Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 45889c6c028121d6df913017b2bedbffe77874f1 / . / README.rst
blob: 2fdaf2a1d9d521dc309737d923dfce966715f16b [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]74 image: mirantis/virtlet:v0.7.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]94Configure service verbosity
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 verbosity: 2
102 pool:
103 verbosity: 2
104
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]105Set cluster domain
106
107.. code-block:: yaml
108
109 parameters:
110 kubernetes:
111 common:
112 kubernetes_cluster_domain: mycluster.domain
113
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]114Enable autoscaler for dns addon. Poll period can be skipped.
115
116.. code-block:: yaml
117
118 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]119 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]120 addons:
121 dns:
122 domain: cluster.local
123 enabled: true
124 replicas: 1
125 server: 10.254.0.10
126 autoscaler:
127 enabled: true
128 poll-period-seconds: 60
129
130
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]131Pass aditional parameters to daemons:
132
133.. code-block:: yaml
134
135 parameters:
136 kubernetes:
137 master:
138 apiserver:
139 daemon_opts:
140 storage-backend: pigeon
141 controller_manager:
142 daemon_opts:
143 log-dir: /dev/nulL
144 pool:
145 kubelet:
146 daemon_opts:
147 max-pods: "6"
148
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]149
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]150Containers on pool definitions in pool.service.local
151
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]152.. code-block:: yaml
153
154 parameters:
155 kubernetes:
156 pool:
157 service:
158 local:
159 enabled: False
160 service: libvirt
161 cluster: openstack-compute
162 namespace: default
163 role: ${linux:system:name}
164 type: LoadBalancer
165 kind: Deployment
166 apiVersion: extensions/v1beta1
167 replicas: 1
168 host_pid: True
169 nodeSelector:
170 - key: openstack
171 value: ${linux:system:name}
172 hostNetwork: True
173 container:
174 libvirt-compute:
175 privileged: True
176 image: ${_param:docker_repository}/libvirt-compute
177 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]178
179Master definition
180
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]181.. code-block:: yaml
182
183 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]184 common:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]185 addons:
186 dns:
187 domain: cluster.local
188 enabled: true
189 replicas: 1
190 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]191 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]192 admin:
193 password: password
194 username: admin
195 apiserver:
196 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]197 secure_port: 443
198 insecure_address: 127.0.0.1
199 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]200 ca: kubernetes
201 enabled: true
202 etcd:
203 host: 127.0.0.1
204 members:
205 - host: 10.0.175.100
206 name: node040
207 name: node040
208 token: ca939ec9c2a17b0786f6d411fe019e9b
209 kubelet:
210 allow_privileged: true
211 network:
212 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]213 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]214 hash: fb5e30ebe6154911a66ec3fb5f1195b2
215 private_ip_range: 10.150.0.0/16
216 version: v0.19.0
217 service_addresses: 10.254.0.0/16
218 storage:
219 engine: glusterfs
220 members:
221 - host: 10.0.175.101
222 port: 24007
223 - host: 10.0.175.102
224 port: 24007
225 - host: 10.0.175.103
226 port: 24007
227 port: 24007
228 token:
229 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
230 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
231 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
232 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
233 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
234 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
235 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
236 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
237 version: v1.2.4
238
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]239
240 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]241 pool:
242 address: 0.0.0.0
243 allow_privileged: true
244 ca: kubernetes
245 cluster_dns: 10.254.0.10
246 cluster_domain: cluster.local
247 enabled: true
248 kubelet:
249 allow_privileged: true
250 config: /etc/kubernetes/manifests
251 frequency: 5s
252 master:
253 apiserver:
254 members:
255 - host: 10.0.175.100
256 etcd:
257 members:
258 - host: 10.0.175.100
259 host: 10.0.175.100
260 network:
261 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]262 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]263 hash: fb5e30ebe6154911a66ec3fb5f1195b2
264 version: v0.19.0
265 token:
266 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
267 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
268 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]269
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]270
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]271Kubernetes with OpenContrail network plugin
272------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]273
274On Master:
275
276.. code-block:: yaml
277
278 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]279 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]280 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]281 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]282 enabled: true
283 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]284 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]285 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]286 network:
287 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]288 default_domain: default-domain
289 default_project: default-domain:default-project
290 public_network: default-domain:default-project:Public
291 public_ip_range: 185.22.97.128/26
292 private_ip_range: 10.150.0.0/16
293 service_cluster_ip_range: 10.254.0.0/16
294 network_label: name
295 service_label: uses
296 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]297 config:
298 api:
299 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]300On pools:
301
302.. code-block:: yaml
303
304 kubernetes:
305 pool:
306 network:
307 engine: opencontrail
308
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]309
310Dashboard public IP must be configured when Contrail network is used:
311
312.. code-block:: yaml
313
314 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]315 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]316 addons:
317 public_ip: 1.1.1.1
318
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]319Kubernetes control plane running in systemd
320-------------------------------------------
321
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]322By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]323
324.. code-block:: yaml
325
326 kubernetes:
327 master:
328 container: false
329
330 kubernetes:
331 pool:
332 container: false
333
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]334Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
335
336.. code-block:: yaml
337
338 kubernetes:
339 master:
340 apiserver:
341 secure_port: 8081
342
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]343Kubernetes with Flannel
344-----------------------
345
346On Master:
347
348.. code-block:: yaml
349
350 kubernetes:
351 master:
352 network:
353 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]354 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]355 etcd:
356 members:
357 - host: 10.0.175.101
358 port: 4001
359 - host: 10.0.175.102
360 port: 4001
361 - host: 10.0.175.103
362 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]363 common:
364 network:
365 engine: flannel
366
367On pools:
368
369.. code-block:: yaml
370
371 kubernetes:
372 pool:
373 network:
374 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]375 etcd:
376 members:
377 - host: 10.0.175.101
378 port: 4001
379 - host: 10.0.175.102
380 port: 4001
381 - host: 10.0.175.103
382 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]383 common:
384 network:
385 engine: flannel
386
387Kubernetes with Calico
388-----------------------
389
390On Master:
391
392.. code-block:: yaml
393
394 kubernetes:
395 master:
396 network:
397 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]398 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]399 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]400 etcd:
401 members:
402 - host: 10.0.175.101
403 port: 4001
404 - host: 10.0.175.102
405 port: 4001
406 - host: 10.0.175.103
407 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]408
409On pools:
410
411.. code-block:: yaml
412
413 kubernetes:
414 pool:
415 network:
416 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]417 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]418 etcd:
419 members:
420 - host: 10.0.175.101
421 port: 4001
422 - host: 10.0.175.102
423 port: 4001
424 - host: 10.0.175.103
425 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]426
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]427Running with secured etcd:
428
429.. code-block:: yaml
430
431 kubernetes:
432 pool:
433 network:
434 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]435 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]436 etcd:
437 ssl:
438 enabled: true
439 master:
440 network:
441 engine: calico
442 etcd:
443 ssl:
444 enabled: true
445
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]446Running with calico-policy controller:
447
448.. code-block:: yaml
449
450 kubernetes:
451 pool:
452 network:
453 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]454 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]455 addons:
456 calico_policy:
457 enabled: true
458
459 master:
460 network:
461 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]462 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]463 addons:
464 calico_policy:
465 enabled: true
466
467
468
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]469Enable Prometheus metrics in Felix
470
471.. code-block:: yaml
472
473 kubernetes:
474 pool:
475 network:
476 prometheus:
477 enabled: true
478 master:
479 network:
480 prometheus:
481 enabled: true
482
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]483Post deployment configuration
484
485.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]486
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]487 # set ETCD
488 export ETCD_AUTHORITY=10.0.111.201:4001
489
490 # Set NAT for pods subnet
491 calicoctl pool add 192.168.0.0/16 --nat-outgoing
492
493 # Status commands
494 calicoctl status
495 calicoctl node show
496
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]497Kubernetes with GlusterFS for storage
498---------------------------------------------
499
500.. code-block:: yaml
501
502 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]503 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]504 ...
505 storage:
506 engine: glusterfs
507 port: 24007
508 members:
509 - host: 10.0.175.101
510 port: 24007
511 - host: 10.0.175.102
512 port: 24007
513 - host: 10.0.175.103
514 port: 24007
515 ...
516
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]517Kubernetes namespaces
518---------------------
519
520Create namespace:
521
522.. code-block:: yaml
523
524 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]525 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]526 ...
527 namespace:
528 kube-system:
529 enabled: True
530 namespace2:
531 enabled: True
532 namespace3:
533 enabled: False
534 ...
535
536Kubernetes labels
537-----------------
538
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]539Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]540
541.. code-block:: yaml
542
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]543 kubernetes:
544 master:
545 label:
546 label01:
547 value: value01
548 node: node01
549 enabled: true
550 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]551 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]552
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]553Pull images from private registries
554-----------------------------------
555
556.. code-block:: yaml
557
558 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]559 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]560 ...
561 registry:
562 secret:
563 registry01:
564 enabled: True
565 key: (get from `cat /root/.docker/config.json | base64`)
566 namespace: default
567 ...
568 control:
569 ...
570 service:
571 service01:
572 ...
573 image_pull_secretes: registry01
574 ...
575
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]576Kubernetes Service Definitions in pillars
577==========================================
578
579Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
580
581Deployment manifest
582---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]583
584.. code-block:: yaml
585
586 salt:
587 control:
588 enabled: True
589 hostNetwork: True
590 service:
591 memcached:
592 privileged: True
593 service: memcached
594 role: server
595 type: LoadBalancer
596 replicas: 3
597 kind: Deployment
598 apiVersion: extensions/v1beta1
599 ports:
600 - port: 8774
601 name: nova-api
602 - port: 8775
603 name: nova-metadata
604 volume:
605 volume_name:
606 type: hostPath
607 mount: /certs
608 path: /etc/certs
609 container:
610 memcached:
611 image: memcached
612 tag:2
613 ports:
614 - port: 8774
615 name: nova-api
616 - port: 8775
617 name: nova-metadata
618 variables:
619 - name: HTTP_TLS_CERTIFICATE:
620 value: /certs/domain.crt
621 - name: HTTP_TLS_KEY
622 value: /certs/domain.key
623 volumes:
624 - name: /etc/certs
625 type: hostPath
626 mount: /certs
627 path: /etc/certs
628
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]629PetSet manifest
630---------------------
631
632.. code-block:: yaml
633
634 service:
635 memcached:
636 apiVersion: apps/v1alpha1
637 kind: PetSet
638 service_name: 'memcached'
639 container:
640 memcached:
641 ...
642
643
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]644Configmap
645---------
646
647You are able to create configmaps using support layer between formulas.
648It works simple, eg. in nova formula there's file ``meta/config.yml`` which
649defines config files used by that service and roles.
650
651Kubernetes formula is able to generate these files using custom pillar and
652grains structure. This way you are able to run docker images built by any way
653while still re-using your configuration management.
654
655Example pillar:
656
657.. code-block:: bash
658
659 kubernetes:
660 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]661 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]662 configmap:
663 nova-control:
664 grains:
665 # Alternate grains as OS running in container may differ from
666 # salt minion OS. Needed only if grains matters for config
667 # generation.
668 os_family: Debian
669 pillar:
670 # Generic pillar for nova controller
671 nova:
672 controller:
673 enabled: true
674 versionn: liberty
675 ...
676
677To tell which services supports config generation, you need to ensure pillar
678structure like this to determine support:
679
680.. code-block:: yaml
681
682 nova:
683 _support:
684 config:
685 enabled: true
686
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]687initContainers
688--------------
689
690Example pillar:
691
692.. code-block:: bash
693
694 kubernetes:
695 control:
696 service:
697 memcached:
698 init_containers:
699 - name: test-mysql
700 image: busybox
701 command:
702 - sleep
703 - 3600
704 volumes:
705 - name: config
706 mount: /test
707 - name: test-memcached
708 image: busybox
709 command:
710 - sleep
711 - 3600
712 volumes:
713 - name: config
714 mount: /test
715
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]716Affinity
717--------
718
719podAffinity
720===========
721
722Example pillar:
723
724.. code-block:: bash
725
726 kubernetes:
727 control:
728 service:
729 memcached:
730 affinity:
731 pod_affinity:
732 name: podAffinity
733 expression:
734 label_selector:
735 name: labelSelector
736 selectors:
737 - key: app
738 value: memcached
739 topology_key: kubernetes.io/hostname
740
741podAntiAffinity
742===============
743
744Example pillar:
745
746.. code-block:: bash
747
748 kubernetes:
749 control:
750 service:
751 memcached:
752 affinity:
753 anti_affinity:
754 name: podAntiAffinity
755 expression:
756 label_selector:
757 name: labelSelector
758 selectors:
759 - key: app
760 value: opencontrail-control
761 topology_key: kubernetes.io/hostname
762
763nodeAffinity
764===============
765
766Example pillar:
767
768.. code-block:: bash
769
770 kubernetes:
771 control:
772 service:
773 memcached:
774 affinity:
775 node_affinity:
776 name: nodeAffinity
777 expression:
778 match_expressions:
779 name: matchExpressions
780 selectors:
781 - key: key
782 operator: In
783 values:
784 - value1
785 - value2
786
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]787Volumes
788-------
789
790hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]791==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]792
793.. code-block:: yaml
794
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]795 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]796 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]797 container:
798 memcached:
799 volumes:
800 - name: volume1
801 mountPath: /volume
802 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]803 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]804 volume:
805 volume1:
806 name: /etc/certs
807 type: hostPath
808 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]809
810emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]811========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]812
813.. code-block:: yaml
814
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]815 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]816 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]817 container:
818 memcached:
819 volumes:
820 - name: volume1
821 mountPath: /volume
822 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]823 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]824 volume:
825 volume1:
826 name: /etc/certs
827 type: emptyDir
828
829configMap
830=========
831
832.. code-block:: yaml
833
834 service:
835 memcached:
836 container:
837 memcached:
838 volumes:
839 - name: volume1
840 mountPath: /volume
841 readOnly: True
842 ...
843 volume:
844 volume1:
845 type: config_map
846 item:
847 configMap1:
848 key: config.conf
849 path: config.conf
850 configMap2:
851 key: policy.json
852 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]853
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]854To mount single configuration file instead of whole directory:
855
856.. code-block:: yaml
857
858 service:
859 memcached:
860 container:
861 memcached:
862 volumes:
863 - name: volume1
864 mountPath: /volume/config.conf
865 sub_path: config.conf
866
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]867Generating Jobs
868===============
869
870Example pillar:
871
872.. code-block:: yaml
873
874 kubernetes:
875 control:
876 job:
877 sleep:
878 job: sleep
879 restart_policy: Never
880 container:
881 sleep:
882 image: busybox
883 tag: latest
884 command:
885 - sleep
886 - "3600"
887
888Volumes and Variables can be used as the same way as during Deployment generation.
889
890Custom params:
891
892.. code-block:: yaml
893
894 kubernetes:
895 control:
896 job:
897 host_network: True
898 host_pid: True
899 container:
900 sleep:
901 privileged: True
902 node_selector:
903 key: node
904 value: one
905 image_pull_secretes: password
906
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]907
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]908More Information
909================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]910
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]911* https://github.com/Juniper/kubernetes/blob
912/opencontrail-integration/docs /getting-started-guides/opencontrail.md
913* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]914
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]915
916Documentation and Bugs
917======================
918
919To learn how to install and update salt-formulas, consult the documentation
920available online at:
921
922 http://salt-formulas.readthedocs.io/
923
924In the unfortunate event that bugs are discovered, they should be reported to
925the appropriate issue tracker. Use Github issue tracker for specific salt
926formula:
927
928 https://github.com/salt-formulas/salt-formula-kubernetes/issues
929
930For feature requests, bug reports or blueprints affecting entire ecosystem,
931use Launchpad salt-formulas project:
932
933 https://launchpad.net/salt-formulas
934
935You can also join salt-formulas-users team and subscribe to mailing list:
936
937 https://launchpad.net/~salt-formulas-users
938
939Developers wishing to work on the salt-formulas projects should always base
940their work on master branch and submit pull request against specific formula.
941
942 https://github.com/salt-formulas/salt-formula-kubernetes
943
944Any questions or feedback is always welcome so feel free to join our IRC
945channel:
946
947 #salt-formulas @ irc.freenode.net