"Fossies" - the Fresh Open Source Software Archive

Member "magnum-8.2.0/magnum/drivers/common/templates/kubernetes/fragments/enable-auto-healing.sh" (6 Dec 2019, 6527 Bytes) of package /linux/misc/openstack/magnum-8.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "enable-auto-healing.sh": 8.1.0_vs_8.2.0.

    1 #!/bin/sh
    2 
    3 step="enable-node-problem-detector"
    4 printf "Starting to run ${step}\n"
    5 
    6 . /etc/sysconfig/heat-params
    7 
    8 _gcr_prefix=${CONTAINER_INFRA_PREFIX:-k8s.gcr.io/}
    9 
   10 # Generate Node Problem Detector manifest file
   11 NPD_DEPLOY=/srv/magnum/kubernetes/manifests/npd.yaml
   12 
   13 [ -f ${NPD_DEPLOY} ] || {
   14     echo "Writing File: $NPD_DEPLOY"
   15     mkdir -p $(dirname ${NPD_DEPLOY})
   16     cat << EOF > ${NPD_DEPLOY}
   17 apiVersion: v1
   18 kind: ServiceAccount
   19 metadata:
   20   name: node-problem-detector
   21   namespace: kube-system
   22   labels:
   23     kubernetes.io/cluster-service: "true"
   24     addonmanager.kubernetes.io/mode: Reconcile
   25 ---
   26 apiVersion: rbac.authorization.k8s.io/v1
   27 kind: RoleBinding
   28 metadata:
   29   name: magnum:podsecuritypolicy:node-problem-detector
   30   namespace: kube-system
   31   labels:
   32     addonmanager.kubernetes.io/mode: Reconcile
   33     kubernetes.io/cluster-service: "true"
   34 roleRef:
   35   apiGroup: rbac.authorization.k8s.io
   36   kind: ClusterRole
   37   name: magnum:podsecuritypolicy:privileged
   38 subjects:
   39 - kind: ServiceAccount
   40   name: node-problem-detector
   41   namespace: kube-system
   42 ---
   43 apiVersion: rbac.authorization.k8s.io/v1
   44 kind: ClusterRoleBinding
   45 metadata:
   46   name: npd-binding
   47   labels:
   48     kubernetes.io/cluster-service: "true"
   49     addonmanager.kubernetes.io/mode: Reconcile
   50 roleRef:
   51   apiGroup: rbac.authorization.k8s.io
   52   kind: ClusterRole
   53   name: system:node-problem-detector
   54 subjects:
   55 - kind: ServiceAccount
   56   name: node-problem-detector
   57   namespace: kube-system
   58 ---
   59 apiVersion: apps/v1
   60 kind: DaemonSet
   61 metadata:
   62   name: npd
   63   namespace: kube-system
   64   labels:
   65     k8s-app: node-problem-detector
   66     version: ${NODE_PROBLEM_DETECTOR_TAG}
   67     kubernetes.io/cluster-service: "true"
   68     addonmanager.kubernetes.io/mode: Reconcile
   69 spec:
   70   selector:
   71     matchLabels:
   72       k8s-app: node-problem-detector
   73       version: ${NODE_PROBLEM_DETECTOR_TAG}
   74   template:
   75     metadata:
   76       labels:
   77         k8s-app: node-problem-detector
   78         version: ${NODE_PROBLEM_DETECTOR_TAG}
   79         kubernetes.io/cluster-service: "true"
   80     spec:
   81       containers:
   82       - name: node-problem-detector
   83         image: ${_gcr_prefix}node-problem-detector:${NODE_PROBLEM_DETECTOR_TAG}
   84         command:
   85         - "/bin/sh"
   86         - "-c"
   87         # Pass both config to support both journald and syslog.
   88         - "exec /node-problem-detector --logtostderr --system-log-monitors=/config/kernel-monitor.json,/config/kernel-monitor-filelog.json,/config/docker-monitor.json,/config/docker-monitor-filelog.json 2>&1 | tee /var/log/node-problem-detector.log"
   89         securityContext:
   90           privileged: true
   91         resources:
   92           limits:
   93             cpu: "200m"
   94             memory: "100Mi"
   95           requests:
   96             cpu: "20m"
   97             memory: "20Mi"
   98         env:
   99         - name: NODE_NAME
  100           valueFrom:
  101             fieldRef:
  102               fieldPath: spec.nodeName
  103         volumeMounts:
  104         - name: log
  105           mountPath: /var/log
  106         - name: localtime
  107           mountPath: /etc/localtime
  108           readOnly: true
  109       volumes:
  110       - name: log
  111         hostPath:
  112           path: /var/log/
  113       - name: localtime
  114         hostPath:
  115           path: /etc/localtime
  116           type: "FileOrCreate"
  117       serviceAccountName: node-problem-detector
  118       tolerations:
  119       - operator: "Exists"
  120         effect: "NoExecute"
  121       - key: "CriticalAddonsOnly"
  122         operator: "Exists"
  123 EOF
  124 }
  125 
  126 echo "Waiting for Kubernetes API..."
  127 until  [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
  128 do
  129     sleep 5
  130 done
  131 
  132 kubectl apply -f ${NPD_DEPLOY}
  133 
  134 printf "Finished running ${step}\n"
  135 
  136 _docker_draino_prefix=${CONTAINER_INFRA_PREFIX:-docker.io/planetlabs/}
  137 step="enable-auto-healing"
  138 printf "Starting to run ${step}\n"
  139 
  140 if [ "$(echo $AUTO_HEALING_ENABLED | tr '[:upper:]' '[:lower:]')" = "true" ]; then
  141     # Generate Draino manifest file
  142     DRAINO_DEPLOY=/srv/magnum/kubernetes/manifests/draino.yaml
  143 
  144     [ -f ${DRAINO_DEPLOY} ] || {
  145         echo "Writing File: $DRAINO_DEPLOY"
  146         mkdir -p $(dirname ${DRAINO_DEPLOY})
  147         cat << EOF > ${DRAINO_DEPLOY}
  148 ---
  149 apiVersion: v1
  150 kind: ServiceAccount
  151 metadata:
  152   labels: {component: draino}
  153   name: draino
  154   namespace: kube-system
  155 ---
  156 apiVersion: rbac.authorization.k8s.io/v1
  157 kind: ClusterRole
  158 metadata:
  159   labels: {component: draino}
  160   name: draino
  161 rules:
  162 - apiGroups: ['']
  163   resources: [events]
  164   verbs: [create, patch, update]
  165 - apiGroups: ['']
  166   resources: [nodes]
  167   verbs: [get, watch, list, update]
  168 - apiGroups: ['']
  169   resources: [nodes/status]
  170   verbs: [patch]
  171 - apiGroups: ['']
  172   resources: [pods]
  173   verbs: [get, watch, list]
  174 - apiGroups: ['']
  175   resources: [pods/eviction]
  176   verbs: [create]
  177 - apiGroups: [extensions]
  178   resources: [daemonsets]
  179   verbs: [get, watch, list]
  180 ---
  181 apiVersion: rbac.authorization.k8s.io/v1
  182 kind: ClusterRoleBinding
  183 metadata:
  184   labels: {component: draino}
  185   name: draino
  186 roleRef: {apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: draino}
  187 subjects:
  188 - {kind: ServiceAccount, name: draino, namespace: kube-system}
  189 ---
  190 apiVersion: apps/v1
  191 kind: Deployment
  192 metadata:
  193   labels: {component: draino}
  194   name: draino
  195   namespace: kube-system
  196 spec:
  197   # Draino does not currently support locking/master election, so you should
  198   # only run one draino at a time. Draino won't start draining nodes immediately
  199   # so it's usually safe for multiple drainos to exist for a brief period of
  200   # time.
  201   replicas: 1
  202   selector:
  203     matchLabels: {component: draino}
  204   template:
  205     metadata:
  206       labels: {component: draino}
  207       name: draino
  208       namespace: kube-system
  209     spec:
  210       nodeSelector:
  211         node-role.kubernetes.io/master: ""
  212       hostNetwork: true
  213       tolerations:
  214         - effect: NoSchedule
  215           operator: Exists
  216         - key: CriticalAddonsOnly
  217           operator: Exists
  218         - effect: NoExecute
  219           operator: Exists
  220         - key: node.cloudprovider.kubernetes.io/uninitialized
  221           value: "true"
  222           effect: NoSchedule
  223         - key: node-role.kubernetes.io/master
  224           effect: NoSchedule
  225       containers:
  226       # You'll want to change these labels and conditions to suit your deployment.
  227       - command: [/draino, --node-label=draino-enabled=true, --evict-daemonset-pods, --evict-emptydir-pods, NotReady]
  228         image: ${_docker_draino_prefix}draino:${DRAINO_TAG}
  229         livenessProbe:
  230           httpGet: {path: /healthz, port: 10002}
  231           initialDelaySeconds: 30
  232         name: draino
  233       serviceAccountName: draino
  234 EOF
  235     }
  236 
  237     kubectl apply -f ${DRAINO_DEPLOY}
  238 
  239 fi
  240 printf "Finished running ${step}\n"