portal network functioning

Author: paulczar

LICENSE

@@ -1,4 +1,6 @@
 Copyright (c) 2015 Kelsey Hightower
+Copyright (c) 2015 Paul Czarkowski
+Copyright (c) 2016 Paul Czarkowski
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

README.md

@@ -8,6 +8,8 @@ Provision a Kubernetes cluster with [Terraform](https://www.terraform.io) on Ope
 
 Ready for testing. Over the next couple of weeks the repo should be generic enough for reuse with complete documentation.
 
+Will install a single controller node and two compute nodes by default, can increase or decrease compute nodes using the Terraform variable `compute_count`.
+
 ## Prep
 
 - [Install Terraform](https://www.terraform.io/intro/getting-started/install.html)
@@ -31,7 +33,7 @@ $ ssh-add ~/.ssh/id_rsa
 Ensure that you have your Openstack credentials loaded into environment variables. Likely via a command similar to:
 
 ```
-$ $ source ~/.stackrc
+$ source ~/.stackrc
 ```
 
 ### Provision the Kubernetes Cluster
@@ -124,6 +126,7 @@ replicationcontroller "my-nginx" created
 
 $ kubectl expose rc my-nginx --port=80 --type=LoadBalancer
 service "my-nginx" exposed
+
 $ kubectl get svc my-nginx
 NAME       CLUSTER_IP      EXTERNAL_IP   PORT(S)   SELECTOR       AGE
 my-nginx   10.200.43.104                 80/TCP    run=my-nginx   6s
@@ -132,17 +135,31 @@ $ kubectl get pods
 NAME             READY     STATUS    RESTARTS   AGE
 my-nginx-k1zoe   1/1       Running   0          1m
 
+$ curl 10.200.43.104
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+
+
 $ kubectl delete rc my-nginx
 replicationcontroller "my-nginx" deleted
+
 $ kubectl delete svc my-nginx
 service "my-nginx" deleted
 ```
 
 ### Install some addons
 
 ```
-/opt/bin/kubectl create -f /etc/kubernetes/addons/kube-dns-rc.yaml --namespace=kube-system
-/opt/bin/kubectl create -f /etc/kubernetes/addons/kube-dns-svc.yaml --namespace=kube-system
+$ kubectl create -f /etc/kubernetes/addons/kube-ui-rc.yaml \
+    --namespace=kube-system
+$ kubectl create -f /etc/kubernetes/addons/kube-ui-svc.yaml \
+    --namespace=kube-system
+$ kubectl create -f /etc/kubernetes/addons/kube-dns-rc.yaml \
+    --namespace=kube-system
+$ kubectl create -f /etc/kubernetes/addons/kube-dns-svc.yaml \
+    --namespace=kube-system
 ```
 
 

_securitygroups.tf

@@ -8,21 +8,21 @@ resource "openstack_compute_secgroup_v2" "kubernetes_controller" {
     to_port = "443"
     cidr = "${var.whitelist_network}"
   }
+  rule {
+    ip_protocol = "icmp"
+    from_port = "-1"
+    to_port = "-1"
+    cidr = "${var.whitelist_network}"
+  }
 }
 
 resource "openstack_compute_secgroup_v2" "kubernetes_compute" {
   name = "${var.project}_kubernetes_compute"
   description = "kubernetes Compute Security Group"
   rule {
-    ip_protocol = "tcp"
-    from_port = "443"
-    to_port = "443"
-    cidr = "${var.whitelist_network}"
-  }
-  rule {
-    ip_protocol = "tcp"
-    from_port = "80"
-    to_port = "80"
+    ip_protocol = "icmp"
+    from_port = "-1"
+    to_port = "-1"
     cidr = "${var.whitelist_network}"
   }
 }
@@ -36,12 +36,6 @@ resource "openstack_compute_secgroup_v2" "kubernetes_base" {
     to_port = "22"
     cidr = "${var.whitelist_network}"
   }
-  rule {
-    ip_protocol = "icmp"
-    from_port = "-1"
-    to_port = "-1"
-    cidr = "${var.whitelist_network}"
-  }
   rule {
     ip_protocol = "icmp"
     from_port = "-1"

files/compute/kube-proxy.yaml

@@ -7,13 +7,13 @@ spec:
   hostNetwork: true
   containers:
   - name: kube-proxy
-    image: gcr.io/google_containers/hyperkube:v1.1.2
+    image: gcr.io/google_containers/hyperkube:HYPERKUBE_VERSION
     command:
     - /hyperkube
     - proxy
     - --master=https://CONTROLLER_HOST
     - --kubeconfig=/etc/kubernetes/compute-kubeconfig.yaml
-    - --proxy-mode=iptables
+    - --v=2
     securityContext:
       privileged: true
     volumeMounts:

files/controller/kube-apiserver.yaml

@@ -7,7 +7,7 @@ spec:
   hostNetwork: true
   containers:
   - name: kube-apiserver
-    image: gcr.io/google_containers/hyperkube:v1.1.2
+    image: gcr.io/google_containers/hyperkube:HYPERKUBE_VERSION
     command:
     - /hyperkube
     - apiserver

files/controller/kube-controller-manager.yaml

@@ -7,7 +7,7 @@ spec:
   hostNetwork: true
   containers:
   - name: kube-controller-manager
-    image: gcr.io/google_containers/hyperkube:v1.1.2
+    image: gcr.io/google_containers/hyperkube:HYPERKUBE_VERSION
     command:
     - /hyperkube
     - controller-manager

files/controller/kube-kubelet.service

@@ -17,4 +17,3 @@ RestartSec=10
 
 [Install]
 WantedBy=multi-user.target
-

files/controller/kube-proxy.yaml

@@ -7,12 +7,12 @@ spec:
   hostNetwork: true
   containers:
   - name: kube-proxy
-    image: gcr.io/google_containers/hyperkube:v1.1.2
+    image: gcr.io/google_containers/hyperkube:HYPERKUBE_VERSION
     command:
     - /hyperkube
     - proxy
     - --master=http://127.0.0.1:8080
-    - --proxy-mode=iptables
+    - --v=2
     securityContext:
       privileged: true
     volumeMounts:

files/controller/kube-scheduler.yaml

@@ -7,7 +7,7 @@ spec:
   hostNetwork: true
   containers:
   - name: kube-scheduler
-    image: gcr.io/google_containers/hyperkube:v1.1.2
+    image: gcr.io/google_containers/hyperkube:HYPERKUBE_VERSION
     command:
     - /hyperkube
     - scheduler

files/ssl/admin-key.pem

@@ -102,6 +102,7 @@ resource "openstack_compute_instance_v2" "controller" {
             "sed -i 's/ADVERTISE_IP/${element(openstack_networking_floatingip_v2.controller.*.address, count.index)}/' /tmp/stage/*/*",
             "sed -i 's|PORTAL_NET|${var.portal_net}|' /tmp/stage/*/*",
             "sed -i 's|CLUSTER_DNS|${cidrhost(var.portal_net, 200)}|' /tmp/stage/*/*",
+            "sed -i 's|HYPERKUBE_VERSION|${var.hyperkube_version}|' /tmp/stage/*/*",
             "sudo mkdir -p /etc/kubernetes/manifests",
             "sudo mv /tmp/stage/controller/*.yaml /etc/kubernetes/manifests/",
             "sudo mv /tmp/stage/controller/*.service /etc/systemd/system/",
@@ -199,9 +200,6 @@ resource "null_resource" "controller" {
             "  --client-certificate=/etc/kubernetes/ssl/admin.pem",
             "/opt/bin/kubectl config set-context ${var.kubernetes_user} --cluster=${var.cluster_name} --user=${var.kubernetes_user}",
             "/opt/bin/kubectl config set-context kubernetes --cluster=${var.cluster_name} --user=${var.kubernetes_user}",
-            "/opt/bin/kubectl config use-context kubernetes",
-            "/opt/bin/kubectl create -f /etc/kubernetes/addons/kube-ui-rc.yaml --namespace=kube-system",
-            "/opt/bin/kubectl create -f /etc/kubernetes/addons/kube-ui-svc.yaml --namespace=kube-system",
         ]
         connection {
             user = "core"

files/ssl/admin.csr

@@ -75,6 +75,11 @@ variable "kubectl_version" {
   default = "v1.1.2"
 }
 
+variable "hyperkube_version" {
+  description = "Version of the hypercube container to use"
+  default = "v1.1.2"
+}
+
 variable "generate_ssl" {
   descripion = "set to 1 to regenerate SSL certificates/keys"
   default = 1