Blame - cluster/kube/cluster.jsonnet - hscloud

blob: fc0db19a7fdcf5f1cf0d5cb1294dcc56299458e5 [file] [log] [blame]

Sergiusz Bazanski	4d9e72c	2019-01-13 22:06:33 +0100	[diff] [blame]	1	# Top level cluster configuration.
				2
				3	local kube = import "../../kube/kube.libsonnet";
Sergiusz Bazanski	c7258f4	2019-06-21 00:24:09 +0200	[diff] [blame]	4
Sergiusz Bazanski	af3be42	2019-01-17 18:57:19 +0100	[diff] [blame]	5	local calico = import "lib/calico.libsonnet";
Sergiusz Bazanski	c7258f4	2019-06-21 00:24:09 +0200	[diff] [blame]	6	local certmanager = import "lib/cert-manager.libsonnet";
				7	local cockroachdb = import "lib/cockroachdb.libsonnet";
				8	local coredns = import "lib/coredns.libsonnet";
Sergiusz Bazanski	1e565dc	2019-01-18 09:40:59 +0100	[diff] [blame]	9	local metallb = import "lib/metallb.libsonnet";
Sergiusz Bazanski	c7258f4	2019-06-21 00:24:09 +0200	[diff] [blame]	10	local metrics = import "lib/metrics.libsonnet";
Sergiusz Bazanski	a9c7e86	2019-04-01 17:56:28 +0200	[diff] [blame]	11	local nginx = import "lib/nginx.libsonnet";
Sergiusz Bazanski	b7fcc67	2019-04-01 18:40:50 +0200	[diff] [blame]	12	local rook = import "lib/rook.libsonnet";
Sergiusz Bazanski	4d9e72c	2019-01-13 22:06:33 +0100	[diff] [blame]	13
				14	local Cluster(fqdn) = {
				15	local cluster = self,
				16
				17	// These are required to let the API Server contact kubelets.
				18	crAPIServerToKubelet: kube.ClusterRole("system:kube-apiserver-to-kubelet") {
				19	metadata+: {
				20	annotations+: {
				21	"rbac.authorization.kubernetes.io/autoupdate": "true",
				22	},
				23	labels+: {
				24	"kubernets.io/bootstrapping": "rbac-defaults",
				25	},
				26	},
				27	rules: [
				28	{
				29	apiGroups: [""],
				30	resources: ["nodes/%s" % r for r in [ "proxy", "stats", "log", "spec", "metrics" ]],
				31	verbs: ["*"],
				32	},
				33	],
				34	},
Sergiusz Bazanski	5bebbeb	2019-01-13 22:08:05 +0100	[diff] [blame]	35	crbAPIServer: kube.ClusterRoleBinding("system:kube-apiserver") {
Sergiusz Bazanski	4d9e72c	2019-01-13 22:06:33 +0100	[diff] [blame]	36	roleRef: {
				37	apiGroup: "rbac.authorization.k8s.io",
				38	kind: "ClusterRole",
				39	name: cluster.crAPIServerToKubelet.metadata.name,
				40	},
				41	subjects: [
				42	{
				43	apiGroup: "rbac.authorization.k8s.io",
				44	kind: "User",
				45	# A cluster API Server authenticates with a certificate whose CN is == to the FQDN of the cluster.
				46	name: fqdn,
				47	},
				48	],
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	49	},
				50
Sergiusz Bazanski	af3be42	2019-01-17 18:57:19 +0100	[diff] [blame]	51	// Calico network fabric
				52	calico: calico.Environment {},
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	53	// CoreDNS for this cluster.
Sergiusz Bazanski	af3be42	2019-01-17 18:57:19 +0100	[diff] [blame]	54	dns: coredns.Environment {},
				55	// Metrics Server
				56	metrics: metrics.Environment {},
Sergiusz Bazanski	1e565dc	2019-01-18 09:40:59 +0100	[diff] [blame]	57	// Metal Load Balancer
Sergiusz Bazanski	14cbacb	2019-04-01 18:00:44 +0200	[diff] [blame]	58	metallb: metallb.Environment {
				59	cfg+: {
				60	addressPools: [
				61	{ name: "public-v4-1", protocol: "layer2", addresses: ["185.236.240.50-185.236.240.63"] },
				62	],
				63	},
				64	},
Sergiusz Bazanski	a9c7e86	2019-04-01 17:56:28 +0200	[diff] [blame]	65	// Main nginx Ingress Controller
				66	nginx: nginx.Environment {},
Piotr Dobrowolski	79ddbc5	2019-04-02 13:20:15 +0200	[diff] [blame]	67	certmanager: certmanager.Environment {},
Piotr Dobrowolski	3187c59	2019-04-02 14:44:04 +0200	[diff] [blame]	68	issuer: certmanager.ClusterIssuer("letsencrypt-prod") {
				69	spec: {
				70	acme: {
				71	server: "https://acme-v02.api.letsencrypt.org/directory",
				72	email: "bofh@hackerspace.pl",
				73	privateKeySecretRef: {
				74	name: "letsencrypt-prod"
				75	},
				76	http01: {},
				77	},
				78	},
				79	},
Sergiusz Bazanski	c6da127	2019-04-02 00:06:13 +0200	[diff] [blame]	80
Sergiusz Bazanski	b7fcc67	2019-04-01 18:40:50 +0200	[diff] [blame]	81	// Rook Ceph storage
Sergiusz Bazanski	c3b0f76	2019-06-20 16:42:19 +0200	[diff] [blame]	82	rook: rook.Operator {
				83	operator+: {
				84	spec+: {
				85	// TODO(q3k): Bring up the operator again when stability gets fixed
				86	// See: https://github.com/rook/rook/issues/3059#issuecomment-492378873
				87	replicas: 0,
				88	},
				89	},
				90	},
Sergiusz Bazanski	4d9e72c	2019-01-13 22:06:33 +0100	[diff] [blame]	91	};
				92
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	93
Sergiusz Bazanski	4d9e72c	2019-01-13 22:06:33 +0100	[diff] [blame]	94	{
Sergiusz Bazanski	c7258f4	2019-06-21 00:24:09 +0200	[diff] [blame]	95	k0: {
				96	local k0 = self,
				97	cluster: Cluster("k0.hswaw.net"),
				98	cockroach: {
				99	waw1: cockroachdb.Cluster("crdb-waw1") {
				100	cfg+: {
				101	topology: [
Sergiusz Bazanski	184678b	2019-06-22 02:07:41 +0200	[diff] [blame^]	102	{ name: "bc01n01", node: "bc01n01.hswaw.net" },
				103	{ name: "bc01n02", node: "bc01n02.hswaw.net" },
				104	{ name: "bc01n03", node: "bc01n03.hswaw.net" },
Sergiusz Bazanski	c7258f4	2019-06-21 00:24:09 +0200	[diff] [blame]	105	],
				106	hostPath: "/var/db/crdb-waw1",
				107	},
				108	},
				109	},
				110	ceph: {
				111	// waw1 cluster
				112	waw1: rook.Cluster(k0.cluster.rook, "ceph-waw1") {
				113	spec: {
				114	mon: {
				115	count: 3,
				116	allowMultiplePerNode: false,
				117	},
				118	storage: {
				119	useAllNodes: false,
				120	useAllDevices: false,
				121	config: {
				122	databaseSizeMB: "1024",
				123	journalSizeMB: "1024",
				124	},
				125	nodes: [
				126	{
				127	name: "bc01n01.hswaw.net",
				128	location: "rack=dcr01 chassis=bc01 host=bc01n01",
				129	devices: [ { name: "sda" } ],
				130	},
				131	{
				132	name: "bc01n02.hswaw.net",
				133	location: "rack=dcr01 chassis=bc01 host=bc01n02",
				134	devices: [ { name: "sda" } ],
				135	},
				136	{
				137	name: "bc01n03.hswaw.net",
				138	location: "rack=dcr01 chassis=bc01 host=bc01n03",
				139	devices: [ { name: "sda" } ],
				140	},
				141	],
				142	},
				143	},
				144	},
				145	// redundant block storage
				146	blockRedundant: rook.ECBlockPool(k0.ceph.waw1, "waw-hdd-redundant-1") {
				147	spec: {
				148	failureDomain: "host",
				149	erasureCoded: {
				150	dataChunks: 2,
				151	codingChunks: 1,
				152	},
				153	},
				154	},
				155	// yolo block storage (no replicas!)
				156	blockYolo: rook.ReplicatedBlockPool(k0.ceph.waw1, "waw-hdd-yolo-1") {
				157	spec: {
				158	failureDomain: "host",
				159	replicated: {
				160	size: 1,
				161	},
				162	},
				163	},
				164	objectRedundant: rook.S3ObjectStore(k0.ceph.waw1, "waw-hdd-redundant-1-object") {
				165	spec: {
				166	metadataPool: {
				167	failureDomain: "host",
				168	replicated: { size: 3 },
				169	},
				170	dataPool: {
				171	failureDomain: "host",
				172	erasureCoded: {
				173	dataChunks: 2,
				174	codingChunks: 1,
				175	},
				176	},
				177	},
				178	},
				179	},
				180	},
Sergiusz Bazanski	4d9e72c	2019-01-13 22:06:33 +0100	[diff] [blame]	181	}