diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh index 2ffa7abf2b6b8c695cc67e390eef5e8a9831edcf..cfccfc93180d369321411101208f55313c348fa5 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh @@ -47,11 +47,6 @@ if [ -n "${KUBE_NODE_PUBLIC_IP}" ]; then sans="${sans},IP:${KUBE_NODE_PUBLIC_IP}" fi -KUBE_NODE_PUBLIC_IP=${KUBE_NODE_IP} -KUBE_API_PRIVATE_ADDRESS=${KUBE_NODE_IP} -KUBE_API_PUBLIC_ADDRESS=${KUBE_NODE_PUBLIC_IP} - -sans="IP:${KUBE_NODE_PUBLIC_IP},IP:${KUBE_NODE_IP}" if [ "${KUBE_NODE_PUBLIC_IP}" != "${KUBE_API_PUBLIC_ADDRESS}" ] \ && [ -n "${KUBE_API_PUBLIC_ADDRESS}" ]; then sans="${sans},IP:${KUBE_API_PUBLIC_ADDRESS}" diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml index 6d76f39627b9feb2e187ba3469c65485a4ba7597..89b5a1c1e3b57e26c794da7f6b213ce7f9d1ca73 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml @@ -980,6 +980,80 @@ parameters: resources: + network: + condition: create_cluster_resources + type: ../../common/templates/network.yaml + properties: + existing_network: {get_param: fixed_network} + existing_subnet: {get_param: fixed_subnet} + private_network_cidr: {get_param: fixed_network_cidr} + dns_nameserver: {get_param: dns_nameserver} + external_network: {get_param: external_network} + private_network_name: {get_param: fixed_network_name} + + api_lb: + condition: create_cluster_resources + type: ../../common/templates/lb_api.yaml + properties: + fixed_subnet: "public-subnet-1" + external_network: {get_param: external_network} + protocol: {get_param: loadbalancing_protocol} + port: {get_param: kubernetes_port} + + etcd_lb: + condition: create_cluster_resources + type: ../../common/templates/lb_etcd.yaml + properties: + fixed_subnet: "public-subnet-1" + protocol: {get_param: loadbalancing_protocol} + port: 2379 + + ###################################################################### + # + # resources that expose the IPs of either the kube master or a given + # LBaaS pool depending on whether LBaaS is enabled for the cluster. + # + + api_address_lb_switch: + condition: create_cluster_resources + type: Magnum::ApiGatewaySwitcher + properties: + pool_public_ip: {get_attr: [api_lb, floating_address]} + pool_private_ip: {get_attr: [api_lb, address]} + master_public_ip: {get_attr: [kube_masters, resource.0.kube_master_external_ip]} + master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]} + + etcd_address_lb_switch: + condition: create_cluster_resources + type: Magnum::ApiGatewaySwitcher + properties: + pool_private_ip: {get_attr: [etcd_lb, address]} + master_private_ip: {get_attr: [kube_masters, resource.0.kube_master_ip]} + + ###################################################################### + # + # resources that expose the IPs of either floating ip or a given + # fixed ip depending on whether FloatingIP is enabled for the cluster. + # + + api_address_floating_switch: + condition: create_cluster_resources + type: Magnum::FloatingIPAddressSwitcher + properties: + public_ip: {get_attr: [api_address_lb_switch, public_ip]} + private_ip: {get_attr: [api_address_lb_switch, private_ip]} + + ###################################################################### + # + # resources that expose the server group for all nodes include master + # and minions. + # + + nodes_server_group: + type: OS::Nova::ServerGroup + properties: + policies: [{get_param: nodes_affinity_policy}] + ###################################################################### # # kubernetes masters. This is a resource group that will create @@ -989,6 +1063,8 @@ resources: kube_masters: condition: master_only type: OS::Heat::ResourceGroup + depends_on: + - network update_policy: rolling_update: {max_batch_size: {get_param: update_max_batch_size}, pause_time: 30} properties: @@ -1007,8 +1083,8 @@ resources: metrics_server_chart_tag: {get_param: metrics_server_chart_tag} prometheus_monitoring: {get_param: prometheus_monitoring} grafana_admin_passwd: {get_param: grafana_admin_passwd} - api_public_address: "" - api_private_address: "" + api_public_address: {get_attr: [api_lb, floating_address]} + api_private_address: {get_attr: [api_lb, address]} ssh_key_name: {get_param: ssh_key_name} ssh_public_key: {get_param: ssh_public_key} server_image: {get_param: master_image} @@ -1037,11 +1113,11 @@ resources: traefik_ingress_controller_tag: {get_param: traefik_ingress_controller_tag} volume_driver: {get_param: volume_driver} region_name: {get_param: region_name} - fixed_network: "" + fixed_network: {get_attr: [network, fixed_network]} fixed_network_name: {get_param: fixed_network_name} - fixed_subnet: "" - api_pool_id: "" - etcd_pool_id: "" + fixed_subnet: {get_attr: [network, fixed_subnet]} + api_pool_id: {get_attr: [api_lb, pool_id]} + etcd_pool_id: {get_attr: [etcd_lb, pool_id]} username: {get_param: username} password: {get_param: password} kubernetes_port: {get_param: kubernetes_port} @@ -1068,9 +1144,11 @@ resources: auth_url: {get_param: auth_url} insecure_registry_url: {get_param: insecure_registry_url} container_infra_prefix: {get_param: container_infra_prefix} + etcd_lb_vip: {get_attr: [etcd_lb, address]} dns_service_ip: {get_param: dns_service_ip} dns_cluster_domain: {get_param: dns_cluster_domain} openstack_ca: "" + nodes_server_group_id: {get_resource: master_nodes_server_group} availability_zone: {get_param: availability_zone} ca_key: {get_param: ca_key} cert_manager_api: {get_param: cert_manager_api} @@ -1228,6 +1306,8 @@ resources: kube_minions: condition: worker_only type: OS::Heat::ResourceGroup + depends_on: + - network update_policy: rolling_update: {max_batch_size: {get_param: update_max_batch_size}, pause_time: 30} properties: @@ -1247,8 +1327,16 @@ resources: ssh_public_key: {get_param: ssh_public_key} server_image: {get_param: minion_image} minion_flavor: {get_param: minion_flavor} - fixed_network: "" - fixed_subnet: "" + fixed_network: + if: + - create_cluster_resources + - get_attr: [network, fixed_network] + - get_param: fixed_network + fixed_subnet: + if: + - create_cluster_resources + - get_attr: [network, fixed_subnet] + - get_param: fixed_subnet network_driver: {get_param: network_driver} flannel_network_cidr: {get_param: flannel_network_cidr} kube_master_ip: @@ -1303,6 +1391,7 @@ resources: dns_service_ip: {get_param: dns_service_ip} dns_cluster_domain: {get_param: dns_cluster_domain} openstack_ca: "" + nodes_server_group_id: {get_resource: master_nodes_server_group} availability_zone: {get_param: availability_zone} pods_network_cidr: {get_param: pods_network_cidr} kubelet_options: {get_param: kubelet_options} @@ -1332,7 +1421,7 @@ outputs: str_replace: template: api_ip_address params: - api_ip_address: {get_attr: [kube_masters, resource.0.kube_master_external_ip]} + api_ip_address: {get_attr: [api_address_floating_switch, ip_address]} description: > This is the API endpoint of the Kubernetes cluster. Use this to access the Kubernetes API. diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml index 7dcb126bc175bc6f337298572ab61b8397fd8ad7..0d681e7e10103cbc29bbbd5124c128d2456727d5 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml @@ -347,6 +347,10 @@ parameters: type: string description: The OpenStack CA certificate to install on the node. + nodes_server_group_id: + type: string + description: ID of the server group for kubernetes cluster nodes. + availability_zone: type: string description: > @@ -770,11 +774,11 @@ resources: "$METRICS_SERVER_ENABLED": {get_param: metrics_server_enabled} "$METRICS_SERVER_CHART_TAG": {get_param: metrics_server_chart_tag} "$PROMETHEUS_MONITORING": {get_param: prometheus_monitoring} - "$KUBE_API_PUBLIC_ADDRESS": "" - "$KUBE_API_PRIVATE_ADDRESS": "" + "$KUBE_API_PUBLIC_ADDRESS": {get_param: api_public_address} + "$KUBE_API_PRIVATE_ADDRESS": {get_param: api_private_address} "$KUBE_API_PORT": {get_param: kubernetes_port} - "$KUBE_NODE_PUBLIC_IP": "" - "$KUBE_NODE_IP": "" + "$KUBE_NODE_PUBLIC_IP": {get_attr: [kube-master, first_address]} + "$KUBE_NODE_IP": {get_attr: [kube-master, first_address]} "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv} "$ETCD_VOLUME": {get_resource: etcd_volume} "$ETCD_VOLUME_SIZE": {get_param: etcd_volume_size} @@ -949,6 +953,7 @@ resources: user_data_format: SOFTWARE_CONFIG software_config_transport: POLL_SERVER_HEAT user_data: {get_resource: agent_config} + scheduler_hints: { group: { get_param: nodes_server_group_id }} availability_zone: {get_param: availability_zone} metadata: cern-waitdns: {get_param: cern_enabled} @@ -963,6 +968,7 @@ resources: user_data_format: SOFTWARE_CONFIG software_config_transport: POLL_SERVER_HEAT user_data: {get_resource: agent_config} + scheduler_hints: { group: { get_param: nodes_server_group_id }} availability_zone: {get_param: availability_zone} metadata: cern-waitdns: {get_param: cern_enabled} @@ -972,6 +978,22 @@ resources: volume_id: {get_resource: kube_node_volume} delete_on_termination: true + api_pool_member: + type: Magnum::Optional::Neutron::LBaaS::PoolMember + properties: + pool: {get_param: api_pool_id} + address: {get_attr: [kube-master, first_address]} + #subnet: { get_param: fixed_subnet } + protocol_port: {get_param: kubernetes_port} + + etcd_pool_member: + type: Magnum::Optional::Neutron::LBaaS::PoolMember + properties: + pool: {get_param: etcd_pool_id} + address: {get_attr: [kube-master, first_address]} + #subnet: { get_param: fixed_subnet } + protocol_port: 2379 + ###################################################################### # # etcd storage. This allocates a cinder volume and attaches it diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml index 9f876e89e9448238e158d4df4133d3ba30092ce5..fd8ed2c9f62fd38dc74f9fa60d7f2e8d76ed5145 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml @@ -260,6 +260,10 @@ parameters: type: string description: The OpenStack CA certificate to install on the node. + nodes_server_group_id: + type: string + description: ID of the server group for kubernetes cluster nodes. + availability_zone: type: string description: > @@ -424,8 +428,8 @@ resources: $KUBE_ALLOW_PRIV: {get_param: kube_allow_priv} $KUBE_MASTER_IP: {get_param: kube_master_ip} $KUBE_API_PORT: {get_param: kubernetes_port} - $KUBE_NODE_PUBLIC_IP: "" - $KUBE_NODE_IP: "" + $KUBE_NODE_PUBLIC_IP: {get_attr: [kube-minion, first_address]} + $KUBE_NODE_IP: {get_attr: [kube-minion, first_address]} $ETCD_SERVER_IP: {get_param: etcd_server_ip} $DOCKER_VOLUME: {get_resource: docker_volume} $DOCKER_VOLUME_SIZE: {get_param: docker_volume_size} @@ -525,6 +529,7 @@ resources: user_data: {get_resource: agent_config} user_data_format: SOFTWARE_CONFIG software_config_transport: POLL_SERVER_HEAT + scheduler_hints: { group: { get_param: nodes_server_group_id }} availability_zone: {get_param: availability_zone} metadata: cern-waitdns: {get_param: cern_enabled} @@ -539,6 +544,7 @@ resources: user_data: {get_resource: agent_config} user_data_format: SOFTWARE_CONFIG software_config_transport: POLL_SERVER_HEAT + scheduler_hints: { group: { get_param: nodes_server_group_id }} availability_zone: {get_param: availability_zone} metadata: cern-waitdns: {get_param: cern_enabled}