summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSpyros Trigazis <spyridon.trigazis@cern.ch>2017-10-24 10:03:12 +0000
committeryatin <ykarel@redhat.com>2017-11-20 04:25:18 +0000
commitf89cc4c98cd231b26e94e85526c59f7107ec7dd7 (patch)
tree7a299f06e2113703ba30541b316aa60af2cc7343
parent8e8fbe92145b7ccdfe32e9310cc40dcc1d148131 (diff)
k8s_atomic: Add server to kubeconfig
Since 1.6 --apiservers is deprecated and it is removed in 1.8. Add the server parameter in kubeconfig and remove --apiservers. Change-Id: Ie766ec0797fdc86a93e7f70a321d39332a73b552 Closes-Bug: #1718926
Notes
Notes (review): Code-Review+2: yatin <ykarel@redhat.com> Workflow+1: yatin <ykarel@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 24 Nov 2017 09:34:01 +0000 Reviewed-on: https://review.openstack.org/514603 Project: openstack/magnum Branch: refs/heads/master
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh42
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh6
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml24
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml7
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml7
5 files changed, 34 insertions, 52 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index 294cf00..a61575a 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -17,13 +17,14 @@ ETCD_CURL_OPTIONS="--cacert $CERT_DIR/ca.crt \
17--cert $CERT_DIR/client.crt --key $CERT_DIR/client.key" 17--cert $CERT_DIR/client.crt --key $CERT_DIR/client.key"
18ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP} 18ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP}
19KUBE_PROTOCOL="https" 19KUBE_PROTOCOL="https"
20KUBE_CONFIG="" 20KUBECONFIG=/etc/kubernetes/kubeconfig.yaml
21FLANNELD_CONFIG=/etc/sysconfig/flanneld 21FLANNELD_CONFIG=/etc/sysconfig/flanneld
22 22
23if [ "$TLS_DISABLED" = "True" ]; then 23if [ "$TLS_DISABLED" = "True" ]; then
24 PROTOCOL=http 24 PROTOCOL=http
25 FLANNEL_OPTIONS="" 25 FLANNEL_OPTIONS=""
26 ETCD_CURL_OPTIONS="" 26 ETCD_CURL_OPTIONS=""
27 KUBE_PROTOCOL="http"
27fi 28fi
28 29
29sed -i '/FLANNEL_OPTIONS/'d $FLANNELD_CONFIG 30sed -i '/FLANNEL_OPTIONS/'d $FLANNELD_CONFIG
@@ -32,12 +33,37 @@ cat >> $FLANNELD_CONFIG <<EOF
32FLANNEL_OPTIONS="$FLANNEL_OPTIONS" 33FLANNEL_OPTIONS="$FLANNEL_OPTIONS"
33EOF 34EOF
34 35
36KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
37
38cat << EOF >> ${KUBECONFIG}
39apiVersion: v1
40kind: Config
41users:
42- name: kubeclient
43 user:
44 client-certificate: ${CERT_DIR}/client.crt
45 client-key: ${CERT_DIR}/client.key
46clusters:
47- name: kubernetes
48 cluster:
49 server: ${KUBE_MASTER_URI}
50 certificate-authority: ${CERT_DIR}/ca.crt
51contexts:
52- context:
53 cluster: kubernetes
54 user: kubeclient
55 name: service-account-context
56current-context: service-account-context
57EOF
58
35if [ "$TLS_DISABLED" = "True" ]; then 59if [ "$TLS_DISABLED" = "True" ]; then
36 KUBE_PROTOCOL="http" 60 sed -i 's/^.*user:$//' ${KUBECONFIG}
37else 61 sed -i 's/^.*client-certificate.*$//' ${KUBECONFIG}
38 KUBE_CONFIG="--kubeconfig=/etc/kubernetes/kubeconfig.yaml" 62 sed -i 's/^.*client-key.*$//' ${KUBECONFIG}
63 sed -i 's/^.*certificate-authority.*$//' ${KUBECONFIG}
39fi 64fi
40KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT" 65
66chmod 0644 ${KUBECONFIG}
41 67
42sed -i ' 68sed -i '
43 /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/ 69 /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
@@ -52,7 +78,7 @@ sed -i '
52# the option --hostname-override for kubelet uses the hostname to register the node. 78# the option --hostname-override for kubelet uses the hostname to register the node.
53# Using any other name will break the load balancer and cinder volume features. 79# Using any other name will break the load balancer and cinder volume features.
54HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//') 80HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
55KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}" 81KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 --kubeconfig ${KUBECONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
56KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}" 82KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
57 83
58if [ -n "$TRUST_ID" ]; then 84if [ -n "$TRUST_ID" ]; then
@@ -78,12 +104,12 @@ KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=systemd"
78sed -i ' 104sed -i '
79 /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/ 105 /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
80 /^KUBELET_HOSTNAME=/ s/=.*/=""/ 106 /^KUBELET_HOSTNAME=/ s/=.*/=""/
81 /^KUBELET_API_SERVER=/ s|=.*|="--api-servers='"$KUBE_MASTER_URI"'"| 107 s/^KUBELET_API_SERVER=.*$//
82 /^KUBELET_ARGS=/ s|=.*|="'"${KUBELET_ARGS}"'"| 108 /^KUBELET_ARGS=/ s|=.*|="'"${KUBELET_ARGS}"'"|
83' /etc/kubernetes/kubelet 109' /etc/kubernetes/kubelet
84 110
85sed -i ' 111sed -i '
86 /^KUBE_PROXY_ARGS=/ s|=.*|='"$KUBE_CONFIG"'| 112 /^KUBE_PROXY_ARGS=/ s|=.*|=--kubeconfig='"$KUBECONFIG"'|
87' /etc/kubernetes/proxy 113' /etc/kubernetes/proxy
88 114
89if [ "$NETWORK_DRIVER" = "flannel" ]; then 115if [ "$NETWORK_DRIVER" = "flannel" ]; then
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
index 0421801..3b56a4b 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
@@ -108,9 +108,3 @@ usermod -a -G kube_etcd kube
108chmod 550 "${cert_dir}" 108chmod 550 "${cert_dir}"
109chown -R kube:kube_etcd "${cert_dir}" 109chown -R kube:kube_etcd "${cert_dir}"
110chmod 440 $CLIENT_KEY 110chmod 440 $CLIENT_KEY
111
112sed -i '
113 s|CA_CERT|'"$CA_CERT"'|
114 s|CLIENT_CERT|'"$CLIENT_CERT"'|
115 s|CLIENT_KEY|'"$CLIENT_KEY"'|
116' /etc/kubernetes/kubeconfig.yaml
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml
deleted file mode 100644
index 838c82b..0000000
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
1#cloud-config
2merge_how: dict(recurse_array)+list(append)
3write_files:
4 - path: /etc/kubernetes/kubeconfig.yaml
5 owner: "root:root"
6 permissions: "0644"
7 content: |
8 apiVersion: v1
9 kind: Config
10 users:
11 - name: kubeclient
12 user:
13 client-certificate: CLIENT_CERT
14 client-key: CLIENT_KEY
15 clusters:
16 - name: kubernetes
17 cluster:
18 certificate-authority: CA_CERT
19 contexts:
20 - context:
21 cluster: kubernetes
22 user: kubeclient
23 name: service-account-context
24 current-context: service-account-context
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
index 207e467..6db018e 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@@ -290,12 +290,6 @@ resources:
290 $DNS_SERVICE_IP: {get_param: dns_service_ip} 290 $DNS_SERVICE_IP: {get_param: dns_service_ip}
291 $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain} 291 $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
292 292
293 write_kubeconfig:
294 type: OS::Heat::SoftwareConfig
295 properties:
296 group: ungrouped
297 config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
298
299 write_kube_os_config: 293 write_kube_os_config:
300 type: OS::Heat::SoftwareConfig 294 type: OS::Heat::SoftwareConfig
301 properties: 295 properties:
@@ -384,7 +378,6 @@ resources:
384 parts: 378 parts:
385 - config: {get_resource: disable_selinux} 379 - config: {get_resource: disable_selinux}
386 - config: {get_resource: write_heat_params} 380 - config: {get_resource: write_heat_params}
387 - config: {get_resource: write_kubeconfig}
388 - config: {get_resource: write_kube_os_config} 381 - config: {get_resource: write_kube_os_config}
389 - config: {get_resource: make_cert} 382 - config: {get_resource: make_cert}
390 - config: {get_resource: configure_docker_storage} 383 - config: {get_resource: configure_docker_storage}
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
index 695d8d9..5a8dca6 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
@@ -225,12 +225,6 @@ resources:
225 $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix} 225 $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
226 $ENABLE_CINDER: "False" 226 $ENABLE_CINDER: "False"
227 227
228 write_kubeconfig:
229 type: OS::Heat::SoftwareConfig
230 properties:
231 group: ungrouped
232 config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
233
234 make_cert: 228 make_cert:
235 type: OS::Heat::SoftwareConfig 229 type: OS::Heat::SoftwareConfig
236 properties: 230 properties:
@@ -319,7 +313,6 @@ resources:
319 parts: 313 parts:
320 - config: {get_resource: disable_selinux} 314 - config: {get_resource: disable_selinux}
321 - config: {get_resource: write_heat_params} 315 - config: {get_resource: write_heat_params}
322 - config: {get_resource: write_kubeconfig}
323 - config: {get_resource: make_cert} 316 - config: {get_resource: make_cert}
324 - config: {get_resource: configure_docker_storage} 317 - config: {get_resource: configure_docker_storage}
325 - config: {get_resource: configure_docker_registry} 318 - config: {get_resource: configure_docker_registry}