Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 5b043a2a9feaf4326ba4bb2bb10eacbf531799a8 / . / README.rst
blob: 489c45500bd79fc4d408f349f8043029cb528cd4 [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]74 image: mirantis/virtlet:v0.7.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]94Enable Kubenetes Federation control plane
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 federation:
102 enabled: True
103 name: federation
104 namespace: federation-system
105 source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
106 hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
107 service_type: NodePort
108 dns_provider: coredns
109 childclusters:
110 - secondcluster.mydomain
111 - thirdcluster.mydomain
112
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]113Enable external DNS addon with CoreDNS provider
114
115.. code-block:: yaml
116
117 parameters:
118 kubernetes:
119 common:
120 addons:
121 externaldns:
122 coredns:
123 enabled: True
124 externaldns:
125 enabled: True
126 domain: company.mydomain
127 provider: coredns
128
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]129Enable OpenStack cloud provider
130
131.. code-block:: yaml
132
133 parameters:
134 kubernetes:
135 common:
136 cloudprovider:
137 enabled: True
138 type: openstack
139 params:
140 auth_url: https://openstack.mydomain:5000/v3
141 username: nova
142 password: nova
143 region: RegionOne
144 tenant_id: 4bce4162d8744c599e350099cfa22a0a
145 domain_name: default
146 subnet_id: 72407854-aca6-4cf1-b873-e9affb09484b
147 lb_version: v2
148
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]149Configure service verbosity
150
151.. code-block:: yaml
152
153 parameters:
154 kubernetes:
155 master:
156 verbosity: 2
157 pool:
158 verbosity: 2
159
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]160Set cluster name and domain
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]161
162.. code-block:: yaml
163
164 parameters:
165 kubernetes:
166 common:
167 kubernetes_cluster_domain: mycluster.domain
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]168 cluster_name : mycluster
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]169
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]170Enable autoscaler for dns addon. Poll period can be skipped.
171
172.. code-block:: yaml
173
174 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]175 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]176 addons:
177 dns:
178 domain: cluster.local
179 enabled: true
180 replicas: 1
181 server: 10.254.0.10
182 autoscaler:
183 enabled: true
184 poll-period-seconds: 60
185
186
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]187Pass aditional parameters to daemons:
188
189.. code-block:: yaml
190
191 parameters:
192 kubernetes:
193 master:
194 apiserver:
195 daemon_opts:
196 storage-backend: pigeon
197 controller_manager:
198 daemon_opts:
199 log-dir: /dev/nulL
200 pool:
201 kubelet:
202 daemon_opts:
203 max-pods: "6"
204
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]205
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]206Containers on pool definitions in pool.service.local
207
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]208.. code-block:: yaml
209
210 parameters:
211 kubernetes:
212 pool:
213 service:
214 local:
215 enabled: False
216 service: libvirt
217 cluster: openstack-compute
218 namespace: default
219 role: ${linux:system:name}
220 type: LoadBalancer
221 kind: Deployment
222 apiVersion: extensions/v1beta1
223 replicas: 1
224 host_pid: True
225 nodeSelector:
226 - key: openstack
227 value: ${linux:system:name}
228 hostNetwork: True
229 container:
230 libvirt-compute:
231 privileged: True
232 image: ${_param:docker_repository}/libvirt-compute
233 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]234
235Master definition
236
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]237.. code-block:: yaml
238
239 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]240 common:
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]241 cluster_name: cluster
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]242 addons:
243 dns:
244 domain: cluster.local
245 enabled: true
246 replicas: 1
247 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]248 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]249 admin:
250 password: password
251 username: admin
252 apiserver:
253 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]254 secure_port: 443
255 insecure_address: 127.0.0.1
256 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]257 ca: kubernetes
258 enabled: true
259 etcd:
260 host: 127.0.0.1
261 members:
262 - host: 10.0.175.100
263 name: node040
264 name: node040
265 token: ca939ec9c2a17b0786f6d411fe019e9b
266 kubelet:
267 allow_privileged: true
268 network:
269 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]270 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]271 hash: fb5e30ebe6154911a66ec3fb5f1195b2
272 private_ip_range: 10.150.0.0/16
273 version: v0.19.0
274 service_addresses: 10.254.0.0/16
275 storage:
276 engine: glusterfs
277 members:
278 - host: 10.0.175.101
279 port: 24007
280 - host: 10.0.175.102
281 port: 24007
282 - host: 10.0.175.103
283 port: 24007
284 port: 24007
285 token:
286 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
287 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
288 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
289 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
290 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
291 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
292 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
293 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
294 version: v1.2.4
295
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]296
297 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]298 pool:
299 address: 0.0.0.0
300 allow_privileged: true
301 ca: kubernetes
302 cluster_dns: 10.254.0.10
303 cluster_domain: cluster.local
304 enabled: true
305 kubelet:
306 allow_privileged: true
307 config: /etc/kubernetes/manifests
308 frequency: 5s
309 master:
310 apiserver:
311 members:
312 - host: 10.0.175.100
313 etcd:
314 members:
315 - host: 10.0.175.100
316 host: 10.0.175.100
317 network:
318 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]319 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]320 hash: fb5e30ebe6154911a66ec3fb5f1195b2
321 version: v0.19.0
322 token:
323 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
324 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
325 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]326
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]327
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]328Kubernetes with OpenContrail network plugin
329------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]330
331On Master:
332
333.. code-block:: yaml
334
335 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]336 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]337 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]338 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]339 enabled: true
340 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]341 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]342 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]343 network:
344 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]345 default_domain: default-domain
346 default_project: default-domain:default-project
347 public_network: default-domain:default-project:Public
348 public_ip_range: 185.22.97.128/26
349 private_ip_range: 10.150.0.0/16
350 service_cluster_ip_range: 10.254.0.0/16
351 network_label: name
352 service_label: uses
353 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]354 config:
355 api:
356 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]357On pools:
358
359.. code-block:: yaml
360
361 kubernetes:
362 pool:
363 network:
364 engine: opencontrail
365
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]366
367Dashboard public IP must be configured when Contrail network is used:
368
369.. code-block:: yaml
370
371 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]372 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]373 addons:
374 public_ip: 1.1.1.1
375
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]376Kubernetes control plane running in systemd
377-------------------------------------------
378
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]379By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]380
381.. code-block:: yaml
382
383 kubernetes:
384 master:
385 container: false
386
387 kubernetes:
388 pool:
389 container: false
390
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]391Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
392
393.. code-block:: yaml
394
395 kubernetes:
396 master:
397 apiserver:
398 secure_port: 8081
399
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]400Kubernetes with Flannel
401-----------------------
402
403On Master:
404
405.. code-block:: yaml
406
407 kubernetes:
408 master:
409 network:
410 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]411 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]412 etcd:
413 members:
414 - host: 10.0.175.101
415 port: 4001
416 - host: 10.0.175.102
417 port: 4001
418 - host: 10.0.175.103
419 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]420 common:
421 network:
422 engine: flannel
423
424On pools:
425
426.. code-block:: yaml
427
428 kubernetes:
429 pool:
430 network:
431 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]432 etcd:
433 members:
434 - host: 10.0.175.101
435 port: 4001
436 - host: 10.0.175.102
437 port: 4001
438 - host: 10.0.175.103
439 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]440 common:
441 network:
442 engine: flannel
443
444Kubernetes with Calico
445-----------------------
446
447On Master:
448
449.. code-block:: yaml
450
451 kubernetes:
452 master:
453 network:
454 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]455 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]456 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]457 etcd:
458 members:
459 - host: 10.0.175.101
460 port: 4001
461 - host: 10.0.175.102
462 port: 4001
463 - host: 10.0.175.103
464 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]465
466On pools:
467
468.. code-block:: yaml
469
470 kubernetes:
471 pool:
472 network:
473 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]474 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]475 etcd:
476 members:
477 - host: 10.0.175.101
478 port: 4001
479 - host: 10.0.175.102
480 port: 4001
481 - host: 10.0.175.103
482 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]483
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]484Running with secured etcd:
485
486.. code-block:: yaml
487
488 kubernetes:
489 pool:
490 network:
491 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]492 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]493 etcd:
494 ssl:
495 enabled: true
496 master:
497 network:
498 engine: calico
499 etcd:
500 ssl:
501 enabled: true
502
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]503Running with calico-policy controller:
504
505.. code-block:: yaml
506
507 kubernetes:
508 pool:
509 network:
510 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]511 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]512 addons:
513 calico_policy:
514 enabled: true
515
516 master:
517 network:
518 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]519 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]520 addons:
521 calico_policy:
522 enabled: true
523
524
525
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]526Enable Prometheus metrics in Felix
527
528.. code-block:: yaml
529
530 kubernetes:
531 pool:
532 network:
533 prometheus:
534 enabled: true
535 master:
536 network:
537 prometheus:
538 enabled: true
539
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]540Post deployment configuration
541
542.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]543
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]544 # set ETCD
545 export ETCD_AUTHORITY=10.0.111.201:4001
546
547 # Set NAT for pods subnet
548 calicoctl pool add 192.168.0.0/16 --nat-outgoing
549
550 # Status commands
551 calicoctl status
552 calicoctl node show
553
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]554Kubernetes with GlusterFS for storage
555---------------------------------------------
556
557.. code-block:: yaml
558
559 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]560 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]561 ...
562 storage:
563 engine: glusterfs
564 port: 24007
565 members:
566 - host: 10.0.175.101
567 port: 24007
568 - host: 10.0.175.102
569 port: 24007
570 - host: 10.0.175.103
571 port: 24007
572 ...
573
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame^]574Kubernetes Storage Class
575------------------------
576
577AWS EBS storageclass integration. It also requires to create IAM policy and profiles for instances and tag all resources by KubernetesCluster in EC2.
578
579.. code-block:: yaml
580
581 kubernetes:
582 common:
583 addons:
584 storageclass:
585 aws_slow:
586 name: slow
587 enabled: True
588 default: True
589 provisioner: aws-ebs
590 type: gp2
591 iopspergb: "10"
592 zones: xxx
593
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]594Kubernetes namespaces
595---------------------
596
597Create namespace:
598
599.. code-block:: yaml
600
601 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]602 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]603 ...
604 namespace:
605 kube-system:
606 enabled: True
607 namespace2:
608 enabled: True
609 namespace3:
610 enabled: False
611 ...
612
613Kubernetes labels
614-----------------
615
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]616Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]617
618.. code-block:: yaml
619
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]620 kubernetes:
621 master:
622 label:
623 label01:
624 value: value01
625 node: node01
626 enabled: true
627 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]628 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]629
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]630Pull images from private registries
631-----------------------------------
632
633.. code-block:: yaml
634
635 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]636 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]637 ...
638 registry:
639 secret:
640 registry01:
641 enabled: True
642 key: (get from `cat /root/.docker/config.json | base64`)
643 namespace: default
644 ...
645 control:
646 ...
647 service:
648 service01:
649 ...
650 image_pull_secretes: registry01
651 ...
652
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]653Kubernetes Service Definitions in pillars
654==========================================
655
656Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
657
658Deployment manifest
659---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]660
661.. code-block:: yaml
662
663 salt:
664 control:
665 enabled: True
666 hostNetwork: True
667 service:
668 memcached:
669 privileged: True
670 service: memcached
671 role: server
672 type: LoadBalancer
673 replicas: 3
674 kind: Deployment
675 apiVersion: extensions/v1beta1
676 ports:
677 - port: 8774
678 name: nova-api
679 - port: 8775
680 name: nova-metadata
681 volume:
682 volume_name:
683 type: hostPath
684 mount: /certs
685 path: /etc/certs
686 container:
687 memcached:
688 image: memcached
689 tag:2
690 ports:
691 - port: 8774
692 name: nova-api
693 - port: 8775
694 name: nova-metadata
695 variables:
696 - name: HTTP_TLS_CERTIFICATE:
697 value: /certs/domain.crt
698 - name: HTTP_TLS_KEY
699 value: /certs/domain.key
700 volumes:
701 - name: /etc/certs
702 type: hostPath
703 mount: /certs
704 path: /etc/certs
705
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]706PetSet manifest
707---------------------
708
709.. code-block:: yaml
710
711 service:
712 memcached:
713 apiVersion: apps/v1alpha1
714 kind: PetSet
715 service_name: 'memcached'
716 container:
717 memcached:
718 ...
719
720
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]721Configmap
722---------
723
724You are able to create configmaps using support layer between formulas.
725It works simple, eg. in nova formula there's file ``meta/config.yml`` which
726defines config files used by that service and roles.
727
728Kubernetes formula is able to generate these files using custom pillar and
729grains structure. This way you are able to run docker images built by any way
730while still re-using your configuration management.
731
732Example pillar:
733
734.. code-block:: bash
735
736 kubernetes:
737 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]738 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]739 configmap:
740 nova-control:
741 grains:
742 # Alternate grains as OS running in container may differ from
743 # salt minion OS. Needed only if grains matters for config
744 # generation.
745 os_family: Debian
746 pillar:
747 # Generic pillar for nova controller
748 nova:
749 controller:
750 enabled: true
751 versionn: liberty
752 ...
753
754To tell which services supports config generation, you need to ensure pillar
755structure like this to determine support:
756
757.. code-block:: yaml
758
759 nova:
760 _support:
761 config:
762 enabled: true
763
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]764initContainers
765--------------
766
767Example pillar:
768
769.. code-block:: bash
770
771 kubernetes:
772 control:
773 service:
774 memcached:
775 init_containers:
776 - name: test-mysql
777 image: busybox
778 command:
779 - sleep
780 - 3600
781 volumes:
782 - name: config
783 mount: /test
784 - name: test-memcached
785 image: busybox
786 command:
787 - sleep
788 - 3600
789 volumes:
790 - name: config
791 mount: /test
792
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]793Affinity
794--------
795
796podAffinity
797===========
798
799Example pillar:
800
801.. code-block:: bash
802
803 kubernetes:
804 control:
805 service:
806 memcached:
807 affinity:
808 pod_affinity:
809 name: podAffinity
810 expression:
811 label_selector:
812 name: labelSelector
813 selectors:
814 - key: app
815 value: memcached
816 topology_key: kubernetes.io/hostname
817
818podAntiAffinity
819===============
820
821Example pillar:
822
823.. code-block:: bash
824
825 kubernetes:
826 control:
827 service:
828 memcached:
829 affinity:
830 anti_affinity:
831 name: podAntiAffinity
832 expression:
833 label_selector:
834 name: labelSelector
835 selectors:
836 - key: app
837 value: opencontrail-control
838 topology_key: kubernetes.io/hostname
839
840nodeAffinity
841===============
842
843Example pillar:
844
845.. code-block:: bash
846
847 kubernetes:
848 control:
849 service:
850 memcached:
851 affinity:
852 node_affinity:
853 name: nodeAffinity
854 expression:
855 match_expressions:
856 name: matchExpressions
857 selectors:
858 - key: key
859 operator: In
860 values:
861 - value1
862 - value2
863
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]864Volumes
865-------
866
867hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]868==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]869
870.. code-block:: yaml
871
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]872 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]873 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]874 container:
875 memcached:
876 volumes:
877 - name: volume1
878 mountPath: /volume
879 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]880 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]881 volume:
882 volume1:
883 name: /etc/certs
884 type: hostPath
885 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]886
887emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]888========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]889
890.. code-block:: yaml
891
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]892 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]893 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]894 container:
895 memcached:
896 volumes:
897 - name: volume1
898 mountPath: /volume
899 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]900 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]901 volume:
902 volume1:
903 name: /etc/certs
904 type: emptyDir
905
906configMap
907=========
908
909.. code-block:: yaml
910
911 service:
912 memcached:
913 container:
914 memcached:
915 volumes:
916 - name: volume1
917 mountPath: /volume
918 readOnly: True
919 ...
920 volume:
921 volume1:
922 type: config_map
923 item:
924 configMap1:
925 key: config.conf
926 path: config.conf
927 configMap2:
928 key: policy.json
929 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]930
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]931To mount single configuration file instead of whole directory:
932
933.. code-block:: yaml
934
935 service:
936 memcached:
937 container:
938 memcached:
939 volumes:
940 - name: volume1
941 mountPath: /volume/config.conf
942 sub_path: config.conf
943
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]944Generating Jobs
945===============
946
947Example pillar:
948
949.. code-block:: yaml
950
951 kubernetes:
952 control:
953 job:
954 sleep:
955 job: sleep
956 restart_policy: Never
957 container:
958 sleep:
959 image: busybox
960 tag: latest
961 command:
962 - sleep
963 - "3600"
964
965Volumes and Variables can be used as the same way as during Deployment generation.
966
967Custom params:
968
969.. code-block:: yaml
970
971 kubernetes:
972 control:
973 job:
974 host_network: True
975 host_pid: True
976 container:
977 sleep:
978 privileged: True
979 node_selector:
980 key: node
981 value: one
982 image_pull_secretes: password
983
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]984
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]985More Information
986================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]987
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]988* https://github.com/Juniper/kubernetes/blob
989/opencontrail-integration/docs /getting-started-guides/opencontrail.md
990* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]991
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]992
993Documentation and Bugs
994======================
995
996To learn how to install and update salt-formulas, consult the documentation
997available online at:
998
999 http://salt-formulas.readthedocs.io/
1000
1001In the unfortunate event that bugs are discovered, they should be reported to
1002the appropriate issue tracker. Use Github issue tracker for specific salt
1003formula:
1004
1005 https://github.com/salt-formulas/salt-formula-kubernetes/issues
1006
1007For feature requests, bug reports or blueprints affecting entire ecosystem,
1008use Launchpad salt-formulas project:
1009
1010 https://launchpad.net/salt-formulas
1011
1012You can also join salt-formulas-users team and subscribe to mailing list:
1013
1014 https://launchpad.net/~salt-formulas-users
1015
1016Developers wishing to work on the salt-formulas projects should always base
1017their work on master branch and submit pull request against specific formula.
1018
1019 https://github.com/salt-formulas/salt-formula-kubernetes
1020
1021Any questions or feedback is always welcome so feel free to join our IRC
1022channel:
1023
1024 #salt-formulas @ irc.freenode.net