Commit Graph

482 Commits (dd51ef6f96c4787f79484ff9452526f3aa91aa0a)

Author SHA1 Message Date
Aivars Sterns bfe196236f
Merge pull request #2033 from ArchiFleKs/terraform-fix-cred
Update Terraform docs and authentication method
2018-02-21 12:16:24 +02:00
Wong Hoi Sing Edison 4a36b091f4 Update default CONFIG_FILE for contrib/inventory_builder/inventory.py 2018-02-12 18:01:56 +08:00
Wong Hoi Sing Edison 1a1d154e14 Support multiple inventory files under individual inventory directory 2018-02-08 08:08:15 +08:00
Bogdan Dobrelya c116b8022e
Update rpm spec and pbr setup configs (#2170)
* Update rpm spec and pbr setup configs

* Rename package to kubespray
* Do not break Fedora's FHS and install to /usr/share instead
* Remove the vendor tag
* Update source0 for better artifacts' names
* Fix missing files build errors
* Make version/release to auto match from git and fit PEP 440

Co-authored-by: Matthias Runge <mrunge@redhat.com>
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>

* Add package paths to roles search in ansible conf

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>

* Poke jinja2 requirements in rpm spec file

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2018-01-18 16:22:37 +01:00
ArchiFleKs 20779df686 remove kube-node from master node by default 2018-01-17 19:02:02 +01:00
ArchiFleKs ba7b1d74d0 remove user_data which may mess up /etc/hosts 2018-01-17 14:29:23 +01:00
Ronald Rivera 88f9e25f76 Updated with correct syntax to access default_tags variable. 2018-01-07 15:39:58 +00:00
ArchiFleKs 74fd975b57 run terraform FMT for readability 2018-01-05 12:09:04 +01:00
ArchiFleKs 6eb6e806e7 Update Terraform docs and authentication method
Hardcoded variables are removed from variables.tf file because it might
not be suitable for all OpenStack Cloud depending on Identity API
version available (between v2 or v3) and preferred authentication
method.
2018-01-05 11:25:37 +01:00
ArchiFleKs 5e3fd2253f Change OpenStack inventory to python2
For distribution who ship python3 as default python, it breaks the
inventory script as it is not compatible with python3.
2017-12-11 14:25:05 +01:00
BenGalewsky 591ae700ce Update OpenStack Terraform: Modules, Bastions, and New Floating IP config (#1958)
* Adding bastion and private network provisioning for openstack terraform

* Remove usage of floating-ip property

* Combine openstack instances + floating ips

* Fix relating floating IPs to hosts for openstack builds

* Tighten up security groups

Allow ssh into all instances with floating IP

* Add the gluster hosts to the no-floating group

* Break terraform into modules

* Update README and var descriptions to match current config

* Remove volume property in gluster compute def

* Include cluster name in internal network and router names

* Make dns_nameservers a variable
2017-12-05 12:48:47 +00:00
Jan Jungnickel 8766b36144 Make path to generated inventory configurable 2017-12-04 16:41:35 +01:00
Jan Jungnickel b3745f2614 contrib/terraform/aws: Tag instances and remove loadbalancer ip (#2023)
* Properly tag instances and subnets with `kubernetes.io/cluster/$cluster_name`

This is required by kubernetes to support multiple clusters in a single vpc/az

* Get rid of loadbalancer_apiserver_address as it is no longer needed
2017-12-04 14:31:46 +00:00
Jean-Marie F ca8a9c600a Terraform - Remove the need for region specific reference data (#1962)
* Dynamically retrieve aws_bastion_ami latest reference by querying AWS rather than hard coded

* Dynamically retrieve the list of availability_zones instead of needing to have them hard coded

* Limit availability zones to first 2, using slice extrapolation function

* Replace the need for hardcoded variable "aws_cluster_ami" by the data provided by Terraform

* Move ami choosing to vars, so people don't need to edit create infrastructure if they want another vendor image (as suggested by @atoms)

* Make name of the data block agnostic of distribution, given there are more than one distribution supported

* Add documentation about other distros being supported and what to change in which location to make these changes
2017-11-30 15:27:52 +00:00
Aivars Sterns e6c88db0a0 change how terraform generates apiserver variables (#1922) 2017-11-02 12:26:11 +00:00
Aivars Sterns 84cf6fbe83 change ssh_args/bastion configuration (#1883) 2017-10-27 12:18:39 +01:00
Simon Li 74d54946bf Add note that glusterfs is not automatically deployed (#1834) 2017-10-18 13:26:14 +01:00
Aivars Sterns 7ef1e1ef9d update terraform, fix deprecated values add default_tags, fix ansible inventory (#1821) 2017-10-18 11:44:32 +01:00
Pablo Moreno 5fb6b2eaf7 [contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800) 2017-10-16 08:48:29 +01:00
Pablo Moreno 404caa111a [contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799) 2017-10-16 08:23:38 +01:00
Pablo Moreno c819238da9 Adds support for separate etcd machines on terraform/openstack deployment (#1674) 2017-09-27 10:59:09 +01:00
Tennis Smith a47aaae078 Add bastion host definitions (#1621)
* Add comment line and documentation for bastion host usage

* Take out unneeded sudo parm

* Remove blank lines

* revert changes

* take out disabling of strict host checking
2017-09-07 23:26:52 +03:00
Tennis Smith 35d48cc88c Point apiserver address to 0.0.0.0 (#1617)
* Point apiserver address to 0.0.0.0
Added loadbalancer api server address
* Update documentation
2017-09-05 18:41:47 +03:00
Yorgos Saslis 82eedbd622 Update ansible inventory file when template changes (#1612)
This trigger ensures the inventory file is kept up-to-date. Otherwise, if the file exists and you've made changes to your terraform-managed infra without having deleted the file, it would never get updated. 

For example, consider the case where you've destroyed and re-applied the terraform resources, none of the IPs would get updated, so ansible would be trying to connect to the old ones.
2017-09-05 14:10:53 +03:00
Bogdan Dobrelya 1b3ced152b Merge pull request #1544 from bogdando/rpm_spec
[WIP] Support pbr builds and prepare for RPM packaging as the ansible-kubespray artifact
2017-08-21 09:13:59 +02:00
Abdelsalam Abbas 01a130273f fix issues with if condition (#1537) 2017-08-20 13:55:13 +03:00
Bogdan Dobrelya 48edf1757b Adjust the rpm spec data
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-08-18 14:09:55 +02:00
Matthew Mosesohn 2645e88b0c Fix vault setup partially (#1531)
This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.
2017-08-18 15:09:45 +03:00
Bogdan Dobrelya db121049b3 Move the spec file
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-08-18 13:59:27 +02:00
Bogdan Dobrelya 4ee77ce026 Add an RPM spec file and customize ansible roles_path
Install roles under /usr/local/share/kubespray/roles,
playbooks - /usr/local/share/kubespray/playbooks/,
ansible.cfg and inventory group vars - into /etc/kubespray.
Ship README and an example inventory as the package docs.
Update the ansible.cfg to consume the roles from the given path,
including virtualenvs prefix, if defined.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-08-18 11:54:20 +02:00
Abdelsalam Abbas fee3f288c0 update azure contrib to use azure cli 2.0 2017-08-11 20:13:02 +02:00
Brad Beam b0a28b1e80 Merge pull request #1462 from Abdelsalam-Abbas/azure_vars
Add more variables for more clarity
2017-08-10 08:29:09 -05:00
Alexander Chumakov 03572d175f [terraform/openstack] fixed mistake in README.md 2017-07-26 17:42:44 +03:00
Abdelsalam Abbas d6aeb767a0 Add more azure variables for more clarity 2017-07-20 15:29:27 +02:00
Spencer Smith a9f318d523 Merge pull request #1424 from Abdelsalam-Abbas/fix_azure_https_ports
fix azure kubernetes port to 6443
2017-07-11 08:55:30 -04:00
Alexander Chumakov f3165a716a Add more config to README.md
Add resolvconf_mode and cloud_provider config description to README.md
2017-07-11 12:46:19 +03:00
Abdelsalam Abbas ecaa7dad49 add a variable for kube_apiserver at all 2017-07-10 20:16:02 +02:00
Alexander Chumakov 442be2ac02 [terraform/openstack] README.md Guide expanded
Add section how to configure k8s cluster and set up kubectl
2017-07-10 18:53:57 +03:00
Abdelsalam Abbas 22d600e8c0 fix azure kubernetes port to 6443 2017-07-09 09:56:32 +02:00
Spencer Smith 83265b7f75 renaming kargo-cli to kubespray-cli 2017-06-23 12:35:10 -04:00
Spencer Smith 8203383c03 rename almost all mentions of kargo 2017-06-16 13:25:46 -04:00
Spencer Smith 1f470eadd1 Added dynamic inventory for AWS as contrib 2017-05-18 17:52:44 -04:00
Brad Beam 55f6b6a6ab Merge pull request #940 from Connz/patch-1
Fixed nova command to get available flavors
2017-05-16 21:24:07 -05:00
Vincent Schwarzer c48ffa24be Fixes for AWS Terraform Deployment and Updated Readme 2017-04-12 15:15:54 +02:00
Matthew Mosesohn d27ca7854f Merge pull request #1161 from VincentS/aws_deployment
Fixes for AWS Terraform Deployment
2017-03-23 11:59:39 +03:00
Matthew Mosesohn 3889c2e01c Add KVM hypervisor playbook to contrib
Optional Ansible playbook for preparing a host for running Kargo.
This includes creation of a user account, some basic packages,
and sysctl values required to allow CNI networking on a libvirt network.
2017-03-21 19:50:01 +03:00
Vincent Schwarzer 952ab03d2a Fixes for AWS Terraform Deployment 2017-03-20 12:08:17 +01:00
Matthew Mosesohn 859c08620b Merge pull request #1105 from VincentS/aws_deployment
AWS Terraform for Kargo
2017-03-20 12:55:11 +03:00
Bogdan Dobrelya 34ecf4ea51 Merge pull request #1109 from pcm32/feature/fixTerraformOS
Restores working order of contrib/terraform/openstack
2017-03-15 17:15:35 +01:00
Connz 28473e919f Fixed nova command to get available flavors
The nova command for getting the flavors is not
nova list-flavors
but
nova flavor-list
2017-03-09 11:10:25 +01:00
Vincent Schwarzer 3c6b1480b8 Rewrote AWS Terraform for Kargo
Rewrote AWS Terraform deployment for AWS Kargo. It supports now
multiple Availability Zones, AWS Loadbalancer for Kubernetes API,
Bastion Host, ...

For more information see README
2017-03-06 12:52:02 +01:00
Vincent Schwarzer 5ae85b9de5 Added Missing AWS IAM Profiles and Policies
The AWS IAM profiles and policies required to run Kargo on AWS
are no longer hosted in the kubernetes main repo since kube-up got
deprecated. Hence we have to move the files into the kargo repository.
2017-03-03 15:30:07 +01:00
Pablo Moreno cf26585cff Restores working order of contrib/terraform/openstack, includes vault group and avoids group_vars/k8s-cluster.yml 2017-03-02 23:58:07 +00:00
Bogdan Dobrelya 712872efba Rework inventory all by real groups' vars
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00
Brad Beam b54eb609bf Consolidating kube.py module 2017-01-27 11:28:11 -06:00
Bogdan Dobrelya 85a8a54d3e Merge pull request #935 from sc68cal/terraform_groupvars_update
Update the group_vars for Terraform
2017-01-24 11:33:17 +01:00
Matthew Mosesohn 882544446a Merge pull request #928 from sc68cal/terraform_identity_version
Specify the version of the credentials to download from Horizon
2017-01-24 12:21:27 +03:00
Sean M. Collins 73160c9b90 Update terraform's group_vars to be a symlink
That way, it will not become stale.

Related bug #929
2017-01-23 16:08:37 -05:00
Sean M. Collins 2184d6a3ff Specify the version of the credentials to download from Horizon
More recent versions of OpenStack Horizon provide Identity v2 and
Identity v3 versions of the RC file.
2017-01-23 14:52:51 -05:00
Matthew Mosesohn f742fc3dd1 Add scale thresholds to split etcd and k8s-masters
Also adds calico-rr group if there are standalone etcd nodes.
Now if there are 50 or more nodes, 3 etcd nodes will be standalone.
If there are 200 or more nodes, 2 kube-masters will be standalone.
If thresholds are exceeded, kube-node group cannot add nodes that
belong to etcd or kube-master groups (according to above statements).
2017-01-19 17:30:56 +03:00
Alexander Block 1d2a18b355 Introduce dns_mode and resolvconf_mode and implement docker_dns mode
Also update reset.yml to do more dns/network related cleanup.
2017-01-05 23:38:51 +01:00
Bogdan Dobrelya f7447837c5 Rename CoreOS fact
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 14:02:29 +01:00
Matthew Mosesohn 24cbf2287c Update inventory.py 2016-12-29 10:57:58 +03:00
Matthew Mosesohn 95e14ffb54 Add yaml/json loader for inventory 2016-12-28 16:50:31 +03:00
Matthew Mosesohn 7b86b87dca Add inventory builder python script
Includes tox support for running unit tests.
Small note added to getting-started guide for using
inventory_builder.py

Also adds manual-only unit test.
2016-12-23 13:00:56 +03:00
Antoine Legrand 26e3142c95 Merge branch 'master' into standalone_kubelet 2016-12-13 17:26:21 +01:00
Bogdan Dobrelya c75f394707 Address standalone kubelet config case
Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-13 16:35:53 +01:00
Alexander Block c87f4f613e Add Azure Resource Manager templates to contrib folder 2016-12-13 15:37:04 +01:00
Alexander Block f12e9fa22a Delete .tfstate and .tfstate.backup from openstack terraform 2016-12-13 15:37:04 +01:00
Bogdan Dobrelya 284a21012c Fix bad symlink
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 13:34:52 +01:00
Bogdan Dobrelya e9c591e6de Symlink global vars for terraform
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-08 12:07:01 +01:00
Pablo Moreno 27e239c8d6 GlusterFS with external VMs, terraform/os included 2016-12-06 11:03:13 +00:00
Dan Bode cb84b93930 Decouple etcd/k8s-cluster roles in ec2 terraform
Currently, the terraform script in contrib
adds etcd role as a child of k8s-cluster in
its generated inventory file.

This is problematic when the etcd role is
deployed on separate nodes from the k8s master
and nodes. In this case, this leads to failures
of the k8s node since the PKI certs required for
that role have not been propogated.
2016-11-21 10:44:13 -08:00
Bogdan Dobrelya a03540dabc Add download localhost and enable for CI
* Add download_localhost for the download_run_once mode, which is
  use the ansible host (a travis node for CI case) to store and
  distribute containers across cluster nodes in inventory.
  Defaults to false.
* Rework download_run_once logic to fix idempotency of uploading
  containers.
* For Travis CI, enable docker images caching and run Travis
  workers with sudo enabled as a dependency
* For Travis CI, deploy with download_localhost and download_run_once
  enabled to shourten dev path drastically.
* Add compression for saved container images. Defaults to 'best'.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Aleksandr Didenko <adidenko@mirantis.com>
2016-11-18 16:00:07 +01:00
sneumann e9a48770a7 Fix sugested bootstrap options 2016-11-15 17:52:35 +01:00
Pablo Moreno f320b79c0c Adds missing ip based on internal ip, for etcd 2016-11-14 02:04:13 +00:00
Matthew Mosesohn f106bf5bc4 adds ability to have hosts with no floating ips on terraform/openstack (+8 squashed commits)
Squashed commits:
[f9355ea] Swap order in which we reload docker/socket
[2ca6819] Reload docker.socket after installing flannel on coreos

Workaround for #569
[9f976e5] Vagrantfile: setup proxy inside virtual machines

In corporate networks, it is good to pre-configure proxy variables.
[9d7142f] Vagrantfile: use Ubuntu 16.04 LTS

Use recent supported version of Ubuntu for local development setup
with Vagrant.
[50f77cc] Add CI test layouts

* Drop Wily from test matrix
* Replace the Wily cases dropped with extra cases to test separate
  roles deployment

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
[03e162b] Update OWNERS
[c7b00ca] Use tar+register instead of copy/slurp for distributing tokens and certs

Related bug: https://github.com/ansible/ansible/issues/15405

Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.

This patch dramatically cuts down the number of tasks to process
for cert synchronization.
[2778ac6] Add new var skip_dnsmasq_k8s

If skip_dnsmasq is set, it will still not set up dnsmasq
k8s pod. This enables independent setup of resolvconf section
before kubelet is up.
2016-11-07 10:53:13 +00:00
Smaine Kahlouch 9ddace0566 Merge pull request #294 from billyoung/master
Add IAM profiles for Kubernetes nodes
2016-06-18 11:03:24 +02:00
Smaine Kahlouch bf94d6f45e Merge pull request #285 from paulczar/contrib_terraform_openstack
WIP: terraform openstack
2016-06-17 10:09:18 +02:00
Bill Young 1556d1c63e
Add IAM profiles for Kubernetes nodes 2016-06-15 12:58:44 -04:00
Spencer Smith 26aeebb372 base functionality to create aws resources 2016-06-07 12:45:25 -07:00
Paul Czarkowski e924504928 WIP: terraform openstack 2016-06-05 15:52:20 -05:00