b3814a33d6
This commit deprecates `[pod_vif_nested]worker_nodes_subnet` in favor of `[pod_vif_nested]worker_nodes_subnets` that will accept a list instead. All the code using the deprecated options is updated to expect a list and iterate over possible nodes subnets. Change-Id: I7671fb06863d58b58905bec43555d8f21626f640
104 lines
3.3 KiB
Bash
Executable File
104 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
set -e
|
|
|
|
DIR=$( cd "$( dirname "$0" )" && pwd )
|
|
source "$DIR/../devstack/lib/kuryr_kubernetes"
|
|
|
|
OUTPUT_DIR=${1:-.}
|
|
CONF_PATH=${2:-""}
|
|
CA_CERTIFICATE_PATH=${CA_CERTIFICATE_PATH:-""}
|
|
CA_CERTIFICATE_PATH=${3:-$CA_CERTIFICATE_PATH}
|
|
|
|
if [ -z $CONF_PATH ]; then
|
|
api_root=${KURYR_K8S_API_ROOT:-https://127.0.0.1:6443}
|
|
auth_url=${KURYR_K8S_AUTH_URL:-http://127.0.0.1/identity}
|
|
username=${KURYR_K8S_USERNAME:-admin}
|
|
password=${KURYR_K8S_PASSWORD:-password}
|
|
user_domain_name=${KURYR_K8S_USER_DOMAIN_NAME:-Default}
|
|
kuryr_project_id=${KURYR_K8S_KURYR_PROJECT_ID}
|
|
project_domain_name=${KURYR_K8S_PROJECT_DOMAIN_NAME:-Default}
|
|
k8s_project_id=${KURYR_K8S_PROJECT_ID}
|
|
pod_subnet_id=${KURYR_K8S_POD_SUBNET_ID}
|
|
pod_sg=${KURYR_K8S_POD_SG}
|
|
service_subnet_id=${KURYR_K8S_SERVICE_SUBNET_ID}
|
|
worker_nodes_subnets=${KURYR_K8S_WORKER_NODES_SUBNETS:-${KURYR_K8S_WORKER_NODES_SUBNET}}
|
|
binding_driver=${KURYR_K8S_BINDING_DRIVER:-kuryr.lib.binding.drivers.vlan}
|
|
binding_iface=${KURYR_K8S_BINDING_IFACE:-eth0}
|
|
pod_subnet_pool=${KURYR_NEUTRON_DEFAULT_SUBNETPOOL_ID}
|
|
|
|
CONF_PATH="${OUTPUT_DIR}/kuryr.conf"
|
|
rm -f $CONF_PATH
|
|
cat >> $CONF_PATH << EOF
|
|
[DEFAULT]
|
|
debug = true
|
|
[kubernetes]
|
|
api_root = $api_root
|
|
token_file = /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
ssl_ca_crt_file = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
[neutron]
|
|
signing_dir = /var/cache/kuryr
|
|
project_domain_name = $project_domain_name
|
|
project_id = $kuryr_project_id
|
|
user_domain_name = $user_domain_name
|
|
username = $username
|
|
password = $password
|
|
auth_url = $auth_url
|
|
auth_type = password
|
|
EOF
|
|
|
|
if [ ! -z $CA_CERTIFICATE_PATH ]; then
|
|
cat >> $CONF_PATH << EOF
|
|
cafile = /etc/ssl/certs/kuryr-ca-bundle.crt
|
|
EOF
|
|
fi
|
|
|
|
cat >> $CONF_PATH << EOF
|
|
[neutron_defaults]
|
|
ovs_bridge = br-int
|
|
service_subnet = $service_subnet_id
|
|
pod_security_groups = $pod_sg
|
|
pod_subnet = $pod_subnet_id
|
|
project = $k8s_project_id
|
|
[namespace_subnet]
|
|
pod_subnet_pool = $pod_subnet_pool
|
|
[cni_daemon]
|
|
docker_mode = true
|
|
netns_proc_dir = /host_proc
|
|
[vif_plug_ovs_privileged]
|
|
helper_command=privsep-helper
|
|
[vif_plug_linux_bridge_privileged]
|
|
helper_command=privsep-helper
|
|
EOF
|
|
|
|
if [ ! -z $binding_driver ]; then
|
|
cat >> $CONF_PATH << EOF
|
|
[pod_vif_nested]
|
|
worker_nodes_subnets = $worker_nodes_subnets
|
|
[binding]
|
|
driver = $binding_driver
|
|
link_iface = $binding_iface
|
|
EOF
|
|
fi
|
|
fi
|
|
|
|
generate_kuryr_certificates_secret $OUTPUT_DIR $CA_CERTIFICATE_PATH
|
|
generate_kuryr_configmap $OUTPUT_DIR $CONF_PATH
|
|
generate_kuryr_service_account $OUTPUT_DIR
|
|
health_server_port=${KURYR_HEALTH_SERVER_PORT:-8082}
|
|
generate_controller_deployment $OUTPUT_DIR $health_server_port
|
|
cni_health_server_port=${KURYR_CNI_HEALTH_SERVER_PORT:-8090}
|
|
generate_cni_daemon_set $OUTPUT_DIR $cni_health_server_port
|