian
706 pillar:
707 # Generic pillar for nova controller
708 nova:
709 controller:
710 enabled: true
711 versionn: liberty
712 ...
713
714To tell which services supports config generation, you need to ensure pillar
715structure like this to determine support:
716
717.. code-block:: yaml
718
719 nova:
720 _support:
721 config:
722 enabled: true
723
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]724initContainers
725--------------
726
727Example pillar:
728
729.. code-block:: bash
730
731 kubernetes:
732 control:
733 service:
734 memcached:
735 init_containers:
736 - name: test-mysql
737 image: busybox
738 command:
739 - sleep
740 - 3600
741 volumes:
742 - name: config
743 mount: /test
744 - name: test-memcached
745 image: busybox
746 command:
747 - sleep
748 - 3600
749 volumes:
750 - name: config
751 mount: /test
752
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]753Affinity
754--------
755
756podAffinity
757===========
758
759Example pillar:
760
761.. code-block:: bash
762
763 kubernetes:
764 control:
765 service:
766 memcached:
767 affinity:
768 pod_affinity:
769 name: podAffinity
770 expression:
771 label_selector:
772 name: labelSelector
773 selectors:
774 - key: app
775 value: memcached
776 topology_key: kubernetes.io/hostname
777
778podAntiAffinity
779===============
780
781Example pillar:
782
783.. code-block:: bash
784
785 kubernetes:
786 control:
787 service:
788 memcached:
789 affinity:
790 anti_affinity:
791 name: podAntiAffinity
792 expression:
793 label_selector:
794 name: labelSelector
795 selectors:
796 - key: app
797 value: opencontrail-control
798 topology_key: kubernetes.io/hostname
799
800nodeAffinity
801===============
802
803Example pillar:
804
805.. code-block:: bash
806
807 kubernetes:
808 control:
809 service:
810 memcached:
811 affinity:
812 node_affinity:
813 name: nodeAffinity
814 expression:
815 match_expressions:
816 name: matchExpressions
817 selectors:
818 - key: key
819 operator: In
820 values:
821 - value1
822 - value2
823
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]824Volumes
825-------
826
827hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]828==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]829
830.. code-block:: yaml
831
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]832 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]833 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]834 container:
835 memcached:
836 volumes:
837 - name: volume1
838 mountPath: /volume
839 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]840 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]841 volume:
842 volume1:
843 name: /etc/certs
844 type: hostPath
845 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]846
847emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]848========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]849
850.. code-block:: yaml
851
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]852 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]853 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]854 container:
855 memcached:
856 volumes:
857 - name: volume1
858 mountPath: /volume
859 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]860 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]861 volume:
862 volume1:
863 name: /etc/certs
864 type: emptyDir
865
866configMap
867=========
868
869.. code-block:: yaml
870
871 service:
872 memcached:
873 container:
874 memcached:
875 volumes:
876 - name: volume1
877 mountPath: /volume
878 readOnly: True
879 ...
880 volume:
881 volume1:
882 type: config_map
883 item:
884 configMap1:
885 key: config.conf
886 path: config.conf
887 configMap2:
888 key: policy.json
889 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]890
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]891To mount single configuration file instead of whole directory:
892
893.. code-block:: yaml
894
895 service:
896 memcached:
897 container:
898 memcached:
899 volumes:
900 - name: volume1
901 mountPath: /volume/config.conf
902 sub_path: config.conf
903
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]904Generating Jobs
905===============
906
907Example pillar:
908
909.. code-block:: yaml
910
911 kubernetes:
912 control:
913 job:
914 sleep:
915 job: sleep
916 restart_policy: Never
917 container:
918 sleep:
919 image: busybox
920 tag: latest
921 command:
922 - sleep
923 - "3600"
924
925Volumes and Variables can be used as the same way as during Deployment generation.
926
927Custom params:
928
929.. code-block:: yaml
930
931 kubernetes:
932 control:
933 job:
934 host_network: True
935 host_pid: True
936 container:
937 sleep:
938 privileged: True
939 node_selector:
940 key: node
941 value: one
942 image_pull_secretes: password
943
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]944
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]945More Information
946================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]947
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]948* https://github.com/Juniper/kubernetes/blob
949/opencontrail-integration/docs /getting-started-guides/opencontrail.md
950* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]951
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]952
953Documentation and Bugs
954======================
955
956To learn how to install and update salt-formulas, consult the documentation
957available online at:
958
959 http://salt-formulas.readthedocs.io/
960
961In the unfortunate event that bugs are discovered, they should be reported to
962the appropriate issue tracker. Use Github issue tracker for specific salt
963formula:
964
965 https://github.com/salt-formulas/salt-formula-kubernetes/issues
966
967For feature requests, bug reports or blueprints affecting entire ecosystem,
968use Launchpad salt-formulas project:
969
970 https://launchpad.net/salt-formulas
971
972You can also join salt-formulas-users team and subscribe to mailing list:
973
974 https://launchpad.net/~salt-formulas-users
975
976Developers wishing to work on the salt-formulas projects should always base
977their work on master branch and submit pull request against specific formula.
978
979 https://github.com/salt-formulas/salt-formula-kubernetes
980
981Any questions or feedback is always welcome so feel free to join our IRC
982channel:
983
984 #salt-formulas @ irc.freenode.net