Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 25c78f9f63a4c5536e1c038761822dc45b3a833e / . / README.rst
blob: 4d375e8bc8ea706578649d14f2cbf00a66ebd2ed [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]74 image: mirantis/virtlet:v0.7.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]94Enable Kubenetes Federation control plane
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 federation:
102 enabled: True
103 name: federation
104 namespace: federation-system
105 source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
106 hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
107 service_type: NodePort
108 dns_provider: coredns
109 childclusters:
110 - secondcluster.mydomain
111 - thirdcluster.mydomain
112
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]113Configure service verbosity
114
115.. code-block:: yaml
116
117 parameters:
118 kubernetes:
119 master:
120 verbosity: 2
121 pool:
122 verbosity: 2
123
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]124Set cluster name and domain
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]125
126.. code-block:: yaml
127
128 parameters:
129 kubernetes:
130 common:
131 kubernetes_cluster_domain: mycluster.domain
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]132 cluster_name : mycluster
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]133
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]134Enable autoscaler for dns addon. Poll period can be skipped.
135
136.. code-block:: yaml
137
138 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]139 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]140 addons:
141 dns:
142 domain: cluster.local
143 enabled: true
144 replicas: 1
145 server: 10.254.0.10
146 autoscaler:
147 enabled: true
148 poll-period-seconds: 60
149
150
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]151Pass aditional parameters to daemons:
152
153.. code-block:: yaml
154
155 parameters:
156 kubernetes:
157 master:
158 apiserver:
159 daemon_opts:
160 storage-backend: pigeon
161 controller_manager:
162 daemon_opts:
163 log-dir: /dev/nulL
164 pool:
165 kubelet:
166 daemon_opts:
167 max-pods: "6"
168
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]169
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]170Containers on pool definitions in pool.service.local
171
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]172.. code-block:: yaml
173
174 parameters:
175 kubernetes:
176 pool:
177 service:
178 local:
179 enabled: False
180 service: libvirt
181 cluster: openstack-compute
182 namespace: default
183 role: ${linux:system:name}
184 type: LoadBalancer
185 kind: Deployment
186 apiVersion: extensions/v1beta1
187 replicas: 1
188 host_pid: True
189 nodeSelector:
190 - key: openstack
191 value: ${linux:system:name}
192 hostNetwork: True
193 container:
194 libvirt-compute:
195 privileged: True
196 image: ${_param:docker_repository}/libvirt-compute
197 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]198
199Master definition
200
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]201.. code-block:: yaml
202
203 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]204 common:
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]205 cluster_name: cluster
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]206 addons:
207 dns:
208 domain: cluster.local
209 enabled: true
210 replicas: 1
211 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]212 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]213 admin:
214 password: password
215 username: admin
216 apiserver:
217 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]218 secure_port: 443
219 insecure_address: 127.0.0.1
220 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]221 ca: kubernetes
222 enabled: true
223 etcd:
224 host: 127.0.0.1
225 members:
226 - host: 10.0.175.100
227 name: node040
228 name: node040
229 token: ca939ec9c2a17b0786f6d411fe019e9b
230 kubelet:
231 allow_privileged: true
232 network:
233 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]234 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]235 hash: fb5e30ebe6154911a66ec3fb5f1195b2
236 private_ip_range: 10.150.0.0/16
237 version: v0.19.0
238 service_addresses: 10.254.0.0/16
239 storage:
240 engine: glusterfs
241 members:
242 - host: 10.0.175.101
243 port: 24007
244 - host: 10.0.175.102
245 port: 24007
246 - host: 10.0.175.103
247 port: 24007
248 port: 24007
249 token:
250 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
251 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
252 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
253 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
254 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
255 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
256 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
257 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
258 version: v1.2.4
259
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]260
261 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]262 pool:
263 address: 0.0.0.0
264 allow_privileged: true
265 ca: kubernetes
266 cluster_dns: 10.254.0.10
267 cluster_domain: cluster.local
268 enabled: true
269 kubelet:
270 allow_privileged: true
271 config: /etc/kubernetes/manifests
272 frequency: 5s
273 master:
274 apiserver:
275 members:
276 - host: 10.0.175.100
277 etcd:
278 members:
279 - host: 10.0.175.100
280 host: 10.0.175.100
281 network:
282 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]283 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]284 hash: fb5e30ebe6154911a66ec3fb5f1195b2
285 version: v0.19.0
286 token:
287 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
288 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
289 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]290
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]291
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]292Kubernetes with OpenContrail network plugin
293------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]294
295On Master:
296
297.. code-block:: yaml
298
299 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]300 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]301 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]302 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]303 enabled: true
304 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]305 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]306 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]307 network:
308 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]309 default_domain: default-domain
310 default_project: default-domain:default-project
311 public_network: default-domain:default-project:Public
312 public_ip_range: 185.22.97.128/26
313 private_ip_range: 10.150.0.0/16
314 service_cluster_ip_range: 10.254.0.0/16
315 network_label: name
316 service_label: uses
317 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]318 config:
319 api:
320 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]321On pools:
322
323.. code-block:: yaml
324
325 kubernetes:
326 pool:
327 network:
328 engine: opencontrail
329
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]330
331Dashboard public IP must be configured when Contrail network is used:
332
333.. code-block:: yaml
334
335 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]336 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]337 addons:
338 public_ip: 1.1.1.1
339
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]340Kubernetes control plane running in systemd
341-------------------------------------------
342
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]343By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]344
345.. code-block:: yaml
346
347 kubernetes:
348 master:
349 container: false
350
351 kubernetes:
352 pool:
353 container: false
354
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]355Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
356
357.. code-block:: yaml
358
359 kubernetes:
360 master:
361 apiserver:
362 secure_port: 8081
363
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]364Kubernetes with Flannel
365-----------------------
366
367On Master:
368
369.. code-block:: yaml
370
371 kubernetes:
372 master:
373 network:
374 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]375 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]376 etcd:
377 members:
378 - host: 10.0.175.101
379 port: 4001
380 - host: 10.0.175.102
381 port: 4001
382 - host: 10.0.175.103
383 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]384 common:
385 network:
386 engine: flannel
387
388On pools:
389
390.. code-block:: yaml
391
392 kubernetes:
393 pool:
394 network:
395 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]396 etcd:
397 members:
398 - host: 10.0.175.101
399 port: 4001
400 - host: 10.0.175.102
401 port: 4001
402 - host: 10.0.175.103
403 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]404 common:
405 network:
406 engine: flannel
407
408Kubernetes with Calico
409-----------------------
410
411On Master:
412
413.. code-block:: yaml
414
415 kubernetes:
416 master:
417 network:
418 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]419 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]420 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]421 etcd:
422 members:
423 - host: 10.0.175.101
424 port: 4001
425 - host: 10.0.175.102
426 port: 4001
427 - host: 10.0.175.103
428 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]429
430On pools:
431
432.. code-block:: yaml
433
434 kubernetes:
435 pool:
436 network:
437 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]438 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]439 etcd:
440 members:
441 - host: 10.0.175.101
442 port: 4001
443 - host: 10.0.175.102
444 port: 4001
445 - host: 10.0.175.103
446 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]447
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]448Running with secured etcd:
449
450.. code-block:: yaml
451
452 kubernetes:
453 pool:
454 network:
455 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]456 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]457 etcd:
458 ssl:
459 enabled: true
460 master:
461 network:
462 engine: calico
463 etcd:
464 ssl:
465 enabled: true
466
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]467Running with calico-policy controller:
468
469.. code-block:: yaml
470
471 kubernetes:
472 pool:
473 network:
474 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]475 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]476 addons:
477 calico_policy:
478 enabled: true
479
480 master:
481 network:
482 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]483 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]484 addons:
485 calico_policy:
486 enabled: true
487
488
489
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]490Enable Prometheus metrics in Felix
491
492.. code-block:: yaml
493
494 kubernetes:
495 pool:
496 network:
497 prometheus:
498 enabled: true
499 master:
500 network:
501 prometheus:
502 enabled: true
503
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]504Post deployment configuration
505
506.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]507
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]508 # set ETCD
509 export ETCD_AUTHORITY=10.0.111.201:4001
510
511 # Set NAT for pods subnet
512 calicoctl pool add 192.168.0.0/16 --nat-outgoing
513
514 # Status commands
515 calicoctl status
516 calicoctl node show
517
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]518Kubernetes with GlusterFS for storage
519---------------------------------------------
520
521.. code-block:: yaml
522
523 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]524 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]525 ...
526 storage:
527 engine: glusterfs
528 port: 24007
529 members:
530 - host: 10.0.175.101
531 port: 24007
532 - host: 10.0.175.102
533 port: 24007
534 - host: 10.0.175.103
535 port: 24007
536 ...
537
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]538Kubernetes namespaces
539---------------------
540
541Create namespace:
542
543.. code-block:: yaml
544
545 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]546 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]547 ...
548 namespace:
549 kube-system:
550 enabled: True
551 namespace2:
552 enabled: True
553 namespace3:
554 enabled: False
555 ...
556
557Kubernetes labels
558-----------------
559
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]560Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]561
562.. code-block:: yaml
563
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]564 kubernetes:
565 master:
566 label:
567 label01:
568 value: value01
569 node: node01
570 enabled: true
571 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]572 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]573
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]574Pull images from private registries
575-----------------------------------
576
577.. code-block:: yaml
578
579 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]580 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]581 ...
582 registry:
583 secret:
584 registry01:
585 enabled: True
586 key: (get from `cat /root/.docker/config.json | base64`)
587 namespace: default
588 ...
589 control:
590 ...
591 service:
592 service01:
593 ...
594 image_pull_secretes: registry01
595 ...
596
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]597Kubernetes Service Definitions in pillars
598==========================================
599
600Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
601
602Deployment manifest
603---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]604
605.. code-block:: yaml
606
607 salt:
608 control:
609 enabled: True
610 hostNetwork: True
611 service:
612 memcached:
613 privileged: True
614 service: memcached
615 role: server
616 type: LoadBalancer
617 replicas: 3
618 kind: Deployment
619 apiVersion: extensions/v1beta1
620 ports:
621 - port: 8774
622 name: nova-api
623 - port: 8775
624 name: nova-metadata
625 volume:
626 volume_name:
627 type: hostPath
628 mount: /certs
629 path: /etc/certs
630 container:
631 memcached:
632 image: memcached
633 tag:2
634 ports:
635 - port: 8774
636 name: nova-api
637 - port: 8775
638 name: nova-metadata
639 variables:
640 - name: HTTP_TLS_CERTIFICATE:
641 value: /certs/domain.crt
642 - name: HTTP_TLS_KEY
643 value: /certs/domain.key
644 volumes:
645 - name: /etc/certs
646 type: hostPath
647 mount: /certs
648 path: /etc/certs
649
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]650PetSet manifest
651---------------------
652
653.. code-block:: yaml
654
655 service:
656 memcached:
657 apiVersion: apps/v1alpha1
658 kind: PetSet
659 service_name: 'memcached'
660 container:
661 memcached:
662 ...
663
664
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]665Configmap
666---------
667
668You are able to create configmaps using support layer between formulas.
669It works simple, eg. in nova formula there's file ``meta/config.yml`` which
670defines config files used by that service and roles.
671
672Kubernetes formula is able to generate these files using custom pillar and
673grains structure. This way you are able to run docker images built by any way
674while still re-using your configuration management.
675
676Example pillar:
677
678.. code-block:: bash
679
680 kubernetes:
681 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]682 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]683 configmap:
684 nova-control:
685 grains:
686 # Alternate grains as OS running in container may differ from
687 # salt minion OS. Needed only if grains matters for config
688 # generation.
689 os_family: Debian
690 pillar:
691 # Generic pillar for nova controller
692 nova:
693 controller:
694 enabled: true
695 versionn: liberty
696 ...
697
698To tell which services supports config generation, you need to ensure pillar
699structure like this to determine support:
700
701.. code-block:: yaml
702
703 nova:
704 _support:
705 config:
706 enabled: true
707
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]708initContainers
709--------------
710
711Example pillar:
712
713.. code-block:: bash
714
715 kubernetes:
716 control:
717 service:
718 memcached:
719 init_containers:
720 - name: test-mysql
721 image: busybox
722 command:
723 - sleep
724 - 3600
725 volumes:
726 - name: config
727 mount: /test
728 - name: test-memcached
729 image: busybox
730 command:
731 - sleep
732 - 3600
733 volumes:
734 - name: config
735 mount: /test
736
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]737Affinity
738--------
739
740podAffinity
741===========
742
743Example pillar:
744
745.. code-block:: bash
746
747 kubernetes:
748 control:
749 service:
750 memcached:
751 affinity:
752 pod_affinity:
753 name: podAffinity
754 expression:
755 label_selector:
756 name: labelSelector
757 selectors:
758 - key: app
759 value: memcached
760 topology_key: kubernetes.io/hostname
761
762podAntiAffinity
763===============
764
765Example pillar:
766
767.. code-block:: bash
768
769 kubernetes:
770 control:
771 service:
772 memcached:
773 affinity:
774 anti_affinity:
775 name: podAntiAffinity
776 expression:
777 label_selector:
778 name: labelSelector
779 selectors:
780 - key: app
781 value: opencontrail-control
782 topology_key: kubernetes.io/hostname
783
784nodeAffinity
785===============
786
787Example pillar:
788
789.. code-block:: bash
790
791 kubernetes:
792 control:
793 service:
794 memcached:
795 affinity:
796 node_affinity:
797 name: nodeAffinity
798 expression:
799 match_expressions:
800 name: matchExpressions
801 selectors:
802 - key: key
803 operator: In
804 values:
805 - value1
806 - value2
807
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]808Volumes
809-------
810
811hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]812==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]813
814.. code-block:: yaml
815
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]816 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]817 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]818 container:
819 memcached:
820 volumes:
821 - name: volume1
822 mountPath: /volume
823 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]824 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]825 volume:
826 volume1:
827 name: /etc/certs
828 type: hostPath
829 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]830
831emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]832========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]833
834.. code-block:: yaml
835
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]836 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]837 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]838 container:
839 memcached:
840 volumes:
841 - name: volume1
842 mountPath: /volume
843 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]844 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]845 volume:
846 volume1:
847 name: /etc/certs
848 type: emptyDir
849
850configMap
851=========
852
853.. code-block:: yaml
854
855 service:
856 memcached:
857 container:
858 memcached:
859 volumes:
860 - name: volume1
861 mountPath: /volume
862 readOnly: True
863 ...
864 volume:
865 volume1:
866 type: config_map
867 item:
868 configMap1:
869 key: config.conf
870 path: config.conf
871 configMap2:
872 key: policy.json
873 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]874
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]875To mount single configuration file instead of whole directory:
876
877.. code-block:: yaml
878
879 service:
880 memcached:
881 container:
882 memcached:
883 volumes:
884 - name: volume1
885 mountPath: /volume/config.conf
886 sub_path: config.conf
887
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]888Generating Jobs
889===============
890
891Example pillar:
892
893.. code-block:: yaml
894
895 kubernetes:
896 control:
897 job:
898 sleep:
899 job: sleep
900 restart_policy: Never
901 container:
902 sleep:
903 image: busybox
904 tag: latest
905 command:
906 - sleep
907 - "3600"
908
909Volumes and Variables can be used as the same way as during Deployment generation.
910
911Custom params:
912
913.. code-block:: yaml
914
915 kubernetes:
916 control:
917 job:
918 host_network: True
919 host_pid: True
920 container:
921 sleep:
922 privileged: True
923 node_selector:
924 key: node
925 value: one
926 image_pull_secretes: password
927
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]928
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]929More Information
930================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]931
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]932* https://github.com/Juniper/kubernetes/blob
933/opencontrail-integration/docs /getting-started-guides/opencontrail.md
934* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]935
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]936
937Documentation and Bugs
938======================
939
940To learn how to install and update salt-formulas, consult the documentation
941available online at:
942
943 http://salt-formulas.readthedocs.io/
944
945In the unfortunate event that bugs are discovered, they should be reported to
946the appropriate issue tracker. Use Github issue tracker for specific salt
947formula:
948
949 https://github.com/salt-formulas/salt-formula-kubernetes/issues
950
951For feature requests, bug reports or blueprints affecting entire ecosystem,
952use Launchpad salt-formulas project:
953
954 https://launchpad.net/salt-formulas
955
956You can also join salt-formulas-users team and subscribe to mailing list:
957
958 https://launchpad.net/~salt-formulas-users
959
960Developers wishing to work on the salt-formulas projects should always base
961their work on master branch and submit pull request against specific formula.
962
963 https://github.com/salt-formulas/salt-formula-kubernetes
964
965Any questions or feedback is always welcome so feel free to join our IRC
966channel:
967
968 #salt-formulas @ irc.freenode.net