Add salt model for cloudprovider on k8s calico

Change-Id: I9d3480ca4ce1c6cdbe2b6df011664063800024fb
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/MAINTAINERS b/classes/cluster/k8s-ha-calico-cloudprovider/MAINTAINERS
new file mode 100644
index 0000000..b2f6555
--- /dev/null
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/MAINTAINERS
@@ -0,0 +1,2 @@
+Tomáš Kukrál <tkukral@mirantis.com>
+Matthew Mosesohn <mmosesohn@mirantis.com>
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/infra/config.yml b/classes/cluster/k8s-ha-calico-cloudprovider/infra/config.yml
new file mode 100644
index 0000000..2cc72db
--- /dev/null
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/infra/config.yml
@@ -0,0 +1,78 @@
+classes:
+- system.linux.system.repo.ubuntu
+- system.openssh.client.lab
+- system.salt.master.pkg
+- system.salt.minion.ca.salt_master
+- system.salt.master.api
+- system.salt.minion.cert.k8s_server
+- system.reclass.storage.salt
+- system.reclass.storage.system.kubernetes_control_cluster
+- cluster.k8s-ha-calico-cloudprovider
+parameters:
+  _param:
+    salt_master_base_environment: prd
+    reclass_data_repository: "https://gerrit.mcp.mirantis.net/salt-models/mcp-virtual-lab.git"
+    reclass_data_revision: master
+    reclass_config_master: ${_param:infra_config_deploy_address}
+    single_address: ${_param:infra_config_address}
+    linux_system_codename: xenial
+    salt_api_password_hash: "$6$WV0P1shnoDh2gI/Z$22/Bcd7ffMv0jDlFpT63cAU4PiXHz9pjXwngToKwqAsgoeK4HNR3PiKaushjxp3JsQ8hNoJmAC6TxzVqfV8WH/"
+    salt_master_host: 127.0.0.1
+    salt_master_environment_revision: master
+    salt_master_environment_repository: 'https://github.com/salt-formulas'
+  salt:
+    master:
+      reactor:
+        reclass/minion/classify:
+        - salt://reclass/reactor/node_register.sls
+      environment:
+      # TODO: remove formulas in development once they are stable and part of shared the system-level reclass
+        prd:
+          formula:
+            helm:
+              source: pkg
+              name: salt-formula-helm
+              #source: git
+              #address: '${_param:salt_master_environment_repository}/salt-formula-helm.git'
+              #revision: ${_param:salt_master_environment_revision}
+  reclass:
+    storage:
+      class_mapping:
+        common_node:
+          expression: all
+          node_param:
+            single_address:
+              value_template: <<node_control_ip>>
+            linux_system_codename:
+              value_template: <<node_os>>
+            salt_master_host:
+              value_template: <<node_master_ip>>
+        infra_config:
+          expression: <<node_hostname>>__startswith__cfg
+          cluster_param:
+            infra_config_address:
+              value_template: <<node_control_ip>>
+            infra_config_deploy_address:
+              value_template: <<node_deploy_ip>>
+            cluster_domain:
+              value_template: <<node_domain>>
+        kubernetes_control01:
+          expression: <<node_hostname>>__equals__ctl01
+          cluster_param:
+            kubernetes_control_node01_address:
+              value_template: <<node_control_ip>>
+        kubernetes_control02:
+          expression: <<node_hostname>>__equals__ctl02
+          cluster_param:
+            kubernetes_control_node02_address:
+              value_template: <<node_control_ip>>
+        kubernetes_control03:
+          expression: <<node_hostname>>__equals__ctl03
+          cluster_param:
+            kubernetes_control_node03_address:
+              value_template: <<node_control_ip>>
+        kubernetes_compute:
+          expression: <<node_hostname>>__startswith__cmp
+          node_class:
+            value_template:
+              - cluster.<<node_cluster>>.kubernetes.compute
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/infra/init.yml b/classes/cluster/k8s-ha-calico-cloudprovider/infra/init.yml
new file mode 100644
index 0000000..e637c3f
--- /dev/null
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/infra/init.yml
@@ -0,0 +1,74 @@
+classes:
+- system.linux.system.single
+- system.linux.system.repo.mcp.extra
+- system.linux.system.repo.mcp.salt
+- system.linux.system.repo.ubuntu
+- system.openssh.server.team.all
+parameters:
+  _param:
+    # infra service addresses
+    infra_config_hostname: cfg01
+    infra_config_address: 172.16.10.100
+    infra_config_deploy_address: 192.168.10.100
+
+    cluster_domain: virtual-mcp11-k8s-calico.local
+    cluster_name: virtual-mcp11-k8s-calico
+    apt_mk_version: nightly
+    primary_interface: ens3
+  linux:
+    network:
+      host:
+        cfg01:
+          address: ${_param:infra_config_address}
+          names:
+          - ${_param:infra_config_hostname}
+          - ${_param:infra_config_hostname}.${_param:cluster_domain}
+      interface:
+        primary_interface:
+          enabled: true
+          type: eth
+          proto: dhcp
+          #proto: static
+          #name: ${_param:primary_interface}
+          #address: ${_param:single_address}
+          #netmask: 255.255.255.0
+    system:
+      name: ${_param:infra_config_hostname}
+      domain: ${_param:cluster_domain}
+      ca_certificates:
+        devcloud: |
+           -----BEGIN CERTIFICATE-----
+           MIIGKjCCBBKgAwIBAgIICbpi+BPXABQwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
+           BhMCY3oxFzAVBgNVBAMMDlNhbHQgTWFzdGVyIENBMQ8wDQYDVQQHDAZQcmFndWUx
+           ETAPBgNVBAoMCE1pcmFudGlzMB4XDTE3MDYyMTExMzQxNVoXDTE4MDYyMTExMzQx
+           NVowQTELMAkGA1UEBhMCY3oxDjAMBgNVBAMMBXByb3h5MQ8wDQYDVQQHDAZQcmFn
+           dWUxETAPBgNVBAoMCE1pcmFudGlzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+           CgKCAgEAxaQbBmjV5aQKSli1xiUDwUEXy1+TPnLVu8DkN8mrhSA4V9f5xrFxomH2
+           OCUMpI/HLjxCwEVS8JBK1aZFEW01GKfSC8hQ0cfXLU3vzg+16olOiB3Ft4fXpPWJ
+           SBKmO4ZGZCtdI/jWOZdblJhYkK3fG5jaji+QahVgK0uGgFceov5twd/p8ohus6i3
+           XB3k7yHZs5hEfqZmt7Y71EoTzTgE8tJy1/dqiS2TWsbrSj2Y/yPgrO1AVzY9TfXz
+           UZmcoI7Oe9h+sc33UdxgExizZAOl1ZO7Pq111ODUxK+PvqwIEEi0+Y41ZKMdN5EI
+           rBLzNibTUEOxni+K5v4ahpfZgji4S9t4c082QVMoQEcEHjFFV41oIhf/qtzQC1G1
+           6Oi2op8WjDU2na6hBDXbFQmCHMcho+iwrKBuQdgVG/Szji0i6BSmpw1xVIpHLAkH
+           sObOPi1dTGUyjfYvXA8DOUD1buiN0UWJ2NKO3Sp+YbUFl6CGy7pokRGyICXRvzTd
+           ws9tvgp5m8X288sKfQSGND50AaHxZYvX+Ff1UZsdxPawsJeOaNtkICRnoglAslsJ
+           hxZmO78rV6PYnG+p8sKOPLZmwl9HzgB/jjwk/ndHt5hWgnhYKX73zyxDZ6Jq2f4E
+           +T5wIDqWwUoz3e5IsUWr3SH7q5+TZTEUznBqPhZbwB9Vny8BJTMCAwEAAaOCARsw
+           ggEXMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMBMGA1UdJQQMMAoGCCsGAQUF
+           BwMBMB0GA1UdDgQWBBR6Q8QNLY1rotmzqtjBZ777QeScWDB6BgNVHSMEczBxgBQy
+           KqQXU4DK0VOUkD3A8Hw/bLOC4qFOpEwwSjELMAkGA1UEBhMCY3oxFzAVBgNVBAMM
+           DlNhbHQgTWFzdGVyIENBMQ8wDQYDVQQHDAZQcmFndWUxETAPBgNVBAoMCE1pcmFu
+           dGlzggkAzjIatJ+/akwwSgYDVR0RBEMwQYcEfwAAAYIZY2xvdWQtY3ouYnVkLm1p
+           cmFudGlzLm5ldIcErBEtUIIYaG9yaXpvbi5idWQubWlyYW50aXMubmV0MA0GCSqG
+           SIb3DQEBCwUAA4ICAQB6ptOZlNI1xE4v5axKIYq5GGYGxCygozeDu94Bl2zWB+ly
+           Q4iuzELyRCF+fEtHTr4r3xR0T69AvQc0cbMBeF/euKic/nwqzKxFAMR5dcksuSzF
+           qiLubsWie9iOjSJFUpjwdv/2Em9Msdho0vAFUm6Ew6HcLiIWULGDKwkZczmN/yY7
+           Ex1/IFIjtbb/YOd7Aezg2eeGs83i42y1T2EBxZflBtFEBcChHqrHBznO+j+5dG1t
+           ezwa+TNBDgkaQUd8ZcHdmlgdaDxqXc1GGFv2WRL43KILmbiq1ZRZ2L+/izi68BZ9
+           3+k8fAf1Jf4MSXfS4bRYxzVSUObYeUMPKBNkERaFepYktVpsbuGRY2aikF70Wsj9
+           1tDNXqzU1GWdiAxDzQ/JJ5t4OKwqQdjILJzXZ4v7byOs0AxqSZNNy6Fk6xFLGYlB
+           ofdurnst4LYNiV52ubW0zgEi49ar+crb5/x2Iw9CriFUhxAhQs9RS0anZRjKUQmL
+           dOgS5tLfxbr8BLUEWeqWTcfwGaIkVGCe/2ya49I8pl9uueTSurCbB7U4urFeUQ6I
+           GkGh17M7S4E6Uz02Qdxtah6FxWyluFEVi7XPyAT2HkQ5voTflN0ID1opRlZ1yb/5
+           B354vA5N0n1xLKPFDqKvZBVxPP6Ea4Kl0hONCGQvl1dsAu0aB49HWF0KwVGjZw==
+           -----END CERTIFICATE-----
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/init.yml b/classes/cluster/k8s-ha-calico-cloudprovider/init.yml
new file mode 100644
index 0000000..f353ea4
--- /dev/null
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/init.yml
@@ -0,0 +1,4 @@
+classes:
+- cluster.k8s-ha-calico-cloudprovider.kubernetes
+- cluster.k8s-ha-calico-cloudprovider.infra
+- cluster.overrides
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/compute.yml b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/compute.yml
new file mode 100644
index 0000000..c32f2c5
--- /dev/null
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/compute.yml
@@ -0,0 +1,59 @@
+classes:
+- system.linux.system.repo.docker
+- system.kubernetes.pool.cluster
+- system.linux.network.hosts
+- system.salt.minion.cert.k8s_client
+- system.salt.minion.cert.etcd_client
+- cluster.k8s-ha-calico-cloudprovider
+parameters:
+  _param:
+    kubernetes_calicoctl_image: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico/ctl:latest
+    kubernetes_calico_image: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico/node:latest
+    kubernetes_calico_cni_image: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico/cni:latest
+    kubernetes_hyperkube_image: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/hyperkube-amd64:v1.7.3-1
+  docker:
+    host:
+      pkgs:
+        - docker-engine=1.12.6-0~ubuntu-xenial
+        - python-docker
+      options:
+        bip: 172.31.255.1/24
+  kubernetes:
+    pool:
+      network:
+        etcd:
+          ssl:
+            enabled: true
+        image: ${_param:kubernetes_calico_image}
+        calicoctl:
+          image: ${_param:kubernetes_calicoctl_image}
+        cni:
+          image: ${_param:kubernetes_calico_cni_image}
+    common:
+      hyperkube:
+        image: ${_param:kubernetes_hyperkube_image}
+      cloudprovider:
+        enabled: true
+        provider: openstack
+        params:
+          auth_url: ${_param:openstack_auth_url}
+          region_name: ${_param:openstack_region_name}
+          tenant_name: ${_param:openstack_tenant_name}
+          username: ${_param:openstack_username}
+          password: ${_param:openstack_password}
+          subnet_id: ${_param:openstack_subnet_id}
+          floating_network_id: ${_param:openstack_floating_network_id}
+  linux:
+    network:
+      resolv:
+        dns:
+          - 10.254.0.10
+          - 172.18.176.4
+          - 172.18.176.7
+      interface:
+        primary_interface:
+          route:
+            kubernetes_services:
+              address: 10.254.0.0
+              netmask: 255.255.0.0
+              gateway: ${_param:single_address}
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/control.yml b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/control.yml
new file mode 100644
index 0000000..a4fe26c
--- /dev/null
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/control.yml
@@ -0,0 +1,65 @@
+classes:
+- service.etcd.server.cluster
+- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.linux.system.repo.docker
+- system.salt.minion.cert.etcd_server
+- system.kubernetes.master.cluster
+- cluster.k8s-ha-calico-cloudprovider.kubernetes.compute
+- cluster.k8s-ha-calico-cloudprovider
+# FIXME: replace service.helm to system.helm (once properly in reclass)
+- service.helm.client
+parameters:
+  _param:
+    keepalived_vip_interface: ${_param:primary_interface}
+    keepalived_vip_virtual_router_id: 60
+  helm:
+    client:
+      repos:
+        mirantisworkloads: https://mirantisworkloads.storage.googleapis.com/
+      #releases:
+      # TODO: configure custom application stacks below
+      #  grafana:
+      #    chart: mirantisworkloads/grafana
+      #    version: 0.4.1
+      #    values:
+      #      replicas: 1
+      #      logLevel: INFO
+  etcd:
+    server:
+      source:
+        engine: docker_hybrid
+      ssl:
+        enabled: true
+      setup:
+        calico:
+          key: /calico/v1/ipam/v4/pool/${_param:calico_private_network}-${_param:calico_private_netmask}
+          value: '{"masquerade":true,"cidr":"${_param:calico_private_network}/${_param:calico_private_netmask}"}'
+  kubernetes:
+    common:
+      addons:
+        netchecker:
+          enabled: true
+        helm:
+          enabled: false
+      cloudprovider:
+        enabled: true
+        provider: openstack
+        params:
+          auth_url: ${_param:openstack_auth_url}
+          region_name: ${_param:openstack_region_name}
+          tenant_name: ${_param:openstack_tenant_name}
+          username: ${_param:openstack_username}
+          password: ${_param:openstack_password}
+          subnet_id: ${_param:openstack_subnet_id}
+          floating_network_id: ${_param:openstack_floating_network_id}
+    master:
+      etcd:
+        ssl:
+          enabled: true
+      network:
+        etcd:
+          ssl:
+            enabled: true
+      namespace:
+        netchecker:
+          enabled: true
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/init.yml b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/init.yml
new file mode 100644
index 0000000..8baf8b1
--- /dev/null
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/init.yml
@@ -0,0 +1,108 @@
+parameters:
+  _param:
+    salt_minion_ca_host: ${_param:infra_config_hostname}.${_param:cluster_domain}
+    salt_minion_ca_authority: salt_master_ca
+
+    # kubernetes settings
+    kubernetes_admin_user: admin
+    kubernetes_admin_password: sbPfel23ZigJF3Bm
+    kubernetes_admin_token: PpP6Mm3pAoPVqcKOKUu0x1dh7b1959Fi
+    kubernetes_kubelet_token: JJ2PKHxjiU6EYvIt18BqwdSK1HvWh8pt
+    kubernetes_kube-proxy_token: jT0hJk9L6cIw5UpYDNhsRwcj3Z2n62B6
+    kubernetes_scheduler_token: VgkUHfrW07zNxrb0ucFyX7NBnSJN9Xp6
+    kubernetes_controller-manager_token: uXrdZ1YKF6qlYm3sHje2iEXMGAGDWOIU
+    kubernetes_dns_token: 0S1I4iJeFjq5fopPwwCwTp3xFpEZfeUl
+    etcd_initial_token: IN7KaRMSo3xkGxkjAAPtkRkAgqN4ZNRq
+
+    # addresses and hostnames
+    kubernetes_internal_api_address: 10.254.0.1
+    kubernetes_control_hostname: ctl
+    kubernetes_control_address: 192.168.10.253
+    kubernetes_control_node01_hostname: ctl01
+    kubernetes_control_node02_hostname: ctl02
+    kubernetes_control_node03_hostname: ctl03
+    kubernetes_control_node01_address: 172.16.10.101
+    kubernetes_control_node02_address: 172.16.10.102
+    kubernetes_control_node03_address: 172.16.10.103
+    kubernetes_proxy_node01_hostname: prx01
+    kubernetes_proxy_node01_address: 172.16.10.121
+
+    cluster_vip_address: ${_param:kubernetes_control_address}
+    cluster_local_address: ${_param:single_address}
+
+    # etcd stuff
+    cluster_node01_hostname: ${_param:kubernetes_control_node01_hostname}
+    cluster_node01_address: ${_param:kubernetes_control_node01_address}
+    cluster_node01_port: 4001
+    cluster_node02_hostname: ${_param:kubernetes_control_node02_hostname}
+    cluster_node02_address: ${_param:kubernetes_control_node02_address}
+    cluster_node02_port: 4001
+    cluster_node03_hostname: ${_param:kubernetes_control_node03_hostname}
+    cluster_node03_address: ${_param:kubernetes_control_node03_address}
+    cluster_node03_port: 4001
+
+    # calico
+    calico_private_network: 192.168.0.0
+    calico_private_netmask: 16
+
+    # OpenStack cloud provider
+    openstack_auth_url: https://cloud-cz.bud.mirantis.net:5000/v3
+    openstack_region_name: RegionOne
+    openstack_tenant_name: k8s-openstack-provider
+    openstack_username: k8s-openstack-provider
+    openstack_password: hjk5ers794wep
+    # Set this with heat template or overrides.yml
+    openstack_subnet_id: null
+    openstack_floating_network_id: 3e868882-d59e-416a-90a1-48cc04cab723
+
+  linux:
+    network:
+      host:
+        ctl:
+          address: ${_param:kubernetes_control_address}
+          names:
+          - ${_param:kubernetes_control_hostname}
+          - ${_param:kubernetes_control_hostname}.${_param:cluster_domain}
+        ctl01:
+          address: ${_param:kubernetes_control_node01_address}
+          names:
+          - ${_param:kubernetes_control_node01_hostname}
+          - ${_param:kubernetes_control_node01_hostname}.${_param:cluster_domain}
+        ctl02:
+          address: ${_param:kubernetes_control_node02_address}
+          names:
+          - ${_param:kubernetes_control_node02_hostname}
+          - ${_param:kubernetes_control_node02_hostname}.${_param:cluster_domain}
+        ctl03:
+          address: ${_param:kubernetes_control_node03_address}
+          names:
+          - ${_param:kubernetes_control_node03_hostname}
+          - ${_param:kubernetes_control_node03_hostname}.${_param:cluster_domain}
+        prx01:
+          address: ${_param:kubernetes_proxy_node01_address}
+          names:
+          - ${_param:kubernetes_proxy_node01_hostname}
+          - ${_param:kubernetes_proxy_node01_hostname}.${_param:cluster_domain}
+    linux:
+      network:
+        interface:
+          primary_interface:
+            route:
+              # TODO: Remove comment.
+              # Will work once CI has this in linux formula (packaged): https://gerrit.mcp.mirantis.net/#/c/8952
+              kubernetes_internal:
+                address: 10.254.0.0
+                netmask: 255.255.0.0
+    system:
+      rc:
+        local: |
+          #!/bin/sh -e
+          #
+          # rc.local
+          #
+          ######### This file is managed by Salt! ##########
+          # This script is executed at the end of each multiuser runlevel.
+          # Make sure that the script will "exit 0" on success or any other
+          # value on error.
+          #
+          exit 0