From 5fb8c41459de1e094a0d5bbd22b16d2759006daa Mon Sep 17 00:00:00 2001 From: Anne McCormick Date: Thu, 7 Dec 2017 16:04:06 -0500 Subject: [PATCH] Updating PR with changes from review feedback --- install/k8s/install.sh | 4 +- install/k8s/k8s1.8/aci_gw.yaml | 61 ---- install/k8s/k8s1.8/cleanup.yaml | 64 ---- install/k8s/k8s1.8/contiv-grafana.yml | 51 --- install/k8s/k8s1.8/contiv-prometheus.yml | 86 ----- install/k8s/k8s1.8/contiv.yaml | 317 ------------------ install/k8s/k8s1.8/etcd.yaml | 55 --- install/k8s/k8s1.8/prometheus.yml | 30 -- install/k8s/{k8s1.6 => rbac}/aci_gw.yaml | 0 install/k8s/{k8s1.6 => rbac}/cleanup.yaml | 0 .../k8s/{k8s1.6 => rbac}/contiv-grafana.yml | 0 .../{k8s1.6 => rbac}/contiv-prometheus.yml | 0 install/k8s/{k8s1.6 => rbac}/contiv.yaml | 0 install/k8s/{k8s1.6 => rbac}/etcd.yaml | 0 install/k8s/{k8s1.6 => rbac}/prometheus.yml | 0 install/k8s/uninstall.sh | 4 +- 16 files changed, 2 insertions(+), 670 deletions(-) delete mode 100644 install/k8s/k8s1.8/aci_gw.yaml delete mode 100644 install/k8s/k8s1.8/cleanup.yaml delete mode 100644 install/k8s/k8s1.8/contiv-grafana.yml delete mode 100644 install/k8s/k8s1.8/contiv-prometheus.yml delete mode 100644 install/k8s/k8s1.8/contiv.yaml delete mode 100644 install/k8s/k8s1.8/etcd.yaml delete mode 100644 install/k8s/k8s1.8/prometheus.yml rename install/k8s/{k8s1.6 => rbac}/aci_gw.yaml (100%) rename install/k8s/{k8s1.6 => rbac}/cleanup.yaml (100%) rename install/k8s/{k8s1.6 => rbac}/contiv-grafana.yml (100%) rename install/k8s/{k8s1.6 => rbac}/contiv-prometheus.yml (100%) rename install/k8s/{k8s1.6 => rbac}/contiv.yaml (100%) rename install/k8s/{k8s1.6 => rbac}/etcd.yaml (100%) rename install/k8s/{k8s1.6 => rbac}/prometheus.yml (100%) diff --git a/install/k8s/install.sh b/install/k8s/install.sh index 1bfba04..545397b 100755 --- a/install/k8s/install.sh +++ b/install/k8s/install.sh @@ -17,10 +17,8 @@ fi k8sversion=$($kubectl version --short | grep "Server Version") if [[ "$k8sversion" == *"v1.4"* ]] || [[ "$k8sversion" == *"v1.5"* ]]; then k8sfolder="k8s1.4" -elif [[ "$k8sversion" == *"v1.6"* ]] || [[ "$k8sversion" == *"v1.7"* ]]; then - k8sfolder="k8s1.6" else - k8sfolder="k8s1.8" + k8sfolder="rbac" fi # diff --git a/install/k8s/k8s1.8/aci_gw.yaml b/install/k8s/k8s1.8/aci_gw.yaml deleted file mode 100644 index 6164b07..0000000 --- a/install/k8s/k8s1.8/aci_gw.yaml +++ /dev/null @@ -1,61 +0,0 @@ - -# This manifest installs contiv-aci-gw container on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: contiv-aci-gw - namespace: kube-system - labels: - k8s-app: contiv-aci-gw -spec: - selector: - matchLabels: - k8s-app: contiv-aci-gw - template: - metadata: - labels: - k8s-app: contiv-aci-gw - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/master: "" - serviceAccountName: contiv-netmaster - containers: - # Runs aci-gw container on each Kubernetes node. - - name: contiv-aci-gw - image: contiv/aci-gw:__ACI_GW_VERSION__ - env: - - name: APIC_URL - value: "__APIC_URL__" - - name: APIC_USERNAME - value: "__APIC_USERNAME__" - - name: APIC_PASSWORD - value: "__APIC_PASSWORD__" - - name: APIC_CERT_DN - value: "__APIC_CERT_DN__" - - name: APIC_LEAF_NODE - value: "__APIC_LEAF_NODE__" - - name: APIC_PHYS_DOMAIN - value: "__APIC_PHYS_DOMAIN__" - - name: APIC_EPG_BRIDGE_DOMAIN - value: "__APIC_EPG_BRIDGE_DOMAIN__" - - name: APIC_CONTRACTS_UNRESTRICTED_MODE - value: "__APIC_CONTRACTS_UNRESTRICTED_MODE__" - securityContext: - privileged: false - volumeMounts: - - mountPath: /aciconfig - name: aci-config - volumes: - - name: aci-config - secret: - secretName: aci.key - ---- - diff --git a/install/k8s/k8s1.8/cleanup.yaml b/install/k8s/k8s1.8/cleanup.yaml deleted file mode 100644 index 9b6d8c3..0000000 --- a/install/k8s/k8s1.8/cleanup.yaml +++ /dev/null @@ -1,64 +0,0 @@ - -# This manifest runs the contiv-cleanup container -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: contiv-cleanup - namespace: kube-system - labels: - k8s-app: contiv-cleanup -spec: - selector: - matchLabels: - k8s-app: contiv-cleanup - template: - metadata: - labels: - k8s-app: contiv-cleanup - spec: - hostNetwork: true - hostPID: true - containers: - # Runs netplugin cleanup container on each Kubernetes node. - - name: contiv-cleanup - image: contiv/netplugin:__CONTIV_VERSION__ - args: - - -pkubernetes - - -r - securityContext: - privileged: true - volumeMounts: - - mountPath: /etc/openvswitch - name: etc-openvswitch - readOnly: false - - mountPath: /var/run - name: var-run - readOnly: false - - mountPath: /var/contiv - name: var-contiv - readOnly: false - - mountPath: /opt/cni/bin - name: cni-bin-dir - readOnly: false - - mountPath: /etc/cni/net.d/ - name: etc-cni-dir - readOnly: false - volumes: - # Used by contiv-cleanup - - name: etc-openvswitch - hostPath: - path: /etc/openvswitch - - name: var-run - hostPath: - path: /var/run - - name: var-contiv - hostPath: - path: /var/contiv - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: etc-cni-dir - hostPath: - path: /etc/cni/net.d/ ---- - diff --git a/install/k8s/k8s1.8/contiv-grafana.yml b/install/k8s/k8s1.8/contiv-grafana.yml deleted file mode 100644 index 45b49ae..0000000 --- a/install/k8s/k8s1.8/contiv-grafana.yml +++ /dev/null @@ -1,51 +0,0 @@ -# Grafana is a process and hence needs service account access ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: grafana - namespace: kube-system -# Deploy Grafana as a replicaset with one container ---- -apiVersion: extensions/v1beta1 -kind: ReplicaSet -metadata: - name: contiv-grafana - namespace: kube-system - labels: - k8s-app: contiv-grafana -spec: - replicas: 1 - template: - metadata: - name: contiv-grafana - labels: - k8s-app: contiv-grafana - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/master: "" - containers: - - name: contiv-grafana - image: grafana/grafana - serviceAccountName: grafana -# Expose Grafana as a service ---- -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: kube-system -spec: - type: NodePort - selector: - k8s-app: contiv-grafana - ports: - - protocol: TCP - port: 3000 - nodePort: 32701 - diff --git a/install/k8s/k8s1.8/contiv-prometheus.yml b/install/k8s/k8s1.8/contiv-prometheus.yml deleted file mode 100644 index b7c1568..0000000 --- a/install/k8s/k8s1.8/contiv-prometheus.yml +++ /dev/null @@ -1,86 +0,0 @@ -# Gives Prometheus permission to share the cluster -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: prometheus - namespace: kube-system -rules: -- apiGroups: [""] - resources: - - pods - verbs: ["get", "list", "watch"] -- nonResourceURLs: ["/metrics"] - verbs: ["get"] ---- -# Prometheus is a process and hence needs service account access -apiVersion: v1 -kind: ServiceAccount -metadata: - name: prometheus - namespace: kube-system -# Binds Prometheus to the kube-system namespace ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: prometheus - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus -subjects: -- kind: ServiceAccount - name: prometheus - namespace: kube-system -# Deploy prometheus as a replicaset with one container ---- -apiVersion: extensions/v1beta1 -kind: ReplicaSet -metadata: - name: contiv-prometheus - namespace: kube-system - labels: - k8s-app: contiv-prometheus -spec: - replicas: 1 - template: - metadata: - name: contiv-prometheus - labels: - k8s-app: contiv-prometheus - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/master: "" - containers: - - name: contiv-prometheus - image: prom/prometheus - volumeMounts: - - mountPath: /etc/prometheus - name: var-contiv - volumes: - - name: var-contiv - hostPath: - path: /var/contiv - serviceAccountName: prometheus -# Expose prometheus as a service ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: kube-system -spec: - type: NodePort - selector: - k8s-app: contiv-prometheus - ports: - - protocol: TCP - port: 9090 - nodePort: 32700 - diff --git a/install/k8s/k8s1.8/contiv.yaml b/install/k8s/k8s1.8/contiv.yaml deleted file mode 100644 index 14923f3..0000000 --- a/install/k8s/k8s1.8/contiv.yaml +++ /dev/null @@ -1,317 +0,0 @@ ---- - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: contiv-netplugin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: contiv-netplugin -subjects: -- kind: ServiceAccount - name: contiv-netplugin - namespace: kube-system ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: contiv-netplugin - namespace: kube-system -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - watch ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: contiv-netplugin - namespace: kube-system ---- - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: contiv-netmaster -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: contiv-netmaster -subjects: -- kind: ServiceAccount - name: contiv-netmaster - namespace: kube-system ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: contiv-netmaster - namespace: kube-system -rules: - - apiGroups: - - "" - - extensions - resources: - - pods - - nodes - - namespaces - - networkpolicies - verbs: - - watch - - list - - update ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: contiv-netmaster - namespace: kube-system - ---- - -# This ConfigMap is used to configure a self-hosted Contiv installation. -# It can be used with an external cluster store(etcd or consul) or used -# with the etcd instance being installed as contiv-etcd -kind: ConfigMap -apiVersion: v1 -metadata: - name: contiv-config - namespace: kube-system -data: - cluster_store: "etcd://__NETMASTER_IP__:6666" - vlan_if: "__VLAN_IF__" - # The CNI network configuration to install on each node. - cni_config: |- - { - "cniVersion": "0.1.0", - "name": "contiv-net", - "type": "contivk8s" - } - config: |- - { - "K8S_API_SERVER": "https://__NETMASTER_IP__:6443", - "K8S_CA": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", - "K8S_KEY": "", - "K8S_CERT": "", - "K8S_TOKEN": "", - "SVC_SUBNET": "10.96.0.0/12" - } ---- - -# This manifest installs contiv-netplugin container, as well -# as the Contiv CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: contiv-netplugin - namespace: kube-system - labels: - k8s-app: contiv-netplugin -spec: - selector: - matchLabels: - k8s-app: contiv-netplugin - template: - metadata: - labels: - k8s-app: contiv-netplugin - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9004' - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - hostNetwork: true - hostPID: true - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: contiv-netplugin - containers: - # Runs netplugin container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: netplugin-exporter - image: contiv/stats - env: - - name: CONTIV_ETCD - valueFrom: - configMapKeyRef: - name: contiv-config - key: cluster_store - - name: EXPORTER_MODE - value: 'netplugin' - - name: contiv-netplugin - image: contiv/netplugin:__CONTIV_VERSION__ - args: - - -pkubernetes - env: - - name: VLAN_IF - valueFrom: - configMapKeyRef: - name: contiv-config - key: vlan_if - - name: VTEP_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: CONTIV_ETCD - valueFrom: - configMapKeyRef: - name: contiv-config - key: cluster_store - - name: CONTIV_CNI_CONFIG - valueFrom: - configMapKeyRef: - name: contiv-config - key: cni_config - - name: CONTIV_CONFIG - valueFrom: - configMapKeyRef: - name: contiv-config - key: config - securityContext: - privileged: true - volumeMounts: - - mountPath: /etc/openvswitch - name: etc-openvswitch - readOnly: false - - mountPath: /lib/modules - name: lib-modules - readOnly: false - - mountPath: /var/run - name: var-run - readOnly: false - - mountPath: /var/contiv - name: var-contiv - readOnly: false - - mountPath: /opt/cni/bin - name: cni-bin-dir - readOnly: false - - mountPath: /etc/cni/net.d/ - name: etc-cni-dir - readOnly: false - volumes: - # Used by contiv-netplugin - - name: etc-openvswitch - hostPath: - path: /etc/openvswitch - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run - hostPath: - path: /var/run - - name: var-contiv - hostPath: - path: /var/contiv - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: etc-cni-dir - hostPath: - path: /etc/cni/net.d/ ---- - -# This manifest deploys the Contiv API Server on Kubernetes. -apiVersion: extensions/v1beta1 -kind: ReplicaSet -metadata: - name: contiv-netmaster - namespace: kube-system - labels: - k8s-app: contiv-netmaster -spec: - # The netmaster should have 1, 3, 5 nodes of which one is active at any given time. - # More nodes are desired in a production environment for HA. - replicas: 1 - template: - metadata: - name: contiv-netmaster - namespace: kube-system - labels: - k8s-app: contiv-netmaster - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9005' - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - # The netmaster must run in the host network namespace so that - # it isn't governed by policy that would prevent it from working. - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/master: "" - serviceAccountName: contiv-netmaster - containers: - - name: netmaster-exporter - image: contiv/stats - env: - - name: CONTIV_ETCD - valueFrom: - configMapKeyRef: - name: contiv-config - key: cluster_store - - name: EXPORTER_MODE - value: 'netmaster' - - name: contiv-netmaster - image: contiv/netplugin:__CONTIV_VERSION__ - args: - - -m - - -pkubernetes - env: - - name: CONTIV_ETCD - valueFrom: - configMapKeyRef: - name: contiv-config - key: cluster_store - - name: CONTIV_CONFIG - valueFrom: - configMapKeyRef: - name: contiv-config - key: config - volumeMounts: - - mountPath: /var/contiv - name: var-contiv - readOnly: false - - name: contiv-api-proxy - image: contiv/auth_proxy:__CONTIV_VERSION__ - args: - - --tls-key-file=/var/contiv/auth_proxy_key.pem - - --tls-certificate=/var/contiv/auth_proxy_cert.pem - - --data-store-address=$(CONTIV_ETCD) - - --netmaster-address=localhost:9999 - env: - - name: NO_NETMASTER_STARTUP_CHECK - value: "0" - - name: CONTIV_ETCD - valueFrom: - configMapKeyRef: - name: contiv-config - key: cluster_store - securityContext: - privileged: false - volumeMounts: - - mountPath: /var/contiv - name: var-contiv - readOnly: false - volumes: - # Used by contiv-netmaster - - name: var-contiv - hostPath: - path: /var/contiv ---- diff --git a/install/k8s/k8s1.8/etcd.yaml b/install/k8s/k8s1.8/etcd.yaml deleted file mode 100644 index 7217bf4..0000000 --- a/install/k8s/k8s1.8/etcd.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# This manifest installs the Contiv etcd on the kubeadm master. -# If using an external etcd instance, this can be deleted. This uses a DaemonSet -# to force it to run on the master even when the master isn't schedulable, and uses -# nodeSelector to ensure it only runs on the master. -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: contiv-etcd - namespace: kube-system - labels: - k8s-app: contiv-etcd -spec: - template: - metadata: - labels: - k8s-app: contiv-etcd - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - # Only run this pod on the master. - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/master: "" - hostNetwork: true - containers: - - name: contiv-etcd - image: quay.io/coreos/etcd:__ETCD_VERSION__ - args: - - --name - - contiv0 - - --data-dir - - /var/etcd/contiv-data - - --initial-advertise-peer-urls - - http://__NETMASTER_IP__:6667 - - --listen-peer-urls - - http://0.0.0.0:6667 - - --listen-client-urls - - http://0.0.0.0:6666 - - --advertise-client-urls - - http://__NETMASTER_IP__:6666 - - --initial-cluster - - contiv0=http://__NETMASTER_IP__:6667 - - --initial-cluster-state - - new - volumeMounts: - - name: var-etcd - mountPath: /var/etcd - volumes: - - name: var-etcd - hostPath: - path: /var/etcd - ---- diff --git a/install/k8s/k8s1.8/prometheus.yml b/install/k8s/k8s1.8/prometheus.yml deleted file mode 100644 index 870c75d..0000000 --- a/install/k8s/k8s1.8/prometheus.yml +++ /dev/null @@ -1,30 +0,0 @@ -# Prometheus configuration to scrape all netplugin endpoints every 5 seconds -scrape_configs: -- job_name: 'kubernetes-pods' - scrape_interval: 5s - scrape_timeout: 5s - - kubernetes_sd_configs: - - role: pod - - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name diff --git a/install/k8s/k8s1.6/aci_gw.yaml b/install/k8s/rbac/aci_gw.yaml similarity index 100% rename from install/k8s/k8s1.6/aci_gw.yaml rename to install/k8s/rbac/aci_gw.yaml diff --git a/install/k8s/k8s1.6/cleanup.yaml b/install/k8s/rbac/cleanup.yaml similarity index 100% rename from install/k8s/k8s1.6/cleanup.yaml rename to install/k8s/rbac/cleanup.yaml diff --git a/install/k8s/k8s1.6/contiv-grafana.yml b/install/k8s/rbac/contiv-grafana.yml similarity index 100% rename from install/k8s/k8s1.6/contiv-grafana.yml rename to install/k8s/rbac/contiv-grafana.yml diff --git a/install/k8s/k8s1.6/contiv-prometheus.yml b/install/k8s/rbac/contiv-prometheus.yml similarity index 100% rename from install/k8s/k8s1.6/contiv-prometheus.yml rename to install/k8s/rbac/contiv-prometheus.yml diff --git a/install/k8s/k8s1.6/contiv.yaml b/install/k8s/rbac/contiv.yaml similarity index 100% rename from install/k8s/k8s1.6/contiv.yaml rename to install/k8s/rbac/contiv.yaml diff --git a/install/k8s/k8s1.6/etcd.yaml b/install/k8s/rbac/etcd.yaml similarity index 100% rename from install/k8s/k8s1.6/etcd.yaml rename to install/k8s/rbac/etcd.yaml diff --git a/install/k8s/k8s1.6/prometheus.yml b/install/k8s/rbac/prometheus.yml similarity index 100% rename from install/k8s/k8s1.6/prometheus.yml rename to install/k8s/rbac/prometheus.yml diff --git a/install/k8s/uninstall.sh b/install/k8s/uninstall.sh index b1d8c5a..5bd6748 100755 --- a/install/k8s/uninstall.sh +++ b/install/k8s/uninstall.sh @@ -9,10 +9,8 @@ kubectl="kubectl --kubeconfig /etc/kubernetes/admin.conf" k8sversion=$($kubectl version --short | grep "Server Version") if [[ "$k8sversion" == *"v1.4"* ]] || [[ "$k8sversion" == *"v1.5"* ]]; then k8sfolder="k8s1.4" -elif [[ "$k8sversion" == *"v1.6"* ]] || [[ "$k8sversion" == *"v1.7"* ]]; then - k8sfolder="k8s1.6" else - k8sfolder="k8s1.8" + k8sfolder="rbac" fi if [ "$#" -eq 1 ] && [ "$1" = "-h" ]; then echo "Usage: ./install/k8s/uninstall.sh to uninstall contiv"