diff --git a/.gitmodules b/.gitmodules index 357468f..791f96b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,9 +1,9 @@ -[submodule "src/flannel"] - path = src/flannel - url = https://github.com/coreos/flannel.git -[submodule "src/kubernetes"] - path = src/kubernetes - url = https://github.com/GoogleCloudPlatform/kubernetes.git [submodule "src/etcd-release"] path = src/etcd-release url = https://github.com/cloudfoundry-incubator/etcd-release.git +[submodule "src/docker-boshrelease"] + path = src/docker-boshrelease + url = https://github.com/18F/docker-boshrelease.git +[submodule "src/kubernetes"] + path = src/kubernetes + url = https://github.com/kubernetes/kubernetes.git diff --git a/README.md b/README.md index 563d6e4..00b8886 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Deploy [Kubernetes](http://kubernetes.io) easily with this * Deploy Kubernetes: ``` -$ bosh upload stemcell https://s3.amazonaws.com/bosh-jenkins-artifacts/bosh-stemcell/warden/bosh-stemcell-389-warden-boshlite-ubuntu-trusty-go_agent.tgz +$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent?v=3262.2 $ git clone https://github.com/cloudcredo/kubernetes-release $ cd kubernetes-release $ bosh upload release releases/kubernetes/kubernetes-4.yml diff --git a/config/blobs.yml b/config/blobs.yml index 5d07390..93828ec 100644 --- a/config/blobs.yml +++ b/config/blobs.yml @@ -1,45 +1,40 @@ ---- -docker/aufs-tools_3.2+20130722-1.1_amd64.deb: - object_id: 684d2f50-c5d5-4ae7-9909-ab96748a38a2 - sha: 736922e32bf43facef617f8ea0bb9c7aa9efdcdb - size: 92274 +aws-cli/awscli-bundle.zip: + size: 6879872 + object_id: cdbb9377-d90e-4983-835f-72799d91f362 + sha: 95b38729dcb07acb692283de7013823e8aa75a9b +docker/aufs-tools_20120411-3_amd64.deb: + size: 91762 + object_id: 14387e29-90bf-4682-9c6f-270fc01ccffc + sha: 2dfc1fe386cd3f05ac7e0b4ebcf3ebc8a7f3b04d docker/autoconf-2.69.tar.gz: + size: 1927468 object_id: 67b2bf5f-6171-458f-aef1-50ce57d030e1 sha: 562471cbcb0dd0fa42a76665acf0dbb68479b78a - size: 1927468 docker/bridge-utils-1.5.tar.gz: + size: 33243 object_id: 5d74b47a-ec01-40bf-891c-ee18a87ed27a sha: 19d2a58cd3a70f971aa931b40256174a847e60d6 - size: 33243 -docker/docker-1.2.0: - object_id: 486e994d-b6ef-43ce-8f5c-0f0fdb622ad8 - sha: 540459bc5d9f1cac17fe8654891814314db15e77 - size: 13398472 -git/git-1.7.11.2.tar.gz: - object_id: 7cd4b71b-5162-49bd-9662-8c0b7e8775f1 - sha: f67b4f6c0277250411c6872ae7b8a872ae11d313 - size: 4015780 -golang/go1.2.1.linux-amd64.tar.gz: - object_id: 77e6e10b-41a9-4c56-b13e-c0894ef2fdea - sha: 7605f577ff6ac2d608a3a4e829b255ae2ebc8dcf - size: 56123695 -kubernetes/binaries.tar.gz: - object_id: 25326452-97ed-4207-83a5-0236eed86d75 - sha: d569b21e014267853750c2b1a7cf843ea8a830a2 - size: 14200925 -mercurial/mercurial-3.1.1.tar.gz: - object_id: 30e156a7-b013-4f34-a023-24de8f5aaa7d - sha: 09cb417f55175262fcbe510af88db76bb893572e - size: 3982765 +docker/docker-1.12.5.tgz: + size: 28942012 + object_id: 72ed5dd2-137c-48dc-45fb-bd4a28c925a5 + sha: bbc60626e6003b4b882f56eed92b5048db6ae359 +etcd/etcd-v2.1.1-linux-amd64.tar.gz: + size: 5608238 + object_id: 5484981b-7806-470e-a6d6-65559343180d + sha: d90a29e051f8dea2f5bb4200610ccbcec45497d7 +flannel/flannel-0.5.5-linux-amd64.tar.gz: + size: 3489977 + object_id: 3477eb5a-0906-45a7-af39-68afccd9f4c4 + sha: fab60fdf23b029fa39badc008fe951bce5046caa +golang/go1.7.3.linux-amd64.tar.gz: + size: 82565628 + object_id: 33f3095f-14b5-455e-9e21-1b6361590de2 + sha: ead40e884ad4d6512bcf7b3c7420dd7fa4a96140 +kubernetes/kubernetes-server-linux-amd64.tar.gz: + size: 364176701 + object_id: 68d3984d-8198-4f25-4a01-32b7c1d8ef4a + sha: 29828b8913fc0d922f42cb7b04d15a518984e0d6 python/Python-2.7.8.tgz: - object_id: 51f9a691-f44b-4311-a9c3-3b3c26468f42 - sha: 511960dd78451a06c9df76509635aeec05b2051a size: 14846119 -docker/docker-1.7.0: - object_id: c92f92b3-5054-49a7-9277-dfb157da4223 - sha: c8fe8d5c9dd583877a012ed285fb67cc5c18927c - size: 16257966 -golang/go1.4.2.linux-amd64.tar.gz: - object_id: a32e922f-57e0-4428-b32a-6b531464faa3 - sha: 5020af94b52b65cc9b6f11d50a67e4bae07b0aff - size: 62442704 + object_id: 3586ff5f-9ae0-4b6b-9b14-fd9ab85da701 + sha: 511960dd78451a06c9df76509635aeec05b2051a diff --git a/generate-certificates.sh b/generate-certificates.sh new file mode 100755 index 0000000..321356a --- /dev/null +++ b/generate-certificates.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +# Adapted from https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/02-certificate-authority.md + +ADDRS=$@ +if [ -z "${ADDRS}" ]; then + echo 'Usage: ./generate-certificates.sh $(prips 10.9.30.128/25)' + exit 1 +fi + +which cfssl > /dev/null 2>&1 || { + echo 'Aborted. Please install cfssl by following https://github.com/cloudflare/cfssl#installation' 1>&2 + exit 1 +} + +which cfssljson > /dev/null 2>&1 || { + echo 'Aborted. Please install cfssljson by following https://github.com/cloudflare/cfssl#installation' 1>&2 + exit 1 +} + +# Create the CA configuration file +cat << EOF > ca-config.json +{ + "signing": { + "default": { + "expiry": "8760h" + }, + "profiles": { + "kubernetes": { + "usages": ["signing", "key encipherment", "server auth", "client auth"], + "expiry": "8760h" + } + } + } +} +EOF + +# Generate the CA certificate and private key +cat << EOF > ca-csr.json +{ + "CN": "Kubernetes", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "Portland", + "O": "Kubernetes", + "OU": "CA", + "ST": "Oregon" + } + ] +} +EOF + +# Generate the CA certificate and private key +cfssl gencert -initca ca-csr.json | cfssljson -bare ca + +# Generate the single Kubernetes TLS Cert +cat << EOF > kubernetes-csr.json +{ + "CN": "kubernetes", + "hosts": [ +$(for ADDR in $ADDRS; do + echo " \"$ADDR\"," +done) + "kubernetes.default.svc.cluster.local", + "kubernetes.default.svc", + "127.0.0.1", + "10.0.0.1" + ], + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "Portland", + "O": "Kubernetes", + "OU": "Cluster", + "ST": "Oregon" + } + ] +} +EOF + +# Generate the Kubernetes certificate and private key +cfssl gencert \ + -ca=ca.pem \ + -ca-key=ca-key.pem \ + -config=ca-config.json \ + -profile=kubernetes \ + kubernetes-csr.json | cfssljson -bare kubernetes diff --git a/generate_deployment_manifest b/generate_deployment_manifest index dcca376..cfb627d 100755 --- a/generate_deployment_manifest +++ b/generate_deployment_manifest @@ -1,24 +1,16 @@ #!/bin/bash -templates=$(dirname $0)/templates -uuid_stub_path=$(dirname $0)/uuid-stub.yml +set -e -infrastructure=$1 -director_uuid=$2 - -if [ "$#" -lt 2 ]; then - echo "usage: ./generate_deployment_manifest [stubs...]" +which spruce > /dev/null 2>&1 || { + echo "Aborted. Please install spruce by following https://github.com/geofffranks/spruce#installation" 1>&2 exit 1 -fi - -shift -shift +} -echo "director_uuid: ${director_uuid}" > $uuid_stub_path +templates="$(dirname $0)/templates" -spiff merge \ - $templates/k8s-deployment.yml \ - $uuid_stub_path \ - $templates/k8s-jobs.yml \ - $templates/k8s-infrastructure-${infrastructure}.yml \ - $* +spruce merge --prune meta \ + "$templates/k8s-deployment.yml" \ + "$templates/k8s-jobs.yml" \ + "$templates/k8s-infrastructure-aws.yml" \ + "$@" diff --git a/jobs/apply-kubernetes-manifests/monit b/jobs/apply-kubernetes-manifests/monit new file mode 100644 index 0000000..e69de29 diff --git a/jobs/apply-kubernetes-manifests/spec b/jobs/apply-kubernetes-manifests/spec new file mode 100644 index 0000000..f1ff0a6 --- /dev/null +++ b/jobs/apply-kubernetes-manifests/spec @@ -0,0 +1,14 @@ +--- +name: apply-kubernetes-manifests +templates: + bin/run.erb: bin/run +packages: +- kubernetes + +properties: + apiserver.host: + description: The host running the apiserver to connect to + + manifests: + description: List of Kubernetes manifests + default: [] diff --git a/jobs/apply-kubernetes-manifests/templates/bin/run.erb b/jobs/apply-kubernetes-manifests/templates/bin/run.erb new file mode 100644 index 0000000..7809a6d --- /dev/null +++ b/jobs/apply-kubernetes-manifests/templates/bin/run.erb @@ -0,0 +1,20 @@ +#!/bin/bash + +set -e + +PATH=$PATH:/var/vcap/packages/kubernetes/bin +API_HOST=<%= p('apiserver.host') %> + +<% p('manifests').each do |manifest| %> +manifest=$(mktemp manifest-XXXXXX) + +cat << 'EOF' > ${manifest} +<%= manifest['content'] %> +EOF + +<% if manifest['recreate'] %> +kubectl -s http://${API_HOST}:8080 delete --ignore-not-found -f ${manifest} +<% end %> + +kubectl -s http://${API_HOST}:8080 apply -f ${manifest} +<% end %> diff --git a/jobs/create-kubernetes-dns/spec b/jobs/create-kubernetes-dns/spec index fba9394..5364487 100644 --- a/jobs/create-kubernetes-dns/spec +++ b/jobs/create-kubernetes-dns/spec @@ -2,10 +2,10 @@ name: create-kubernetes-dns templates: run.erb: bin/run - skydns-controller.yaml.erb: bin/skydns-controller.yaml - skydns-service.yaml.erb: bin/skydns-service.yaml + kubedns-deployment.yaml.erb: bin/kubedns-deployment.yaml + kubedns-service.yaml.erb: bin/kubedns-service.yaml packages: - - kubernetes +- kubernetes properties: apiserver.host: diff --git a/jobs/create-kubernetes-dns/templates/kubedns-deployment.yaml.erb b/jobs/create-kubernetes-dns/templates/kubedns-deployment.yaml.erb new file mode 100644 index 0000000..7452b2a --- /dev/null +++ b/jobs/create-kubernetes-dns/templates/kubedns-deployment.yaml.erb @@ -0,0 +1,165 @@ +# Copyright 2016 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: kube-dns + namespace: kube-system + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile +spec: + # replicas: not specified here: + # 1. In order to make Addon Manager do not reconcile this replicas parameter. + # 2. Default is 1. + # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. + strategy: + rollingUpdate: + maxSurge: 10% + maxUnavailable: 0 + selector: + matchLabels: + k8s-app: kube-dns + template: + metadata: + labels: + k8s-app: kube-dns + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + volumes: + - name: kube-dns-config + configMap: + name: kube-dns + optional: true + containers: + - name: kubedns + image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4 + resources: + # TODO: Set memory limits when we've profiled the container for large + # clusters, then set request = limit to keep this container in + # guaranteed class. Currently, this container falls into the + # "burstable" category so the kubelet doesn't backoff from restarting it. + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + livenessProbe: + httpGet: + path: /healthcheck/kubedns + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /readiness + port: 8081 + scheme: HTTP + # we poll on pod startup for the Kubernetes master service and + # only setup the /readiness HTTP server once that's available. + initialDelaySeconds: 3 + timeoutSeconds: 5 + args: + - --domain=cluster.local. + - --dns-port=10053 + - --config-dir=/kube-dns-config + - --v=2 + env: + - name: PROMETHEUS_PORT + value: "10055" + ports: + - containerPort: 10053 + name: dns-local + protocol: UDP + - containerPort: 10053 + name: dns-tcp-local + protocol: TCP + - containerPort: 10055 + name: metrics + protocol: TCP + volumeMounts: + - name: kube-dns-config + mountPath: /kube-dns-config + - name: dnsmasq + image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4 + livenessProbe: + httpGet: + path: /healthcheck/dnsmasq + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + args: + - -v=2 + - -logtostderr + - -configDir=/etc/k8s/dns/dnsmasq-nanny + - -restartDnsmasq=true + - -- + - -k + - --cache-size=1000 + - --log-facility=- + - --server=/cluster.local./127.0.0.1#10053 + - --server=/in-addr.arpa/127.0.0.1#10053 + - --server=/ip6.arpa/127.0.0.1#10053 + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + # see: https://github.com/kubernetes/kubernetes/issues/29055 for details + resources: + requests: + cpu: 150m + memory: 20Mi + volumeMounts: + - name: kube-dns-config + mountPath: /etc/k8s/dns/dnsmasq-nanny + - name: sidecar + image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4 + livenessProbe: + httpGet: + path: /metrics + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + args: + - --v=2 + - --logtostderr + - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A + - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A + ports: + - containerPort: 10054 + name: metrics + protocol: TCP + resources: + requests: + memory: 20Mi + cpu: 10m + dnsPolicy: Default # Don't use cluster DNS. diff --git a/jobs/create-kubernetes-dns/templates/kubedns-service.yaml.erb b/jobs/create-kubernetes-dns/templates/kubedns-service.yaml.erb new file mode 100644 index 0000000..db4c30e --- /dev/null +++ b/jobs/create-kubernetes-dns/templates/kubedns-service.yaml.erb @@ -0,0 +1,35 @@ +# Copyright 2016 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: kube-dns + namespace: kube-system + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile + kubernetes.io/name: "KubeDNS" +spec: + selector: + k8s-app: kube-dns + clusterIP: 10.0.0.10 + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP diff --git a/jobs/create-kubernetes-dns/templates/run.erb b/jobs/create-kubernetes-dns/templates/run.erb index 3b7eaeb..79d1c3d 100644 --- a/jobs/create-kubernetes-dns/templates/run.erb +++ b/jobs/create-kubernetes-dns/templates/run.erb @@ -1,11 +1,19 @@ #!/bin/bash set -e API_HOST=<%= p('apiserver.host') %> -PATH=$PATH:/var/vcap/packages/kubernetes/ +PATH=$PATH:/var/vcap/packages/kubernetes/bin cd /var/vcap/jobs/create-kubernetes-dns/bin -kubectl -s http://${API_HOST}:8080 create -f skydns-controller.yaml -kubectl -s http://${API_HOST}:8080 create -f skydns-service.yaml -until kubectl -s http://${API_HOST}:8080 get pod --namespace=kube-system | grep 'kube-dns-.* 4/4 ' -do +kubectl -s http://${API_HOST}:8080 apply -f kubedns-deployment.yaml +kubectl -s http://${API_HOST}:8080 apply -f kubedns-service.yaml + +counter=60 +until [ $counter -le 0 ]; do + if kubectl -s http://${API_HOST}:8080 get pod --namespace=kube-system | grep 'kube-dns-.* 3/3 '; then + exit 0 + fi sleep 5 + let counter-=1 done + +echo "Failed to start KubeDNS" +exit 1 diff --git a/jobs/create-kubernetes-dns/templates/skydns-controller.yaml.erb b/jobs/create-kubernetes-dns/templates/skydns-controller.yaml.erb deleted file mode 100644 index c9fbadb..0000000 --- a/jobs/create-kubernetes-dns/templates/skydns-controller.yaml.erb +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: v1 -kind: ReplicationController -metadata: - name: kube-dns-v8 - namespace: kube-system - labels: - k8s-app: kube-dns - version: v8 - kubernetes.io/cluster-service: "true" -spec: - replicas: 1 - selector: - k8s-app: kube-dns - version: v8 - template: - metadata: - labels: - k8s-app: kube-dns - version: v8 - kubernetes.io/cluster-service: "true" - spec: - containers: - - name: etcd - image: gcr.io/google_containers/etcd:2.0.9 - resources: - limits: - cpu: 100m - memory: 50Mi - command: - - /usr/local/bin/etcd - - -data-dir - - /var/etcd/data - - -listen-client-urls - - http://127.0.0.1:2379,http://127.0.0.1:4001 - - -advertise-client-urls - - http://127.0.0.1:2379,http://127.0.0.1:4001 - - -initial-cluster-token - - skydns-etcd - volumeMounts: - - name: etcd-storage - mountPath: /var/etcd/data - - name: kube2sky - image: gcr.io/google_containers/kube2sky:1.11 - resources: - limits: - cpu: 100m - memory: 50Mi - args: - # command = "/kube2sky" - - -domain=cluster.local - - -kube_master_url=http://<%= p('apiserver.host') %>:8080 - - name: skydns - image: gcr.io/google_containers/skydns:2015-03-11-001 - resources: - limits: - cpu: 100m - memory: 50Mi - args: - # command = "/skydns" - - -machines=http://localhost:4001 - - -addr=0.0.0.0:53 - - -domain=cluster.local - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 5 - - name: healthz - image: gcr.io/google_containers/exechealthz:1.0 - resources: - limits: - cpu: 10m - memory: 20Mi - args: - - -cmd=nslookup kubernetes.default.svc.cluster.local localhost >/dev/null - - -port=8080 - ports: - - containerPort: 8080 - protocol: TCP - volumes: - - name: etcd-storage - emptyDir: {} - dnsPolicy: Default # Don't use cluster DNS. diff --git a/jobs/create-kubernetes-dns/templates/skydns-service.yaml.erb b/jobs/create-kubernetes-dns/templates/skydns-service.yaml.erb deleted file mode 100644 index 2e457c7..0000000 --- a/jobs/create-kubernetes-dns/templates/skydns-service.yaml.erb +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kube-dns - namespace: kube-system - labels: - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: "KubeDNS" -spec: - selector: - k8s-app: kube-dns - clusterIP: 10.0.0.10 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/jobs/create-kubernetes-monitoring/monit b/jobs/create-kubernetes-monitoring/monit new file mode 100644 index 0000000..e69de29 diff --git a/jobs/create-kubernetes-monitoring/spec b/jobs/create-kubernetes-monitoring/spec new file mode 100644 index 0000000..f71fd65 --- /dev/null +++ b/jobs/create-kubernetes-monitoring/spec @@ -0,0 +1,21 @@ +--- +name: create-kubernetes-monitoring +templates: + bin/run.erb: bin/run + manifests/heapster-controller.yaml.erb: manifests/heapster-controller.yaml + manifests/heapster-service.yaml.erb: manifests/heapster-service.yaml +packages: +- kubernetes + +properties: + apiserver.host: + description: The host running the apiserver to connect to + + nodes: + description: List of Kubernetes nodes + + heapster.sink: + description: Where heapster sends metric data + + eventer.sink: + description: Where heapster sends event data diff --git a/jobs/create-kubernetes-monitoring/templates/bin/run.erb b/jobs/create-kubernetes-monitoring/templates/bin/run.erb new file mode 100644 index 0000000..31e979b --- /dev/null +++ b/jobs/create-kubernetes-monitoring/templates/bin/run.erb @@ -0,0 +1,20 @@ +#!/bin/bash + +set -e + +PATH=$PATH:/var/vcap/packages/kubernetes/bin +API_HOST=<%= p('apiserver.host') %> + +kubectl -s http://${API_HOST}:8080 apply -f /var/vcap/jobs/create-kubernetes-monitoring/manifests + +counter=60 +until [ $counter -le 0 ]; do + if kubectl -s http://${API_HOST}:8080 get pod --namespace=kube-system | grep 'heapster-.* 4/4 '; then + exit 0 + fi + sleep 5 + let counter-=1 +done + +echo "Failed to start monitoring plugin" +exit 1 diff --git a/jobs/create-kubernetes-monitoring/templates/manifests/heapster-controller.yaml.erb b/jobs/create-kubernetes-monitoring/templates/manifests/heapster-controller.yaml.erb new file mode 100644 index 0000000..298d50c --- /dev/null +++ b/jobs/create-kubernetes-monitoring/templates/manifests/heapster-controller.yaml.erb @@ -0,0 +1,110 @@ +<% + base_metrics_memory = "140Mi" + base_metrics_cpu = "80m" + base_eventer_memory = "190Mi" + metrics_memory_per_node = 4 + metrics_cpu_per_node = 0.5 + eventer_memory_per_node = 500 + num_nodes = p("nodes").length + nanny_memory = "90Mi" + nanny_memory_per_node = 200 + if num_nodes >= 0 + nanny_memory = "#{90 * 1024 + num_nodes * nanny_memory_per_node}Ki" + end +%> + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: heapster-v1.2.0 + namespace: kube-system + labels: + k8s-app: heapster + kubernetes.io/cluster-service: "true" + version: v1.2.0 +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: heapster + version: v1.2.0 + template: + metadata: + labels: + k8s-app: heapster + version: v1.2.0 + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' + spec: + containers: + - image: gcr.io/google_containers/heapster:v1.2.0 + name: heapster + command: + - /heapster + - --source=kubernetes.summary_api:'' + - --sink=<%= p('heapster.sink') %> + - image: gcr.io/google_containers/heapster:v1.2.0 + name: eventer + command: + - /eventer + - --source=kubernetes:'' + - --sink=<%= p('eventer.sink') %> + - image: gcr.io/google_containers/addon-resizer:1.3 + name: heapster-nanny + resources: + limits: + cpu: 50m + memory: <%= nanny_memory %> + requests: + cpu: 50m + memory: <%= nanny_memory %> + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - /pod_nanny + - --cpu=<%= base_metrics_cpu %> + - --extra-cpu=<%= metrics_cpu_per_node %>m + - --memory=<%= base_metrics_memory %> + - --extra-memory=<%= metrics_memory_per_node %>Mi + - --threshold=5 + - --deployment=heapster-v1.2.0 + - --container=heapster + - --poll-period=300000 + - --estimator=exponential + - image: gcr.io/google_containers/addon-resizer:1.3 + name: eventer-nanny + resources: + limits: + cpu: 50m + memory: <%= nanny_memory %> + requests: + cpu: 50m + memory: <%= nanny_memory %> + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - /pod_nanny + - --cpu=100m + - --extra-cpu=0m + - --memory=<%= base_eventer_memory %> + - --extra-memory=<%= eventer_memory_per_node %>Ki + - --threshold=5 + - --deployment=heapster-v1.2.0 + - --container=eventer + - --poll-period=300000 + - --estimator=exponential diff --git a/jobs/create-kubernetes-monitoring/templates/manifests/heapster-service.yaml.erb b/jobs/create-kubernetes-monitoring/templates/manifests/heapster-service.yaml.erb new file mode 100644 index 0000000..8f57112 --- /dev/null +++ b/jobs/create-kubernetes-monitoring/templates/manifests/heapster-service.yaml.erb @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + name: heapster + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "Heapster" +spec: + ports: + - port: 80 + targetPort: 8082 + selector: + k8s-app: heapster diff --git a/jobs/docker b/jobs/docker new file mode 120000 index 0000000..866c14a --- /dev/null +++ b/jobs/docker @@ -0,0 +1 @@ +../src/docker-boshrelease/jobs/docker \ No newline at end of file diff --git a/jobs/docker/monit b/jobs/docker/monit deleted file mode 100755 index 169721e..0000000 --- a/jobs/docker/monit +++ /dev/null @@ -1,6 +0,0 @@ -check process docker with pidfile /var/vcap/sys/run/docker/docker.pid - group vcap - start program "/var/vcap/packages/bosh-helpers/monit_debugger docker_ctl '/var/vcap/jobs/docker/bin/docker_ctl start'" - stop program "/var/vcap/packages/bosh-helpers/monit_debugger docker_ctl '/var/vcap/jobs/docker/bin/docker_ctl stop'" with timeout 60 seconds - if failed unixsocket /var/vcap/sys/run/docker/docker.sock with timeout 5 seconds for 5 cycles then restart - depends on flannel diff --git a/jobs/docker/spec b/jobs/docker/spec deleted file mode 100755 index 52ccbd6..0000000 --- a/jobs/docker/spec +++ /dev/null @@ -1,63 +0,0 @@ ---- -name: docker - -packages: - - bosh-helpers - - git - - golang - - docker - -templates: - bin/cgroupfs-mount: bin/cgroupfs-mount - bin/docker_ctl: bin/docker_ctl - bin/job_properties.sh.erb: bin/job_properties.sh - config/docker_logrotate.cron.erb: config/docker_logrotate.cron - config/logrotate.conf.erb: config/logrotate.conf - -properties: - docker.user: - description: 'User which will own the Docker services' - default: 'root' - docker.group: - description: 'Group which will own the Docker services' - default: 'vcap' - docker.tcp_address: - description: 'TCP address where Docker daemon will listen to (if not set, TCP will not be available)' - default: '127.0.0.1' - docker.tcp_port: - description: 'TCP port where Docker daemon will listen to (if not set, TCP will not be available)' - default: '4243' - docker.debug: - description: 'Enable debug mode' - default: false - docker.api_enable_cors: - description: 'Enable CORS headers in the remote API' - default: false - docker.bridge: - description: 'Name of the network bridge to attach containers' - docker.cidr_prefix: - description: 'CIDR notation prefix (first 2 octets) for the network bridges IP' - docker.iptables: - description: 'Enable Docker addition of iptables rules' - default: true - docker.ip_forward: - description: 'Enable net.ipv4.ip_forward' - default: true - docker.icc: - description: 'Enable inter-container communication' - default: true - docker.dns_servers: - description: 'Array of DNS servers to be used by Docker' - docker.dns_domains: - description: 'Array of DNS search domains to be used by Docker' - docker.mtu: - description: 'Docker Containers network MTU' - docker.daemon.logrotate.frequency: - description: 'Frequency to run logrotate for Docker daemon log files (crontab five time and date fields)' - default: '0 * * * *' - docker.daemon.logrotate.rotate: - description: 'Number of times Docker daemon log files are rotated before being removed ' - default: '7' - docker.daemon.logrotate.size: - description: 'Size before Docker daemon log files are rotateds' - default: '2M' diff --git a/jobs/docker/templates/bin/cgroupfs-mount b/jobs/docker/templates/bin/cgroupfs-mount deleted file mode 100755 index 0d0abee..0000000 --- a/jobs/docker/templates/bin/cgroupfs-mount +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -# Copyright 2011 Canonical, Inc -# 2014 Tianon Gravi -# Author: Serge Hallyn -# Tianon Gravi -set -e - -# for simplicity this script provides no flexibility - -# if cgroup is mounted by fstab, don't run -# don't get too smart - bail on any uncommented entry with 'cgroup' in it -if grep -v '^#' /etc/fstab | grep -q cgroup; then - echo 'cgroups mounted from fstab, not mounting /sys/fs/cgroup' - exit 0 -fi - -# kernel provides cgroups? -if [ ! -e /proc/cgroups ]; then - exit 0 -fi - -## james / dmitriy / alex tests on bosh-lite show this dir is required -# if we don't even have the directory we need, something else must be wrong -# if [ ! -d /sys/fs/cgroup ]; then -# exit 0 -# fi -mkdir -p /sys/fs/cgroup - -# mount /sys/fs/cgroup if not already done -if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup -fi - -cd /sys/fs/cgroup - -# get/mount list of enabled cgroup controllers -for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi -done - -# example /proc/cgroups: -# #subsys_name hierarchy num_cgroups enabled -# cpuset 2 3 1 -# cpu 3 3 1 -# cpuacct 4 3 1 -# memory 5 3 0 -# devices 6 3 1 -# freezer 7 3 1 -# blkio 8 3 1 - -exit 0 diff --git a/jobs/docker/templates/bin/docker_ctl b/jobs/docker/templates/bin/docker_ctl deleted file mode 100755 index 6d79e89..0000000 --- a/jobs/docker/templates/bin/docker_ctl +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash - -set -e # exit immediately if a simple command exits with a non-zero status - -# Setup common env vars and folders -source /var/vcap/packages/bosh-helpers/ctl_setup.sh 'docker' -export DOCKER_PID_FILE=${DOCKER_PID_DIR}/docker.pid - -# Set the hostname -if hostname=$(public_hostname); then - hostname $hostname -else - hostname <%= index %>.<%= name %>.<%= spec.networks.methods(false).grep(/[^=]$/).first.to_s %>.<%= spec.deployment %>.<%= spec.dns_domain_name %> -fi - -case $1 in - - start) - pid_guard ${DOCKER_PID_FILE} ${JOB_NAME} - - # Install aufs-tools - dpkg -i /var/vcap/packages/docker/aufs-tools_3.2+20130722-1.1_amd64.deb - - # Create Docker user & group - create_group ${DOCKER_GROUP} - create_user ${DOCKER_USER} ${DOCKER_GROUP} - - # Create docker data store - if [ ! -d ${DOCKER_STORE_DIR}/docker ]; then - mkdir -p ${DOCKER_STORE_DIR}/docker - chown ${DOCKER_USER}:${DOCKER_GROUP} ${DOCKER_STORE_DIR}/docker - chmod 770 ${DOCKER_STORE_DIR}/docker - fi - - # Enable logrotate crontab - (crontab -l | sed /docker.*logrotate/d; cat ${DOCKER_CONF_DIR}/docker_logrotate.cron) | sed /^$/d | crontab - - # Mount cgroupfs hierarchy - $JOB_DIR/bin/cgroupfs-mount - - # Create network bridge - if [ ! -z ${DOCKER_BRIDGE_NAME} ]; then - set +e - ip link delete docker0 - ip link delete ${DOCKER_BRIDGE_NAME} - /var/vcap/packages/docker/sbin/brctl addbr ${DOCKER_BRIDGE_NAME} - ip addr add ${DOCKER_BRIDGE_CIDR} dev ${DOCKER_BRIDGE_NAME} - ip link set dev ${DOCKER_BRIDGE_NAME} up - set -e - fi - source /run/flannel/subnet.env - - # Start Docker daemon - exec chpst -u ${DOCKER_USER}:${DOCKER_GROUP} docker --daemon \ - --group ${DOCKER_GROUP} \ - --pidfile ${DOCKER_PID_FILE} \ - --graph ${DOCKER_STORE_DIR}/docker \ - --host unix://${DOCKER_PID_DIR}/docker.sock \ - --bip ${FLANNEL_SUBNET} \ - --mtu ${FLANNEL_MTU} \ - ${DOCKER_TCP:-} \ - ${DOCKER_DEBUG:-} \ - ${DOCKER_API_ENABLE_CORS:-} \ - ${DOCKER_BRIDGE:-} \ - ${DOCKER_IPTABLES:-} \ - ${DOCKER_IPFORWARD:-} \ - ${DOCKER_ICC:-} \ - ${DOCKER_DNS_SERVERS:-} \ - ${DOCKER_DNS_DOMAINS:-} \ - ${DOCKER_MTU:-} \ - >>${DOCKER_LOG_DIR}/${OUTPUT_LABEL}.stdout.log \ - 2>>${DOCKER_LOG_DIR}/${OUTPUT_LABEL}.stderr.log - ;; - - stop) - # Stop containers - docker_cmd="/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/docker.sock" - running_containers=$($docker_cmd ps -q) - if [ -n "${running_containers}" ]; then - $docker_cmd kill $running_containers - fi - - # Stop Docker daemon - kill_and_wait ${DOCKER_PID_FILE} - - # Hack: Seems Docker is not releasing the mountpoint for its store dir - mounted=$(cat /proc/mounts | grep ${DOCKER_STORE_DIR}/docker) - if [ ! -z "${mounted}" ]; then - umount ${DOCKER_STORE_DIR}/docker - fi - ;; - - *) - echo "Usage: $0 {start|stop}" - exit 1 - ;; - -esac -exit 0 diff --git a/jobs/docker/templates/bin/job_properties.sh.erb b/jobs/docker/templates/bin/job_properties.sh.erb deleted file mode 100755 index 431cbfa..0000000 --- a/jobs/docker/templates/bin/job_properties.sh.erb +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env bash - -# -# Docker properties -# - -# Directory to store the Docker configuration files -export DOCKER_CONF_DIR=${JOB_DIR}/config - -# Directory to store the Docker logs -export DOCKER_LOG_DIR=${LOG_DIR} - -# Directory to store the Docker process IDs -export DOCKER_PID_DIR=${RUN_DIR} - -# Directory to store the Docker data files -export DOCKER_STORE_DIR=${STORE_DIR} - -# Directory to store the Docker temp files -export DOCKER_TMP_DIR=${TMP_DIR} - -# User which will own the Docker services -export DOCKER_USER="<%= p('docker.user') %>" - -# Group which will own the Docker services -export DOCKER_GROUP="<%= p('docker.group') %>" - -<% if_p('docker.tcp_address', 'docker.tcp_port') do |address, port| %> -# TCP Address/Port where Docker daemon will listen to -export DOCKER_TCP="--host tcp://<%= address %>:<%= port %>" -<% end %> - -# Enable debug mode -export DOCKER_DEBUG="--debug=<%= p('docker.debug') %>" - -# Enable CORS headers in the remote API -export DOCKER_API_ENABLE_CORS="--api-enable-cors=<%= p('docker.api_enable_cors') %>" - -<% if_p('docker.bridge', 'docker.cidr_prefix') do |bridge, cidr_prefix| %> -# Attach containers to a network bridge -export DOCKER_BRIDGE="--bridge=<%= bridge %>" -export DOCKER_BRIDGE_NAME="<%= bridge %>" -export DOCKER_BRIDGE_CIDR="<%= cidr_prefix %>.<%= index %>.1/24" -<% end %> - -# Enable Docker addition of iptables rules -export DOCKER_IPTABLES="--iptables=<%= p('docker.iptables') %>" - -# Enable net.ipv4.ip_forward -export DOCKER_IPFORWARD="--ip-forward=<%= p('docker.ip_forward') %>" - -# Enable inter-container communication -export DOCKER_ICC="--icc=<%= p('docker.icc') %>" - -<% if_p('docker.dns_servers') do |dns_servers| %> -<% dns_servers_list = dns_servers.map { |dns_server| "--dns #{dns_server}" }.join(' ') %> -# Array of DNS servers to be used by Docker -export DOCKER_DNS_SERVERS="<%= dns_servers_list %>" -<% end %> - -<% if_p('docker.dns_domains') do |dns_domains| %> -<% dns_domains_list = dns_domains.map { |dns_domain| "--dns-search #{dns_domain}" }.join(' ') %> -# Array of DNS search domains to be used by Docker -export DOCKER_DNS_DOMAINS="<%= dns_domains_list %>" -<% end %> - -<% if_p('docker.mtu') do |mtu| %> -# Docker Containers network MTU -export DOCKER_MTU="--mtu <%= mtu %>" -<% end %> diff --git a/jobs/docker/templates/config/docker_logrotate.cron.erb b/jobs/docker/templates/config/docker_logrotate.cron.erb deleted file mode 100644 index 6af2982..0000000 --- a/jobs/docker/templates/config/docker_logrotate.cron.erb +++ /dev/null @@ -1 +0,0 @@ -<%= p('docker.daemon.logrotate.frequency') %> test -x /usr/sbin/logrotate && /usr/sbin/logrotate --state /var/vcap/sys/tmp/docker/logrotate.status /var/vcap/jobs/docker/config/logrotate.conf >>/var/vcap/sys/log/docker/docker_logrotate_cron.log 2>&1 diff --git a/jobs/docker/templates/config/logrotate.conf.erb b/jobs/docker/templates/config/logrotate.conf.erb deleted file mode 100644 index a4c6d91..0000000 --- a/jobs/docker/templates/config/logrotate.conf.erb +++ /dev/null @@ -1,10 +0,0 @@ -/var/vcap/sys/log/docker/*.log { - missingok - rotate <%= p('docker.daemon.logrotate.rotate') %> - compress - delaycompress - notifempty - copytruncate - size <%= p('docker.daemon.logrotate.size') %> - su <%= p('docker.user') %> <%= p('docker.group') %> -} diff --git a/jobs/flannel b/jobs/flannel new file mode 120000 index 0000000..e0b9dc5 --- /dev/null +++ b/jobs/flannel @@ -0,0 +1 @@ +../src/docker-boshrelease/jobs/flannel \ No newline at end of file diff --git a/jobs/flannel/monit b/jobs/flannel/monit deleted file mode 100755 index 78dfee9..0000000 --- a/jobs/flannel/monit +++ /dev/null @@ -1,8 +0,0 @@ -check process flannel - with pidfile /var/vcap/sys/run/flannel/flannel.pid - start program "/var/vcap/jobs/flannel/bin/flannel_ctl start" - with timeout 60 seconds - stop program "/var/vcap/jobs/flannel/bin/flannel_ctl stop" -<% if spec.job.templates.any?{|t| t.name == 'etcd'} %> - depends on etcd -<% end %> diff --git a/jobs/flannel/spec b/jobs/flannel/spec deleted file mode 100755 index 5106fc2..0000000 --- a/jobs/flannel/spec +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: flannel - -packages: - - common - - git - - golang - - etcd - - flannel - -templates: - flannel_ctl.erb: bin/flannel_ctl - -properties: - etcd.machines: - description: "Addresses of etcd machines" - networks.apps: - description: "Used to get our IP address" diff --git a/jobs/flannel/templates/flannel_ctl.erb b/jobs/flannel/templates/flannel_ctl.erb deleted file mode 100644 index eb8b564..0000000 --- a/jobs/flannel/templates/flannel_ctl.erb +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -RUN_DIR=/var/vcap/sys/run/flannel -PIDFILE=$RUN_DIR/flannel.pid -JOB_DIR=/var/vcap/jobs/flannel - -source /var/vcap/packages/common/utils.sh - -case $1 in - - start) - pid_guard $PIDFILE "flanneld" - - mkdir -p $RUN_DIR - chown -R vcap:vcap $RUN_DIR - - echo $$ > $PIDFILE - - mkdir -p /dev/net - mknod /dev/net/tun c 10 200 - - <% - my_ip = spec.networks.send(properties.networks.apps).ip - etcd_nodes = p('etcd.machines').map{|n| "http://#{n}:4001"}.join(',') - %> - - /var/vcap/packages/etcd/etcdctl set /coreos.com/network/config '{"Network":"10.100.0.0/16"}' - - exec /var/vcap/packages/flannel/bin/flanneld -iface=<%= my_ip %> --etcd-endpoints=<%= etcd_nodes %> - ;; - - stop) - kill_and_wait $PIDFILE - - ;; - - *) - echo "Usage: flannel_ctl {start|stop}" - - ;; - -esac diff --git a/jobs/guestbook-example/templates/run.erb b/jobs/guestbook-example/templates/run.erb index b7793e3..640eae9 100644 --- a/jobs/guestbook-example/templates/run.erb +++ b/jobs/guestbook-example/templates/run.erb @@ -1,14 +1,14 @@ #!/bin/bash set -e API_HOST=<%= p('apiserver.host') %> -PATH=$PATH:/var/vcap/packages/kubernetes/ +PATH=$PATH:/var/vcap/packages/kubernetes/bin cd /var/vcap/packages/guestbook-example -kubectl -s http://${API_HOST}:8080 create -f redis-master-controller.yaml -kubectl -s http://${API_HOST}:8080 create -f redis-master-service.yaml -kubectl -s http://${API_HOST}:8080 create -f redis-slave-controller.yaml -kubectl -s http://${API_HOST}:8080 create -f redis-slave-service.yaml -kubectl -s http://${API_HOST}:8080 create -f frontend-controller.yaml -kubectl -s http://${API_HOST}:8080 create -f frontend-service.yaml +kubectl -s http://${API_HOST}:8080 apply -f redis-master-deployment.yaml +kubectl -s http://${API_HOST}:8080 apply -f redis-master-service.yaml +kubectl -s http://${API_HOST}:8080 apply -f redis-slave-deployment.yaml +kubectl -s http://${API_HOST}:8080 apply -f redis-slave-service.yaml +kubectl -s http://${API_HOST}:8080 apply -f frontend-deployment.yaml +kubectl -s http://${API_HOST}:8080 apply -f frontend-service.yaml frontend_pod_ips=() while [ "${#frontend_pod_ips[@]}" -ne "3" ] diff --git a/jobs/kubernetes-master/monit b/jobs/kubernetes-master/monit index 38587ee..1f52e57 100755 --- a/jobs/kubernetes-master/monit +++ b/jobs/kubernetes-master/monit @@ -4,7 +4,6 @@ check process apiserver with timeout 60 seconds stop program "/var/vcap/jobs/kubernetes-master/bin/apiserver_ctl stop" group vcap - depends on etcd check process controller-manager with pidfile /var/vcap/sys/run/controller-manager/controller-manager.pid @@ -12,7 +11,6 @@ check process controller-manager with timeout 60 seconds stop program "/var/vcap/jobs/kubernetes-master/bin/controller-manager_ctl stop" group vcap - depends on etcd depends on apiserver check process scheduler diff --git a/jobs/kubernetes-master/spec b/jobs/kubernetes-master/spec index 062dfdb..38d9246 100755 --- a/jobs/kubernetes-master/spec +++ b/jobs/kubernetes-master/spec @@ -2,14 +2,85 @@ name: kubernetes-master packages: - - common - - kubernetes +- common +- kubernetes templates: + config/env.sh.erb: config/env.sh + config/token-auth.csv.erb: config/token-auth.csv + config/basic-auth.csv.erb: config/basic-auth.csv + manifests/kube2consul.yml.erb: manifests/kube2consul.yml + consul/config.json.erb: consul/config.json + consul/ca.crt.erb: consul/ca.crt + consul/agent.crt.erb: consul/agent.crt + consul/agent.key.erb: consul/agent.key + certs/ca.pem.erb: certs/ca.pem + certs/kubernetes.pem.erb: certs/kubernetes.pem + certs/kubernetes-key.pem.erb: certs/kubernetes-key.pem apiserver_ctl.erb: bin/apiserver_ctl controller-manager_ctl.erb: bin/controller-manager_ctl scheduler_ctl.erb: bin/scheduler_ctl properties: - apiserver.machines: - description: List of machines to schedule onto + etcd.machines: + description: List of etcd hosts + + apiserver.hosts: + description: List of master hosts + + apiserver.basic-auth: + description: List of basic auth credentials + default: [] + + apiserver.token-auth: + description: List of authentication tokens + default: [] + + apiserver.event-ttl: + description: How long kubernetes will keep events. A large setting can negatively impact etcd performance. If not specified, will use the kubernetes default. + + apiserver.storage_backend: + description: Storage backend + default: etcd2 + + apiserver.storage_media_type: + description: Storage media type + default: application/json + + certs.ca: + description: Kubernetes Certificate Authority certificate + + certs.kubernetes: + description: Kubernetes TLS certificate + + certs.kubernetes-key: + description: Kubernetes TLS private key + + consul.encrypt: + description: Consul gossip encrpytion key + + consul.join_hosts: + description: Consul server hosts + + consul.ca_cert: + description: Consul CA certificate + + consul.agent_cert: + description: Consul agent certificate + + consul.agent_key: + description: Consul agent private key + + kube2consul.args: + description: "Hash of kube2consul arguments" + example: + kube-sync: 600 + default: {} + + cloud-provider: + description: K8s cloud provider + default: "" + + cloud-credentials.master: + description: K8s cloud provider master credentials + default: {} diff --git a/jobs/kubernetes-master/templates/apiserver_ctl.erb b/jobs/kubernetes-master/templates/apiserver_ctl.erb index 2be3b75..b9574a5 100644 --- a/jobs/kubernetes-master/templates/apiserver_ctl.erb +++ b/jobs/kubernetes-master/templates/apiserver_ctl.erb @@ -1,29 +1,53 @@ #!/bin/bash +CERT_DIR=/var/vcap/jobs/kubernetes-master/certs RUN_DIR=/var/vcap/sys/run/apiserver -PIDFILE=$RUN_DIR/apiserver.pid +LOG_DIR=/var/vcap/sys/log/apiserver JOB_DIR=/var/vcap/jobs/apiserver -CERT_DIR=${RUN_DIR}/certs + +PIDFILE=$RUN_DIR/apiserver.pid source /var/vcap/packages/common/utils.sh +source /var/vcap/jobs/kubernetes-master/config/env.sh + +<% if('apiserver.basic-auth').length > 0 %> +BASIC_AUTH_FILE="--basic-auth-file=/var/vcap/jobs/kubernetes-master/config/basic-auth.csv" +<% end %> +<% if('apiserver.token-auth').length > 0 %> +TOKEN_AUTH_FILE="--token-auth-file=/var/vcap/jobs/kubernetes-master/config/token-auth.csv" +<% end %> case $1 in start) pid_guard $PIDFILE "apiserver" - mkdir -p $CERT_DIR - chown -R vcap:vcap $RUN_DIR + mkdir -p $RUN_DIR + mkdir -p $LOG_DIR echo $$ > $PIDFILE - exec chpst -u vcap:vcap /var/vcap/packages/kubernetes/kube-apiserver \ ---insecure-bind-address=0.0.0.0 \ ---port=8080 \ ---etcd-servers=http://127.0.0.1:4001 \ ---service-cluster-ip-range="10.0.0.0/24" \ ---cert-dir=$CERT_DIR \ ---logtostderr=true + exec /var/vcap/packages/kubernetes/bin/kube-apiserver \ + <% if_p('apiserver.event-ttl') do %>--event-ttl=<%= p('apiserver.event-ttl') %><% end %> \ + --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \ + --allow-privileged=true \ + --anonymous-auth=false \ + --apiserver-count=<%= p('apiserver.hosts').length %> \ + --cert-dir=$CERT_DIR \ + --cloud-provider=<%= p('cloud-provider') %> \ + --etcd-servers=<%= p('etcd.machines').map { |h| "http://#{h}:4001" }.join ',' %> \ + --insecure-bind-address=0.0.0.0 \ + --insecure-port=8080 \ + --service-account-key-file=${CERT_DIR}/kubernetes-key.pem \ + --service-cluster-ip-range="10.0.0.0/24" \ + --storage-backend=<%= p('apiserver.storage_backend') %> \ + --storage-media-type=<%= p('apiserver.storage_media_type') %> \ + --tls-cert-file=${CERT_DIR}/kubernetes.pem \ + --tls-private-key-file=${CERT_DIR}/kubernetes-key.pem \ + ${BASIC_AUTH_FILE:-} \ + ${TOKEN_AUTH_FILE:-} \ + 1>> $LOG_DIR/kube-apiserver.stdout.log \ + 2>> $LOG_DIR/kube-apiserver.stderr.log ;; stop) diff --git a/jobs/kubernetes-master/templates/certs/ca.pem.erb b/jobs/kubernetes-master/templates/certs/ca.pem.erb new file mode 100644 index 0000000..a917419 --- /dev/null +++ b/jobs/kubernetes-master/templates/certs/ca.pem.erb @@ -0,0 +1 @@ +<%= p('certs.ca') %> diff --git a/jobs/kubernetes-master/templates/certs/kubernetes-key.pem.erb b/jobs/kubernetes-master/templates/certs/kubernetes-key.pem.erb new file mode 100644 index 0000000..49c8755 --- /dev/null +++ b/jobs/kubernetes-master/templates/certs/kubernetes-key.pem.erb @@ -0,0 +1 @@ +<%= p('certs.kubernetes-key') %> diff --git a/jobs/kubernetes-master/templates/certs/kubernetes.pem.erb b/jobs/kubernetes-master/templates/certs/kubernetes.pem.erb new file mode 100644 index 0000000..b3ca097 --- /dev/null +++ b/jobs/kubernetes-master/templates/certs/kubernetes.pem.erb @@ -0,0 +1 @@ +<%= p('certs.kubernetes') %> diff --git a/jobs/kubernetes-master/templates/config/basic-auth.csv.erb b/jobs/kubernetes-master/templates/config/basic-auth.csv.erb new file mode 100644 index 0000000..fc22d1e --- /dev/null +++ b/jobs/kubernetes-master/templates/config/basic-auth.csv.erb @@ -0,0 +1,3 @@ +<% p('apiserver.basic-auth').each do |user| %> +<%= [user['password'], user['user'], user['uid']].join(',') %> +<% end %> diff --git a/jobs/kubernetes-master/templates/config/env.sh.erb b/jobs/kubernetes-master/templates/config/env.sh.erb new file mode 100644 index 0000000..995ae0c --- /dev/null +++ b/jobs/kubernetes-master/templates/config/env.sh.erb @@ -0,0 +1,5 @@ +#!/bin/sh + +<% p('cloud-credentials.master').each do |key, value| %> +export <%= key %>="<%= value %>" +<% end %> diff --git a/jobs/kubernetes-master/templates/config/token-auth.csv.erb b/jobs/kubernetes-master/templates/config/token-auth.csv.erb new file mode 100644 index 0000000..0cc2065 --- /dev/null +++ b/jobs/kubernetes-master/templates/config/token-auth.csv.erb @@ -0,0 +1,5 @@ +<% p('apiserver.token-auth').each do |user| %> +<% row = [user['token'], user['user'], user['uid']] %> +<% row << user['group'] if user['group'] %> +<%= row.join(',') %> +<% end %> diff --git a/jobs/kubernetes-master/templates/consul/agent.crt.erb b/jobs/kubernetes-master/templates/consul/agent.crt.erb new file mode 100644 index 0000000..d82c7a8 --- /dev/null +++ b/jobs/kubernetes-master/templates/consul/agent.crt.erb @@ -0,0 +1 @@ +<%= p('consul.agent_cert') %> diff --git a/jobs/kubernetes-master/templates/consul/agent.key.erb b/jobs/kubernetes-master/templates/consul/agent.key.erb new file mode 100644 index 0000000..131fbe5 --- /dev/null +++ b/jobs/kubernetes-master/templates/consul/agent.key.erb @@ -0,0 +1 @@ +<%= p('consul.agent_key') %> diff --git a/jobs/kubernetes-master/templates/consul/ca.crt.erb b/jobs/kubernetes-master/templates/consul/ca.crt.erb new file mode 100644 index 0000000..3cce21d --- /dev/null +++ b/jobs/kubernetes-master/templates/consul/ca.crt.erb @@ -0,0 +1 @@ +<%= p('consul.ca_cert') %> diff --git a/jobs/kubernetes-master/templates/consul/config.json.erb b/jobs/kubernetes-master/templates/consul/config.json.erb new file mode 100644 index 0000000..636be0a --- /dev/null +++ b/jobs/kubernetes-master/templates/consul/config.json.erb @@ -0,0 +1,10 @@ +{ + "ca_file": "/etc/secrets/ca.crt", + "cert_file": "/etc/secrets/agent.crt", + "key_file": "/etc/secrets/agent.key", + "encrypt": "<%= p('consul.encrypt') %>", + "start_join": <%= p('consul.join_hosts') %>, + "retry_join": <%= p('consul.join_hosts') %>, + "verify_incoming": true, + "verify_outgoing": true +} diff --git a/jobs/kubernetes-master/templates/controller-manager_ctl.erb b/jobs/kubernetes-master/templates/controller-manager_ctl.erb index 61cbf25..ddb97bf 100644 --- a/jobs/kubernetes-master/templates/controller-manager_ctl.erb +++ b/jobs/kubernetes-master/templates/controller-manager_ctl.erb @@ -1,9 +1,13 @@ #!/bin/bash +CERT_DIR=/var/vcap/jobs/kubernetes-master/certs RUN_DIR=/var/vcap/sys/run/controller-manager +LOG_DIR=/var/vcap/sys/log/controller-manager + PIDFILE=$RUN_DIR/controller-manager.pid source /var/vcap/packages/common/utils.sh +source /var/vcap/jobs/kubernetes-master/config/env.sh case $1 in @@ -11,13 +15,18 @@ case $1 in pid_guard $PIDFILE "controller-manager" mkdir -p $RUN_DIR - chown -R vcap:vcap $RUN_DIR + mkdir -p $LOG_DIR echo $$ > $PIDFILE - exec chpst -u vcap:vcap /var/vcap/packages/kubernetes/kube-controller-manager \ ---master=127.0.0.1:8080 \ ---logtostderr=true + exec /var/vcap/packages/kubernetes/bin/kube-controller-manager \ + --master=127.0.0.1:8080 \ + --cloud-provider=<%= p('cloud-provider') %> \ + --leader-elect=true \ + --root-ca-file=${CERT_DIR}/ca.pem \ + --service-account-private-key-file=${CERT_DIR}/kubernetes-key.pem \ + 1>> $LOG_DIR/kube-controller-manager.stdout.log \ + 2>> $LOG_DIR/kube-controller-manager.stderr.log ;; stop) diff --git a/jobs/kubernetes-master/templates/manifests/kube2consul.yml.erb b/jobs/kubernetes-master/templates/manifests/kube2consul.yml.erb new file mode 100644 index 0000000..87cead1 --- /dev/null +++ b/jobs/kubernetes-master/templates/manifests/kube2consul.yml.erb @@ -0,0 +1,41 @@ +<% addr = spec.networks.to_h.values.first.ip %> + +apiVersion: v1 +kind: Pod +metadata: + name: kube2consul + namespace: kube-system +spec: + hostNetwork: true + containers: + - name: consul-agent + image: gliderlabs/consul-agent:0.6 + args: + - -advertise=<%= addr %> + - -config-file=/etc/secrets/config.json + ports: + - hostPort: 8301 + containerPort: 8301 + protocol: TCP + hostIP: <%= addr %> + - hostPort: 8301 + containerPort: 8301 + protocol: UDP + hostIP: <%= addr %> + volumeMounts: + - name: secrets + mountPath: /etc/secrets + readOnly: true + - name: kube2consul + image: jmccarty3/kube2consul:latest + command: + - /kube2consul + - -consul-agent=http://127.0.0.1:8500 + - -kube_master_url=http://127.0.0.1:8080 +<% p("kube2consul.args").each do |key, value| %> + - -<%= key %>=<% value %> +<% end %> + volumes: + - name: secrets + hostPath: + path: /var/vcap/jobs/kubernetes-master/consul diff --git a/jobs/kubernetes-master/templates/scheduler_ctl.erb b/jobs/kubernetes-master/templates/scheduler_ctl.erb index 7a0ed89..294d7db 100644 --- a/jobs/kubernetes-master/templates/scheduler_ctl.erb +++ b/jobs/kubernetes-master/templates/scheduler_ctl.erb @@ -1,6 +1,7 @@ #!/bin/bash RUN_DIR=/var/vcap/sys/run/scheduler +LOG_DIR=/var/vcap/sys/log/scheduler PIDFILE=$RUN_DIR/scheduler.pid JOB_DIR=/var/vcap/jobs/scheduler @@ -12,14 +13,16 @@ case $1 in pid_guard $PIDFILE "scheduler" mkdir -p $RUN_DIR - chown -R vcap:vcap $RUN_DIR + mkdir -p $LOG_DIR echo $$ > $PIDFILE - exec chpst -u vcap:vcap /var/vcap/packages/kubernetes/kube-scheduler \ ---address=0.0.0.0 \ ---master=127.0.0.1:8080 \ ---logtostderr=true + exec /var/vcap/packages/kubernetes/bin/kube-scheduler \ + --address=0.0.0.0 \ + --master=127.0.0.1:8080 \ + --leader-elect=true \ + 1>> $LOG_DIR/kube-scheduler.stdout.log \ + 2>> $LOG_DIR/kube-scheduler.stderr.log ;; stop) diff --git a/jobs/kubernetes-minion/monit b/jobs/kubernetes-minion/monit index a62d2bd..e9981a1 100755 --- a/jobs/kubernetes-minion/monit +++ b/jobs/kubernetes-minion/monit @@ -5,7 +5,6 @@ check process kubelet stop program "/var/vcap/jobs/kubernetes-minion/bin/kubelet_ctl stop" group vcap depends on docker - depends on etcd check process proxy with pidfile /var/vcap/sys/run/proxy/proxy.pid @@ -13,4 +12,3 @@ check process proxy with timeout 60 seconds stop program "/var/vcap/jobs/kubernetes-minion/bin/proxy_ctl stop" group vcap - depends on etcd diff --git a/jobs/kubernetes-minion/spec b/jobs/kubernetes-minion/spec index 7a9f0ac..1250204 100755 --- a/jobs/kubernetes-minion/spec +++ b/jobs/kubernetes-minion/spec @@ -2,13 +2,45 @@ name: kubernetes-minion packages: - - common - - kubernetes +- common +- kubernetes +- aws-cli templates: + config/env.sh.erb: config/env.sh kubelet_ctl.erb: bin/kubelet_ctl proxy_ctl.erb: bin/proxy_ctl + pre-start.erb: bin/pre-start + post-start.erb: bin/post-start + drain.erb: bin/drain properties: - apiserver.host: - description: IP address of the API + apiserver.hosts: + description: List of api server IPs + + manifest-dirs: + description: List of manifest dirs to run using kubelet + default: [] + + schedulable: + description: Allow scheduling pods on host + + kube-reserved: + description: Resource reservations for kubernetes daemons + + system-reserved: + description: Resource reservations for system daemons + + eviction-hard: + description: Pod eviction resource threshold + + cloud-provider: + description: K8s cloud provider + default: "" + + cloud-credentials.minion: + description: K8s cloud provider minion credentials + default: {} + + aws.cluster-tag: + description: K8s cluster tag (AWS only) diff --git a/jobs/kubernetes-minion/templates/config/env.sh.erb b/jobs/kubernetes-minion/templates/config/env.sh.erb new file mode 100644 index 0000000..1b5b640 --- /dev/null +++ b/jobs/kubernetes-minion/templates/config/env.sh.erb @@ -0,0 +1,5 @@ +#!/bin/sh + +<% p('cloud-credentials.minion').each do |key, value| %> +export <%= key %>="<%= value %>" +<% end %> diff --git a/jobs/kubernetes-minion/templates/drain.erb b/jobs/kubernetes-minion/templates/drain.erb new file mode 100644 index 0000000..8e1e5c0 --- /dev/null +++ b/jobs/kubernetes-minion/templates/drain.erb @@ -0,0 +1,55 @@ +#!/bin/bash + +# Drain and cordon node + +set -e +set -x + +PATH=$PATH:/var/vcap/packages/kubernetes/bin + +LOG_DIR=/var/vcap/sys/log/kubernetes-minion +LOG_FILE=${LOG_DIR}/drain.log + +mkdir -p ${LOG_DIR} + +exec 3>&1 +exec 1>> ${LOG_FILE} +exec 2>> ${LOG_FILE} + +# Choose first non-self address; using self fails if etcd drain script runs first +<% addr = spec.networks.to_h.values.first.ip %> +API_HOST=<%= p('apiserver.hosts').select {|ip| ip != addr}.first %> +NODE_HOST=<%= addr %> + +# only attempt drain if we can communicate with the api host +if /bin/nc -vz $API_HOST 8080; then + QUERY="{range .items[?(.metadata.labels.kubernetes\.io/hostname==\"${NODE_HOST}\")]} {.metadata.name} {end}" + NODE=$(kubectl -s http://${API_HOST}:8080 get nodes -o jsonpath="${QUERY}") + + for i in {1..5}; do kubectl -s http://${API_HOST}:8080 drain ${NODE} --force --ignore-daemonsets --delete-local-data && break || sleep 5; done +fi + +POD_RETRIES=0 +MAX_POD_RETRIES=240 + +set +e +while true; do + nc -vz $API_HOST 8080 + if [ $? -ne 0 ]; then + logger -t error "[BOSH Kubernetes Drain] Could not reach API host ${API_HOST}" + elif [ -z "$(kubectl -s http://${API_HOST}:8080 get pods -o 'jsonpath={.items[*].status.containerStatuses[?(@.ready==false)].name}')" ]; then + break + fi + + if [ ${POD_RETRIES} -gt ${MAX_POD_RETRIES} ]; then + logger -t error "[BOSH Kubernetes Drain] Kubernetes pods not in a running state, and did not come back while waiting" + exit 1 + else + POD_RETRIES=$((POD_RETRIES + 1)) + fi + + sleep 1 +done + +echo 0 >&3 +exit 0 diff --git a/jobs/kubernetes-minion/templates/kubelet_ctl.erb b/jobs/kubernetes-minion/templates/kubelet_ctl.erb index 1b4c510..6d0e0f2 100644 --- a/jobs/kubernetes-minion/templates/kubelet_ctl.erb +++ b/jobs/kubernetes-minion/templates/kubelet_ctl.erb @@ -1,34 +1,63 @@ #!/bin/bash +ROOT_DIR=/var/vcap/data/kubelet RUN_DIR=/var/vcap/sys/run/kubelet -PIDFILE=${RUN_DIR}/kubelet.pid -JOB_DIR=/var/vcap/jobs/kubelet +LOG_DIR=/var/vcap/sys/log/kubelet +MANIFEST_DIR=${RUN_DIR}/manifests CERT_DIR=${RUN_DIR}/certs +DOCKER_BOSH_RELEASE_PID=/var/vcap/sys/run/docker/docker.pid +KUBERNETES_DOCKER_PID=/var/run/docker.pid + +PIDFILE=${RUN_DIR}/kubelet.pid source /var/vcap/packages/common/utils.sh +source /var/vcap/jobs/kubernetes-minion/config/env.sh case $1 in start) pid_guard $PIDFILE "kubelet" + mkdir -p $ROOT_DIR + mkdir -p $MANIFEST_DIR mkdir -p $CERT_DIR - chown -R vcap:vcap $RUN_DIR + mkdir -p $LOG_DIR + + if [ -f "${DOCKER_BOSH_RELEASE_PID}" ]; then + ln -sf ${DOCKER_BOSH_RELEASE_PID} ${KUBERNETES_DOCKER_PID} + else + echo "Unable to find the Docker daemon pid from the BOSH release" + echo "This pid is required for K8S container manager" + echo "Path: ${DOCKER_BOSH_RELEASE_PID}" + exit 1 + fi + + <% p('manifest-dirs').each do |dir| %> + cp <%= dir %>/* ${MANIFEST_DIR} + <% end %> echo $$ > $PIDFILE - <% my_ip = spec.networks.send(properties.networks.apps).ip %> - exec chpst -u vcap:vcap /var/vcap/packages/kubernetes/kubelet \ ---address=<%= my_ip %> \ ---port=10250 \ ---hostname_override=<%= my_ip %> \ ---api-servers=http://<%= p('apiserver.host') %>:8080 \ ---cert-dir=$CERT_DIR \ ---logtostderr=true \ ---docker-endpoint=unix:///var/vcap/sys/run/docker/docker.sock \ ---root-dir=/var/vcap/sys/run/kubelet \ ---cluster_dns=10.0.0.10 \ ---cluster_domain=cluster.local + <% addr = spec.networks.to_h.values.first.ip %> + exec /var/vcap/packages/kubernetes/bin/kubelet \ + --address=<%= addr %> \ + --allow-privileged=true \ + --port=10250 \ + --hostname_override=<%= addr %> \ + --api-servers=<%= p('apiserver.hosts').map { |h| "http://#{h}:8080" }.join ',' %> \ + --cert-dir=$CERT_DIR \ + --docker-endpoint=unix:///var/vcap/sys/run/docker/docker.sock \ + --root-dir=$ROOT_DIR \ + --pod-manifest-path=${MANIFEST_DIR} \ + --cloud-provider=<%= p('cloud-provider') %> \ + --cluster_dns=10.0.0.10 \ + --cluster_domain=cluster.local \ + <% if_p('schedulable') do |schedulable| %>--register-schedulable=<%= schedulable.to_s %><% end %> \ + <% if_p('kube-reserved') do |kube_reserved| %>--kube-reserved="<%= kube_reserved %>"<% end %> \ + <% if_p('system-reserved') do |system_reserved| %>--system-reserved="<%= system_reserved %>"<% end %> \ + <% if_p('eviction-hard') do |eviction_hard| %>--eviction-hard="<%= eviction_hard %>"<% end %> \ + 1>> $LOG_DIR/kubelet.stdout.log \ + 2>> $LOG_DIR/kubelet.stderr.log ;; stop) diff --git a/jobs/kubernetes-minion/templates/post-start.erb b/jobs/kubernetes-minion/templates/post-start.erb new file mode 100644 index 0000000..2a87994 --- /dev/null +++ b/jobs/kubernetes-minion/templates/post-start.erb @@ -0,0 +1,20 @@ +#!/bin/bash + +<% if p('schedulable', true) %> + +# Uncordon node + +set -e +set -x + +PATH=$PATH:/var/vcap/packages/kubernetes/bin + +API_HOST=<%= p('apiserver.hosts').first %> +NODE_HOST=<%= spec.networks.to_h.values.first.ip %> + +# TODO: Query against kubernetes.io/hostname after https://github.com/kubernetes/kubernetes/issues/31984 is resolved +QUERY="{range .items[?(.status.addresses[0].address==\"${NODE_HOST}\")]} {.metadata.name} {end}" +NODE=$(kubectl -s http://${API_HOST}:8080 get nodes -o jsonpath="${QUERY}") + +kubectl -s http://${API_HOST}:8080 uncordon ${NODE} +<% end %> diff --git a/jobs/kubernetes-minion/templates/pre-start.erb b/jobs/kubernetes-minion/templates/pre-start.erb new file mode 100644 index 0000000..caade05 --- /dev/null +++ b/jobs/kubernetes-minion/templates/pre-start.erb @@ -0,0 +1,14 @@ +#!/bin/bash + +# Tag EC2 instances with KubernetesCluster +# TODO: Revert after https://github.com/cloudfoundry-incubator/bosh-aws-cpi-release/issues/33 is resolved + +set -e + +source /var/vcap/jobs/kubernetes-minion/config/env.sh + +<% if_p('aws.cluster-tag') do %> +/var/vcap/packages/aws-cli/bin/aws ec2 create-tags \ + --resources $(curl http://169.254.169.254/latest/meta-data/instance-id) \ + --tags Key=KubernetesCluster,Value=<%= p('aws.cluster-tag') %> +<% end %> diff --git a/jobs/kubernetes-minion/templates/proxy_ctl.erb b/jobs/kubernetes-minion/templates/proxy_ctl.erb index 0558c8a..b216173 100644 --- a/jobs/kubernetes-minion/templates/proxy_ctl.erb +++ b/jobs/kubernetes-minion/templates/proxy_ctl.erb @@ -1,6 +1,7 @@ #!/bin/bash RUN_DIR=/var/vcap/sys/run/proxy +LOG_DIR=/var/vcap/sys/log/proxy PIDFILE=$RUN_DIR/proxy.pid JOB_DIR=/var/vcap/jobs/proxy @@ -12,11 +13,14 @@ case $1 in pid_guard $PIDFILE "proxy" mkdir -p $RUN_DIR - chown -R vcap:vcap $RUN_DIR + mkdir -p $LOG_DIR echo $$ > $PIDFILE - exec chpst /var/vcap/packages/kubernetes/kube-proxy --master=<%= p('apiserver.host') %>:8080 --logtostderr=true + exec /var/vcap/packages/kubernetes/bin/kube-proxy \ + --master=<%= p('apiserver.hosts')[0] %>:8080 \ + 1>> $LOG_DIR/kube-proxy.stdout.log \ + 2>> $LOG_DIR/kube-proxy.stderr.log ;; stop) diff --git a/packages/aws-cli/packaging b/packages/aws-cli/packaging new file mode 100644 index 0000000..8f719db --- /dev/null +++ b/packages/aws-cli/packaging @@ -0,0 +1,7 @@ +set -e # abort script on any command that exit with a non zero value + +unzip aws-cli/awscli-bundle.zip + +export PATH=$PATH:/var/vcap/packages/python/bin + +./awscli-bundle/install -i $BOSH_INSTALL_TARGET \ No newline at end of file diff --git a/packages/aws-cli/spec b/packages/aws-cli/spec new file mode 100644 index 0000000..33572e4 --- /dev/null +++ b/packages/aws-cli/spec @@ -0,0 +1,6 @@ +--- +name: aws-cli +files: +- aws-cli/awscli-bundle.zip +dependencies: +- python diff --git a/packages/bosh-helpers/spec b/packages/bosh-helpers/spec index 1b712f4..58b14ed 100755 --- a/packages/bosh-helpers/spec +++ b/packages/bosh-helpers/spec @@ -1,5 +1,5 @@ --- name: bosh-helpers -dependencies: {} +dependencies: [] files: - bosh-helpers/* diff --git a/packages/docker b/packages/docker new file mode 120000 index 0000000..9739c9f --- /dev/null +++ b/packages/docker @@ -0,0 +1 @@ +../src/docker-boshrelease/packages/docker \ No newline at end of file diff --git a/packages/docker/packaging b/packages/docker/packaging deleted file mode 100755 index d1de62a..0000000 --- a/packages/docker/packaging +++ /dev/null @@ -1,52 +0,0 @@ -set -e # exit immediately if a simple command exits with a non-zero status -set -u # report the usage of uninitialized variables - -# Detect # of CPUs so make jobs can be parallelized -CPUS=`grep -c ^processor /proc/cpuinfo` - -# We grab the latest versions that are in the directory -AUFS_TOOLS_VERSION=`ls -r docker/aufs-tools_*.deb | sed 's/docker\/aufs-tools_\(.*\).deb/\1/' | head -1` -AUTOCONF_VERSION=`ls -r docker/autoconf-*.tar.gz | sed 's/docker\/autoconf-\(.*\)\.tar\.gz/\1/' | head -1` -BRIDGE_UTILS_VERSION=`ls -r docker/bridge-utils-*.tar.gz | sed 's/docker\/bridge-utils-\(.*\)\.tar\.gz/\1/' | head -1` -DOCKER_VERSION=`ls -r docker/docker-* | sed 's/docker\/docker-\(.*\)/\1/' | head -1` - -# Extract Autoconf package -echo "Extracting Autoconf ${AUTOCONF_VERSION}..." -tar xzvf ${BOSH_COMPILE_TARGET}/docker/autoconf-${AUTOCONF_VERSION}.tar.gz -if [[ $? != 0 ]] ; then - echo "Failed extracting Autoconf ${AUTOCONF_VERSION}" - exit 1 -fi - -# Extract bridge-utils package -echo "Extracting bridge-utils ${BRIDGE_UTILS_VERSION}..." -tar xzvf ${BOSH_COMPILE_TARGET}/docker/bridge-utils-${BRIDGE_UTILS_VERSION}.tar.gz -if [[ $? != 0 ]] ; then - echo "Failed extracting bridge-utils ${BRIDGE_UTILS_VERSION}" - exit 1 -fi - -# Copy aufs-tools package -echo "Copying aufs-tools ${AUFS_TOOLS_VERSION}..." -cp -a ${BOSH_COMPILE_TARGET}/docker/aufs-tools_${AUFS_TOOLS_VERSION}.deb ${BOSH_INSTALL_TARGET}/ - -# Build Autoconf package -echo "Building Autoconf ${AUTOCONF_VERSION}..." -cd ${BOSH_COMPILE_TARGET}/autoconf-${AUTOCONF_VERSION} -./configure -make -j${CPUS} -make install - -# Build bridge-utils package -echo "Building bridge-utils ${BRIDGE_UTILS_VERSION}..." -cd ${BOSH_COMPILE_TARGET}/bridge-utils-${BRIDGE_UTILS_VERSION} -autoconf -./configure --prefix=${BOSH_INSTALL_TARGET} -make -j${CPUS} -make install - -# Copy Docker package -echo "Copying Docker ${DOCKER_VERSION}..." -mkdir -p ${BOSH_INSTALL_TARGET}/bin -cp -a ${BOSH_COMPILE_TARGET}/docker/docker-${DOCKER_VERSION} ${BOSH_INSTALL_TARGET}/bin/docker -chmod +x ${BOSH_INSTALL_TARGET}/bin/docker diff --git a/packages/docker/spec b/packages/docker/spec deleted file mode 100755 index 22005b8..0000000 --- a/packages/docker/spec +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: docker -dependencies: {} -files: - - docker/aufs-tools_3.2+20130722-1.1_amd64.deb - - docker/autoconf-2.69.tar.gz - - docker/bridge-utils-1.5.tar.gz - - docker/docker-1.7.0 diff --git a/packages/etcd-consistency-checker b/packages/etcd-consistency-checker new file mode 120000 index 0000000..04cf470 --- /dev/null +++ b/packages/etcd-consistency-checker @@ -0,0 +1 @@ +../src/etcd-release/packages/etcd-consistency-checker \ No newline at end of file diff --git a/packages/etcd-dns-checker b/packages/etcd-dns-checker new file mode 120000 index 0000000..f65da8a --- /dev/null +++ b/packages/etcd-dns-checker @@ -0,0 +1 @@ +../src/etcd-release/packages/etcd-dns-checker \ No newline at end of file diff --git a/packages/flannel b/packages/flannel new file mode 120000 index 0000000..aa4595e --- /dev/null +++ b/packages/flannel @@ -0,0 +1 @@ +../src/docker-boshrelease/packages/flannel \ No newline at end of file diff --git a/packages/flannel/packaging b/packages/flannel/packaging deleted file mode 100644 index 30b89bd..0000000 --- a/packages/flannel/packaging +++ /dev/null @@ -1,6 +0,0 @@ -set -e -x -export GOROOT=$(readlink -nf /var/vcap/packages/golang) -export PATH=$GOROOT/bin:$PATH -cd flannel -./build -cp -r bin ${BOSH_INSTALL_TARGET} diff --git a/packages/flannel/spec b/packages/flannel/spec deleted file mode 100644 index fb28ccb..0000000 --- a/packages/flannel/spec +++ /dev/null @@ -1,7 +0,0 @@ ---- -name: flannel -dependencies: - - git - - golang -files: - - flannel/**/* diff --git a/packages/git/packaging b/packages/git/packaging deleted file mode 100644 index 814fa85..0000000 --- a/packages/git/packaging +++ /dev/null @@ -1,8 +0,0 @@ -set -e -x - -tar xzf git/git-1.7.11.2.tar.gz - -cd git-1.7.11.2 -./configure --prefix=${BOSH_INSTALL_TARGET} -make NO_TCLTK=Yes NO_PYTHON=Yes -make NO_TCLTK=Yes NO_PYTHON=Yes install \ No newline at end of file diff --git a/packages/git/spec b/packages/git/spec deleted file mode 100644 index 67d4670..0000000 --- a/packages/git/spec +++ /dev/null @@ -1,4 +0,0 @@ ---- -name: git -files: -- git/git-1.7.11.2.tar.gz \ No newline at end of file diff --git a/packages/golang/packaging b/packages/golang/packaging deleted file mode 100644 index 6ed35b5..0000000 --- a/packages/golang/packaging +++ /dev/null @@ -1,4 +0,0 @@ -set -e - -tar xzf golang/go1.2.1.linux-amd64.tar.gz -cp -R go/* ${BOSH_INSTALL_TARGET} diff --git a/packages/golang/spec b/packages/golang/spec deleted file mode 100644 index dee8a5f..0000000 --- a/packages/golang/spec +++ /dev/null @@ -1,5 +0,0 @@ ---- -name: golang - -files: - - golang/go1.2.1.linux-amd64.tar.gz diff --git a/packages/golang1.4 b/packages/golang1.4 deleted file mode 120000 index 51d5840..0000000 --- a/packages/golang1.4 +++ /dev/null @@ -1 +0,0 @@ -../src/etcd-release/packages/golang1.4 \ No newline at end of file diff --git a/packages/golang1.7 b/packages/golang1.7 new file mode 120000 index 0000000..56d297e --- /dev/null +++ b/packages/golang1.7 @@ -0,0 +1 @@ +../src/etcd-release/packages/golang1.7 \ No newline at end of file diff --git a/packages/guestbook-example/packaging b/packages/guestbook-example/packaging index 2bd415b..5f7b328 100644 --- a/packages/guestbook-example/packaging +++ b/packages/guestbook-example/packaging @@ -1,3 +1,5 @@ +#!/bin/bash + set -e -x cp kubernetes/examples/guestbook/*.yaml ${BOSH_INSTALL_TARGET} -echo ' type: NodePort' >> ${BOSH_INSTALL_TARGET}/frontend-service.yaml +echo ' type: NodePort' >> ${BOSH_INSTALL_TARGET}/frontend-service.yaml diff --git a/packages/kubernetes/packaging b/packages/kubernetes/packaging index 02c2d72..0264478 100644 --- a/packages/kubernetes/packaging +++ b/packages/kubernetes/packaging @@ -1,13 +1,7 @@ #!/bin/bash set -e -x -export GOPATH=/var/vcap/data/tmp/go-tools -mkdir -p $GOPATH -export GOROOT=/var/vcap/packages/golang1.4 -export PATH=/var/vcap/packages/git/bin/:$GOROOT/bin:$GOPATH/bin:/var/vcap/packages/mercurial/bin:$PATH -/var/vcap/packages/golang1.4/bin/go get github.com/tools/godep -mkdir -p $GOPATH/src/github.com/GoogleCloudPlatform/ -cp -r kubernetes $GOPATH/src/github.com/GoogleCloudPlatform/ -cd $GOPATH/src/github.com/GoogleCloudPlatform/kubernetes -godep go build ./... -make all -cp ./_output/local/bin/linux/amd64/* ${BOSH_INSTALL_TARGET} + +mkdir -p ${BOSH_INSTALL_TARGET}/bin + +tar xzf kubernetes/kubernetes-server-linux-amd64.tar.gz +cp kubernetes/server/bin/* ${BOSH_INSTALL_TARGET}/bin diff --git a/packages/kubernetes/spec b/packages/kubernetes/spec index 258a64c..7abf7aa 100644 --- a/packages/kubernetes/spec +++ b/packages/kubernetes/spec @@ -1,10 +1,5 @@ --- name: kubernetes -dependencies: - - git - - golang1.4 - - mercurial +dependencies: [] files: - - kubernetes/**/* -excluded_files: - - kubernetes/Godeps/_workspace/src/github.com/fsouza/go-dockerclient/testing/data/symlink +- kubernetes/kubernetes-server-linux-amd64.tar.gz diff --git a/packages/mercurial/packaging b/packages/mercurial/packaging deleted file mode 100644 index 8750a64..0000000 --- a/packages/mercurial/packaging +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -e -x -tar zxvf mercurial/mercurial-3.1.1.tar.gz -cd mercurial-3.1.1/ -export PATH=/var/vcap/packages/python/bin:$PATH -make PREFIX=${BOSH_INSTALL_TARGET} install-bin diff --git a/packages/mercurial/spec b/packages/mercurial/spec deleted file mode 100644 index 650e504..0000000 --- a/packages/mercurial/spec +++ /dev/null @@ -1,6 +0,0 @@ ---- -name: mercurial -dependencies: - - python -files: - - mercurial/**/* diff --git a/packages/python/packaging b/packages/python/packaging index 2c8fc2d..f4c1c14 100644 --- a/packages/python/packaging +++ b/packages/python/packaging @@ -1,6 +1,25 @@ -#!/bin/bash -set -e -x -tar zxvf python/Python-2.7.8.tgz -cd Python-2.7.8 -./configure --prefix=${BOSH_INSTALL_TARGET} -make install +set -e # abort script on any command that exit with a non zero value + +version="2.7.8" +echo "Python: ${version}" + +name="Python-${version}" +archive=python/${name}.tgz + +if [[ -f ${archive} ]] ; then + echo "Archive: ${archive} found" +else + echo "Archive: ${archive} not found" + exit 1 +fi + +echo "Extracting archive..." +tar zxf ${archive} + +if [[ $? != 0 ]] ; then + echo "Archive: ${archive}" + exit 1 +fi + +cd ${name} +./configure --prefix=${BOSH_INSTALL_TARGET} && make && make install diff --git a/packages/python/spec b/packages/python/spec index e4eb947..a9b5ef9 100644 --- a/packages/python/spec +++ b/packages/python/spec @@ -1,4 +1,4 @@ --- name: python files: - - python/**/* +- python/Python-2.7.8.tgz diff --git a/src/docker-boshrelease b/src/docker-boshrelease new file mode 160000 index 0000000..0b86481 --- /dev/null +++ b/src/docker-boshrelease @@ -0,0 +1 @@ +Subproject commit 0b86481f25828017f610e3073cbb850f9242e917 diff --git a/src/etcd-consistency-checker b/src/etcd-consistency-checker new file mode 120000 index 0000000..159fe45 --- /dev/null +++ b/src/etcd-consistency-checker @@ -0,0 +1 @@ +etcd-release/src/etcd-consistency-checker \ No newline at end of file diff --git a/src/etcd-dns-checker b/src/etcd-dns-checker new file mode 120000 index 0000000..1444162 --- /dev/null +++ b/src/etcd-dns-checker @@ -0,0 +1 @@ +etcd-release/src/etcd-dns-checker \ No newline at end of file diff --git a/src/etcd-release b/src/etcd-release index 42b00cf..a0b5916 160000 --- a/src/etcd-release +++ b/src/etcd-release @@ -1 +1 @@ -Subproject commit 42b00cf2b70210c4812d790ddc82a5b2e9f0f8c6 +Subproject commit a0b5916319ba1317b276d170bc396bf4388e943a diff --git a/src/flannel b/src/flannel deleted file mode 160000 index 1d34aa2..0000000 --- a/src/flannel +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 1d34aa2f99c4643a1982670caac65892429d485f diff --git a/src/kubernetes b/src/kubernetes index 6a5c06e..e569a27 160000 --- a/src/kubernetes +++ b/src/kubernetes @@ -1 +1 @@ -Subproject commit 6a5c06e3d1eb27a6310a09270e4a5fb1afa93e74 +Subproject commit e569a27d02001e343cb68086bc06d47804f62af6 diff --git a/templates/k8s-deployment.yml b/templates/k8s-deployment.yml index 32ffdef..b3008e6 100644 --- a/templates/k8s-deployment.yml +++ b/templates/k8s-deployment.yml @@ -1,18 +1,13 @@ --- name: kubernetes -director_uuid: (( merge )) -releases: - - name: kubernetes - version: latest - -compilation: - workers: 4 - network: default - reuse_compilation_vms: false - cloud_properties: (( merge )) +director_uuid: (( param "please define director uuid" )) -resource_pools: (( merge )) +releases: +- name: kubernetes + version: latest +- name: consul + version: latest update: canaries: 0 @@ -20,8 +15,3 @@ update: update_watch_time: 30000-240000 max_in_flight: 1 serial: true - -networks: (( merge )) -jobs: (( merge )) -resource_pools: (( merge )) -properties: (( merge )) diff --git a/templates/k8s-infrastructure-aws.yml b/templates/k8s-infrastructure-aws.yml index 4523434..479abd1 100644 --- a/templates/k8s-infrastructure-aws.yml +++ b/templates/k8s-infrastructure-aws.yml @@ -1,63 +1,39 @@ -compilation: - cloud_properties: - availability_zone: us-east-1a - instance_type: m3.large +meta: + aws: + default_region: (( param "please specify default AWS region" )) -resource_pools: - - name: default - network: default - stemcell: - name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent - version: latest - cloud_properties: - instance_type: m3.large +stemcells: +- alias: default + name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent + version: latest -networks: - - name: default - type: manual - subnets: - - range: 10.0.18.0/24 - reserved: - - 10.0.18.2 - - 10.0.18.3 - - 10.0.18.4 - - 10.0.18.5 - - 10.0.18.6 - - 10.0.18.7 - - 10.0.18.8 - - 10.0.18.9 - static: - - 10.0.18.10 - - 10.0.18.11 - - 10.0.18.12 - - 10.0.18.13 - cloud_properties: - subnet: subnet-00000000 - dns: - - 10.0.0.2 - gateway: 10.0.18.1 - range: 10.0.18.0/24 - -jobs: - - name: master - instances: 1 - networks: - - name: default - static_ips: (( static_ips(0) )) - - name: minion - instances: 2 - networks: - - name: default - static_ips: (( static_ips(1, 2) )) - - name: guestbook-example - lifecycle: errand - instances: 1 - networks: - - name: default - -properties: - apiserver: - host: (( jobs.master.networks.default.static_ips.[0] )) - machines: (( jobs.master.networks.default.static_ips jobs.minion.networks.default.static_ips )) - etcd: - machines: (( jobs.master.networks.default.static_ips jobs.minion.networks.default.static_ips )) +instance_groups: +- name: etcd + vm_extension: kubernetes-etcd-profile +- name: master + jobs: + - name: kubernetes-master + properties: + cloud-provider: aws + cloud-credentials: + master: + AWS_DEFAULT_REGION: (( grab meta.aws.default_region )) + AWS_REGION: (( grab meta.aws.default_region )) + - name: kubernetes-minion + properties: + cloud-provider: aws + cloud-credentials: + minion: + AWS_DEFAULT_REGION: (( grab meta.aws.default_region )) + AWS_REGION: (( grab meta.aws.default_region )) + vm_extension: kubernetes-master-profile +- name: minion + jobs: + - name: kubernetes-minion + properties: + cloud-provider: aws + cloud-credentials: + minion: + AWS_DEFAULT_REGION: (( grab meta.aws.default_region )) + AWS_REGION: (( grab meta.aws.default_region )) + vm_extension: kubernetes-minion-profile diff --git a/templates/k8s-infrastructure-warden.yml b/templates/k8s-infrastructure-warden.yml deleted file mode 100644 index ab5c577..0000000 --- a/templates/k8s-infrastructure-warden.yml +++ /dev/null @@ -1,74 +0,0 @@ -compilation: - cloud_properties: {} - -resource_pools: - - name: default - network: default - stemcell: - name: bosh-warden-boshlite-ubuntu-trusty-go_agent - version: latest - cloud_properties: {} - -networks: - - name: default - subnets: - - range: 10.244.8.4/30 - reserved: [10.244.8.5] - static: [10.244.8.6] - cloud_properties: {} - - range: 10.244.8.8/30 - reserved: [10.244.8.9] - static: [10.244.8.10] - cloud_properties: {} - - range: 10.244.8.12/30 - reserved: [10.244.8.13] - static: [10.244.8.14] - cloud_properties: {} - - range: 10.244.8.16/30 - reserved: [10.244.8.17] - static: [10.244.8.18] - cloud_properties: {} - - range: 10.244.8.20/30 - reserved: [10.244.8.21] - static: [10.244.8.22] - cloud_properties: {} - - range: 10.244.8.24/30 - reserved: [10.244.8.25] - static: [] - cloud_properties: {} - - range: 10.244.8.28/30 - reserved: [10.244.8.29] - static: [] - cloud_properties: {} - - range: 10.244.8.32/30 - reserved: [10.244.8.33] - static: [] - cloud_properties: {} - - range: 10.244.8.36/30 - reserved: [10.244.8.37] - static: [] - cloud_properties: {} - -jobs: - - name: master - instances: 1 - networks: - - name: default - static_ips: (( static_ips(0) )) - - name: minion - instances: 2 - networks: - - name: default - static_ips: (( static_ips(1, 2) )) - - name: guestbook-example - lifecycle: errand - instances: 1 - networks: - - name: default - -properties: - apiserver: - host: (( jobs.master.networks.default.static_ips.[0] )) - machines: (( jobs.master.networks.default.static_ips jobs.minion.networks.default.static_ips )) - etcd: - machines: (( jobs.master.networks.default.static_ips jobs.minion.networks.default.static_ips )) diff --git a/templates/k8s-jobs.yml b/templates/k8s-jobs.yml index 2490fdf..ab11d29 100644 --- a/templates/k8s-jobs.yml +++ b/templates/k8s-jobs.yml @@ -1,66 +1,136 @@ -jobs: - - name: master - templates: - - name: docker - - name: etcd - - name: flannel - - name: kubernetes-minion - - name: kubernetes-master - instances: 1 - resource_pool: default - persistent_disk: 65536 - networks: - - name: default - static_ips: (( merge )) +instance_groups: +- name: consul + jobs: + - name: consul + release: consul + instances: 3 + vm_type: kubernetes_consul + disk_type: kubernetes + stemcell: default + azs: [z1] + networks: + - name: services + static_ips: (( param "specify static ips for consul instances" )) + +- name: etcd + jobs: + - name: etcd + release: kubernetes properties: - networks: - apps: default - - name: minion - templates: - - name: docker - - name: etcd - - name: flannel - - name: kubernetes-minion - instances: 2 - resource_pool: default - persistent_disk: 65536 - networks: - - name: default - static_ips: (( merge )) + etcd: + machines: (( grab instance_groups.etcd.networks.services.static_ips )) + require_ssl: false + peer_require_ssl: false + instances: 3 + vm_type: kubernetes_etcd + disk_type: kubernetes + stemcell: default + azs: [z1] + networks: + - name: services + static_ips: (( param "specify static ips for etcd instances" )) + +- name: master + jobs: + - name: docker + release: kubernetes + - name: flannel + release: kubernetes + - name: kubernetes-minion + release: kubernetes properties: - networks: - apps: default - - name: create-kubernetes-dns - lifecycle: errand - templates: - - name: create-kubernetes-dns - instances: 1 - resource_pool: default - networks: - - name: default + manifest-dirs: [/var/vcap/jobs/kubernetes-master/manifests] + schedulable: false + apiserver: + hosts: (( grab instance_groups.master.networks.services.static_ips )) + cloud-credentials: (( param "specify cloud-credentials" )) + - name: kubernetes-master + release: kubernetes properties: - networks: - apps: default - - name: guestbook-example - lifecycle: errand - templates: - - name: guestbook-example - - name: flannel - instances: 1 - resource_pool: default - networks: - - name: default + etcd: + machines: (( grab instance_groups.etcd.networks.services.static_ips )) + consul: + join_hosts: (( grab instance_groups.consul.networks.services.static_ips )) + apiserver: + hosts: (( grab instance_groups.master.networks.services.static_ips )) + cloud-credentials: (( param "specify cloud-credentials" )) + certs: + ca: (( param "specify CA cert" )) + kubernetes: (( param "specify kubernetes cert" )) + kubernetes-key: (( param "specify kubernetes cert key" )) + instances: 3 + vm_type: kubernetes_master + disk_type: kubernetes + stemcell: default + azs: [z1] + networks: + - name: services + static_ips: (( param "specify static ips for master instances" )) + +- name: minion + jobs: + - name: docker + release: kubernetes + - name: flannel + release: kubernetes + - name: kubernetes-minion + release: kubernetes properties: - networks: - apps: default + schedulable: true + apiserver: + hosts: (( grab instance_groups.master.networks.services.static_ips )) + cloud-credentials: (( param "specify cloud-credentials" )) + instances: 3 + vm_type: kubernetes_minion + disk_type: kubernetes + stemcell: default + azs: [z1] + networks: + - name: services + static_ips: (( param "specify static ips for minion instances" )) -properties: - apiserver: - host: (( static_ips(0) )) - machines: (( merge )) - etcd: - machines: (( merge )) - require_ssl: false - peer_require_ssl: false +- name: create-kubernetes-dns + lifecycle: errand + jobs: + - name: create-kubernetes-dns + release: kubernetes + properties: + apiserver: + host: (( grab instance_groups.master.networks.services.static_ips.[0] )) + instances: 1 + vm_type: errand_small + stemcell: default + azs: [z1] + networks: + - name: services + +- name: create-kubernetes-monitoring + lifecycle: errand + jobs: + - name: create-kubernetes-monitoring + release: kubernetes + properties: + nodes: (( grab instance_groups.master.networks.services.static_ips instance_groups.minion.networks.services.static_ips )) + apiserver: + host: (( grab instance_groups.master.networks.services.static_ips.[0] )) + instances: 1 + vm_type: errand_small + stemcell: default + azs: [z1] + networks: + - name: services -resource_pools: (( merge )) +- name: apply-kubernetes-manifests + lifecycle: errand + jobs: + - name: apply-kubernetes-manifests + release: kubernetes + properties: + apiserver: + host: (( grab instance_groups.master.networks.services.static_ips.[0] )) + instances: 1 + vm_type: errand_small + stemcell: default + azs: [z1] + networks: + - name: services diff --git a/templates/k8s-stub-aws.yml b/templates/k8s-stub-aws.yml new file mode 100644 index 0000000..f9c3176 --- /dev/null +++ b/templates/k8s-stub-aws.yml @@ -0,0 +1,50 @@ +meta: + aws: + default_region: us-gov-west-1 + +director_uuid: DIRECTOR_UUID + +instance_groups: +- name: consul + properties: + consul: + default_recursor: 8.8.8.8 + ssl_ca: -- SECRET -- + ssl_cert: -- SECRET -- + ssl_key: -- SECRET -- + domain: kubernetes + encrypt: SECRETKEY + networks: + - name: services + static_ips: + - 10.1.100.100 + - 10.1.100.101 + - 10.1.100.102 +- name: etcd + networks: + - name: services + static_ips: + - 10.1.100.103 + - 10.1.100.104 + - 10.1.100.105 +- name: master + networks: + - name: services + static_ips: + - 10.1.100.106 + - 10.1.100.107 + - 10.1.100.108 + jobs: + - name: kubernetes-master + properties: + certs: + ca: -- SECRET -- + kubernetes: -- SECRET -- + kubernetes-key: -- SECRET -- +- name: minion + networks: + - name: services + static_ips: + - 10.1.100.109 + - 10.1.100.110 + - 10.1.100.111 \ No newline at end of file diff --git a/update-kubernetes.sh b/update-kubernetes.sh new file mode 100755 index 0000000..45576a3 --- /dev/null +++ b/update-kubernetes.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e +set -x + +VERSION=$1 +if [ -z "${VERSION}" ]; then + echo 'Usage: ./update-kubernetes.sh ' + exit 1 +fi + +mkdir tmp +pushd tmp + curl -O -L https://github.com/kubernetes/kubernetes/releases/download/${VERSION}/kubernetes.tar.gz + tar xf kubernetes.tar.gz +popd + +KUBERNETES_SKIP_CONFIRM=true ./tmp/kubernetes/cluster/get-kube-binaries.sh + +# Using the new BOSH-cli v2 +bosh add-blob tmp/kubernetes/server/kubernetes-server-linux-amd64.tar.gz kubernetes/kubernetes-server-linux-amd64.tar.gz +bosh -n upload-blobs