Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / kubernetes / d3a852eb2901a5a15308092b8bedb572bcddb072 / . / kubernetes / master / controller.sls
blob: d15ab3292c0f41e1ace0779f486cde07ed1c51e8 [file] [log] [blame]
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]1{%- from "kubernetes/map.jinja" import master with context %}
Tomáš Kukrálfef5d6a2017-04-10 09:39:44 +0200[diff] [blame]2{%- from "kubernetes/map.jinja" import common with context %}
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]3{%- if master.enabled %}
4
5/srv/kubernetes/known_tokens.csv:
6 file.managed:
7 - source: salt://kubernetes/files/known_tokens.csv
8 - template: jinja
9 - user: root
10 - group: root
11 - mode: 644
12 - makedirs: true
13
14/srv/kubernetes/basic_auth.csv:
15 file.managed:
16 - source: salt://kubernetes/files/basic_auth.csv
17 - template: jinja
18 - user: root
19 - group: root
20 - mode: 644
21 - makedirs: true
22
23{%- if master.get('container', 'true') %}
24
25/var/log/kube-apiserver.log:
26 file.managed:
27 - user: root
28 - group: root
29 - mode: 644
30
31/etc/kubernetes/manifests/kube-apiserver.manifest:
32 file.managed:
33 - source: salt://kubernetes/files/manifest/kube-apiserver.manifest
34 - template: jinja
35 - user: root
36 - group: root
37 - mode: 644
38 - makedirs: true
39 - dir_mode: 755
40
41/etc/kubernetes/manifests/kube-controller-manager.manifest:
42 file.managed:
43 - source: salt://kubernetes/files/manifest/kube-controller-manager.manifest
44 - template: jinja
45 - user: root
46 - group: root
47 - mode: 644
48 - makedirs: true
49 - dir_mode: 755
50
51/var/log/kube-controller-manager.log:
52 file.managed:
53 - user: root
54 - group: root
55 - mode: 644
56
57/etc/kubernetes/manifests/kube-scheduler.manifest:
58 file.managed:
59 - source: salt://kubernetes/files/manifest/kube-scheduler.manifest
60 - template: jinja
61 - user: root
62 - group: root
63 - mode: 644
64 - makedirs: true
65 - dir_mode: 755
66
67/var/log/kube-scheduler.log:
68 file.managed:
69 - user: root
70 - group: root
71 - mode: 644
72
73{%- else %}
74
75/etc/default/kube-apiserver:
76 file.managed:
77 - user: root
78 - group: root
79 - mode: 644
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]80 - contents: >-
81 DAEMON_ARGS="
Tomáš Kukrál9ff71c62017-04-10 14:25:47 +0200[diff] [blame]82 --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]83 --allow-privileged=True
84 --basic-auth-file=/srv/kubernetes/basic_auth.csv
Matthew Mosesohnd3a852e2017-08-01 14:34:00 +0300[diff] [blame^]85 --bind-address={{ master.apiserver.get('bind_address', master.apiserver.address) }}
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]86 --client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt
87 --etcd-quorum-read=true
88 --insecure-bind-address={{ master.apiserver.insecure_address }}
89 --insecure-port={{ master.apiserver.get('insecure_port', '8080') }}
90 --secure-port={{ master.apiserver.get('secure_port', '443') }}
91 --service-cluster-ip-range={{ master.service_addresses }}
92 --tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt
93 --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key
94 --token-auth-file=/srv/kubernetes/known_tokens.csv
Bartosz Kupidura4f221192017-04-14 13:51:22 +0200[diff] [blame]95 --apiserver-count={{ master.apiserver.get('count', 1) }}
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]96 --v={{ master.get('verbosity', 2) }}
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]97 --etcd-servers=
98{%- for member in master.etcd.members -%}
99 http{% if master.etcd.get('ssl', {}).get('enabled') %}s{% endif %}://{{ member.host }}:{{ member.get('port', 4001) }}{% if not loop.last %},{% endif %}
100{%- endfor %}
101{%- if master.etcd.get('ssl', {}).get('enabled') %}
102 --etcd-cafile /var/lib/etcd/ca.pem
103 --etcd-certfile /var/lib/etcd/etcd-client.crt
104 --etcd-keyfile /var/lib/etcd/etcd-client.key
105{%- endif %}
106{%- if master.apiserver.node_port_range is defined %}
107 --service-node-port-range {{ master.apiserver.node_port_range }}
108{%- endif %}
109{%- for key, value in master.get('apiserver', {}).get('daemon_opts', {}).iteritems() %}
110 --{{ key }}={{ value }}
111{%- endfor %}"
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]112
Tomáš Kukrálbae41072017-01-30 12:06:22 +0100[diff] [blame]113{% for component in ['scheduler', 'controller-manager'] %}
114
115/etc/kubernetes/{{ component }}.kubeconfig:
116 file.managed:
117 - source: salt://kubernetes/files/kube-{{ component }}/{{ component }}.kubeconfig
118 - template: jinja
119 - user: root
120 - group: root
121 - mode: 644
122 - makedirs: True
123 - watch_in:
124 - service: master_services
125
126{% endfor %}
127
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]128/etc/default/kube-controller-manager:
129 file.managed:
130 - user: root
131 - group: root
132 - mode: 644
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]133 - contents: >-
134 DAEMON_ARGS="
135 --cluster-name=kubernetes
136 --kubeconfig /etc/kubernetes/controller-manager.kubeconfig
137 --leader-elect=true
138 --root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt
139 --service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]140 --v={{ master.get('verbosity', 2) }}
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]141{%- for key, value in master.get('controller_manager', {}).get('daemon_opts', {}).iteritems() %}
142 --{{ key }}={{ value }}
143{% endfor %}"
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]144
145/etc/default/kube-scheduler:
146 file.managed:
147 - user: root
148 - group: root
149 - mode: 644
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]150 - contents: >-
151 DAEMON_ARGS="
152 --kubeconfig /etc/kubernetes/scheduler.kubeconfig
153 --leader-elect=true
Tomáš Kukrálf78baa62017-04-20 16:18:16 +0200[diff] [blame]154 --v={{ master.get('verbosity', 2) }}
Tomáš Kukrál5d33ce92017-03-21 15:15:14 +0100[diff] [blame]155{%- for key, value in master.get('scheduler', {}).get('daemon_opts', {}).iteritems() %}
156 --{{ key }}={{ value }}
157{% endfor %}"
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]158
marco17990732016-09-13 17:07:47 +0200[diff] [blame]159/etc/systemd/system/kube-apiserver.service:
160 file.managed:
161 - source: salt://kubernetes/files/systemd/kube-apiserver.service
162 - template: jinja
163 - user: root
164 - group: root
165 - mode: 644
166
167/etc/systemd/system/kube-scheduler.service:
168 file.managed:
169 - source: salt://kubernetes/files/systemd/kube-scheduler.service
170 - template: jinja
171 - user: root
172 - group: root
173 - mode: 644
174
175/etc/systemd/system/kube-controller-manager.service:
176 file.managed:
177 - source: salt://kubernetes/files/systemd/kube-controller-manager.service
178 - template: jinja
179 - user: root
180 - group: root
181 - mode: 644
182
Tomáš Kukrál02fcc222017-01-26 10:46:00 +0100[diff] [blame]183{% for filename in ['kubernetes-server.crt', 'kubernetes-server.key', 'kubernetes-server.pem'] %}
184
185/etc/kubernetes/ssl/{{ filename }}:
186 file.managed:
Marek Celoud5a8813f2017-01-27 15:50:02 +0100[diff] [blame]187 - source: salt://{{ master.get('cert_source','_certs/kubernetes') }}/{{ filename }}
Tomáš Kukrál02fcc222017-01-26 10:46:00 +0100[diff] [blame]188 - user: root
189 - group: haproxy
190 - mode: 640
191 - watch_in:
192 - service: master_services
193
194{% endfor %}
195
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]196master_services:
197 service.running:
198 - names: {{ master.services }}
199 - enable: True
200 - watch:
201 - file: /etc/default/kube-apiserver
202 - file: /etc/default/kube-scheduler
203 - file: /etc/default/kube-controller-manager
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]204 - file: /usr/bin/hyperkube
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]205
206{%- endif %}
207
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]208
209{%- for name,namespace in master.namespace.iteritems() %}
210
211{%- if namespace.enabled %}
212
Marek Celoud3b118ff2017-01-27 15:19:40 +0100[diff] [blame]213{%- set date = salt['cmd.run']('date "+%FT%TZ"') %}
214
Tomáš Kukrál00ceec52017-05-15 17:18:21 +0200[diff] [blame]215kubernetes_namespace_create_{{ name }}:
216 cmd.run:
217 - name: kubectl create ns "{{ name }}"
218 - name: kubectl get ns -o=custom-columns=NAME:.metadata.name | grep -v NAME | grep "{{ name }}" > /dev/null || kubectl create ns "{{ name }}"
Marek Celoud43d293f2017-06-07 12:29:24 +0200[diff] [blame]219 {%- if grains.get('noservices') %}
220 - onlyif: /bin/false
221 {%- endif %}
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]222
223{%- else %}
224
Tomáš Kukrál00ceec52017-05-15 17:18:21 +0200[diff] [blame]225kubernetes_namespace_delete_{{ name }}:
226 cmd.run:
227 - name: kubectl get ns -o=custom-columns=NAME:.metadata.name | grep -v NAME | grep "{{ name }}" > /dev/null && kubectl delete ns "{{ name }}"
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]228
229{%- endif %}
230
231{%- endfor %}
232
Matthew Mosesohnab60ff72017-05-19 14:06:48 +0300[diff] [blame]233{%- if master.get('unschedulable', 'false') %}
Matthew Mosesohn56ec4102017-06-08 11:49:25 +0300[diff] [blame]234kubernetes_node_ready_{{ master.host.name}}:
Matthew Mosesohn4b124a22017-06-07 11:43:52 +0300[diff] [blame]235 cmd.run:
Matthew Mosesohn56ec4102017-06-08 11:49:25 +0300[diff] [blame]236 - name: bash -c 'while ! kubectl get nodes {{ master.host.name }}; do sleep 5; done'
Matthew Mosesohn4b124a22017-06-07 11:43:52 +0300[diff] [blame]237 - timeout: 180
Marek Celoud43d293f2017-06-07 12:29:24 +0200[diff] [blame]238 {%- if grains.get('noservices') %}
239 - onlyif: /bin/false
240 {%- endif %}
Matthew Mosesohnbbe926b2017-06-05 18:55:13 +0300[diff] [blame]241
Matthew Mosesohnab60ff72017-05-19 14:06:48 +0300[diff] [blame]242kubernetes_taint_master_{{ master.host.name }}:
243 cmd.run:
244 - name: kubectl taint --overwrite nodes {{ master.host.name }} node-role.kubernetes.io/master=:NoSchedule
Matthew Mosesohnbbe926b2017-06-05 18:55:13 +0300[diff] [blame]245 - require:
Matthew Mosesohn56ec4102017-06-08 11:49:25 +0300[diff] [blame]246 - cmd: kubernetes_node_ready_{{ master.host.name}}
Marek Celoud43d293f2017-06-07 12:29:24 +0200[diff] [blame]247 {%- if grains.get('noservices') %}
248 - onlyif: /bin/false
249 {%- endif %}
250
Dmitry Shulyak4bfcbeb2017-07-17 16:15:53 +0300[diff] [blame]251kubernetes_label_master_{{ master.host.name }}:
252 cmd.run:
253 - name: kubectl label --overwrite nodes {{ master.host.name }} node-role.kubernetes.io=master
254 - require:
255 - cmd: kubernetes_node_ready_{{ master.host.name}}
256 {%- if grains.get('noservices') %}
257 - onlyif: /bin/false
258 {%- endif %}
259
260
Matthew Mosesohnab60ff72017-05-19 14:06:48 +0300[diff] [blame]261{%- endif %}
262
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]263{%- if master.registry.secret is defined %}
264
265{%- for name,registry in master.registry.secret.iteritems() %}
266
267{%- if registry.enabled %}
268
269/registry/secrets/{{ registry.namespace }}/{{ name }}:
270 etcd.set:
271 - value: '{"kind":"Secret","apiVersion":"v1","metadata":{"name":"{{ name }}","namespace":"{{ registry.namespace }}"},"data":{".dockerconfigjson":"{{ registry.key }}"},"type":"kubernetes.io/dockerconfigjson"}'
Marek Celoud43d293f2017-06-07 12:29:24 +0200[diff] [blame]272 {%- if grains.get('noservices') %}
273 - onlyif: /bin/false
274 {%- endif %}
Jakub Pavlik1cfc1fe2016-07-25 11:01:52 +0200[diff] [blame]275
276{%- else %}
277
278/registry/secrets/{{ registry.namespace }}/{{ name }}:
279 etcd.rm
280
281{%- endif %}
282
283{%- endfor %}
284
285{%- endif %}
286
Tomáš Kukrál189da4b2017-01-18 14:30:09 +0100[diff] [blame]287{%- endif %}