C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Implemented cloud-provider integration for OpenStack.

Browse source 
Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
This commit is contained in:
teuto.net Netzdienste GmbH 2016-03-29 14:50:22 +02:00
parent ed9a521d6d
commit 9f8da6c225
9 changed files with 78 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
inventory/group_vars/all.yml
View file

@ -103,7 +103,9 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
# There are some changes specific to the cloud providers # There are some changes specific to the cloud providers
# for instance we need to encapsulate packets with some network plugins # for instance we need to encapsulate packets with some network plugins
# If set the possible values are either 'gce' or 'aws' # If set the possible values are either 'gce', 'aws' or 'openstack'
# When openstack is used make sure to source in the openstack credentials
# like you would do when using nova-client before starting the playbook.
# cloud_provider: # cloud_provider:
# For multi masters architecture: # For multi masters architecture:

10
roles/kubernetes/master/templates/kube-apiserver.j2
View file

@ -38,7 +38,15 @@ KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private
# Add you own! # Add you own!
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem" KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem"
{% if cloud_provider is defined and cloud_provider == "openstack" %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
{% else %}
{# TODO: gce and aws don't need the cloud provider to be set? #}
KUBELET_CLOUDPROVIDER=""
{% endif %}
{% if ansible_service_mgr in ["sysvinit","upstart"] %} {% if ansible_service_mgr in ["sysvinit","upstart"] %}
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \ DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS" $KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS \
$KUBELET_CLOUDPROVIDER"
{% endif %} {% endif %}

3
roles/kubernetes/master/templates/kube-apiserver.service.j2
View file

@ -19,7 +19,8 @@ ExecStart={{ bin_dir }}/kube-apiserver \
$KUBE_ADMISSION_CONTROL \ $KUBE_ADMISSION_CONTROL \
$KUBE_RUNTIME_CONFIG \ $KUBE_RUNTIME_CONFIG \
$KUBE_TLS_CONFIG \ $KUBE_TLS_CONFIG \
$KUBE_API_ARGS $KUBE_API_ARGS \
$KUBELET_CLOUDPROVIDER
Restart=on-failure Restart=on-failure
Type=notify Type=notify
LimitNOFILE=65536 LimitNOFILE=65536

9
roles/kubernetes/node/templates/kubelet.j2
View file

@ -32,7 +32,14 @@ DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
{% endif %} {% endif %}
# Should this cluster be allowed to run privileged docker containers # Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=true" KUBE_ALLOW_PRIV="--allow_privileged=true"
{% if cloud_provider is defined and cloud_provider == "openstack" %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
{% else %}
{# TODO: gce and aws don't need the cloud provider to be set? #}
KUBELET_CLOUDPROVIDER=""
{% endif %}
{% if ansible_service_mgr in ["sysvinit","upstart"] %} {% if ansible_service_mgr in ["sysvinit","upstart"] %}
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \ DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \
$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN" $KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN \
$KUBELET_CLOUDPROVIDER"
{% endif %} {% endif %}

3
roles/kubernetes/node/templates/kubelet.service.j2
View file

@ -20,7 +20,8 @@ ExecStart={{ bin_dir }}/kubelet \
$KUBELET_ARGS \ $KUBELET_ARGS \
$DOCKER_SOCKET \ $DOCKER_SOCKET \
$KUBELET_REGISTER_NODE \ $KUBELET_REGISTER_NODE \
$KUBELET_NETWORK_PLUGIN $KUBELET_NETWORK_PLUGIN \
$KUBELET_CLOUDPROVIDER
Restart=on-failure Restart=on-failure
[Install] [Install]

10
roles/kubernetes/preinstall/defaults/main.yml
View file

@ -8,3 +8,13 @@ common_required_pkgs:
- rsync - rsync
- bash-completion - bash-completion
# For the openstack integration kubelet will need credentials to access
# openstack apis like nova and cinder. Per default this values will be
# read from the environment.
openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
openstack_username: "{{ lookup('env','OS_USERNAME') }}"
openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"

15
roles/kubernetes/preinstall/tasks/main.yml
View file

@ -48,8 +48,11 @@
- name: check cloud_provider value - name: check cloud_provider value
fail: fail:
msg: "If set the 'cloud_provider' var must be set eithe to 'gce' or 'aws'" msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws' or 'openstack'"
when: cloud_provider is defined and cloud_provider not in ['gce', 'aws'] when: cloud_provider is defined and cloud_provider not in ['gce', 'aws', 'openstack']
- include: openstack-credential-check.yml
when: cloud_provider is defined and cloud_provider == 'openstack'
- name: Create cni directories - name: Create cni directories
file: file:
@ -105,4 +108,12 @@
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
changed_when: False changed_when: False
- name: Write openstack cloud-config
template:
src: openstack-cloud-config.j2
dest: "{{ kube_config_dir }}/cloud_config"
group: "{{ kube_cert_group }}"
mode: 0640
when: cloud_provider is defined and cloud_provider == "openstack"
- include: etchosts.yml - include: etchosts.yml

25
roles/kubernetes/preinstall/tasks/openstack-credential-check.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: check openstack_auth_url value
fail:
msg: "openstack_auth_url is missing"
when: openstack_auth_url is not defined or openstack_auth_url == ""
- name: check openstack_username value
fail:
msg: "openstack_username is missing"
when: openstack_username is not defined or openstack_username == ""
- name: check openstack_password value
fail:
msg: "openstack_password is missing"
when: openstack_password is not defined or openstack_password == ""
- name: check openstack_region value
fail:
msg: "openstack_region is missing"
when: openstack_region is not defined or openstack_region == ""
- name: check tenant_id value
fail:
msg: "tenant_id is missing"
when: openstack_tenant_id is not defined or openstack_tenant_id == ""

6
roles/kubernetes/preinstall/templates/openstack-cloud-config.j2 Normal file
View file

@ -0,0 +1,6 @@
[Global]
auth-url={{ openstack_auth_url }}
username={{ openstack_username }}
password={{ openstack_password }}
region={{ openstack_region }}
tenant-id={{ openstack_tenant_id }}