[MediaWiki-commits] [Gerrit] operations/puppet[production]: calico: add module/profile to use as kubernetes networking

Thu, 29 Dec 2016 06:40:53 -0800 

Alexandros Kosiaris has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/323816 )

Change subject: calico: add module/profile to use as kubernetes networking
......................................................................


calico: add module/profile to use as kubernetes networking

Change-Id: If5824a3c1014435aec2f44c1c245bdeb64a048ff
---
A modules/calico/manifests/cni.pp
A modules/calico/manifests/init.pp
A modules/calico/templates/cni.conf.erb
A modules/calico/templates/initscripts/calico-node.systemd.erb
A modules/profile/manifests/calico/kubernetes.pp
5 files changed, 166 insertions(+), 0 deletions(-)

Approvals:
  Alexandros Kosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/calico/manifests/cni.pp b/modules/calico/manifests/cni.pp
new file mode 100644
index 0000000..dc95510
--- /dev/null
+++ b/modules/calico/manifests/cni.pp
@@ -0,0 +1,32 @@
+# == Class calico::cni
+#
+# Installs and configure the cni plugins for calico.
+
+class calico::cni {
+    require ::calico
+
+    package { 'cni':
+        ensure => $::calico::cni_version,
+    }
+
+    package { 'calico-cni':
+        ensure => $::calico::calico_cni_version,
+    }
+
+    $etcd_endpoints = $::calico::etcd_endpoints
+
+    file { ['/etc/cni', '/etc/cni/net.d']:
+        ensure => directory,
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+    }
+
+    file { '/etc/cni/net.d/10-calico.conf':
+        content => template('calico/cni.conf.erb'),
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0755',
+        before  => Package['calico-cni'],
+    }
+}
diff --git a/modules/calico/manifests/init.pp b/modules/calico/manifests/init.pp
new file mode 100644
index 0000000..2206dc9
--- /dev/null
+++ b/modules/calico/manifests/init.pp
@@ -0,0 +1,57 @@
+# == Class calico
+#
+# Installs and runs calico-node and calicoctl
+class calico(
+    $etcd_endpoints,
+    $registry,
+    $calico_version='2.0',
+) {
+    requires_os('debian >= jessie')
+
+    file { '/etc/calico':
+        ensure => directory,
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+    }
+
+    base::expose_puppet_certs { '/etc/calico':
+        ensure          => present,
+        provide_private => false,
+        require         => File['/etc/calico'],
+    }
+
+    # Needed for calicoctl
+    apt::pin { 'go':
+        package  => 'golang-go-linux-amd64 golang-src',
+        pin      => 'release a=jessie-backports',
+        priority => '1001',
+        before   => Package['calicoctl'],
+    }
+
+
+    case $calico_version {
+        '2.0': {
+            $calicoctl_version = '1.0.0-betarc5-1~wmf1'
+            $calico_node_version = '1.0.0-beta-rc5'
+            $calico_cni_version = '1.5.0-1~wmf1'
+            $cni_version = '0.3.0-1~wmf1'
+        }
+        default: { fail('Unsupported calico version') }
+    }
+
+    package { 'calicoctl':
+        ensure => $calicoctl_version,
+    }
+
+    package { "${registry}/calico/node":
+        ensure   => $calico_node_version,
+        provider => 'docker',
+    }
+
+    base::service_unit { 'calico-node':
+        ensure  => present,
+        systemd => true,
+        require => Package['calico-node']
+    }
+}
diff --git a/modules/calico/templates/cni.conf.erb 
b/modules/calico/templates/cni.conf.erb
new file mode 100644
index 0000000..da75240
--- /dev/null
+++ b/modules/calico/templates/cni.conf.erb
@@ -0,0 +1,18 @@
+{
+    "name": "calico-k8s-network",
+    "type": "calico",
+    "etcd_endpoints": "<%= @etcd_endpoints.join(',') %>",
+    "etcd_ca_cert_file": "/etc/ssl/certs/Puppet_Internal_CA.pem",
+    "etcd_key_file": "/etc/calico/ssl/server.key",
+    "etcd_cert_file": "/etc/calico/ssl/cert.pem",
+    "log_level": "info",
+    "ipam": {
+        "type": "calico-ipam"
+    },
+    "policy": {
+        "type": "k8s"
+    },
+    "kubernetes": {
+        "kubeconfig": "/etc/kubernetes/kubeconfig"
+    }
+}
diff --git a/modules/calico/templates/initscripts/calico-node.systemd.erb 
b/modules/calico/templates/initscripts/calico-node.systemd.erb
new file mode 100644
index 0000000..e78382b
--- /dev/null
+++ b/modules/calico/templates/initscripts/calico-node.systemd.erb
@@ -0,0 +1,40 @@
+[Unit]
+Description=calico node
+After=docker.service
+Requires=docker.service
+
+[Service]
+User=root
+Environment="ETCD_ENDPOINTS=<%= @etcd_endpoints.join(',') %>"
+Environment="ETCD_CA=/etc/ssl/certs/Puppet_Internal_CA.pem"
+Environment="ETCD_KEY=/etc/calico/ssl/server.key"
+Environment="ETCD_CERT=/etc/calico/ssl/cert.pem"
+PermissionsStartOnly=true
+ExecStart=/usr/bin/docker run \
+  --net=host \
+  --privileged \
+  --name=calico-node \
+  -e ETCD_ENDPOINTS \
+  -e HOSTNAME=<%= @hostname %> \
+  -e IP= \
+  -e IP6= \
+  -e NO_DEFAULT_POOLS= \
+  -e AS= \
+  -e ETCD_CA \
+  -e ETCD_KEY \
+  -e ETCD_CERT \
+  -e ETCD_SCHEME=https \
+  -e CALICO_LIBNETWORK_ENABLED=true \
+  -e CALICO_NETWORKING_BACKEND=bird \
+  -v /var/run/calico:/var/run/calico \
+  -v /lib/modules:/lib/modules \
+  -v /run/docker/plugins:/run/docker/plugins \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v /var/log/calico:/var/log/calico \
+  calico/node:<%= @calico_node_version %>
+ExecStop=/usr/bin/docker rm -f calico-node
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/modules/profile/manifests/calico/kubernetes.pp 
b/modules/profile/manifests/calico/kubernetes.pp
new file mode 100644
index 0000000..0b89733
--- /dev/null
+++ b/modules/profile/manifests/calico/kubernetes.pp
@@ -0,0 +1,19 @@
+# == Class profile::calico::kubernetes
+#
+# Installs calico for use in a kubernetes cluster.
+# This follows 
http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/#manual-installation
+
+class profile::calico::kubernetes {
+    $etcd_endpoints = hiera('profile::calico::kubernetes::etcd_endpoints')
+    $calico_version = hiera('profile::calico::kubernetes::calico_version')
+    $registry = hiera('profile::calico::kubernetes::docker::registry')
+
+    class { '::calico':
+        etcd_endpoints => $etcd_endpoints,
+        calico_version => $calico_version,
+        registry       => $registry,
+    }
+
+    class { '::calico::cni':
+    }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/323816
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If5824a3c1014435aec2f44c1c245bdeb64a048ff
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to