Adds Managed APIServer Loadbalancer

README.md

@@ -46,9 +46,9 @@ This provider's versions are compatible with the following versions of Cluster A
 
 This provider's versions are able to install and manage the following versions of Kubernetes:
 
-||Kubernetes 1.13.5+|Kubernetes 1.14|
-|-|-|-|
-|OpenStack Provider v1alpha1 (ea309e7f)|✓|✓|
+||Kubernetes 1.13.5+|Kubernetes 1.14|Kubernetes 1.15|
+|-|-|-|-|
+|OpenStack Provider v1alpha1 (ea309e7f)|✓|✓|✓|
 
 Kubernetes control plane and Kubelet versions are defined in `spec.versions.controlPlane` and `spec.versions.kubelet` of `cmd/clusterctl/examples/openstack/machines.yaml.template` respectively.
 You can generate `cmd/clusterctl/examples/openstack/out/machines.yaml` by running the `generate-yaml.sh` from the template and change the versions if you want.

cmd/clusterctl/examples/openstack/machine-deployment.yaml.template

@@ -22,7 +22,6 @@ spec:
           kind: "OpenstackProviderSpec"
           flavor: m1.medium
           image: <Image Name>
-          sshUserName: <SSH Username>
           keyName: cluster-api-provider-openstack
           availabilityZone: nova
           networks:
@@ -38,4 +37,4 @@ spec:
           serverMetadata:
             key: value
       versions:
-        kubelet: 1.14.0
+        kubelet: 1.15.0

cmd/clusterctl/examples/openstack/machines.yaml.template

@@ -15,7 +15,6 @@ items:
         kind: "OpenstackProviderSpec"
         flavor: m1.medium
         image: <Image Name>
-        sshUserName: <SSH Username>
         keyName: cluster-api-provider-openstack
         availabilityZone: nova
         networks:
@@ -36,8 +35,8 @@ items:
         serverMetadata:
           key: value
     versions:
-      kubelet: 1.14.0
-      controlPlane: 1.14.0
+      kubelet: 1.15.0
+      controlPlane: 1.15.0
 - apiVersion: "cluster.k8s.io/v1alpha1"
   kind: Machine
   metadata:
@@ -52,7 +51,6 @@ items:
         kind: "OpenstackProviderSpec"
         flavor: m1.medium
         image: <Image Name>
-        sshUserName: <SSH Username>
         keyName: cluster-api-provider-openstack
         availabilityZone: nova
         networks:
@@ -69,4 +67,4 @@ items:
         serverMetadata:
           key: value
     versions:
-      kubelet: 1.14.0
+      kubelet: 1.15.0

cmd/clusterctl/examples/openstack/provider-component/user-data/centos/templates/master-user-data.sh

@@ -87,6 +87,41 @@ echo $OPENSTACK_CLOUD_PROVIDER_CONF | base64 -d > /etc/kubernetes/cloud.conf
 mkdir /etc/certs
 echo $OPENSTACK_CLOUD_CACERT_CONFIG | base64 -d > /etc/certs/cacert
 
+
+# Setup certificates
+mkdir - /etc/kubernetes/pki /etc/kubernetes/pki/etcd
+cat > /etc/kubernetes/pki/ca.crt <<EOF
+{{ .CACert }}
+EOF
+
+cat > /etc/kubernetes/pki/ca.key <<EOF
+{{ .CAKey }}
+EOF
+
+cat > /etc/kubernetes/pki/etcd/ca.crt <<EOF
+{{ .EtcdCACert }}
+EOF
+
+cat > /etc/kubernetes/pki/etcd/ca.key <<EOF
+{{ .EtcdCAKey }}
+EOF
+
+cat > /etc/kubernetes/pki/front-proxy-ca.crt <<EOF
+{{ .FrontProxyCACert }}
+EOF
+
+cat > /etc/kubernetes/pki/front-proxy-ca.key <<EOF
+{{ .FrontProxyCAKey }}
+EOF
+
+cat > /etc/kubernetes/pki/sa.pub <<EOF
+{{ .SaCert }}
+EOF
+
+cat > /etc/kubernetes/pki/sa.key <<EOF
+{{ .SaKey }}
+EOF
+
 # Set up kubeadm config file to pass parameters to kubeadm init.
 cat > /etc/kubernetes/kubeadm_config.yaml <<EOF
 apiVersion: kubeadm.k8s.io/v1beta1

cmd/clusterctl/examples/openstack/provider-component/user-data/coreos/templates/master.yaml

@@ -1,5 +1,95 @@
 storage:
   files:
+
+  - path: /etc/kubernetes/pki/ca.crt
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0640
+    contents:
+      inline: |
+{{ .CACert | Indent 10}}
+
+  - path: /etc/kubernetes/pki/ca.key
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0600
+    contents:
+      inline: |
+{{ .CAKey | Indent 10}}
+
+  - path: /etc/kubernetes/pki/etcd/ca.crt
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0640
+    contents:
+      inline: |
+{{ .EtcdCACert | Indent 10}}
+
+  - path: /etc/kubernetes/pki/etcd/ca.key
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0600
+    contents:
+      inline: |
+{{ .EtcdCAKey | Indent 10}}
+
+  - path: /etc/kubernetes/pki/front-proxy-ca.crt
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0640
+    contents:
+      inline: |
+{{ .FrontProxyCACert | Indent 10}}
+
+  - path: /etc/kubernetes/pki/front-proxy-ca.key
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0600
+    contents:
+      inline: |
+{{ .FrontProxyCAKey | Indent 10}}
+
+  - path: /etc/kubernetes/pki/sa.pub
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0640
+    contents:
+      inline: |
+{{ .SaCert | Indent 10}}
+
+  - path: /etc/kubernetes/pki/sa.key
+    filesystem: root
+    user:
+      id: 0
+    group:
+      id: 0
+    mode: 0600
+    contents:
+      inline: |
+{{ .SaKey | Indent 10}}
+
+
   - path: /etc/kubernetes/kubeadm_config.yaml
     filesystem: root
     contents:

cmd/clusterctl/examples/openstack/provider-component/user-data/ubuntu/templates/master-user-data.sh

@@ -118,6 +118,40 @@ systemctl restart kubelet.service
 systemctl disable ufw
 systemctl mask ufw
 
+# Setup certificates
+mkdir - /etc/kubernetes/pki /etc/kubernetes/pki/etcd
+cat > /etc/kubernetes/pki/ca.crt <<EOF
+{{ .CACert }}
+EOF
+
+cat > /etc/kubernetes/pki/ca.key <<EOF
+{{ .CAKey }}
+EOF
+
+cat > /etc/kubernetes/pki/etcd/ca.crt <<EOF
+{{ .EtcdCACert }}
+EOF
+
+cat > /etc/kubernetes/pki/etcd/ca.key <<EOF
+{{ .EtcdCAKey }}
+EOF
+
+cat > /etc/kubernetes/pki/front-proxy-ca.crt <<EOF
+{{ .FrontProxyCACert }}
+EOF
+
+cat > /etc/kubernetes/pki/front-proxy-ca.key <<EOF
+{{ .FrontProxyCAKey }}
+EOF
+
+cat > /etc/kubernetes/pki/sa.pub <<EOF
+{{ .SaCert }}
+EOF
+
+cat > /etc/kubernetes/pki/sa.key <<EOF
+{{ .SaKey }}
+EOF
+
 # Set up kubeadm config file to pass parameters to kubeadm init.
 # We're using 443 until this bug is fixed
 # https://github.com/kubernetes-sigs/cluster-api-provider-openstack/issues/64