add configuration bundle for drydock export
This commit is contained in:
parent
daeef2a085
commit
595e0ef4a9
|
@ -53,6 +53,10 @@ class Document:
|
|||
def name(self):
|
||||
return self.metadata['name']
|
||||
|
||||
@property
|
||||
def alias(self):
|
||||
return self.metadata.get('alias')
|
||||
|
||||
@property
|
||||
def target(self):
|
||||
return self.metadata.get('target')
|
||||
|
@ -91,9 +95,11 @@ class Configuration:
|
|||
else:
|
||||
return results[0]
|
||||
|
||||
def get(self, *, kind, name):
|
||||
def get(self, *, kind, alias=None, name=None):
|
||||
for document in self.documents:
|
||||
if document.kind == kind and document.name == name:
|
||||
if (document.kind == kind
|
||||
and (not alias or document.alias == alias)
|
||||
and (not name or document.name == name)) :
|
||||
return document
|
||||
|
||||
def iterate(self, *, kind=None, target=None):
|
||||
|
|
|
@ -66,6 +66,8 @@ class Generator:
|
|||
)
|
||||
|
||||
config.Configuration([
|
||||
admin_cert,
|
||||
admin_cert_key,
|
||||
cluster_ca,
|
||||
cluster_ca_key,
|
||||
etcd_client_ca,
|
||||
|
@ -76,6 +78,19 @@ class Generator:
|
|||
sa_priv,
|
||||
]).write(os.path.join(output_dir, 'admin-bundle.yaml'))
|
||||
|
||||
complete_configuration = [
|
||||
admin_cert,
|
||||
admin_cert_key,
|
||||
cluster_ca,
|
||||
cluster_ca_key,
|
||||
etcd_client_ca,
|
||||
etcd_client_ca_key,
|
||||
etcd_peer_ca,
|
||||
etcd_peer_ca_key,
|
||||
sa_pub,
|
||||
sa_priv,
|
||||
]
|
||||
|
||||
for hostname, data in cluster['nodes'].items():
|
||||
if 'genesis' in data.get('roles', []):
|
||||
genesis_hostname = hostname
|
||||
|
@ -99,6 +114,7 @@ class Generator:
|
|||
|
||||
proxy_cert, proxy_cert_key = keys.generate_certificate(
|
||||
alias='proxy',
|
||||
config_name='system:kube-proxy:%s' % hostname,
|
||||
name='system:kube-proxy',
|
||||
ca_name='cluster',
|
||||
hosts=[
|
||||
|
@ -107,6 +123,14 @@ class Generator:
|
|||
],
|
||||
target=hostname)
|
||||
|
||||
complete_configuration.extend([
|
||||
kubelet_cert,
|
||||
kubelet_cert_key,
|
||||
node,
|
||||
proxy_cert,
|
||||
proxy_cert_key,
|
||||
])
|
||||
|
||||
common_documents = [
|
||||
cluster_ca,
|
||||
kubelet_cert,
|
||||
|
@ -130,12 +154,14 @@ class Generator:
|
|||
sa_pub,
|
||||
])
|
||||
if 'genesis' not in data.get('roles', []):
|
||||
role_specific_documents.append(
|
||||
_master_etcd_config(cluster_name, genesis_hostname,
|
||||
hostname, masters)
|
||||
)
|
||||
role_specific_documents.extend(_master_config(hostname, data,
|
||||
masters, network, keys))
|
||||
etcd_config = _master_etcd_config(
|
||||
cluster_name, genesis_hostname, hostname, masters)
|
||||
complete_configuration.append(etcd_config)
|
||||
role_specific_documents.append(etcd_config)
|
||||
master_documents = _master_config(hostname, data,
|
||||
masters, network, keys)
|
||||
complete_configuration.extend(master_documents)
|
||||
role_specific_documents.extend(master_documents)
|
||||
|
||||
if 'genesis' in data.get('roles', []):
|
||||
role_specific_documents.extend(_genesis_config(hostname, data,
|
||||
|
@ -146,6 +172,9 @@ class Generator:
|
|||
c = config.Configuration(common_documents + role_specific_documents)
|
||||
c.write(os.path.join(output_dir, hostname + '.yaml'))
|
||||
|
||||
config.Configuration(complete_configuration).write(
|
||||
os.path.join(output_dir, 'complete-bundle.yaml'))
|
||||
|
||||
def construct_masters(self, cluster_name):
|
||||
masters = []
|
||||
for hostname, data in self.input_config['Cluster']['nodes'].items():
|
||||
|
|
|
@ -61,14 +61,17 @@ class PKI:
|
|||
alias = name
|
||||
|
||||
return (self._wrap('PublicKey', pub_result['pub.pem'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=name,
|
||||
target=target),
|
||||
self._wrap('PrivateKey', priv_result['priv.pem'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=name,
|
||||
target=target))
|
||||
|
||||
|
||||
def generate_certificate(self, *, alias=None, ca_name, groups=[], hosts=[], name, target):
|
||||
def generate_certificate(self, *, alias=None, config_name=None,
|
||||
ca_name, groups=[], hosts=[], name, target):
|
||||
result = self._cfssl(
|
||||
['gencert',
|
||||
'-ca', 'ca.pem',
|
||||
|
@ -85,11 +88,16 @@ class PKI:
|
|||
if not alias:
|
||||
alias = name
|
||||
|
||||
if not config_name:
|
||||
config_name = name
|
||||
|
||||
return (self._wrap('Certificate', result['cert'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=config_name,
|
||||
target=target),
|
||||
self._wrap('CertificateKey', result['key'],
|
||||
name=alias,
|
||||
alias=alias,
|
||||
name=config_name,
|
||||
target=target))
|
||||
|
||||
def csr(self, *, name, groups=[], hosts=[], key={'algo': 'rsa', 'size': 2048}):
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='kubelet')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='kubelet')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='kubelet')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='kubelet')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='proxy')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='proxy')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='proxy')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='proxy')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='apiserver')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='apiserver')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='apiserver')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='apiserver')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='etcd-apiserver-client')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='etcd-apiserver-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='etcd-apiserver-client')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='etcd-apiserver-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='controller-manager')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='controller-manager')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='controller-manager')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='controller-manager')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='etcd-client')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='etcd-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='etcd-client')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='etcd-client')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='etcd-peer')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='etcd-peer')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='etcd-peer')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='etcd-peer')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='CertificateKey', name='scheduler')['data'] }}
|
||||
{{ config.get(kind='CertificateKey', alias='scheduler')['data'] }}
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ config.get(kind='Certificate', name='scheduler')['data'] }}
|
||||
{{ config.get(kind='Certificate', alias='scheduler')['data'] }}
|
||||
|
|
Loading…
Reference in New Issue