Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 6112a233aad7b23788b2cdb53a301bc04d589ed2 / . / README.rst
blob: 60ef3b4fbbb751b4924baa9f107402bd4bbc2cd7 [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Andrey Shestakov655034e2017-09-15 12:30:28 +0300[diff] [blame]74 image: mirantis/virtlet:v0.8.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]94Enable Kubenetes Federation control plane
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 federation:
102 enabled: True
103 name: federation
104 namespace: federation-system
105 source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
106 hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
107 service_type: NodePort
108 dns_provider: coredns
109 childclusters:
110 - secondcluster.mydomain
111 - thirdcluster.mydomain
112
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]113Enable external DNS addon with CoreDNS provider
114
115.. code-block:: yaml
116
117 parameters:
118 kubernetes:
119 common:
120 addons:
121 externaldns:
122 coredns:
123 enabled: True
124 externaldns:
125 enabled: True
126 domain: company.mydomain
127 provider: coredns
128
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]129Enable OpenStack cloud provider
130
131.. code-block:: yaml
132
133 parameters:
134 kubernetes:
135 common:
136 cloudprovider:
137 enabled: True
Tomáš Kukrál10b15672017-09-05 10:08:46 +0200[diff] [blame]138 provider: openstack
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]139 params:
140 auth_url: https://openstack.mydomain:5000/v3
141 username: nova
142 password: nova
143 region: RegionOne
144 tenant_id: 4bce4162d8744c599e350099cfa22a0a
145 domain_name: default
146 subnet_id: 72407854-aca6-4cf1-b873-e9affb09484b
147 lb_version: v2
148
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]149Configure service verbosity
150
151.. code-block:: yaml
152
153 parameters:
154 kubernetes:
155 master:
156 verbosity: 2
157 pool:
158 verbosity: 2
159
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]160Set cluster name and domain
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]161
162.. code-block:: yaml
163
164 parameters:
165 kubernetes:
166 common:
167 kubernetes_cluster_domain: mycluster.domain
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]168 cluster_name : mycluster
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]169
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]170Enable autoscaler for dns addon. Poll period can be skipped.
171
172.. code-block:: yaml
173
174 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]175 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]176 addons:
177 dns:
178 domain: cluster.local
179 enabled: true
180 replicas: 1
181 server: 10.254.0.10
182 autoscaler:
183 enabled: true
184 poll-period-seconds: 60
185
186
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]187Pass aditional parameters to daemons:
188
189.. code-block:: yaml
190
191 parameters:
192 kubernetes:
193 master:
194 apiserver:
195 daemon_opts:
196 storage-backend: pigeon
197 controller_manager:
198 daemon_opts:
199 log-dir: /dev/nulL
200 pool:
201 kubelet:
202 daemon_opts:
203 max-pods: "6"
204
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]205
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]206Containers on pool definitions in pool.service.local
207
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]208.. code-block:: yaml
209
210 parameters:
211 kubernetes:
212 pool:
213 service:
214 local:
215 enabled: False
216 service: libvirt
217 cluster: openstack-compute
218 namespace: default
219 role: ${linux:system:name}
220 type: LoadBalancer
221 kind: Deployment
222 apiVersion: extensions/v1beta1
223 replicas: 1
224 host_pid: True
225 nodeSelector:
226 - key: openstack
227 value: ${linux:system:name}
228 hostNetwork: True
229 container:
230 libvirt-compute:
231 privileged: True
232 image: ${_param:docker_repository}/libvirt-compute
233 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]234
235Master definition
236
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]237.. code-block:: yaml
238
239 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]240 common:
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]241 cluster_name: cluster
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]242 addons:
243 dns:
244 domain: cluster.local
245 enabled: true
246 replicas: 1
247 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]248 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]249 admin:
250 password: password
251 username: admin
252 apiserver:
253 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]254 secure_port: 443
255 insecure_address: 127.0.0.1
256 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]257 ca: kubernetes
258 enabled: true
259 etcd:
260 host: 127.0.0.1
261 members:
262 - host: 10.0.175.100
263 name: node040
264 name: node040
265 token: ca939ec9c2a17b0786f6d411fe019e9b
266 kubelet:
267 allow_privileged: true
268 network:
269 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]270 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]271 hash: fb5e30ebe6154911a66ec3fb5f1195b2
272 private_ip_range: 10.150.0.0/16
273 version: v0.19.0
274 service_addresses: 10.254.0.0/16
275 storage:
276 engine: glusterfs
277 members:
278 - host: 10.0.175.101
279 port: 24007
280 - host: 10.0.175.102
281 port: 24007
282 - host: 10.0.175.103
283 port: 24007
284 port: 24007
285 token:
286 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
287 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
288 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
289 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
290 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
291 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
292 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
293 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
294 version: v1.2.4
295
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]296
297 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]298 pool:
299 address: 0.0.0.0
300 allow_privileged: true
301 ca: kubernetes
302 cluster_dns: 10.254.0.10
303 cluster_domain: cluster.local
304 enabled: true
305 kubelet:
306 allow_privileged: true
307 config: /etc/kubernetes/manifests
308 frequency: 5s
309 master:
310 apiserver:
311 members:
312 - host: 10.0.175.100
313 etcd:
314 members:
315 - host: 10.0.175.100
316 host: 10.0.175.100
317 network:
318 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]319 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]320 hash: fb5e30ebe6154911a66ec3fb5f1195b2
321 version: v0.19.0
322 token:
323 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
324 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
325 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]326
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]327
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]328Kubernetes with OpenContrail network plugin
329------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]330
331On Master:
332
333.. code-block:: yaml
334
335 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]336 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]337 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]338 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]339 enabled: true
340 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]341 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]342 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]343 network:
344 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]345 default_domain: default-domain
346 default_project: default-domain:default-project
347 public_network: default-domain:default-project:Public
348 public_ip_range: 185.22.97.128/26
349 private_ip_range: 10.150.0.0/16
350 service_cluster_ip_range: 10.254.0.0/16
351 network_label: name
352 service_label: uses
353 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]354 config:
355 api:
356 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]357On pools:
358
359.. code-block:: yaml
360
361 kubernetes:
362 pool:
363 network:
364 engine: opencontrail
365
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]366
367Dashboard public IP must be configured when Contrail network is used:
368
369.. code-block:: yaml
370
371 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]372 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]373 addons:
374 public_ip: 1.1.1.1
375
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]376Kubernetes control plane running in systemd
377-------------------------------------------
378
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]379By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]380
381.. code-block:: yaml
382
383 kubernetes:
384 master:
385 container: false
386
387 kubernetes:
388 pool:
389 container: false
390
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]391Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
392
393.. code-block:: yaml
394
395 kubernetes:
396 master:
397 apiserver:
398 secure_port: 8081
399
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]400Kubernetes with Flannel
401-----------------------
402
403On Master:
404
405.. code-block:: yaml
406
407 kubernetes:
408 master:
409 network:
410 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]411 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]412 etcd:
413 members:
414 - host: 10.0.175.101
415 port: 4001
416 - host: 10.0.175.102
417 port: 4001
418 - host: 10.0.175.103
419 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]420 common:
421 network:
422 engine: flannel
423
424On pools:
425
426.. code-block:: yaml
427
428 kubernetes:
429 pool:
430 network:
431 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]432 etcd:
433 members:
434 - host: 10.0.175.101
435 port: 4001
436 - host: 10.0.175.102
437 port: 4001
438 - host: 10.0.175.103
439 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]440 common:
441 network:
442 engine: flannel
443
444Kubernetes with Calico
445-----------------------
446
447On Master:
448
449.. code-block:: yaml
450
451 kubernetes:
452 master:
453 network:
454 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]455 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]456 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]457 etcd:
458 members:
459 - host: 10.0.175.101
460 port: 4001
461 - host: 10.0.175.102
462 port: 4001
463 - host: 10.0.175.103
464 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]465
466On pools:
467
468.. code-block:: yaml
469
470 kubernetes:
471 pool:
472 network:
473 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]474 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]475 etcd:
476 members:
477 - host: 10.0.175.101
478 port: 4001
479 - host: 10.0.175.102
480 port: 4001
481 - host: 10.0.175.103
482 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]483
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]484Running with secured etcd:
485
486.. code-block:: yaml
487
488 kubernetes:
489 pool:
490 network:
491 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]492 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]493 etcd:
494 ssl:
495 enabled: true
496 master:
497 network:
498 engine: calico
499 etcd:
500 ssl:
501 enabled: true
502
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]503Running with calico-policy controller:
504
505.. code-block:: yaml
506
507 kubernetes:
508 pool:
509 network:
510 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]511 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]512 addons:
513 calico_policy:
514 enabled: true
515
516 master:
517 network:
518 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]519 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]520 addons:
521 calico_policy:
522 enabled: true
523
524
525
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]526Enable Prometheus metrics in Felix
527
528.. code-block:: yaml
529
530 kubernetes:
531 pool:
532 network:
533 prometheus:
534 enabled: true
535 master:
536 network:
537 prometheus:
538 enabled: true
539
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]540Post deployment configuration
541
542.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]543
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]544 # set ETCD
545 export ETCD_AUTHORITY=10.0.111.201:4001
546
547 # Set NAT for pods subnet
548 calicoctl pool add 192.168.0.0/16 --nat-outgoing
549
550 # Status commands
551 calicoctl status
552 calicoctl node show
553
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]554Kubernetes with GlusterFS for storage
555---------------------------------------------
556
557.. code-block:: yaml
558
559 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]560 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]561 ...
562 storage:
563 engine: glusterfs
564 port: 24007
565 members:
566 - host: 10.0.175.101
567 port: 24007
568 - host: 10.0.175.102
569 port: 24007
570 - host: 10.0.175.103
571 port: 24007
572 ...
573
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]574Kubernetes Storage Class
575------------------------
576
577AWS EBS storageclass integration. It also requires to create IAM policy and profiles for instances and tag all resources by KubernetesCluster in EC2.
578
579.. code-block:: yaml
580
581 kubernetes:
582 common:
583 addons:
584 storageclass:
585 aws_slow:
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]586 enabled: True
587 default: True
588 provisioner: aws-ebs
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]589 name: slow
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]590 type: gp2
591 iopspergb: "10"
592 zones: xxx
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]593 nfs_shared:
594 name: elasti01
595 enabled: True
596 provisioner: nfs
597 spec:
598 name: elastic_data
599 nfs:
600 server: 10.0.0.1
601 path: /exported_path
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]602
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]603Kubernetes namespaces
604---------------------
605
606Create namespace:
607
608.. code-block:: yaml
609
610 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]611 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]612 ...
613 namespace:
614 kube-system:
615 enabled: True
616 namespace2:
617 enabled: True
618 namespace3:
619 enabled: False
620 ...
621
622Kubernetes labels
623-----------------
624
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]625Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]626
627.. code-block:: yaml
628
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]629 kubernetes:
630 master:
631 label:
632 label01:
633 value: value01
634 node: node01
635 enabled: true
636 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]637 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]638
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]639Pull images from private registries
640-----------------------------------
641
642.. code-block:: yaml
643
644 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]645 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]646 ...
647 registry:
648 secret:
649 registry01:
650 enabled: True
651 key: (get from `cat /root/.docker/config.json | base64`)
652 namespace: default
653 ...
654 control:
655 ...
656 service:
657 service01:
658 ...
659 image_pull_secretes: registry01
660 ...
661
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]662Kubernetes Service Definitions in pillars
663==========================================
664
665Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
666
667Deployment manifest
668---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]669
670.. code-block:: yaml
671
672 salt:
673 control:
674 enabled: True
675 hostNetwork: True
676 service:
677 memcached:
678 privileged: True
679 service: memcached
680 role: server
681 type: LoadBalancer
682 replicas: 3
683 kind: Deployment
684 apiVersion: extensions/v1beta1
685 ports:
686 - port: 8774
687 name: nova-api
688 - port: 8775
689 name: nova-metadata
690 volume:
691 volume_name:
692 type: hostPath
693 mount: /certs
694 path: /etc/certs
695 container:
696 memcached:
697 image: memcached
698 tag:2
699 ports:
700 - port: 8774
701 name: nova-api
702 - port: 8775
703 name: nova-metadata
704 variables:
705 - name: HTTP_TLS_CERTIFICATE:
706 value: /certs/domain.crt
707 - name: HTTP_TLS_KEY
708 value: /certs/domain.key
709 volumes:
710 - name: /etc/certs
711 type: hostPath
712 mount: /certs
713 path: /etc/certs
714
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]715PetSet manifest
716---------------------
717
718.. code-block:: yaml
719
720 service:
721 memcached:
722 apiVersion: apps/v1alpha1
723 kind: PetSet
724 service_name: 'memcached'
725 container:
726 memcached:
727 ...
728
729
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]730Configmap
731---------
732
733You are able to create configmaps using support layer between formulas.
734It works simple, eg. in nova formula there's file ``meta/config.yml`` which
735defines config files used by that service and roles.
736
737Kubernetes formula is able to generate these files using custom pillar and
738grains structure. This way you are able to run docker images built by any way
739while still re-using your configuration management.
740
741Example pillar:
742
743.. code-block:: bash
744
745 kubernetes:
746 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]747 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]748 configmap:
749 nova-control:
750 grains:
751 # Alternate grains as OS running in container may differ from
752 # salt minion OS. Needed only if grains matters for config
753 # generation.
754 os_family: Debian
755 pillar:
756 # Generic pillar for nova controller
757 nova:
758 controller:
759 enabled: true
760 versionn: liberty
761 ...
762
763To tell which services supports config generation, you need to ensure pillar
764structure like this to determine support:
765
766.. code-block:: yaml
767
768 nova:
769 _support:
770 config:
771 enabled: true
772
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]773initContainers
774--------------
775
776Example pillar:
777
778.. code-block:: bash
779
780 kubernetes:
781 control:
782 service:
783 memcached:
784 init_containers:
785 - name: test-mysql
786 image: busybox
787 command:
788 - sleep
789 - 3600
790 volumes:
791 - name: config
792 mount: /test
793 - name: test-memcached
794 image: busybox
795 command:
796 - sleep
797 - 3600
798 volumes:
799 - name: config
800 mount: /test
801
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]802Affinity
803--------
804
805podAffinity
806===========
807
808Example pillar:
809
810.. code-block:: bash
811
812 kubernetes:
813 control:
814 service:
815 memcached:
816 affinity:
817 pod_affinity:
818 name: podAffinity
819 expression:
820 label_selector:
821 name: labelSelector
822 selectors:
823 - key: app
824 value: memcached
825 topology_key: kubernetes.io/hostname
826
827podAntiAffinity
828===============
829
830Example pillar:
831
832.. code-block:: bash
833
834 kubernetes:
835 control:
836 service:
837 memcached:
838 affinity:
839 anti_affinity:
840 name: podAntiAffinity
841 expression:
842 label_selector:
843 name: labelSelector
844 selectors:
845 - key: app
846 value: opencontrail-control
847 topology_key: kubernetes.io/hostname
848
849nodeAffinity
850===============
851
852Example pillar:
853
854.. code-block:: bash
855
856 kubernetes:
857 control:
858 service:
859 memcached:
860 affinity:
861 node_affinity:
862 name: nodeAffinity
863 expression:
864 match_expressions:
865 name: matchExpressions
866 selectors:
867 - key: key
868 operator: In
869 values:
870 - value1
871 - value2
872
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]873Volumes
874-------
875
876hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]877==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]878
879.. code-block:: yaml
880
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]881 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]882 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]883 container:
884 memcached:
885 volumes:
886 - name: volume1
887 mountPath: /volume
888 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]889 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]890 volume:
891 volume1:
892 name: /etc/certs
893 type: hostPath
894 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]895
896emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]897========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]898
899.. code-block:: yaml
900
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]901 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]902 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]903 container:
904 memcached:
905 volumes:
906 - name: volume1
907 mountPath: /volume
908 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]909 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]910 volume:
911 volume1:
912 name: /etc/certs
913 type: emptyDir
914
915configMap
916=========
917
918.. code-block:: yaml
919
920 service:
921 memcached:
922 container:
923 memcached:
924 volumes:
925 - name: volume1
926 mountPath: /volume
927 readOnly: True
928 ...
929 volume:
930 volume1:
931 type: config_map
932 item:
933 configMap1:
934 key: config.conf
935 path: config.conf
936 configMap2:
937 key: policy.json
938 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]939
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]940To mount single configuration file instead of whole directory:
941
942.. code-block:: yaml
943
944 service:
945 memcached:
946 container:
947 memcached:
948 volumes:
949 - name: volume1
950 mountPath: /volume/config.conf
951 sub_path: config.conf
952
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]953Generating Jobs
954===============
955
956Example pillar:
957
958.. code-block:: yaml
959
960 kubernetes:
961 control:
962 job:
963 sleep:
964 job: sleep
965 restart_policy: Never
966 container:
967 sleep:
968 image: busybox
969 tag: latest
970 command:
971 - sleep
972 - "3600"
973
974Volumes and Variables can be used as the same way as during Deployment generation.
975
976Custom params:
977
978.. code-block:: yaml
979
980 kubernetes:
981 control:
982 job:
983 host_network: True
984 host_pid: True
985 container:
986 sleep:
987 privileged: True
988 node_selector:
989 key: node
990 value: one
991 image_pull_secretes: password
992
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]993
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]994More Information
995================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]996
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]997* https://github.com/Juniper/kubernetes/blob
998/opencontrail-integration/docs /getting-started-guides/opencontrail.md
999* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1000
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]1001
1002Documentation and Bugs
1003======================
1004
1005To learn how to install and update salt-formulas, consult the documentation
1006available online at:
1007
1008 http://salt-formulas.readthedocs.io/
1009
1010In the unfortunate event that bugs are discovered, they should be reported to
1011the appropriate issue tracker. Use Github issue tracker for specific salt
1012formula:
1013
1014 https://github.com/salt-formulas/salt-formula-kubernetes/issues
1015
1016For feature requests, bug reports or blueprints affecting entire ecosystem,
1017use Launchpad salt-formulas project:
1018
1019 https://launchpad.net/salt-formulas
1020
1021You can also join salt-formulas-users team and subscribe to mailing list:
1022
1023 https://launchpad.net/~salt-formulas-users
1024
1025Developers wishing to work on the salt-formulas projects should always base
1026their work on master branch and submit pull request against specific formula.
1027
1028 https://github.com/salt-formulas/salt-formula-kubernetes
1029
1030Any questions or feedback is always welcome so feel free to join our IRC
1031channel:
1032
1033 #salt-formulas @ irc.freenode.net