Skip to content

Commit

Permalink
Merge pull request #66 from ananace/hieraify-defaults
Browse files Browse the repository at this point in the history 
Initial work on hiera-ifying and Puppet 8 support for standalone etcd
  • Loading branch information
@ananace
ananace authored Jan 16, 2025
2 parents 8973c33 + 682d184 commit d416a02
Show file tree
Hide file tree
Showing 26 changed files with 618 additions and 1,999 deletions.
2,101 changes: 288 additions & 1,813 deletions REFERENCE.md
View file

Large diffs are not rendered by default.

74 changes: 74 additions & 0 deletions manifests/common.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# @summary Sets up common Kubernetes components - users/groups/folders/etc
# @api private
class k8s::common {
assert_private()

group { $k8s::group:
ensure => present,
system => true,
gid => $k8s::gid,
}

user { $k8s::user:
ensure => present,
comment => 'Kubernetes user',
gid => $k8s::group,
home => '/srv/kubernetes',
managehome => false,
shell => (fact('os.family') ? {
'Debian' => '/usr/sbin/nologin',
default => '/sbin/nologin',
}),
system => true,
uid => $k8s::uid,
}

file {
default:
ensure => directory,
force => true,
purge => true,
recurse => true;

'/opt/k8s': ;
'/opt/k8s/bin': ;
}

file { '/var/run/kubernetes':
ensure => directory,
owner => $k8s::user,
group => $k8s::group,
}

file { "${k8s::sysconfig_path}/kube-common":
ensure => file,
content => epp('k8s/sysconfig.epp', {
comment => 'General Kubernetes Configuration',
environment_variables => {
'KUBE_LOG_LEVEL' => '',
},
}),
}

file {
default:
ensure => directory;

'/etc/kubernetes': ;
'/etc/kubernetes/certs': ;
'/etc/kubernetes/manifests':
purge => $k8s::purge_manifests,
recurse => true;
'/root/.kube': ;
'/srv/kubernetes':
owner => $k8s::user,
group => $k8s::group;
'/usr/libexec/kubernetes': ;
'/var/lib/kubelet': ;
'/var/lib/kubelet/pki': ;

'/usr/share/containers/': ;
'/usr/share/containers/oci/': ;
'/usr/share/containers/oci/hooks.d': ;
}
}
107 changes: 9 additions & 98 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@
# @param puppetdb_discovery whether to use puppetdb for node discovery
# @param puppetdb_discovery_tag tag to use for puppetdb node discovery
# @param purge_manifests whether to purge manifests
# @param role role of the node
# @param role the role of the node
# @param runc_version version of runc to install
# @param service_cluster_cidr CIDR for the service network
# @param sysconfig_path path to the sysconfig directory
# @param sysconfig_path path to the sysconfig directory, per-OS values are configured in hiera
# @param tarball_url_template template for tarball packaging
# @param uid user id for kubernetes files and services
# @param user username for kubernetes files and services
Expand Down Expand Up @@ -82,7 +82,7 @@
String[1] $tarball_url_template = 'https://dl.k8s.io/release/v%{version}/kubernetes-%{component}-%{kernel}-%{arch}.tar.gz',
String[1] $package_template = 'kubernetes-%{component}',
String[1] $hyperkube_name = 'hyperkube',
Optional[Stdlib::Unixpath] $sysconfig_path = undef,
Stdlib::Unixpath $sysconfig_path = '/etc/sysconfig',

K8s::Node_auth $node_auth = 'bootstrap',

Expand All @@ -95,108 +95,19 @@
Stdlib::Fqdn $cluster_domain = 'cluster.local',
String[1] $etcd_cluster_name = 'default',

Enum['node','server','none'] $role = 'none',
Optional[K8s::Node_role] $role = undef,
Optional[K8s::Firewall] $firewall_type = undef,

String[1] $user = 'kube',
String[1] $group = 'kube',
Integer[0, 65535] $uid = 888,
Integer[0, 65535] $gid = 888,
) {
if $manage_container_manager {
include k8s::install::container_runtime
}

group { $group:
ensure => present,
system => true,
gid => $gid,
}

user { $user:
ensure => present,
comment => 'Kubernetes user',
gid => $group,
home => '/srv/kubernetes',
managehome => false,
shell => (fact('os.family') ? {
'Debian' => '/usr/sbin/nologin',
default => '/sbin/nologin',
}),
system => true,
uid => $uid,
}

file {
default:
ensure => directory,
force => true,
purge => true,
recurse => true;

'/opt/k8s': ;
'/opt/k8s/bin': ;
}

file { '/var/run/kubernetes':
ensure => directory,
owner => $user,
group => $group,
}

$_sysconfig_path = pick($sysconfig_path, '/etc/sysconfig')
file { "${_sysconfig_path}/kube-common":
ensure => file,
content => epp('k8s/sysconfig.epp', {
comment => 'General Kubernetes Configuration',
environment_variables => {
'KUBE_LOG_LEVEL' => '',
},
}),
}

file {
default:
ensure => directory;

'/etc/kubernetes': ;
'/etc/kubernetes/certs': ;
'/etc/kubernetes/manifests':
purge => $purge_manifests,
recurse => true;
'/root/.kube': ;
'/srv/kubernetes':
owner => $user,
group => $group;
'/usr/libexec/kubernetes': ;
'/var/lib/kubelet': ;
'/var/lib/kubelet/pki': ;

'/usr/share/containers/': ;
'/usr/share/containers/oci/': ;
'/usr/share/containers/oci/hooks.d': ;
}

if $manage_repo {
include k8s::repo
}

if $manage_packages {
# Ensure conntrack is installed to properly handle networking cleanup
if fact('os.family') == 'Debian' {
$_conntrack = 'conntrack'
} else {
$_conntrack = 'conntrack-tools'
}

ensure_packages([$_conntrack,])
}

include k8s::install::cni_plugins

if $role == 'server' {
include k8s::server
if $role == 'server' or $role == 'control-plane' {
contain k8s::server
} elsif $role == 'node' {
include k8s::node
contain k8s::node
} elsif $role == 'etcd-replica' {
contain k8s::server::etcd
}
}
2 changes: 1 addition & 1 deletion manifests/install/container_runtime.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,6 @@
}

if $manage_repo {
Class['k8s::repo'] -> Package['k8s container manager']
require k8s::repo
}
}
3 changes: 2 additions & 1 deletion manifests/install/crictl.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,9 @@
Stdlib::HTTPUrl $download_url_template = 'https://github.com/kubernetes-sigs/cri-tools/releases/download/%{version}/crictl-%{version}-linux-%{arch}.tar.gz',
) {
if $manage_repo {
$pkg = pick($crictl_package, 'cri-tools')
include k8s::repo

$pkg = pick($crictl_package, 'cri-tools')
package { $pkg:
ensure => stdlib::ensure($ensure, 'package'),
}
Expand Down
18 changes: 18 additions & 0 deletions manifests/node.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,24 @@

Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
) {
include k8s::common
include k8s::install::cni_plugins

if $k8s::manage_container_manager {
include k8s::install::container_runtime
}
if $k8s::manage_repo {
include k8s::repo
}
if $k8s::manage_packages {
# Ensure conntrack is installed to properly handle networking cleanup
$_conntrack = fact('os.family') ? {
'Debian' => 'conntrack',
default => 'conntrack-tools',
}
ensure_packages([$_conntrack,])
}

if $manage_crictl {
include k8s::install::crictl
}
Expand Down
6 changes: 3 additions & 3 deletions manifests/node/kube_proxy.pp
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# @summary Sets up a on-node kube-proxy instance
# @api private
#
# For most use-cases, running kube-proxy inside the cluster itself is recommended
#
Expand Down Expand Up @@ -100,8 +101,7 @@

if $k8s::packaging == 'container' {
} else {
$_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
file { "${_sysconfig_path}/kube-proxy":
file { "${k8s::sysconfig_path}/kube-proxy":
ensure => $_ensure,
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes kube-proxy configuration',
Expand All @@ -122,7 +122,7 @@
bin => 'kube-proxy',
}),
require => [
File["${_sysconfig_path}/kube-proxy"],
File["${k8s::sysconfig_path}/kube-proxy"],
User[$k8s::user],
],
notify => Service['kube-proxy'],
Expand Down
8 changes: 5 additions & 3 deletions manifests/node/kubelet.pp
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# @summary Installs and configures kubelet
# @api private
#
# @param arguments additional arguments to pass to kubelet
# @param auth type of node authentication
Expand Down Expand Up @@ -52,6 +53,8 @@

Optional[K8s::Firewall] $firewall_type = $k8s::node::firewall_type,
) {
assert_private()

k8s::binary { 'kubelet':
ensure => $ensure,
notify => Service['kubelet'],
Expand Down Expand Up @@ -231,8 +234,7 @@
node_ip => $_node_ip,
} + $arguments)

$_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
file { "${_sysconfig_path}/kubelet":
file { "${k8s::sysconfig_path}/kubelet":
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes Kubelet configuration',
environment_variables => {
Expand All @@ -252,7 +254,7 @@
bin => 'kubelet',
}),
require => [
File["${_sysconfig_path}/kubelet", '/etc/kubernetes/kubelet.conf'],
File["${k8s::sysconfig_path}/kubelet", '/etc/kubernetes/kubelet.conf'],
User[$k8s::user],
],
notify => Service['kubelet'],
Expand Down
2 changes: 2 additions & 0 deletions manifests/server.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@
Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
String[1] $etcd_cluster_name = $k8s::etcd_cluster_name,
) {
include k8s::common

if $manage_etcd {
class { 'k8s::server::etcd':
ensure => $ensure,
Expand Down
6 changes: 3 additions & 3 deletions manifests/server/apiserver.pp
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# @summary Installs and configures a Kubernetes apiserver
# @api private
#
# @param advertise_address bind address of the apiserver
# @param aggregator_ca_cert path to the aggregator ca cert file
Expand Down Expand Up @@ -263,8 +264,7 @@
}
# TODO: Create a dummy kube-apiserver service that just requires kubelet
} else {
$_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
file { "${_sysconfig_path}/kube-apiserver":
file { "${k8s::sysconfig_path}/kube-apiserver":
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes API Server configuration',
environment_variables => {
Expand All @@ -287,7 +287,7 @@
group => $k8s::group,
}),
require => [
File["${_sysconfig_path}/kube-apiserver"],
File["${k8s::sysconfig_path}/kube-apiserver"],
User[$k8s::user],
],
notify => Service['kube-apiserver'],
Expand Down
6 changes: 3 additions & 3 deletions manifests/server/controller_manager.pp
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# @summary Installs and configures a Kubernetes controller manager
# @api private
#
# @param arguments Additional arguments to pass to the controller manager.
# @param ca_cert The path to the CA certificate.
Expand Down Expand Up @@ -90,8 +91,7 @@
client_key => $key,
}

$_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
file { "${_sysconfig_path}/kube-controller-manager":
file { "${k8s::sysconfig_path}/kube-controller-manager":
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes Controller Manager configuration',
environment_variables => {
Expand All @@ -115,7 +115,7 @@
group => $k8s::group,
}),
require => [
File["${_sysconfig_path}/kube-controller-manager"],
File["${k8s::sysconfig_path}/kube-controller-manager"],
User[$k8s::user],
],
notify => Service['kube-controller-manager'],
Expand Down
Loading

0 comments on commit d416a02

Please sign in to comment.