Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 14cbacb81a6effa45300c0831e13225d2aec697f / . / cluster / kube / cluster.jsonnet
blob: 2f6da459829427094b14dc1a1d6184a5bff9da02 [file] [log] [blame]
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]1# Top level cluster configuration.
2
3local kube = import "../../kube/kube.libsonnet";
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]4local coredns = import "lib/coredns.libsonnet";
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]5local metrics = import "lib/metrics.libsonnet";
6local calico = import "lib/calico.libsonnet";
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]7local metallb = import "lib/metallb.libsonnet";
Sergiusz Bazanskia9c7e862019-04-01 17:56:28 +0200[diff] [blame]8local nginx = import "lib/nginx.libsonnet";
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]9
10local Cluster(fqdn) = {
11 local cluster = self,
12
13 // These are required to let the API Server contact kubelets.
14 crAPIServerToKubelet: kube.ClusterRole("system:kube-apiserver-to-kubelet") {
15 metadata+: {
16 annotations+: {
17 "rbac.authorization.kubernetes.io/autoupdate": "true",
18 },
19 labels+: {
20 "kubernets.io/bootstrapping": "rbac-defaults",
21 },
22 },
23 rules: [
24 {
25 apiGroups: [""],
26 resources: ["nodes/%s" % r for r in [ "proxy", "stats", "log", "spec", "metrics" ]],
27 verbs: ["*"],
28 },
29 ],
30 },
Sergiusz Bazanski5bebbeb2019-01-13 22:08:05 +0100[diff] [blame]31 crbAPIServer: kube.ClusterRoleBinding("system:kube-apiserver") {
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]32 roleRef: {
33 apiGroup: "rbac.authorization.k8s.io",
34 kind: "ClusterRole",
35 name: cluster.crAPIServerToKubelet.metadata.name,
36 },
37 subjects: [
38 {
39 apiGroup: "rbac.authorization.k8s.io",
40 kind: "User",
41 # A cluster API Server authenticates with a certificate whose CN is == to the FQDN of the cluster.
42 name: fqdn,
43 },
44 ],
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]45 },
46
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]47 // Calico network fabric
48 calico: calico.Environment {},
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]49 // CoreDNS for this cluster.
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]50 dns: coredns.Environment {},
51 // Metrics Server
52 metrics: metrics.Environment {},
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]53 // Metal Load Balancer
Sergiusz Bazanski14cbacb2019-04-01 18:00:44 +0200[diff] [blame^]54 metallb: metallb.Environment {
55 cfg+: {
56 addressPools: [
57 { name: "public-v4-1", protocol: "layer2", addresses: ["185.236.240.50-185.236.240.63"] },
58 ],
59 },
60 },
Sergiusz Bazanskia9c7e862019-04-01 17:56:28 +0200[diff] [blame]61 // Main nginx Ingress Controller
62 nginx: nginx.Environment {},
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]63};
64
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]65
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]66{
67 k0: Cluster("k0.hswaw.net"),
68}