path = mcp/salt-formulas/salt-formula-gnocchi
url = https://gerrit.mcp.mirantis.com/salt-formulas/gnocchi
branch = master
+[submodule "salt-formula-etcd"]
+ path = mcp/salt-formulas/salt-formula-etcd
+ url = https://gerrit.mcp.mirantis.com/salt-formulas/etcd
+ branch = master
+[submodule "salt-formula-kubernetes"]
+ path = mcp/salt-formulas/salt-formula-kubernetes
+ url = https://gerrit.mcp.mirantis.com/salt-formulas/kubernetes
+ branch = master
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+cluster:
+ domain: mcp-k8s-calico-noha.local
+ states:
+ - kubernetes
+virtual:
+ nodes:
+ control:
+ - ctl01
+ compute:
+ - cmp001
+ - cmp002
+ ctl01:
+ vcpus: 8
+ ram: 14336
+ cmp001:
+ vcpus: 6
+ ram: 12288
+ cmp002:
+ vcpus: 6
+ ram: 12288
--- /dev/null
+#!/bin/bash -e
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+CI_DEBUG=${CI_DEBUG:-0}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x
+
+# Create and distribute SSL certificates for services
+salt-call state.sls salt.minion
+
+# Install etcd
+salt -I 'etcd:server' state.sls etcd.server.service
+salt -I 'etcd:server' cmd.run ". /var/lib/etcd/configenv && etcdctl cluster-health"
+
+# Install Kubernetes and Calico
+salt -I 'kubernetes:master' state.sls kubernetes.master.kube-addons
+salt -I 'kubernetes:pool' state.sls kubernetes.pool
+salt -I 'kubernetes:pool' cmd.run "calicoctl node status"
+salt -I 'kubernetes:pool' cmd.run "calicoctl get ippool"
+
+# Setup NAT for Calico
+salt -I 'kubernetes:master' state.sls etcd.server.setup
+
+# Run whole master to check consistency
+salt -I 'kubernetes:master' state.sls kubernetes exclude=kubernetes.master.setup
+
+# Register addons
+salt -I 'kubernetes:master' state.sls kubernetes.master.setup
+
+# Upload config
+K8S_CONFIG=kubernetes.config
+K8S_HOST_ID=$(salt -I 'kubernetes:master' --out=yaml cp.push \
+ /etc/kubernetes/admin-kube-config \
+ upload_path="$K8S_CONFIG" | cut -d':' -f1)
+cd /opt && ln -sf "/var/cache/salt/master/minions/${K8S_HOST_ID}/files/${K8S_CONFIG}"
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+{%- import 'net_map.j2' as nm with context %}
+---
+classes:
+ - system.reclass.storage.salt
+ - system.reclass.storage.system.kubernetes_control_single
+{%- if nm.cluster.has_baremetal_nodes %}
+ - system.reclass.storage.system.infra_maas_single
+{%- endif %}
+ - system.salt.master.api
+ - system.salt.master.single
+ - system.salt.minion.ca.salt_master
+ - system.salt.minion.cert.k8s_server_single
+ - cluster.mcp-k8s-calico-noha
+parameters:
+ _param:
+ salt_master_environment_repository: 'https://github.com/salt-formulas'
+ salt_master_environment_revision: master
+ reclass_data_repository: local
+ salt_master_base_environment: prd
+ salt_master_host: 127.0.0.1
+ salt_minion_ca_host: ${linux:network:fqdn}
+ # yamllint disable-line rule:line-length
+ salt_api_password_hash: "$6$sGnRlxGf$al5jMCetLP.vfI/fTl3Z0N7Za1aeiexL487jAtyRABVfT3NlwZxQGVhO7S1N8OwS/34VHYwZQA8lkXwKMN/GS1"
+ kubernetes_control_node01_deploy_address: ${_param:opnfv_openstack_control_node01_pxe_admin_address}
+ linux:
+ system:
+ user:
+ salt:
+ home: /home/salt
+ salt:
+ master:
+ accept_policy: open_mode
+ file_recv: true
+ worker_threads: 4
+ command_timeout: 20
+ minion:
+ mine:
+ module:
+ x509.get_pem_entries: ['/etc/pki/all_cas/*']
+ reclass:
+ storage:
+ data_source:
+ engine: local
+ node:
+ kubernetes_control_node01:
+ params:
+ pxe_admin_interface: {{ nm.ctl01.nic_admin }}
+ pxe_admin_address: ${_param:opnfv_openstack_control_node01_pxe_admin_address}
+ # We support per-node (not only per-role) compute configuration via IDF
+{%- for cmp in range(1, nm.cmp_nodes + 1) %}
+ {%- set n = '%02d' | format(cmp) %}
+ {%- set i = nm.cmp001.idx + cmp - 1 %}
+
+ {%- set admin = nm.net_admin_hosts | length + nm.start_ip[nm.net_admin] + loop.index %}
+ {%- set mgmt = nm.net_mgmt_hosts | length + nm.start_ip[nm.net_mgmt] + loop.index %}
+ {%- set pub = nm.net_public_hosts | length + nm.start_ip[nm.net_public] + loop.index %}
+ {%- set pri = nm.net_private_hosts | length + nm.start_ip[nm.net_private] + loop.index %}
+ openstack_compute_node{{ n }}:
+ name: cmp{{ '%03d' | format(cmp) }}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.compute
+ params:
+ pxe_admin_address: {{ nm.net_admin | ipnet_hostaddr(admin) }}
+ pxe_admin_interface: {{ conf.idf.fuel.network.node[i].interfaces[nm.idx_admin] }}
+ single_address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }}
+ tenant_address: {{ nm.net_private | ipnet_hostaddr(pri) }}
+ external_address: {{ nm.net_public | ipnet_hostaddr(pub) }}
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+{%- endfor %}
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+classes:
+ - cluster.mcp-common-noha.infra
+parameters:
+ _param:
+ cluster_name: mcp-k8s-calico-noha
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+classes:
+ - cluster.mcp-common-noha.init_options
+ - cluster.mcp-k8s-calico-noha.kubernetes
+ - cluster.mcp-k8s-calico-noha.infra
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+{%- import 'net_map.j2' as nm with context %}
+---
+classes:
+ - system.linux.system.repo.mcp.apt_mirantis.docker
+ - system.linux.system.repo.mcp.apt_mirantis.update.docker
+ - system.linux.system.repo.mcp.apt_mirantis.kubernetes_extra
+ - system.linux.system.repo.mcp.apt_mirantis.update.kubernetes_extra
+ - system.kubernetes.pool.single
+ - system.salt.minion.cert.k8s_client_single
+ - system.salt.minion.cert.etcd_client_single
+ - cluster.mcp-common-noha.openstack_compute_pdf
+parameters:
+ kubernetes:
+ common:
+ hyperkube:
+ source: ${_param:kubernetes_hyperkube_source}
+ source_hash: ${_param:kubernetes_hyperkube_source_hash}
+ pause_image: ${_param:kubernetes_pause_image}
+ pool:
+ proxy:
+ daemon_opts:
+ cluster-cidr: ${_param:calico_private_network}/${_param:calico_private_netmask}
+ kubelet:
+ address: ${_param:single_address}
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
+ network:
+ calico:
+ enabled: true
+ no_default_pools: false
+ image: ${_param:kubernetes_calico_image}
+ calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
+ cni_image: ${_param:kubernetes_calico_cni_image}
+ kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
+ birdcl_source: ${_param:kubernetes_calico_birdcl_source}
+ birdcl_source_hash: ${_param:kubernetes_calico_birdcl_source_hash}
+ calicoctl_source: ${_param:kubernetes_calico_calicoctl_source}
+ calicoctl_source_hash: ${_param:kubernetes_calico_calicoctl_source_hash}
+ cni_ipam_source: ${_param:kubernetes_calico_cni_ipam_source}
+ cni_ipam_source_hash: ${_param:kubernetes_calico_cni_ipam_source_hash}
+ cni_source: ${_param:kubernetes_calico_cni_source}
+ cni_source_hash: ${_param:kubernetes_calico_cni_source_hash}
+ etcd:
+ ssl:
+ enabled: true
+ policy:
+ enabled: ${_param:kubernetes_calico_policy_enabled}
+ linux:
+ system:
+ kernel:
+ sysctl:
+ # The default operating system limits on mmap counts is likely to be too low,
+ # which may result in out of memory exceptions.
+ vm.max_map_count: 262144
+ network:
+ interface:
+ br-mgmt:
+ post_up_cmds:
+ - ip r rep 10.254.0.0/16 via ${_param:single_address}
+ pxe_admin_int:
+ gateway: {{ nm.net_admin_gw }}
+ name_servers:
+ - {{ nm.net_admin_gw }}
+ storage:
+ enabled: true
+ swap:
+ img:
+ enabled: false
+ engine: file
+ device: /swap.img
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+classes:
+ - system.linux.network.hosts
+ - cluster.mcp-k8s-calico-noha.kubernetes.common
+ - cluster.mcp-k8s-calico-noha
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+classes:
+ - service.etcd.server.single
+ - service.kubernetes.control.cluster
+ - system.salt.minion.cert.etcd_server_single
+ - system.kubernetes.master.single
+ - system.kubernetes.master.auth.rbac
+ - system.kubernetes.control.roles.cluster-admin
+ - cluster.mcp-k8s-calico-noha.kubernetes.common
+ - cluster.mcp-k8s-calico-noha
+parameters:
+ _param:
+ docker_image_etcd: quay.io/coreos/etcd:v3.3.12
+ kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download
+ kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.12/etcd-v3.3.12-linux-amd64.tar.gz
+ kubernetes_etcd_source_hash: md5=079af00546443b686df31e7ec605135e
+ etcd:
+ server:
+ image: ${_param:docker_image_etcd}
+ source:
+ engine: archive
+ etcd_source: ${_param:kubernetes_etcd_source}
+ etcd_source_hash: ${_param:kubernetes_etcd_source_hash}
+ setup:
+ calico:
+ key: /calico/ipam/v2/assignment/ipv4/block/${_param:calico_private_network}-${_param:calico_private_netmask}
+ value: '{"masquerade":true,"cidr":"${_param:calico_private_network}/${_param:calico_private_netmask}"}'
+ ssl:
+ enabled: true
+ kubernetes:
+ common:
+ addons:
+ virtlet:
+ enabled: ${_param:kubernetes_virtlet_enabled}
+ namespace: ${_param:kubernetes_addon_namespace}
+ image: ${_param:kubernetes_virtlet_image}
+ criproxy_version: ${_param:kubernetes_criproxy_version}
+ criproxy_source: ${_param:kubernetes_criproxy_checksum}
+ hosts:
+ - ${_param:kubernetes_compute01_hostname}
+ dashboard:
+ enabled: ${_param:kubernetes_dashboard}
+ image: ${_param:kubernetes_dashboard_image}
+ helm:
+ enabled: ${_param:kubernetes_helm_enabled}
+ netchecker:
+ enabled: ${_param:kubernetes_netchecker_enabled}
+ agent_probeurls: ${_param:kubernetes_netchecker_agent_probeurls}
+ externaldns:
+ enabled: ${_param:kubernetes_externaldns_enabled}
+ image: ${_param:kubernetes_externaldns_image}
+ provider: ${_param:kubernetes_externaldns_provider}
+ metallb:
+ enabled: ${_param:kubernetes_metallb_enabled}
+ addresses:
+ - ${_param:kubernetes_metallb_addresses_pool}
+ ingress-nginx:
+ enabled: ${_param:kubernetes_ingressnginx_enabled}
+ metrics-server:
+ enabled: ${_param:kubernetes_metrics_server_enabled}
+ master:
+ apiserver:
+ insecure_address: 0.0.0.0
+ kubelet:
+ address: ${_param:single_address}
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
+ etcd:
+ ssl:
+ enabled: true
+ network:
+ calico:
+ enabled: true
+ image: ${_param:kubernetes_calico_image}
+ calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
+ cni_image: ${_param:kubernetes_calico_cni_image}
+ kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
+ birdcl_source: ${_param:kubernetes_calico_birdcl_source}
+ birdcl_source_hash: ${_param:kubernetes_calico_birdcl_source_hash}
+ calicoctl_source: ${_param:kubernetes_calico_calicoctl_source}
+ calicoctl_source_hash: ${_param:kubernetes_calico_calicoctl_source_hash}
+ cni_ipam_source: ${_param:kubernetes_calico_cni_ipam_source}
+ cni_ipam_source_hash: ${_param:kubernetes_calico_cni_ipam_source_hash}
+ cni_source: ${_param:kubernetes_calico_cni_source}
+ cni_source_hash: ${_param:kubernetes_calico_cni_source_hash}
+ etcd:
+ ssl:
+ enabled: true
+ policy:
+ enabled: ${_param:kubernetes_calico_policy_enabled}
+ namespace:
+ netchecker:
+ enabled: true
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+{%- import 'net_map.j2' as nm with context %}
+---
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+
+ # kubelet
+ kubelet_fail_on_swap: true
+
+ # kubernetes settings
+ kubernetes_admin_user: admin
+ kubernetes_admin_password: sbPfel23ZigJF3Bm
+ kubernetes_admin_token: PpP6Mm3pAoPVqcKOKUu0x1dh7b1959Fi
+ kubernetes_kubelet_token: JJ2PKHxjiU6EYvIt18BqwdSK1HvWh8pt
+ kubernetes_kube-proxy_token: jT0hJk9L6cIw5UpYDNhsRwcj3Z2n62B6
+ kubernetes_scheduler_token: VgkUHfrW07zNxrb0ucFyX7NBnSJN9Xp6
+ kubernetes_controller-manager_token: uXrdZ1YKF6qlYm3sHje2iEXMGAGDWOIU
+ kubernetes_dns_token: 0S1I4iJeFjq5fopPwwCwTp3xFpEZfeUl
+ etcd_initial_token: IN7KaRMSo3xkGxkjAAPtkRkAgqN4ZNRq
+ kubernetes_netchecker_agent_probeurls: "http://ipinfo.io"
+
+ # addresses and hostnames
+ kubernetes_internal_api_address: 10.254.0.1
+ kubernetes_internal_dns_address: 10.254.0.10
+ kubernetes_control_hostname: ctl
+ kubernetes_control_node01_hostname: ctl01
+ kubernetes_compute01_hostname: cmp001
+ kubernetes_compute02_hostname: cmp002
+ kubernetes_control_node01_address: ${_param:openstack_control_address}
+ kubernetes_control_address: ${_param:kubernetes_control_node01_address}
+ master_address: ${_param:kubernetes_control_node01_address}
+ cluster_local_address: ${_param:single_address}
+
+ # cert
+ control_address: ${_param:kubernetes_control_node01_address}
+
+ # etcd stuff
+ node_hostname: ${_param:kubernetes_control_node01_hostname}
+ node_address: ${_param:kubernetes_control_node01_address}
+ node_port: 4001
+
+ # calico
+ calico_private_network: 192.168.0.0
+ calico_private_netmask: 16
+
+ # coredns
+ kubernetes_externaldns_provider: coredns
+ kubernetes_metallb_addresses_pool: 172.16.10.70-172.16.10.95
+
+ # switches of addons
+ kubernetes_kubedns_enabled: false
+ kubernetes_externaldns_enabled: false
+ kubernetes_coredns_enabled: true
+ kubernetes_dashboard: false
+ kubernetes_virtlet_enabled: false
+ kubernetes_flannel_enabled: false
+ kubernetes_genie_enabled: false
+ kubernetes_calico_enabled: true
+ kubernetes_opencontrail_enabled: false
+ kubernetes_contrail_network_controller_enabled: false
+ kubernetes_metallb_enabled: false
+ kubernetes_ingressnginx_enabled: false
+ kubernetes_rbd_enabled: false
+ kubernetes_helm_enabled: false
+ kubernetes_netchecker_enabled: true
+ kubernetes_calico_policy_enabled: false
+ kubernetes_metrics_server_enabled: false
+
+ kubernetes_ingressnginx_controller_replicas: 1
+ kubernetes_virtlet_use_apparmor: false
+
+ kubernetes_addon_namespace: kube-system
+
+
+ # Cloud providers parameters
+ kubernetes_cloudprovider_enabled: false
+ kubernetes_cloudprovider_type: 'openstack'
+
+ linux:
+ system:
+ kernel:
+ sysctl:
+ net.ipv4.tcp_congestion_control: yeah
+ net.ipv4.tcp_slow_start_after_idle: 0
+ net.ipv4.tcp_fin_timeout: 30
+ network:
+ host:
+ ctl01:
+ address: ${_param:kubernetes_control_node01_address}
+ names:
+ - ctl01
+ - ctl01.${_param:cluster_domain}
+{%- for cmp in range(1, nm.cmp_nodes + 1) %}
+ {%- set h = 'cmp%03d' | format(cmp) %}
+ {%- set mgmt = nm.net_mgmt_hosts | length + nm.start_ip[nm.net_mgmt] + loop.index %}
+ {{ h }}:
+ address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }}
+ names:
+ - {{ h }}
+ - {{ h }}.${_param:cluster_domain}
+{%- endfor %}
-Subproject commit 6589ee66d78889ab0e078064f1afa21eb7f61e77
+Subproject commit cddeb5b6fdc6231ef6fbe8bd404f1f366ee92375
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+classes:
+ - cluster.mcp-k8s-calico-noha.infra.config
+parameters:
+ _param:
+ linux_system_codename: xenial
+ reclass_data_revision: master
+ linux:
+ system:
+ name: cfg01
+ domain: mcp-k8s-calico-noha.local
--- /dev/null
+Subproject commit 8c7649df03e73b18781a19592584faf56b3000da
--- /dev/null
+Subproject commit 7a472de71ee6958660bf58539fac214cf3328629
Code Review / fuel.git / commitdiff