openshift/installer
1
0
Fork 0
mirror of https://github.com/openshift/installer.git synced 2026-02-05 06:46:36 +01:00
Code Issues Releases Activity

Merge pull request #1 from alexsomesan/master

Browse Source 
WIP OpenStack prototype
This commit is contained in:
Alex Somesan
2017-02-16 17:27:47 -08:00
committed by GitHub
parent f628b91eb4 6f76298e3c
commit 73ec9edce8
5 changed files with 216 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
openstack/config.tf Normal file
View File

@@ -0,0 +1,24 @@
variable "flavor_id" {
type = "string"
default = "bbcb7eb5-5c8d-498f-9d7e-307c575d3566"
}
variable "image_id" {
type = "string"
default = "3a0c0bac-fa91-4c96-bfcb-ee215ba1cd4d"
}
variable "external_gateway_id" {
type = "string"
default = "6d6357ac-0f70-4afa-8bd7-c274cc4ea235"
}
variable "controller_count" {
type = "string"
default = "1"
}
variable "worker_count" {
type = "string"
default = "3"
}

101
openstack/openstack.tf Normal file
View File

@@ -0,0 +1,101 @@
resource "tls_private_key" "core" {
algorithm = "RSA"
}
resource "null_resource" "export" {
provisioner "local-exec" {
command = "echo '${tls_private_key.core.private_key_pem}' >id_rsa_core && chmod 0600 id_rsa_core"
}
provisioner "local-exec" {
command = "echo '${tls_private_key.core.public_key_openssh}' >id_rsa_core.pub"
}
}
resource "openstack_compute_secgroup_v2" "k8s_control_group" {
name = "k8s_control_group"
description = "security group for k8s controllers: SSH and https"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 443
to_port = 443
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = -1
to_port = -1
ip_protocol = "icmp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_instance_v2" "control_node" {
count = "${var.controller_count}"
name = "control_node_${count.index}"
image_id = "${var.image_id}"
flavor_id = "${var.flavor_id}"
key_pair = "${openstack_compute_keypair_v2.k8s_keypair.name}"
security_groups = ["k8s_control_group"]
metadata {
role = "controller"
}
user_data = "${data.template_file.userdata-master.rendered}"
config_drive = false
# connection {
# user = "core"
# private_key = "${tls_private_key.core.private_key_pem}"
# }
# # copy something so we wait until the host is ready
# provisioner "file" {
# source = "../kubelet.master"
# destination = "/home/core/kubelet.master"
# }
# provisioner "remote-exec" {
# inline = [
# "sudo mv /home/core/kubelet.master /etc/systemd/system/kubelet.service",
# "chmod +x ./init-master.sh",
# "sudo ./init-master.sh local",
# ]
# }
}
resource "openstack_compute_instance_v2" "worker_node" {
count = "${var.worker_count}"
name = "worker_node_${count.index}"
image_id = "${var.image_id}"
flavor_id = "${var.flavor_id}"
key_pair = "${openstack_compute_keypair_v2.k8s_keypair.name}"
metadata {
role = "worker"
}
user_data = "${file("userdata-worker.yml")}"
config_drive = false
# connection {
# user = "core"
# private_key = "${tls_private_key.core.private_key_pem}"
# }
# provisioner "file" {
# source = "../kubelet.master"
# destination = "/home/core/kubelet.worker"
# }
}
resource "openstack_compute_keypair_v2" "k8s_keypair" {
name = "k8s_keypair"
public_key = "${tls_private_key.core.public_key_openssh}"
}

7
openstack/userdata-master.tf Normal file
View File

@@ -0,0 +1,7 @@
data "template_file" "userdata-master" {
template = "${file("${path.module}/userdata-master.yml")}"
vars {
kube_config = "${base64encode(file("${path.root}/../assets/auth/kubeconfig"))}"
}
}

76
openstack/userdata-master.yml Normal file
View File

@@ -0,0 +1,76 @@
#cloud-config
write_files:
- path: "/opt/bootkube/.empty"
permissions: "0420"
owner: "root"
content: ""
- path: "/etc/kubernetes/kubelet.env"
permissions: "0644"
owner: "root"
content: "KUBELET_IMAGE_URL=quay.io/coreos/hyperkube KUBELET_IMAGE_TAG=v1.5.2_coreos.1"
- path: "/etc/kubernetes/kubeconfig"
permissions: "0644"
owner: "root"
encoding: "base64"
content: ${kube_config}
- path: "/etc/sysctl.d/max-user-watches.conf"
permissions: "0644"
owner: "root"
content: "fs.inotify.max_user_watches=16184"
coreos:
units:
- name: "bootkube.service"
enable: "false"
content: |
[Unit]
Description=Bootstrap a Kubernetes control plane with a temp api-server
[Service]
Type=oneshot
WorkingDirectory=/opt/bootkube
ExecStart=/opt/bootkube/assets/bootkube-start
- name: "kubelet.service"
command: "start"
enable: "true"
content: |
[Unit]
Description=Kubelet via Hyperkube ACI
[Service]
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \
--volume=resolv,kind=host,source=/etc/resolv.conf \
--mount volume=resolv,target=/etc/resolv.conf \
--volume var-lib-cni,kind=host,source=/var/lib/cni \
--mount volume=var-lib-cni,target=/var/lib/cni \
--volume var-log,kind=host,source=/var/log \
--mount volume=var-log,target=/var/log"
Environment="KUBELET_IMAGE_URL=quay.io/coreos/hyperkube" "KUBELET_IMAGE_TAG=v1.5.2_coreos.1"
ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests
ExecStartPre=/bin/mkdir -p /srv/kubernetes/manifests
ExecStartPre=/bin/mkdir -p /etc/kubernetes/checkpoint-secrets
ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
ExecStartPre=/bin/mkdir -p /var/lib/cni
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid
ExecStart=/usr/lib/coreos/kubelet-wrapper \
--kubeconfig=/etc/kubernetes/kubeconfig \
--require-kubeconfig \
--cni-conf-dir=/etc/kubernetes/cni/net.d \
--network-plugin=cni \
--lock-file=/var/run/lock/kubelet.lock \
--exit-on-lock-contention \
--pod-manifest-path=/etc/kubernetes/manifests \
--allow-privileged \
--node-labels=master=true \
--minimum-container-ttl-duration=6m0s \
--cluster_dns=10.3.0.10 \
--cluster_domain=cluster.local \
--cloud-provider=openstack
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target

8
openstack/userdata-worker.yml Normal file
View File

@@ -0,0 +1,8 @@
#cloud-config
write_files:
- path: "/etc/motd"
permissions: "0644"
owner: "root"
content: |
Good news, everyone!