Merge branch 'master' of https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster

Author: rootsongjc

README-cn.md

@@ -12,6 +12,7 @@
 - Vagrant 2.0+
 - Virtualbox 5.0 +
 - 提前下载kubernetes1.9.1以上版本的release压缩包
+- Mac/Linux，**不支持Windows**
 
 ## 集群
 

README.md

@@ -31,11 +31,12 @@ The container network range is `170.33.0.0/16` owned by flanneld with `host-gw`
 ### Prerequisite
 
 * Host server with 8G+ mem(More is better), 60G disk, 8 core cpu at lease
-* vagrant 2.0+
-* virtualbox 5.0+
-* Maybe need to access the internet through GFW to download the kubernetes files
+* Vagrant 2.0+
+* Virtualbox 5.0+
+* Across GFW to download the kubernetes files (For China users)
+* MacOS/Linux (**Windows is not supported**)
 
-### Support Addon
+### Support Addons
 
 **Required**
 

addon/jenkins/Dockerfile

@@ -0,0 +1,18 @@
+FROM jenkins/jenkins:lts
+MAINTAINER Jimmy Song <rootsongjc@gmail.com>
+EXPOSE 8080 50000
+USER root
+# Install prerequisites for Docker
+RUN apt-get update && apt-get install -y sudo maven iptables libsystemd-journal0 init-system-helpers libapparmor1 libltdl7 libseccomp2 libdevmapper1.02.1 && rm -rf /var/lib/apt/lists/*
+ENV DOCKER_VERSION=docker-ce_17.03.0~ce-0~ubuntu-trusty_amd64.deb
+ENV KUBERNETES_VERSION=v1.9.1
+# Set up Docker
+RUN wget https://download.docker.com/linux/ubuntu/dists/trusty/pool/stable/amd64/$DOCKER_VERSION
+RUN dpkg -i $DOCKER_VERSION
+# Set up Kubernetes
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$KUBERNETES_VERSION/bin/linux/amd64/kubectl
+RUN chmod +x ./kubectl
+RUN mv ./kubectl /usr/local/bin/kubectl
+# Configure access to the Kubernetes Cluster
+ADD ../../conf/config ~/.kube
+ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/jenkins.sh"]

addon/rook/mysql.yaml

@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  ports:
+    - port: 3306
+  selector:
+    app: wordpress
+    tier: mysql
+  clusterIP: None
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+  labels:
+    app: wordpress
+spec:
+  storageClassName: rook-block
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wordpress
+        tier: mysql
+    spec:
+      containers:
+      - image: mysql:5.6
+        name: mysql
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          value: changeme
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim

addon/rook/rook-agent-clusterrolebinding.yaml

@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+    name: rookagent-clusterrolebinding
+subjects:
+  - kind: ServiceAccount
+    name: rook-agent
+    namespace: rook-system
+roleRef:
+    kind: ClusterRole
+    name: cluster-admin
+    apiGroup: ""

addon/rook/rook-cluster.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rook
+---
+apiVersion: rook.io/v1alpha1
+kind: Cluster
+metadata:
+  name: rook
+  namespace: rook
+spec:
+  versionTag: v0.6.2
+  dataDirHostPath: /var/lib/rook
+  storage:
+    useAllNodes: true
+    useAllDevices: false
+    storeConfig:
+      storeType: bluestore
+      databaseSizeMB: 512
+      journalSizeMB: 512

addon/rook/rook-operator.yaml

@@ -0,0 +1,158 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rook-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: rook-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  - secrets
+  - pods
+  - services
+  - nodes
+  - nodes/proxy
+  - configmaps
+  - events
+  - persistentvolumes
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - extensions
+  resources:
+  - thirdpartyresources
+  - deployments
+  - daemonsets
+  - replicasets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+  - delete
+- apiGroups:
+  - rook.io
+  resources:
+  - "*"
+  verbs:
+  - "*"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rook-operator
+  namespace: rook-system
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: rook-operator
+  namespace: rook-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rook-operator
+subjects:
+- kind: ServiceAccount
+  name: rook-operator
+  namespace: rook-system
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: rook-operator
+  namespace: rook-system
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: rook-operator
+    spec:
+      serviceAccountName: rook-operator
+      containers:
+      - name: rook-operator
+        image: rook/rook:master
+        args: ["operator"]
+        env:
+        # To disable RBAC, uncomment the following:
+        # - name: RBAC_ENABLED
+        #  value: "false"
+        # Rook Agent toleration. Will tolerate all taints with all keys.
+        # Choose between NoSchedule, PreferNoSchedule and NoExecute:
+        # - name: AGENT_TOLERATION
+        #  value: "NoSchedule"
+        # (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate
+        # - name: AGENT_TOLERATION_KEY
+        #  value: "<KeyOfTheTaintToTolerate>"
+        # Set the path where the Rook agent can find the flex volumes
+        # - name: FLEXVOLUME_DIR_PATH
+        #  value: "<PathToFlexVolumes>"
+        # The interval to check if every mon is in the quorum.
+        - name: ROOK_MON_HEALTHCHECK_INTERVAL
+          value: "45s"
+        - name: FLEXVOLUME_DIR_PATH
+          value: "/var/lib/kubelet/volumeplugins"
+        # The duration to wait before trying to failover or remove/replace the
+        # current mon with a new mon (useful for compensating flapping network).
+        - name: ROOK_MON_OUT_TIMEOUT
+          value: "300s"
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace

addon/rook/rook-storageclass.yaml

@@ -0,0 +1,27 @@
+apiVersion: rook.io/v1alpha1
+kind: Pool
+metadata:
+  name: replicapool
+  namespace: rook
+spec:
+  replicated:
+    size: 1
+  # For an erasure-coded pool, comment out the replication size above and uncomment the following settings.
+  # Make sure you have enough OSDs to support the replica size or erasure code chunks.
+  #erasureCoded:
+  #  dataChunks: 2
+  #  codingChunks: 1
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+   name: rook-block
+provisioner: rook.io/block
+parameters:
+  pool: replicapool
+  # Specify the Rook cluster from which to create volumes.
+  # If not specified, it will use `rook` as the name of the cluster.
+  # This is also the namespace where the cluster will be
+  clusterName: rook
+  # Specify the filesystem type of the volume. If not specified, it will use `ext4`.
+  # fstype: ext4

addon/rook/rook-tools.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: rook-tools
+  namespace: rook
+spec:
+  dnsPolicy: ClusterFirstWithHostNet
+  containers:
+  - name: rook-tools
+    image: rook/toolbox:master
+    imagePullPolicy: IfNotPresent
+    env:
+      - name: ROOK_ADMIN_SECRET
+        valueFrom:
+          secretKeyRef:
+            name: rook-ceph-mon
+            key: admin-secret
+    securityContext:
+      privileged: true
+    volumeMounts:
+      - mountPath: /dev
+        name: dev
+      - mountPath: /sys/bus
+        name: sysbus
+      - mountPath: /lib/modules
+        name: libmodules
+      - name: mon-endpoint-volume
+        mountPath: /etc/rook
+  hostNetwork: false
+  volumes:
+    - name: dev
+      hostPath:
+        path: /dev
+    - name: sysbus
+      hostPath:
+        path: /sys/bus
+    - name: libmodules
+      hostPath:
+        path: /lib/modules
+    - name: mon-endpoint-volume
+      configMap:
+        name: rook-ceph-mon-endpoints
+        items:
+        - key: data
+          path: mon-endpoints