Skip to content
This repository has been archived by the owner on Jan 27, 2021. It is now read-only.
/ kioto Public archive

Kubernetes Openstack Terraform GeneratOr

License

Notifications You must be signed in to change notification settings

pblaas/kioto

Repository files navigation

❗ This project is inactive due to a new project which supersedes this project's functionality. You can find it at https://github.com/pblaas/nagoya.

Project KiOTO

What is project KiOTO ?

KiOTO is my take on a tool to deploy a high available Kubernetes cluster on OpenStack.

KiOTO is an acronym for Kubernetes Openstack Terraform generatOr.

How does it work?

This project consists of the python script kioto.py and several template files. Through the Jinja2 templating engine a Terraform file is generated which is used to spin up a kubernetes cluster. The cloudinit files which are injected in the CoreOS Container Linux Terraformed nodes are generated by the python script.

Dependencies
  • OpenStack
  • Terraform
  • Python2.7
  • Jinja2 python module
  • git
  • Openstack 'allow-all' security group for SNAT ports.
Usage
usage: kioto.py [-h] [--corepassword COREPASSWORD] [--username USERNAME]
                [--projectname PROJECTNAME] [--clustername CLUSTERNAME]
                [--subnetcidr SUBNETCIDR] [--calicocidr CALICOCIDR]
                [--managers MANAGERS] [--workers WORKERS]
                [--managerimageflavor MANAGERIMAGEFLAVOR]
                [--workerimageflavor WORKERIMAGEFLAVOR]
                [--glanceimagename GLANCEIMAGENAME] [--dnsserver DNSSERVER]
                [--cloudprovider CLOUDPROVIDER] [--k8sver K8SVER]
                [--flannelver FLANNELVER] [--netoverlay NETOVERLAY]
                [--authmode AUTHMODE] [--alphafeatures ALPHAFEATURES]
                [--availabilityzone AVAILABILITYZONE]
                [--externalnetid EXTERNALNETID]
                keypair floatingip1 floatingip2

positional arguments:
  keypair               Keypair ID
  floatingip1           Floatingip 1 for API calls
  floatingip2           Floatingip 2 for public access to cluster

optional arguments:
  -h, --help            show this help message and exit
  --corepassword COREPASSWORD
                        Password to authenticate with core user
  --username USERNAME   Openstack username - (OS_USERNAME environment
                        variable)
  --projectname PROJECTNAME
                        Openstack project Name - (OS_TENANT_NAME environment
                        variable)
  --clustername CLUSTERNAME
                        Clustername - (k8scluster)
  --subnetcidr SUBNETCIDR
                        Private subnet CIDR - (192.168.3.0/24)
  --calicocidr CALICOCIDR
                        Calico subnet CIDR - (10.244.0.0/16)
  --managers MANAGERS   Number of k8s managers - (3)
  --workers WORKERS     Number of k8s workers - (0)
  --managerimageflavor MANAGERIMAGEFLAVOR
                        Manager image flavor ID - (2004)
  --workerimageflavor WORKERIMAGEFLAVOR
                        Worker image flavor ID - (2008)
  --glanceimagename GLANCEIMAGENAME
                        Glance image name ID - (Container Linux CoreOS (third-
                        party))
  --dnsserver DNSSERVER
                        DNS server - (8.8.8.8)
  --cloudprovider CLOUDPROVIDER
                        Cloud provider support - (openstack)
  --k8sver K8SVER       Hyperkube version - (v1.8.7_coreos.0)
  --flannelver FLANNELVER
                        Flannel image version - (v0.8.0)
  --netoverlay NETOVERLAY
                        Network overlay - (flannel)
  --authmode AUTHMODE   Authorization mode - (AlwaysAllow)
  --alphafeatures ALPHAFEATURES
                        enable alpha feature - (false)
  --availabilityzone AVAILABILITYZONE
                        Availability zone - (AMS-EQ1)
  --externalnetid EXTERNALNETID
                        External network id - (f9c73cd5-9e7b-4bfd-89eb-
                        c2f4f584c326)
Features
  • HA master K8S setup.
  • PKI on ETCD cluster.
  • PKI on K8S nodes.
  • RBAC authorization mode.
  • NodeRestriction admission control.
  • OpenStack provider for Storage through Cinder plugin.
  • Loadbalancing k8s managers through OpenStack (LBAAS).
  • Loadbalancing k8s workers (up to first three) through OpenStack (LBAAS) for ingress.
  • Flannel network overlay support.
  • Calico network overlay support.
  • Private network support.
  • All managers nodes are part of etcd2 cluster.
Caveats

If you are using this script without my managment container (pblaas/openstack-cli) make sure you set the following environment variables:

  • export OS_TENANT_ID=$OS_PROJECT_ID
  • export OS_TENANT_NAME=$OS_PROJECT_NAME

You're environment may use other defaults. Please let me know if you need to change anything to make this work on your end, not being on cloudvps.com so I can update the scripts and define this in provided params.