Merge "Initial commit for Drivetrain on k8s"
diff --git a/defaults/salt/init.yml b/defaults/salt/init.yml
index 2e19089..61d9866 100644
--- a/defaults/salt/init.yml
+++ b/defaults/salt/init.yml
@@ -16,6 +16,7 @@
salt_control_size_image_layout_ceph_mon: ${_param:salt_control_size_image_layout_default}
salt_control_size_image_layout_ceph_rgw: ${_param:salt_control_size_image_layout_default}
salt_control_size_image_layout_cicd_control: ${_param:salt_control_size_image_layout_default}
+ salt_control_size_image_layout_kdt: ${_param:salt_control_size_image_layout_default}
salt_control_size_image_layout_infra_idm: ${_param:salt_control_size_image_layout_default}
salt_control_size_image_layout_infra_integration: ${_param:salt_control_size_image_layout_default}
salt_control_size_image_layout_infra_maas: ${_param:salt_control_size_image_layout_default}
@@ -47,4 +48,3 @@
salt_control_trusty_image: ${_param:mcp_static_images_url}/ubuntu-14-04-x64-mcp${_param:mcp_version}.qcow2
salt_control_xenial_image: ${_param:mcp_static_images_url}/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2
-
diff --git a/reclass/storage/system/kdt_multi_cluster.yml b/reclass/storage/system/kdt_multi_cluster.yml
new file mode 100644
index 0000000..733e2b8
--- /dev/null
+++ b/reclass/storage/system/kdt_multi_cluster.yml
@@ -0,0 +1,28 @@
+classes:
+ - system.reclass.storage.system.kdt_single_cluster
+parameters:
+ reclass:
+ storage:
+ node:
+ kdt_node02:
+ name: kdt02
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kdt.control
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: ${_param:kdt_system_codename}
+ single_address: ${_param:kdt_node02_address}
+ keepalived_vip_priority: 102
+ glusterfs_node_role: secondary
+ kdt_node03:
+ name: kdt03
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kdt.control
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: ${_param:kdt_system_codename}
+ single_address: ${_param:kdt_node03_address}
+ keepalived_vip_priority: 101
+ glusterfs_node_role: secondary
diff --git a/reclass/storage/system/kdt_single_cluster.yml b/reclass/storage/system/kdt_single_cluster.yml
new file mode 100644
index 0000000..f452f15
--- /dev/null
+++ b/reclass/storage/system/kdt_single_cluster.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ kdt_system_codename: xenial
+ reclass:
+ storage:
+ node:
+ kdt_node01:
+ name: kdt01
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kdt.control
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: ${_param:kdt_system_codename}
+ single_address: ${_param:kdt_node01_address}
+ keepalived_vip_priority: 103
+ glusterfs_node_role: primary
diff --git a/salt/control/cluster/kdt_multi_cluster.yml b/salt/control/cluster/kdt_multi_cluster.yml
new file mode 100644
index 0000000..cb429a3
--- /dev/null
+++ b/salt/control/cluster/kdt_multi_cluster.yml
@@ -0,0 +1,38 @@
+parameters:
+ _param:
+ kdt_backend_image: ${_param:salt_control_xenial_image_backend}
+ salt_control_cluster_node_cloud_init_kdt:
+ user_data:
+ write_files:
+ - content: |
+ ${salt:control:size:kdt:image_layout}
+ owner: root:root
+ path: /usr/share/growlvm/image-layout.yml
+ salt:
+ control:
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ kdt01:
+ name: ${_param:kdt_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt02:
+ name: ${_param:kdt_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt03:
+ name: ${_param:kdt_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
diff --git a/salt/control/cluster/kdt_signle_cluster.yml b/salt/control/cluster/kdt_signle_cluster.yml
new file mode 100644
index 0000000..dd782ab
--- /dev/null
+++ b/salt/control/cluster/kdt_signle_cluster.yml
@@ -0,0 +1,24 @@
+parameters:
+ _param:
+ kdt_backend_image: ${_param:salt_control_xenial_image_backend}
+ salt_control_cluster_node_cloud_init_kdt:
+ user_data:
+ write_files:
+ - content: |
+ ${salt:control:size:kdt:image_layout}
+ owner: root:root
+ path: /usr/share/growlvm/image-layout.yml
+ salt:
+ control:
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ kdt01:
+ name: ${_param:kdt_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
diff --git a/salt/control/placement/kdt/init.yml b/salt/control/placement/kdt/init.yml
new file mode 100644
index 0000000..acd0bea
--- /dev/null
+++ b/salt/control/placement/kdt/init.yml
@@ -0,0 +1,36 @@
+parameters:
+ _param:
+ kdt_backend_image: ${_param:salt_control_xenial_image_backend}
+ salt_control_cluster_node_cloud_init_kdt:
+ user_data:
+ write_files:
+ - content: |
+ ${salt:control:size:kdt:image_layout}
+ owner: root:root
+ path: /usr/share/growlvm/image-layout.yml
+ salt:
+ control:
+ cluster:
+ internal:
+ node:
+ kdt01:
+ name: ${_param:kdt_node01_hostname}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt02:
+ name: ${_param:kdt_node02_hostname}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
+ kdt03:
+ name: ${_param:kdt_node03_hostname}
+ image: ${_param:salt_control_xenial_image}
+ backend: ${_param:kdt_backend_image}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ size: kdt
+ cloud_init: ${_param:salt_control_cluster_node_cloud_init_kdt}
diff --git a/salt/control/sizes/kdt/init.yml b/salt/control/sizes/kdt/init.yml
new file mode 100644
index 0000000..048d552
--- /dev/null
+++ b/salt/control/sizes/kdt/init.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ salt_control_size_cpu_kdt: 8
+ salt_control_size_ram_kdt: 32768
+ salt_control_size_disk_profile_kdt: large
+ salt_control_size_net_profile_kdt: default
+ salt:
+ control:
+ size:
+ kdt:
+ cpu: ${_param:salt_control_size_cpu_kdt}
+ ram: ${_param:salt_control_size_ram_kdt}
+ disk_profile: ${_param:salt_control_size_disk_profile_kdt}
+ net_profile: ${_param:salt_control_size_net_profile_kdt}
+ image_layout: ${_param:salt_control_size_image_layout_kdt}
diff --git a/salt/minion/cert/kdt_k8s_client.yml b/salt/minion/cert/kdt_k8s_client.yml
new file mode 100644
index 0000000..1a1c3e1
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_client.yml
@@ -0,0 +1,60 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_aggregator_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
diff --git a/salt/minion/cert/kdt_k8s_client_single.yml b/salt/minion/cert/kdt_k8s_client_single.yml
new file mode 100644
index 0000000..4d6cbcc
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_client_single.yml
@@ -0,0 +1,60 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
+ kdt_k8s_aggregator_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
diff --git a/salt/minion/cert/kdt_k8s_server.yml b/salt/minion/cert/kdt_k8s_server.yml
new file mode 100644
index 0000000..63ee6ab
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_server.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.pem
+ signing_policy: cert_server
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
diff --git a/salt/minion/cert/kdt_k8s_server_single.yml b/salt/minion/cert/kdt_k8s_server_single.yml
new file mode 100644
index 0000000..f586a14
--- /dev/null
+++ b/salt/minion/cert/kdt_k8s_server_single.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ kdt_k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kdt/kubernetes-server.pem
+ signing_policy: cert_server
+ alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}