summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2017-11-24 09:34:01 +0000
committerGerrit Code Review <review@openstack.org>2017-11-24 09:34:01 +0000
commit86bd89bc43dc13c7ed5c809ac784c5c5939c1974 (patch)
treeb727b13d585e76f8de335bd6d7320c2631880ca0
parentd9430cbf4d380f6f3e7d44907ed962de2cc72500 (diff)
parentf89cc4c98cd231b26e94e85526c59f7107ec7dd7 (diff)
Merge "k8s_atomic: Add server to kubeconfig"
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh42
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh6
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml24
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml7
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml7
5 files changed, 34 insertions, 52 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index 294cf00..a61575a 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -17,13 +17,14 @@ ETCD_CURL_OPTIONS="--cacert $CERT_DIR/ca.crt \
17--cert $CERT_DIR/client.crt --key $CERT_DIR/client.key" 17--cert $CERT_DIR/client.crt --key $CERT_DIR/client.key"
18ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP} 18ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP}
19KUBE_PROTOCOL="https" 19KUBE_PROTOCOL="https"
20KUBE_CONFIG="" 20KUBECONFIG=/etc/kubernetes/kubeconfig.yaml
21FLANNELD_CONFIG=/etc/sysconfig/flanneld 21FLANNELD_CONFIG=/etc/sysconfig/flanneld
22 22
23if [ "$TLS_DISABLED" = "True" ]; then 23if [ "$TLS_DISABLED" = "True" ]; then
24 PROTOCOL=http 24 PROTOCOL=http
25 FLANNEL_OPTIONS="" 25 FLANNEL_OPTIONS=""
26 ETCD_CURL_OPTIONS="" 26 ETCD_CURL_OPTIONS=""
27 KUBE_PROTOCOL="http"
27fi 28fi
28 29
29sed -i '/FLANNEL_OPTIONS/'d $FLANNELD_CONFIG 30sed -i '/FLANNEL_OPTIONS/'d $FLANNELD_CONFIG
@@ -32,12 +33,37 @@ cat >> $FLANNELD_CONFIG <<EOF
32FLANNEL_OPTIONS="$FLANNEL_OPTIONS" 33FLANNEL_OPTIONS="$FLANNEL_OPTIONS"
33EOF 34EOF
34 35
36KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
37
38cat << EOF >> ${KUBECONFIG}
39apiVersion: v1
40kind: Config
41users:
42- name: kubeclient
43 user:
44 client-certificate: ${CERT_DIR}/client.crt
45 client-key: ${CERT_DIR}/client.key
46clusters:
47- name: kubernetes
48 cluster:
49 server: ${KUBE_MASTER_URI}
50 certificate-authority: ${CERT_DIR}/ca.crt
51contexts:
52- context:
53 cluster: kubernetes
54 user: kubeclient
55 name: service-account-context
56current-context: service-account-context
57EOF
58
35if [ "$TLS_DISABLED" = "True" ]; then 59if [ "$TLS_DISABLED" = "True" ]; then
36 KUBE_PROTOCOL="http" 60 sed -i 's/^.*user:$//' ${KUBECONFIG}
37else 61 sed -i 's/^.*client-certificate.*$//' ${KUBECONFIG}
38 KUBE_CONFIG="--kubeconfig=/etc/kubernetes/kubeconfig.yaml" 62 sed -i 's/^.*client-key.*$//' ${KUBECONFIG}
63 sed -i 's/^.*certificate-authority.*$//' ${KUBECONFIG}
39fi 64fi
40KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT" 65
66chmod 0644 ${KUBECONFIG}
41 67
42sed -i ' 68sed -i '
43 /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/ 69 /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
@@ -52,7 +78,7 @@ sed -i '
52# the option --hostname-override for kubelet uses the hostname to register the node. 78# the option --hostname-override for kubelet uses the hostname to register the node.
53# Using any other name will break the load balancer and cinder volume features. 79# Using any other name will break the load balancer and cinder volume features.
54HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') 80HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
55KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}" 81KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 --kubeconfig ${KUBECONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
56KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}" 82KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
57 83
58if [ -n "$TRUST_ID" ]; then 84if [ -n "$TRUST_ID" ]; then
@@ -78,12 +104,12 @@ KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=systemd"
78sed -i ' 104sed -i '
79 /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/ 105 /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
80 /^KUBELET_HOSTNAME=/ s/=.*/=""/ 106 /^KUBELET_HOSTNAME=/ s/=.*/=""/
81 /^KUBELET_API_SERVER=/ s|=.*|="--api-servers='"$KUBE_MASTER_URI"'"| 107 s/^KUBELET_API_SERVER=.*$//
82 /^KUBELET_ARGS=/ s|=.*|="'"${KUBELET_ARGS}"'"| 108 /^KUBELET_ARGS=/ s|=.*|="'"${KUBELET_ARGS}"'"|
83' /etc/kubernetes/kubelet 109' /etc/kubernetes/kubelet
84 110
85sed -i ' 111sed -i '
86 /^KUBE_PROXY_ARGS=/ s|=.*|='"$KUBE_CONFIG"'| 112 /^KUBE_PROXY_ARGS=/ s|=.*|=--kubeconfig='"$KUBECONFIG"'|
87' /etc/kubernetes/proxy 113' /etc/kubernetes/proxy
88 114
89if [ "$NETWORK_DRIVER" = "flannel" ]; then 115if [ "$NETWORK_DRIVER" = "flannel" ]; then
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
index 1dcfd38..5d6510d 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
@@ -114,9 +114,3 @@ usermod -a -G kube_etcd kube
114chmod 550 "${cert_dir}" 114chmod 550 "${cert_dir}"
115chown -R kube:kube_etcd "${cert_dir}" 115chown -R kube:kube_etcd "${cert_dir}"
116chmod 440 $CLIENT_KEY 116chmod 440 $CLIENT_KEY
117
118sed -i '
119 s|CA_CERT|'"$CA_CERT"'|
120 s|CLIENT_CERT|'"$CLIENT_CERT"'|
121 s|CLIENT_KEY|'"$CLIENT_KEY"'|
122' /etc/kubernetes/kubeconfig.yaml
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml
deleted file mode 100644
index 838c82b..0000000
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
1#cloud-config
2merge_how: dict(recurse_array)+list(append)
3write_files:
4 - path: /etc/kubernetes/kubeconfig.yaml
5 owner: "root:root"
6 permissions: "0644"
7 content: |
8 apiVersion: v1
9 kind: Config
10 users:
11 - name: kubeclient
12 user:
13 client-certificate: CLIENT_CERT
14 client-key: CLIENT_KEY
15 clusters:
16 - name: kubernetes
17 cluster:
18 certificate-authority: CA_CERT
19 contexts:
20 - context:
21 cluster: kubernetes
22 user: kubeclient
23 name: service-account-context
24 current-context: service-account-context
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
index 16ba69f..53ef59d 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@@ -295,12 +295,6 @@ resources:
295 $DNS_SERVICE_IP: {get_param: dns_service_ip} 295 $DNS_SERVICE_IP: {get_param: dns_service_ip}
296 $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain} 296 $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
297 297
298 write_kubeconfig:
299 type: OS::Heat::SoftwareConfig
300 properties:
301 group: ungrouped
302 config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
303
304 write_kube_os_config: 298 write_kube_os_config:
305 type: OS::Heat::SoftwareConfig 299 type: OS::Heat::SoftwareConfig
306 properties: 300 properties:
@@ -389,7 +383,6 @@ resources:
389 parts: 383 parts:
390 - config: {get_resource: disable_selinux} 384 - config: {get_resource: disable_selinux}
391 - config: {get_resource: write_heat_params} 385 - config: {get_resource: write_heat_params}
392 - config: {get_resource: write_kubeconfig}
393 - config: {get_resource: write_kube_os_config} 386 - config: {get_resource: write_kube_os_config}
394 - config: {get_resource: make_cert} 387 - config: {get_resource: make_cert}
395 - config: {get_resource: configure_docker_storage} 388 - config: {get_resource: configure_docker_storage}
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
index a5d3298..0c7bd45 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
@@ -230,12 +230,6 @@ resources:
230 $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix} 230 $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
231 $ENABLE_CINDER: "False" 231 $ENABLE_CINDER: "False"
232 232
233 write_kubeconfig:
234 type: OS::Heat::SoftwareConfig
235 properties:
236 group: ungrouped
237 config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
238
239 make_cert: 233 make_cert:
240 type: OS::Heat::SoftwareConfig 234 type: OS::Heat::SoftwareConfig
241 properties: 235 properties:
@@ -324,7 +318,6 @@ resources:
324 parts: 318 parts:
325 - config: {get_resource: disable_selinux} 319 - config: {get_resource: disable_selinux}
326 - config: {get_resource: write_heat_params} 320 - config: {get_resource: write_heat_params}
327 - config: {get_resource: write_kubeconfig}
328 - config: {get_resource: make_cert} 321 - config: {get_resource: make_cert}
329 - config: {get_resource: configure_docker_storage} 322 - config: {get_resource: configure_docker_storage}
330 - config: {get_resource: configure_docker_registry} 323 - config: {get_resource: configure_docker_registry}