Merge "OpenStack cloud provider support for k8s"
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index d015a80..d5d9089 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -22,6 +22,7 @@
kubernetes_ingressnginx_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes-ingress-nginx
kubernetes_corends_etcd_operator_repo: quay.io/coreos
kubernetes_containerd_repo: https://github.com/kubernetes-sigs/cri-tools/releases/download
+ kubernetes_openstack_provider_repo: ${_param:mcp_binary_registry}/mirantis/kubernetes/cloud-provider-openstack
# component images/binaries
kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.1.3
@@ -111,6 +112,25 @@
kubernetes_telegraf_agent_quiet: false
kubernetes_telegraf_agent_omit_hostname: false
+ # Cloud providers parameters
+
+ kubernetes_cloudprovider_enabled: false
+ kubernetes_cloudprovider_type: openstack
+
+ # OpenStack cloud provider
+
+ kubernetes_openstack_provider_binary: ${_param:kubernetes_openstack_provider_repo}/openstack-cloud-controller-manager_v0.3.0-1_1543239267245
+ kubernetes_openstack_provider_binary_hash: md5=0d85b5877e9872690390f5b87e45efba
+ kubernetes_openstack_provider_cloud_user: admin
+ kubernetes_openstack_provider_cloud_password: secret
+ kubernetes_openstack_provider_cloud_auth_url: http://127.0.0.1:5000/v3
+ kubernetes_openstack_provider_cloud_tenant_id: tenant_id
+ kubernetes_openstack_provider_cloud_domain_id: default
+ kubernetes_openstack_provider_cloud_region: RegionOne
+ kubernetes_openstack_provider_lbaas_subnet_id: subnet_id
+ kubernetes_openstack_provider_floating_net_id: floating_net_id
+
+
linux:
system:
kernel:
@@ -134,6 +154,20 @@
plugins:
source: ${_param:kubernetes_cniplugins_source}
hash: ${_param:kubernetes_cniplugins_source_hash}
+ cloudprovider:
+ enabled: ${_param:kubernetes_cloudprovider_enabled}
+ provider: ${_param:kubernetes_cloudprovider_type}
+ params:
+ binary: ${_param:kubernetes_openstack_provider_binary}
+ binary_hash: ${_param:kubernetes_openstack_provider_binary_hash}
+ username: ${_param:kubernetes_openstack_provider_cloud_user}
+ password: ${_param:kubernetes_openstack_provider_cloud_password}
+ auth_url: ${_param:kubernetes_openstack_provider_cloud_auth_url}
+ tenant_id: ${_param:kubernetes_openstack_provider_cloud_tenant_id}
+ domain_id: ${_param:kubernetes_openstack_provider_cloud_domain_id}
+ region: ${_param:kubernetes_openstack_provider_cloud_region}
+ subnet_id: ${_param:kubernetes_openstack_provider_lbaas_subnet_id}
+ floating_net_id: ${_param:kubernetes_openstack_provider_floating_net_id}
addons:
dashboard:
enabled: ${_param:kubernetes_dashboard_enabled}
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index 5f065d5..ff7dabf 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -12,6 +12,16 @@
organization_name: system:nodes
signing_policy: cert_client
alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
k8s_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index a4302a3..a2f3d89 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml
@@ -12,6 +12,16 @@
organization_name: system:nodes
signing_policy: cert_client
alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
k8s_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}