[suse] Update k8s_opensuse_v1 driver

This change is collecting fixes and updates for k8s_opensuse_v1 drver
  * Fix indentation for bash scripts
  * Fix DOCKER_NETWORK_OPTIONS for configure-docker.sh
  * Add FLANNEL_BACKEND option
  * Update deprecated options for kubernetes services
  * Fix KUBE_NODE_IP option for kube-minions
  * Add kube_version and volume_driver options
  * Sync changes with opensuse Mitaka driver

Change-Id: I33bf90331ff78ed538a55451f6de64c4a576cb2d
Partial-Bug: #1622949
Partially-Implements: blueprint k8s-opensuse-support

contrib/drivers/k8s_opensuse_v1/templates/fragments/configure-docker.sh

@@ -7,6 +7,7 @@ systemctl stop docker
 ip link del docker0
 
 if [ "$NETWORK_DRIVER" == "flannel" ]; then
+
     FLANNEL_ENV=/run/flannel/subnet.env
 
     attempts=60
@@ -19,13 +20,20 @@ if [ "$NETWORK_DRIVER" == "flannel" ]; then
     source $FLANNEL_ENV
 
     if ! [ "\$FLANNEL_SUBNET" ] && [ "\$FLANNEL_MTU" ] ; then
-      echo "ERROR: missing required environment variables." >&2
-      exit 1
+        echo "ERROR: missing required environment variables." >&2
+        exit 1
+    fi
+
+    if `grep -q DOCKER_NETWORK_OPTIONS /etc/sysconfig/docker`; then
+        sed -i '
+            /^DOCKER_NETWORK_OPTIONS=/ s|=.*|="--bip='"$FLANNEL_SUBNET"' --mtu='"$FLANNEL_MTU"'"|
+        ' /etc/sysconfig/docker
+    else
+        echo "DOCKER_NETWORK_OPTIONS=\"--bip=$FLANNEL_SUBNET --mtu=$FLANNEL_MTU\"" >> /etc/sysconfig/docker
     fi
 
     sed -i '
-      /^DOCKER_OPTS=/ s/=.*/="--storage-driver=btrfs"/
-      /^DOCKER_NETWORK_OPTIONS=/ s|=.*|="--bip='"$FLANNEL_SUBNET"' --mtu='"$FLANNEL_MTU"'"|
+        /^DOCKER_OPTS=/ s/=.*/="--storage-driver=btrfs"/
     ' /etc/sysconfig/docker
 fi
 

contrib/drivers/k8s_opensuse_v1/templates/fragments/configure-etcd.sh

@@ -5,13 +5,13 @@
 myip="$KUBE_NODE_IP"
 
 sed -i '
-  /ETCD_NAME=/c ETCD_NAME="'$myip'"
-  /ETCD_DATA_DIR=/c ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
-  /ETCD_LISTEN_CLIENT_URLS=/c ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
-  /ETCD_LISTEN_PEER_URLS=/c ETCD_LISTEN_PEER_URLS="http://'$myip':2380"
-  /ETCD_ADVERTISE_CLIENT_URLS=/c ETCD_ADVERTISE_CLIENT_URLS="http://'$myip':2379"
-  /ETCD_INITIAL_ADVERTISE_PEER_URLS=/c ETCD_INITIAL_ADVERTISE_PEER_URLS="http://'$myip':2380"
-  /ETCD_DISCOVERY=/c ETCD_DISCOVERY="'$ETCD_DISCOVERY_URL'"
+    /ETCD_NAME=/c ETCD_NAME="'$myip'"
+    /ETCD_DATA_DIR=/c ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
+    /ETCD_LISTEN_CLIENT_URLS=/c ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
+    /ETCD_LISTEN_PEER_URLS=/c ETCD_LISTEN_PEER_URLS="http://'$myip':2380"
+    /ETCD_ADVERTISE_CLIENT_URLS=/c ETCD_ADVERTISE_CLIENT_URLS="http://'$myip':2379"
+    /ETCD_INITIAL_ADVERTISE_PEER_URLS=/c ETCD_INITIAL_ADVERTISE_PEER_URLS="http://'$myip':2380"
+    /ETCD_DISCOVERY=/c ETCD_DISCOVERY="'$ETCD_DISCOVERY_URL'"
 ' /etc/sysconfig/etcd
 
 echo "activating etcd service"

contrib/drivers/k8s_opensuse_v1/templates/fragments/configure-flanneld-master.sh

@@ -9,13 +9,10 @@ fi
 FLANNEL_ETCD="http://127.0.0.1:2379"
 FLANNEL_JSON=/etc/sysconfig/flannel-network.json
 FLANNELD_CONFIG=/etc/sysconfig/flanneld
-FLANNEL_NETWORK_CIDR="$FLANNEL_NETWORK_CIDR"
-FLANNEL_NETWORK_SUBNETLEN="$FLANNEL_NETWORK_SUBNETLEN"
-FLANNEL_USE_VXLAN="$FLANNEL_USE_VXLAN"
 
 sed -i '
-  /^FLANNEL_ETCD=/ s/=.*/="http:\/\/127.0.0.1:2379"/
-  /^#FLANNEL_OPTIONS=/ s//FLANNEL_OPTIONS="-iface eth0 --ip-masq"/
+    /^FLANNEL_ETCD=/ s/=.*/="http:\/\/127.0.0.1:2379"/
+    /^#FLANNEL_OPTIONS=/ s//FLANNEL_OPTIONS="-iface eth0 --ip-masq"/
 ' /etc/sysconfig/flanneld
 
 cat >> /etc/sysconfig/flanneld <<EOF
@@ -27,35 +24,22 @@ EOF
 
 . /etc/sysconfig/flanneld
 
-if [ "$FLANNEL_USE_VXLAN" == "true" ]; then
-    use_vxlan=1
-fi
-
 # Generate a flannel configuration that we will
 # store into etcd using curl.
 cat > $FLANNEL_JSON <<EOF
 {
   "Network": "$FLANNEL_NETWORK_CIDR",
-  "Subnetlen": $FLANNEL_NETWORK_SUBNETLEN
-EOF
-
-if [ "$use_vxlan" = 1 ]; then
-cat >> $FLANNEL_JSON <<EOF
-  ,
+  "Subnetlen": $FLANNEL_NETWORK_SUBNETLEN,
   "Backend": {
-    "Type": "vxlan"
+    "Type": "$FLANNEL_BACKEND"
   }
-EOF
-fi
-
-cat >> $FLANNEL_JSON <<EOF
 }
 EOF
 
 # wait for etcd to become active (we will need it to push the flanneld config)
 while ! curl -sf -o /dev/null $FLANNEL_ETCD/v2/keys/; do
-  echo "waiting for etcd"
-  sleep 1
+    echo "waiting for etcd"
+    sleep 1
 done
 
 # put the flannel config in etcd

contrib/drivers/k8s_opensuse_v1/templates/fragments/configure-flanneld-minion.sh

@@ -7,8 +7,8 @@ if [ "$NETWORK_DRIVER" != "flannel" ]; then
 fi
 
 sed -i '
-  /^FLANNEL_ETCD_ENDPOINTS=/ s|=.*|="http://'"$ETCD_SERVER_IP"':2379"|
-  /^#FLANNEL_OPTIONS=/ s//FLANNEL_OPTIONS="-iface eth0 --ip-masq"/
+    /^FLANNEL_ETCD_ENDPOINTS=/ s|=.*|="http://'"$ETCD_SERVER_IP"':2379"|
+    /^#FLANNEL_OPTIONS=/ s//FLANNEL_OPTIONS="-iface eth0 --ip-masq"/
 ' /etc/sysconfig/flanneld
 
 cat >> /etc/sysconfig/flanneld <<EOF

contrib/drivers/k8s_opensuse_v1/templates/fragments/configure-kubernetes-master.sh

@@ -11,29 +11,33 @@ KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0 --insecure-port=$KUBE_API_PORT
 chown -R kube:kube /var/lib/kubernetes
 
 sed -i '
-  /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow_privileged='"$KUBE_ALLOW_PRIV"'"/
+    /^KUBE_ALLOW_PRIV=/ s|=.*|="--allow-privileged='"$KUBE_ALLOW_PRIV"'"|
 ' /etc/kubernetes/config
 
 sed -i '
-  /^KUBE_API_ADDRESS=/ s/=.*/='"${KUBE_API_ADDRESS}"'/
-  /^KUBE_SERVICE_ADDRESSES=/ s|=.*|="--service-cluster-ip-range='"$PORTAL_NETWORK_CIDR"'"|
-  /^KUBE_API_ARGS=/ s/KUBE_API_ARGS.//
-  /^KUBE_ETCD_SERVERS=/ s/=.*/="--etcd_servers=http:\/\/127.0.0.1:2379"/
-  /^KUBE_ADMISSION_CONTROL=/ s/=.*/=""/
+    /^KUBE_API_ADDRESS=/ s|=.*|="--advertise-address='"$KUBE_NODE_IP"' --insecure-bind-address=0.0.0.0"|
+    /^KUBE_API_PORT=/ s|=.*|="--insecure-port='"$KUBE_API_PORT"'"|
+    /^KUBE_SERVICE_ADDRESSES=/ s|=.*|="--service-cluster-ip-range='"$PORTAL_NETWORK_CIDR"'"|
+    /^KUBE_API_ARGS=/ s/=.*/="--runtime-config=api\/all=true"/
+    /^KUBE_ETCD_SERVERS=/ s/=.*/="--etcd-servers=http:\/\/127.0.0.1:2379"/
+    /^KUBE_ADMISSION_CONTROL=/ s/=.*/="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota"/
 ' /etc/kubernetes/apiserver
 
 cat >> /etc/kubernetes/apiserver <<EOF
-#Uncomment the following line to disable Load Balancer feature
-KUBE_API_ARGS="$KUBE_API_ARGS"
 #Uncomment the following line to enable Load Balancer feature
-#KUBE_API_ARGS="$KUBE_API_ARGS --cloud_config=/etc/sysconfig/kubernetes_openstack_config --cloud_provider=openstack"
+#KUBE_API_ARGS="--runtime-config=api/all=true --cloud-config=/etc/sysconfig/kubernetes_openstack_config --cloud-provider=openstack"
 EOF
 
 sed -i '
-  /^KUBELET_ADDRESSES=/ s/=.*/="--machines='""'"/
-  /^KUBE_CONTROLLER_MANAGER_ARGS=/ s/KUBE_CONTROLLER_MANAGER_ARGS.*/#Uncomment the following line to enable Kubernetes Load Balancer feature \n#KUBE_CONTROLLER_MANAGER_ARGS="--cloud_config=\/etc\/sysconfig\/kubernetes_openstack_config --cloud_provider=openstack"/
+    /^KUBE_CONTROLLER_MANAGER_ARGS=/ s|=.*|="--leader-elect=true --cluster-name=kubernetes --cluster-cidr='"$FLANNEL_NETWORK_CIDR"'"|
 ' /etc/kubernetes/controller-manager
 
+cat >> /etc/kubernetes/controller-manager <<EOF
+
+#Uncomment the following line to enable Kubernetes Load Balancer feature
+#KUBE_CONTROLLER_MANAGER_ARGS="--cloud-config=/etc/sysconfig/kubernetes_openstack_config --cloud-provider=openstack"
+EOF
+
 # Generate a the configuration for Kubernetes services to talk to OpenStack Neutron
 cat > /etc/sysconfig/kubernetes_openstack_config <<EOF
 [Global]
@@ -50,9 +54,9 @@ monitor-max-retries=3
 EOF
 
 for service in kube-apiserver kube-scheduler kube-controller-manager; do
-  echo "activating $service service"
-  systemctl enable $service
+    echo "activating $service service"
+    systemctl enable $service
 
-  echo "starting $service services"
-  systemctl --no-block start $service
+    echo "starting $service services"
+    systemctl --no-block start $service
 done

contrib/drivers/k8s_opensuse_v1/templates/fragments/configure-kubernetes-minion.sh

@@ -4,9 +4,7 @@
 
 echo "configuring kubernetes (minion)"
 
-myip=$(ip addr show eth0 |
-       awk '$1 == "inet" {print $2}' |
-       cut -f1 -d/)
+myip="$KUBE_NODE_IP"
 
 ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP}
 
@@ -21,20 +19,20 @@ fi
 KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
 
 sed -i '
-/^KUBE_ALLOW_PRIV=/ s/=.*/="--allow_privileged='"$KUBE_ALLOW_PRIV"'"/
-/^KUBE_ETCD_SERVERS=/ s|=.*|="--etcd_servers=http://'"$ETCD_SERVER_IP"':2379"|
-/^KUBE_MASTER=/ s|=.*|="--master='"$KUBE_MASTER_URI"'"|
+    /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
+    /^KUBE_ETCD_SERVERS=/ s|=.*|="--etcd-servers=http://'"$ETCD_SERVER_IP"':2379"|
+    /^KUBE_MASTER=/ s|=.*|="--master='"$KUBE_MASTER_URI"'"|
 ' /etc/kubernetes/config
 
 sed -i '
-/^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
-/^KUBELET_HOSTNAME=/ s/=.*/="--hostname-override='"$myip"'"/
-/^KUBELET_API_SERVER=/ s|=.*|="--api_servers='"$KUBE_MASTER_URI"'"|
-/^KUBELET_ARGS=/ s|=.*|='"$KUBE_CONFIG"'|
+    /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
+    /^KUBELET_HOSTNAME=/ s/=.*/="--hostname-override='"$myip"'"/
+    /^KUBELET_API_SERVER=/ s|=.*|="--api-servers='"$KUBE_MASTER_URI"'"|
+    /^KUBELET_ARGS=/ s|=.*|="--node-ip='"$myip"' --container-runtime=docker --config=/etc/kubernetes/manifests '"$KUBE_CONFIG"'"|
 ' /etc/kubernetes/kubelet
 
 sed -i '
-/^KUBE_PROXY_ARGS=/ s|=.*|='"$KUBE_CONFIG"'|
+    /^KUBE_PROXY_ARGS=/ s/=.*/="--proxy-mode=iptables"/
 ' /etc/kubernetes/proxy
 
 cat >> /etc/environment <<EOF

contrib/drivers/k8s_opensuse_v1/templates/fragments/write-heat-params-master.yaml

@@ -5,7 +5,6 @@ write_files:
     owner: "root:root"
     permissions: "0644"
     content: |
-      KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP"
       KUBE_NODE_IP="$KUBE_NODE_IP"
       KUBE_API_PORT="$KUBE_API_PORT"
       KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV"
@@ -21,5 +20,6 @@ write_files:
       TENANT_NAME="$TENANT_NAME"
       CLUSTER_SUBNET="$CLUSTER_SUBNET"
       TLS_DISABLED="$TLS_DISABLED"
+      KUBE_VERSION="$KUBE_VERSION"
       CLUSTER_UUID="$CLUSTER_UUID"
       MAGNUM_URL="$MAGNUM_URL"

contrib/drivers/k8s_opensuse_v1/templates/fragments/write-heat-params-minion.yaml

@@ -24,9 +24,9 @@ write_files:
       REGISTRY_INSECURE="$REGISTRY_INSECURE"
       REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"
       TLS_DISABLED="$TLS_DISABLED"
+      KUBE_VERSION="$KUBE_VERSION"
       CLUSTER_UUID="$CLUSTER_UUID"
       MAGNUM_URL="$MAGNUM_URL"
       HTTP_PROXY="$HTTP_PROXY"
       HTTPS_PROXY="$HTTPS_PROXY"
       NO_PROXY="$NO_PROXY"
-      WAIT_CURL="$WAIT_CURL"

contrib/drivers/k8s_opensuse_v1/templates/kubecluster.yaml

@@ -181,6 +181,16 @@ parameters:
       url for kubernetes to authenticate before sending request to neutron
       must be v2 since kubernetes backend only suppor v2 at this point
 
+  kube_version:
+    type: string
+    description: version of kubernetes used for kubernetes cluster
+    default: v1.3.7
+
+  volume_driver:
+    type: string
+    description: volume driver to use for container storage
+    default: ""
+
   username:
     type: string
     description: >
@@ -484,6 +494,7 @@ resources:
           http_proxy: {get_param: http_proxy}
           https_proxy: {get_param: https_proxy}
           no_proxy: {get_param: no_proxy}
+          kube_version: {get_param: kube_version}
           fixed_network: {get_resource: fixed_network}
           fixed_subnet: {get_resource: fixed_subnet}
           api_pool_id: {get_resource: api_pool}
@@ -496,6 +507,7 @@ resources:
           tls_disabled: {get_param: tls_disabled}
           secgroup_base_id: {get_resource: secgroup_base}
           secgroup_kube_master_id: {get_resource: secgroup_kube_master}
+          kube_master_id: 'kube-master%index%'
 
   ######################################################################
   #
@@ -542,10 +554,11 @@ resources:
           http_proxy: {get_param: http_proxy}
           https_proxy: {get_param: https_proxy}
           no_proxy: {get_param: no_proxy}
+          kube_version: {get_param: kube_version}
           kubernetes_port: {get_param: kubernetes_port}
           tls_disabled: {get_param: tls_disabled}
           secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
-          kube_minion_id: 'kube_minion_%index%'
+          kube_minion_id: 'kube-minion%index%'
 
 outputs:
 

contrib/drivers/k8s_opensuse_v1/templates/kubemaster.yaml

@@ -73,6 +73,10 @@ parameters:
       service.
     default: 6443
 
+  kube_version:
+    type: string
+    description: version of kubernetes used for kubernetes cluster
+
   cluster_uuid:
     type: string
     description: identifier for the cluster this template is generating
@@ -156,6 +160,10 @@ parameters:
     description: >
       tenant name
 
+  kube_master_id:
+    type: string
+    description: ID of for kubernetes master.
+
 resources:
 
   master_wait_handle:
@@ -198,6 +206,7 @@ resources:
             "$TENANT_NAME": {get_param: tenant_name}
             "$CLUSTER_SUBNET": {get_param: fixed_subnet}
             "$TLS_DISABLED": {get_param: tls_disabled}
+            "$KUBE_VERSION": {get_param: kube_version}
             "$CLUSTER_UUID": {get_param: cluster_uuid}
             "$MAGNUM_URL": {get_param: magnum_url}
             "$HTTP_PROXY": {get_param: http_proxy}
@@ -266,7 +275,7 @@ resources:
   kube_master:
     type: OS::Nova::Server
     properties:
-      name: kube_master
+      name: {get_param: kube_master_id}
       image: {get_param: server_image}
       flavor: {get_param: master_flavor}
       key_name: {get_param: ssh_key_name}

contrib/drivers/k8s_opensuse_v1/templates/kubeminion.yaml

@@ -3,7 +3,7 @@ heat_template_version: 2014-10-16
 description: >
   This is a nested stack that defines a single Kubernetes minion, This stack is
   included by an AutoScalingGroup resource in the parent template
-  (kubecluster-jeos.yaml).
+  (kubecluster.yaml).
 
 parameters:
 
@@ -60,6 +60,10 @@ parameters:
     type: string
     description: endpoint to retrieve TLS certs from
 
+  kube_version:
+    type: string
+    description: version of kubernetes used for kubernetes cluster
+
   kube_master_ip:
     type: string
     description: IP address of the Kubernetes master server.
@@ -188,32 +192,33 @@ resources:
       group: ungrouped
       config:
         str_replace:
-          template: {get_file: fragments/write-heat-params.yaml}
+          template: {get_file: fragments/write-heat-params-minion.yaml}
           params:
-            $KUBE_ALLOW_PRIV: {get_param: kube_allow_priv}
-            $KUBE_MASTER_IP: {get_param: kube_master_ip}
-            $KUBE_API_PORT: {get_param: kubernetes_port}
-            $ETCD_SERVER_IP: {get_param: etcd_server_ip}
-            $DOCKER_VOLUME: {get_resource: docker_volume}
-            $NETWORK_DRIVER: {get_param: network_driver}
-            $REGISTRY_ENABLED: {get_param: registry_enabled}
-            $REGISTRY_PORT: {get_param: registry_port}
-            $REGISTRY_AUTH_URL: {get_param: registry_auth_url}
-            $REGISTRY_REGION: {get_param: registry_region}
-            $REGISTRY_USERNAME: {get_param: registry_username}
-            $REGISTRY_PASSWORD: {get_param: registry_password}
-            $REGISTRY_DOMAIN: {get_param: registry_domain}
-            $REGISTRY_TRUST_ID: {get_param: registry_trust_id}
-            $REGISTRY_CONTAINER: {get_param: registry_container}
-            $REGISTRY_INSECURE: {get_param: registry_insecure}
-            $REGISTRY_CHUNKSIZE: {get_param: registry_chunksize}
-            $TLS_DISABLED: {get_param: tls_disabled}
-            $CLUSTER_UUID: {get_param: cluster_uuid}
-            $MAGNUM_URL: {get_param: magnum_url}
-            $HTTP_PROXY: {get_param: http_proxy}
-            $HTTPS_PROXY: {get_param: https_proxy}
-            $NO_PROXY: {get_param: no_proxy}
-            $NODE_FIXED_IP: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
+            "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
+            "$KUBE_MASTER_IP": {get_param: kube_master_ip}
+            "$KUBE_NODE_IP": {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
+            "$KUBE_API_PORT": {get_param: kubernetes_port}
+            "$ETCD_SERVER_IP": {get_param: etcd_server_ip}
+            "$DOCKER_VOLUME": {get_resource: docker_volume}
+            "$NETWORK_DRIVER": {get_param: network_driver}
+            "$REGISTRY_ENABLED": {get_param: registry_enabled}
+            "$REGISTRY_PORT": {get_param: registry_port}
+            "$REGISTRY_AUTH_URL": {get_param: registry_auth_url}
+            "$REGISTRY_REGION": {get_param: registry_region}
+            "$REGISTRY_USERNAME": {get_param: registry_username}
+            "$REGISTRY_PASSWORD": {get_param: registry_password}
+            "$REGISTRY_DOMAIN": {get_param: registry_domain}
+            "$REGISTRY_TRUST_ID": {get_param: registry_trust_id}
+            "$REGISTRY_CONTAINER": {get_param: registry_container}
+            "$REGISTRY_INSECURE": {get_param: registry_insecure}
+            "$REGISTRY_CHUNKSIZE": {get_param: registry_chunksize}
+            "$TLS_DISABLED": {get_param: tls_disabled}
+            "$KUBE_VERSION": {get_param: kube_version}
+            "$CLUSTER_UUID": {get_param: cluster_uuid}
+            "$MAGNUM_URL": {get_param: magnum_url}
+            "$HTTP_PROXY": {get_param: http_proxy}
+            "$HTTPS_PROXY": {get_param: https_proxy}
+            "$NO_PROXY": {get_param: no_proxy}
 
   configure_flanneld:
     type: OS::Heat::SoftwareConfig

contrib/drivers/k8s_opensuse_v1/version.py

@@ -14,4 +14,4 @@
 
 version = '1.0.0'
 driver = 'k8s_opensuse_v1'
-container_version = '1.12.1'
+container_version = '1.12.3'