Blame - README.rst - salt-formulas/kubernetes

blob: adfa3cd7baabca42a3c6a4697686d32737a01359 [file] [log] [blame]

marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	1
				2	==================
				3	Kubernetes Formula
				4	==================
				5
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	6	Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
				7
				8	This formula deploys production ready Kubernetes and generate Kubernetes manifests as well.
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	9
				10	Based on official Kubernetes salt
				11	https://github.com/kubernetes/kubernetes/tree/master/cluster/saltbase
				12
				13	Extended on Contrail contribution https://github.com/Juniper/kubernetes/blob/opencontrail-integration/docs/getting-started-guides/opencontrail.md
				14
				15
				16	Sample pillars
				17	==============
				18
Ales Komarek	688a04c	2016-07-15 15:12:30 +0200	[diff] [blame]	19	Containers on pool definitions in pool.service.local
				20
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame]	21	.. code-block:: yaml
				22
				23	parameters:
				24	kubernetes:
				25	pool:
				26	service:
				27	local:
				28	enabled: False
				29	service: libvirt
				30	cluster: openstack-compute
				31	namespace: default
				32	role: ${linux:system:name}
				33	type: LoadBalancer
				34	kind: Deployment
				35	apiVersion: extensions/v1beta1
				36	replicas: 1
				37	host_pid: True
				38	nodeSelector:
				39	- key: openstack
				40	value: ${linux:system:name}
				41	hostNetwork: True
				42	container:
				43	libvirt-compute:
				44	privileged: True
				45	image: ${_param:docker_repository}/libvirt-compute
				46	tag: ${_param:openstack_container_tag}
Ales Komarek	688a04c	2016-07-15 15:12:30 +0200	[diff] [blame]	47
				48	Master definition
				49
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	50	.. code-block:: yaml
				51
				52	kubernetes:
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	53	master:
				54	addons:
				55	dns:
				56	domain: cluster.local
				57	enabled: true
				58	replicas: 1
				59	server: 10.254.0.10
				60	heapster_influxdb:
				61	enabled: true
				62	public_ip: 185.22.97.132
				63	ui:
				64	enabled: true
				65	public_ip: 185.22.97.131
				66	admin:
				67	password: password
				68	username: admin
				69	apiserver:
				70	address: 10.0.175.100
				71	port: 8080
				72	ca: kubernetes
				73	enabled: true
				74	etcd:
				75	host: 127.0.0.1
				76	members:
				77	- host: 10.0.175.100
				78	name: node040
				79	name: node040
				80	token: ca939ec9c2a17b0786f6d411fe019e9b
				81	kubelet:
				82	allow_privileged: true
				83	network:
				84	engine: calico
				85	hash: fb5e30ebe6154911a66ec3fb5f1195b2
				86	private_ip_range: 10.150.0.0/16
				87	version: v0.19.0
				88	service_addresses: 10.254.0.0/16
				89	storage:
				90	engine: glusterfs
				91	members:
				92	- host: 10.0.175.101
				93	port: 24007
				94	- host: 10.0.175.102
				95	port: 24007
				96	- host: 10.0.175.103
				97	port: 24007
				98	port: 24007
				99	token:
				100	admin: DFvQ8GJ9JD4fKNfuyEddw3rjnFTkUKsv
				101	controller_manager: EreGh6AnWf8DxH8cYavB2zS029PUi7vx
				102	dns: RAFeVSE4UvsCz4gk3KYReuOI5jsZ1Xt3
				103	kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
				104	kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
				105	logging: MJkXKdbgqRmTHSa2ykTaOaMykgO6KcEf
				106	monitoring: hnsj0XqABgrSww7Nqo7UVTSZLJUt2XRd
				107	scheduler: HY1UUxEPpmjW4a1dDLGIANYQp1nZkLDk
				108	version: v1.2.4
				109
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	110
				111	kubernetes:
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	112	pool:
				113	address: 0.0.0.0
				114	allow_privileged: true
				115	ca: kubernetes
				116	cluster_dns: 10.254.0.10
				117	cluster_domain: cluster.local
				118	enabled: true
				119	kubelet:
				120	allow_privileged: true
				121	config: /etc/kubernetes/manifests
				122	frequency: 5s
				123	master:
				124	apiserver:
				125	members:
				126	- host: 10.0.175.100
				127	etcd:
				128	members:
				129	- host: 10.0.175.100
				130	host: 10.0.175.100
				131	network:
				132	engine: calico
				133	hash: fb5e30ebe6154911a66ec3fb5f1195b2
				134	version: v0.19.0
				135	token:
				136	kube_proxy: DFvQ8GelB7afH3wClC9romaMPhquyyEe
				137	kubelet: 7bN5hJ9JD4fKjnFTkUKsvVNfuyEddw3r
				138	version: v1.2.4
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	139
				140
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	141
				142	Kubernetes with OpenContrail network plugin
				143	------------------------------------------------
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	144
				145	On Master:
				146
				147	.. code-block:: yaml
				148
				149	kubernetes:
				150	master:
				151	network:
				152	engine: opencontrail
				153	host: 10.0.170.70
				154	port: 8082
				155	default_domain: default-domain
				156	default_project: default-domain:default-project
				157	public_network: default-domain:default-project:Public
				158	public_ip_range: 185.22.97.128/26
				159	private_ip_range: 10.150.0.0/16
				160	service_cluster_ip_range: 10.254.0.0/16
				161	network_label: name
				162	service_label: uses
				163	cluster_service: kube-system/default
				164	network_manager:
				165	image: pupapaik/opencontrail-kube-network-manager
				166	tag: release-1.1-jpa-final-1
				167
				168	On pools:
				169
				170	.. code-block:: yaml
				171
				172	kubernetes:
				173	pool:
				174	network:
				175	engine: opencontrail
				176
				177	Kubernetes with Flannel
				178	-----------------------
				179
				180	On Master:
				181
				182	.. code-block:: yaml
				183
				184	kubernetes:
				185	master:
				186	network:
				187	engine: flannel
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame]	188	# If you don't register master as node:
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	189	etcd:
				190	members:
				191	- host: 10.0.175.101
				192	port: 4001
				193	- host: 10.0.175.102
				194	port: 4001
				195	- host: 10.0.175.103
				196	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	197	common:
				198	network:
				199	engine: flannel
				200
				201	On pools:
				202
				203	.. code-block:: yaml
				204
				205	kubernetes:
				206	pool:
				207	network:
				208	engine: flannel
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	209	etcd:
				210	members:
				211	- host: 10.0.175.101
				212	port: 4001
				213	- host: 10.0.175.102
				214	port: 4001
				215	- host: 10.0.175.103
				216	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	217	common:
				218	network:
				219	engine: flannel
				220
				221	Kubernetes with Calico
				222	-----------------------
				223
				224	On Master:
				225
				226	.. code-block:: yaml
				227
				228	kubernetes:
				229	master:
				230	network:
				231	engine: calico
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame]	232	# If you don't register master as node:
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	233	etcd:
				234	members:
				235	- host: 10.0.175.101
				236	port: 4001
				237	- host: 10.0.175.102
				238	port: 4001
				239	- host: 10.0.175.103
				240	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	241
				242	On pools:
				243
				244	.. code-block:: yaml
				245
				246	kubernetes:
				247	pool:
				248	network:
				249	engine: calico
marco	a05621f	2016-07-14 10:35:24 +0200	[diff] [blame]	250	etcd:
				251	members:
				252	- host: 10.0.175.101
				253	port: 4001
				254	- host: 10.0.175.102
				255	port: 4001
				256	- host: 10.0.175.103
				257	port: 4001
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	258
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame]	259	Post deployment configuration
				260
				261	.. code-block:: bash
Jakub Pavlik	232833c	2016-07-17 13:21:00 +0200	[diff] [blame]	262
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame]	263	# set ETCD
				264	export ETCD_AUTHORITY=10.0.111.201:4001
				265
				266	# Set NAT for pods subnet
				267	calicoctl pool add 192.168.0.0/16 --nat-outgoing
				268
				269	# Status commands
				270	calicoctl status
				271	calicoctl node show
				272
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	273	Kubernetes with GlusterFS for storage
				274	---------------------------------------------
				275
				276	.. code-block:: yaml
				277
				278	kubernetes:
				279	master
				280	...
				281	storage:
				282	engine: glusterfs
				283	port: 24007
				284	members:
				285	- host: 10.0.175.101
				286	port: 24007
				287	- host: 10.0.175.102
				288	port: 24007
				289	- host: 10.0.175.103
				290	port: 24007
				291	...
				292
marco	45fc1b7	2016-07-02 16:11:18 +0200	[diff] [blame]	293	Kubernetes namespaces
				294	---------------------
				295
				296	Create namespace:
				297
				298	.. code-block:: yaml
				299
				300	kubernetes:
				301	master
				302	...
				303	namespace:
				304	kube-system:
				305	enabled: True
				306	namespace2:
				307	enabled: True
				308	namespace3:
				309	enabled: False
				310	...
				311
				312	Kubernetes labels
				313	-----------------
				314
				315	Create namespace:
				316
				317	.. code-block:: yaml
				318
				319	kubernetes:
				320	pool
				321	...
				322	host:
				323	label:
				324	key01:
				325	value: value01
				326	enable: True
				327	key02:
				328	value: value02
				329	enable: False
				330	name: ${linux:system:name}
				331	...
				332
marco	f7efecb	2016-07-16 16:13:37 +0200	[diff] [blame]	333	Pull images from private registries
				334	-----------------------------------
				335
				336	.. code-block:: yaml
				337
				338	kubernetes:
				339	master
				340	...
				341	registry:
				342	secret:
				343	registry01:
				344	enabled: True
				345	key: (get from `cat /root/.docker/config.json \| base64`)
				346	namespace: default
				347	...
				348	control:
				349	...
				350	service:
				351	service01:
				352	...
				353	image_pull_secretes: registry01
				354	...
				355
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	356	Kubernetes Service Definitions in pillars
				357	==========================================
				358
				359	Following samples show how to generate kubernetes manifest as well and provide single tool for complete infrastructure management.
				360
				361	Deployment manifest
				362	---------------------
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	363
				364	.. code-block:: yaml
				365
				366	salt:
				367	control:
				368	enabled: True
				369	hostNetwork: True
				370	service:
				371	memcached:
				372	privileged: True
				373	service: memcached
				374	role: server
				375	type: LoadBalancer
				376	replicas: 3
				377	kind: Deployment
				378	apiVersion: extensions/v1beta1
				379	ports:
				380	- port: 8774
				381	name: nova-api
				382	- port: 8775
				383	name: nova-metadata
				384	volume:
				385	volume_name:
				386	type: hostPath
				387	mount: /certs
				388	path: /etc/certs
				389	container:
				390	memcached:
				391	image: memcached
				392	tag:2
				393	ports:
				394	- port: 8774
				395	name: nova-api
				396	- port: 8775
				397	name: nova-metadata
				398	variables:
				399	- name: HTTP_TLS_CERTIFICATE:
				400	value: /certs/domain.crt
				401	- name: HTTP_TLS_KEY
				402	value: /certs/domain.key
				403	volumes:
				404	- name: /etc/certs
				405	type: hostPath
				406	mount: /certs
				407	path: /etc/certs
				408
				409	Volumes
				410	-------
				411
				412	hostPath
Jakub Pavlik	495d06f	2016-06-17 11:33:05 +0200	[diff] [blame]	413	==========
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	414
				415	.. code-block:: yaml
				416
				417	container:
				418	memcached:
				419	...
				420	volumes:
				421	- name: /etc/certs
				422	mount: /certs
				423	type: hostPath
				424	path: /etc/certs
				425
				426	emptyDir
Ales Komarek	688a04c	2016-07-15 15:12:30 +0200	[diff] [blame]	427	========
marco	acdae7e	2015-12-02 15:35:37 +0100	[diff] [blame]	428
				429	.. code-block:: yaml
				430
				431	container:
				432	memcached:
				433	...
				434	volumes:
				435	- name: /etc/certs
				436	mount: /certs
Jakub Pavlik	7e98532	2016-07-17 13:16:15 +0200	[diff] [blame]	437	type: emptyDir