"Fossies" - the Fresh Open Source Software Archive

Member "magnum-8.2.0/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh" (6 Dec 2019, 7121 Bytes) of package /linux/misc/openstack/magnum-8.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "configure-kubernetes-minion.sh": 8.1.0_vs_8.2.0.

    1 #!/bin/sh -x
    2 
    3 . /etc/sysconfig/heat-params
    4 
    5 echo "configuring kubernetes (minion)"
    6 
    7 if [ ! -z "$HTTP_PROXY" ]; then
    8     export HTTP_PROXY
    9 fi
   10 
   11 if [ ! -z "$HTTPS_PROXY" ]; then
   12     export HTTPS_PROXY
   13 fi
   14 
   15 if [ ! -z "$NO_PROXY" ]; then
   16     export NO_PROXY
   17 fi
   18 
   19 _prefix=${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}
   20 
   21 rm -rf /etc/cni/net.d/*
   22 rm -rf /var/lib/cni/*
   23 rm -rf /opt/cni/*
   24 mkdir -p /opt/cni
   25 mkdir -p /etc/cni/net.d/
   26 _addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]},{"type":"bind","source":"/var/lib/docker","destination":"/var/lib/docker","options":["bind","rw","slave","mode=755"]}'
   27 
   28 if [ "$NETWORK_DRIVER" = "calico" ]; then
   29     echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
   30     sysctl -p
   31     if [ "`systemctl status NetworkManager.service | grep -o "Active: active"`" = "Active: active" ]; then
   32         CALICO_NM=/etc/NetworkManager/conf.d/calico.conf
   33         [ -f ${CALICO_NM} ] || {
   34         echo "Writing File: $CALICO_NM"
   35         mkdir -p $(dirname ${CALICO_NM})
   36         cat << EOF > ${CALICO_NM}
   37 [keyfile]
   38 unmanaged-devices=interface-name:cali*;interface-name:tunl*
   39 EOF
   40 }
   41         systemctl restart NetworkManager
   42     fi
   43 fi
   44 
   45 atomic install --storage ostree --system --system-package=no --set=ADDTL_MOUNTS=${_addtl_mounts} --name=kubelet ${_prefix}kubernetes-kubelet:${KUBE_TAG}
   46 atomic install --storage ostree --system --system-package=no --name=kube-proxy ${_prefix}kubernetes-proxy:${KUBE_TAG}
   47 
   48 CERT_DIR=/etc/kubernetes/certs
   49 PROTOCOL=https
   50 ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP}
   51 KUBE_PROTOCOL="https"
   52 KUBELET_KUBECONFIG=/etc/kubernetes/kubelet-config.yaml
   53 PROXY_KUBECONFIG=/etc/kubernetes/proxy-config.yaml
   54 
   55 if [ "$TLS_DISABLED" = "True" ]; then
   56     PROTOCOL=http
   57     KUBE_PROTOCOL="http"
   58 fi
   59 
   60 KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
   61 
   62 if [ -z "${KUBE_NODE_IP}" ]; then
   63     KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
   64 fi
   65 cat << EOF >> ${KUBELET_KUBECONFIG}
   66 apiVersion: v1
   67 clusters:
   68 - cluster:
   69     certificate-authority: ${CERT_DIR}/ca.crt
   70     server: ${KUBE_MASTER_URI}
   71   name: kubernetes
   72 contexts:
   73 - context:
   74     cluster: kubernetes
   75     user: system:node:${INSTANCE_NAME}
   76   name: default
   77 current-context: default
   78 kind: Config
   79 preferences: {}
   80 users:
   81 - name: system:node:${INSTANCE_NAME}
   82   user:
   83     as-user-extra: {}
   84     client-certificate: ${CERT_DIR}/kubelet.crt
   85     client-key: ${CERT_DIR}/kubelet.key
   86 EOF
   87 cat << EOF >> ${PROXY_KUBECONFIG}
   88 apiVersion: v1
   89 clusters:
   90 - cluster:
   91     certificate-authority: ${CERT_DIR}/ca.crt
   92     server: ${KUBE_MASTER_URI}
   93   name: kubernetes
   94 contexts:
   95 - context:
   96     cluster: kubernetes
   97     user: kube-proxy
   98   name: default
   99 current-context: default
  100 kind: Config
  101 preferences: {}
  102 users:
  103 - name: kube-proxy
  104   user:
  105     as-user-extra: {}
  106     client-certificate: ${CERT_DIR}/proxy.crt
  107     client-key: ${CERT_DIR}/proxy.key
  108 EOF
  109 
  110 if [ "$TLS_DISABLED" = "True" ]; then
  111     sed -i 's/^.*user:$//' ${KUBELET_KUBECONFIG}
  112     sed -i 's/^.*client-certificate.*$//' ${KUBELET_KUBECONFIG}
  113     sed -i 's/^.*client-key.*$//' ${KUBELET_KUBECONFIG}
  114     sed -i 's/^.*certificate-authority.*$//' ${KUBELET_KUBECONFIG}
  115 fi
  116 
  117 chmod 0644 ${KUBELET_KUBECONFIG}
  118 chmod 0644 ${PROXY_KUBECONFIG}
  119 
  120 sed -i '
  121     /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
  122     /^KUBE_ETCD_SERVERS=/ s|=.*|="--etcd-servers=http://'"$ETCD_SERVER_IP"':2379"|
  123     /^KUBE_MASTER=/ s|=.*|="--master='"$KUBE_MASTER_URI"'"|
  124 ' /etc/kubernetes/config
  125 
  126 # NOTE:  Kubernetes plugin for Openstack requires that the node name registered
  127 # in the kube-apiserver be the same as the Nova name of the instance, so that
  128 # the plugin can use the name to query for attributes such as IP, etc.
  129 # The hostname of the node is set to be the Nova name of the instance, and
  130 # the option --hostname-override for kubelet uses the hostname to register the node.
  131 # Using any other name will break the load balancer and cinder volume features.
  132 mkdir -p /etc/kubernetes/manifests
  133 KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=0 --kubeconfig ${KUBELET_KUBECONFIG} --hostname-override=${INSTANCE_NAME}"
  134 KUBELET_ARGS="${KUBELET_ARGS} --address=${KUBE_NODE_IP} --port=10250 --read-only-port=0 --anonymous-auth=false --authorization-mode=Webhook --authentication-token-webhook=true"
  135 KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
  136 KUBELET_ARGS="${KUBELET_ARGS} --volume-plugin-dir=/var/lib/kubelet/volumeplugins"
  137 KUBELET_ARGS="${KUBELET_ARGS} ${KUBELET_OPTIONS}"
  138 
  139 if [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
  140     KUBELET_ARGS="${KUBELET_ARGS} --cloud-provider=external"
  141 fi
  142 
  143 # Workaround for Cinder support (fixed in k8s >= 1.6)
  144 if [ ! -f /usr/bin/udevadm ]; then
  145     ln -s /sbin/udevadm /usr/bin/udevadm
  146 fi
  147 
  148 # For using default log-driver, other options should be ignored
  149 sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
  150 
  151 KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}pause:3.0"
  152 if [ -n "${INSECURE_REGISTRY_URL}" ]; then
  153     echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker
  154 fi
  155 
  156 KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-file=${CERT_DIR}/kubelet.crt --tls-private-key-file=${CERT_DIR}/kubelet.key"
  157 
  158 # specified cgroup driver
  159 KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
  160 
  161 if [ "$(echo $AUTO_HEALING_ENABLED | tr '[:upper:]' '[:lower:]')" = "true" ]; then
  162     KUBELET_ARGS="${KUBELET_ARGS} --node-labels=draino-enabled=true"
  163 fi
  164 
  165 systemctl disable docker
  166 if cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
  167         cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
  168         sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
  169                 /etc/systemd/system/docker.service
  170 else
  171         cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
  172 ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
  173 EOF
  174 
  175 fi
  176 
  177 systemctl daemon-reload
  178 systemctl enable docker
  179 
  180 cat > /etc/kubernetes/get_require_kubeconfig.sh <<EOF
  181 #!/bin/bash
  182 
  183 KUBE_VERSION=\$(kubelet --version | awk '{print \$2}')
  184 min_version=v1.8.0
  185 if [[ "\${min_version}" != \$(echo -e "\${min_version}\n\${KUBE_VERSION}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) && "\${KUBE_VERSION}" != "devel" ]]; then
  186     echo "--require-kubeconfig"
  187 fi
  188 EOF
  189 chmod +x /etc/kubernetes/get_require_kubeconfig.sh
  190 
  191 KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
  192 
  193 sed -i '
  194     /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
  195     /^KUBELET_HOSTNAME=/ s/=.*/=""/
  196     s/^KUBELET_API_SERVER=.*$//
  197     /^KUBELET_ARGS=/ s|=.*|="'"\$(/etc/kubernetes/get_require_kubeconfig.sh) ${KUBELET_ARGS}"'"|
  198 ' /etc/kubernetes/kubelet
  199 
  200 cat > /etc/kubernetes/proxy << EOF
  201 KUBE_PROXY_ARGS="--kubeconfig=${PROXY_KUBECONFIG} --cluster-cidr=${PODS_NETWORK_CIDR}"
  202 EOF
  203 
  204 cat >> /etc/environment <<EOF
  205 KUBERNETES_MASTER=$KUBE_MASTER_URI
  206 EOF