"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "magnum/drivers/common/templates/kubernetes/fragments/flannel-service.sh" between
magnum-8.1.0.tar.gz and magnum-8.2.0.tar.gz

About: OpenStack Magnum makes container orchestration engines such as Docker and Kubernetes available as first class resources in OpenStack.
The "Stein" series (maintained release).

flannel-service.sh  (magnum-8.1.0):flannel-service.sh  (magnum-8.2.0)
#!/bin/sh #!/bin/bash
set -e
set +x
. /etc/sysconfig/heat-params . /etc/sysconfig/heat-params
set -x set -x
if [ "$NETWORK_DRIVER" = "flannel" ]; then if [ "$NETWORK_DRIVER" = "flannel" ]; then
_prefix=${CONTAINER_INFRA_PREFIX:-quay.io/coreos/} _prefix=${CONTAINER_INFRA_PREFIX:-quay.io/coreos/}
FLANNEL_DEPLOY=/srv/magnum/kubernetes/manifests/flannel-deploy.yaml FLANNEL_DEPLOY=/srv/magnum/kubernetes/manifests/flannel-deploy.yaml
[ -f ${FLANNEL_DEPLOY} ] || { [ -f ${FLANNEL_DEPLOY} ] || {
echo "Writing File: $FLANNEL_DEPLOY" echo "Writing File: $FLANNEL_DEPLOY"
mkdir -p "$(dirname ${FLANNEL_DEPLOY})" mkdir -p "$(dirname ${FLANNEL_DEPLOY})"
set +x
cat << EOF > ${FLANNEL_DEPLOY} cat << EOF > ${FLANNEL_DEPLOY}
--- ---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unsed in CaaSP
rule: 'RunAsAny'
---
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: flannel name: flannel
rules: rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- pods - pods
verbs: verbs:
- get - get
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- nodes - nodes
skipping to change at line 104 skipping to change at line 157
} }
} }
magnum-install-cni.sh: | magnum-install-cni.sh: |
#!/bin/sh #!/bin/sh
set -e -x; set -e -x;
if [ -w "/host/opt/cni/bin/" ]; then if [ -w "/host/opt/cni/bin/" ]; then
cp /opt/cni/bin/* /host/opt/cni/bin/; cp /opt/cni/bin/* /host/opt/cni/bin/;
echo "Wrote CNI binaries to /host/opt/cni/bin/"; echo "Wrote CNI binaries to /host/opt/cni/bin/";
fi; fi;
--- ---
apiVersion: extensions/v1beta1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: kube-flannel-ds-amd64 name: kube-flannel-ds-amd64
namespace: kube-system namespace: kube-system
labels: labels:
tier: node tier: node
app: flannel app: flannel
spec: spec:
selector:
matchLabels:
app: flannel
template: template:
metadata: metadata:
labels: labels:
tier: node tier: node
app: flannel app: flannel
spec: spec:
hostNetwork: true hostNetwork: true
nodeSelector: nodeSelector:
beta.kubernetes.io/arch: amd64 beta.kubernetes.io/arch: amd64
tolerations: tolerations:
# Make sure flannel gets scheduled on all nodes. - operator: Exists
- effect: NoSchedule effect: NoSchedule
operator: Exists
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
serviceAccountName: flannel serviceAccountName: flannel
initContainers: initContainers:
- name: install-cni-plugins - name: install-cni-plugins
image: ${_prefix}flannel-cni:${FLANNEL_CNI_TAG} image: ${_prefix}flannel-cni:${FLANNEL_CNI_TAG}
command: command:
- sh - sh
args: args:
- /etc/kube-flannel/magnum-install-cni.sh - /etc/kube-flannel/magnum-install-cni.sh
volumeMounts: volumeMounts:
- name: host-cni-bin - name: host-cni-bin
skipping to change at line 173 skipping to change at line 223
- --ip-masq - --ip-masq
- --kube-subnet-mgr - --kube-subnet-mgr
resources: resources:
requests: requests:
cpu: "100m" cpu: "100m"
memory: "50Mi" memory: "50Mi"
limits: limits:
cpu: "100m" cpu: "100m"
memory: "50Mi" memory: "50Mi"
securityContext: securityContext:
privileged: true privileged: false
capabilities:
add: ["NET_ADMIN"]
env: env:
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name
- name: POD_NAMESPACE - name: POD_NAMESPACE
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
volumeMounts: volumeMounts:
- name: run - name: run
mountPath: /run mountPath: /run/flannel
- name: flannel-cfg - name: flannel-cfg
mountPath: /etc/kube-flannel/ mountPath: /etc/kube-flannel/
volumes: volumes:
- name: host-cni-bin - name: host-cni-bin
hostPath: hostPath:
path: /opt/cni/bin path: /opt/cni/bin
- name: run - name: run
hostPath: hostPath:
path: /run path: /run/flannel
- name: cni - name: cni
hostPath: hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d
- name: flannel-cfg - name: flannel-cfg
configMap: configMap:
name: kube-flannel-cfg name: kube-flannel-cfg
EOF EOF
} }
set -x
if [ "$MASTER_INDEX" = "0" ]; then if [ "$MASTER_INDEX" = "0" ]; then
until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ] until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
do do
echo "Waiting for Kubernetes API..." echo "Waiting for Kubernetes API..."
sleep 5 sleep 5
done done
fi fi
 End of changes. 13 change blocks. 
14 lines changed or deleted 67 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)