Merge pull request #42 from smolaon/master
rename infra/compute to infra/kvm
diff --git a/haproxy/proxy/listen/kubernetes/apiserver.yml b/haproxy/proxy/listen/kubernetes/apiserver.yml
new file mode 100644
index 0000000..a365c51
--- /dev/null
+++ b/haproxy/proxy/listen/kubernetes/apiserver.yml
@@ -0,0 +1,40 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ k8s_cluster:
+ type: kubernetes
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8080
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8080
+ params: check
+ k8s_cluster_localhost:
+ type: kubernetes
+ binds:
+ - address: localhost
+ port: 8080
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8080
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8080
+ params: check
\ No newline at end of file
diff --git a/haproxy/proxy/listen/kubernetes/etcd.yml b/haproxy/proxy/listen/kubernetes/etcd.yml
new file mode 100644
index 0000000..c314191
--- /dev/null
+++ b/haproxy/proxy/listen/kubernetes/etcd.yml
@@ -0,0 +1,22 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ etcd_cluster:
+ type: etcd
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 4001
+ servers:
+ - name: etc01
+ host: ${_param:cluster_node01_address}
+ port: 4001
+ params: check
+ - name: etc02
+ host: ${_param:cluster_node02_address}
+ port: 4001
+ params: backup check
+ - name: etc03
+ host: ${_param:cluster_node03_address}
+ port: 4001
+ params: backup check
\ No newline at end of file
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
new file mode 100644
index 0000000..0539331
--- /dev/null
+++ b/kubernetes/master/cluster.yml
@@ -0,0 +1,12 @@
+classes:
+- service.kubernetes.master.cluster
+- service.keepalived.cluster.single
+- service.haproxy.proxy.single
+- system.haproxy.proxy.listen.kubernetes.apiserver
+parameters:
+ kubernetes:
+ master:
+ container: false
+ network:
+ engine: calico
+ private_ip_range: ${_param:calico_private_network}/${_param:calico_private_netmask}
\ No newline at end of file
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
new file mode 100644
index 0000000..b38cf07
--- /dev/null
+++ b/kubernetes/pool/cluster.yml
@@ -0,0 +1,9 @@
+classes:
+- service.kubernetes.pool.cluster
+- service.docker.host
+parameters:
+ kubernetes:
+ pool:
+ container: false
+ network:
+ engine: calico
\ No newline at end of file
diff --git a/linux/system/repo/docker.yml b/linux/system/repo/docker.yml
new file mode 100644
index 0000000..6eae575
--- /dev/null
+++ b/linux/system/repo/docker.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ system:
+ repo:
+ docker:
+ source: "deb https://apt.dockerproject.org/repo ubuntu-${_param:linux_system_codename} main"
+ architectures: amd64
+ key_id: 58118E89F3A912897C070ADBF76221572C52609D
+ key_server: hkp://p80.pool.sks-keyservers.net:80
diff --git a/openssh/server/team/mmo_de.yml b/openssh/server/team/mmo_de.yml
new file mode 100644
index 0000000..1ecfd84
--- /dev/null
+++ b/openssh/server/team/mmo_de.yml
@@ -0,0 +1,23 @@
+parameters:
+ linux:
+ system:
+ user:
+ dszeluga:
+ enabled: true
+ name: dszeluga
+ sudo: true
+ full_name: Damian Szeluga
+ home: /home/dszeluga
+ openssh:
+ server:
+ enabled: true
+ user:
+ dszeluga:
+ enabled: true
+ public_keys:
+ - ${public_keys:dszeluga}
+ user: ${linux:system:user:dszeluga}
+ public_keys:
+ dszeluga:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEEFoCOaivah6AjFZmPIDlDlp8mUfsh9UFrjgLL8vqVYoyVnuZ5DQZTeZsCgFCPxodEsgHDkSEFwkB6hbyqEXszGIL8dWwSBR3QfNJD2cjZ8ZYqXsKN63RzHGAjTXMjlCB7TZtcui1SWpKjGd+x3gQ0KkHZI9V9WVYDcC75kyEAHZptM2N9jlwbhr9lXZ77gZacjaGoKN0Agb/ydd1TyhQ1F3g56pnvgZtkOe/bStwjpz2NS0FqiqAR3wOeZZUGsR3TCP70oYfaeJvpCDVRR/gVXqqvcBAiNYTGC/tMlKuECKPtOOAP8Oc+bt1eOrbiPVJ5NfoOIpmMCDUUSnFoNGN damjanek@cocaine.local
+
diff --git a/reclass/storage/system/kubernetes_control_cluster.yml b/reclass/storage/system/kubernetes_control_cluster.yml
new file mode 100644
index 0000000..5180ab6
--- /dev/null
+++ b/reclass/storage/system/kubernetes_control_cluster.yml
@@ -0,0 +1,38 @@
+parameters:
+ _param:
+ kubernetes_control_node01_hostname: ctl01
+ kubernetes_control_node02_hostname: ctl02
+ kubernetes_control_node03_hostname: ctl03
+ reclass:
+ storage:
+ node:
+ kubernetes_control_node01:
+ name: ${_param:kubernetes_control_node01_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.control
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:kubernetes_control_node01_address}
+ keepalived_vip_priority: 103
+ kubernetes_control_node02:
+ name: ${_param:kubernetes_control_node02_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.control
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:kubernetes_control_node02_address}
+ keepalived_vip_priority: 102
+ kubernetes_control_node03:
+ name: ${_param:kubernetes_control_node03_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.control
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:kubernetes_control_node03_address}
+ keepalived_vip_priority: 101
\ No newline at end of file
diff --git a/salt/master/formula/git/kubernetes.yml b/salt/master/formula/git/kubernetes.yml
new file mode 100644
index 0000000..c827caf
--- /dev/null
+++ b/salt/master/formula/git/kubernetes.yml
@@ -0,0 +1,22 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ kubernetes:
+ source: git
+ address: 'https://github.com/openstack/salt-formula-kubernetes.git'
+ revision: ${_param:salt_master_environment_revision}
+ etcd:
+ source: git
+ address: 'https://github.com/tcpcloud/salt-formula-etcd.git'
+ revision: ${_param:salt_master_environment_revision}
+ bird:
+ source: git
+ address: 'https://github.com/tcpcloud/salt-formula-bird.git'
+ revision: ${_param:salt_master_environment_revision}
+ docker:
+ source: git
+ address: 'https://github.com/tcpcloud/salt-formula-docker.git'
+ revision: ${_param:salt_master_environment_revision}
\ No newline at end of file
diff --git a/salt/master/formula/pkg/kubernetes.yml b/salt/master/formula/pkg/kubernetes.yml
new file mode 100644
index 0000000..7b3af30
--- /dev/null
+++ b/salt/master/formula/pkg/kubernetes.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ kubernetes:
+ source: pkg
+ name: salt-formula-kubernetes
+ etcd:
+ source: pkg
+ name: salt-formula-etcd
+ bird:
+ source: pkg
+ name: salt-formula-bird
+ docker:
+ source: pkg
+ name: salt-formula-docker
\ No newline at end of file
diff --git a/salt/master/git.yml b/salt/master/git.yml
index 5a922af..7b57a26 100644
--- a/salt/master/git.yml
+++ b/salt/master/git.yml
@@ -3,6 +3,7 @@
- system.salt.master.formula.git.openstack
- system.salt.master.formula.git.saltstack
- system.salt.master.formula.git.stacklight
+- system.salt.master.formula.git.kubernetes
parameters:
_param:
salt_master_environment_repository: "https://github.com/tcpcloud"
diff --git a/salt/master/pkg.yml b/salt/master/pkg.yml
index d1c8a1a..baae04c 100644
--- a/salt/master/pkg.yml
+++ b/salt/master/pkg.yml
@@ -3,4 +3,5 @@
- system.salt.master.formula.pkg.openstack
- system.salt.master.formula.pkg.saltstack
- system.salt.master.formula.pkg.stacklight
+- system.salt.master.formula.pkg.kubernetes
- system.linux.system.repo.tcp_salt
diff --git a/salt/minion/cert/k8s_client_certificate.yml b/salt/minion/cert/k8s_client_certificate.yml
new file mode 100644
index 0000000..37bf618
--- /dev/null
+++ b/salt/minion/cert/k8s_client_certificate.yml
@@ -0,0 +1,12 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ k8s_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ common_name: kubelet-client
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
diff --git a/salt/minion/cert/k8s_server_certificate.yml b/salt/minion/cert/k8s_server_certificate.yml
new file mode 100644
index 0000000..835f043
--- /dev/null
+++ b/salt/minion/cert/k8s_server_certificate.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /etc/kubernetes/ssl/kubernetes-server.key
+ cert_file: /etc/kubernetes/ssl/kubernetes-server.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ signing_policy: cert_server
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
diff --git a/salt/minion/pki/authority.yml b/salt/minion/pki/authority.yml
deleted file mode 100644
index fa84966..0000000
--- a/salt/minion/pki/authority.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-parameters:
- salt:
- minion:
- ca:
- mk_lab_ca:
- common_name: mk_lab_ca
- country: cz
- locality: Prague
- organization: Mirantis
- signing_policy:
- cert_server:
- type: v3_edge_cert_server
- minions: '*'
- cert_client:
- type: v3_edge_cert_client
- minions: '*'
- days_valid:
- authority: 3650
- certificate: 3650
diff --git a/salt/minion/pki/certificate.yml b/salt/minion/pki/certificate.yml
deleted file mode 100644
index 4bf4ef3..0000000
--- a/salt/minion/pki/certificate.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- proxy_cert:
- host: ${_param:salt_minion_ca_host}
- signing_policy: cert_server
- authority: mk_lab_ca
- common_name: ${_param:cluster_public_host}