Initial commit for Drivetrain on k8s
Related-prod: #PROD-27206 (PROD:27206)
Change-Id: I43ab57c6514864cf336d6811ae971479aa2ba8ac
diff --git a/salt/control/cluster/kdt_multi_cluster.yml b/salt/control/cluster/kdt_multi_cluster.yml
new file mode 100644
index 0000000..cb429a3
--- /dev/null
+++ b/salt/control/cluster/kdt_multi_cluster.yml
@@ -0,0 +1,38 @@
+parameters:
+ _param:
+ kdt_backend_image: ${_param:salt_control_xenial_image_backend}
+ salt_control_cluster_node_cloud_init_kdt:
+ user_data:
+ write_files:
+ - content: |
+ ${salt:control:size:kdt:image_layout}
+ owner: root:root
+ path: /usr/share/growlvm/image-layout.yml
+ salt:
+ control:
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ kdt01:
+ name: ${_param:kdt_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt02:
+ name: ${_param:kdt_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt03:
+ name: ${_param:kdt_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
diff --git a/salt/control/cluster/kdt_signle_cluster.yml b/salt/control/cluster/kdt_signle_cluster.yml
new file mode 100644
index 0000000..dd782ab
--- /dev/null
+++ b/salt/control/cluster/kdt_signle_cluster.yml
@@ -0,0 +1,24 @@
+parameters:
+ _param:
+ kdt_backend_image: ${_param:salt_control_xenial_image_backend}
+ salt_control_cluster_node_cloud_init_kdt:
+ user_data:
+ write_files:
+ - content: |
+ ${salt:control:size:kdt:image_layout}
+ owner: root:root
+ path: /usr/share/growlvm/image-layout.yml
+ salt:
+ control:
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ kdt01:
+ name: ${_param:kdt_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
diff --git a/salt/control/placement/kdt/init.yml b/salt/control/placement/kdt/init.yml
new file mode 100644
index 0000000..acd0bea
--- /dev/null
+++ b/salt/control/placement/kdt/init.yml
@@ -0,0 +1,36 @@
+parameters:
+ _param:
+ kdt_backend_image: ${_param:salt_control_xenial_image_backend}
+ salt_control_cluster_node_cloud_init_kdt:
+ user_data:
+ write_files:
+ - content: |
+ ${salt:control:size:kdt:image_layout}
+ owner: root:root
+ path: /usr/share/growlvm/image-layout.yml
+ salt:
+ control:
+ cluster:
+ internal:
+ node:
+ kdt01:
+ name: ${_param:kdt_node01_hostname}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt02:
+ name: ${_param:kdt_node02_hostname}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt03:
+ name: ${_param:kdt_node03_hostname}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
diff --git a/salt/control/sizes/kdt/init.yml b/salt/control/sizes/kdt/init.yml
new file mode 100644
index 0000000..048d552
--- /dev/null
+++ b/salt/control/sizes/kdt/init.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ salt_control_size_cpu_kdt: 8
+ salt_control_size_ram_kdt: 32768
+ salt_control_size_disk_profile_kdt: large
+ salt_control_size_net_profile_kdt: default
+ salt:
+ control:
+ size:
+ kdt:
+ cpu: ${_param:salt_control_size_cpu_kdt}
+ ram: ${_param:salt_control_size_ram_kdt}
+ disk_profile: ${_param:salt_control_size_disk_profile_kdt}
+ net_profile: ${_param:salt_control_size_net_profile_kdt}
+ image_layout: ${_param:salt_control_size_image_layout_kdt}
diff --git a/salt/minion/cert/kdt_k8s_client.yml b/salt/minion/cert/kdt_k8s_client.yml
new file mode 100644
index 0000000..1a1c3e1
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_client.yml
@@ -0,0 +1,60 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_aggregator_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
diff --git a/salt/minion/cert/kdt_k8s_client_single.yml b/salt/minion/cert/kdt_k8s_client_single.yml
new file mode 100644
index 0000000..4d6cbcc
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_client_single.yml
@@ -0,0 +1,60 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_aggregator_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
diff --git a/salt/minion/cert/kdt_k8s_server.yml b/salt/minion/cert/kdt_k8s_server.yml
new file mode 100644
index 0000000..63ee6ab
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_server.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.pem
+ signing_policy: cert_server
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
diff --git a/salt/minion/cert/kdt_k8s_server_single.yml b/salt/minion/cert/kdt_k8s_server_single.yml
new file mode 100644
index 0000000..f586a14
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_server_single.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.pem
+ signing_policy: cert_server
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}