Merge "k8s_atomic: Add server to kubeconfig"
This commit is contained in:
commit
86bd89bc43
|
@ -17,13 +17,14 @@ ETCD_CURL_OPTIONS="--cacert $CERT_DIR/ca.crt \
|
|||
--cert $CERT_DIR/client.crt --key $CERT_DIR/client.key"
|
||||
ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP}
|
||||
KUBE_PROTOCOL="https"
|
||||
KUBE_CONFIG=""
|
||||
KUBECONFIG=/etc/kubernetes/kubeconfig.yaml
|
||||
FLANNELD_CONFIG=/etc/sysconfig/flanneld
|
||||
|
||||
if [ "$TLS_DISABLED" = "True" ]; then
|
||||
PROTOCOL=http
|
||||
FLANNEL_OPTIONS=""
|
||||
ETCD_CURL_OPTIONS=""
|
||||
KUBE_PROTOCOL="http"
|
||||
fi
|
||||
|
||||
sed -i '/FLANNEL_OPTIONS/'d $FLANNELD_CONFIG
|
||||
|
@ -32,13 +33,38 @@ cat >> $FLANNELD_CONFIG <<EOF
|
|||
FLANNEL_OPTIONS="$FLANNEL_OPTIONS"
|
||||
EOF
|
||||
|
||||
if [ "$TLS_DISABLED" = "True" ]; then
|
||||
KUBE_PROTOCOL="http"
|
||||
else
|
||||
KUBE_CONFIG="--kubeconfig=/etc/kubernetes/kubeconfig.yaml"
|
||||
fi
|
||||
KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
|
||||
|
||||
cat << EOF >> ${KUBECONFIG}
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
users:
|
||||
- name: kubeclient
|
||||
user:
|
||||
client-certificate: ${CERT_DIR}/client.crt
|
||||
client-key: ${CERT_DIR}/client.key
|
||||
clusters:
|
||||
- name: kubernetes
|
||||
cluster:
|
||||
server: ${KUBE_MASTER_URI}
|
||||
certificate-authority: ${CERT_DIR}/ca.crt
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
user: kubeclient
|
||||
name: service-account-context
|
||||
current-context: service-account-context
|
||||
EOF
|
||||
|
||||
if [ "$TLS_DISABLED" = "True" ]; then
|
||||
sed -i 's/^.*user:$//' ${KUBECONFIG}
|
||||
sed -i 's/^.*client-certificate.*$//' ${KUBECONFIG}
|
||||
sed -i 's/^.*client-key.*$//' ${KUBECONFIG}
|
||||
sed -i 's/^.*certificate-authority.*$//' ${KUBECONFIG}
|
||||
fi
|
||||
|
||||
chmod 0644 ${KUBECONFIG}
|
||||
|
||||
sed -i '
|
||||
/^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
|
||||
/^KUBE_ETCD_SERVERS=/ s|=.*|="--etcd-servers=http://'"$ETCD_SERVER_IP"':2379"|
|
||||
|
@ -52,7 +78,7 @@ sed -i '
|
|||
# the option --hostname-override for kubelet uses the hostname to register the node.
|
||||
# Using any other name will break the load balancer and cinder volume features.
|
||||
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
|
||||
KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
|
||||
KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 --kubeconfig ${KUBECONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
|
||||
|
||||
if [ -n "$TRUST_ID" ]; then
|
||||
|
@ -78,12 +104,12 @@ KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=systemd"
|
|||
sed -i '
|
||||
/^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
|
||||
/^KUBELET_HOSTNAME=/ s/=.*/=""/
|
||||
/^KUBELET_API_SERVER=/ s|=.*|="--api-servers='"$KUBE_MASTER_URI"'"|
|
||||
s/^KUBELET_API_SERVER=.*$//
|
||||
/^KUBELET_ARGS=/ s|=.*|="'"${KUBELET_ARGS}"'"|
|
||||
' /etc/kubernetes/kubelet
|
||||
|
||||
sed -i '
|
||||
/^KUBE_PROXY_ARGS=/ s|=.*|='"$KUBE_CONFIG"'|
|
||||
/^KUBE_PROXY_ARGS=/ s|=.*|=--kubeconfig='"$KUBECONFIG"'|
|
||||
' /etc/kubernetes/proxy
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "flannel" ]; then
|
||||
|
|
|
@ -114,9 +114,3 @@ usermod -a -G kube_etcd kube
|
|||
chmod 550 "${cert_dir}"
|
||||
chown -R kube:kube_etcd "${cert_dir}"
|
||||
chmod 440 $CLIENT_KEY
|
||||
|
||||
sed -i '
|
||||
s|CA_CERT|'"$CA_CERT"'|
|
||||
s|CLIENT_CERT|'"$CLIENT_CERT"'|
|
||||
s|CLIENT_KEY|'"$CLIENT_KEY"'|
|
||||
' /etc/kubernetes/kubeconfig.yaml
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
#cloud-config
|
||||
merge_how: dict(recurse_array)+list(append)
|
||||
write_files:
|
||||
- path: /etc/kubernetes/kubeconfig.yaml
|
||||
owner: "root:root"
|
||||
permissions: "0644"
|
||||
content: |
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
users:
|
||||
- name: kubeclient
|
||||
user:
|
||||
client-certificate: CLIENT_CERT
|
||||
client-key: CLIENT_KEY
|
||||
clusters:
|
||||
- name: kubernetes
|
||||
cluster:
|
||||
certificate-authority: CA_CERT
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
user: kubeclient
|
||||
name: service-account-context
|
||||
current-context: service-account-context
|
|
@ -295,12 +295,6 @@ resources:
|
|||
$DNS_SERVICE_IP: {get_param: dns_service_ip}
|
||||
$DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
|
||||
|
||||
write_kubeconfig:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
|
||||
|
||||
write_kube_os_config:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
|
@ -389,7 +383,6 @@ resources:
|
|||
parts:
|
||||
- config: {get_resource: disable_selinux}
|
||||
- config: {get_resource: write_heat_params}
|
||||
- config: {get_resource: write_kubeconfig}
|
||||
- config: {get_resource: write_kube_os_config}
|
||||
- config: {get_resource: make_cert}
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
|
|
|
@ -230,12 +230,6 @@ resources:
|
|||
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
|
||||
$ENABLE_CINDER: "False"
|
||||
|
||||
write_kubeconfig:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
|
||||
|
||||
make_cert:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
|
@ -324,7 +318,6 @@ resources:
|
|||
parts:
|
||||
- config: {get_resource: disable_selinux}
|
||||
- config: {get_resource: write_heat_params}
|
||||
- config: {get_resource: write_kubeconfig}
|
||||
- config: {get_resource: make_cert}
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
- config: {get_resource: configure_docker_registry}
|
||||
|
|
Loading…
Reference in New Issue