Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 650948c7c33bccf389f6b60209f8d0719a972525 / . / README.rst
blob: 5ad0948f31dc3c08da88400d3bb00d1af2163ac9 [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Andrey Shestakov655034e2017-09-15 12:30:28 +0300[diff] [blame]74 image: mirantis/virtlet:v0.8.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]94Enable Kubenetes Federation control plane
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 federation:
102 enabled: True
103 name: federation
104 namespace: federation-system
105 source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
106 hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
107 service_type: NodePort
108 dns_provider: coredns
109 childclusters:
110 - secondcluster.mydomain
111 - thirdcluster.mydomain
112
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]113Enable external DNS addon with CoreDNS provider
114
115.. code-block:: yaml
116
117 parameters:
118 kubernetes:
119 common:
120 addons:
121 externaldns:
122 coredns:
123 enabled: True
124 externaldns:
125 enabled: True
126 domain: company.mydomain
127 provider: coredns
128
Andrey Shestakov79f4af02017-09-15 21:02:55 +0300[diff] [blame]129Enable external DNS addon with Designate provider
130
131.. code-block:: yaml
132
133 parameters:
134 kubernetes:
135 common:
136 addons:
137 externaldns:
138 externaldns:
139 enabled: True
140 domain: company.mydomain
141 provider: designate
142 designate_os_options:
143 OS_AUTH_URL: https://keystone_auth_endpoint:5000
144 OS_PROJECT_DOMAIN_NAME: default
145 OS_USER_DOMAIN_NAME: default
146 OS_PROJECT_NAME: admin
147 OS_USERNAME: admin
148 OS_PASSWORD: password
149 OS_REGION_NAME: RegionOne
150
Sergii Golovatiuk650948c2017-09-25 12:00:18 +0200[diff] [blame^]151Enable external DNS addon with AWS provider
152
153.. code-block:: yaml
154
155 parameters:
156 kubernetes:
157 common:
158 addons:
159 externaldns:
160 externaldns:
161 enabled: True
162 domain: company.mydomain
163 provider: aws
164 aws_options:
165 AWS_ACCESS_KEY_ID: XXXXXXXXXXXXXXXXXXXX
166 AWS_SECRET_ACCESS_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
167
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]168Enable OpenStack cloud provider
169
170.. code-block:: yaml
171
172 parameters:
173 kubernetes:
174 common:
175 cloudprovider:
176 enabled: True
Tomáš Kukrál10b15672017-09-05 10:08:46 +0200[diff] [blame]177 provider: openstack
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]178 params:
179 auth_url: https://openstack.mydomain:5000/v3
180 username: nova
181 password: nova
182 region: RegionOne
183 tenant_id: 4bce4162d8744c599e350099cfa22a0a
184 domain_name: default
185 subnet_id: 72407854-aca6-4cf1-b873-e9affb09484b
186 lb_version: v2
187
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]188Configure service verbosity
189
190.. code-block:: yaml
191
192 parameters:
193 kubernetes:
194 master:
195 verbosity: 2
196 pool:
197 verbosity: 2
198
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]199Set cluster name and domain
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]200
201.. code-block:: yaml
202
203 parameters:
204 kubernetes:
205 common:
206 kubernetes_cluster_domain: mycluster.domain
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]207 cluster_name : mycluster
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]208
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]209Enable autoscaler for dns addon. Poll period can be skipped.
210
211.. code-block:: yaml
212
213 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]214 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]215 addons:
216 dns:
217 domain: cluster.local
218 enabled: true
219 replicas: 1
220 server: 10.254.0.10
221 autoscaler:
222 enabled: true
223 poll-period-seconds: 60
224
225
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]226Pass aditional parameters to daemons:
227
228.. code-block:: yaml
229
230 parameters:
231 kubernetes:
232 master:
233 apiserver:
234 daemon_opts:
235 storage-backend: pigeon
236 controller_manager:
237 daemon_opts:
238 log-dir: /dev/nulL
239 pool:
240 kubelet:
241 daemon_opts:
242 max-pods: "6"
243
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]244
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]245Containers on pool definitions in pool.service.local
246
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]247.. code-block:: yaml
248
249 parameters:
250 kubernetes:
251 pool:
252 service:
253 local:
254 enabled: False
255 service: libvirt
256 cluster: openstack-compute
257 namespace: default
258 role: ${linux:system:name}
259 type: LoadBalancer
260 kind: Deployment
261 apiVersion: extensions/v1beta1
262 replicas: 1
263 host_pid: True
264 nodeSelector:
265 - key: openstack
266 value: ${linux:system:name}
267 hostNetwork: True
268 container:
269 libvirt-compute:
270 privileged: True
271 image: ${_param:docker_repository}/libvirt-compute
272 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]273
274Master definition
275
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]276.. code-block:: yaml
277
278 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]279 common:
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]280 cluster_name: cluster
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]281 addons:
282 dns:
283 domain: cluster.local
284 enabled: true
285 replicas: 1
286 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]287 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]288 admin:
289 password: password
290 username: admin
291 apiserver:
292 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]293 secure_port: 443
294 insecure_address: 127.0.0.1
295 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]296 ca: kubernetes
297 enabled: true
298 etcd:
299 host: 127.0.0.1
300 members:
301 - host: 10.0.175.100
302 name: node040
303 name: node040
304 token: ca939ec9c2a17b0786f6d411fe019e9b
305 kubelet:
306 allow_privileged: true
307 network:
308 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]309 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]310 hash: fb5e30ebe6154911a66ec3fb5f1195b2
311 private_ip_range: 10.150.0.0/16
312 version: v0.19.0
313 service_addresses: 10.254.0.0/16
314 storage:
315 engine: glusterfs
316 members:
317 - host: 10.0.175.101
318 port: 24007
319 - host: 10.0.175.102
320 port: 24007
321 - host: 10.0.175.103
322 port: 24007
323 port: 24007
324 token:
325 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
326 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
327 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
328 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
329 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
330 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
331 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
332 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
333 version: v1.2.4
334
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]335
336 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]337 pool:
338 address: 0.0.0.0
339 allow_privileged: true
340 ca: kubernetes
341 cluster_dns: 10.254.0.10
342 cluster_domain: cluster.local
343 enabled: true
344 kubelet:
345 allow_privileged: true
346 config: /etc/kubernetes/manifests
347 frequency: 5s
348 master:
349 apiserver:
350 members:
351 - host: 10.0.175.100
352 etcd:
353 members:
354 - host: 10.0.175.100
355 host: 10.0.175.100
356 network:
357 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]358 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]359 hash: fb5e30ebe6154911a66ec3fb5f1195b2
360 version: v0.19.0
361 token:
362 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
363 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
364 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]365
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]366
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]367Kubernetes with OpenContrail network plugin
368------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]369
370On Master:
371
372.. code-block:: yaml
373
374 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]375 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]376 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]377 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]378 enabled: true
379 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]380 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]381 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]382 network:
383 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]384 default_domain: default-domain
385 default_project: default-domain:default-project
386 public_network: default-domain:default-project:Public
387 public_ip_range: 185.22.97.128/26
388 private_ip_range: 10.150.0.0/16
389 service_cluster_ip_range: 10.254.0.0/16
390 network_label: name
391 service_label: uses
392 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]393 config:
394 api:
395 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]396On pools:
397
398.. code-block:: yaml
399
400 kubernetes:
401 pool:
402 network:
403 engine: opencontrail
404
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]405
406Dashboard public IP must be configured when Contrail network is used:
407
408.. code-block:: yaml
409
410 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]411 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]412 addons:
413 public_ip: 1.1.1.1
414
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]415Kubernetes control plane running in systemd
416-------------------------------------------
417
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]418By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]419
420.. code-block:: yaml
421
422 kubernetes:
423 master:
424 container: false
425
426 kubernetes:
427 pool:
428 container: false
429
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]430Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
431
432.. code-block:: yaml
433
434 kubernetes:
435 master:
436 apiserver:
437 secure_port: 8081
438
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]439Kubernetes with Flannel
440-----------------------
441
442On Master:
443
444.. code-block:: yaml
445
446 kubernetes:
447 master:
448 network:
449 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]450 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]451 etcd:
452 members:
453 - host: 10.0.175.101
454 port: 4001
455 - host: 10.0.175.102
456 port: 4001
457 - host: 10.0.175.103
458 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]459 common:
460 network:
461 engine: flannel
462
463On pools:
464
465.. code-block:: yaml
466
467 kubernetes:
468 pool:
469 network:
470 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]471 etcd:
472 members:
473 - host: 10.0.175.101
474 port: 4001
475 - host: 10.0.175.102
476 port: 4001
477 - host: 10.0.175.103
478 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]479 common:
480 network:
481 engine: flannel
482
483Kubernetes with Calico
484-----------------------
485
486On Master:
487
488.. code-block:: yaml
489
490 kubernetes:
491 master:
492 network:
493 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]494 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]495 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]496 etcd:
497 members:
498 - host: 10.0.175.101
499 port: 4001
500 - host: 10.0.175.102
501 port: 4001
502 - host: 10.0.175.103
503 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]504
505On pools:
506
507.. code-block:: yaml
508
509 kubernetes:
510 pool:
511 network:
512 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]513 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]514 etcd:
515 members:
516 - host: 10.0.175.101
517 port: 4001
518 - host: 10.0.175.102
519 port: 4001
520 - host: 10.0.175.103
521 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]522
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]523Running with secured etcd:
524
525.. code-block:: yaml
526
527 kubernetes:
528 pool:
529 network:
530 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]531 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]532 etcd:
533 ssl:
534 enabled: true
535 master:
536 network:
537 engine: calico
538 etcd:
539 ssl:
540 enabled: true
541
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]542Running with calico-policy controller:
543
544.. code-block:: yaml
545
546 kubernetes:
547 pool:
548 network:
549 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]550 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]551 addons:
552 calico_policy:
553 enabled: true
554
555 master:
556 network:
557 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]558 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]559 addons:
560 calico_policy:
561 enabled: true
562
563
564
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]565Enable Prometheus metrics in Felix
566
567.. code-block:: yaml
568
569 kubernetes:
570 pool:
571 network:
572 prometheus:
573 enabled: true
574 master:
575 network:
576 prometheus:
577 enabled: true
578
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]579Post deployment configuration
580
581.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]582
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]583 # set ETCD
584 export ETCD_AUTHORITY=10.0.111.201:4001
585
586 # Set NAT for pods subnet
587 calicoctl pool add 192.168.0.0/16 --nat-outgoing
588
589 # Status commands
590 calicoctl status
591 calicoctl node show
592
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]593Kubernetes with GlusterFS for storage
594---------------------------------------------
595
596.. code-block:: yaml
597
598 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]599 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]600 ...
601 storage:
602 engine: glusterfs
603 port: 24007
604 members:
605 - host: 10.0.175.101
606 port: 24007
607 - host: 10.0.175.102
608 port: 24007
609 - host: 10.0.175.103
610 port: 24007
611 ...
612
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]613Kubernetes Storage Class
614------------------------
615
616AWS EBS storageclass integration. It also requires to create IAM policy and profiles for instances and tag all resources by KubernetesCluster in EC2.
617
618.. code-block:: yaml
619
620 kubernetes:
621 common:
622 addons:
623 storageclass:
624 aws_slow:
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]625 enabled: True
626 default: True
627 provisioner: aws-ebs
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]628 name: slow
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]629 type: gp2
630 iopspergb: "10"
631 zones: xxx
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]632 nfs_shared:
633 name: elasti01
634 enabled: True
635 provisioner: nfs
636 spec:
637 name: elastic_data
638 nfs:
639 server: 10.0.0.1
640 path: /exported_path
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]641
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]642Kubernetes namespaces
643---------------------
644
645Create namespace:
646
647.. code-block:: yaml
648
649 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]650 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]651 ...
652 namespace:
653 kube-system:
654 enabled: True
655 namespace2:
656 enabled: True
657 namespace3:
658 enabled: False
659 ...
660
661Kubernetes labels
662-----------------
663
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]664Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]665
666.. code-block:: yaml
667
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]668 kubernetes:
669 master:
670 label:
671 label01:
672 value: value01
673 node: node01
674 enabled: true
675 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]676 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]677
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]678Pull images from private registries
679-----------------------------------
680
681.. code-block:: yaml
682
683 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]684 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]685 ...
686 registry:
687 secret:
688 registry01:
689 enabled: True
690 key: (get from `cat /root/.docker/config.json | base64`)
691 namespace: default
692 ...
693 control:
694 ...
695 service:
696 service01:
697 ...
698 image_pull_secretes: registry01
699 ...
700
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]701Kubernetes Service Definitions in pillars
702==========================================
703
704Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
705
706Deployment manifest
707---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]708
709.. code-block:: yaml
710
711 salt:
712 control:
713 enabled: True
714 hostNetwork: True
715 service:
716 memcached:
717 privileged: True
718 service: memcached
719 role: server
720 type: LoadBalancer
721 replicas: 3
722 kind: Deployment
723 apiVersion: extensions/v1beta1
724 ports:
725 - port: 8774
726 name: nova-api
727 - port: 8775
728 name: nova-metadata
729 volume:
730 volume_name:
731 type: hostPath
732 mount: /certs
733 path: /etc/certs
734 container:
735 memcached:
736 image: memcached
737 tag:2
738 ports:
739 - port: 8774
740 name: nova-api
741 - port: 8775
742 name: nova-metadata
743 variables:
744 - name: HTTP_TLS_CERTIFICATE:
745 value: /certs/domain.crt
746 - name: HTTP_TLS_KEY
747 value: /certs/domain.key
748 volumes:
749 - name: /etc/certs
750 type: hostPath
751 mount: /certs
752 path: /etc/certs
753
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]754PetSet manifest
755---------------------
756
757.. code-block:: yaml
758
759 service:
760 memcached:
761 apiVersion: apps/v1alpha1
762 kind: PetSet
763 service_name: 'memcached'
764 container:
765 memcached:
766 ...
767
768
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]769Configmap
770---------
771
772You are able to create configmaps using support layer between formulas.
773It works simple, eg. in nova formula there's file ``meta/config.yml`` which
774defines config files used by that service and roles.
775
776Kubernetes formula is able to generate these files using custom pillar and
777grains structure. This way you are able to run docker images built by any way
778while still re-using your configuration management.
779
780Example pillar:
781
782.. code-block:: bash
783
784 kubernetes:
785 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]786 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]787 configmap:
788 nova-control:
789 grains:
790 # Alternate grains as OS running in container may differ from
791 # salt minion OS. Needed only if grains matters for config
792 # generation.
793 os_family: Debian
794 pillar:
795 # Generic pillar for nova controller
796 nova:
797 controller:
798 enabled: true
799 versionn: liberty
800 ...
801
802To tell which services supports config generation, you need to ensure pillar
803structure like this to determine support:
804
805.. code-block:: yaml
806
807 nova:
808 _support:
809 config:
810 enabled: true
811
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]812initContainers
813--------------
814
815Example pillar:
816
817.. code-block:: bash
818
819 kubernetes:
820 control:
821 service:
822 memcached:
823 init_containers:
824 - name: test-mysql
825 image: busybox
826 command:
827 - sleep
828 - 3600
829 volumes:
830 - name: config
831 mount: /test
832 - name: test-memcached
833 image: busybox
834 command:
835 - sleep
836 - 3600
837 volumes:
838 - name: config
839 mount: /test
840
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]841Affinity
842--------
843
844podAffinity
845===========
846
847Example pillar:
848
849.. code-block:: bash
850
851 kubernetes:
852 control:
853 service:
854 memcached:
855 affinity:
856 pod_affinity:
857 name: podAffinity
858 expression:
859 label_selector:
860 name: labelSelector
861 selectors:
862 - key: app
863 value: memcached
864 topology_key: kubernetes.io/hostname
865
866podAntiAffinity
867===============
868
869Example pillar:
870
871.. code-block:: bash
872
873 kubernetes:
874 control:
875 service:
876 memcached:
877 affinity:
878 anti_affinity:
879 name: podAntiAffinity
880 expression:
881 label_selector:
882 name: labelSelector
883 selectors:
884 - key: app
885 value: opencontrail-control
886 topology_key: kubernetes.io/hostname
887
888nodeAffinity
889===============
890
891Example pillar:
892
893.. code-block:: bash
894
895 kubernetes:
896 control:
897 service:
898 memcached:
899 affinity:
900 node_affinity:
901 name: nodeAffinity
902 expression:
903 match_expressions:
904 name: matchExpressions
905 selectors:
906 - key: key
907 operator: In
908 values:
909 - value1
910 - value2
911
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]912Volumes
913-------
914
915hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]916==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]917
918.. code-block:: yaml
919
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]920 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]921 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]922 container:
923 memcached:
924 volumes:
925 - name: volume1
926 mountPath: /volume
927 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]928 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]929 volume:
930 volume1:
931 name: /etc/certs
932 type: hostPath
933 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]934
935emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]936========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]937
938.. code-block:: yaml
939
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]940 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]941 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]942 container:
943 memcached:
944 volumes:
945 - name: volume1
946 mountPath: /volume
947 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]948 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]949 volume:
950 volume1:
951 name: /etc/certs
952 type: emptyDir
953
954configMap
955=========
956
957.. code-block:: yaml
958
959 service:
960 memcached:
961 container:
962 memcached:
963 volumes:
964 - name: volume1
965 mountPath: /volume
966 readOnly: True
967 ...
968 volume:
969 volume1:
970 type: config_map
971 item:
972 configMap1:
973 key: config.conf
974 path: config.conf
975 configMap2:
976 key: policy.json
977 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]978
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]979To mount single configuration file instead of whole directory:
980
981.. code-block:: yaml
982
983 service:
984 memcached:
985 container:
986 memcached:
987 volumes:
988 - name: volume1
989 mountPath: /volume/config.conf
990 sub_path: config.conf
991
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]992Generating Jobs
993===============
994
995Example pillar:
996
997.. code-block:: yaml
998
999 kubernetes:
1000 control:
1001 job:
1002 sleep:
1003 job: sleep
1004 restart_policy: Never
1005 container:
1006 sleep:
1007 image: busybox
1008 tag: latest
1009 command:
1010 - sleep
1011 - "3600"
1012
1013Volumes and Variables can be used as the same way as during Deployment generation.
1014
1015Custom params:
1016
1017.. code-block:: yaml
1018
1019 kubernetes:
1020 control:
1021 job:
1022 host_network: True
1023 host_pid: True
1024 container:
1025 sleep:
1026 privileged: True
1027 node_selector:
1028 key: node
1029 value: one
1030 image_pull_secretes: password
1031
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1032
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]1033More Information
1034================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1035
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]1036* https://github.com/Juniper/kubernetes/blob
1037/opencontrail-integration/docs /getting-started-guides/opencontrail.md
1038* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1039
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]1040
1041Documentation and Bugs
1042======================
1043
1044To learn how to install and update salt-formulas, consult the documentation
1045available online at:
1046
1047 http://salt-formulas.readthedocs.io/
1048
1049In the unfortunate event that bugs are discovered, they should be reported to
1050the appropriate issue tracker. Use Github issue tracker for specific salt
1051formula:
1052
1053 https://github.com/salt-formulas/salt-formula-kubernetes/issues
1054
1055For feature requests, bug reports or blueprints affecting entire ecosystem,
1056use Launchpad salt-formulas project:
1057
1058 https://launchpad.net/salt-formulas
1059
1060You can also join salt-formulas-users team and subscribe to mailing list:
1061
1062 https://launchpad.net/~salt-formulas-users
1063
1064Developers wishing to work on the salt-formulas projects should always base
1065their work on master branch and submit pull request against specific formula.
1066
1067 https://github.com/salt-formulas/salt-formula-kubernetes
1068
1069Any questions or feedback is always welcome so feel free to join our IRC
1070channel:
1071
1072 #salt-formulas @ irc.freenode.net