Blame - README.rst - salt-formulas/kubernetes

blob: f5d454d0635811011bb5965b92395c3c8ced2d59 [file] [log] [blame]

marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	1
				2	==================
				3	Kubernetes Formula
				4	==================
				5
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	6	Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
				7
				8	This formula deploys production ready Kubernetes and generate Kubernetes manifests as well.
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	9
				10	Based on official Kubernetes salt
				11	https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
				12
				13	Extended on Contrail contribution https://github.com/Juniper/kubernetes/blob/opencontrail-integration/docs/getting-started-guides/opencontrail.md
				14
				15
				16	Sample pillars
				17	==============
				18
Ales Komarek	688a04c	2016-07-15 15:12:30 +0200	[diff] [blame]	19	Containers on pool definitions in pool.service.local
				20
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame^]	21	.. code-block:: yaml
				22
				23	parameters:
				24	kubernetes:
				25	pool:
				26	service:
				27	local:
				28	enabled: False
				29	service: libvirt
				30	cluster: openstack-compute
				31	namespace: default
				32	role: ${linux:system:name}
				33	type: LoadBalancer
				34	kind: Deployment
				35	apiVersion: extensions/v1beta1
				36	replicas: 1
				37	host_pid: True
				38	nodeSelector:
				39	- key: openstack
				40	value: ${linux:system:name}
				41	hostNetwork: True
				42	container:
				43	libvirt-compute:
				44	privileged: True
				45	image: ${_param:docker_repository}/libvirt-compute
				46	tag: ${_param:openstack_container_tag}
Ales Komarek	688a04c	2016-07-15 15:12:30 +0200	[diff] [blame]	47
				48	Master definition
				49
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	50	.. code-block:: yaml
				51
				52	kubernetes:
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	53	master:
				54	addons:
				55	dns:
				56	domain: cluster.local
				57	enabled: true
				58	replicas: 1
				59	server: 10.254.0.10
				60	heapster_influxdb:
				61	enabled: true
				62	public_ip: 185.22.97.132
				63	ui:
				64	enabled: true
				65	public_ip: 185.22.97.131
				66	admin:
				67	password: password
				68	username: admin
				69	apiserver:
				70	address: 10.0.175.100
				71	port: 8080
				72	ca: kubernetes
				73	enabled: true
				74	etcd:
				75	host: 127.0.0.1
				76	members:
				77	- host: 10.0.175.100
				78	name: node040
				79	name: node040
				80	token: ca939ec9c2a17b0786f6d411fe019e9b
				81	kubelet:
				82	allow_privileged: true
				83	network:
				84	engine: calico
				85	hash: fb5e30ebe6154911a66ec3fb5f1195b2
				86	private_ip_range: 10.150.0.0/16
				87	version: v0.19.0
				88	service_addresses: 10.254.0.0/16
				89	storage:
				90	engine: glusterfs
				91	members:
				92	- host: 10.0.175.101
				93	port: 24007
				94	- host: 10.0.175.102
				95	port: 24007
				96	- host: 10.0.175.103
				97	port: 24007
				98	port: 24007
				99	token:
				100	admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
				101	controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
				102	dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
				103	kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
				104	kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
				105	logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
				106	monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
				107	scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
				108	version: v1.2.4
				109
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	110
				111	kubernetes:
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	112	pool:
				113	address: 0.0.0.0
				114	allow_privileged: true
				115	ca: kubernetes
				116	cluster_dns: 10.254.0.10
				117	cluster_domain: cluster.local
				118	enabled: true
				119	kubelet:
				120	allow_privileged: true
				121	config: /etc/kubernetes/manifests
				122	frequency: 5s
				123	master:
				124	apiserver:
				125	members:
				126	- host: 10.0.175.100
				127	etcd:
				128	members:
				129	- host: 10.0.175.100
				130	host: 10.0.175.100
				131	network:
				132	engine: calico
				133	hash: fb5e30ebe6154911a66ec3fb5f1195b2
				134	version: v0.19.0
				135	token:
				136	kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
				137	kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
				138	version: v1.2.4
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	139
				140
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	141
				142	Kubernetes with OpenContrail network plugin
				143	------------------------------------------------
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	144
				145	On Master:
				146
				147	.. code-block:: yaml
				148
				149	kubernetes:
				150	master:
				151	network:
				152	engine: opencontrail
				153	host: 10.0.170.70
				154	port: 8082
				155	default_domain: default-domain
				156	default_project: default-domain:default-project
				157	public_network: default-domain:default-project:Public
				158	public_ip_range: 185.22.97.128/26
				159	private_ip_range: 10.150.0.0/16
				160	service_cluster_ip_range: 10.254.0.0/16
				161	network_label: name
				162	service_label: uses
				163	cluster_service: kube-system/default
				164	network_manager:
				165	image: pupapaik/opencontrail-kube-network-manager
				166	tag: release-1.1-jpa-final-1
				167
				168	On pools:
				169
				170	.. code-block:: yaml
				171
				172	kubernetes:
				173	pool:
				174	network:
				175	engine: opencontrail
				176
				177	Kubernetes with Flannel
				178	-----------------------
				179
				180	On Master:
				181
				182	.. code-block:: yaml
				183
				184	kubernetes:
				185	master:
				186	network:
				187	engine: flannel
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame^]	188	# If you don't register master as node:
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	189	etcd:
				190	members:
				191	- host: 10.0.175.101
				192	port: 4001
				193	- host: 10.0.175.102
				194	port: 4001
				195	- host: 10.0.175.103
				196	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	197	common:
				198	network:
				199	engine: flannel
				200
				201	On pools:
				202
				203	.. code-block:: yaml
				204
				205	kubernetes:
				206	pool:
				207	network:
				208	engine: flannel
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	209	etcd:
				210	members:
				211	- host: 10.0.175.101
				212	port: 4001
				213	- host: 10.0.175.102
				214	port: 4001
				215	- host: 10.0.175.103
				216	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	217	common:
				218	network:
				219	engine: flannel
				220
				221	Kubernetes with Calico
				222	-----------------------
				223
				224	On Master:
				225
				226	.. code-block:: yaml
				227
				228	kubernetes:
				229	master:
				230	network:
				231	engine: calico
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame^]	232	# If you don't register master as node:
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	233	etcd:
				234	members:
				235	- host: 10.0.175.101
				236	port: 4001
				237	- host: 10.0.175.102
				238	port: 4001
				239	- host: 10.0.175.103
				240	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	241
				242	On pools:
				243
				244	.. code-block:: yaml
				245
				246	kubernetes:
				247	pool:
				248	network:
				249	engine: calico
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	250	etcd:
				251	members:
				252	- host: 10.0.175.101
				253	port: 4001
				254	- host: 10.0.175.102
				255	port: 4001
				256	- host: 10.0.175.103
				257	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	258
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame^]	259	Post deployment configuration
				260
				261	.. code-block:: bash
				262	# set ETCD
				263	export ETCD_AUTHORITY=10.0.111.201:4001
				264
				265	# Set NAT for pods subnet
				266	calicoctl pool add 192.168.0.0/16 --nat-outgoing
				267
				268	# Status commands
				269	calicoctl status
				270	calicoctl node show
				271
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	272	Kubernetes with GlusterFS for storage
				273	---------------------------------------------
				274
				275	.. code-block:: yaml
				276
				277	kubernetes:
				278	master
				279	...
				280	storage:
				281	engine: glusterfs
				282	port: 24007
				283	members:
				284	- host: 10.0.175.101
				285	port: 24007
				286	- host: 10.0.175.102
				287	port: 24007
				288	- host: 10.0.175.103
				289	port: 24007
				290	...
				291
marco	45fc1b7	2016-07-02 16:11:18 +0200	[diff] [blame]	292	Kubernetes namespaces
				293	---------------------
				294
				295	Create namespace:
				296
				297	.. code-block:: yaml
				298
				299	kubernetes:
				300	master
				301	...
				302	namespace:
				303	kube-system:
				304	enabled: True
				305	namespace2:
				306	enabled: True
				307	namespace3:
				308	enabled: False
				309	...
				310
				311	Kubernetes labels
				312	-----------------
				313
				314	Create namespace:
				315
				316	.. code-block:: yaml
				317
				318	kubernetes:
				319	pool
				320	...
				321	host:
				322	label:
				323	key01:
				324	value: value01
				325	enable: True
				326	key02:
				327	value: value02
				328	enable: False
				329	name: ${linux:system:name}
				330	...
				331
marco	f7efecb	2016-07-16 16:13:37 +0200	[diff] [blame]	332	Pull images from private registries
				333	-----------------------------------
				334
				335	.. code-block:: yaml
				336
				337	kubernetes:
				338	master
				339	...
				340	registry:
				341	secret:
				342	registry01:
				343	enabled: True
				344	key: (get from `cat /root/.docker/config.json \| base64`)
				345	namespace: default
				346	...
				347	control:
				348	...
				349	service:
				350	service01:
				351	...
				352	image_pull_secretes: registry01
				353	...
				354
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	355	Kubernetes Service Definitions in pillars
				356	==========================================
				357
				358	Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
				359
				360	Deployment manifest
				361	---------------------
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	362
				363	.. code-block:: yaml
				364
				365	salt:
				366	control:
				367	enabled: True
				368	hostNetwork: True
				369	service:
				370	memcached:
				371	privileged: True
				372	service: memcached
				373	role: server
				374	type: LoadBalancer
				375	replicas: 3
				376	kind: Deployment
				377	apiVersion: extensions/v1beta1
				378	ports:
				379	- port: 8774
				380	name: nova-api
				381	- port: 8775
				382	name: nova-metadata
				383	volume:
				384	volume_name:
				385	type: hostPath
				386	mount: /certs
				387	path: /etc/certs
				388	container:
				389	memcached:
				390	image: memcached
				391	tag:2
				392	ports:
				393	- port: 8774
				394	name: nova-api
				395	- port: 8775
				396	name: nova-metadata
				397	variables:
				398	- name: HTTP_TLS_CERTIFICATE:
				399	value: /certs/domain.crt
				400	- name: HTTP_TLS_KEY
				401	value: /certs/domain.key
				402	volumes:
				403	- name: /etc/certs
				404	type: hostPath
				405	mount: /certs
				406	path: /etc/certs
				407
				408	Volumes
				409	-------
				410
				411	hostPath
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	412	==========
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	413
				414	.. code-block:: yaml
				415
				416	container:
				417	memcached:
				418	...
				419	volumes:
				420	- name: /etc/certs
				421	mount: /certs
				422	type: hostPath
				423	path: /etc/certs
				424
				425	emptyDir
Ales Komarek	688a04c	2016-07-15 15:12:30 +0200	[diff] [blame]	426	========
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	427
				428	.. code-block:: yaml
				429
				430	container:
				431	memcached:
				432	...
				433	volumes:
				434	- name: /etc/certs
				435	mount: /certs
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame^]	436	type: emptyDir