diff --git a/aws.yaml b/aws.yaml index c4c370f..1d6c8c9 100644 --- a/aws.yaml +++ b/aws.yaml @@ -4,7 +4,7 @@ description: > This blueprint creates a Kubernetes Cluster. imports: - - http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml + - http://www.getcloudify.org/spec/cloudify/4.5/types.yaml - plugin:cloudify-diamond-plugin - plugin:cloudify-fabric-plugin - plugin:cloudify-utilities-plugin @@ -34,185 +34,188 @@ inputs: default: { get_attribute: [ kubernetes_master_ip, aws_resource_id ] } ks_node_dep_archive: - default: https://github.com/cloudify-incubator/kubernetes-node-blueprints/archive/master.zip + default: https://github.com/cloudify-incubator/kubernetes-node-blueprints/archive/update-aws.zip ks_load_dep_archive: - default: https://github.com/cloudify-incubator/kubernetes-lb-blueprints/archive/master.zip + default: https://github.com/cloudify-incubator/kubernetes-lb-blueprints/archive/update-aws.zip dsl_definitions: - aws_config: &aws_config - aws_access_key_id: { get_secret: aws_access_key_id } - aws_secret_access_key: { get_secret: aws_secret_access_key } - ec2_region_name: { get_secret: ec2_region_name } - ec2_region_endpoint: { get_secret: ec2_region_endpoint } + client_config: &client_config + aws_access_key_id: { get_secret: aws_access_key_id } + aws_secret_access_key: { get_secret: aws_secret_access_key } + region_name: { get_secret: ec2_region_name } node_templates: k8s_master_host: - type: cloudify.aws.nodes.Instance + type: cloudify.nodes.aws.ec2.Instances properties: agent_config: install_method: remote user: { get_input: agent_user } port: 22 key: { get_secret: agent_key_private } - aws_config: *aws_config - image_id: { get_input: ami } - instance_type: { get_input: instance_type } - interfaces: - cloudify.interfaces.lifecycle: - create: - implementation: aws.cloudify_aws.ec2.instance.create - inputs: - args: - placement: { get_secret: availability_zone } - user_data: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] } + resource_config: + ImageId: { get_input: ami } + InstanceType: { get_input: instance_type } + kwargs: + Placement: { get_secret: availability_zone } + UserData: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] } + SecurityGroupIds: + - { get_attribute: [ kubernetes_security_group, aws_resource_id ] } + - { get_attribute: [ ssh_group, aws_resource_id ] } + SubnetId: { get_secret: public_subnet_id } + client_config: *client_config + Tags: + - Key: Name + Value: KubernetesMasterHost relationships: - - type: cloudify.aws.relationships.instance_connected_to_subnet - target: public_subnet - - type: cloudify.aws.relationships.instance_connected_to_security_group - target: ssh_group - - type: cloudify.aws.relationships.instance_connected_to_security_group - target: kubernetes_security_group - - type: cloudify.aws.relationships.instance_connected_to_elastic_ip - target: kubernetes_master_ip - type: cloudify.relationships.depends_on - target: cloudify_host_cloud_config + target: kubernetes_master_ip - kubernetes_security_group: - type: cloudify.aws.nodes.SecurityGroup + kubernetes_master_ip: + type: cloudify.nodes.aws.ec2.ElasticIP properties: - aws_config: *aws_config - description: Security group for Kubernetes Cluster - rules: - - ip_protocol: tcp - from_port: 53 - to_port: 53 - cidr_ip: 0.0.0.0/0 - - ip_protocol: udp - from_port: 53 - to_port: 53 - cidr_ip: 0.0.0.0/0 - - ip_protocol: udp - from_port: 8472 - to_port: 8472 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 443 - to_port: 443 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 2379 - to_port: 2379 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 4001 - to_port: 4001 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 4789 - to_port: 4789 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 6443 - to_port: 6443 - cidr_ip: 0.0.0.0/0 - - ip_protocol: udp - from_port: 6443 - to_port: 6443 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 6783 - to_port: 6784 - cidr_ip: 0.0.0.0/0 - - ip_protocol: udp - from_port: 6783 - to_port: 6784 - cidr_ip: 0.0.0.0/0 - - ip_protocol: udp - from_port: 8285 - to_port: 8285 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 8080 - to_port: 8080 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 9090 - to_port: 9090 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 10250 - to_port: 10250 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 10255 - to_port: 10255 - cidr_ip: 0.0.0.0/0 - - ip_protocol: tcp - from_port: 30000 - to_port: 40000 - cidr_ip: 0.0.0.0/0 - relationships: - - type: cloudify.aws.relationships.security_group_contained_in_vpc - target: vpc + client_config: *client_config - ssh_group: - type: cloudify.aws.nodes.SecurityGroup - properties: - aws_config: *aws_config - description: SSH Group - rules: - - ip_protocol: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - relationships: - - type: cloudify.aws.relationships.security_group_contained_in_vpc - target: vpc - - kubernetes_master_ip: - type: cloudify.aws.nodes.ElasticIP + kubernetes_security_group: + type: cloudify.nodes.aws.ec2.SecurityGroup properties: - aws_config: *aws_config - domain: vpc + resource_config: + GroupName: kubernetes_security_group + Description: A group for Kubernetes traffic. + VpcId: { get_secret: vpc_id } + client_config: *client_config - public_subnet: - type: cloudify.aws.nodes.Subnet + kubernetes_group_rules: + type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress properties: - aws_config: *aws_config - use_external_resource: true - resource_id: { get_secret: public_subnet_id } - cidr_block: N/A - availability_zone: N/A + client_config: *client_config + resource_config: + IpPermissions: + - IpProtocol: icmp + FromPort: -1 + ToPort: -1 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 53 + ToPort: 53 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: 53 + ToPort: 53 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: 8472 + ToPort: 8472 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 2379 + ToPort: 2379 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 4001 + ToPort: 4001 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 4789 + ToPort: 4789 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 6443 + ToPort: 6443 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: 6443 + ToPort: 6443 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 6783 + ToPort: 6784 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: 6783 + ToPort: 6784 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: udp + FromPort: 8285 + ToPort: 8285 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 8080 + ToPort: 8080 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 9090 + ToPort: 9090 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 10250 + ToPort: 10250 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 10255 + ToPort: 10255 + IpRanges: + - CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 30000 + ToPort: 40000 + IpRanges: + - CidrIp: 0.0.0.0/0 relationships: - - type: cloudify.aws.relationships.subnet_contained_in_vpc - target: vpc + - type: cloudify.relationships.contained_in + target: kubernetes_security_group - private_subnet: - type: cloudify.aws.nodes.Subnet + ssh_group: + type: cloudify.nodes.aws.ec2.SecurityGroup properties: - aws_config: *aws_config - use_external_resource: true - resource_id: { get_secret: private_subnet_id } - cidr_block: N/A - availability_zone: N/A - relationships: - - type: cloudify.aws.relationships.subnet_contained_in_vpc - target: vpc + resource_config: + GroupName: ssh_group + Description: A group for SSH traffic. + VpcId: { get_secret: vpc_id } + client_config: *client_config - vpc: - type: cloudify.aws.nodes.VPC + ssh_group_rules: + type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress properties: - aws_config: *aws_config - use_external_resource: true - resource_id: { get_secret: vpc_id } - cidr_block: N/A + client_config: *client_config + resource_config: + IpPermissions: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + IpRanges: + - CidrIp: 0.0.0.0/0 + relationships: + - type: cloudify.relationships.contained_in + target: ssh_group k8s_node: type: cloudify.nodes.DeploymentProxy @@ -231,7 +234,6 @@ node_templates: outputs: deployment-type: deployment-type deployment-node-data-type: deployment-node-data-type - relationships: - type: cloudify.relationships.depends_on target: k8s_master_host