airship
/
promenade
Code Issues Proposed changes

add configuration bundle for drydock export

This commit is contained in:
Mark Burnett 2017-06-22 16:29:32 -05:00
parent daeef2a085
commit 595e0ef4a9
19 changed files with 72 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
promenade/config.py
View File

@ -53,6 +53,10 @@ class Document:
def name(self):
return self.metadata['name']
@property
def alias(self):
return self.metadata.get('alias')
@property
def target(self):
return self.metadata.get('target')
@ -91,9 +95,11 @@ class Configuration:
else:
return results[0]
def get(self, *, kind, name):
def get(self, *, kind, alias=None, name=None):
for document in self.documents:
if document.kind == kind and document.name == name:
if (document.kind == kind
and (not alias or document.alias == alias)
and (not name or document.name == name)) :
return document
def iterate(self, *, kind=None, target=None):

41
promenade/generator.py
View File

@ -66,6 +66,8 @@ class Generator:
)
config.Configuration([
admin_cert,
admin_cert_key,
cluster_ca,
cluster_ca_key,
etcd_client_ca,
@ -76,6 +78,19 @@ class Generator:
sa_priv,
]).write(os.path.join(output_dir, 'admin-bundle.yaml'))
complete_configuration = [
admin_cert,
admin_cert_key,
cluster_ca,
cluster_ca_key,
etcd_client_ca,
etcd_client_ca_key,
etcd_peer_ca,
etcd_peer_ca_key,
sa_pub,
sa_priv,
]
for hostname, data in cluster['nodes'].items():
if 'genesis' in data.get('roles', []):
genesis_hostname = hostname
@ -99,6 +114,7 @@ class Generator:
proxy_cert, proxy_cert_key = keys.generate_certificate(
alias='proxy',
config_name='system:kube-proxy:%s' % hostname,
name='system:kube-proxy',
ca_name='cluster',
hosts=[
@ -107,6 +123,14 @@ class Generator:
],
target=hostname)
complete_configuration.extend([
kubelet_cert,
kubelet_cert_key,
node,
proxy_cert,
proxy_cert_key,
])
common_documents = [
cluster_ca,
kubelet_cert,
@ -130,12 +154,14 @@ class Generator:
sa_pub,
])
if 'genesis' not in data.get('roles', []):
role_specific_documents.append(
_master_etcd_config(cluster_name, genesis_hostname,
hostname, masters)
)
role_specific_documents.extend(_master_config(hostname, data,
masters, network, keys))
etcd_config = _master_etcd_config(
cluster_name, genesis_hostname, hostname, masters)
complete_configuration.append(etcd_config)
role_specific_documents.append(etcd_config)
master_documents = _master_config(hostname, data,
masters, network, keys)
complete_configuration.extend(master_documents)
role_specific_documents.extend(master_documents)
if 'genesis' in data.get('roles', []):
role_specific_documents.extend(_genesis_config(hostname, data,
@ -146,6 +172,9 @@ class Generator:
c = config.Configuration(common_documents + role_specific_documents)
c.write(os.path.join(output_dir, hostname + '.yaml'))
config.Configuration(complete_configuration).write(
os.path.join(output_dir, 'complete-bundle.yaml'))
def construct_masters(self, cluster_name):
masters = []
for hostname, data in self.input_config['Cluster']['nodes'].items():

18
promenade/pki.py
View File

@ -61,14 +61,17 @@ class PKI:
alias = name
return (self._wrap('PublicKey', pub_result['pub.pem'],
name=alias,
alias=alias,
name=name,
target=target),
self._wrap('PrivateKey', priv_result['priv.pem'],
name=alias,
alias=alias,
name=name,
target=target))
def generate_certificate(self, *, alias=None, ca_name, groups=[], hosts=[], name, target):
def generate_certificate(self, *, alias=None, config_name=None,
ca_name, groups=[], hosts=[], name, target):
result = self._cfssl(
['gencert',
'-ca', 'ca.pem',
@ -85,11 +88,16 @@ class PKI:
if not alias:
alias = name
if not config_name:
config_name = name
return (self._wrap('Certificate', result['cert'],
name=alias,
alias=alias,
name=config_name,
target=target),
self._wrap('CertificateKey', result['key'],
name=alias,
alias=alias,
name=config_name,
target=target))
def csr(self, *, name, groups=[], hosts=[], key={'algo': 'rsa', 'size': 2048}):

2
promenade/templates/common/etc/kubernetes/kubelet/pki/kubelet-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='kubelet')['data'] }}
{{ config.get(kind='CertificateKey', alias='kubelet')['data'] }}

2
promenade/templates/common/etc/kubernetes/kubelet/pki/kubelet.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='kubelet')['data'] }}
{{ config.get(kind='Certificate', alias='kubelet')['data'] }}

2
promenade/templates/common/etc/kubernetes/proxy/pki/proxy-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='proxy')['data'] }}
{{ config.get(kind='CertificateKey', alias='proxy')['data'] }}

2
promenade/templates/common/etc/kubernetes/proxy/pki/proxy.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='proxy')['data'] }}
{{ config.get(kind='Certificate', alias='proxy')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/apiserver-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='apiserver')['data'] }}
{{ config.get(kind='CertificateKey', alias='apiserver')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/apiserver.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='apiserver')['data'] }}
{{ config.get(kind='Certificate', alias='apiserver')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/etcd-client-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='etcd-apiserver-client')['data'] }}
{{ config.get(kind='CertificateKey', alias='etcd-apiserver-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/apiserver/pki/etcd-client.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='etcd-apiserver-client')['data'] }}
{{ config.get(kind='Certificate', alias='etcd-apiserver-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/controller-manager/pki/controller-manager-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='controller-manager')['data'] }}
{{ config.get(kind='CertificateKey', alias='controller-manager')['data'] }}

2
promenade/templates/master/etc/kubernetes/controller-manager/pki/controller-manager.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='controller-manager')['data'] }}
{{ config.get(kind='Certificate', alias='controller-manager')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-client-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='etcd-client')['data'] }}
{{ config.get(kind='CertificateKey', alias='etcd-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-client.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='etcd-client')['data'] }}
{{ config.get(kind='Certificate', alias='etcd-client')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-peer-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='etcd-peer')['data'] }}
{{ config.get(kind='CertificateKey', alias='etcd-peer')['data'] }}

2
promenade/templates/master/etc/kubernetes/etcd/pki/etcd-peer.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='etcd-peer')['data'] }}
{{ config.get(kind='Certificate', alias='etcd-peer')['data'] }}

2
promenade/templates/master/etc/kubernetes/scheduler/pki/scheduler-key.pem
View File

@ -1 +1 @@
{{ config.get(kind='CertificateKey', name='scheduler')['data'] }}
{{ config.get(kind='CertificateKey', alias='scheduler')['data'] }}

2
promenade/templates/master/etc/kubernetes/scheduler/pki/scheduler.pem
View File

@ -1 +1 @@
{{ config.get(kind='Certificate', name='scheduler')['data'] }}
{{ config.get(kind='Certificate', alias='scheduler')['data'] }}