porkadot 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +15 -0
- data/.travis.yml +7 -0
- data/Gemfile +4 -0
- data/README.md +35 -0
- data/Rakefile +10 -0
- data/Vagrantfile +63 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/config/porkadot.yaml +25 -0
- data/config/unstable.yaml +49 -0
- data/exe/porkadot +5 -0
- data/lib/porkadot/assets/bootstrap/bootstrap/kube-proxy-bootstrap.yaml.erb +1 -0
- data/lib/porkadot/assets/bootstrap/bootstrap/kubeconfig-bootstrap.yaml.erb +18 -0
- data/lib/porkadot/assets/bootstrap/cleanup.sh.erb +12 -0
- data/lib/porkadot/assets/bootstrap/install.sh.erb +14 -0
- data/lib/porkadot/assets/bootstrap/manifests/kube-apiserver.bootstrap.yaml.erb +91 -0
- data/lib/porkadot/assets/bootstrap/manifests/kube-controller-manager.bootstrap.yaml.erb +69 -0
- data/lib/porkadot/assets/bootstrap/manifests/kube-proxy.bootstrap.yaml.erb +56 -0
- data/lib/porkadot/assets/bootstrap/manifests/kube-scheduler.bootstrap.yaml.erb +31 -0
- data/lib/porkadot/assets/bootstrap.rb +52 -0
- data/lib/porkadot/assets/certs/etcd.rb +21 -0
- data/lib/porkadot/assets/certs/front_proxy.rb +21 -0
- data/lib/porkadot/assets/certs/k8s.rb +90 -0
- data/lib/porkadot/assets/certs.rb +175 -0
- data/lib/porkadot/assets/etcd/etcd-server.yaml.erb +57 -0
- data/lib/porkadot/assets/etcd/install.sh.erb +12 -0
- data/lib/porkadot/assets/etcd.rb +109 -0
- data/lib/porkadot/assets/kubelet/bootstrap-kubelet.conf.erb +21 -0
- data/lib/porkadot/assets/kubelet/config.yaml.erb +36 -0
- data/lib/porkadot/assets/kubelet/install-deps.sh.erb +21 -0
- data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb +33 -0
- data/lib/porkadot/assets/kubelet/install.sh.erb +35 -0
- data/lib/porkadot/assets/kubelet/kubelet.service.erb +22 -0
- data/lib/porkadot/assets/kubelet.rb +102 -0
- data/lib/porkadot/assets/kubernetes/install.sh.erb +7 -0
- data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb +602 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb +129 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.yaml.erb +173 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-proxy.yaml.erb +132 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb +162 -0
- data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb +86 -0
- data/lib/porkadot/assets/kubernetes/manifests/kubelet.yaml.erb +40 -0
- data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb +323 -0
- data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb +130 -0
- data/lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb +69 -0
- data/lib/porkadot/assets/kubernetes.rb +39 -0
- data/lib/porkadot/assets.rb +24 -0
- data/lib/porkadot/cmd/cli.rb +45 -0
- data/lib/porkadot/cmd/install/bootstrap.rb +50 -0
- data/lib/porkadot/cmd/install.rb +36 -0
- data/lib/porkadot/cmd/render/certs.rb +68 -0
- data/lib/porkadot/cmd/render.rb +67 -0
- data/lib/porkadot/cmd.rb +4 -0
- data/lib/porkadot/config.rb +115 -0
- data/lib/porkadot/configs/bootstrap.rb +67 -0
- data/lib/porkadot/configs/certs/etcd.rb +33 -0
- data/lib/porkadot/configs/certs/front_proxy.rb +33 -0
- data/lib/porkadot/configs/certs/k8s.rb +89 -0
- data/lib/porkadot/configs/certs.rb +50 -0
- data/lib/porkadot/configs/cni.rb +22 -0
- data/lib/porkadot/configs/etcd.rb +95 -0
- data/lib/porkadot/configs/kubelet.rb +61 -0
- data/lib/porkadot/configs/kubernetes.rb +223 -0
- data/lib/porkadot/configs/loadbalancer.rb +26 -0
- data/lib/porkadot/const.rb +8 -0
- data/lib/porkadot/default.yaml +123 -0
- data/lib/porkadot/install/base.rb +5 -0
- data/lib/porkadot/install/bootstrap.rb +76 -0
- data/lib/porkadot/install/kubelet.rb +63 -0
- data/lib/porkadot/install/kubernetes.rb +33 -0
- data/lib/porkadot/utils/hash_recursive_merge.rb +73 -0
- data/lib/porkadot/utils.rb +25 -0
- data/lib/porkadot/version.rb +3 -0
- data/lib/porkadot.rb +41 -0
- data/porkadot.gemspec +42 -0
- metadata +205 -0
@@ -0,0 +1,95 @@
|
|
1
|
+
|
2
|
+
module Porkadot; module Configs
|
3
|
+
class Etcd
|
4
|
+
include Porkadot::ConfigUtils
|
5
|
+
|
6
|
+
def initialize config
|
7
|
+
@config = config
|
8
|
+
@raw = config.raw.etcd
|
9
|
+
end
|
10
|
+
|
11
|
+
def advertise_client_urls
|
12
|
+
urls = []
|
13
|
+
config.etcd_nodes.each do |_, v|
|
14
|
+
urls += v.advertise_client_urls
|
15
|
+
end
|
16
|
+
return urls
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
|
21
|
+
class EtcdNode
|
22
|
+
include Porkadot::ConfigUtils
|
23
|
+
include Porkadot::Configs::CertsUtils
|
24
|
+
attr_reader :kubelet
|
25
|
+
attr_reader :name
|
26
|
+
|
27
|
+
def initialize config, name, raw
|
28
|
+
@config = config
|
29
|
+
@kubelet = config.nodes[name]
|
30
|
+
@name = name
|
31
|
+
@raw = raw || ::Porkadot::Raw.new
|
32
|
+
end
|
33
|
+
|
34
|
+
def member_name
|
35
|
+
return (self.raw.labels && self.raw.labels[Porkadot::ETCD_MEMBER_LABEL]) || self.raw.hostname || self.name
|
36
|
+
end
|
37
|
+
|
38
|
+
def member_address
|
39
|
+
return (self.raw.labels && self.raw.labels[Porkadot::ETCD_ADDRESS_LABEL]) || self.raw.hostname || self.name
|
40
|
+
end
|
41
|
+
|
42
|
+
def advertise_client_urls
|
43
|
+
["https://#{member_address}:2379"]
|
44
|
+
end
|
45
|
+
|
46
|
+
def advertise_peer_urls
|
47
|
+
["https://#{member_address}:2380"]
|
48
|
+
end
|
49
|
+
|
50
|
+
def listen_client_urls
|
51
|
+
self.advertise_client_urls + ["https://127.0.0.1:2379"]
|
52
|
+
end
|
53
|
+
|
54
|
+
def listen_peer_urls
|
55
|
+
self.advertise_peer_urls
|
56
|
+
end
|
57
|
+
|
58
|
+
def initial_cluster
|
59
|
+
return {}.tap do |rtn|
|
60
|
+
self.config.etcd_nodes.each do |_, v|
|
61
|
+
rtn[v.member_name] = "https://#{v.member_address}:2380"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def additional_sans
|
67
|
+
sans = []
|
68
|
+
[self.member_name, self.member_address].each do |san|
|
69
|
+
if self.ipaddr?(san)
|
70
|
+
sans << "IP:#{san}"
|
71
|
+
else
|
72
|
+
sans << "DNS:#{san}"
|
73
|
+
end
|
74
|
+
end
|
75
|
+
return sans
|
76
|
+
end
|
77
|
+
|
78
|
+
def target_path
|
79
|
+
File.join(self.kubelet.addon_path, 'etcd')
|
80
|
+
end
|
81
|
+
|
82
|
+
def ca_crt_path
|
83
|
+
File.join(self.target_path, 'ca.crt')
|
84
|
+
end
|
85
|
+
|
86
|
+
def etcd_key_path
|
87
|
+
File.join(self.target_path, 'etcd.key')
|
88
|
+
end
|
89
|
+
|
90
|
+
def etcd_crt_path
|
91
|
+
File.join(self.target_path, 'etcd.crt')
|
92
|
+
end
|
93
|
+
|
94
|
+
end
|
95
|
+
end; end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
module Porkadot; module Configs
|
2
|
+
class Kubelet
|
3
|
+
include Porkadot::ConfigUtils
|
4
|
+
attr_reader :name
|
5
|
+
attr_reader :connection
|
6
|
+
|
7
|
+
def initialize config, name, raw
|
8
|
+
@config = config
|
9
|
+
@name = name
|
10
|
+
@raw = raw || ::Porkadot::Raw.new
|
11
|
+
hostname = @raw.hostname || name
|
12
|
+
con = { hostname: hostname }
|
13
|
+
gcon = config.connection.to_hash
|
14
|
+
lcon = @raw.connection ? @raw.connection.to_hash : {}
|
15
|
+
@connection = ::Porkadot::Raw.new(con.rmerge(gcon.rmerge(lcon)))
|
16
|
+
end
|
17
|
+
|
18
|
+
def apiserver?
|
19
|
+
self.raw.labels && self.raw.labels.include?(Porkadot::K8S_MASTER_LABEL)
|
20
|
+
end
|
21
|
+
|
22
|
+
def control_plane_endpoint
|
23
|
+
(self.raw.kubernetes && self.raw.kubernetes.control_plane_endpoint) || self.config.k8s.control_plane_endpoint
|
24
|
+
end
|
25
|
+
|
26
|
+
def labels_string
|
27
|
+
return '' unless self.raw.labels
|
28
|
+
return self.raw.labels.map{|v| v.compact.join('=')}.join(',')
|
29
|
+
end
|
30
|
+
|
31
|
+
def taints_string
|
32
|
+
return '' unless self.raw.taints
|
33
|
+
return self.raw.taints.map{|v| v.compact.join('=')}.join(',')
|
34
|
+
end
|
35
|
+
|
36
|
+
def hostname
|
37
|
+
self.raw.hostname || self.name
|
38
|
+
end
|
39
|
+
|
40
|
+
def target_path
|
41
|
+
File.join(self.config.assets_dir, 'kubelet', name)
|
42
|
+
end
|
43
|
+
|
44
|
+
def addon_path
|
45
|
+
File.join(self.target_path, 'addons')
|
46
|
+
end
|
47
|
+
|
48
|
+
def ca_crt_path
|
49
|
+
File.join(self.target_path, 'ca.crt')
|
50
|
+
end
|
51
|
+
|
52
|
+
def bootstrap_key_path
|
53
|
+
File.join(self.target_path, 'bootstrap.key')
|
54
|
+
end
|
55
|
+
|
56
|
+
def bootstrap_cert_path
|
57
|
+
File.join(self.target_path, 'bootstrap.crt')
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end; end
|
61
|
+
|
@@ -0,0 +1,223 @@
|
|
1
|
+
|
2
|
+
module Porkadot; module Configs
|
3
|
+
class Kubernetes
|
4
|
+
include Porkadot::ConfigUtils
|
5
|
+
attr_reader :networking
|
6
|
+
attr_reader :proxy
|
7
|
+
attr_reader :apiserver
|
8
|
+
attr_reader :controller_manager
|
9
|
+
attr_reader :scheduler
|
10
|
+
|
11
|
+
def initialize config
|
12
|
+
@config = config
|
13
|
+
@raw = config.raw.kubernetes
|
14
|
+
|
15
|
+
@networking = Networking.new(config)
|
16
|
+
@proxy = Proxy.new(config)
|
17
|
+
@apiserver = Apiserver.new(config)
|
18
|
+
@controller_manager = ControllerManager.new(config)
|
19
|
+
@scheduler = Scheduler.new(config)
|
20
|
+
end
|
21
|
+
|
22
|
+
def cluster_name
|
23
|
+
self.raw.cluster_name || 'porkadot'
|
24
|
+
end
|
25
|
+
|
26
|
+
def target_path
|
27
|
+
File.join(self.config.assets_dir, 'kubernetes')
|
28
|
+
end
|
29
|
+
|
30
|
+
def manifests_path
|
31
|
+
File.join(self.target_path, 'manifests')
|
32
|
+
end
|
33
|
+
|
34
|
+
def control_plane_endpoint_host_and_port
|
35
|
+
endpoint = self.config.k8s.control_plane_endpoint
|
36
|
+
raise "kubernetes.control_plane_endpoint should not be nil" unless endpoint
|
37
|
+
index = endpoint.rindex(':')
|
38
|
+
return [endpoint[0, index], endpoint[index+1, 6]]
|
39
|
+
end
|
40
|
+
|
41
|
+
module Component
|
42
|
+
RECOMMENDED_LABEL_PREFIX = 'app.kubernetes.io'
|
43
|
+
def labels
|
44
|
+
self.instance_labels.merge({
|
45
|
+
"#{RECOMMENDED_LABEL_PREFIX}/name": self.component_name,
|
46
|
+
"#{RECOMMENDED_LABEL_PREFIX}/component": self.component_name,
|
47
|
+
"#{RECOMMENDED_LABEL_PREFIX}/instance": "#{self.component_name}-porkadot",
|
48
|
+
"#{RECOMMENDED_LABEL_PREFIX}/version": self.config.k8s.kubernetes_version,
|
49
|
+
"#{RECOMMENDED_LABEL_PREFIX}/part-of": 'kubernetes',
|
50
|
+
"#{RECOMMENDED_LABEL_PREFIX}/managed-by": 'porkadot',
|
51
|
+
})
|
52
|
+
end
|
53
|
+
|
54
|
+
def instance_labels
|
55
|
+
{
|
56
|
+
|
57
|
+
"#{RECOMMENDED_LABEL_PREFIX}/component": self.component_name,
|
58
|
+
"#{RECOMMENDED_LABEL_PREFIX}/instance": "#{self.component_name}-porkadot",
|
59
|
+
"#{RECOMMENDED_LABEL_PREFIX}/managed-by": 'porkadot',
|
60
|
+
}
|
61
|
+
end
|
62
|
+
|
63
|
+
def args
|
64
|
+
extra = {}
|
65
|
+
if self.extra_args
|
66
|
+
extra = self.extra_args.map{|i| i.split('=', 2)}.to_h
|
67
|
+
end
|
68
|
+
return self.default_args.merge(extra)
|
69
|
+
end
|
70
|
+
|
71
|
+
def log_level
|
72
|
+
config.kubernetes.log_level || raw.log_level || 2
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
|
77
|
+
class Apiserver
|
78
|
+
include Porkadot::ConfigUtils
|
79
|
+
include Component
|
80
|
+
|
81
|
+
def initialize config
|
82
|
+
@config = config
|
83
|
+
@raw = config.raw.kubernetes.apiserver
|
84
|
+
end
|
85
|
+
|
86
|
+
def component_name
|
87
|
+
'kube-apiserver'
|
88
|
+
end
|
89
|
+
|
90
|
+
def default_args
|
91
|
+
return %W(
|
92
|
+
--advertise-address=$(POD_IP)
|
93
|
+
--allow-privileged=true
|
94
|
+
--authorization-mode=Node,RBAC
|
95
|
+
--bind-address=0.0.0.0
|
96
|
+
--client-ca-file=/etc/kubernetes/pki/kubernetes/ca.crt
|
97
|
+
--enable-bootstrap-token-auth=true
|
98
|
+
--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
|
99
|
+
--etcd-certfile=/etc/kubernetes/pki/etcd/etcd-client.crt
|
100
|
+
--etcd-keyfile=/etc/kubernetes/pki/etcd/etcd-client.key
|
101
|
+
--etcd-servers=#{config.etcd.advertise_client_urls.join(',')}
|
102
|
+
--kubelet-certificate-authority=/etc/kubernetes/pki/kubernetes/ca.crt
|
103
|
+
--kubelet-client-certificate=/etc/kubernetes/pki/kubernetes/kubelet-client.crt
|
104
|
+
--kubelet-client-key=/etc/kubernetes/pki/kubernetes/kubelet-client.key
|
105
|
+
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
106
|
+
--proxy-client-cert-file=/etc/kubernetes/pki/kubernetes/front-proxy-client.crt
|
107
|
+
--proxy-client-key-file=/etc/kubernetes/pki/kubernetes/front-proxy-client.key
|
108
|
+
--requestheader-allowed-names=aggregator-client
|
109
|
+
--requestheader-client-ca-file=/etc/kubernetes/pki/kubernetes/front-proxy-ca.crt
|
110
|
+
--requestheader-extra-headers-prefix=X-Remote-Extra-
|
111
|
+
--requestheader-group-headers=X-Remote-Group
|
112
|
+
--requestheader-username-headers=X-Remote-User
|
113
|
+
--secure-port=#{self.bind_port}
|
114
|
+
--service-account-key-file=/etc/kubernetes/pki/kubernetes/sa.pub
|
115
|
+
--service-cluster-ip-range=#{config.k8s.networking.service_subnet}
|
116
|
+
--storage-backend=etcd3
|
117
|
+
--tls-cert-file=/etc/kubernetes/pki/kubernetes/apiserver.crt
|
118
|
+
--tls-private-key-file=/etc/kubernetes/pki/kubernetes/apiserver.key
|
119
|
+
--v=#{self.log_level}
|
120
|
+
).map {|i| i.split('=', 2)}.to_h
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
124
|
+
class Scheduler
|
125
|
+
include Porkadot::ConfigUtils
|
126
|
+
include Component
|
127
|
+
|
128
|
+
def initialize config
|
129
|
+
@config = config
|
130
|
+
@raw = config.raw.kubernetes.scheduler
|
131
|
+
end
|
132
|
+
|
133
|
+
def component_name
|
134
|
+
'kube-scheduler'
|
135
|
+
end
|
136
|
+
|
137
|
+
def default_args
|
138
|
+
return %W(
|
139
|
+
--leader-elect=true
|
140
|
+
--v=#{self.log_level}
|
141
|
+
).map {|i| i.split('=', 2)}.to_h
|
142
|
+
end
|
143
|
+
end
|
144
|
+
|
145
|
+
class ControllerManager
|
146
|
+
include Porkadot::ConfigUtils
|
147
|
+
include Component
|
148
|
+
|
149
|
+
def initialize config
|
150
|
+
@config = config
|
151
|
+
@raw = config.raw.kubernetes.controller_manager
|
152
|
+
end
|
153
|
+
|
154
|
+
def component_name
|
155
|
+
'kube-controller-manager'
|
156
|
+
end
|
157
|
+
|
158
|
+
def default_args
|
159
|
+
return %W(
|
160
|
+
--allocate-node-cidrs=true
|
161
|
+
--cluster-cidr=#{config.k8s.networking.pod_subnet}
|
162
|
+
--cluster-signing-cert-file=/etc/kubernetes/pki/kubernetes/ca.crt
|
163
|
+
--cluster-signing-key-file=/etc/kubernetes/pki/kubernetes/ca.key
|
164
|
+
--controllers=*,bootstrapsigner,tokencleaner
|
165
|
+
--leader-elect=true
|
166
|
+
--node-cidr-mask-size=24
|
167
|
+
--root-ca-file=/etc/kubernetes/pki/kubernetes/ca.crt
|
168
|
+
--service-account-private-key-file=/etc/kubernetes/pki/kubernetes/sa.key
|
169
|
+
--use-service-account-credentials=true
|
170
|
+
--v=#{self.log_level}
|
171
|
+
).map {|i| i.split('=', 2)}.to_h
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
class Proxy
|
176
|
+
include Porkadot::ConfigUtils
|
177
|
+
include Component
|
178
|
+
|
179
|
+
def initialize config
|
180
|
+
@config = config
|
181
|
+
@raw = config.raw.kubernetes.proxy
|
182
|
+
end
|
183
|
+
|
184
|
+
def proxy_config kubeconfig=nil
|
185
|
+
self.raw.config['clusterCIDR'] = config.k8s.networking.pod_subnet
|
186
|
+
if kubeconfig
|
187
|
+
self.raw.config['clientConnection']['kubeconfig'] = kubeconfig
|
188
|
+
end
|
189
|
+
self.raw.config.to_hash.to_yaml
|
190
|
+
end
|
191
|
+
|
192
|
+
def component_name
|
193
|
+
'kube-proxy'
|
194
|
+
end
|
195
|
+
|
196
|
+
def default_args
|
197
|
+
return %W(
|
198
|
+
--config=/var/lib/kube-proxy/config.conf
|
199
|
+
--hostname-override=$(NODE_NAME)
|
200
|
+
).map {|i| i.split('=', 2)}.to_h
|
201
|
+
end
|
202
|
+
end
|
203
|
+
|
204
|
+
class Networking
|
205
|
+
include Porkadot::ConfigUtils
|
206
|
+
|
207
|
+
def initialize config
|
208
|
+
@config = config
|
209
|
+
@raw = config.raw.kubernetes.networking
|
210
|
+
end
|
211
|
+
|
212
|
+
def kubernetes_ip
|
213
|
+
cluster_ip_range = IPAddr.new(self.service_subnet)
|
214
|
+
cluster_ip_range.to_range.first(2)[1].to_s
|
215
|
+
end
|
216
|
+
|
217
|
+
def dns_ip
|
218
|
+
cluster_ip_range = IPAddr.new(self.service_subnet)
|
219
|
+
cluster_ip_range.to_range.first(11)[10].to_s
|
220
|
+
end
|
221
|
+
end
|
222
|
+
end
|
223
|
+
end; end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
|
2
|
+
module Porkadot; module Configs
|
3
|
+
class Lb
|
4
|
+
include Porkadot::ConfigUtils
|
5
|
+
attr_reader :type
|
6
|
+
|
7
|
+
def initialize config
|
8
|
+
@config = config
|
9
|
+
@type = config.raw.lb.type
|
10
|
+
@raw = config.raw.lb.send(config.raw.lb.type.to_sym)
|
11
|
+
end
|
12
|
+
|
13
|
+
def target_path
|
14
|
+
File.join(self.config.assets_dir, 'kubernetes')
|
15
|
+
end
|
16
|
+
|
17
|
+
def manifests_path
|
18
|
+
File.join(self.target_path, 'manifests')
|
19
|
+
end
|
20
|
+
|
21
|
+
def lb_config
|
22
|
+
return self.raw.config
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
end; end
|
@@ -0,0 +1,123 @@
|
|
1
|
+
local:
|
2
|
+
assets_dir: ./assets
|
3
|
+
|
4
|
+
connection:
|
5
|
+
user: ubuntu
|
6
|
+
port: 22
|
7
|
+
keys: ["~/.ssh/id_rsa", "~/.ssh/id_dsa"]
|
8
|
+
|
9
|
+
nodes: {}
|
10
|
+
|
11
|
+
bootstrap: {}
|
12
|
+
|
13
|
+
cni:
|
14
|
+
type: flannel
|
15
|
+
flannel:
|
16
|
+
backend: vxlan
|
17
|
+
|
18
|
+
lb:
|
19
|
+
type: metallb
|
20
|
+
metallb:
|
21
|
+
config: |
|
22
|
+
address-pools:
|
23
|
+
- name: default
|
24
|
+
protocol: layer2
|
25
|
+
addresses:
|
26
|
+
- 192.168.1.240-192.168.1.250
|
27
|
+
|
28
|
+
etcd:
|
29
|
+
image_repository: gcr.io/etcd-development/etcd
|
30
|
+
image_tag: v3.3.10
|
31
|
+
|
32
|
+
kubernetes:
|
33
|
+
kubernetes_version: v1.17.3
|
34
|
+
image_repository: k8s.gcr.io
|
35
|
+
|
36
|
+
networking:
|
37
|
+
cni_version: v0.8.2
|
38
|
+
service_subnet: '10.254.0.0/24'
|
39
|
+
pod_subnet: '10.244.0.0/16'
|
40
|
+
dns_domain: 'cluster.local'
|
41
|
+
|
42
|
+
apiserver:
|
43
|
+
bind_port: 6443
|
44
|
+
|
45
|
+
scheduler: {}
|
46
|
+
|
47
|
+
controller_manager: {}
|
48
|
+
|
49
|
+
proxy:
|
50
|
+
config:
|
51
|
+
apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
52
|
+
kind: KubeProxyConfiguration
|
53
|
+
bindAddress: 0.0.0.0
|
54
|
+
clientConnection:
|
55
|
+
acceptContentTypes: ""
|
56
|
+
burst: 10
|
57
|
+
contentType: application/vnd.kubernetes.protobuf
|
58
|
+
kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
|
59
|
+
qps: 5
|
60
|
+
# clusterCIDR: ${KUBE_CLUSTER_CIDR} # will be dynamically set
|
61
|
+
configSyncPeriod: 15m0s
|
62
|
+
conntrack:
|
63
|
+
maxPerCore: 32768
|
64
|
+
min: 131072
|
65
|
+
tcpCloseWaitTimeout: 1h0m0s
|
66
|
+
tcpEstablishedTimeout: 24h0m0s
|
67
|
+
enableProfiling: false
|
68
|
+
healthzBindAddress: 0.0.0.0:10256
|
69
|
+
hostnameOverride: ""
|
70
|
+
iptables:
|
71
|
+
masqueradeAll: false
|
72
|
+
masqueradeBit: 14
|
73
|
+
minSyncPeriod: 0s
|
74
|
+
syncPeriod: 30s
|
75
|
+
ipvs:
|
76
|
+
excludeCIDRs: null
|
77
|
+
minSyncPeriod: 0s
|
78
|
+
scheduler: ""
|
79
|
+
syncPeriod: 30s
|
80
|
+
metricsBindAddress: 127.0.0.1:10249
|
81
|
+
mode: "iptables"
|
82
|
+
nodePortAddresses: null
|
83
|
+
oomScoreAdj: -999
|
84
|
+
portRange: ""
|
85
|
+
udpIdleTimeout: 250ms
|
86
|
+
|
87
|
+
kubelet:
|
88
|
+
config:
|
89
|
+
apiVersion: kubelet.config.k8s.io/v1beta1
|
90
|
+
kind: KubeletConfiguration
|
91
|
+
authentication:
|
92
|
+
anonymous:
|
93
|
+
enabled: false
|
94
|
+
webhook:
|
95
|
+
cacheTTL: 0s
|
96
|
+
enabled: true
|
97
|
+
x509:
|
98
|
+
clientCAFile: /etc/kubernetes/pki/ca.crt
|
99
|
+
authorization:
|
100
|
+
mode: Webhook
|
101
|
+
webhook:
|
102
|
+
cacheAuthorizedTTL: 0s
|
103
|
+
cacheUnauthorizedTTL: 0s
|
104
|
+
cgroupDriver: cgroupfs
|
105
|
+
clusterDNS: []
|
106
|
+
clusterDomain: cluster.local
|
107
|
+
cpuManagerReconcilePeriod: 0s
|
108
|
+
evictionPressureTransitionPeriod: 0s
|
109
|
+
fileCheckFrequency: 0s
|
110
|
+
healthzBindAddress: 127.0.0.1
|
111
|
+
healthzPort: 10248
|
112
|
+
httpCheckFrequency: 0s
|
113
|
+
imageMinimumGCAge: 0s
|
114
|
+
nodeStatusReportFrequency: 0s
|
115
|
+
nodeStatusUpdateFrequency: 0s
|
116
|
+
resolvConf: /run/systemd/resolve/resolv.conf
|
117
|
+
rotateCertificates: true
|
118
|
+
runtimeRequestTimeout: 0s
|
119
|
+
serverTLSBootstrap: true
|
120
|
+
staticPodPath: /etc/kubernetes/manifests
|
121
|
+
streamingConnectionIdleTimeout: 0s
|
122
|
+
syncFrequency: 0s
|
123
|
+
volumeStatsAggPeriod: 0s
|
@@ -0,0 +1,76 @@
|
|
1
|
+
module Porkadot; module Install
|
2
|
+
class Bootstrap
|
3
|
+
KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'bootstrap')
|
4
|
+
include SSHKit::DSL
|
5
|
+
attr_reader :global_config
|
6
|
+
attr_reader :config
|
7
|
+
attr_reader :logger
|
8
|
+
attr_reader :host
|
9
|
+
|
10
|
+
def initialize global_config
|
11
|
+
@global_config = global_config
|
12
|
+
@config = global_config.bootstrap
|
13
|
+
@logger = global_config.logger
|
14
|
+
@host = Porkadot::Install::Kubelet.new(self.config.kubelet_config)
|
15
|
+
end
|
16
|
+
|
17
|
+
def install
|
18
|
+
global_config = self.global_config
|
19
|
+
config = self.config
|
20
|
+
on(host) do |host|
|
21
|
+
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
22
|
+
if test("[ -d #{KUBE_TEMP} ]")
|
23
|
+
execute(:rm, '-rf', KUBE_TEMP)
|
24
|
+
end
|
25
|
+
upload! config.target_path, KUBE_TEMP, recursive: true
|
26
|
+
|
27
|
+
as user: 'root' do
|
28
|
+
execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
|
29
|
+
end
|
30
|
+
|
31
|
+
endpoint = "https://127.0.0.1:#{global_config.k8s.apiserver.bind_port}/healthz"
|
32
|
+
info "Start to wait for Bootstrapping Kubernetes API: #{endpoint}"
|
33
|
+
while !test('curl', '-skf', endpoint)
|
34
|
+
info "Still wating for Bootstrapping Kubernetes API..."
|
35
|
+
sleep 5
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def cleanup
|
41
|
+
global_config = self.global_config
|
42
|
+
config = self.config
|
43
|
+
on(host) do |host|
|
44
|
+
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
45
|
+
if test("[ -d #{KUBE_TEMP} ]")
|
46
|
+
execute(:rm, '-rf', KUBE_TEMP)
|
47
|
+
end
|
48
|
+
upload! config.target_path, KUBE_TEMP, recursive: true
|
49
|
+
|
50
|
+
global_config.nodes.each do |k, node|
|
51
|
+
if node.apiserver?
|
52
|
+
endpoint = "https://#{node.hostname}:#{global_config.k8s.apiserver.bind_port}/healthz"
|
53
|
+
info "Start to wait api node #{node.hostname}"
|
54
|
+
while !test('curl', '-skf', endpoint)
|
55
|
+
info "Still waiting for API node: #{node.hostname}"
|
56
|
+
sleep 5
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
endpoint = "https://#{global_config.k8s.control_plane_endpoint}/healthz"
|
62
|
+
info "Start to wait api endpoint"
|
63
|
+
while !test('curl', '-skf', endpoint)
|
64
|
+
info "Still waiting for API: #{endpoint}"
|
65
|
+
sleep 5
|
66
|
+
end
|
67
|
+
|
68
|
+
as user: 'root' do
|
69
|
+
execute(:bash, File.join(KUBE_TEMP, 'cleanup.sh'))
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
end
|
75
|
+
|
76
|
+
end; end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
module Porkadot; module Install
|
2
|
+
class KubeletList
|
3
|
+
KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'kubelet')
|
4
|
+
include SSHKit::DSL
|
5
|
+
attr_reader :global_config
|
6
|
+
attr_reader :logger
|
7
|
+
attr_reader :kubelets
|
8
|
+
|
9
|
+
def initialize global_config
|
10
|
+
@global_config = global_config
|
11
|
+
@logger = global_config.logger
|
12
|
+
@kubelets = {}
|
13
|
+
global_config.nodes.each do |k, config|
|
14
|
+
@kubelets[k] = Kubelet.new(config)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def install hosts: nil, force: false
|
19
|
+
unless hosts
|
20
|
+
hosts = []
|
21
|
+
self.kubelets.each do |_, v|
|
22
|
+
hosts << v
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
on(hosts) do |host|
|
27
|
+
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
28
|
+
if test("[ -d #{KUBE_TEMP} ]")
|
29
|
+
execute(:rm, '-rf', KUBE_TEMP)
|
30
|
+
end
|
31
|
+
upload! host.config.target_path, KUBE_TEMP, recursive: true
|
32
|
+
|
33
|
+
as user: 'root' do
|
34
|
+
unless test("[ -f /opt/bin/kubelet-#{host.global_config.k8s.kubernetes_version} ]") && !force
|
35
|
+
execute(:bash, File.join(KUBE_TEMP, 'install-deps.sh'))
|
36
|
+
end
|
37
|
+
execute(:bash, File.join(KUBE_TEMP, 'install-pkgs.sh'))
|
38
|
+
execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def [](name)
|
44
|
+
self.kubelets[name]
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
class Kubelet < SSHKit::Host
|
49
|
+
attr_reader :global_config
|
50
|
+
attr_reader :config
|
51
|
+
attr_reader :logger
|
52
|
+
attr_reader :connection
|
53
|
+
|
54
|
+
def initialize config
|
55
|
+
@config = config
|
56
|
+
@logger = config.logger
|
57
|
+
@global_config = config.config
|
58
|
+
@connection = config.connection.to_hash(symbolize_keys: true)
|
59
|
+
super(@connection)
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
63
|
+
end; end
|