From 005eeb575d4758d1e7d8cdde42ab30e32e613636 Mon Sep 17 00:00:00 2001
From: Mathieu Velten <mathieu.velten@cern.ch>
Date: Fri, 28 Jul 2017 16:21:59 +0200
Subject: [PATCH] Launch kube-proxy as a system container

Following up of https://review.openstack.org/#/c/487943

Depends-On: I9a7d00cddb456b885b6de28cfb3d33d2e16cc348
Implements: blueprint run-kube-as-container

Change-Id: Icddb8ed1598f2ba1f782622f86fb6083953c3b3f
---
 .../fragments/configure-kubernetes-master.sh  |  2 +
 .../fragments/configure-kubernetes-minion.sh  |  1 +
 .../fragments/enable-kube-proxy-master.sh     | 39 -------------
 .../fragments/enable-kube-proxy-minion.sh     | 56 -------------------
 .../fragments/enable-services-master.sh       |  2 +-
 .../fragments/enable-services-minion.sh       |  2 +-
 .../templates/kubemaster.yaml                 |  7 ---
 .../templates/kubeminion.yaml                 |  7 ---
 8 files changed, 5 insertions(+), 111 deletions(-)
 delete mode 100644 magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-master.sh
 delete mode 100644 magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh

diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index 83c17d0ce1..775fd889cd 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -5,12 +5,14 @@
 echo "configuring kubernetes (master)"
 
 atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
+atomic install --storage ostree --system --system-package=no --name=kube-proxy docker.io/openstackmagnum/kubernetes-proxy:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-apiserver docker.io/openstackmagnum/kubernetes-apiserver:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-controller-manager docker.io/openstackmagnum/kubernetes-controller-manager:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-scheduler docker.io/openstackmagnum/kubernetes-scheduler:${KUBE_VERSION}
 
 sed -i '
     /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
+    /^KUBE_MASTER=/ s|=.*|="--master=http://127.0.0.1:8080"|
 ' /etc/kubernetes/config
 
 CERT_DIR=/etc/kubernetes/certs
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index c9d2ea7a12..0fc9794d49 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -5,6 +5,7 @@
 echo "configuring kubernetes (minion)"
 
 atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
+atomic install --storage ostree --system --system-package=no --name=kube-proxy docker.io/openstackmagnum/kubernetes-proxy:${KUBE_VERSION}
 
 CERT_DIR=/etc/kubernetes/certs
 PROTOCOL=https
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-master.sh
deleted file mode 100644
index cdd2239436..0000000000
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-master.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-. /etc/sysconfig/heat-params
-
-if [ -n "${INSECURE_REGISTRY_URL}" ]; then
-    HYPERKUBE_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/hyperkube:${KUBE_VERSION}"
-else
-    HYPERKUBE_IMAGE="gcr.io/google_containers/hyperkube:${KUBE_VERSION}"
-fi
-
-init_templates () {
-    local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
-    [ -f ${TEMPLATE} ] || {
-        echo "TEMPLATE: $TEMPLATE"
-        mkdir -p $(dirname ${TEMPLATE})
-        cat << EOF > ${TEMPLATE}
-apiVersion: v1
-kind: Pod
-metadata:
-  name: kube-proxy
-  namespace: kube-system
-spec:
-  hostNetwork: true
-  containers:
-  - name: kube-proxy
-    image: ${HYPERKUBE_IMAGE}
-    command:
-    - /hyperkube
-    - proxy
-    - --master=http://127.0.0.1:8080
-    - --logtostderr=true
-    - --v=0
-    securityContext:
-      privileged: true
-EOF
-    }
-}
-
-init_templates
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh
deleted file mode 100644
index 5f652170c6..0000000000
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/sh
-
-. /etc/sysconfig/heat-params
-
-if [ -n "${INSECURE_REGISTRY_URL}" ]; then
-    HYPERKUBE_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/hyperkube:${KUBE_VERSION}"
-else
-    HYPERKUBE_IMAGE="gcr.io/google_containers/hyperkube:${KUBE_VERSION}"
-fi
-
-init_templates () {
-    local KUBE_PROTOCOL="https"
-    local KUBE_CONFIG="/etc/kubernetes/kubeconfig.yaml"
-    if [ "${TLS_DISABLED}" = "True" ]; then
-        KUBE_PROTOCOL="http"
-        KUBE_CONFIG=
-    fi
-
-    local MASTER="${KUBE_PROTOCOL}://${KUBE_MASTER_IP}:${KUBE_API_PORT}"
-    local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
-    [ -f ${TEMPLATE} ] || {
-        echo "TEMPLATE: $TEMPLATE"
-        mkdir -p $(dirname ${TEMPLATE})
-        cat << EOF > ${TEMPLATE}
-apiVersion: v1
-kind: Pod
-metadata:
-  name: kube-proxy
-  namespace: kube-system
-spec:
-  hostNetwork: true
-  containers:
-  - name: kube-proxy
-    image: ${HYPERKUBE_IMAGE}
-    command:
-    - /hyperkube
-    - proxy
-    - --master=${MASTER}
-    - --kubeconfig=${KUBE_CONFIG}
-    - --logtostderr=true
-    - --v=0
-    securityContext:
-      privileged: true
-    volumeMounts:
-    - mountPath: /etc/kubernetes
-      name: kubernetes-config
-      readOnly: true
-  volumes:
-  - hostPath:
-      path: /etc/kubernetes
-    name: kubernetes-config
-EOF
-    }
-}
-
-init_templates
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
index 26d210b209..527e0fdac7 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
@@ -4,7 +4,7 @@
 systemctl daemon-reload
 
 echo "starting services"
-for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet; do
+for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
     echo "activating service $service"
     systemctl enable $service
     systemctl --no-block start $service
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh
index 0253a37351..1622619ec8 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh
@@ -10,7 +10,7 @@ ip link del docker0
 # make sure we pick up any modified unit files
 systemctl daemon-reload
 
-for service in docker kubelet; do
+for service in docker kubelet kube-proxy; do
     echo "activating service $service"
     systemctl enable $service
     systemctl --no-block start $service
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index 7405a263d4..3de313949d 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -436,12 +436,6 @@ resources:
       group: ungrouped
       config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
 
-  enable_kube_proxy:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: ungrouped
-      config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
-
   core_dns_service:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -487,7 +481,6 @@ resources:
         - config: {get_resource: network_service}
         - config: {get_resource: kube_system_namespace_service}
         - config: {get_resource: core_dns_service}
-        - config: {get_resource: enable_kube_proxy}
         - config: {get_resource: kube_ui_service}
         - config: {get_resource: enable_monitoring}
         - config: {get_resource: master_wc_notify}
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
index 6093b4da5f..06cfab6132 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@@ -337,12 +337,6 @@ resources:
       group: ungrouped
       config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh}
 
-  enable_kube_proxy:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: ungrouped
-      config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh}
-
   enable_node_exporter:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -388,7 +382,6 @@ resources:
         - config: {get_resource: network_service}
         - config: {get_resource: add_proxy}
         - config: {get_resource: enable_services}
-        - config: {get_resource: enable_kube_proxy}
         - config: {get_resource: enable_node_exporter}
         - config: {get_resource: enable_docker_registry}
         - config: {get_resource: minion_wc_notify}