Launch kube-proxy as a system container

Following up of https://review.openstack.org/#/c/487943 Depends-On: I9a7d00cddb456b885b6de28cfb3d33d2e16cc348 Implements: blueprint run-kube-as-container Change-Id: Icddb8ed1598f2ba1f782622f86fb6083953c3b3f
2017-07-28 16:21:59 +02:00 · 2017-07-28 16:21:59 +02:00 · 005eeb575d
parent d003e80a3a
commit 005eeb575d
8 changed files with 5 additions and 111 deletions
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@ -5,12 +5,14 @@
 echo "configuring kubernetes (master)"
 atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-proxy docker.io/openstackmagnum/kubernetes-proxy:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-apiserver docker.io/openstackmagnum/kubernetes-apiserver:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-controller-manager docker.io/openstackmagnum/kubernetes-controller-manager:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-scheduler docker.io/openstackmagnum/kubernetes-scheduler:${KUBE_VERSION}
 sed -i '
    /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
    /^KUBE_MASTER=/ s|=.*|="--master=http://127.0.0.1:8080"|
 ' /etc/kubernetes/config
 CERT_DIR=/etc/kubernetes/certs
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@ -5,6 +5,7 @@
 echo "configuring kubernetes (minion)"
 atomic install --storage ostree --system --system-package=no --name=kubelet docker.io/openstackmagnum/kubernetes-kubelet:${KUBE_VERSION}
 atomic install --storage ostree --system --system-package=no --name=kube-proxy docker.io/openstackmagnum/kubernetes-proxy:${KUBE_VERSION}
 CERT_DIR=/etc/kubernetes/certs
 PROTOCOL=https
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-master.sh
@ -1,39 +0,0 @@
 #!/bin/sh
 . /etc/sysconfig/heat-params
 if [ -n "${INSECURE_REGISTRY_URL}" ]; then
    HYPERKUBE_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/hyperkube:${KUBE_VERSION}"
 else
    HYPERKUBE_IMAGE="gcr.io/google_containers/hyperkube:${KUBE_VERSION}"
 fi
 init_templates () {
    local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
    [ -f ${TEMPLATE} ] || {
        echo "TEMPLATE: $TEMPLATE"
        mkdir -p $(dirname ${TEMPLATE})
        cat << EOF > ${TEMPLATE}
 apiVersion: v1
 kind: Pod
 metadata:
  name: kube-proxy
  namespace: kube-system
 spec:
  hostNetwork: true
  containers:
  - name: kube-proxy
    image: ${HYPERKUBE_IMAGE}
    command:
    - /hyperkube
    - proxy
    - --master=http://127.0.0.1:8080
    - --logtostderr=true
    - --v=0
    securityContext:
      privileged: true
 EOF
    }
 }
 init_templates
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh
@ -1,56 +0,0 @@
 #!/bin/sh
 . /etc/sysconfig/heat-params
 if [ -n "${INSECURE_REGISTRY_URL}" ]; then
    HYPERKUBE_IMAGE="${INSECURE_REGISTRY_URL}/google_containers/hyperkube:${KUBE_VERSION}"
 else
    HYPERKUBE_IMAGE="gcr.io/google_containers/hyperkube:${KUBE_VERSION}"
 fi
 init_templates () {
    local KUBE_PROTOCOL="https"
    local KUBE_CONFIG="/etc/kubernetes/kubeconfig.yaml"
    if [ "${TLS_DISABLED}" = "True" ]; then
        KUBE_PROTOCOL="http"
        KUBE_CONFIG=
    fi
    local MASTER="${KUBE_PROTOCOL}://${KUBE_MASTER_IP}:${KUBE_API_PORT}"
    local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
    [ -f ${TEMPLATE} ] || {
        echo "TEMPLATE: $TEMPLATE"
        mkdir -p $(dirname ${TEMPLATE})
        cat << EOF > ${TEMPLATE}
 apiVersion: v1
 kind: Pod
 metadata:
  name: kube-proxy
  namespace: kube-system
 spec:
  hostNetwork: true
  containers:
  - name: kube-proxy
    image: ${HYPERKUBE_IMAGE}
    command:
    - /hyperkube
    - proxy
    - --master=${MASTER}
    - --kubeconfig=${KUBE_CONFIG}
    - --logtostderr=true
    - --v=0
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /etc/kubernetes
      name: kubernetes-config
      readOnly: true
  volumes:
  - hostPath:
      path: /etc/kubernetes
    name: kubernetes-config
 EOF
    }
 }
 init_templates
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
@ -4,7 +4,7 @@
 systemctl daemon-reload
 echo "starting services"
-for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet; do
+for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
    echo "activating service $service"
    systemctl enable $service
    systemctl --no-block start $service
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-minion.sh
@ -10,7 +10,7 @@ ip link del docker0
 # make sure we pick up any modified unit files
 systemctl daemon-reload
-for service in docker kubelet; do
+for service in docker kubelet kube-proxy; do
    echo "activating service $service"
    systemctl enable $service
    systemctl --no-block start $service
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@ -436,12 +436,6 @@ resources:
      group: ungrouped
      config: {get_file: ../../common/templates/kubernetes/fragments/kube-dashboard-service.sh}
  enable_kube_proxy:
    type: OS::Heat::SoftwareConfig
    properties:
      group: ungrouped
      config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-master.sh}
  core_dns_service:
    type: OS::Heat::SoftwareConfig
    properties:
@ -487,7 +481,6 @@ resources:
        - config: {get_resource: network_service}
        - config: {get_resource: kube_system_namespace_service}
        - config: {get_resource: core_dns_service}
        - config: {get_resource: enable_kube_proxy}
        - config: {get_resource: kube_ui_service}
        - config: {get_resource: enable_monitoring}
        - config: {get_resource: master_wc_notify}
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@ -337,12 +337,6 @@ resources:
      group: ungrouped
      config: {get_file: ../../common/templates/fragments/enable-docker-registry.sh}
  enable_kube_proxy:
    type: OS::Heat::SoftwareConfig
    properties:
      group: ungrouped
      config: {get_file: ../../common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh}
  enable_node_exporter:
    type: OS::Heat::SoftwareConfig
    properties:
@ -388,7 +382,6 @@ resources:
        - config: {get_resource: network_service}
        - config: {get_resource: add_proxy}
        - config: {get_resource: enable_services}
        - config: {get_resource: enable_kube_proxy}
        - config: {get_resource: enable_node_exporter}
        - config: {get_resource: enable_docker_registry}
        - config: {get_resource: minion_wc_notify}