Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 80b0e7797a09cabaa8def6854cf4f00b5cc072d8 / . / README.rst
blob: e157e20a4f31bc17327c700b749ca8696e05b7b7 [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1==================
2Kubernetes Formula
3==================
4
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]5Kubernetes is an open-source system for automating deployment, scaling, and
6management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]7ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]8
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]9You can download `kubectl` configuration and connect to your cluster. However,
10keep in mind `kubernetes_control_address` needs to be accessible from your computer:
11
12.. code-block:: yaml
13
14 mkdir -p ~/.kube
15 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
Tomáš Kukrál8ee2bc52017-07-31 17:51:20 +0200[diff] [blame]16 ssh cfg01 "sudo ssh ctl01 /etc/kubernetes/kubeconfig.sh" > ~/.kube/config
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]17 kubectl get no
18
19
20`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]21
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]22Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]23==============
24
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]25**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
26
27.. code-block:: yaml
28
29 parameters:
30 kubernetes:
31 common:
32 hyperkube:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]33 image: gcr.io/google_containers/hyperkube:v1.6.5
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]34 pool:
35 network:
36 calicoctl:
37 image: calico/ctl
38 cni:
39 image: calico/cni
40
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]41Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]42
43.. code-block:: yaml
44
45 parameters:
46 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]47 common:
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]48 addons:
49 helm:
50 enabled: true
51
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]52Enable calico-policy addon
53
54.. code-block:: yaml
55
56 parameters:
57 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]58 common:
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]59 addons:
60 calico_policy:
61 enabled: true
62
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]63Enable virtlet addon
64
65.. code-block:: yaml
66
67 parameters:
68 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]69 common:
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]70 addons:
71 virtlet:
72 enabled: true
73 namespace: kube-system
Andrey Shestakov655034e2017-09-15 12:30:28 +0300[diff] [blame]74 image: mirantis/virtlet:v0.8.0
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]75 hosts:
76 - cmp01
77 - cmp02
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]78
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]79Enable netchecker addon
80
81.. code-block:: yaml
82
83 parameters:
84 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]85 common:
86 addons:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]87 netchecker:
88 enabled: true
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]89 master:
90 namespace:
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]94Enable Kubenetes Federation control plane
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 federation:
102 enabled: True
103 name: federation
104 namespace: federation-system
105 source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
106 hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
107 service_type: NodePort
108 dns_provider: coredns
109 childclusters:
110 - secondcluster.mydomain
111 - thirdcluster.mydomain
112
Matthew Mosesohn3be5dd92017-08-25 16:54:51 +0300[diff] [blame]113Enable external DNS addon with CoreDNS provider
114
115.. code-block:: yaml
116
117 parameters:
118 kubernetes:
119 common:
120 addons:
121 externaldns:
122 coredns:
123 enabled: True
124 externaldns:
125 enabled: True
126 domain: company.mydomain
127 provider: coredns
128
Andrey Shestakov79f4af02017-09-15 21:02:55 +0300[diff] [blame]129Enable external DNS addon with Designate provider
130
131.. code-block:: yaml
132
133 parameters:
134 kubernetes:
135 common:
136 addons:
137 externaldns:
138 externaldns:
139 enabled: True
140 domain: company.mydomain
141 provider: designate
142 designate_os_options:
143 OS_AUTH_URL: https://keystone_auth_endpoint:5000
144 OS_PROJECT_DOMAIN_NAME: default
145 OS_USER_DOMAIN_NAME: default
146 OS_PROJECT_NAME: admin
147 OS_USERNAME: admin
148 OS_PASSWORD: password
149 OS_REGION_NAME: RegionOne
150
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]151Enable OpenStack cloud provider
152
153.. code-block:: yaml
154
155 parameters:
156 kubernetes:
157 common:
158 cloudprovider:
159 enabled: True
Tomáš Kukrál10b15672017-09-05 10:08:46 +0200[diff] [blame]160 provider: openstack
Matthew Mosesohn19903512017-08-31 19:38:19 +0300[diff] [blame]161 params:
162 auth_url: https://openstack.mydomain:5000/v3
163 username: nova
164 password: nova
165 region: RegionOne
166 tenant_id: 4bce4162d8744c599e350099cfa22a0a
167 domain_name: default
168 subnet_id: 72407854-aca6-4cf1-b873-e9affb09484b
169 lb_version: v2
170
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]171Configure service verbosity
172
173.. code-block:: yaml
174
175 parameters:
176 kubernetes:
177 master:
178 verbosity: 2
179 pool:
180 verbosity: 2
181
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]182Set cluster name and domain
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]183
184.. code-block:: yaml
185
186 parameters:
187 kubernetes:
188 common:
189 kubernetes_cluster_domain: mycluster.domain
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]190 cluster_name : mycluster
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]191
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]192Enable autoscaler for dns addon. Poll period can be skipped.
193
194.. code-block:: yaml
195
196 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]197 common:
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]198 addons:
199 dns:
200 domain: cluster.local
201 enabled: true
202 replicas: 1
203 server: 10.254.0.10
204 autoscaler:
205 enabled: true
206 poll-period-seconds: 60
207
208
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]209Pass aditional parameters to daemons:
210
211.. code-block:: yaml
212
213 parameters:
214 kubernetes:
215 master:
216 apiserver:
217 daemon_opts:
218 storage-backend: pigeon
219 controller_manager:
220 daemon_opts:
221 log-dir: /dev/nulL
222 pool:
223 kubelet:
224 daemon_opts:
225 max-pods: "6"
226
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]227
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]228Containers on pool definitions in pool.service.local
229
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]230.. code-block:: yaml
231
232 parameters:
233 kubernetes:
234 pool:
235 service:
236 local:
237 enabled: False
238 service: libvirt
239 cluster: openstack-compute
240 namespace: default
241 role: ${linux:system:name}
242 type: LoadBalancer
243 kind: Deployment
244 apiVersion: extensions/v1beta1
245 replicas: 1
246 host_pid: True
247 nodeSelector:
248 - key: openstack
249 value: ${linux:system:name}
250 hostNetwork: True
251 container:
252 libvirt-compute:
253 privileged: True
254 image: ${_param:docker_repository}/libvirt-compute
255 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]256
257Master definition
258
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]259.. code-block:: yaml
260
261 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]262 common:
Matthew Mosesohn32ec04a2017-07-17 19:53:47 +0300[diff] [blame]263 cluster_name: cluster
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]264 addons:
265 dns:
266 domain: cluster.local
267 enabled: true
268 replicas: 1
269 server: 10.254.0.10
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]270 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]271 admin:
272 password: password
273 username: admin
274 apiserver:
275 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]276 secure_port: 443
277 insecure_address: 127.0.0.1
278 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]279 ca: kubernetes
280 enabled: true
281 etcd:
282 host: 127.0.0.1
283 members:
284 - host: 10.0.175.100
285 name: node040
286 name: node040
287 token: ca939ec9c2a17b0786f6d411fe019e9b
288 kubelet:
289 allow_privileged: true
290 network:
291 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]292 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]293 hash: fb5e30ebe6154911a66ec3fb5f1195b2
294 private_ip_range: 10.150.0.0/16
295 version: v0.19.0
296 service_addresses: 10.254.0.0/16
297 storage:
298 engine: glusterfs
299 members:
300 - host: 10.0.175.101
301 port: 24007
302 - host: 10.0.175.102
303 port: 24007
304 - host: 10.0.175.103
305 port: 24007
306 port: 24007
307 token:
308 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
309 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
310 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
311 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
312 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
313 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
314 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
315 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
316 version: v1.2.4
317
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]318
319 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]320 pool:
321 address: 0.0.0.0
322 allow_privileged: true
323 ca: kubernetes
324 cluster_dns: 10.254.0.10
325 cluster_domain: cluster.local
326 enabled: true
327 kubelet:
328 allow_privileged: true
329 config: /etc/kubernetes/manifests
330 frequency: 5s
331 master:
332 apiserver:
333 members:
334 - host: 10.0.175.100
335 etcd:
336 members:
337 - host: 10.0.175.100
338 host: 10.0.175.100
339 network:
340 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]341 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]342 hash: fb5e30ebe6154911a66ec3fb5f1195b2
343 version: v0.19.0
344 token:
345 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
346 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
347 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]348
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]349
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]350Kubernetes with OpenContrail network plugin
351------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]352
353On Master:
354
355.. code-block:: yaml
356
357 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]358 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]359 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]360 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]361 enabled: true
362 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]363 image: yashulyak/contrail-controller:latest
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]364 master:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]365 network:
366 engine: opencontrail
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]367 default_domain: default-domain
368 default_project: default-domain:default-project
369 public_network: default-domain:default-project:Public
370 public_ip_range: 185.22.97.128/26
371 private_ip_range: 10.150.0.0/16
372 service_cluster_ip_range: 10.254.0.0/16
373 network_label: name
374 service_label: uses
375 cluster_service: kube-system/default
Tomáš Kukrál0eefee72017-07-18 13:17:27 +0200[diff] [blame]376 config:
377 api:
378 host: 10.0.170.70
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]379On pools:
380
381.. code-block:: yaml
382
383 kubernetes:
384 pool:
385 network:
386 engine: opencontrail
387
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]388
389Dashboard public IP must be configured when Contrail network is used:
390
391.. code-block:: yaml
392
393 kubernetes:
Sergii Golovatiuk707f7d82017-08-07 15:49:23 +0200[diff] [blame]394 common:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]395 addons:
396 public_ip: 1.1.1.1
397
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]398Kubernetes control plane running in systemd
399-------------------------------------------
400
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]401By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]402
403.. code-block:: yaml
404
405 kubernetes:
406 master:
407 container: false
408
409 kubernetes:
410 pool:
411 container: false
412
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]413Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
414
415.. code-block:: yaml
416
417 kubernetes:
418 master:
419 apiserver:
420 secure_port: 8081
421
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]422Kubernetes with Flannel
423-----------------------
424
425On Master:
426
427.. code-block:: yaml
428
429 kubernetes:
430 master:
431 network:
432 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]433 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]434 etcd:
435 members:
436 - host: 10.0.175.101
437 port: 4001
438 - host: 10.0.175.102
439 port: 4001
440 - host: 10.0.175.103
441 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]442 common:
443 network:
444 engine: flannel
445
446On pools:
447
448.. code-block:: yaml
449
450 kubernetes:
451 pool:
452 network:
453 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]454 etcd:
455 members:
456 - host: 10.0.175.101
457 port: 4001
458 - host: 10.0.175.102
459 port: 4001
460 - host: 10.0.175.103
461 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]462 common:
463 network:
464 engine: flannel
465
466Kubernetes with Calico
467-----------------------
468
469On Master:
470
471.. code-block:: yaml
472
473 kubernetes:
474 master:
475 network:
476 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]477 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]478 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]479 etcd:
480 members:
481 - host: 10.0.175.101
482 port: 4001
483 - host: 10.0.175.102
484 port: 4001
485 - host: 10.0.175.103
486 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]487
488On pools:
489
490.. code-block:: yaml
491
492 kubernetes:
493 pool:
494 network:
495 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]496 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]497 etcd:
498 members:
499 - host: 10.0.175.101
500 port: 4001
501 - host: 10.0.175.102
502 port: 4001
503 - host: 10.0.175.103
504 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]505
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]506Running with secured etcd:
507
508.. code-block:: yaml
509
510 kubernetes:
511 pool:
512 network:
513 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]514 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]515 etcd:
516 ssl:
517 enabled: true
518 master:
519 network:
520 engine: calico
521 etcd:
522 ssl:
523 enabled: true
524
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]525Running with calico-policy controller:
526
527.. code-block:: yaml
528
529 kubernetes:
530 pool:
531 network:
532 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]533 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]534 addons:
535 calico_policy:
536 enabled: true
537
538 master:
539 network:
540 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]541 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]542 addons:
543 calico_policy:
544 enabled: true
545
546
547
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]548Enable Prometheus metrics in Felix
549
550.. code-block:: yaml
551
552 kubernetes:
553 pool:
554 network:
555 prometheus:
556 enabled: true
557 master:
558 network:
559 prometheus:
560 enabled: true
561
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]562Post deployment configuration
563
564.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]565
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]566 # set ETCD
567 export ETCD_AUTHORITY=10.0.111.201:4001
568
569 # Set NAT for pods subnet
570 calicoctl pool add 192.168.0.0/16 --nat-outgoing
571
572 # Status commands
573 calicoctl status
574 calicoctl node show
575
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]576Kubernetes with GlusterFS for storage
577---------------------------------------------
578
579.. code-block:: yaml
580
581 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]582 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]583 ...
584 storage:
585 engine: glusterfs
586 port: 24007
587 members:
588 - host: 10.0.175.101
589 port: 24007
590 - host: 10.0.175.102
591 port: 24007
592 - host: 10.0.175.103
593 port: 24007
594 ...
595
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]596Kubernetes Storage Class
597------------------------
598
599AWS EBS storageclass integration. It also requires to create IAM policy and profiles for instances and tag all resources by KubernetesCluster in EC2.
600
601.. code-block:: yaml
602
603 kubernetes:
604 common:
605 addons:
606 storageclass:
607 aws_slow:
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]608 enabled: True
609 default: True
610 provisioner: aws-ebs
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]611 name: slow
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]612 type: gp2
613 iopspergb: "10"
614 zones: xxx
Petr Michalec52d4e1f2017-09-11 17:50:54 +0200[diff] [blame]615 nfs_shared:
616 name: elasti01
617 enabled: True
618 provisioner: nfs
619 spec:
620 name: elastic_data
621 nfs:
622 server: 10.0.0.1
623 path: /exported_path
Jakub Pavlik5b043a22017-09-05 09:33:58 +0200[diff] [blame]624
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]625Kubernetes namespaces
626---------------------
627
628Create namespace:
629
630.. code-block:: yaml
631
632 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]633 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]634 ...
635 namespace:
636 kube-system:
637 enabled: True
638 namespace2:
639 enabled: True
640 namespace3:
641 enabled: False
642 ...
643
644Kubernetes labels
645-----------------
646
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]647Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]648
649.. code-block:: yaml
650
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]651 kubernetes:
652 master:
653 label:
654 label01:
655 value: value01
656 node: node01
657 enabled: true
658 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]659 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]660
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]661Pull images from private registries
662-----------------------------------
663
664.. code-block:: yaml
665
666 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]667 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]668 ...
669 registry:
670 secret:
671 registry01:
672 enabled: True
673 key: (get from `cat /root/.docker/config.json | base64`)
674 namespace: default
675 ...
676 control:
677 ...
678 service:
679 service01:
680 ...
681 image_pull_secretes: registry01
682 ...
683
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]684Kubernetes Service Definitions in pillars
685==========================================
686
687Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
688
689Deployment manifest
690---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]691
692.. code-block:: yaml
693
694 salt:
695 control:
696 enabled: True
697 hostNetwork: True
698 service:
699 memcached:
700 privileged: True
701 service: memcached
702 role: server
703 type: LoadBalancer
704 replicas: 3
705 kind: Deployment
706 apiVersion: extensions/v1beta1
707 ports:
708 - port: 8774
709 name: nova-api
710 - port: 8775
711 name: nova-metadata
712 volume:
713 volume_name:
714 type: hostPath
715 mount: /certs
716 path: /etc/certs
717 container:
718 memcached:
719 image: memcached
720 tag:2
721 ports:
722 - port: 8774
723 name: nova-api
724 - port: 8775
725 name: nova-metadata
726 variables:
727 - name: HTTP_TLS_CERTIFICATE:
728 value: /certs/domain.crt
729 - name: HTTP_TLS_KEY
730 value: /certs/domain.key
731 volumes:
732 - name: /etc/certs
733 type: hostPath
734 mount: /certs
735 path: /etc/certs
736
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]737PetSet manifest
738---------------------
739
740.. code-block:: yaml
741
742 service:
743 memcached:
744 apiVersion: apps/v1alpha1
745 kind: PetSet
746 service_name: 'memcached'
747 container:
748 memcached:
749 ...
750
751
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]752Configmap
753---------
754
755You are able to create configmaps using support layer between formulas.
756It works simple, eg. in nova formula there's file ``meta/config.yml`` which
757defines config files used by that service and roles.
758
759Kubernetes formula is able to generate these files using custom pillar and
760grains structure. This way you are able to run docker images built by any way
761while still re-using your configuration management.
762
763Example pillar:
764
765.. code-block:: bash
766
767 kubernetes:
768 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]769 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]770 configmap:
771 nova-control:
772 grains:
773 # Alternate grains as OS running in container may differ from
774 # salt minion OS. Needed only if grains matters for config
775 # generation.
776 os_family: Debian
777 pillar:
778 # Generic pillar for nova controller
779 nova:
780 controller:
781 enabled: true
782 versionn: liberty
783 ...
784
785To tell which services supports config generation, you need to ensure pillar
786structure like this to determine support:
787
788.. code-block:: yaml
789
790 nova:
791 _support:
792 config:
793 enabled: true
794
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]795initContainers
796--------------
797
798Example pillar:
799
800.. code-block:: bash
801
802 kubernetes:
803 control:
804 service:
805 memcached:
806 init_containers:
807 - name: test-mysql
808 image: busybox
809 command:
810 - sleep
811 - 3600
812 volumes:
813 - name: config
814 mount: /test
815 - name: test-memcached
816 image: busybox
817 command:
818 - sleep
819 - 3600
820 volumes:
821 - name: config
822 mount: /test
823
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]824Affinity
825--------
826
827podAffinity
828===========
829
830Example pillar:
831
832.. code-block:: bash
833
834 kubernetes:
835 control:
836 service:
837 memcached:
838 affinity:
839 pod_affinity:
840 name: podAffinity
841 expression:
842 label_selector:
843 name: labelSelector
844 selectors:
845 - key: app
846 value: memcached
847 topology_key: kubernetes.io/hostname
848
849podAntiAffinity
850===============
851
852Example pillar:
853
854.. code-block:: bash
855
856 kubernetes:
857 control:
858 service:
859 memcached:
860 affinity:
861 anti_affinity:
862 name: podAntiAffinity
863 expression:
864 label_selector:
865 name: labelSelector
866 selectors:
867 - key: app
868 value: opencontrail-control
869 topology_key: kubernetes.io/hostname
870
871nodeAffinity
872===============
873
874Example pillar:
875
876.. code-block:: bash
877
878 kubernetes:
879 control:
880 service:
881 memcached:
882 affinity:
883 node_affinity:
884 name: nodeAffinity
885 expression:
886 match_expressions:
887 name: matchExpressions
888 selectors:
889 - key: key
890 operator: In
891 values:
892 - value1
893 - value2
894
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]895Volumes
896-------
897
898hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]899==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]900
901.. code-block:: yaml
902
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]903 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]904 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]905 container:
906 memcached:
907 volumes:
908 - name: volume1
909 mountPath: /volume
910 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]911 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]912 volume:
913 volume1:
914 name: /etc/certs
915 type: hostPath
916 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]917
918emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]919========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]920
921.. code-block:: yaml
922
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]923 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]924 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]925 container:
926 memcached:
927 volumes:
928 - name: volume1
929 mountPath: /volume
930 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]931 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]932 volume:
933 volume1:
934 name: /etc/certs
935 type: emptyDir
936
937configMap
938=========
939
940.. code-block:: yaml
941
942 service:
943 memcached:
944 container:
945 memcached:
946 volumes:
947 - name: volume1
948 mountPath: /volume
949 readOnly: True
950 ...
951 volume:
952 volume1:
953 type: config_map
954 item:
955 configMap1:
956 key: config.conf
957 path: config.conf
958 configMap2:
959 key: policy.json
960 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]961
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]962To mount single configuration file instead of whole directory:
963
964.. code-block:: yaml
965
966 service:
967 memcached:
968 container:
969 memcached:
970 volumes:
971 - name: volume1
972 mountPath: /volume/config.conf
973 sub_path: config.conf
974
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]975Generating Jobs
976===============
977
978Example pillar:
979
980.. code-block:: yaml
981
982 kubernetes:
983 control:
984 job:
985 sleep:
986 job: sleep
987 restart_policy: Never
988 container:
989 sleep:
990 image: busybox
991 tag: latest
992 command:
993 - sleep
994 - "3600"
995
996Volumes and Variables can be used as the same way as during Deployment generation.
997
998Custom params:
999
1000.. code-block:: yaml
1001
1002 kubernetes:
1003 control:
1004 job:
1005 host_network: True
1006 host_pid: True
1007 container:
1008 sleep:
1009 privileged: True
1010 node_selector:
1011 key: node
1012 value: one
1013 image_pull_secretes: password
1014
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1015
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]1016More Information
1017================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1018
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]1019* https://github.com/Juniper/kubernetes/blob
1020/opencontrail-integration/docs /getting-started-guides/opencontrail.md
1021* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]1022
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]1023
1024Documentation and Bugs
1025======================
1026
1027To learn how to install and update salt-formulas, consult the documentation
1028available online at:
1029
1030 http://salt-formulas.readthedocs.io/
1031
1032In the unfortunate event that bugs are discovered, they should be reported to
1033the appropriate issue tracker. Use Github issue tracker for specific salt
1034formula:
1035
1036 https://github.com/salt-formulas/salt-formula-kubernetes/issues
1037
1038For feature requests, bug reports or blueprints affecting entire ecosystem,
1039use Launchpad salt-formulas project:
1040
1041 https://launchpad.net/salt-formulas
1042
1043You can also join salt-formulas-users team and subscribe to mailing list:
1044
1045 https://launchpad.net/~salt-formulas-users
1046
1047Developers wishing to work on the salt-formulas projects should always base
1048their work on master branch and submit pull request against specific formula.
1049
1050 https://github.com/salt-formulas/salt-formula-kubernetes
1051
1052Any questions or feedback is always welcome so feel free to join our IRC
1053channel:
1054
1055 #salt-formulas @ irc.freenode.net