├── .gitignore ├── ansible.cfg ├── roles ├── common-ec2 │ └── tasks │ │ ├── main.yml │ │ └── create_sshkey.yml ├── etcd-ec2 │ ├── tasks │ │ ├── main.yml │ │ ├── create_vm.yml │ │ └── create_secgroup.yml │ └── templates │ │ └── etcd.j2 ├── defunctzombie.coreos-bootstrap │ ├── tests │ │ └── test.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── files │ │ ├── runner │ │ └── bootstrap.sh │ ├── .editorconfig │ ├── .travis.yml │ ├── tasks │ │ └── main.yml │ ├── LICENSE │ └── README.md └── k8s-ec2 │ ├── tasks │ ├── main.yml │ ├── create_inv.yml │ ├── create_secgroup.yml │ └── create_vm.yml │ └── templates │ ├── inventory.j2 │ ├── k8s-node.j2 │ └── k8s-master.j2 ├── bt.yml ├── .gitmodules ├── inventory ├── k8s-ec2.yml ├── etcd-ec2.yml ├── README.md └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | cloudstack.ini -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | hostfile = ./inventory 3 | library = library 4 | -------------------------------------------------------------------------------- /roles/common-ec2/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: create_sshkey.yml 3 | -------------------------------------------------------------------------------- /bt.yml: -------------------------------------------------------------------------------- 1 | - hosts: nodes 2 | gather_facts: False 3 | roles: 4 | - defunctzombie.coreos-bootstrap 5 | -------------------------------------------------------------------------------- /roles/etcd-ec2/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: create_secgroup.yml 3 | - include: create_vm.yml 4 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | roles: 4 | - coreos-bootstrap 5 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Wed Feb 25 23:17:32 2015', version: master} 2 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "library/cloudstack"] 2 | path = library/cloudstack 3 | url = https://github.com/resmo/ansible-cloudstack.git 4 | -------------------------------------------------------------------------------- /roles/k8s-ec2/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: create_secgroup.yml 3 | - include: create_vm.yml 4 | - include: create_inv.yml 5 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/files/runner: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | LD_LIBRARY_PATH=$HOME/pypy/lib:$LD_LIBRARY_PATH $HOME/pypy/bin/$(basename $0) $@ 3 | -------------------------------------------------------------------------------- /roles/k8s-ec2/tasks/create_inv.yml: -------------------------------------------------------------------------------- 1 | # Create inventory file 2 | 3 | - name: Create inventory file 4 | template: src=inventory.j2 dest=./inventory 5 | tags: inventory 6 | -------------------------------------------------------------------------------- /inventory: -------------------------------------------------------------------------------- 1 | [default] 2 | 3 | [nodes] 4 | 54.194.209.91 5 | 54.229.74.128 6 | 54.229.173.142 7 | 8 | [nodes:vars] 9 | ansible_ssh_user=core 10 | ansible_ssh_private_key_file=~/.ssh/id_rsa_k8sec2 11 | #ansible_python_interpreter="PATH=/home/core/bin:$PATH python" 12 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: defunctzombie 6 | description: "bootstrap coreos hosts to run ansible" 7 | license: "MIT" 8 | min_ansible_version: 1.4 9 | categories: 10 | - system 11 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | end_of_line = lf 9 | insert_final_newline = true 10 | indent_style = space 11 | indent_size = 2 12 | -------------------------------------------------------------------------------- /k8s-ec2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | vars: 5 | ssh_key: k8sec2 6 | aws_region: eu-west-1 7 | k8s_version: v1.1.3 8 | k8s_num_nodes: 2 9 | k8s_security_group_name: k8s 10 | k8s_template: ami-9063d5e3 11 | k8s_instance_type: m1.small 12 | 13 | roles: 14 | - common-ec2 15 | - k8s-ec2 16 | -------------------------------------------------------------------------------- /roles/k8s-ec2/templates/inventory.j2: -------------------------------------------------------------------------------- 1 | [default] 2 | 3 | [nodes] 4 | {% for item in k8s_master.instances %} 5 | {{ item.public_ip }} 6 | {% endfor %} 7 | {% for item in ec2.instances %} 8 | {{ item.public_ip }} 9 | {% endfor %} 10 | 11 | [nodes:vars] 12 | ansible_ssh_user=core 13 | ansible_ssh_private_key_file=~/.ssh/id_rsa_{{ ssh_key }} 14 | #ansible_python_interpreter="PATH=/home/core/bin:$PATH python" 15 | -------------------------------------------------------------------------------- /roles/etcd-ec2/templates/etcd.j2: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | coreos: 4 | fleet: 5 | metadata: role=etcd 6 | etcd: 7 | discovery: "{{ token.stdout }}" 8 | addr: $private_ipv4:4001 9 | peer-addr: $private_ipv4:7001 10 | snapshot: true 11 | units: 12 | - name: etcd.service 13 | command: start 14 | - name: fleet.service 15 | command: start 16 | update: 17 | group: alpha 18 | reboot-strategy: off 19 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | env: 6 | - SITE=test.yml 7 | 8 | before_install: 9 | - sudo apt-get update -qq 10 | - sudo apt-get install -y curl 11 | 12 | install: 13 | - pip install ansible 14 | 15 | # Add ansible.cfg to pick up roles path. 16 | - "printf '[defaults]\nroles_path = ../' > ansible.cfg" 17 | 18 | script: 19 | - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" 20 | -------------------------------------------------------------------------------- /roles/etcd-ec2/tasks/create_vm.yml: -------------------------------------------------------------------------------- 1 | - name: Start etcd nodes 2 | ec2: 3 | region: "{{ aws_region }}" 4 | image: "{{ etcd_template }}" 5 | instance_type: "{{ etcd_instance_type }}" 6 | key_name: "{{ ssh_key }}" 7 | group: "{{ etcd_security_group_name }}" 8 | user_data: "{{ lookup('template', '../templates/etcd.j2') }}" 9 | count: "{{ etcd_num_nodes }}" 10 | wait: yes 11 | register: ec2 12 | 13 | - debug: msg='etcd node IP is {{ item.public_ip }}' 14 | with_items: ec2.instances 15 | -------------------------------------------------------------------------------- /etcd-ec2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | 5 | vars: 6 | ssh_key: etcd 7 | aws_region: eu-west-1 8 | etcd_num_nodes: 3 9 | etcd_security_group_name: etcd 10 | etcd_template: ami-7bf27e0c 11 | etcd_instance_type: m1.small 12 | 13 | pre_tasks: 14 | - name: Get bootstrap token for etcd 15 | command: curl -w "\n" https://discovery.etcd.io/new 16 | register: token 17 | - debug: msg='Etcd token is {{ token.stdout }}' 18 | 19 | roles: 20 | - common-ec2 21 | - etcd-ec2 22 | -------------------------------------------------------------------------------- /roles/common-ec2/tasks/create_sshkey.yml: -------------------------------------------------------------------------------- 1 | - name: Create EC2 SSH Key 2 | ec2_key: 3 | name: "{{ ssh_key }}" 4 | region: "{{ aws_region }}" 5 | state: present 6 | register: ec2key 7 | tags: sshkey 8 | 9 | - debug: msg='private key is {{ ec2key.key.private_key }}' 10 | when: ec2key.changed 11 | tags: sshkey 12 | 13 | - local_action: copy content="{{ ec2key.key.private_key }}" dest="~/.ssh/id_rsa_{{ ssh_key }}" 14 | when: ec2key.changed 15 | tags: sshkey 16 | 17 | - file: path="~/.ssh/id_rsa_{{ ssh_key }}" mode=0600 18 | when: ec2key.changed 19 | tags: sshkey 20 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/files/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | set -e 4 | 5 | cd 6 | 7 | if [-e $HOME/.bootstrapped]; then 8 | exit 0 9 | fi 10 | 11 | PYPY_VERSION=2.4.0 12 | 13 | wget https://bitbucket.org/pypy/pypy/downloads/pypy-$PYPY_VERSION-linux64.tar.bz2 14 | tar -xf pypy-$PYPY_VERSION-linux64.tar.bz2 15 | mv pypy-$PYPY_VERSION-linux64 pypy 16 | 17 | ## library fixup 18 | mkdir pypy/lib 19 | ln -s /lib64/libncurses.so.5.9 $HOME/pypy/lib/libtinfo.so.5 20 | 21 | mkdir -p $HOME/bin 22 | 23 | cat > $HOME/bin/python <= 2.0, sshpubkeys and boto 11 | 12 | $ sudo apt-get install -y python-pip 13 | $ pip install ansible sshpubkeys boto 14 | 15 | Setup ec2 16 | --------- 17 | 18 | Specify your ec2 credentials with: 19 | 20 | $ export AWS_ACCESS_KEY_ID='AK123' 21 | $ export AWS_SECRET_ACCESS_KEY='abc123' 22 | 23 | We need to use the http POST method to pass the userdata to the coreOS instances. 24 | 25 | Create a Kubernetes cluster 26 | --------------------------- 27 | 28 | $ ansible-playbook k8s-ec2.yml 29 | 30 | Some variables can be edited in the `k8s-ec2.yml` file. 31 | This will start a Kubernetes master node and a number of compute nodes. 32 | 33 | Test your cluster 34 | ----------------- 35 | 36 | First spawn a tunnel to your master node with: 37 | 38 | $ ssh -nNT -L 8080:127.0.0.1:8080 -i ~/.ssh/id_rsa_k8s core@ 39 | 40 | Then run 41 | 42 | $ kubectl get nodes 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /roles/k8s-ec2/tasks/create_secgroup.yml: -------------------------------------------------------------------------------- 1 | # Create k8s security group and rules for etcd and k8s 2 | 3 | - name: Create k8s Security Group 4 | ec2_group: 5 | name: "{{ k8s_security_group_name }}" 6 | description: k8s 7 | region: "{{ aws_region }}" 8 | rules: 9 | - proto: tcp 10 | from_port: 22 11 | to_port: 22 12 | cidr_ip: 0.0.0.0/0 13 | - proto: tcp 14 | from_port: 8080 15 | to_port: 8080 16 | group_name: "{{ k8s_security_group_name }}" 17 | - proto: tcp 18 | from_port: 2379 19 | to_port: 2379 20 | group_name: "{{ k8s_security_group_name }}" 21 | - proto: tcp 22 | from_port: 2380 23 | to_port: 2380 24 | group_name: "{{ k8s_security_group_name }}" 25 | - proto: tcp 26 | from_port: 7001 27 | to_port: 7001 28 | group_name: "{{ k8s_security_group_name }}" 29 | - proto: tcp 30 | from_port: 4001 31 | to_port: 4001 32 | group_name: "{{ k8s_security_group_name }}" 33 | - proto: udp 34 | from_port: 8472 35 | to_port: 8472 36 | group_name: "{{ k8s_security_group_name }}" 37 | rules_egress: 38 | - proto: udp 39 | from_port: 8472 40 | to_port: 8472 41 | group_name: "{{ k8s_security_group_name }}" 42 | - proto: tcp 43 | from_port: 0 44 | to_port: 65535 45 | cidr_ip: 0.0.0.0/0 46 | 47 | -------------------------------------------------------------------------------- /roles/k8s-ec2/tasks/create_vm.yml: -------------------------------------------------------------------------------- 1 | - name: Start k8s head node 2 | ec2: 3 | region: "{{ aws_region }}" 4 | image: "{{ k8s_template }}" 5 | instance_type: "{{ k8s_instance_type }}" 6 | key_name: "{{ ssh_key }}" 7 | group: "{{ k8s_security_group_name }}" 8 | user_data: "{{ lookup('template', '../templates/k8s-master.j2') }}" 9 | wait: yes 10 | register: k8s_master 11 | 12 | - debug: msg='k8s master IP is {{ item.public_ip }}' 13 | with_items: k8s_master.instances 14 | 15 | - name: Add new instance to host group 16 | add_host: hostname={{ item.public_ip }} groupname=k8s 17 | with_items: k8s_master.instances 18 | 19 | - name: Add instance to local inventory file 20 | local_action: lineinfile dest=inventory regexp="{{ item.public_ip }}" insertafter="[nodes]" line="{{ item.public_ip }} ansible_ssh_private_key_file=~/.ssh/id_rsa_{{ ssh_key }}" 21 | with_items: k8s_master.instances 22 | 23 | - name: Start k8s nodes 24 | ec2: 25 | region: "{{ aws_region }}" 26 | image: "{{ k8s_template }}" 27 | instance_type: "{{ k8s_instance_type }}" 28 | key_name: "{{ ssh_key }}" 29 | group: "{{ k8s_security_group_name }}" 30 | user_data: "{{ lookup('template', '../templates/k8s-node.j2') }}" 31 | count: "{{ k8s_num_nodes }}" 32 | wait: yes 33 | register: ec2 34 | 35 | - name: Add new instance to host group 36 | add_host: hostname={{ item.public_ip }} groupname=k8s 37 | with_items: ec2.instances 38 | 39 | - name: Add instance to local inventory file 40 | local_action: lineinfile dest=inventory regexp="{{ item.public_ip }}" insertafter="[nodes]" line="{{ item.public_ip }} ansible_ssh_private_key_file=~/.ssh/id_rsa_{{ ssh_key }}" 41 | with_items: ec2.instances 42 | 43 | - name: Add new instance to host group 44 | add_host: hostname={{ item.public_ip }} groupname=k8s_nodes 45 | with_items: ec2.instances 46 | 47 | # - name: Wait for SSH to come up 48 | # wait_for: host={{ item.public_dns_name }} port=22 delay=60 timeout=320 state=started 49 | # with_items: ec2.instances 50 | -------------------------------------------------------------------------------- /roles/defunctzombie.coreos-bootstrap/README.md: -------------------------------------------------------------------------------- 1 | # coreos-bootstrap 2 | 3 | In order to effectively run ansible, the target machine needs to have a python interpreter. Coreos machines are minimal and do not ship with any version of python. To get around this limitation we can install [pypy](http://pypy.org/), a lightweight python interpreter. The coreos-bootstrap role will install pypy for us and we will update our inventory file to use the installed python interpreter. 4 | 5 | # install 6 | 7 | ``` 8 | ansible-galaxy install defunctzombie.coreos-bootstrap 9 | ``` 10 | 11 | # Configure your project 12 | 13 | Unlike a typical role, you need to configure Ansible to use an alternative python interpreter for coreos hosts. This can be done by adding a `coreos` group to your inventory file and setting the group's vars to use the new python interpreter. This way, you can use ansible to manage CoreOS and non-CoreOS hosts. Simply put every host that has CoreOS into the `coreos` inventory group and it will automatically use the specified python interpreter. 14 | ``` 15 | [coreos] 16 | host-01 17 | host-02 18 | 19 | [coreos:vars] 20 | ansible_ssh_user=core 21 | ansible_python_interpreter="PATH=/home/core/bin:$PATH python" 22 | ``` 23 | 24 | This will configure ansible to use the python interpreter at `/home/core/bin/python` which will be created by the coreos-bootstrap role. 25 | 26 | ## Bootstrap Playbook 27 | 28 | Now you can simply add the following to your playbook file and include it in your `site.yml` so that it runs on all hosts in the coreos group. 29 | 30 | ```yaml 31 | - hosts: coreos 32 | gather_facts: False 33 | roles: 34 | - defunctzombie.coreos-bootstrap 35 | ``` 36 | 37 | Make sure that `gather_facts` is set to false, otherwise ansible will try to first gather system facts using python which is not yet installed! 38 | 39 | ## Example Playbook 40 | 41 | After bootstrap, you can use ansible as usual to manage system services, install python modules (via pip), and run containers. Below is a basic example that starts the `etcd` service, installs the `docker-py` module and then uses the ansible `docker` module to pull and start a basic nginx container. 42 | 43 | ```yaml 44 | - name: Nginx Example 45 | hosts: web 46 | sudo: true 47 | tasks: 48 | - name: Start etcd 49 | service: name=etcd.service state=started 50 | 51 | - name: Install docker-py 52 | pip: name=docker-py 53 | 54 | - name: pull container 55 | raw: docker pull nginx:1.7.1 56 | 57 | - name: launch nginx container 58 | docker: 59 | image="nginx:1.7.1" 60 | name="example-nginx" 61 | ports="8080:80" 62 | state=running 63 | ``` 64 | 65 | # License 66 | MIT 67 | -------------------------------------------------------------------------------- /roles/k8s-ec2/templates/k8s-node.j2: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | --- 3 | write-files: 4 | - path: /opt/bin/wupiao 5 | permissions: '0755' 6 | content: | 7 | #!/bin/bash 8 | # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen 9 | [ -n "$1" ] && [ -n "$2" ] && while ! curl --output /dev/null \ 10 | --silent --head --fail \ 11 | http://${1}:${2}; do sleep 1 && echo -n .; done; 12 | exit $? 13 | coreos: 14 | etcd2: 15 | listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 16 | advertise-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 17 | initial-cluster: master=http://{{ k8s_master.instances[0].private_ip}}:2380 18 | proxy: on 19 | fleet: 20 | metadata: "role=node" 21 | units: 22 | - name: etcd2.service 23 | command: start 24 | - name: fleet.service 25 | command: start 26 | - name: flanneld.service 27 | command: start 28 | - name: docker.service 29 | drop-ins: 30 | - name: 40-flannel.conf 31 | content: | 32 | [Unit] 33 | Requires=flanneld.service 34 | After=flanneld.service 35 | command: start 36 | - name: setup-network-environment.service 37 | command: start 38 | content: | 39 | [Unit] 40 | Description=Setup Network Environment 41 | Documentation=https://github.com/kelseyhightower/setup-network-environment 42 | Requires=network-online.target 43 | After=network-online.target 44 | [Service] 45 | ExecStartPre=-/usr/bin/mkdir -p /opt/bin 46 | ExecStartPre=/usr/bin/curl -L -o /opt/bin/setup-network-environment -z /opt/bin/setup-network-environment https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment 47 | ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment 48 | ExecStart=/opt/bin/setup-network-environment 49 | RemainAfterExit=yes 50 | Type=oneshot 51 | - name: kube-proxy.service 52 | command: start 53 | content: | 54 | [Unit] 55 | Description=Kubernetes Proxy 56 | Documentation=https://github.com/GoogleCloudPlatform/kubernetes 57 | Requires=setup-network-environment.service 58 | After=setup-network-environment.service 59 | [Service] 60 | ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-proxy -z /opt/bin/kube-proxy https://storage.googleapis.com/kubernetes-release/release/{{ k8s_version }}/bin/linux/amd64/kube-proxy 61 | ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy 62 | # wait for kubernetes master to be up and ready 63 | ExecStartPre=/opt/bin/wupiao {{ k8s_master.instances[0].private_ip}} 8080 64 | ExecStart=/opt/bin/kube-proxy \ 65 | --master={{ k8s_master.instances[0].private_ip}}:8080 \ 66 | --logtostderr=true 67 | Restart=always 68 | RestartSec=10 69 | - name: kube-kubelet.service 70 | command: start 71 | content: | 72 | [Unit] 73 | Description=Kubernetes Kubelet 74 | Documentation=https://github.com/GoogleCloudPlatform/kubernetes 75 | Requires=setup-network-environment.service 76 | After=setup-network-environment.service 77 | [Service] 78 | EnvironmentFile=/etc/network-environment 79 | ExecStartPre=/usr/bin/curl -L -o /opt/bin/kubelet -z /opt/bin/kubelet https://storage.googleapis.com/kubernetes-release/release/{{ k8s_version }}/bin/linux/amd64/kubelet 80 | ExecStartPre=/usr/bin/chmod +x /opt/bin/kubelet 81 | # wait for kubernetes master to be up and ready 82 | ExecStartPre=/opt/bin/wupiao {{ k8s_master.instances[0].private_ip}} 8080 83 | ExecStart=/opt/bin/kubelet \ 84 | --address=0.0.0.0 \ 85 | --port=10250 \ 86 | --hostname-override=${DEFAULT_IPV4} \ 87 | --api-servers={{ k8s_master.instances[0].private_ip}}:8080 \ 88 | --allow-privileged=true \ 89 | --logtostderr=true \ 90 | --cadvisor-port=4194 \ 91 | --healthz-bind-address=0.0.0.0 \ 92 | --healthz-port=10248 93 | Restart=always 94 | RestartSec=10 95 | update: 96 | group: alpha 97 | reboot-strategy: off -------------------------------------------------------------------------------- /roles/k8s-ec2/templates/k8s-master.j2: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | --- 3 | write-files: 4 | - path: /etc/conf.d/nfs 5 | permissions: '0644' 6 | content: | 7 | OPTS_RPC_MOUNTD="" 8 | - path: /opt/bin/wupiao 9 | permissions: '0755' 10 | content: | 11 | #!/bin/bash 12 | # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen 13 | [ -n "$1" ] && \ 14 | until curl -o /dev/null -sIf http://${1}; do \ 15 | sleep 1 && echo .; 16 | done; 17 | exit $? 18 | hostname: master 19 | coreos: 20 | etcd2: 21 | name: master 22 | listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 23 | advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001 24 | initial-cluster-token: k8s_etcd 25 | listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 26 | initial-advertise-peer-urls: http://$private_ipv4:2380 27 | initial-cluster: master=http://$private_ipv4:2380 28 | initial-cluster-state: new 29 | fleet: 30 | metadata: "role=master" 31 | units: 32 | - name: generate-serviceaccount-key.service 33 | command: start 34 | content: | 35 | [Unit] 36 | Description=Generate service-account key file 37 | [Service] 38 | ExecStartPre=-/usr/bin/mkdir -p /opt/bin 39 | ExecStart=/bin/openssl genrsa -out /opt/bin/kube-serviceaccount.key 2048 2>/dev/null 40 | RemainAfterExit=yes 41 | Type=oneshot 42 | - name: setup-network-environment.service 43 | command: start 44 | content: | 45 | [Unit] 46 | Description=Setup Network Environment 47 | Documentation=https://github.com/kelseyhightower/setup-network-environment 48 | Requires=network-online.target 49 | After=network-online.target 50 | [Service] 51 | ExecStartPre=-/usr/bin/mkdir -p /opt/bin 52 | ExecStartPre=/usr/bin/curl -L -o /opt/bin/setup-network-environment -z /opt/bin/setup-network-environment https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment 53 | ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment 54 | ExecStart=/opt/bin/setup-network-environment 55 | RemainAfterExit=yes 56 | Type=oneshot 57 | - name: fleet.service 58 | command: start 59 | - name: flanneld.service 60 | command: start 61 | drop-ins: 62 | - name: 50-network-config.conf 63 | content: | 64 | [Unit] 65 | Requires=etcd2.service 66 | [Service] 67 | ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{"Network":"10.244.0.0/16", "Backend": {"Type": "vxlan"}}' 68 | - name: docker.service 69 | drop-ins: 70 | - name: 40-flannel.conf 71 | content: | 72 | [Unit] 73 | Requires=flanneld.service 74 | After=flanneld.service 75 | command: start 76 | - name: kube-apiserver.service 77 | command: start 78 | content: | 79 | [Unit] 80 | Description=Kubernetes API Server 81 | Documentation=https://github.com/GoogleCloudPlatform/kubernetes 82 | Requires=setup-network-environment.service etcd2.service generate-serviceaccount-key.service 83 | After=setup-network-environment.service etcd2.service generate-serviceaccount-key.service 84 | [Service] 85 | EnvironmentFile=/etc/network-environment 86 | ExecStartPre=-/usr/bin/mkdir -p /opt/bin 87 | ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-apiserver -z /opt/bin/kube-apiserver https://storage.googleapis.com/kubernetes-release/release/{{ k8s_version }}/bin/linux/amd64/kube-apiserver 88 | ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-apiserver 89 | ExecStartPre=/opt/bin/wupiao 127.0.0.1:2379/v2/machines 90 | ExecStart=/opt/bin/kube-apiserver \ 91 | --service-account-key-file=/opt/bin/kube-serviceaccount.key \ 92 | --service-account-lookup=false \ 93 | --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \ 94 | --runtime-config=api/v1 \ 95 | --allow-privileged=true \ 96 | --insecure-bind-address=0.0.0.0 \ 97 | --insecure-port=8080 \ 98 | --secure-port=6443 \ 99 | --service-cluster-ip-range=10.100.0.0/16 \ 100 | --etcd-servers=http://127.0.0.1:2379 \ 101 | --bind-address=0.0.0.0 \ 102 | --logtostderr=true 103 | Restart=always 104 | RestartSec=10 105 | - name: kube-controller-manager.service 106 | command: start 107 | content: | 108 | [Unit] 109 | Description=Kubernetes Controller Manager 110 | Documentation=https://github.com/GoogleCloudPlatform/kubernetes 111 | Requires=kube-apiserver.service 112 | After=kube-apiserver.service 113 | [Service] 114 | ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-controller-manager -z /opt/bin/kube-controller-manager https://storage.googleapis.com/kubernetes-release/release/{{ k8s_version }}/bin/linux/amd64/kube-controller-manager 115 | ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager 116 | ExecStart=/opt/bin/kube-controller-manager \ 117 | --service-account-private-key-file=/opt/bin/kube-serviceaccount.key \ 118 | --root-ca-file=/var/run/kubernetes/apiserver.crt \ 119 | --master=127.0.0.1:8080 \ 120 | --logtostderr=true 121 | Restart=always 122 | RestartSec=10 123 | - name: kube-scheduler.service 124 | command: start 125 | content: | 126 | [Unit] 127 | Description=Kubernetes Scheduler 128 | Documentation=https://github.com/GoogleCloudPlatform/kubernetes 129 | Requires=kube-apiserver.service 130 | After=kube-apiserver.service 131 | [Service] 132 | ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-scheduler -z /opt/bin/kube-scheduler https://storage.googleapis.com/kubernetes-release/release/{{ k8s_version }}/bin/linux/amd64/kube-scheduler 133 | ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-scheduler 134 | ExecStart=/opt/bin/kube-scheduler --master=127.0.0.1:8080 135 | Restart=always 136 | RestartSec=10 137 | update: 138 | group: alpha 139 | reboot-strategy: off 140 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | --------------------------------------------------------------------------------