Merge "Use K8s 1.8 with Hyperkube"
This commit is contained in:
commit
c468b28c38
@ -346,10 +346,13 @@ function get_hyperkube_container_cacert_setup_dir {
|
|||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function create_token() {
|
||||||
|
echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null)
|
||||||
|
}
|
||||||
|
|
||||||
function prepare_kubernetes_files {
|
function prepare_kubernetes_files {
|
||||||
# Sets up the base configuration for the Kubernetes API Server and the
|
# Sets up the base configuration for the Kubernetes API Server and the
|
||||||
# Controller Manager.
|
# Controller Manager.
|
||||||
local mountpoint
|
|
||||||
local service_cidr
|
local service_cidr
|
||||||
local k8s_api_clusterip
|
local k8s_api_clusterip
|
||||||
|
|
||||||
@ -358,15 +361,24 @@ function prepare_kubernetes_files {
|
|||||||
subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET"\
|
subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET"\
|
||||||
-c cidr -f value)
|
-c cidr -f value)
|
||||||
k8s_api_clusterip=$(_cidr_range "$service_cidr" | cut -f1)
|
k8s_api_clusterip=$(_cidr_range "$service_cidr" | cut -f1)
|
||||||
mountpoint=$(get_hyperkube_container_cacert_setup_dir "$KURYR_HYPERKUBE_VERSION")
|
|
||||||
|
|
||||||
docker run \
|
# It's not prettiest, but the file haven't changed since 1.6, so it's safe to download it like that.
|
||||||
--name devstack-k8s-setup-files \
|
curl -o /tmp/make-ca-cert.sh https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.8/cluster/saltbase/salt/generate-cert/make-ca-cert.sh
|
||||||
--detach \
|
chmod +x /tmp/make-ca-cert.sh
|
||||||
--volume "${KURYR_HYPERKUBE_DATA_DIR}:${mountpoint}:rw" \
|
|
||||||
"${KURYR_HYPERKUBE_IMAGE}:${KURYR_HYPERKUBE_VERSION}" \
|
# Create HTTPS certificates
|
||||||
/setup-files.sh \
|
sudo groupadd -f -r kube-cert
|
||||||
"IP:${HOST_IP},IP:${k8s_api_clusterip},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
|
|
||||||
|
# hostname -I gets the ip of the node
|
||||||
|
sudo CERT_DIR=${KURYR_HYPERKUBE_DATA_DIR} /tmp/make-ca-cert.sh $(hostname -I | awk '{print $1}') "IP:${HOST_IP},IP:${k8s_api_clusterip},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
|
||||||
|
|
||||||
|
# Create basic token authorization
|
||||||
|
sudo bash -c "echo 'admin,admin,admin' > $KURYR_HYPERKUBE_DATA_DIR/basic_auth.csv"
|
||||||
|
|
||||||
|
# Create known tokens for service accounts
|
||||||
|
sudo bash -c "echo '$(create_token),admin,admin' >> ${KURYR_HYPERKUBE_DATA_DIR}/known_tokens.csv"
|
||||||
|
sudo bash -c "echo '$(create_token),kubelet,kubelet' >> ${KURYR_HYPERKUBE_DATA_DIR}/known_tokens.csv"
|
||||||
|
sudo bash -c "echo '$(create_token),kube_proxy,kube_proxy' >> ${KURYR_HYPERKUBE_DATA_DIR}/known_tokens.csv"
|
||||||
|
|
||||||
# FIXME(ivc): replace 'sleep' with a strict check (e.g. wait_for_files)
|
# FIXME(ivc): replace 'sleep' with a strict check (e.g. wait_for_files)
|
||||||
# 'kubernetes-api' fails if started before files are generated.
|
# 'kubernetes-api' fails if started before files are generated.
|
||||||
@ -517,8 +529,8 @@ function run_k8s_kubelet {
|
|||||||
|
|
||||||
sudo mkdir -p "${KURYR_HYPERKUBE_DATA_DIR}/"{kubelet,kubelet.cert}
|
sudo mkdir -p "${KURYR_HYPERKUBE_DATA_DIR}/"{kubelet,kubelet.cert}
|
||||||
command="$KURYR_HYPERKUBE_BINARY kubelet\
|
command="$KURYR_HYPERKUBE_BINARY kubelet\
|
||||||
|
--kubeconfig=${HOME}/.kube/config --require-kubeconfig \
|
||||||
--allow-privileged=true \
|
--allow-privileged=true \
|
||||||
--api-servers=$KURYR_K8S_API_URL \
|
|
||||||
--v=2 \
|
--v=2 \
|
||||||
--address=0.0.0.0 \
|
--address=0.0.0.0 \
|
||||||
--enable-server \
|
--enable-server \
|
||||||
@ -527,6 +539,12 @@ function run_k8s_kubelet {
|
|||||||
--cni-conf-dir=$CNI_CONF_DIR \
|
--cni-conf-dir=$CNI_CONF_DIR \
|
||||||
--cert-dir=${KURYR_HYPERKUBE_DATA_DIR}/kubelet.cert \
|
--cert-dir=${KURYR_HYPERKUBE_DATA_DIR}/kubelet.cert \
|
||||||
--root-dir=${KURYR_HYPERKUBE_DATA_DIR}/kubelet"
|
--root-dir=${KURYR_HYPERKUBE_DATA_DIR}/kubelet"
|
||||||
|
|
||||||
|
# Kubernetes 1.8 requires additional option to work in the gate.
|
||||||
|
if [[ ${KURYR_HYPERKUBE_VERSION} == v1.8* ]]; then
|
||||||
|
command="$command --fail-swap-on=false"
|
||||||
|
fi
|
||||||
|
|
||||||
wait_for "Kubernetes API Server" "$KURYR_K8S_API_URL"
|
wait_for "Kubernetes API Server" "$KURYR_K8S_API_URL"
|
||||||
if [[ "$USE_SYSTEMD" = "True" ]]; then
|
if [[ "$USE_SYSTEMD" = "True" ]]; then
|
||||||
# If systemd is being used, proceed as normal
|
# If systemd is being used, proceed as normal
|
||||||
@ -694,8 +712,6 @@ if [[ "$1" == "unstack" ]]; then
|
|||||||
$KURYR_HYPERKUBE_BINARY kubectl delete nodes ${HOSTNAME}
|
$KURYR_HYPERKUBE_BINARY kubectl delete nodes ${HOSTNAME}
|
||||||
fi
|
fi
|
||||||
stop_process kuryr-daemon
|
stop_process kuryr-daemon
|
||||||
docker kill devstack-k8s-setup-files
|
|
||||||
docker rm devstack-k8s-setup-files
|
|
||||||
|
|
||||||
if is_service_enabled kubernetes-controller-manager; then
|
if is_service_enabled kubernetes-controller-manager; then
|
||||||
stop_container kubernetes-controller-manager
|
stop_container kubernetes-controller-manager
|
||||||
|
@ -31,7 +31,7 @@ KURYR_ETCD_LISTEN_PEER_URL=${KURYR_ETCD_LISTEN_PEER_URL:-http://0.0.0.0:2380}
|
|||||||
|
|
||||||
# HYPERKUBE
|
# HYPERKUBE
|
||||||
KURYR_HYPERKUBE_IMAGE=${KURYR_HYPERKUBE_IMAGE:-gcr.io/google_containers/hyperkube-amd64}
|
KURYR_HYPERKUBE_IMAGE=${KURYR_HYPERKUBE_IMAGE:-gcr.io/google_containers/hyperkube-amd64}
|
||||||
KURYR_HYPERKUBE_VERSION=${KURYR_HYPERKUBE_VERSION:-v1.6.2}
|
KURYR_HYPERKUBE_VERSION=${KURYR_HYPERKUBE_VERSION:-v1.8.5}
|
||||||
KURYR_HYPERKUBE_DATA_DIR=${KURYR_HYPERKUBE_DATA_DIR:-${DATA_DIR}/hyperkube}
|
KURYR_HYPERKUBE_DATA_DIR=${KURYR_HYPERKUBE_DATA_DIR:-${DATA_DIR}/hyperkube}
|
||||||
KURYR_HYPERKUBE_BINARY=${KURYR_HYPERKUBE_BINARY:-/usr/local/bin/hyperkube}
|
KURYR_HYPERKUBE_BINARY=${KURYR_HYPERKUBE_BINARY:-/usr/local/bin/hyperkube}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user