Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 5a8813ffb15a73b352f89031a2fa4b4100d688b0 / . / kubernetes / master / controller.sls
blob: d8c453c04dbaf109b96fe4e4852a138114e687a5 [file] [log] [blame]
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]1{%- from "kubernetes/map.jinja" import master with context %}
2{%- if master.enabled %}
3
4/srv/kubernetes/known_tokens.csv:
5 file.managed:
6 - source: salt://kubernetes/files/known_tokens.csv
7 - template: jinja
8 - user: root
9 - group: root
10 - mode: 644
11 - makedirs: true
12
13/srv/kubernetes/basic_auth.csv:
14 file.managed:
15 - source: salt://kubernetes/files/basic_auth.csv
16 - template: jinja
17 - user: root
18 - group: root
19 - mode: 644
20 - makedirs: true
21
22{%- if master.get('container', 'true') %}
23
24/var/log/kube-apiserver.log:
25 file.managed:
26 - user: root
27 - group: root
28 - mode: 644
29
30/etc/kubernetes/manifests/kube-apiserver.manifest:
31 file.managed:
32 - source: salt://kubernetes/files/manifest/kube-apiserver.manifest
33 - template: jinja
34 - user: root
35 - group: root
36 - mode: 644
37 - makedirs: true
38 - dir_mode: 755
39
40/etc/kubernetes/manifests/kube-controller-manager.manifest:
41 file.managed:
42 - source: salt://kubernetes/files/manifest/kube-controller-manager.manifest
43 - template: jinja
44 - user: root
45 - group: root
46 - mode: 644
47 - makedirs: true
48 - dir_mode: 755
49
50/var/log/kube-controller-manager.log:
51 file.managed:
52 - user: root
53 - group: root
54 - mode: 644
55
56/etc/kubernetes/manifests/kube-scheduler.manifest:
57 file.managed:
58 - source: salt://kubernetes/files/manifest/kube-scheduler.manifest
59 - template: jinja
60 - user: root
61 - group: root
62 - mode: 644
63 - makedirs: true
64 - dir_mode: 755
65
66/var/log/kube-scheduler.log:
67 file.managed:
68 - user: root
69 - group: root
70 - mode: 644
71
72{%- else %}
73
74/etc/default/kube-apiserver:
75 file.managed:
76 - user: root
77 - group: root
78 - mode: 644
Marek Celoud36b887f2017-01-27 13:54:05 +0100[diff] [blame]79 - contents: DAEMON_ARGS=" --insecure-bind-address={{ master.apiserver.insecure_address }} --etcd-servers={% for member in master.etcd.members %}http://{{ member.host }}:4001{% if not loop.last %},{% endif %}{% endfor %} --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota --service-cluster-ip-range={{ master.service_addresses }} --client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --basic-auth-file=/srv/kubernetes/basic_auth.csv --tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --secure-port={{ master.apiserver.get('secure_port', '443') }} --bind-address={{ master.apiserver.address }} --token-auth-file=/srv/kubernetes/known_tokens.csv --v=2 --allow-privileged=True --etcd-quorum-read=true {%- if master.apiserver.node_port_range is defined %} --service-node-port-range {{ master.apiserver.node_port_range }} {%- endif %}"
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]80
81/etc/default/kube-controller-manager:
82 file.managed:
83 - user: root
84 - group: root
85 - mode: 644
marco70713c62016-07-27 13:58:10 +0200[diff] [blame]86 - contents: DAEMON_ARGS=" --master={{ master.apiserver.insecure_address }}:8080 --cluster-name=kubernetes --service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --v=2 --root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --leader-elect=true"
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]87
88/etc/default/kube-scheduler:
89 file.managed:
90 - user: root
91 - group: root
92 - mode: 644
93 - contents: DAEMON_ARGS=" --master={{ master.apiserver.insecure_address }}:8080 --v=2 --leader-elect=true"
94
marco17990732016-09-13 17:07:47 +0200[diff] [blame]95/etc/systemd/system/kube-apiserver.service:
96 file.managed:
97 - source: salt://kubernetes/files/systemd/kube-apiserver.service
98 - template: jinja
99 - user: root
100 - group: root
101 - mode: 644
102
103/etc/systemd/system/kube-scheduler.service:
104 file.managed:
105 - source: salt://kubernetes/files/systemd/kube-scheduler.service
106 - template: jinja
107 - user: root
108 - group: root
109 - mode: 644
110
111/etc/systemd/system/kube-controller-manager.service:
112 file.managed:
113 - source: salt://kubernetes/files/systemd/kube-controller-manager.service
114 - template: jinja
115 - user: root
116 - group: root
117 - mode: 644
118
Tomáš Kukrál02fcc222017-01-26 10:46:00 +0100[diff] [blame]119{% for filename in ['kubernetes-server.crt', 'kubernetes-server.key', 'kubernetes-server.pem'] %}
120
121/etc/kubernetes/ssl/{{ filename }}:
122 file.managed:
Marek Celoud5a8813f2017-01-27 15:50:02 +0100[diff] [blame^]123 - source: salt://{{ master.get('cert_source','_certs/kubernetes') }}/{{ filename }}
Tomáš Kukrál02fcc222017-01-26 10:46:00 +0100[diff] [blame]124 - user: root
125 - group: haproxy
126 - mode: 640
127 - watch_in:
128 - service: master_services
129
130{% endfor %}
131
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]132master_services:
133 service.running:
134 - names: {{ master.services }}
135 - enable: True
136 - watch:
137 - file: /etc/default/kube-apiserver
138 - file: /etc/default/kube-scheduler
139 - file: /etc/default/kube-controller-manager
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]140 - file: /usr/bin/hyperkube
Tomáš Kukrál6db7e062017-01-27 09:44:41 +0100[diff] [blame]141 - file: /etc/kubernetes/ssl/ca-kubernetes.crt
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]142
143{%- endif %}
144
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]145
146{%- for name,namespace in master.namespace.iteritems() %}
147
148{%- if namespace.enabled %}
149
Marek Celoud3b118ff2017-01-27 15:19:40 +0100[diff] [blame]150{%- set date = salt['cmd.run']('date "+%FT%TZ"') %}
151
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]152/registry/namespaces/{{ name }}:
153 etcd.set:
Marek Celoud3b118ff2017-01-27 15:19:40 +0100[diff] [blame]154 - value: '{"kind":"Namespace","apiVersion":"v1","metadata":{"name":"{{ name }}","creationTimestamp":"{{ date }}"},"spec":{"finalizers":["kubernetes"]},"status":{"phase":"Active"}}'
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]155
156{%- else %}
157
158/registry/namespaces/{{ name }}:
159 etcd.rm
160
161{%- endif %}
162
163{%- endfor %}
164
165{%- if master.registry.secret is defined %}
166
167{%- for name,registry in master.registry.secret.iteritems() %}
168
169{%- if registry.enabled %}
170
171/registry/secrets/{{ registry.namespace }}/{{ name }}:
172 etcd.set:
173 - value: '{"kind":"Secret","apiVersion":"v1","metadata":{"name":"{{ name }}","namespace":"{{ registry.namespace }}"},"data":{".dockerconfigjson":"{{ registry.key }}"},"type":"kubernetes.io/dockerconfigjson"}'
174
175{%- else %}
176
177/registry/secrets/{{ registry.namespace }}/{{ name }}:
178 etcd.rm
179
180{%- endif %}
181
182{%- endfor %}
183
184{%- endif %}
185
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]186{%- endif %}