Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 7d762f77a564e024db149d675846e7d5e5f54649 / . / README.rst
blob: 01178fecd25c5094eb2647c74559b721231e0b52 [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Andrey Shestakov655034e2017-09-15 12:30:28 +0300[diff] [blame]74 image: mirantis/virtlet:v0.8.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]94Enable Kubenetes Federation control plane
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 federation:
102 enabled: True
103 name: federation
104 namespace: federation-system
105 source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
106 hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
107 service_type: NodePort
108 dns_provider: coredns
109 childclusters:
110 - secondcluster.mydomain
111 - thirdcluster.mydomain
112
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]113Enable external DNS addon with CoreDNS provider
114
115.. code-block:: yaml
116
117 parameters:
118 kubernetes:
119 common:
120 addons:
Sergii Golovatiuk08e47f32017-09-28 15:24:23 +0200[diff] [blame]121 coredns:
122 enabled: True
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]123 externaldns:
Sergii Golovatiuk08e47f32017-09-28 15:24:23 +0200[diff] [blame]124 enabled: True
125 domain: company.mydomain
126 provider: coredns
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]127
Andrey Shestakov79f4af02017-09-15 21:02:55 +0300[diff] [blame]128Enable external DNS addon with Designate provider
129
130.. code-block:: yaml
131
132 parameters:
133 kubernetes:
134 common:
135 addons:
136 externaldns:
Sergii Golovatiuk08e47f32017-09-28 15:24:23 +0200[diff] [blame]137 enabled: True
138 domain: company.mydomain
139 provider: designate
140 designate_os_options:
141 OS_AUTH_URL: https://keystone_auth_endpoint:5000
142 OS_PROJECT_DOMAIN_NAME: default
143 OS_USER_DOMAIN_NAME: default
144 OS_PROJECT_NAME: admin
145 OS_USERNAME: admin
146 OS_PASSWORD: password
147 OS_REGION_NAME: RegionOne
Andrey Shestakov79f4af02017-09-15 21:02:55 +0300[diff] [blame]148
Sergii Golovatiuk650948c2017-09-25 12:00:18 +0200[diff] [blame]149Enable external DNS addon with AWS provider
150
151.. code-block:: yaml
152
153 parameters:
154 kubernetes:
155 common:
156 addons:
157 externaldns:
Sergii Golovatiuk08e47f32017-09-28 15:24:23 +0200[diff] [blame]158 enabled: True
159 domain: company.mydomain
160 provider: aws
161 aws_options:
162 AWS_ACCESS_KEY_ID: XXXXXXXXXXXXXXXXXXXX
163 AWS_SECRET_ACCESS_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
164
165Enable external DNS addon with Google CloudDNS provider
166
167.. code-block:: yaml
168
169 parameters:
170 kubernetes:
171 common:
172 addons:
173 externaldns:
174 enabled: True
175 domain: company.mydomain
176 provider: google
177 google_options:
178 key: ''
179 project: default-123
180key should be exported from google console and processed as `cat key.json | tr -d '\n'`
Sergii Golovatiuk650948c2017-09-25 12:00:18 +0200[diff] [blame]181
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]182Enable OpenStack cloud provider
183
184.. code-block:: yaml
185
186 parameters:
187 kubernetes:
188 common:
189 cloudprovider:
190 enabled: True
Tomáš Kukrál10b15672017-09-05 10:08:46 +0200[diff] [blame]191 provider: openstack
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]192 params:
193 auth_url: https://openstack.mydomain:5000/v3
194 username: nova
195 password: nova
196 region: RegionOne
197 tenant_id: 4bce4162d8744c599e350099cfa22a0a
198 domain_name: default
199 subnet_id: 72407854-aca6-4cf1-b873-e9affb09484b
200 lb_version: v2
201
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]202Configure service verbosity
203
204.. code-block:: yaml
205
206 parameters:
207 kubernetes:
208 master:
209 verbosity: 2
210 pool:
211 verbosity: 2
212
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]213Set cluster name and domain
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]214
215.. code-block:: yaml
216
217 parameters:
218 kubernetes:
219 common:
220 kubernetes_cluster_domain: mycluster.domain
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]221 cluster_name : mycluster
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]222
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]223Enable autoscaler for dns addon. Poll period can be skipped.
224
225.. code-block:: yaml
226
227 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]228 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]229 addons:
230 dns:
231 domain: cluster.local
232 enabled: true
233 replicas: 1
234 server: 10.254.0.10
235 autoscaler:
236 enabled: true
237 poll-period-seconds: 60
238
239
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]240Pass aditional parameters to daemons:
241
242.. code-block:: yaml
243
244 parameters:
245 kubernetes:
246 master:
247 apiserver:
248 daemon_opts:
249 storage-backend: pigeon
250 controller_manager:
251 daemon_opts:
252 log-dir: /dev/nulL
253 pool:
254 kubelet:
255 daemon_opts:
256 max-pods: "6"
257
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]258
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]259Containers on pool definitions in pool.service.local
260
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]261.. code-block:: yaml
262
263 parameters:
264 kubernetes:
265 pool:
266 service:
267 local:
268 enabled: False
269 service: libvirt
270 cluster: openstack-compute
271 namespace: default
272 role: ${linux:system:name}
273 type: LoadBalancer
274 kind: Deployment
275 apiVersion: extensions/v1beta1
276 replicas: 1
277 host_pid: True
278 nodeSelector:
279 - key: openstack
280 value: ${linux:system:name}
281 hostNetwork: True
282 container:
283 libvirt-compute:
284 privileged: True
285 image: ${_param:docker_repository}/libvirt-compute
286 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]287
288Master definition
289
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]290.. code-block:: yaml
291
292 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]293 common:
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]294 cluster_name: cluster
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]295 addons:
296 dns:
297 domain: cluster.local
298 enabled: true
299 replicas: 1
300 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]301 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]302 admin:
303 password: password
304 username: admin
305 apiserver:
306 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]307 secure_port: 443
308 insecure_address: 127.0.0.1
309 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]310 ca: kubernetes
311 enabled: true
312 etcd:
313 host: 127.0.0.1
314 members:
315 - host: 10.0.175.100
316 name: node040
317 name: node040
318 token: ca939ec9c2a17b0786f6d411fe019e9b
319 kubelet:
320 allow_privileged: true
321 network:
322 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]323 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]324 hash: fb5e30ebe6154911a66ec3fb5f1195b2
325 private_ip_range: 10.150.0.0/16
326 version: v0.19.0
327 service_addresses: 10.254.0.0/16
328 storage:
329 engine: glusterfs
330 members:
331 - host: 10.0.175.101
332 port: 24007
333 - host: 10.0.175.102
334 port: 24007
335 - host: 10.0.175.103
336 port: 24007
337 port: 24007
338 token:
339 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
340 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
341 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
342 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
343 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
344 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
345 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
346 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
347 version: v1.2.4
348
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]349
350 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]351 pool:
352 address: 0.0.0.0
353 allow_privileged: true
354 ca: kubernetes
355 cluster_dns: 10.254.0.10
356 cluster_domain: cluster.local
357 enabled: true
358 kubelet:
359 allow_privileged: true
360 config: /etc/kubernetes/manifests
361 frequency: 5s
362 master:
363 apiserver:
364 members:
365 - host: 10.0.175.100
366 etcd:
367 members:
368 - host: 10.0.175.100
369 host: 10.0.175.100
370 network:
371 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]372 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]373 hash: fb5e30ebe6154911a66ec3fb5f1195b2
374 version: v0.19.0
375 token:
376 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
377 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
378 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]379
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]380
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]381Kubernetes with OpenContrail network plugin
382------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]383
384On Master:
385
386.. code-block:: yaml
387
388 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]389 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]390 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]391 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]392 enabled: true
393 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]394 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]395 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]396 network:
397 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]398 default_domain: default-domain
399 default_project: default-domain:default-project
400 public_network: default-domain:default-project:Public
401 public_ip_range: 185.22.97.128/26
402 private_ip_range: 10.150.0.0/16
403 service_cluster_ip_range: 10.254.0.0/16
404 network_label: name
405 service_label: uses
406 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]407 config:
408 api:
409 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]410On pools:
411
412.. code-block:: yaml
413
414 kubernetes:
415 pool:
416 network:
417 engine: opencontrail
418
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]419
420Dashboard public IP must be configured when Contrail network is used:
421
422.. code-block:: yaml
423
424 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]425 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]426 addons:
427 public_ip: 1.1.1.1
428
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]429Kubernetes control plane running in systemd
430-------------------------------------------
431
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]432By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]433
434.. code-block:: yaml
435
436 kubernetes:
437 master:
438 container: false
439
440 kubernetes:
441 pool:
442 container: false
443
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]444Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
445
446.. code-block:: yaml
447
448 kubernetes:
449 master:
450 apiserver:
451 secure_port: 8081
452
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]453Kubernetes with Flannel
454-----------------------
455
456On Master:
457
458.. code-block:: yaml
459
460 kubernetes:
461 master:
462 network:
463 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]464 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]465 etcd:
466 members:
467 - host: 10.0.175.101
468 port: 4001
469 - host: 10.0.175.102
470 port: 4001
471 - host: 10.0.175.103
472 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]473 common:
474 network:
475 engine: flannel
476
477On pools:
478
479.. code-block:: yaml
480
481 kubernetes:
482 pool:
483 network:
484 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]485 etcd:
486 members:
487 - host: 10.0.175.101
488 port: 4001
489 - host: 10.0.175.102
490 port: 4001
491 - host: 10.0.175.103
492 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]493 common:
494 network:
495 engine: flannel
496
497Kubernetes with Calico
498-----------------------
499
500On Master:
501
502.. code-block:: yaml
503
504 kubernetes:
505 master:
506 network:
507 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]508 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]509 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]510 etcd:
511 members:
512 - host: 10.0.175.101
513 port: 4001
514 - host: 10.0.175.102
515 port: 4001
516 - host: 10.0.175.103
517 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]518
519On pools:
520
521.. code-block:: yaml
522
523 kubernetes:
524 pool:
525 network:
526 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]527 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]528 etcd:
529 members:
530 - host: 10.0.175.101
531 port: 4001
532 - host: 10.0.175.102
533 port: 4001
534 - host: 10.0.175.103
535 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]536
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]537Running with secured etcd:
538
539.. code-block:: yaml
540
541 kubernetes:
542 pool:
543 network:
544 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]545 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]546 etcd:
547 ssl:
548 enabled: true
549 master:
550 network:
551 engine: calico
552 etcd:
553 ssl:
554 enabled: true
555
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]556Running with calico-policy controller:
557
558.. code-block:: yaml
559
560 kubernetes:
561 pool:
562 network:
563 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]564 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]565 addons:
566 calico_policy:
567 enabled: true
568
569 master:
570 network:
571 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]572 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]573 addons:
574 calico_policy:
575 enabled: true
576
577
578
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]579Enable Prometheus metrics in Felix
580
581.. code-block:: yaml
582
583 kubernetes:
584 pool:
585 network:
586 prometheus:
587 enabled: true
588 master:
589 network:
590 prometheus:
591 enabled: true
592
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]593Post deployment configuration
594
595.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]596
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]597 # set ETCD
598 export ETCD_AUTHORITY=10.0.111.201:4001
599
600 # Set NAT for pods subnet
601 calicoctl pool add 192.168.0.0/16 --nat-outgoing
602
603 # Status commands
604 calicoctl status
605 calicoctl node show
606
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]607Kubernetes with GlusterFS for storage
608---------------------------------------------
609
610.. code-block:: yaml
611
612 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]613 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]614 ...
615 storage:
616 engine: glusterfs
617 port: 24007
618 members:
619 - host: 10.0.175.101
620 port: 24007
621 - host: 10.0.175.102
622 port: 24007
623 - host: 10.0.175.103
624 port: 24007
625 ...
626
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]627Kubernetes Storage Class
628------------------------
629
630AWS EBS storageclass integration. It also requires to create IAM policy and profiles for instances and tag all resources by KubernetesCluster in EC2.
631
632.. code-block:: yaml
633
634 kubernetes:
635 common:
636 addons:
637 storageclass:
638 aws_slow:
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]639 enabled: True
640 default: True
641 provisioner: aws-ebs
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]642 name: slow
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]643 type: gp2
644 iopspergb: "10"
645 zones: xxx
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]646 nfs_shared:
647 name: elasti01
648 enabled: True
649 provisioner: nfs
650 spec:
651 name: elastic_data
652 nfs:
653 server: 10.0.0.1
654 path: /exported_path
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]655
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]656Kubernetes namespaces
657---------------------
658
659Create namespace:
660
661.. code-block:: yaml
662
663 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]664 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]665 ...
666 namespace:
667 kube-system:
668 enabled: True
669 namespace2:
670 enabled: True
671 namespace3:
672 enabled: False
673 ...
674
675Kubernetes labels
676-----------------
677
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]678Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]679
680.. code-block:: yaml
681
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]682 kubernetes:
683 master:
684 label:
685 label01:
686 value: value01
687 node: node01
688 enabled: true
689 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]690 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]691
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]692Pull images from private registries
693-----------------------------------
694
695.. code-block:: yaml
696
697 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]698 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]699 ...
700 registry:
701 secret:
702 registry01:
703 enabled: True
704 key: (get from `cat /root/.docker/config.json | base64`)
705 namespace: default
706 ...
707 control:
708 ...
709 service:
710 service01:
711 ...
712 image_pull_secretes: registry01
713 ...
714
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]715Kubernetes Service Definitions in pillars
716==========================================
717
718Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
719
720Deployment manifest
721---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]722
723.. code-block:: yaml
724
725 salt:
726 control:
727 enabled: True
728 hostNetwork: True
729 service:
730 memcached:
731 privileged: True
732 service: memcached
733 role: server
734 type: LoadBalancer
735 replicas: 3
736 kind: Deployment
737 apiVersion: extensions/v1beta1
738 ports:
739 - port: 8774
740 name: nova-api
741 - port: 8775
742 name: nova-metadata
743 volume:
744 volume_name:
745 type: hostPath
746 mount: /certs
747 path: /etc/certs
748 container:
749 memcached:
750 image: memcached
751 tag:2
752 ports:
753 - port: 8774
754 name: nova-api
755 - port: 8775
756 name: nova-metadata
757 variables:
758 - name: HTTP_TLS_CERTIFICATE:
759 value: /certs/domain.crt
760 - name: HTTP_TLS_KEY
761 value: /certs/domain.key
762 volumes:
763 - name: /etc/certs
764 type: hostPath
765 mount: /certs
766 path: /etc/certs
767
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]768PetSet manifest
769---------------------
770
771.. code-block:: yaml
772
773 service:
774 memcached:
775 apiVersion: apps/v1alpha1
776 kind: PetSet
777 service_name: 'memcached'
778 container:
779 memcached:
780 ...
781
782
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]783Configmap
784---------
785
786You are able to create configmaps using support layer between formulas.
787It works simple, eg. in nova formula there's file ``meta/config.yml`` which
788defines config files used by that service and roles.
789
790Kubernetes formula is able to generate these files using custom pillar and
791grains structure. This way you are able to run docker images built by any way
792while still re-using your configuration management.
793
794Example pillar:
795
796.. code-block:: bash
797
798 kubernetes:
799 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]800 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]801 configmap:
802 nova-control:
803 grains:
804 # Alternate grains as OS running in container may differ from
805 # salt minion OS. Needed only if grains matters for config
806 # generation.
807 os_family: Debian
808 pillar:
809 # Generic pillar for nova controller
810 nova:
811 controller:
812 enabled: true
813 versionn: liberty
814 ...
815
816To tell which services supports config generation, you need to ensure pillar
817structure like this to determine support:
818
819.. code-block:: yaml
820
821 nova:
822 _support:
823 config:
824 enabled: true
825
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]826initContainers
827--------------
828
829Example pillar:
830
831.. code-block:: bash
832
833 kubernetes:
834 control:
835 service:
836 memcached:
837 init_containers:
838 - name: test-mysql
839 image: busybox
840 command:
841 - sleep
842 - 3600
843 volumes:
844 - name: config
845 mount: /test
846 - name: test-memcached
847 image: busybox
848 command:
849 - sleep
850 - 3600
851 volumes:
852 - name: config
853 mount: /test
854
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]855Affinity
856--------
857
858podAffinity
859===========
860
861Example pillar:
862
863.. code-block:: bash
864
865 kubernetes:
866 control:
867 service:
868 memcached:
869 affinity:
870 pod_affinity:
871 name: podAffinity
872 expression:
873 label_selector:
874 name: labelSelector
875 selectors:
876 - key: app
877 value: memcached
878 topology_key: kubernetes.io/hostname
879
880podAntiAffinity
881===============
882
883Example pillar:
884
885.. code-block:: bash
886
887 kubernetes:
888 control:
889 service:
890 memcached:
891 affinity:
892 anti_affinity:
893 name: podAntiAffinity
894 expression:
895 label_selector:
896 name: labelSelector
897 selectors:
898 - key: app
899 value: opencontrail-control
900 topology_key: kubernetes.io/hostname
901
902nodeAffinity
903===============
904
905Example pillar:
906
907.. code-block:: bash
908
909 kubernetes:
910 control:
911 service:
912 memcached:
913 affinity:
914 node_affinity:
915 name: nodeAffinity
916 expression:
917 match_expressions:
918 name: matchExpressions
919 selectors:
920 - key: key
921 operator: In
922 values:
923 - value1
924 - value2
925
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]926Volumes
927-------
928
929hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]930==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]931
932.. code-block:: yaml
933
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]934 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]935 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]936 container:
937 memcached:
938 volumes:
939 - name: volume1
940 mountPath: /volume
941 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]942 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]943 volume:
944 volume1:
945 name: /etc/certs
946 type: hostPath
947 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]948
949emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]950========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]951
952.. code-block:: yaml
953
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]954 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]955 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]956 container:
957 memcached:
958 volumes:
959 - name: volume1
960 mountPath: /volume
961 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]962 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]963 volume:
964 volume1:
965 name: /etc/certs
966 type: emptyDir
967
968configMap
969=========
970
971.. code-block:: yaml
972
973 service:
974 memcached:
975 container:
976 memcached:
977 volumes:
978 - name: volume1
979 mountPath: /volume
980 readOnly: True
981 ...
982 volume:
983 volume1:
984 type: config_map
985 item:
986 configMap1:
987 key: config.conf
988 path: config.conf
989 configMap2:
990 key: policy.json
991 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]992
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]993To mount single configuration file instead of whole directory:
994
995.. code-block:: yaml
996
997 service:
998 memcached:
999 container:
1000 memcached:
1001 volumes:
1002 - name: volume1
1003 mountPath: /volume/config.conf
1004 sub_path: config.conf
1005
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]1006Generating Jobs
1007===============
1008
1009Example pillar:
1010
1011.. code-block:: yaml
1012
1013 kubernetes:
1014 control:
1015 job:
1016 sleep:
1017 job: sleep
1018 restart_policy: Never
1019 container:
1020 sleep:
1021 image: busybox
1022 tag: latest
1023 command:
1024 - sleep
1025 - "3600"
1026
1027Volumes and Variables can be used as the same way as during Deployment generation.
1028
1029Custom params:
1030
1031.. code-block:: yaml
1032
1033 kubernetes:
1034 control:
1035 job:
1036 host_network: True
1037 host_pid: True
1038 container:
1039 sleep:
1040 privileged: True
1041 node_selector:
1042 key: node
1043 value: one
1044 image_pull_secretes: password
1045
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1046
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]1047More Information
1048================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1049
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]1050* https://github.com/Juniper/kubernetes/blob
1051/opencontrail-integration/docs /getting-started-guides/opencontrail.md
1052* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1053
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]1054
1055Documentation and Bugs
1056======================
1057
1058To learn how to install and update salt-formulas, consult the documentation
1059available online at:
1060
1061 http://salt-formulas.readthedocs.io/
1062
1063In the unfortunate event that bugs are discovered, they should be reported to
1064the appropriate issue tracker. Use Github issue tracker for specific salt
1065formula:
1066
1067 https://github.com/salt-formulas/salt-formula-kubernetes/issues
1068
1069For feature requests, bug reports or blueprints affecting entire ecosystem,
1070use Launchpad salt-formulas project:
1071
1072 https://launchpad.net/salt-formulas
1073
1074You can also join salt-formulas-users team and subscribe to mailing list:
1075
1076 https://launchpad.net/~salt-formulas-users
1077
1078Developers wishing to work on the salt-formulas projects should always base
1079their work on master branch and submit pull request against specific formula.
1080
1081 https://github.com/salt-formulas/salt-formula-kubernetes
1082
1083Any questions or feedback is always welcome so feel free to join our IRC
1084channel:
1085
1086 #salt-formulas @ irc.freenode.net