Merge "Bump contanerd for k8s to 1.2.4"
diff --git a/glusterfs/server/volume/jenkins_slave_multi.yml b/glusterfs/server/volume/jenkins_slave_multi.yml
new file mode 100644
index 0000000..d926dfc
--- /dev/null
+++ b/glusterfs/server/volume/jenkins_slave_multi.yml
@@ -0,0 +1,38 @@
+classes:
+- system.glusterfs.server.volume.jenkins_slave_single
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ jenkins_slave02:
+ storage: /srv/glusterfs/jenkins_slaves/slave02
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/jenkins_slaves/slave02
+ - ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave02
+ - ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave02
+ options:
+ storage.owner-gid: 10000
+ storage.owner-uid: 10000
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
+ cluster.favorite-child-policy: mtime
+ jenkins_slave03:
+ storage: /srv/glusterfs/jenkins_slaves/slave03
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/jenkins_slaves/slave03
+ - ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave03
+ - ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave03
+ options:
+ storage.owner-gid: 10000
+ storage.owner-uid: 10000
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
+ cluster.favorite-child-policy: mtime
diff --git a/glusterfs/server/volume/jenkins_slave_single.yml b/glusterfs/server/volume/jenkins_slave_single.yml
new file mode 100644
index 0000000..7056240
--- /dev/null
+++ b/glusterfs/server/volume/jenkins_slave_single.yml
@@ -0,0 +1,20 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ jenkins_slave01:
+ storage: /srv/glusterfs/jenkins_slaves/slave01
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/jenkins_slaves/slave01
+ - ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave01
+ - ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave01
+ options:
+ storage.owner-gid: 10000
+ storage.owner-uid: 10000
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
+ cluster.favorite-child-policy: mtime
diff --git a/kubernetes/control/services/drivetrain/init.yml b/kubernetes/control/services/drivetrain/init.yml
index b0c51fc..2702393 100644
--- a/kubernetes/control/services/drivetrain/init.yml
+++ b/kubernetes/control/services/drivetrain/init.yml
@@ -7,13 +7,4 @@
_param:
kdt_http_proxy: ""
kdt_https_proxy: "${_param:kdt_http_proxy}"
- kdt_no_proxy: ""
- kubernetes:
- control:
- images:
- - ${_param:docker_image_phpldapadmin}
- - ${_param:docker_image_openldap}
- - ${_param:docker_image_mysql}
- - ${_param:docker_image_gerrit}
- - ${_param:docker_image_jenkins}
- - ${_param:docker_image_jenkins_slave}
+ kdt_no_proxy: ""
\ No newline at end of file
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
index f0db6cf..7840d31 100644
--- a/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
@@ -34,6 +34,16 @@
value: ${_param:kdt_http_proxy}
- name: no_proxy
value: ${_param:kdt_no_proxy}
+ volumes:
+ - name: jenkins-slave02
+ mount: /var/lib/jenkins
+ read_only: false
+ volume:
+ jenkins-slave02:
+ type: glusterfs
+ endpoints: glusterfs
+ path: jenkins_slave02
+ read_only: false
jenkins_slave03:
create: true
service: slave03
@@ -64,3 +74,13 @@
value: ${_param:kdt_http_proxy}
- name: no_proxy
value: ${_param:kdt_no_proxy}
+ volumes:
+ - name: jenkins-slave03
+ mount: /var/lib/jenkins
+ read_only: false
+ volume:
+ jenkins-slave03:
+ type: glusterfs
+ endpoints: glusterfs
+ path: jenkins_slave03
+ read_only: false
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_single.yml b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
index 3659689..4019c1f 100644
--- a/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
@@ -35,3 +35,13 @@
value: ${_param:kdt_http_proxy}
- name: no_proxy
value: ${_param:kdt_no_proxy}
+ volumes:
+ - name: jenkins-slave01
+ mount: /var/lib/jenkins
+ read_only: false
+ volume:
+ jenkins-slave01:
+ type: glusterfs
+ endpoints: glusterfs
+ path: jenkins_slave01
+ read_only: false
diff --git a/kubernetes/pool/images/drivetrain.yml b/kubernetes/pool/images/drivetrain.yml
new file mode 100644
index 0000000..94f5302
--- /dev/null
+++ b/kubernetes/pool/images/drivetrain.yml
@@ -0,0 +1,10 @@
+parameters:
+ kubernetes:
+ pool:
+ images:
+ - ${_param:docker_image_gerrit}
+ - ${_param:docker_image_jenkins_slave}
+ - ${_param:docker_image_jenkins}
+ - ${_param:docker_image_openldap}
+ - ${_param:docker_image_phpldapadmin}
+ - ${_param:docker_image_mysql}
\ No newline at end of file
diff --git a/nginx/server/proxy/drivetrain.yml b/nginx/server/proxy/drivetrain.yml
new file mode 100644
index 0000000..1abcc54
--- /dev/null
+++ b/nginx/server/proxy/drivetrain.yml
@@ -0,0 +1,18 @@
+parameters:
+ _param:
+ metallb_address: ${_param:kdt_metallb_address}
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_drivetrain_proxy:
+ enabled: true
+ type: nginx_proxy
+ name: drivetrain
+ proxy:
+ host: ${_param:metallb_address}
+ port: 80
+ protocol: http
+ host:
+ name: ${_param:metallb_address}
+ port: 80
\ No newline at end of file
diff --git a/salt/minion/cert/etcd_server_single.yml b/salt/minion/cert/etcd_server_single.yml
index d333fb8..fb5aa18 100644
--- a/salt/minion/cert/etcd_server_single.yml
+++ b/salt/minion/cert/etcd_server_single.yml
@@ -7,7 +7,7 @@
authority: ${_param:salt_minion_ca_authority}
common_name: ${linux:system:name}
signing_policy: cert_open
- alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ alternative_names: IP:127.0.0.1,IP:${_param:single_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
extended_key_usage: serverAuth,clientAuth
key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
key_file: /var/lib/etcd/etcd-server.key
diff --git a/salt/minion/cert/kdt_k8s_client_single.yml b/salt/minion/cert/kdt_k8s_client_single.yml
index 4d6cbcc..d84dfcf 100644
--- a/salt/minion/cert/kdt_k8s_client_single.yml
+++ b/salt/minion/cert/kdt_k8s_client_single.yml
@@ -11,7 +11,7 @@
common_name: system:node:${linux:system:name}
organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
kdt_k8s_client_fqdn:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -21,7 +21,7 @@
common_name: system:node:${linux:system:name}.${_param:cluster_domain}
organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
kdt_k8s_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -30,7 +30,7 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-proxy
signing_policy: cert_client
- alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
kdt_k8s_scheduler:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -39,7 +39,7 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-scheduler
signing_policy: cert_client
- alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
kdt_k8s_controller_manager:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -48,7 +48,7 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-controller-manager
signing_policy: cert_client
- alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
kdt_k8s_aggregator_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -57,4 +57,4 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-controller-manager
signing_policy: cert_client
- alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
diff --git a/salt/minion/cert/kdt_k8s_server_single.yml b/salt/minion/cert/kdt_k8s_server_single.yml
index f586a14..7b7028a 100644
--- a/salt/minion/cert/kdt_k8s_server_single.yml
+++ b/salt/minion/cert/kdt_k8s_server_single.yml
@@ -2,12 +2,12 @@
salt:
minion:
cert:
- kdt_k8s_server:
+ kdt_k8s_server_single:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: kubernetes-server
- key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.key
- cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.crt
- all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.pem
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt_single/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt_single/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt_single/kubernetes-server.pem
signing_policy: cert_server
- alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}