Skip to content

Instantly share code, notes, and snippets.

@christian-blades-cb

christian-blades-cb/coreos-kubernetes-hvm.json

Created January 18, 2016 20:14
Show Gist options
  • Save christian-blades-cb/71501651dd438a72e079 to your computer and use it in GitHub Desktop.
Save christian-blades-cb/71501651dd438a72e079 to your computer and use it in GitHub Desktop.
Download ZIP
cloudformation-coreos-kubernetes-hvm
Raw
coreos-kubernetes-hvm.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Kubernetes on CoreOS",
"Mappings" : {
"RegionMap" : {
"ap-northeast-1": {
"AMI": "ami-dae8c1b4"
},
"ap-southeast-1": {
"AMI": "ami-085a9a6b"
},
"ap-southeast-2": {
"AMI": "ami-eeadf58d"
},
"eu-central-1": {
"AMI": "ami-ffafb293"
},
"eu-west-1": {
"AMI": "ami-c26bcab1"
},
"sa-east-1": {
"AMI": "ami-4e981c22"
},
"us-east-1": {
"AMI": "ami-cbfdb2a1"
},
"us-gov-west-1": {
"AMI": "ami-a98e33c8"
},
"us-west-1": {
"AMI": "ami-0eacc46e"
},
"us-west-2": {
"AMI": "ami-16cfd277"
}
}
},
"Metadata": {
"AWS::CloudFormation::Interface" : {
"ParameterGroups" : [
{
"Label": { "default": "EC2 Options" },
"Parameters": [ "InstanceType", "KeyPair", "MyVPC", "SubnetId", "SubnetAZs", "ExtSecurityGroup" ]
},
{
"Label": { "default": "CoreOS Configuration" },
"Parameters": [ "ClusterSize", "AdvertisedIPAddress" ]
},
{
"Label": { "default": "Deployment"},
"Parameters": [ "QuayIORobotKey" ]
}
],
"ParameterLabels" : {}
}
},
"Parameters": {
"InstanceType" : {
"Description" : "EC2 HVM instance type (m4.medium, etc).",
"Type" : "String",
"Default" : "m4.xlarge",
"ConstraintDescription" : "Must be a valid EC2 HVM instance type."
},
"KeyPair" : {
"Description" : "The name of an EC2 Key Pair to allow SSH access to the instance.",
"Type" : "AWS::EC2::KeyPair::KeyName"
},
"ExtSecurityGroup": {
"Description": "Pick a security group to apply to the nodes",
"Type": "AWS::EC2::SecurityGroup::Id"
},
"MyVPC": {
"Description": "VPC in which to launch the cluster.",
"Type": "AWS::EC2::VPC::Id"
},
"SubnetId": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Description": "Subnets in which to launch instances."
},
"SubnetAZs": {
"Type": "List<AWS::EC2::AvailabilityZone::Name>",
"Description": "AZ(s) that your Subnet(s) support"
},
"ClusterSize": {
"Default": "4",
"MinValue": "3",
"MaxValue": "50",
"Description": "Number of nodes in cluster.",
"Type": "Number"
},
"AdvertisedIPAddress": {
"Description": "Use 'private' if your etcd cluster is within one region or 'public' if it spans regions or cloud providers.",
"Default": "private",
"AllowedValues": ["private", "public"],
"Type": "String"
},
"QuayIORobotKey": {
"Description": "Key for the quay.io robot account (for great deployment!)",
"Type": "String"
}
},
"Resources": {
"KubernetesSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Kubernetes SecurityGroup",
"VpcId": { "Ref": "MyVPC" },
"SecurityGroupIngress": [
]
}
},
"IngressAllTCP": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Fn::GetAtt": [ "KubernetesSecurityGroup", "GroupId" ] },
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "65535",
"SourceSecurityGroupId": { "Fn::GetAtt": [ "KubernetesSecurityGroup", "GroupId" ] }
}
},
"KubernetesMaster": {
"Type": "AWS::EC2::Instance",
"Properties": {
"SubnetId": { "Fn::Select": [ "0", { "Ref" : "SubnetId" }]},
"AvailabilityZone" : { "Fn::Select": [ "0", { "Ref" : "SubnetAZs" }]},
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
"InstanceType": { "Ref": "InstanceType" },
"KeyName": {"Ref": "KeyPair"},
"SecurityGroupIds": [
{ "Fn::GetAtt" : [ "KubernetesSecurityGroup", "GroupId" ]},
{ "Ref": "ExtSecurityGroup" }
],
"Tags": [
{ "Key": "Name", "Value": {"Fn::Join": [ "", ["KubeMaster_", { "Ref": "AWS::StackName" }]]}},
{ "Key": "Kubernetes", "Value": "Master" }
],
"UserData" : { "Fn::Base64":
{ "Fn::Join": ["", [
"#cloud-config\n",
"\n",
"---\n",
"write-files:\n",
" - path: /etc/conf.d/nfs\n",
" permissions: '0644'\n",
" content: |\n",
" OPTS_RPC_MOUNTD=\"\"\n",
" - path: /opt/bin/wupiao\n",
" permissions: '0755'\n",
" content: |\n",
" #!/bin/bash\n",
" # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen\n",
" [ -n \"$1\" ] && \\\n",
" until curl -o /dev/null -sIf http://${1}; do \\\n",
" sleep 1 && echo .;\n",
" done;\n",
" exit $?\n",
"\n",
"hostname: master\n",
"coreos:\n",
" etcd2:\n",
" name: master\n",
" listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001\n",
" advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001\n",
" initial-cluster-token: k8s_etcd\n",
" listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001\n",
" initial-advertise-peer-urls: http://$private_ipv4:2380\n",
" initial-cluster: master=http://$private_ipv4:2380\n",
" initial-cluster-state: new\n",
" fleet:\n",
" metadata: \"role=master\"\n",
" units:\n",
" - name: generate-serviceaccount-key.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Generate service-account key file\n",
"\n",
" [Service]\n",
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n",
" ExecStart=/bin/openssl genrsa -out /opt/bin/kube-serviceaccount.key 2048 2>/dev/null\n",
" RemainAfterExit=yes\n",
" Type=oneshot\n",
" - name: setup-network-environment.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Setup Network Environment\n",
" Documentation=https://github.com/kelseyhightower/setup-network-environment\n",
" Requires=network-online.target\n",
" After=network-online.target\n",
"\n",
" [Service]\n",
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n",
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/setup-network-environment -z /opt/bin/setup-network-environment https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment\n",
" ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment\n",
" ExecStart=/opt/bin/setup-network-environment\n",
" RemainAfterExit=yes\n",
" Type=oneshot\n",
" - name: fleet.service\n",
" command: start\n",
" - name: flanneld.service\n",
" command: start\n",
" drop-ins:\n",
" - name: 50-network-config.conf\n",
" content: |\n",
" [Unit]\n",
" Requires=etcd2.service\n",
" [Service]\n",
" ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{\"Network\":\"10.244.0.0/16\", \"Backend\": {\"Type\": \"vxlan\"}}'\n",
" - name: docker.service\n",
" command: start\n",
" - name: kube-apiserver.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Kubernetes API Server\n",
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n",
" Requires=setup-network-environment.service etcd2.service generate-serviceaccount-key.service\n",
" After=setup-network-environment.service etcd2.service generate-serviceaccount-key.service\n",
"\n",
" [Service]\n",
" EnvironmentFile=/etc/network-environment\n",
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n",
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-apiserver -z /opt/bin/kube-apiserver https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-apiserver\n",
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-apiserver\n",
" ExecStartPre=/opt/bin/wupiao 127.0.0.1:2379/v2/machines\n",
" ExecStart=/opt/bin/kube-apiserver \\\n",
" --service-account-key-file=/opt/bin/kube-serviceaccount.key \\\n",
" --service-account-lookup=false \\\n",
" --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \\\n",
" --runtime-config=api/v1 \\\n",
" --allow-privileged=true \\\n",
" --insecure-bind-address=0.0.0.0 \\\n",
" --insecure-port=8080 \\\n",
" --kubelet-https=true \\\n",
" --secure-port=6443 \\\n",
" --service-cluster-ip-range=10.100.0.0/16 \\\n",
" --etcd-servers=http://127.0.0.1:2379 \\\n",
" --public-address-override=${DEFAULT_IPV4} \\\n",
" --logtostderr=true\n",
" Restart=always\n",
" RestartSec=10\n",
" - name: kube-controller-manager.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Kubernetes Controller Manager\n",
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n",
" Requires=kube-apiserver.service\n",
" After=kube-apiserver.service\n",
"\n",
" [Service]\n",
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-controller-manager -z /opt/bin/kube-controller-manager https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-controller-manager\n",
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager\n",
" ExecStart=/opt/bin/kube-controller-manager \\\n",
" --service-account-private-key-file=/opt/bin/kube-serviceaccount.key \\\n",
" --master=127.0.0.1:8080 \\\n",
" --logtostderr=true\n",
" Restart=always\n",
" RestartSec=10\n",
" - name: kube-scheduler.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Kubernetes Scheduler\n",
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n",
" Requires=kube-apiserver.service\n",
" After=kube-apiserver.service\n",
"\n",
" [Service]\n",
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-scheduler -z /opt/bin/kube-scheduler https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-scheduler\n",
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-scheduler\n",
" ExecStart=/opt/bin/kube-scheduler --master=127.0.0.1:8080\n",
" Restart=always\n",
" RestartSec=10\n",
" update:\n",
" group: alpha\n",
" reboot-strategy: off\n"
]]}
}
}
},
"KubernetesNodeAutoScale": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchConfigurationName": {"Ref": "KubernetesNodeLaunchConfig"},
"VPCZoneIdentifier": {"Ref": "SubnetId"},
"AvailabilityZones": { "Ref": "SubnetAZs" },
"MinSize": "3",
"MaxSize": "12",
"DesiredCapacity": {"Ref": "ClusterSize"},
"LoadBalancerNames": [],
"Tags": [
{"Key": "Name", "Value": {"Fn::Join": ["", ["KubeNode_", { "Ref" : "AWS::StackName" }]]}, "PropagateAtLaunch": true},
{"Key": "Kubernetes", "Value": "Node", "PropagateAtLaunch": true}
]
}
},
"KubernetesNodeLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
"InstanceType": {"Ref": "InstanceType"},
"KeyName": {"Ref": "KeyPair"},
"SecurityGroups": [{"Ref": "KubernetesSecurityGroup"}, {"Ref": "ExtSecurityGroup"}],
"UserData" : { "Fn::Base64":
{ "Fn::Join": [ "", [
"#cloud-config\n",
"write-files:\n",
" - path: /opt/bin/wupiao\n",
" permissions: '0755'\n",
" content: |\n",
" #!/bin/bash\n",
" # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen\n",
" [ -n \"$1\" ] && [ -n \"$2\" ] && while ! curl --output /dev/null \\\n",
" --silent --head --fail \\\n",
" http://${1}:${2}; do sleep 1 && echo -n .; done;\n",
" exit $?\n",
"coreos:\n",
" etcd2:\n",
" listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001\n",
" advertise-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001\n",
" initial-cluster: master=http://", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, ":2380\n",
" proxy: on\n",
" fleet:\n",
" metadata: \"role=node\"\n",
" units:\n",
" - name: fleet.service\n",
" command: start\n",
" - name: flanneld.service\n",
" command: start\n",
" drop-ins:\n",
" - name: 50-network-config.conf\n",
" content: |\n",
" [Unit]\n",
" Requires=etcd2.service\n",
" [Service]\n",
" ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{\"Network\":\"10.244.0.0/16\", \"Backend\": {\"Type\": \"vxlan\"}}'\n",
" - name: docker.service\n",
" command: start\n",
" - name: setup-network-environment.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Setup Network Environment\n",
" Documentation=https://github.com/kelseyhightower/setup-network-environment\n",
" Requires=network-online.target\n",
" After=network-online.target\n",
"\n",
" [Service]\n",
" ExecStartPre=-/usr/bin/mkdir -p /opt/bin\n",
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/setup-network-environment -z /opt/bin/setup-network-environment https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment\n",
" ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment\n",
" ExecStart=/opt/bin/setup-network-environment\n",
" RemainAfterExit=yes\n",
" Type=oneshot\n",
" - name: kube-proxy.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Kubernetes Proxy\n",
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n",
" Requires=setup-network-environment.service\n",
" After=setup-network-environment.service\n",
"\n",
" [Service]\n",
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-proxy -z /opt/bin/kube-proxy https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kube-proxy\n",
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy\n",
" # wait for kubernetes master to be up and ready\n",
" ExecStartPre=/opt/bin/wupiao ", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, " 8080\n",
" ExecStart=/opt/bin/kube-proxy \\\n",
" --master=", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, ":8080 \\\n",
" --logtostderr=true\n",
" Restart=always\n",
" RestartSec=10\n",
" - name: kube-kubelet.service\n",
" command: start\n",
" content: |\n",
" [Unit]\n",
" Description=Kubernetes Kubelet\n",
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n",
" Requires=setup-network-environment.service\n",
" After=setup-network-environment.service\n",
"\n",
" [Service]\n",
" EnvironmentFile=/etc/network-environment\n",
" ExecStartPre=/usr/bin/curl -L -o /opt/bin/kubelet -z /opt/bin/kubelet https://storage.googleapis.com/kubernetes-release/release/v1.0.3/bin/linux/amd64/kubelet\n",
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kubelet\n",
" # wait for kubernetes master to be up and ready\n",
" ExecStartPre=/opt/bin/wupiao ", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, " 8080\n",
" ExecStart=/opt/bin/kubelet \\\n",
" --address=0.0.0.0 \\\n",
" --port=10250 \\\n",
" --hostname-override=${DEFAULT_IPV4} \\\n",
" --api-servers=", { "Fn::GetAtt": [ "KubernetesMaster", "PrivateIp" ] }, ":8080 \\\n",
" --allow-privileged=true \\\n",
" --logtostderr=true \\\n",
" --cadvisor-port=4194 \\\n",
" --healthz-bind-address=0.0.0.0 \\\n",
" --healthz-port=10248\n",
" Restart=always\n",
" RestartSec=10\n",
" update:\n",
" group: alpha\n",
" reboot-strategy: off\n"
] ]
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment