Launch kube-proxy as a system container
Following up of https://review.openstack.org/#/c/487943 Depends-On: I9a7d00cddb456b885b6de28cfb3d33d2e16cc348 Implements: blueprint run-kube-as-container Change-Id: Icddb8ed1598f2ba1f782622f86fb6083953c3b3f
This commit is contained in:
parent
d003e80a3a
commit
005eeb575d
|
@ -5,12 +5,14 @@
|
||||||
echo "configuring kubernetes (master)"
|
echo "configuring kubernetes (master)"
|
||||||
|
|
||||||
atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
|
atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
|
||||||
|
atomic install --storage ostree --system --system-package=no --name=kube-proxy docker.io/openstackmagnum/kubernetes-proxy:${KUBE_VERSION}
|
||||||
atomic install --storage ostree --system --system-package=no --name=kube-apiserver docker.io/openstackmagnum/kubernetes-apiserver:${KUBE_VERSION}
|
atomic install --storage ostree --system --system-package=no --name=kube-apiserver docker.io/openstackmagnum/kubernetes-apiserver:${KUBE_VERSION}
|
||||||
atomic install --storage ostree --system --system-package=no --name=kube-controller-manager docker.io/openstackmagnum/kubernetes-controller-manager:${KUBE_VERSION}
|
atomic install --storage ostree --system --system-package=no --name=kube-controller-manager docker.io/openstackmagnum/kubernetes-controller-manager:${KUBE_VERSION}
|
||||||
atomic install --storage ostree --system --system-package=no --name=kube-scheduler docker.io/openstackmagnum/kubernetes-scheduler:${KUBE_VERSION}
|
atomic install --storage ostree --system --system-package=no --name=kube-scheduler docker.io/openstackmagnum/kubernetes-scheduler:${KUBE_VERSION}
|
||||||
|
|
||||||
sed -i '
|
sed -i '
|
||||||
/^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
|
/^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
|
||||||
|
/^KUBE_MASTER=/ s|=.*|="--master=http://127.0.0.1:8080"|
|
||||||
' /etc/kubernetes/config
|
' /etc/kubernetes/config
|
||||||
|
|
||||||
CERT_DIR=/etc/kubernetes/certs
|
CERT_DIR=/etc/kubernetes/certs
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
echo "configuring kubernetes (minion)"
|
echo "configuring kubernetes (minion)"
|
||||||
|
|
||||||
atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
|
atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
|
||||||
|
atomic install --storage ostree --system --system-package=no --name=kube-proxy docker.io/openstackmagnum/kubernetes-proxy:${KUBE_VERSION}
|
||||||
|
|
||||||
CERT_DIR=/etc/kubernetes/certs
|
CERT_DIR=/etc/kubernetes/certs
|
||||||
PROTOCOL=https
|
PROTOCOL=https
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
. /etc/sysconfig/heat-params
|
|
||||||
|
|
||||||
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
|
|
||||||
HYPERKUBE_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/hyperkube:${KUBE_VERSION}"
|
|
||||||
else
|
|
||||||
HYPERKUBE_IMAGE="gcr.io/google_containers/hyperkube:${KUBE_VERSION}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
init_templates () {
|
|
||||||
local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
|
|
||||||
[ -f ${TEMPLATE} ] || {
|
|
||||||
echo "TEMPLATE: $TEMPLATE"
|
|
||||||
mkdir -p $(dirname ${TEMPLATE})
|
|
||||||
cat << EOF > ${TEMPLATE}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: kube-proxy
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
hostNetwork: true
|
|
||||||
containers:
|
|
||||||
- name: kube-proxy
|
|
||||||
image: ${HYPERKUBE_IMAGE}
|
|
||||||
command:
|
|
||||||
- /hyperkube
|
|
||||||
- proxy
|
|
||||||
- --master=http://127.0.0.1:8080
|
|
||||||
- --logtostderr=true
|
|
||||||
- --v=0
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
init_templates
|
|
|
@ -1,56 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
. /etc/sysconfig/heat-params
|
|
||||||
|
|
||||||
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
|
|
||||||
HYPERKUBE_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/hyperkube:${KUBE_VERSION}"
|
|
||||||
else
|
|
||||||
HYPERKUBE_IMAGE="gcr.io/google_containers/hyperkube:${KUBE_VERSION}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
init_templates () {
|
|
||||||
local KUBE_PROTOCOL="https"
|
|
||||||
local KUBE_CONFIG="/etc/kubernetes/kubeconfig.yaml"
|
|
||||||
if [ "${TLS_DISABLED}" = "True" ]; then
|
|
||||||
KUBE_PROTOCOL="http"
|
|
||||||
KUBE_CONFIG=
|
|
||||||
fi
|
|
||||||
|
|
||||||
local MASTER="${KUBE_PROTOCOL}://${KUBE_MASTER_IP}:${KUBE_API_PORT}"
|
|
||||||
local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
|
|
||||||
[ -f ${TEMPLATE} ] || {
|
|
||||||
echo "TEMPLATE: $TEMPLATE"
|
|
||||||
mkdir -p $(dirname ${TEMPLATE})
|
|
||||||
cat << EOF > ${TEMPLATE}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: kube-proxy
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
hostNetwork: true
|
|
||||||
containers:
|
|
||||||
- name: kube-proxy
|
|
||||||
image: ${HYPERKUBE_IMAGE}
|
|
||||||
command:
|
|
||||||
- /hyperkube
|
|
||||||
- proxy
|
|
||||||
- --master=${MASTER}
|
|
||||||
- --kubeconfig=${KUBE_CONFIG}
|
|
||||||
- --logtostderr=true
|
|
||||||
- --v=0
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /etc/kubernetes
|
|
||||||
name: kubernetes-config
|
|
||||||
readOnly: true
|
|
||||||
volumes:
|
|
||||||
- hostPath:
|
|
||||||
path: /etc/kubernetes
|
|
||||||
name: kubernetes-config
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
init_templates
|
|
|
@ -4,7 +4,7 @@
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
||||||
echo "starting services"
|
echo "starting services"
|
||||||
for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet; do
|
for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
|
||||||
echo "activating service $service"
|
echo "activating service $service"
|
||||||
systemctl enable $service
|
systemctl enable $service
|
||||||
systemctl --no-block start $service
|
systemctl --no-block start $service
|
||||||
|
|
|
@ -10,7 +10,7 @@ ip link del docker0
|
||||||
# make sure we pick up any modified unit files
|
# make sure we pick up any modified unit files
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
||||||
for service in docker kubelet; do
|
for service in docker kubelet kube-proxy; do
|
||||||
echo "activating service $service"
|
echo "activating service $service"
|
||||||
systemctl enable $service
|
systemctl enable $service
|
||||||
systemctl --no-block start $service
|
systemctl --no-block start $service
|
||||||
|
|
|
@ -436,12 +436,6 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
|
config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
|
||||||
|
|
||||||
enable_kube_proxy:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
|
|
||||||
|
|
||||||
core_dns_service:
|
core_dns_service:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
properties:
|
properties:
|
||||||
|
@ -487,7 +481,6 @@ resources:
|
||||||
- config: {get_resource: network_service}
|
- config: {get_resource: network_service}
|
||||||
- config: {get_resource: kube_system_namespace_service}
|
- config: {get_resource: kube_system_namespace_service}
|
||||||
- config: {get_resource: core_dns_service}
|
- config: {get_resource: core_dns_service}
|
||||||
- config: {get_resource: enable_kube_proxy}
|
|
||||||
- config: {get_resource: kube_ui_service}
|
- config: {get_resource: kube_ui_service}
|
||||||
- config: {get_resource: enable_monitoring}
|
- config: {get_resource: enable_monitoring}
|
||||||
- config: {get_resource: master_wc_notify}
|
- config: {get_resource: master_wc_notify}
|
||||||
|
|
|
@ -337,12 +337,6 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh}
|
config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh}
|
||||||
|
|
||||||
enable_kube_proxy:
|
|
||||||
type: OS::Heat::SoftwareConfig
|
|
||||||
properties:
|
|
||||||
group: ungrouped
|
|
||||||
config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh}
|
|
||||||
|
|
||||||
enable_node_exporter:
|
enable_node_exporter:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
properties:
|
properties:
|
||||||
|
@ -388,7 +382,6 @@ resources:
|
||||||
- config: {get_resource: network_service}
|
- config: {get_resource: network_service}
|
||||||
- config: {get_resource: add_proxy}
|
- config: {get_resource: add_proxy}
|
||||||
- config: {get_resource: enable_services}
|
- config: {get_resource: enable_services}
|
||||||
- config: {get_resource: enable_kube_proxy}
|
|
||||||
- config: {get_resource: enable_node_exporter}
|
- config: {get_resource: enable_node_exporter}
|
||||||
- config: {get_resource: enable_docker_registry}
|
- config: {get_resource: enable_docker_registry}
|
||||||
- config: {get_resource: minion_wc_notify}
|
- config: {get_resource: minion_wc_notify}
|
||||||
|
|
Loading…
Reference in New Issue