Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / 842895d7ec19ef588079aa3d2e63cae516faf1c2 / . / README.rst
blob: 6848d4eb2266865c60da91511cb80fbcb8077782 [file] [log] [blame]
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]1
2==================
3Kubernetes Formula
4==================
5
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]6Kubernetes is an open-source system for automating deployment, scaling, and
7management of containerized applications. This formula deploys production
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]8ready Kubernetes and generate Kubernetes manifests as well.
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]9
Tomáš Kukrálf1fcc272017-06-15 10:14:16 +0200[diff] [blame]10You can download `kubectl` configuration and connect to your cluster. However,
11keep in mind `kubernetes_control_address` needs to be accessible from your computer:
12
13.. code-block:: yaml
14
15 mkdir -p ~/.kube
16 [ -f ~/.kube/config ] && cp -v ~/.kube/config ~/.kube/config-backup
17 ssh cfg01 "sudo ssh ctl01 /etc/kubenetes/kubeconfig.sh" > ~/.kube/config
18 kubectl get no
19
20
21`cfg01` is Salt master node and `ctl01` is one of Kubernetes masters
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]22
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]23Sample Pillars
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]24==============
25
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]26**REQUIRED:** Define image to use for hyperkube, CNIs and calicoctl image
27
28.. code-block:: yaml
29
30 parameters:
31 kubernetes:
32 common:
33 hyperkube:
Tomáš Kukrála636f0e2017-03-21 11:09:55 +0100[diff] [blame]34 image: gcr.io/google_containers/hyperkube:v1.5.2
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]35 pool:
36 network:
37 calicoctl:
38 image: calico/ctl
39 cni:
40 image: calico/cni
41
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]42Enable helm-tiller addon
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]43
44.. code-block:: yaml
45
46 parameters:
47 kubernetes:
48 master:
49 addons:
50 helm:
51 enabled: true
52
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]53Enable calico-policy addon
54
55.. code-block:: yaml
56
57 parameters:
58 kubernetes:
59 master:
60 addons:
61 calico_policy:
62 enabled: true
63
Jakub Pavlikc1d11e52017-06-23 11:09:20 +0200[diff] [blame]64Enable virtlet addon
65
66.. code-block:: yaml
67
68 parameters:
69 kubernetes:
70 master:
71 addons:
72 virtlet:
73 enabled: true
74 namespace: kube-system
75 hosts:
76 - cmp01
77 - cmp02
78 image: mirantis/virtlet:latest
79
Tomáš Kukrál25a64d72017-03-23 14:14:07 +0100[diff] [blame]80Enable netchecker addon
81
82.. code-block:: yaml
83
84 parameters:
85 kubernetes:
86 master:
87 namespace:
88 netchecker:
89 enabled: true
90 addons:
91 netchecker:
92 enabled: true
Tomáš Kukrál1b50f772017-03-23 12:51:32 +0100[diff] [blame]93
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]94Configure service verbosity
95
96.. code-block:: yaml
97
98 parameters:
99 kubernetes:
100 master:
101 verbosity: 2
102 pool:
103 verbosity: 2
104
Matthew Mosesohn0f7bee42017-07-17 13:52:16 +0300[diff] [blame]105Set cluster domain
106
107.. code-block:: yaml
108
109 parameters:
110 kubernetes:
111 common:
112 kubernetes_cluster_domain: mycluster.domain
113
Tomáš Kukrálaff35262017-04-18 12:37:45 +0200[diff] [blame]114Enable autoscaler for dns addon. Poll period can be skipped.
115
116.. code-block:: yaml
117
118 kubernetes:
119 master:
120 addons:
121 dns:
122 domain: cluster.local
123 enabled: true
124 replicas: 1
125 server: 10.254.0.10
126 autoscaler:
127 enabled: true
128 poll-period-seconds: 60
129
130
Tomáš Kukrál6ef3f892017-02-15 12:02:22 +0100[diff] [blame]131Pass aditional parameters to daemons:
132
133.. code-block:: yaml
134
135 parameters:
136 kubernetes:
137 master:
138 apiserver:
139 daemon_opts:
140 storage-backend: pigeon
141 controller_manager:
142 daemon_opts:
143 log-dir: /dev/nulL
144 pool:
145 kubelet:
146 daemon_opts:
147 max-pods: "6"
148
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]149
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]150Containers on pool definitions in pool.service.local
151
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]152.. code-block:: yaml
153
154 parameters:
155 kubernetes:
156 pool:
157 service:
158 local:
159 enabled: False
160 service: libvirt
161 cluster: openstack-compute
162 namespace: default
163 role: ${linux:system:name}
164 type: LoadBalancer
165 kind: Deployment
166 apiVersion: extensions/v1beta1
167 replicas: 1
168 host_pid: True
169 nodeSelector:
170 - key: openstack
171 value: ${linux:system:name}
172 hostNetwork: True
173 container:
174 libvirt-compute:
175 privileged: True
176 image: ${_param:docker_repository}/libvirt-compute
177 tag: ${_param:openstack_container_tag}
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]178
179Master definition
180
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]181.. code-block:: yaml
182
183 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]184 master:
185 addons:
186 dns:
187 domain: cluster.local
188 enabled: true
189 replicas: 1
190 server: 10.254.0.10
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]191 admin:
192 password: password
193 username: admin
194 apiserver:
195 address: 10.0.175.100
Swann Croisetff97efc2017-02-23 13:32:33 +0100[diff] [blame]196 secure_port: 443
197 insecure_address: 127.0.0.1
198 insecure_port: 8080
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]199 ca: kubernetes
200 enabled: true
201 etcd:
202 host: 127.0.0.1
203 members:
204 - host: 10.0.175.100
205 name: node040
206 name: node040
207 token: ca939ec9c2a17b0786f6d411fe019e9b
208 kubelet:
209 allow_privileged: true
210 network:
211 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]212 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]213 hash: fb5e30ebe6154911a66ec3fb5f1195b2
214 private_ip_range: 10.150.0.0/16
215 version: v0.19.0
216 service_addresses: 10.254.0.0/16
217 storage:
218 engine: glusterfs
219 members:
220 - host: 10.0.175.101
221 port: 24007
222 - host: 10.0.175.102
223 port: 24007
224 - host: 10.0.175.103
225 port: 24007
226 port: 24007
227 token:
228 admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
229 controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
230 dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
231 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
232 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
233 logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
234 monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
235 scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
236 version: v1.2.4
237
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]238
239 kubernetes:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]240 pool:
241 address: 0.0.0.0
242 allow_privileged: true
243 ca: kubernetes
244 cluster_dns: 10.254.0.10
245 cluster_domain: cluster.local
246 enabled: true
247 kubelet:
248 allow_privileged: true
249 config: /etc/kubernetes/manifests
250 frequency: 5s
251 master:
252 apiserver:
253 members:
254 - host: 10.0.175.100
255 etcd:
256 members:
257 - host: 10.0.175.100
258 host: 10.0.175.100
259 network:
260 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]261 mtu: 1500
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]262 hash: fb5e30ebe6154911a66ec3fb5f1195b2
263 version: v0.19.0
264 token:
265 kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
266 kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
267 version: v1.2.4
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]268
Tomáš Kukrálbc3623e2017-03-23 18:24:06 +0100[diff] [blame]269
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]270Kubernetes with OpenContrail network plugin
271------------------------------------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]272
273On Master:
274
275.. code-block:: yaml
276
277 kubernetes:
278 master:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]279 addons:
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]280 contrail_network_controller:
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]281 enabled: true
282 namespace: kube-system
Matthew Mosesohn6f4f6c02017-07-03 16:58:50 +0300[diff] [blame]283 image: yashulyak/contrail-controller:latest
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]284 network:
285 engine: opencontrail
286 host: 10.0.170.70
287 port: 8082
288 default_domain: default-domain
289 default_project: default-domain:default-project
290 public_network: default-domain:default-project:Public
291 public_ip_range: 185.22.97.128/26
292 private_ip_range: 10.150.0.0/16
293 service_cluster_ip_range: 10.254.0.0/16
294 network_label: name
295 service_label: uses
296 cluster_service: kube-system/default
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]297On pools:
298
299.. code-block:: yaml
300
301 kubernetes:
302 pool:
303 network:
304 engine: opencontrail
305
Tomáš Kukrál13b1edb2017-06-08 16:47:34 +0200[diff] [blame]306
307Dashboard public IP must be configured when Contrail network is used:
308
309.. code-block:: yaml
310
311 kubernetes:
312 master:
313 addons:
314 public_ip: 1.1.1.1
315
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]316Kubernetes control plane running in systemd
317-------------------------------------------
318
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]319By default kube-apiserver, kube-scheduler, kube-controllermanager, kube-proxy, etcd running in docker containers through manifests. For stable production environment this should be run in systemd.
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]320
321.. code-block:: yaml
322
323 kubernetes:
324 master:
325 container: false
326
327 kubernetes:
328 pool:
329 container: false
330
marco055ff852016-07-27 15:22:33 +0200[diff] [blame]331Because k8s services run under kube user without root privileges, there is need to change secure port for apiserver.
332
333.. code-block:: yaml
334
335 kubernetes:
336 master:
337 apiserver:
338 secure_port: 8081
339
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]340Kubernetes with Flannel
341-----------------------
342
343On Master:
344
345.. code-block:: yaml
346
347 kubernetes:
348 master:
349 network:
350 engine: flannel
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]351 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]352 etcd:
353 members:
354 - host: 10.0.175.101
355 port: 4001
356 - host: 10.0.175.102
357 port: 4001
358 - host: 10.0.175.103
359 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]360 common:
361 network:
362 engine: flannel
363
364On pools:
365
366.. code-block:: yaml
367
368 kubernetes:
369 pool:
370 network:
371 engine: flannel
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]372 etcd:
373 members:
374 - host: 10.0.175.101
375 port: 4001
376 - host: 10.0.175.102
377 port: 4001
378 - host: 10.0.175.103
379 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]380 common:
381 network:
382 engine: flannel
383
384Kubernetes with Calico
385-----------------------
386
387On Master:
388
389.. code-block:: yaml
390
391 kubernetes:
392 master:
393 network:
394 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]395 mtu: 1500
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]396 # If you don't register master as node:
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]397 etcd:
398 members:
399 - host: 10.0.175.101
400 port: 4001
401 - host: 10.0.175.102
402 port: 4001
403 - host: 10.0.175.103
404 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]405
406On pools:
407
408.. code-block:: yaml
409
410 kubernetes:
411 pool:
412 network:
413 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]414 mtu: 1500
marcoa05621f2016-07-14 10:35:24 +0200[diff] [blame]415 etcd:
416 members:
417 - host: 10.0.175.101
418 port: 4001
419 - host: 10.0.175.102
420 port: 4001
421 - host: 10.0.175.103
422 port: 4001
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]423
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]424Running with secured etcd:
425
426.. code-block:: yaml
427
428 kubernetes:
429 pool:
430 network:
431 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]432 mtu: 1500
Tomáš Kukrál34c59362017-03-01 14:00:37 +0100[diff] [blame]433 etcd:
434 ssl:
435 enabled: true
436 master:
437 network:
438 engine: calico
439 etcd:
440 ssl:
441 enabled: true
442
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]443Running with calico-policy controller:
444
445.. code-block:: yaml
446
447 kubernetes:
448 pool:
449 network:
450 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]451 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]452 addons:
453 calico_policy:
454 enabled: true
455
456 master:
457 network:
458 engine: calico
Matthew Mosesohn3d8c1112017-06-06 16:25:46 +0300[diff] [blame]459 mtu: 1500
Matthew Mosesohnbf9d3fb2017-05-17 16:17:02 +0300[diff] [blame]460 addons:
461 calico_policy:
462 enabled: true
463
464
465
Tomáš Kukrál7e91a942017-03-23 16:02:52 +0100[diff] [blame]466Enable Prometheus metrics in Felix
467
468.. code-block:: yaml
469
470 kubernetes:
471 pool:
472 network:
473 prometheus:
474 enabled: true
475 master:
476 network:
477 prometheus:
478 enabled: true
479
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]480Post deployment configuration
481
482.. code-block:: bash
Jakub Pavlik232833c2016-07-17 13:21:00 +0200[diff] [blame]483
Jakub Pavlik7e985322016-07-17 13:16:15 +0200[diff] [blame]484 # set ETCD
485 export ETCD_AUTHORITY=10.0.111.201:4001
486
487 # Set NAT for pods subnet
488 calicoctl pool add 192.168.0.0/16 --nat-outgoing
489
490 # Status commands
491 calicoctl status
492 calicoctl node show
493
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]494Kubernetes with GlusterFS for storage
495---------------------------------------------
496
497.. code-block:: yaml
498
499 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]500 master:
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]501 ...
502 storage:
503 engine: glusterfs
504 port: 24007
505 members:
506 - host: 10.0.175.101
507 port: 24007
508 - host: 10.0.175.102
509 port: 24007
510 - host: 10.0.175.103
511 port: 24007
512 ...
513
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]514Kubernetes namespaces
515---------------------
516
517Create namespace:
518
519.. code-block:: yaml
520
521 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]522 master:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]523 ...
524 namespace:
525 kube-system:
526 enabled: True
527 namespace2:
528 enabled: True
529 namespace3:
530 enabled: False
531 ...
532
533Kubernetes labels
534-----------------
535
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]536Label node:
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]537
538.. code-block:: yaml
539
Marek Celoud901020b2017-01-27 14:51:41 +0100[diff] [blame]540 kubernetes:
541 master:
542 label:
543 label01:
544 value: value01
545 node: node01
546 enabled: true
547 key: key01
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]548 ...
marco45fc1b72016-07-02 16:11:18 +0200[diff] [blame]549
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]550Pull images from private registries
551-----------------------------------
552
553.. code-block:: yaml
554
555 kubernetes:
Tomáš Kukrál4f0dae32017-03-21 19:04:19 +0100[diff] [blame]556 master:
marcof7efecb2016-07-16 16:13:37 +0200[diff] [blame]557 ...
558 registry:
559 secret:
560 registry01:
561 enabled: True
562 key: (get from `cat /root/.docker/config.json | base64`)
563 namespace: default
564 ...
565 control:
566 ...
567 service:
568 service01:
569 ...
570 image_pull_secretes: registry01
571 ...
572
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]573Kubernetes Service Definitions in pillars
574==========================================
575
576Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
577
578Deployment manifest
579---------------------
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]580
581.. code-block:: yaml
582
583 salt:
584 control:
585 enabled: True
586 hostNetwork: True
587 service:
588 memcached:
589 privileged: True
590 service: memcached
591 role: server
592 type: LoadBalancer
593 replicas: 3
594 kind: Deployment
595 apiVersion: extensions/v1beta1
596 ports:
597 - port: 8774
598 name: nova-api
599 - port: 8775
600 name: nova-metadata
601 volume:
602 volume_name:
603 type: hostPath
604 mount: /certs
605 path: /etc/certs
606 container:
607 memcached:
608 image: memcached
609 tag:2
610 ports:
611 - port: 8774
612 name: nova-api
613 - port: 8775
614 name: nova-metadata
615 variables:
616 - name: HTTP_TLS_CERTIFICATE:
617 value: /certs/domain.crt
618 - name: HTTP_TLS_KEY
619 value: /certs/domain.key
620 volumes:
621 - name: /etc/certs
622 type: hostPath
623 mount: /certs
624 path: /etc/certs
625
marcobe30c8d2016-10-11 19:16:35 +0200[diff] [blame]626PetSet manifest
627---------------------
628
629.. code-block:: yaml
630
631 service:
632 memcached:
633 apiVersion: apps/v1alpha1
634 kind: PetSet
635 service_name: 'memcached'
636 container:
637 memcached:
638 ...
639
640
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]641Configmap
642---------
643
644You are able to create configmaps using support layer between formulas.
645It works simple, eg. in nova formula there's file ``meta/config.yml`` which
646defines config files used by that service and roles.
647
648Kubernetes formula is able to generate these files using custom pillar and
649grains structure. This way you are able to run docker images built by any way
650while still re-using your configuration management.
651
652Example pillar:
653
654.. code-block:: bash
655
656 kubernetes:
657 control:
Jakub Pavlika2779722016-11-25 15:35:26 +0100[diff] [blame]658 config_type: default|kubernetes # Output is yaml k8s or default single files
Filip Pytloun9a4a40f2016-09-22 16:28:19 +0200[diff] [blame]659 configmap:
660 nova-control:
661 grains:
662 # Alternate grains as OS running in container may differ from
663 # salt minion OS. Needed only if grains matters for config
664 # generation.
665 os_family: Debian
666 pillar:
667 # Generic pillar for nova controller
668 nova:
669 controller:
670 enabled: true
671 versionn: liberty
672 ...
673
674To tell which services supports config generation, you need to ensure pillar
675structure like this to determine support:
676
677.. code-block:: yaml
678
679 nova:
680 _support:
681 config:
682 enabled: true
683
marcod4d3dbd2016-09-27 11:36:40 +0200[diff] [blame]684initContainers
685--------------
686
687Example pillar:
688
689.. code-block:: bash
690
691 kubernetes:
692 control:
693 service:
694 memcached:
695 init_containers:
696 - name: test-mysql
697 image: busybox
698 command:
699 - sleep
700 - 3600
701 volumes:
702 - name: config
703 mount: /test
704 - name: test-memcached
705 image: busybox
706 command:
707 - sleep
708 - 3600
709 volumes:
710 - name: config
711 mount: /test
712
marcoee859d32016-11-07 11:04:57 +0100[diff] [blame]713Affinity
714--------
715
716podAffinity
717===========
718
719Example pillar:
720
721.. code-block:: bash
722
723 kubernetes:
724 control:
725 service:
726 memcached:
727 affinity:
728 pod_affinity:
729 name: podAffinity
730 expression:
731 label_selector:
732 name: labelSelector
733 selectors:
734 - key: app
735 value: memcached
736 topology_key: kubernetes.io/hostname
737
738podAntiAffinity
739===============
740
741Example pillar:
742
743.. code-block:: bash
744
745 kubernetes:
746 control:
747 service:
748 memcached:
749 affinity:
750 anti_affinity:
751 name: podAntiAffinity
752 expression:
753 label_selector:
754 name: labelSelector
755 selectors:
756 - key: app
757 value: opencontrail-control
758 topology_key: kubernetes.io/hostname
759
760nodeAffinity
761===============
762
763Example pillar:
764
765.. code-block:: bash
766
767 kubernetes:
768 control:
769 service:
770 memcached:
771 affinity:
772 node_affinity:
773 name: nodeAffinity
774 expression:
775 match_expressions:
776 name: matchExpressions
777 selectors:
778 - key: key
779 operator: In
780 values:
781 - value1
782 - value2
783
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]784Volumes
785-------
786
787hostPath
Jakub Pavlik495d06f2016-06-17 11:33:05 +0200[diff] [blame]788==========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]789
790.. code-block:: yaml
791
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]792 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]793 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]794 container:
795 memcached:
796 volumes:
797 - name: volume1
798 mountPath: /volume
799 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]800 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]801 volume:
802 volume1:
803 name: /etc/certs
804 type: hostPath
805 path: /etc/certs
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]806
807emptyDir
Ales Komarek688a04c2016-07-15 15:12:30 +0200[diff] [blame]808========
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]809
810.. code-block:: yaml
811
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]812 service:
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]813 memcached:
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]814 container:
815 memcached:
816 volumes:
817 - name: volume1
818 mountPath: /volume
819 readOnly: True
marcoacdae7e2015-12-02 15:35:37 +0100[diff] [blame]820 ...
marcob469f882016-09-27 09:56:13 +0200[diff] [blame]821 volume:
822 volume1:
823 name: /etc/certs
824 type: emptyDir
825
826configMap
827=========
828
829.. code-block:: yaml
830
831 service:
832 memcached:
833 container:
834 memcached:
835 volumes:
836 - name: volume1
837 mountPath: /volume
838 readOnly: True
839 ...
840 volume:
841 volume1:
842 type: config_map
843 item:
844 configMap1:
845 key: config.conf
846 path: config.conf
847 configMap2:
848 key: policy.json
849 path: policy.json
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]850
marco0eda4fb2016-10-10 19:08:27 +0200[diff] [blame]851To mount single configuration file instead of whole directory:
852
853.. code-block:: yaml
854
855 service:
856 memcached:
857 container:
858 memcached:
859 volumes:
860 - name: volume1
861 mountPath: /volume/config.conf
862 sub_path: config.conf
863
marcofcc20d02016-10-10 09:56:12 +0200[diff] [blame]864Generating Jobs
865===============
866
867Example pillar:
868
869.. code-block:: yaml
870
871 kubernetes:
872 control:
873 job:
874 sleep:
875 job: sleep
876 restart_policy: Never
877 container:
878 sleep:
879 image: busybox
880 tag: latest
881 command:
882 - sleep
883 - "3600"
884
885Volumes and Variables can be used as the same way as during Deployment generation.
886
887Custom params:
888
889.. code-block:: yaml
890
891 kubernetes:
892 control:
893 job:
894 host_network: True
895 host_pid: True
896 container:
897 sleep:
898 privileged: True
899 node_selector:
900 key: node
901 value: one
902 image_pull_secretes: password
903
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]904
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]905More Information
906================
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]907
Ales Komarek9db8af42017-06-08 11:08:05 +0200[diff] [blame]908* https://github.com/Juniper/kubernetes/blob
909/opencontrail-integration/docs /getting-started-guides/opencontrail.md
910* https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
Jakub Pavlik27ad3a62016-08-05 11:39:45 +0200[diff] [blame]911
Filip Pytlound06f6272017-02-02 13:02:03 +0100[diff] [blame]912
913Documentation and Bugs
914======================
915
916To learn how to install and update salt-formulas, consult the documentation
917available online at:
918
919 http://salt-formulas.readthedocs.io/
920
921In the unfortunate event that bugs are discovered, they should be reported to
922the appropriate issue tracker. Use Github issue tracker for specific salt
923formula:
924
925 https://github.com/salt-formulas/salt-formula-kubernetes/issues
926
927For feature requests, bug reports or blueprints affecting entire ecosystem,
928use Launchpad salt-formulas project:
929
930 https://launchpad.net/salt-formulas
931
932You can also join salt-formulas-users team and subscribe to mailing list:
933
934 https://launchpad.net/~salt-formulas-users
935
936Developers wishing to work on the salt-formulas projects should always base
937their work on master branch and submit pull request against specific formula.
938
939 https://github.com/salt-formulas/salt-formula-kubernetes
940
941Any questions or feedback is always welcome so feel free to join our IRC
942channel:
943
944 #salt-formulas @ irc.freenode.net