Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / d16454badc639bcec7ab4b54e7fe6a897b6052af / . / cluster / kube / cluster.jsonnet
blob: dab37a87457ded45ab9b2eb6ecf873fa2db941eb [file] [log] [blame]
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]1# Top level cluster configuration.
2
3local kube = import "../../kube/kube.libsonnet";
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]4
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]5local calico = import "lib/calico.libsonnet";
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]6local certmanager = import "lib/cert-manager.libsonnet";
7local cockroachdb = import "lib/cockroachdb.libsonnet";
8local coredns = import "lib/coredns.libsonnet";
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]9local metallb = import "lib/metallb.libsonnet";
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]10local metrics = import "lib/metrics.libsonnet";
Sergiusz Bazanskia9c7e862019-04-01 17:56:28 +0200[diff] [blame]11local nginx = import "lib/nginx.libsonnet";
Sergiusz Bazanski4d61d202019-07-21 16:56:41 +0200[diff] [blame]12local registry = import "lib/registry.libsonnet";
Sergiusz Bazanskib7fcc672019-04-01 18:40:50 +0200[diff] [blame]13local rook = import "lib/rook.libsonnet";
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]14
15local Cluster(fqdn) = {
16 local cluster = self,
Sergiusz Bazanski4d61d202019-07-21 16:56:41 +0200[diff] [blame]17 local cfg = cluster.cfg,
18
19 cfg:: {
20 // Storage class used for internal services (like registry). This must
21 // be set to a valid storage class. This can either be a cloud provider class
22 // (when running on GKE &co) or a storage class created using rook.
23 storageClassNameRedundant: error "storageClassNameRedundant must be set",
24 },
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]25
26 // These are required to let the API Server contact kubelets.
27 crAPIServerToKubelet: kube.ClusterRole("system:kube-apiserver-to-kubelet") {
28 metadata+: {
29 annotations+: {
30 "rbac.authorization.kubernetes.io/autoupdate": "true",
31 },
32 labels+: {
33 "kubernets.io/bootstrapping": "rbac-defaults",
34 },
35 },
36 rules: [
37 {
38 apiGroups: [""],
39 resources: ["nodes/%s" % r for r in [ "proxy", "stats", "log", "spec", "metrics" ]],
40 verbs: ["*"],
41 },
42 ],
43 },
Sergiusz Bazanski5bebbeb2019-01-13 22:08:05 +0100[diff] [blame]44 crbAPIServer: kube.ClusterRoleBinding("system:kube-apiserver") {
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]45 roleRef: {
46 apiGroup: "rbac.authorization.k8s.io",
47 kind: "ClusterRole",
48 name: cluster.crAPIServerToKubelet.metadata.name,
49 },
50 subjects: [
51 {
52 apiGroup: "rbac.authorization.k8s.io",
53 kind: "User",
54 # A cluster API Server authenticates with a certificate whose CN is == to the FQDN of the cluster.
55 name: fqdn,
56 },
57 ],
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]58 },
59
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]60 // Calico network fabric
61 calico: calico.Environment {},
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]62 // CoreDNS for this cluster.
Sergiusz Bazanskiaf3be422019-01-17 18:57:19 +0100[diff] [blame]63 dns: coredns.Environment {},
64 // Metrics Server
65 metrics: metrics.Environment {},
Sergiusz Bazanski1e565dc2019-01-18 09:40:59 +0100[diff] [blame]66 // Metal Load Balancer
Sergiusz Bazanski14cbacb2019-04-01 18:00:44 +0200[diff] [blame]67 metallb: metallb.Environment {
68 cfg+: {
69 addressPools: [
70 { name: "public-v4-1", protocol: "layer2", addresses: ["185.236.240.50-185.236.240.63"] },
71 ],
72 },
73 },
Sergiusz Bazanskia9c7e862019-04-01 17:56:28 +0200[diff] [blame]74 // Main nginx Ingress Controller
75 nginx: nginx.Environment {},
Piotr Dobrowolski79ddbc52019-04-02 13:20:15 +0200[diff] [blame]76 certmanager: certmanager.Environment {},
Piotr Dobrowolski3187c592019-04-02 14:44:04 +0200[diff] [blame]77 issuer: certmanager.ClusterIssuer("letsencrypt-prod") {
78 spec: {
79 acme: {
80 server: "https://acme-v02.api.letsencrypt.org/directory",
81 email: "bofh@hackerspace.pl",
82 privateKeySecretRef: {
83 name: "letsencrypt-prod"
84 },
85 http01: {},
86 },
87 },
88 },
Sergiusz Bazanskic6da1272019-04-02 00:06:13 +0200[diff] [blame]89
Sergiusz Bazanskib7fcc672019-04-01 18:40:50 +0200[diff] [blame]90 // Rook Ceph storage
Sergiusz Bazanskic3b0f762019-06-20 16:42:19 +0200[diff] [blame]91 rook: rook.Operator {
92 operator+: {
93 spec+: {
94 // TODO(q3k): Bring up the operator again when stability gets fixed
95 // See: https://github.com/rook/rook/issues/3059#issuecomment-492378873
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]96 replicas: 1,
Sergiusz Bazanskic3b0f762019-06-20 16:42:19 +0200[diff] [blame]97 },
98 },
99 },
Sergiusz Bazanski4d61d202019-07-21 16:56:41 +0200[diff] [blame]100
101 // Docker registry
102 registry: registry.Environment {
103 cfg+: {
104 domain: "registry.%s" % [fqdn],
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]105 storageClassName: cfg.storageClassNameParanoid,
106 objectStorageName: "waw-hdd-redundant-2-object",
Sergiusz Bazanski4d61d202019-07-21 16:56:41 +0200[diff] [blame]107 },
108 },
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]109};
110
Sergiusz Bazanski49b9a132019-01-14 00:02:59 +0100[diff] [blame]111
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]112{
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]113 k0: {
114 local k0 = self,
Sergiusz Bazanski4d61d202019-07-21 16:56:41 +0200[diff] [blame]115 cluster: Cluster("k0.hswaw.net") {
116 cfg+: {
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]117 storageClassNameParanoid: k0.ceph.blockParanoid.name,
Sergiusz Bazanski4d61d202019-07-21 16:56:41 +0200[diff] [blame]118 },
119 },
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]120 cockroach: {
Sergiusz Bazanskid5338922019-08-09 14:13:50 +0200[diff] [blame]121 waw2: cockroachdb.Cluster("crdb-waw1") {
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]122 cfg+: {
123 topology: [
Sergiusz Bazanski184678b2019-06-22 02:07:41 +0200[diff] [blame]124 { name: "bc01n01", node: "bc01n01.hswaw.net" },
125 { name: "bc01n02", node: "bc01n02.hswaw.net" },
126 { name: "bc01n03", node: "bc01n03.hswaw.net" },
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]127 ],
Sergiusz Bazanskid5338922019-08-09 14:13:50 +0200[diff] [blame]128 hostPath: "/var/db/crdb-waw1",
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]129 },
130 },
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]131 clients: {
132 cccampix: k0.cockroach.waw2.Client("cccampix"),
133 cccampixDev: k0.cockroach.waw2.Client("cccampix-dev"),
134 },
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]135 },
136 ceph: {
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]137 // waw1 cluster - dead as of 2019/08/06, data corruption
138 // waw2 cluster
139 waw2: rook.Cluster(k0.cluster.rook, "ceph-waw2") {
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]140 spec: {
141 mon: {
142 count: 3,
143 allowMultiplePerNode: false,
144 },
145 storage: {
146 useAllNodes: false,
147 useAllDevices: false,
148 config: {
149 databaseSizeMB: "1024",
150 journalSizeMB: "1024",
151 },
152 nodes: [
153 {
154 name: "bc01n01.hswaw.net",
155 location: "rack=dcr01 chassis=bc01 host=bc01n01",
156 devices: [ { name: "sda" } ],
157 },
158 {
159 name: "bc01n02.hswaw.net",
160 location: "rack=dcr01 chassis=bc01 host=bc01n02",
161 devices: [ { name: "sda" } ],
162 },
163 {
164 name: "bc01n03.hswaw.net",
165 location: "rack=dcr01 chassis=bc01 host=bc01n03",
166 devices: [ { name: "sda" } ],
167 },
168 ],
169 },
170 },
171 },
172 // redundant block storage
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]173 blockRedundant: rook.ECBlockPool(k0.ceph.waw2, "waw-hdd-redundant-2") {
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]174 spec: {
175 failureDomain: "host",
176 erasureCoded: {
177 dataChunks: 2,
178 codingChunks: 1,
179 },
180 },
181 },
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]182 // paranoid block storage (3 replicas)
183 blockParanoid: rook.ReplicatedBlockPool(k0.ceph.waw2, "waw-hdd-paranoid-2") {
184 spec: {
185 failureDomain: "host",
186 replicated: {
187 size: 3,
188 },
189 },
190 },
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]191 // yolo block storage (no replicas!)
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]192 blockYolo: rook.ReplicatedBlockPool(k0.ceph.waw2, "waw-hdd-yolo-2") {
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]193 spec: {
194 failureDomain: "host",
195 replicated: {
196 size: 1,
197 },
198 },
199 },
Sergiusz Bazanskid07861b2019-08-08 17:48:25 +0200[diff] [blame]200 objectRedundant: rook.S3ObjectStore(k0.ceph.waw2, "waw-hdd-redundant-2-object") {
Sergiusz Bazanskic7258f42019-06-21 00:24:09 +0200[diff] [blame]201 spec: {
202 metadataPool: {
203 failureDomain: "host",
204 replicated: { size: 3 },
205 },
206 dataPool: {
207 failureDomain: "host",
208 erasureCoded: {
209 dataChunks: 2,
210 codingChunks: 1,
211 },
212 },
213 },
214 },
215 },
216 },
Sergiusz Bazanski4d9e72c2019-01-13 22:06:33 +0100[diff] [blame]217}