Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 5f2dc8530d13a16656889dc87de183b411e835b5 / . / cluster / kube / cluster.jsonnet
blob: 48a89790576b070d8aa2afde24fc8a4b9387175e [file] [log] [blame]
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]1# Top level cluster configuration.
2
3local kube = import "../../kube/kube.libsonnet";
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]4local coredns = import "lib/coredns.libsonnet";
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]5local metrics = import "lib/metrics.libsonnet";
6local calico = import "lib/calico.libsonnet";
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]7local metallb = import "lib/metallb.libsonnet";
Sergiusz Bazanskia9c7e862019-04-01 17:56:28 +0200[diff] [blame]8local nginx = import "lib/nginx.libsonnet";
Sergiusz Bazanskib7fcc672019-04-01 18:40:50 +0200[diff] [blame]9local rook = import "lib/rook.libsonnet";
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]10
11local Cluster(fqdn) = {
12 local cluster = self,
13
14 // These are required to let the API Server contact kubelets.
15 crAPIServerToKubelet: kube.ClusterRole("system:kube-apiserver-to-kubelet") {
16 metadata+: {
17 annotations+: {
18 "rbac.authorization.kubernetes.io/autoupdate": "true",
19 },
20 labels+: {
21 "kubernets.io/bootstrapping": "rbac-defaults",
22 },
23 },
24 rules: [
25 {
26 apiGroups: [""],
27 resources: ["nodes/%s" % r for r in [ "proxy", "stats", "log", "spec", "metrics" ]],
28 verbs: ["*"],
29 },
30 ],
31 },
Sergiusz Bazanski5bebbeb2019-01-13 22:08:05 +0100[diff] [blame]32 crbAPIServer: kube.ClusterRoleBinding("system:kube-apiserver") {
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]33 roleRef: {
34 apiGroup: "rbac.authorization.k8s.io",
35 kind: "ClusterRole",
36 name: cluster.crAPIServerToKubelet.metadata.name,
37 },
38 subjects: [
39 {
40 apiGroup: "rbac.authorization.k8s.io",
41 kind: "User",
42 # A cluster API Server authenticates with a certificate whose CN is == to the FQDN of the cluster.
43 name: fqdn,
44 },
45 ],
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]46 },
47
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]48 // Calico network fabric
49 calico: calico.Environment {},
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]50 // CoreDNS for this cluster.
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]51 dns: coredns.Environment {},
52 // Metrics Server
53 metrics: metrics.Environment {},
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]54 // Metal Load Balancer
Sergiusz Bazanski14cbacb2019-04-01 18:00:44 +0200[diff] [blame]55 metallb: metallb.Environment {
56 cfg+: {
57 addressPools: [
58 { name: "public-v4-1", protocol: "layer2", addresses: ["185.236.240.50-185.236.240.63"] },
59 ],
60 },
61 },
Sergiusz Bazanskia9c7e862019-04-01 17:56:28 +0200[diff] [blame]62 // Main nginx Ingress Controller
63 nginx: nginx.Environment {},
Sergiusz Bazanskic6da1272019-04-02 00:06:13 +0200[diff] [blame]64
Sergiusz Bazanskib7fcc672019-04-01 18:40:50 +0200[diff] [blame]65 // Rook Ceph storage
Sergiusz Bazanskic6da1272019-04-02 00:06:13 +0200[diff] [blame]66 rook: rook.Operator {},
67 // waw1 ceph cluster
68 cephWaw1: rook.Cluster(cluster.rook, "ceph-waw1") {
69 spec: {
70 mon: {
71 count: 3,
72 allowMultiplePerNode: false,
73 },
74 storage: {
75 useAllNodes: false,
76 useAllDevices: false,
77 config: {
78 databaseSizeMB: "1024",
79 journalSizeMB: "1024",
80 },
81 nodes: [
82 {
83 name: "bc01n01.hswaw.net",
84 location: "rack=dcr01 chassis=bc01 host=bc01n01",
85 devices: [ { name: "sda" } ],
86 },
87 {
88 name: "bc01n02.hswaw.net",
89 location: "rack=dcr01 chassis=bc01 host=bc01n02",
90 devices: [ { name: "sda" } ],
91 },
92 {
93 name: "bc01n03.hswaw.net",
94 location: "rack=dcr01 chassis=bc01 host=bc01n03",
95 devices: [ { name: "sda" } ],
96 },
97 ],
98 },
99 },
100 },
Sergiusz Bazanski65f3b1d2019-04-02 01:05:38 +0200[diff] [blame]101 // redundant block storage
102 cephWaw1Redundant: rook.ECBlockPool(cluster.cephWaw1, "waw-hdd-redundant-1") {
103 spec: {
104 failureDomain: "host",
105 erasureCoded: {
106 dataChunks: 2,
107 codingChunks: 1,
108 },
109 },
110 },
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]111};
112
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]113
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]114{
115 k0: Cluster("k0.hswaw.net"),
116}