Skip to content
Snippets Groups Projects
Commit 8e8cf20c authored by Giuseppe Attardi's avatar Giuseppe Attardi
Browse files

Upgraded to CDK #218.

parent 6edc21ec
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 5
1
View file @ 8e8cf20c
...@@ -5,7 +5,10 @@ ...@@ -5,7 +5,10 @@
## Overview ## Overview
This is a `Kubernetes` cluster composed of the following components and features: This is a `Kubernetes` cluster using [Webhook Token Authentication](https://kubernetes.io/docs/reference/access-authn-authz/authentication/),
provided by the charm `cs:~csd-garr/kubernetes-keystone`.
This cluster is composed of the following components and features:
- `Kubernetes` (automated deployment, operations, and scaling) - `Kubernetes` (automated deployment, operations, and scaling)
- `Kubernetes` cluster with one master and three worker nodes. - `Kubernetes` cluster with one master and three worker nodes.
...@@ -13,6 +16,7 @@ This is a `Kubernetes` cluster composed of the following components and features ...@@ -13,6 +16,7 @@ This is a `Kubernetes` cluster composed of the following components and features
- TLS used for communication between nodes for security. - TLS used for communication between nodes for security.
- A CNI plugin (Flannel). - A CNI plugin (Flannel).
- A load balancer for HA `kubernetes-master`. - A load balancer for HA `kubernetes-master`.
- Webhook Token Authentication.
- Optional Ingress Controller (on worker). - Optional Ingress Controller (on worker).
- Optional `Dashboard` addon (on master) including `Heapster` for cluster monitoring. - Optional `Dashboard` addon (on master) including `Heapster` for cluster monitoring.
- EasyRSA - EasyRSA
......
bundle.yaml
+ 21
16
View file @ 8e8cf20c
...@@ -30,7 +30,7 @@ services: ...@@ -30,7 +30,7 @@ services:
gateway: 90.147.161.27/25 gateway: 90.147.161.27/25
easyrsa: easyrsa:
charm: cs:~containers/easyrsa-45 charm: cs:~containers/easyrsa-50
bindings: bindings:
"": space-os-mgmt "": space-os-mgmt
num_units: 1 num_units: 1
...@@ -42,7 +42,7 @@ services: ...@@ -42,7 +42,7 @@ services:
gui-y: '550' gui-y: '550'
etcd: etcd:
charm: cs:~containers/etcd-90 charm: cs:~containers/etcd-96
bindings: bindings:
"": space-os-mgmt "": space-os-mgmt
num_units: 3 num_units: 3
...@@ -58,7 +58,7 @@ services: ...@@ -58,7 +58,7 @@ services:
gui-y: '550' gui-y: '550'
flannel: flannel:
charm: cs:~containers/flannel-60 charm: cs:~containers/flannel-66
# no bindings # no bindings
options: options:
cidr: 10.111.0.0/16 cidr: 10.111.0.0/16
...@@ -67,7 +67,7 @@ services: ...@@ -67,7 +67,7 @@ services:
gui-y: '750' gui-y: '750'
kubeapi-load-balancer: kubeapi-load-balancer:
charm: cs:~containers/kubeapi-load-balancer-64 charm: cs:~containers/kubeapi-load-balancer-69
bindings: bindings:
"": space-os-mgmt "": space-os-mgmt
# necessary for getting a floating IP # necessary for getting a floating IP
...@@ -80,37 +80,41 @@ services: ...@@ -80,37 +80,41 @@ services:
gui-x: '450' gui-x: '450'
gui-y: '250' gui-y: '250'
kubernetes-keystone:
charm: ./kubernetes-keystone
options:
keystone-url: https://keystone.cloud.garr.it:5000/v3
webhook-authn-config: /root/cdk/webhook-authn.onfig
kubernetes-master: kubernetes-master:
charm: ./kubernetes-master charm: cs:~containers/kubernetes-master-122
bindings: bindings:
"": space-os-mgmt "": space-os-mgmt
#kube-api-endpoint: space-pub #kube-api-endpoint: space-pub
num_units: 1 num_units: 1
constraints: tags=kubernetes-public-ip cores=2 mem=4G #root-disk=16G constraints: tags=kubernetes-public-ip cores=2 mem=4G #root-disk=16G
options: options:
channel: 1.10/stable channel: 1.11/stable
authorization-mode: "Node,RBAC,Webhook" authorization-mode: "Node,RBAC"
keystone_url: https://keystone.cloud.garr.it:5000/v3
k8s_keystone_auth_image: zioproto/k8s-keystone-auth:e0fce6d3-dirty
# RBAC to allow access to dashboard to User "system:anonymous" # RBAC to allow access to dashboard to User "system:anonymous"
# Because of this bug https://github.com/kubernetes/kubernetes/issues/39722 # Because of this bug https://github.com/kubernetes/kubernetes/issues/39722
# the value must be false, rather than what the documentation says. # the value must be false, rather than what the documentation says.
api-extra-args: "anonymous-auth=false authorization-webhook-config-file=/root/cdk/webhook.kubeconfig" api-extra-args: "anonymous-auth=false authentication-token-webhook-config-file=/root/cdk/webhook-authn.onfig"
enable-dashboard-addons: True enable-dashboard-addons: True
annotations: annotations:
gui-x: '800' gui-x: '800'
gui-y: '850' gui-y: '850'
kubernetes-worker: kubernetes-worker:
charm: cs:~containers/kubernetes-worker-131 charm: cs:~containers/kubernetes-worker-138
bindings: bindings:
"": space-os-mgmt "": space-os-mgmt
num_units: 3 num_units: 3
constraints: tags=kubernetes cores=4 mem=4G #root-disk=16G constraints: tags=kubernetes cores=4 mem=4G #root-disk=16G
expose: true expose: true
options: options:
channel: 1.10/stable channel: 1.11/stable
cuda_repo: 9.2.88-1 #9.1.85-1 cuda_repo: 9.2.88-1
# Enable Cloud Controller Manager # Enable Cloud Controller Manager
# https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/ # https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/
# kubelet-extra-args: --cloud-provider=external # kubelet-extra-args: --cloud-provider=external
...@@ -119,7 +123,7 @@ services: ...@@ -119,7 +123,7 @@ services:
gui-y: '850' gui-y: '850'
kubernetes-worker-gpu: kubernetes-worker-gpu:
charm: cs:~containers/kubernetes-worker-131 charm: cs:~containers/kubernetes-worker-138
bindings: bindings:
"": space-os-mgmt "": space-os-mgmt
# charm: ./kubernetes-worker # patched for cuda-9.0 # charm: ./kubernetes-worker # patched for cuda-9.0
...@@ -127,8 +131,8 @@ services: ...@@ -127,8 +131,8 @@ services:
constraints: tags=gpu cores=4 mem=4G #root-disk=16G constraints: tags=gpu cores=4 mem=4G #root-disk=16G
expose: true expose: true
options: options:
channel: 1.10/stable channel: 1.11/stable
cuda_repo: 9.2.88-1 #9.1.85-1 cuda_repo: 9.2.88-1
# kubelet-extra-args: --cloud-provider=external # kubelet-extra-args: --cloud-provider=external
annotations: annotations:
gui-x: "520" gui-x: "520"
...@@ -206,6 +210,7 @@ relations: ...@@ -206,6 +210,7 @@ relations:
- ["kubernetes-master:loadbalancer", "kubeapi-load-balancer:loadbalancer"] - ["kubernetes-master:loadbalancer", "kubeapi-load-balancer:loadbalancer"]
- ["kubernetes-master:certificates", "easyrsa:client"] - ["kubernetes-master:certificates", "easyrsa:client"]
- ["kubernetes-master:juju-info", "defaultgw:juju-info"] - ["kubernetes-master:juju-info", "defaultgw:juju-info"]
- ["kubernetes-master:juju-info", "kubernetes-keystone:juju-info"]
- ["kubernetes-master:etcd", "etcd:db"] - ["kubernetes-master:etcd", "etcd:db"]
# Kube load balancer # Kube load balancer
- ["kubeapi-load-balancer:certificates", "easyrsa:client"] - ["kubeapi-load-balancer:certificates", "easyrsa:client"]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment