Use K8s 1.8 with Hyperkube
This commit does necessary changes to allow using K8s 1.8 in our DevStack plugin. In particular: * Contents of missing setup-files.sh are introduced into the DevStack plugin directly. * Deprecated and removed `--api-servers` option of kubelet is replaced by `--kubeconfig=<path> --require-kubeconfig` * Switches default value of KURYR_HYPERKUBE_VERSION to point to latest 1.8. In long term we should probably move to kubeadm along with splitting the K8s DevStack plugin out of Kuryr repo. This is short term solution to using ancient kubernetes version in upstream testing. Closes-Bug: 1734834 Change-Id: I0598109152cf353b0a23a225bb8f290da0069d96
This commit is contained in:
parent
1aebde0a1f
commit
a93415b7bf
|
@ -346,10 +346,13 @@ function get_hyperkube_container_cacert_setup_dir {
|
|||
esac
|
||||
}
|
||||
|
||||
function create_token() {
|
||||
echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null)
|
||||
}
|
||||
|
||||
function prepare_kubernetes_files {
|
||||
# Sets up the base configuration for the Kubernetes API Server and the
|
||||
# Controller Manager.
|
||||
local mountpoint
|
||||
local service_cidr
|
||||
local k8s_api_clusterip
|
||||
|
||||
|
@ -358,15 +361,24 @@ function prepare_kubernetes_files {
|
|||
subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET"\
|
||||
-c cidr -f value)
|
||||
k8s_api_clusterip=$(_cidr_range "$service_cidr" | cut -f1)
|
||||
mountpoint=$(get_hyperkube_container_cacert_setup_dir "$KURYR_HYPERKUBE_VERSION")
|
||||
|
||||
docker run \
|
||||
--name devstack-k8s-setup-files \
|
||||
--detach \
|
||||
--volume "${KURYR_HYPERKUBE_DATA_DIR}:${mountpoint}:rw" \
|
||||
"${KURYR_HYPERKUBE_IMAGE}:${KURYR_HYPERKUBE_VERSION}" \
|
||||
/setup-files.sh \
|
||||
"IP:${HOST_IP},IP:${k8s_api_clusterip},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
|
||||
# It's not prettiest, but the file haven't changed since 1.6, so it's safe to download it like that.
|
||||
curl -o /tmp/make-ca-cert.sh https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.8/cluster/saltbase/salt/generate-cert/make-ca-cert.sh
|
||||
chmod +x /tmp/make-ca-cert.sh
|
||||
|
||||
# Create HTTPS certificates
|
||||
sudo groupadd -f -r kube-cert
|
||||
|
||||
# hostname -I gets the ip of the node
|
||||
sudo CERT_DIR=${KURYR_HYPERKUBE_DATA_DIR} /tmp/make-ca-cert.sh $(hostname -I | awk '{print $1}') "IP:${HOST_IP},IP:${k8s_api_clusterip},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
|
||||
|
||||
# Create basic token authorization
|
||||
sudo bash -c "echo 'admin,admin,admin' > $KURYR_HYPERKUBE_DATA_DIR/basic_auth.csv"
|
||||
|
||||
# Create known tokens for service accounts
|
||||
sudo bash -c "echo '$(create_token),admin,admin' >> ${KURYR_HYPERKUBE_DATA_DIR}/known_tokens.csv"
|
||||
sudo bash -c "echo '$(create_token),kubelet,kubelet' >> ${KURYR_HYPERKUBE_DATA_DIR}/known_tokens.csv"
|
||||
sudo bash -c "echo '$(create_token),kube_proxy,kube_proxy' >> ${KURYR_HYPERKUBE_DATA_DIR}/known_tokens.csv"
|
||||
|
||||
# FIXME(ivc): replace 'sleep' with a strict check (e.g. wait_for_files)
|
||||
# 'kubernetes-api' fails if started before files are generated.
|
||||
|
@ -517,8 +529,8 @@ function run_k8s_kubelet {
|
|||
|
||||
sudo mkdir -p "${KURYR_HYPERKUBE_DATA_DIR}/"{kubelet,kubelet.cert}
|
||||
command="$KURYR_HYPERKUBE_BINARY kubelet\
|
||||
--kubeconfig=${HOME}/.kube/config --require-kubeconfig \
|
||||
--allow-privileged=true \
|
||||
--api-servers=$KURYR_K8S_API_URL \
|
||||
--v=2 \
|
||||
--address=0.0.0.0 \
|
||||
--enable-server \
|
||||
|
@ -527,6 +539,12 @@ function run_k8s_kubelet {
|
|||
--cni-conf-dir=$CNI_CONF_DIR \
|
||||
--cert-dir=${KURYR_HYPERKUBE_DATA_DIR}/kubelet.cert \
|
||||
--root-dir=${KURYR_HYPERKUBE_DATA_DIR}/kubelet"
|
||||
|
||||
# Kubernetes 1.8 requires additional option to work in the gate.
|
||||
if [[ ${KURYR_HYPERKUBE_VERSION} == v1.8* ]]; then
|
||||
command="$command --fail-swap-on=false"
|
||||
fi
|
||||
|
||||
wait_for "Kubernetes API Server" "$KURYR_K8S_API_URL"
|
||||
if [[ "$USE_SYSTEMD" = "True" ]]; then
|
||||
# If systemd is being used, proceed as normal
|
||||
|
@ -694,8 +712,6 @@ if [[ "$1" == "unstack" ]]; then
|
|||
$KURYR_HYPERKUBE_BINARY kubectl delete nodes ${HOSTNAME}
|
||||
fi
|
||||
stop_process kuryr-daemon
|
||||
docker kill devstack-k8s-setup-files
|
||||
docker rm devstack-k8s-setup-files
|
||||
|
||||
if is_service_enabled kubernetes-controller-manager; then
|
||||
stop_container kubernetes-controller-manager
|
||||
|
|
|
@ -31,7 +31,7 @@ KURYR_ETCD_LISTEN_PEER_URL=${KURYR_ETCD_LISTEN_PEER_URL:-http://0.0.0.0:2380}
|
|||
|
||||
# HYPERKUBE
|
||||
KURYR_HYPERKUBE_IMAGE=${KURYR_HYPERKUBE_IMAGE:-gcr.io/google_containers/hyperkube-amd64}
|
||||
KURYR_HYPERKUBE_VERSION=${KURYR_HYPERKUBE_VERSION:-v1.6.2}
|
||||
KURYR_HYPERKUBE_VERSION=${KURYR_HYPERKUBE_VERSION:-v1.8.5}
|
||||
KURYR_HYPERKUBE_DATA_DIR=${KURYR_HYPERKUBE_DATA_DIR:-${DATA_DIR}/hyperkube}
|
||||
KURYR_HYPERKUBE_BINARY=${KURYR_HYPERKUBE_BINARY:-/usr/local/bin/hyperkube}
|
||||
|
||||
|
|
Loading…
Reference in New Issue