Implemented cloud-provider integration for OpenStack.
Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
This commit is contained in:
parent
ed9a521d6d
commit
9f8da6c225
9 changed files with 78 additions and 7 deletions
|
@ -103,7 +103,9 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
|
||||||
|
|
||||||
# There are some changes specific to the cloud providers
|
# There are some changes specific to the cloud providers
|
||||||
# for instance we need to encapsulate packets with some network plugins
|
# for instance we need to encapsulate packets with some network plugins
|
||||||
# If set the possible values are either 'gce' or 'aws'
|
# If set the possible values are either 'gce', 'aws' or 'openstack'
|
||||||
|
# When openstack is used make sure to source in the openstack credentials
|
||||||
|
# like you would do when using nova-client before starting the playbook.
|
||||||
# cloud_provider:
|
# cloud_provider:
|
||||||
|
|
||||||
# For multi masters architecture:
|
# For multi masters architecture:
|
||||||
|
|
|
@ -38,7 +38,15 @@ KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private
|
||||||
# Add you own!
|
# Add you own!
|
||||||
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem"
|
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem"
|
||||||
|
|
||||||
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||||
|
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||||
|
{% else %}
|
||||||
|
{# TODO: gce and aws don't need the cloud provider to be set? #}
|
||||||
|
KUBELET_CLOUDPROVIDER=""
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
||||||
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \
|
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \
|
||||||
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS"
|
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS \
|
||||||
|
$KUBELET_CLOUDPROVIDER"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -19,7 +19,8 @@ ExecStart={{ bin_dir }}/kube-apiserver \
|
||||||
$KUBE_ADMISSION_CONTROL \
|
$KUBE_ADMISSION_CONTROL \
|
||||||
$KUBE_RUNTIME_CONFIG \
|
$KUBE_RUNTIME_CONFIG \
|
||||||
$KUBE_TLS_CONFIG \
|
$KUBE_TLS_CONFIG \
|
||||||
$KUBE_API_ARGS
|
$KUBE_API_ARGS \
|
||||||
|
$KUBELET_CLOUDPROVIDER
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Type=notify
|
Type=notify
|
||||||
LimitNOFILE=65536
|
LimitNOFILE=65536
|
||||||
|
|
|
@ -32,7 +32,14 @@ DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
# Should this cluster be allowed to run privileged docker containers
|
||||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
||||||
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||||
|
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||||
|
{% else %}
|
||||||
|
{# TODO: gce and aws don't need the cloud provider to be set? #}
|
||||||
|
KUBELET_CLOUDPROVIDER=""
|
||||||
|
{% endif %}
|
||||||
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
||||||
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \
|
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \
|
||||||
$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN"
|
$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN \
|
||||||
|
$KUBELET_CLOUDPROVIDER"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -20,7 +20,8 @@ ExecStart={{ bin_dir }}/kubelet \
|
||||||
$KUBELET_ARGS \
|
$KUBELET_ARGS \
|
||||||
$DOCKER_SOCKET \
|
$DOCKER_SOCKET \
|
||||||
$KUBELET_REGISTER_NODE \
|
$KUBELET_REGISTER_NODE \
|
||||||
$KUBELET_NETWORK_PLUGIN
|
$KUBELET_NETWORK_PLUGIN \
|
||||||
|
$KUBELET_CLOUDPROVIDER
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -8,3 +8,13 @@ common_required_pkgs:
|
||||||
- rsync
|
- rsync
|
||||||
- bash-completion
|
- bash-completion
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# For the openstack integration kubelet will need credentials to access
|
||||||
|
# openstack apis like nova and cinder. Per default this values will be
|
||||||
|
# read from the environment.
|
||||||
|
openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
|
||||||
|
openstack_username: "{{ lookup('env','OS_USERNAME') }}"
|
||||||
|
openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
|
||||||
|
openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
|
||||||
|
openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"
|
||||||
|
|
|
@ -48,8 +48,11 @@
|
||||||
|
|
||||||
- name: check cloud_provider value
|
- name: check cloud_provider value
|
||||||
fail:
|
fail:
|
||||||
msg: "If set the 'cloud_provider' var must be set eithe to 'gce' or 'aws'"
|
msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws' or 'openstack'"
|
||||||
when: cloud_provider is defined and cloud_provider not in ['gce', 'aws']
|
when: cloud_provider is defined and cloud_provider not in ['gce', 'aws', 'openstack']
|
||||||
|
|
||||||
|
- include: openstack-credential-check.yml
|
||||||
|
when: cloud_provider is defined and cloud_provider == 'openstack'
|
||||||
|
|
||||||
- name: Create cni directories
|
- name: Create cni directories
|
||||||
file:
|
file:
|
||||||
|
@ -105,4 +108,12 @@
|
||||||
when: ansible_os_family == "RedHat"
|
when: ansible_os_family == "RedHat"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
||||||
|
- name: Write openstack cloud-config
|
||||||
|
template:
|
||||||
|
src: openstack-cloud-config.j2
|
||||||
|
dest: "{{ kube_config_dir }}/cloud_config"
|
||||||
|
group: "{{ kube_cert_group }}"
|
||||||
|
mode: 0640
|
||||||
|
when: cloud_provider is defined and cloud_provider == "openstack"
|
||||||
|
|
||||||
- include: etchosts.yml
|
- include: etchosts.yml
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
- name: check openstack_auth_url value
|
||||||
|
fail:
|
||||||
|
msg: "openstack_auth_url is missing"
|
||||||
|
when: openstack_auth_url is not defined or openstack_auth_url == ""
|
||||||
|
|
||||||
|
- name: check openstack_username value
|
||||||
|
fail:
|
||||||
|
msg: "openstack_username is missing"
|
||||||
|
when: openstack_username is not defined or openstack_username == ""
|
||||||
|
|
||||||
|
- name: check openstack_password value
|
||||||
|
fail:
|
||||||
|
msg: "openstack_password is missing"
|
||||||
|
when: openstack_password is not defined or openstack_password == ""
|
||||||
|
|
||||||
|
- name: check openstack_region value
|
||||||
|
fail:
|
||||||
|
msg: "openstack_region is missing"
|
||||||
|
when: openstack_region is not defined or openstack_region == ""
|
||||||
|
|
||||||
|
- name: check tenant_id value
|
||||||
|
fail:
|
||||||
|
msg: "tenant_id is missing"
|
||||||
|
when: openstack_tenant_id is not defined or openstack_tenant_id == ""
|
|
@ -0,0 +1,6 @@
|
||||||
|
[Global]
|
||||||
|
auth-url={{ openstack_auth_url }}
|
||||||
|
username={{ openstack_username }}
|
||||||
|
password={{ openstack_password }}
|
||||||
|
region={{ openstack_region }}
|
||||||
|
tenant-id={{ openstack_tenant_id }}
|
Loading…
Reference in a new issue