Alexandros Kosiaris has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/323816 )
Change subject: calico: add module/profile to use as kubernetes networking ...................................................................... calico: add module/profile to use as kubernetes networking Change-Id: If5824a3c1014435aec2f44c1c245bdeb64a048ff --- A modules/calico/manifests/cni.pp A modules/calico/manifests/init.pp A modules/calico/templates/cni.conf.erb A modules/calico/templates/initscripts/calico-node.systemd.erb A modules/profile/manifests/calico/kubernetes.pp 5 files changed, 166 insertions(+), 0 deletions(-) Approvals: Alexandros Kosiaris: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/calico/manifests/cni.pp b/modules/calico/manifests/cni.pp new file mode 100644 index 0000000..dc95510 --- /dev/null +++ b/modules/calico/manifests/cni.pp @@ -0,0 +1,32 @@ +# == Class calico::cni +# +# Installs and configure the cni plugins for calico. + +class calico::cni { + require ::calico + + package { 'cni': + ensure => $::calico::cni_version, + } + + package { 'calico-cni': + ensure => $::calico::calico_cni_version, + } + + $etcd_endpoints = $::calico::etcd_endpoints + + file { ['/etc/cni', '/etc/cni/net.d']: + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + + file { '/etc/cni/net.d/10-calico.conf': + content => template('calico/cni.conf.erb'), + owner => 'root', + group => 'root', + mode => '0755', + before => Package['calico-cni'], + } +} diff --git a/modules/calico/manifests/init.pp b/modules/calico/manifests/init.pp new file mode 100644 index 0000000..2206dc9 --- /dev/null +++ b/modules/calico/manifests/init.pp @@ -0,0 +1,57 @@ +# == Class calico +# +# Installs and runs calico-node and calicoctl +class calico( + $etcd_endpoints, + $registry, + $calico_version='2.0', +) { + requires_os('debian >= jessie') + + file { '/etc/calico': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + + base::expose_puppet_certs { '/etc/calico': + ensure => present, + provide_private => false, + require => File['/etc/calico'], + } + + # Needed for calicoctl + apt::pin { 'go': + package => 'golang-go-linux-amd64 golang-src', + pin => 'release a=jessie-backports', + priority => '1001', + before => Package['calicoctl'], + } + + + case $calico_version { + '2.0': { + $calicoctl_version = '1.0.0-betarc5-1~wmf1' + $calico_node_version = '1.0.0-beta-rc5' + $calico_cni_version = '1.5.0-1~wmf1' + $cni_version = '0.3.0-1~wmf1' + } + default: { fail('Unsupported calico version') } + } + + package { 'calicoctl': + ensure => $calicoctl_version, + } + + package { "${registry}/calico/node": + ensure => $calico_node_version, + provider => 'docker', + } + + base::service_unit { 'calico-node': + ensure => present, + systemd => true, + require => Package['calico-node'] + } +} diff --git a/modules/calico/templates/cni.conf.erb b/modules/calico/templates/cni.conf.erb new file mode 100644 index 0000000..da75240 --- /dev/null +++ b/modules/calico/templates/cni.conf.erb @@ -0,0 +1,18 @@ +{ + "name": "calico-k8s-network", + "type": "calico", + "etcd_endpoints": "<%= @etcd_endpoints.join(',') %>", + "etcd_ca_cert_file": "/etc/ssl/certs/Puppet_Internal_CA.pem", + "etcd_key_file": "/etc/calico/ssl/server.key", + "etcd_cert_file": "/etc/calico/ssl/cert.pem", + "log_level": "info", + "ipam": { + "type": "calico-ipam" + }, + "policy": { + "type": "k8s" + }, + "kubernetes": { + "kubeconfig": "/etc/kubernetes/kubeconfig" + } +} diff --git a/modules/calico/templates/initscripts/calico-node.systemd.erb b/modules/calico/templates/initscripts/calico-node.systemd.erb new file mode 100644 index 0000000..e78382b --- /dev/null +++ b/modules/calico/templates/initscripts/calico-node.systemd.erb @@ -0,0 +1,40 @@ +[Unit] +Description=calico node +After=docker.service +Requires=docker.service + +[Service] +User=root +Environment="ETCD_ENDPOINTS=<%= @etcd_endpoints.join(',') %>" +Environment="ETCD_CA=/etc/ssl/certs/Puppet_Internal_CA.pem" +Environment="ETCD_KEY=/etc/calico/ssl/server.key" +Environment="ETCD_CERT=/etc/calico/ssl/cert.pem" +PermissionsStartOnly=true +ExecStart=/usr/bin/docker run \ + --net=host \ + --privileged \ + --name=calico-node \ + -e ETCD_ENDPOINTS \ + -e HOSTNAME=<%= @hostname %> \ + -e IP= \ + -e IP6= \ + -e NO_DEFAULT_POOLS= \ + -e AS= \ + -e ETCD_CA \ + -e ETCD_KEY \ + -e ETCD_CERT \ + -e ETCD_SCHEME=https \ + -e CALICO_LIBNETWORK_ENABLED=true \ + -e CALICO_NETWORKING_BACKEND=bird \ + -v /var/run/calico:/var/run/calico \ + -v /lib/modules:/lib/modules \ + -v /run/docker/plugins:/run/docker/plugins \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /var/log/calico:/var/log/calico \ + calico/node:<%= @calico_node_version %> +ExecStop=/usr/bin/docker rm -f calico-node +Restart=always +RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/modules/profile/manifests/calico/kubernetes.pp b/modules/profile/manifests/calico/kubernetes.pp new file mode 100644 index 0000000..0b89733 --- /dev/null +++ b/modules/profile/manifests/calico/kubernetes.pp @@ -0,0 +1,19 @@ +# == Class profile::calico::kubernetes +# +# Installs calico for use in a kubernetes cluster. +# This follows http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/#manual-installation + +class profile::calico::kubernetes { + $etcd_endpoints = hiera('profile::calico::kubernetes::etcd_endpoints') + $calico_version = hiera('profile::calico::kubernetes::calico_version') + $registry = hiera('profile::calico::kubernetes::docker::registry') + + class { '::calico': + etcd_endpoints => $etcd_endpoints, + calico_version => $calico_version, + registry => $registry, + } + + class { '::calico::cni': + } +} -- To view, visit https://gerrit.wikimedia.org/r/323816 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If5824a3c1014435aec2f44c1c245bdeb64a048ff Gerrit-PatchSet: 6 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits