Remove subPaths when mounting Kuryr pods volumes

From time to time in the gate we suffer from Kubernetes/Docker bug [1]. As it seems to still be open, we can work it around by removing usage of subPath property of volumeMounts attached to Kuryr pods and this commit does so. Besides that it removes possibility of providing different kuryr.conf for kuryr-controller and kuryr-daemon as this shouldn't be required as we don't support running without kuryr-daemon anymore. [1] https://github.com/kubernetes/kubernetes/issues/68211 Closes-Bug: 1833228 Change-Id: I2465bc45324482cc4ab32a1367ab08f34ce28b1c
2019-06-18 14:36:27 +02:00 · 2019-06-18 14:36:27 +02:00 · 5290e52cd5
commit 5290e52cd5
parent e24126be08
3 changed files with 18 additions and 55 deletions
--- a/devstack/lib/kuryr_kubernetes
+++ b/devstack/lib/kuryr_kubernetes
@ -362,15 +362,13 @@ function indent() {

 function generate_kuryr_configmap() {
    local output_dir
-    local controller_conf_path
-    local cni_conf_path
+    local conf_path
    output_dir=$1
-    controller_conf_path=${2:-""}
-    cni_conf_path=${3:-$controller_conf_path}
+    conf_path=${2:-""}

    mkdir -p "$output_dir"
    rm -f ${output_dir}/config_map.yml
-    # kuryr-contoller config
+
    cat >> "${output_dir}/config_map.yml" << EOF
 apiVersion: v1
 kind: ConfigMap
@ -381,14 +379,7 @@ data:
  kuryr.conf: |
 EOF

-    cat $controller_conf_path | indent >> "${output_dir}/config_map.yml"
-
-    # kuryr-cni config
-    cat >> "${output_dir}/config_map.yml" << EOF
-  kuryr-cni.conf: |
-EOF
-
-    cat $cni_conf_path | indent >> "${output_dir}/config_map.yml"
+    cat $conf_path | indent >> "${output_dir}/config_map.yml"
 }

 function generate_kuryr_certificates_secret() {
@ -549,8 +540,7 @@ EOF
        terminationMessagePath: "/dev/termination-log"
        volumeMounts:
        - name: config-volume
-          mountPath: "/etc/kuryr/kuryr.conf"
-          subPath: kuryr.conf
+          mountPath: "/etc/kuryr"
        - name: certificates-volume
          mountPath: "/etc/ssl/certs"
          readOnly: true
@ -630,8 +620,7 @@ spec:
        - name: net-conf
          mountPath: /etc/cni/net.d
        - name: config-volume
-          mountPath: /etc/kuryr/kuryr.conf
-          subPath: kuryr-cni.conf
+          mountPath: /etc/kuryr
        - name: proc
          mountPath: /host_proc
 EOF
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -150,7 +150,7 @@ function generate_containerized_kuryr_resources {

    # Generate kuryr resources in k8s formats.
    local output_dir="${DATA_DIR}/kuryr-kubernetes"
-    generate_kuryr_configmap $output_dir $KURYR_CONFIG $KURYR_CONFIG
+    generate_kuryr_configmap $output_dir $KURYR_CONFIG
    generate_kuryr_certificates_secret $output_dir $SSL_BUNDLE_FILE
    generate_kuryr_service_account $output_dir
    generate_controller_deployment $output_dir $KURYR_HEALTH_SERVER_PORT $KURYR_CONTROLLER_HA
--- a/tools/generate_k8s_resource_definitions.sh
+++ b/tools/generate_k8s_resource_definitions.sh
@ -18,12 +18,11 @@ DIR=$( cd "$( dirname "$0" )" && pwd )
 source "$DIR/../devstack/lib/kuryr_kubernetes"

 OUTPUT_DIR=${1:-.}
-CONTROLLER_CONF_PATH=${2:-""}
-CNI_CONF_PATH=${3:-$CONTROLLER_CONF_PATH}
+CONF_PATH=${2:-""}
 CA_CERTIFICATE_PATH=${CA_CERTIFICATE_PATH:-""}
-CA_CERTIFICATE_PATH=${4:-$CA_CERTIFICATE_PATH}
+CA_CERTIFICATE_PATH=${3:-$CA_CERTIFICATE_PATH}

-if [ -z $CONTROLLER_CONF_PATH ]; then
+if [ -z $CONF_PATH ]; then
    api_root=${KURYR_K8S_API_ROOT:-https://127.0.0.1:6443}
    auth_url=${KURYR_K8S_AUTH_URL:-http://127.0.0.1/identity}
    username=${KURYR_K8S_USERNAME:-admin}
@ -40,9 +39,9 @@ if [ -z $CONTROLLER_CONF_PATH ]; then
    binding_iface=${KURYR_K8S_BINDING_IFACE:-eth0}
    pod_subnet_pool=${KURYR_NEUTRON_DEFAULT_SUBNETPOOL_ID}

-    CONTROLLER_CONF_PATH="${OUTPUT_DIR}/kuryr.conf"
-    rm -f $CONTROLLER_CONF_PATH
-    cat >> $CONTROLLER_CONF_PATH << EOF
+    CONF_PATH="${OUTPUT_DIR}/kuryr.conf"
+    rm -f $CONF_PATH
+    cat >> $CONF_PATH << EOF
 [DEFAULT]
 debug = true
 [kubernetes]
@ -66,42 +65,17 @@ pod_subnet = $pod_subnet_id
 project = $k8s_project_id
 [namespace_subnet]
 pod_subnet_pool = $pod_subnet_pool
-EOF
-
-    if [ ! -z $binding_driver ]; then
-        cat >> $CONTROLLER_CONF_PATH << EOF
-[pod_vif_nested]
-worker_nodes_subnet = $worker_nodes_subnet
-[binding]
-driver = $binding_driver
-link_iface = $binding_iface
-EOF
-    fi
-fi
-
-if [ -z $CNI_CONF_PATH ]; then
-    CNI_CONF_PATH="${OUTPUT_DIR}/kuryr-cni.conf"
-    rm -f $CNI_CONF_PATH
-    cat >> $CNI_CONF_PATH << EOF
-[DEFAULT]
-debug = true
-use_stderr = true
-[kubernetes]
-api_root = $api_root
-token_file = /etc/kuryr/token
-ssl_ca_crt_file = /etc/kuryr/ca.crt
-ssl_verify_server_crt = true
+[cni_daemon]
+docker_mode = true
+netns_proc_dir = /host_proc
 [vif_plug_ovs_privileged]
 helper_command=privsep-helper
 [vif_plug_linux_bridge_privileged]
 helper_command=privsep-helper
-[cni_daemon]
-docker_mode = true
-netns_proc_dir = /host_proc
 EOF

    if [ ! -z $binding_driver ]; then
-        cat >> $CNI_CONF_PATH << EOF
+        cat >> $CONF_PATH << EOF
 [pod_vif_nested]
 worker_nodes_subnet = $worker_nodes_subnet
 [binding]
@ -112,7 +86,7 @@ EOF
 fi

 generate_kuryr_certificates_secret $OUTPUT_DIR $CA_CERTIFICATE_PATH
-generate_kuryr_configmap $OUTPUT_DIR $CONTROLLER_CONF_PATH $CNI_CONF_PATH
+generate_kuryr_configmap $OUTPUT_DIR $CONF_PATH
 generate_kuryr_service_account $OUTPUT_DIR
 health_server_port=${KURYR_HEALTH_SERVER_PORT:-8082}
 generate_controller_deployment $OUTPUT_DIR $health_server_port