Created
January 18, 2016 20:14
-
-
Save christian-blades-cb/71501651dd438a72e079 to your computer and use it in GitHub Desktop.
cloudformation-coreos-kubernetes-hvm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Kubernetes on CoreOS", | |
"Mappings" : { | |
"RegionMap" : { | |
"ap-northeast-1": { | |
"AMI": "ami-dae8c1b4" | |
}, | |
"ap-southeast-1": { | |
"AMI": "ami-085a9a6b" | |
}, | |
"ap-southeast-2": { | |
"AMI": "ami-eeadf58d" | |
}, | |
"eu-central-1": { | |
"AMI": "ami-ffafb293" | |
}, | |
"eu-west-1": { | |
"AMI": "ami-c26bcab1" | |
}, | |
"sa-east-1": { | |
"AMI": "ami-4e981c22" | |
}, | |
"us-east-1": { | |
"AMI": "ami-cbfdb2a1" | |
}, | |
"us-gov-west-1": { | |
"AMI": "ami-a98e33c8" | |
}, | |
"us-west-1": { | |
"AMI": "ami-0eacc46e" | |
}, | |
"us-west-2": { | |
"AMI": "ami-16cfd277" | |
} | |
} | |
}, | |
"Metadata": { | |
"AWS::CloudFormation::Interface" : { | |
"ParameterGroups" : [ | |
{ | |
"Label": { "default": "EC2 Options" }, | |
"Parameters": [ "InstanceType", "KeyPair", "MyVPC", "SubnetId", "SubnetAZs", "ExtSecurityGroup" ] | |
}, | |
{ | |
"Label": { "default": "CoreOS Configuration" }, | |
"Parameters": [ "ClusterSize", "AdvertisedIPAddress" ] | |
}, | |
{ | |
"Label": { "default": "Deployment"}, | |
"Parameters": [ "QuayIORobotKey" ] | |
} | |
], | |
"ParameterLabels" : {} | |
} | |
}, | |
"Parameters": { | |
"InstanceType" : { | |
"Description" : "EC2 HVM instance type (m4.medium, etc).", | |
"Type" : "String", | |
"Default" : "m4.xlarge", | |
"ConstraintDescription" : "Must be a valid EC2 HVM instance type." | |
}, | |
"KeyPair" : { | |
"Description" : "The name of an EC2 Key Pair to allow SSH access to the instance.", | |
"Type" : "AWS::EC2::KeyPair::KeyName" | |
}, | |
"ExtSecurityGroup": { | |
"Description": "Pick a security group to apply to the nodes", | |
"Type": "AWS::EC2::SecurityGroup::Id" | |
}, | |
"MyVPC": { | |
"Description": "VPC in which to launch the cluster.", | |
"Type": "AWS::EC2::VPC::Id" | |
}, | |
"SubnetId": { | |
"Type": "List<AWS::EC2::Subnet::Id>", | |
"Description": "Subnets in which to launch instances." | |
}, | |
"SubnetAZs": { | |
"Type": "List<AWS::EC2::AvailabilityZone::Name>", | |
"Description": "AZ(s) that your Subnet(s) support" | |
}, | |
"ClusterSize": { | |
"Default": "4", | |
"MinValue": "3", | |
"MaxValue": "50", | |
"Description": "Number of nodes in cluster.", | |
"Type": "Number" | |
}, | |
"AdvertisedIPAddress": { | |
"Description": "Use 'private' if your etcd cluster is within one region or 'public' if it spans regions or cloud providers.", | |
"Default": "private", | |
"AllowedValues": ["private", "public"], | |
"Type": "String" | |
}, | |
"QuayIORobotKey": { | |
"Description": "Key for the quay.io robot account (for great deployment!)", | |
"Type": "String" | |
} | |
}, | |
"Resources": { | |
"KubernetesSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Kubernetes SecurityGroup", | |
"VpcId": { "Ref": "MyVPC" }, | |
"SecurityGroupIngress": [ | |
] | |
} | |
}, | |
"IngressAllTCP": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { "Fn::GetAtt": [ "KubernetesSecurityGroup", "GroupId" ] }, | |
"IpProtocol": "tcp", | |
"FromPort": "0", | |
"ToPort": "65535", | |
"SourceSecurityGroupId": { "Fn::GetAtt": [ "KubernetesSecurityGroup", "GroupId" ] } | |
} | |
}, | |
"KubernetesMaster": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"SubnetId": { "Fn::Select": [ "0", { "Ref" : "SubnetId" }]}, | |
"AvailabilityZone" : { "Fn::Select": [ "0", { "Ref" : "SubnetAZs" }]}, | |
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
"InstanceType": { "Ref": "InstanceType" }, | |
"KeyName": {"Ref": "KeyPair"}, | |
"SecurityGroupIds": [ | |
{ "Fn::GetAtt" : [ "KubernetesSecurityGroup", "GroupId" ]}, | |
{ "Ref": "ExtSecurityGroup" } | |
], | |
"Tags": [ | |
{ "Key": "Name", "Value": {"Fn::Join": [ "", ["KubeMaster_", { "Ref": "AWS::StackName" }]]}}, | |
{ "Key": "Kubernetes", "Value": "Master" } | |
], | |
"UserData" : { "Fn::Base64": | |
{ "Fn::Join": ["", [ | |
"#cloud-config\n", | |
"\n", | |
"---\n", | |
"write-files:\n", | |
" - path: /etc/conf.d/nfs\n", | |
" permissions: '0644'\n", | |
" content: |\n", | |
" OPTS_RPC_MOUNTD=\"\"\n", | |
" - path: /opt/bin/wupiao\n", | |
" permissions: '0755'\n", | |
" content: |\n", | |
" #!/bin/bash\n", | |
" # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen\n", | |
" [ -n \"$1\" ] && \\\n", | |
" until curl -o /dev/null -sIf http://${1}; do \\\n", | |
" sleep 1 && echo .;\n", | |
" done;\n", | |
" exit $?\n", | |
"\n", | |
"hostname: master\n", | |
"coreos:\n", | |
" etcd2:\n", | |
" name: master\n", | |
" listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001\n", | |
" advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001\n", | |
" initial-cluster-token: k8s_etcd\n", | |
" listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001\n", | |
" initial-advertise-peer-urls: http://$private_ipv4:2380\n", | |
" initial-cluster: master=http://$private_ipv4:2380\n", | |
" initial-cluster-state: new\n", | |
" fleet:\n", | |
" metadata: \"role=master\"\n", | |
" units:\n", | |
" - name: generate-serviceaccount-key.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Generate service-account key file\n", | |
"\n", | |
" [Service]\n", | |
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n", | |
" ExecStart=/bin/openssl genrsa -out /opt/bin/kube-serviceaccount.key 2048 2>/dev/null\n", | |
" RemainAfterExit=yes\n", | |
" Type=oneshot\n", | |
" - name: setup-network-environment.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Setup Network Environment\n", | |
" Documentation=https://github.com/kelseyhightower/setup-network-environment\n", | |
" Requires=network-online.target\n", | |
" After=network-online.target\n", | |
"\n", | |
" [Service]\n", | |
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n", | |
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/setup-network-environment -z /opt/bin/setup-network-environment https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment\n", | |
" ExecStart=/opt/bin/setup-network-environment\n", | |
" RemainAfterExit=yes\n", | |
" Type=oneshot\n", | |
" - name: fleet.service\n", | |
" command: start\n", | |
" - name: flanneld.service\n", | |
" command: start\n", | |
" drop-ins:\n", | |
" - name: 50-network-config.conf\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Requires=etcd2.service\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{\"Network\":\"10.244.0.0/16\", \"Backend\": {\"Type\": \"vxlan\"}}'\n", | |
" - name: docker.service\n", | |
" command: start\n", | |
" - name: kube-apiserver.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes API Server\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=setup-network-environment.service etcd2.service generate-serviceaccount-key.service\n", | |
" After=setup-network-environment.service etcd2.service generate-serviceaccount-key.service\n", | |
"\n", | |
" [Service]\n", | |
" EnvironmentFile=/etc/network-environment\n", | |
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n", | |
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-apiserver -z /opt/bin/kube-apiserver https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-apiserver\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-apiserver\n", | |
" ExecStartPre=/opt/bin/wupiao 127.0.0.1:2379/v2/machines\n", | |
" ExecStart=/opt/bin/kube-apiserver \\\n", | |
" --service-account-key-file=/opt/bin/kube-serviceaccount.key \\\n", | |
" --service-account-lookup=false \\\n", | |
" --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \\\n", | |
" --runtime-config=api/v1 \\\n", | |
" --allow-privileged=true \\\n", | |
" --insecure-bind-address=0.0.0.0 \\\n", | |
" --insecure-port=8080 \\\n", | |
" --kubelet-https=true \\\n", | |
" --secure-port=6443 \\\n", | |
" --service-cluster-ip-range=10.100.0.0/16 \\\n", | |
" --etcd-servers=http://127.0.0.1:2379 \\\n", | |
" --public-address-override=${DEFAULT_IPV4} \\\n", | |
" --logtostderr=true\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: kube-controller-manager.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Controller Manager\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=kube-apiserver.service\n", | |
" After=kube-apiserver.service\n", | |
"\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-controller-manager -z /opt/bin/kube-controller-manager https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-controller-manager\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager\n", | |
" ExecStart=/opt/bin/kube-controller-manager \\\n", | |
" --service-account-private-key-file=/opt/bin/kube-serviceaccount.key \\\n", | |
" --master=127.0.0.1:8080 \\\n", | |
" --logtostderr=true\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: kube-scheduler.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Scheduler\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=kube-apiserver.service\n", | |
" After=kube-apiserver.service\n", | |
"\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-scheduler -z /opt/bin/kube-scheduler https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-scheduler\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-scheduler\n", | |
" ExecStart=/opt/bin/kube-scheduler --master=127.0.0.1:8080\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" update:\n", | |
" group: alpha\n", | |
" reboot-strategy: off\n" | |
]]} | |
} | |
} | |
}, | |
"KubernetesNodeAutoScale": { | |
"Type": "AWS::AutoScaling::AutoScalingGroup", | |
"Properties": { | |
"LaunchConfigurationName": {"Ref": "KubernetesNodeLaunchConfig"}, | |
"VPCZoneIdentifier": {"Ref": "SubnetId"}, | |
"AvailabilityZones": { "Ref": "SubnetAZs" }, | |
"MinSize": "3", | |
"MaxSize": "12", | |
"DesiredCapacity": {"Ref": "ClusterSize"}, | |
"LoadBalancerNames": [], | |
"Tags": [ | |
{"Key": "Name", "Value": {"Fn::Join": ["", ["KubeNode_", { "Ref" : "AWS::StackName" }]]}, "PropagateAtLaunch": true}, | |
{"Key": "Kubernetes", "Value": "Node", "PropagateAtLaunch": true} | |
] | |
} | |
}, | |
"KubernetesNodeLaunchConfig": { | |
"Type": "AWS::AutoScaling::LaunchConfiguration", | |
"Properties": { | |
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
"InstanceType": {"Ref": "InstanceType"}, | |
"KeyName": {"Ref": "KeyPair"}, | |
"SecurityGroups": [{"Ref": "KubernetesSecurityGroup"}, {"Ref": "ExtSecurityGroup"}], | |
"UserData" : { "Fn::Base64": | |
{ "Fn::Join": [ "", [ | |
"#cloud-config\n", | |
"write-files:\n", | |
" - path: /opt/bin/wupiao\n", | |
" permissions: '0755'\n", | |
" content: |\n", | |
" #!/bin/bash\n", | |
" # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen\n", | |
" [ -n \"$1\" ] && [ -n \"$2\" ] && while ! curl --output /dev/null \\\n", | |
" --silent --head --fail \\\n", | |
" http://${1}:${2}; do sleep 1 && echo -n .; done;\n", | |
" exit $?\n", | |
"coreos:\n", | |
" etcd2:\n", | |
" listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001\n", | |
" advertise-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001\n", | |
" initial-cluster: master=http://", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, ":2380\n", | |
" proxy: on\n", | |
" fleet:\n", | |
" metadata: \"role=node\"\n", | |
" units:\n", | |
" - name: fleet.service\n", | |
" command: start\n", | |
" - name: flanneld.service\n", | |
" command: start\n", | |
" drop-ins:\n", | |
" - name: 50-network-config.conf\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Requires=etcd2.service\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{\"Network\":\"10.244.0.0/16\", \"Backend\": {\"Type\": \"vxlan\"}}'\n", | |
" - name: docker.service\n", | |
" command: start\n", | |
" - name: setup-network-environment.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Setup Network Environment\n", | |
" Documentation=https://github.com/kelseyhightower/setup-network-environment\n", | |
" Requires=network-online.target\n", | |
" After=network-online.target\n", | |
"\n", | |
" [Service]\n", | |
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n", | |
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/setup-network-environment -z /opt/bin/setup-network-environment https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment\n", | |
" ExecStart=/opt/bin/setup-network-environment\n", | |
" RemainAfterExit=yes\n", | |
" Type=oneshot\n", | |
" - name: kube-proxy.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Proxy\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=setup-network-environment.service\n", | |
" After=setup-network-environment.service\n", | |
"\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-proxy -z /opt/bin/kube-proxy https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-proxy\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy\n", | |
" # wait for kubernetes master to be up and ready\n", | |
" ExecStartPre=/opt/bin/wupiao ", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, " 8080\n", | |
" ExecStart=/opt/bin/kube-proxy \\\n", | |
" --master=", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, ":8080 \\\n", | |
" --logtostderr=true\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: kube-kubelet.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Kubelet\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=setup-network-environment.service\n", | |
" After=setup-network-environment.service\n", | |
"\n", | |
" [Service]\n", | |
" EnvironmentFile=/etc/network-environment\n", | |
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kubelet -z /opt/bin/kubelet https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kubelet\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kubelet\n", | |
" # wait for kubernetes master to be up and ready\n", | |
" ExecStartPre=/opt/bin/wupiao ", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, " 8080\n", | |
" ExecStart=/opt/bin/kubelet \\\n", | |
" --address=0.0.0.0 \\\n", | |
" --port=10250 \\\n", | |
" --hostname-override=${DEFAULT_IPV4} \\\n", | |
" --api-servers=", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, ":8080 \\\n", | |
" --allow-privileged=true \\\n", | |
" --logtostderr=true \\\n", | |
" --cadvisor-port=4194 \\\n", | |
" --healthz-bind-address=0.0.0.0 \\\n", | |
" --healthz-port=10248\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" update:\n", | |
" group: alpha\n", | |
" reboot-strategy: off\n" | |
] ] | |
} | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment