Merge "Move all kubernetes files in /etc/kubernetes"

magnum/drivers/common/templates/kubernetes/fragments/configure-etcd.sh

@@ -40,7 +40,7 @@ if [ -z "$KUBE_NODE_IP" ]; then
 fi
 
 myip="${KUBE_NODE_IP}"
-cert_dir="/srv/kubernetes"
+cert_dir="/etc/kubernetes/certs"
 protocol="https"
 
 if [ "$TLS_DISABLED" = "True" ]; then

magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

@@ -8,6 +8,8 @@ sed -i '
     /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
 ' /etc/kubernetes/config
 
+CERT_DIR=/etc/kubernetes/certs
+
 KUBE_API_ARGS="--runtime-config=api/all=true"
 if [ "$TLS_DISABLED" == "True" ]; then
     KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0 --insecure-port=$KUBE_API_PORT"
@@ -15,9 +17,9 @@ else
     KUBE_API_ADDRESS="--bind-address=0.0.0.0 --secure-port=$KUBE_API_PORT"
     # insecure port is used internaly
     KUBE_API_ADDRESS="$KUBE_API_ADDRESS --insecure-port=8080"
-    KUBE_API_ARGS="$KUBE_API_ARGS --tls-cert-file=/srv/kubernetes/server.crt"
-    KUBE_API_ARGS="$KUBE_API_ARGS --tls-private-key-file=/srv/kubernetes/server.key"
-    KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=/srv/kubernetes/ca.crt"
+    KUBE_API_ARGS="$KUBE_API_ARGS --tls-cert-file=$CERT_DIR/server.crt"
+    KUBE_API_ARGS="$KUBE_API_ARGS --tls-private-key-file=$CERT_DIR/server.key"
+    KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
     KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-preferred-address-types=InternalIP,Hostname,ExternalIP"
 fi
 
@@ -27,7 +29,7 @@ if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
 fi
 
 if [ -n "$TRUST_ID" ]; then
-    KUBE_API_ARGS="$KUBE_API_ARGS --cloud-config=/etc/sysconfig/kube_openstack_config --cloud-provider=openstack"
+    KUBE_API_ARGS="$KUBE_API_ARGS --cloud-config=/etc/kubernetes/kube_openstack_config --cloud-provider=openstack"
 fi
 
 sed -i '
@@ -42,11 +44,11 @@ sed -i '
 # Add controller manager args
 KUBE_CONTROLLER_MANAGER_ARGS=""
 if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
-    KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/srv/kubernetes/server.key --root-ca-file=/srv/kubernetes/ca.crt"
+    KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=$CERT_DIR/server.key --root-ca-file=$CERT_DIR/ca.crt"
 fi
 
 if [ -n "$TRUST_ID" ]; then
-    KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cloud-config=/etc/sysconfig/kube_openstack_config --cloud-provider=openstack"
+    KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cloud-config=/etc/kubernetes/kube_openstack_config --cloud-provider=openstack"
 fi
 
 sed -i '

magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh

@@ -4,7 +4,7 @@
 
 echo "configuring kubernetes (minion)"
 
-CERT_DIR=/srv/kubernetes
+CERT_DIR=/etc/kubernetes/certs
 PROTOCOL=https
 FLANNEL_OPTIONS="-etcd-cafile $CERT_DIR/ca.crt \
 -etcd-certfile $CERT_DIR/client.crt \
@@ -31,7 +31,7 @@ EOF
 if [ "$TLS_DISABLED" = "True" ]; then
     KUBE_PROTOCOL="http"
 else
-    KUBE_CONFIG="--kubeconfig=/srv/kubernetes/kubeconfig.yaml"
+    KUBE_CONFIG="--kubeconfig=/etc/kubernetes/kubeconfig.yaml"
 fi
 KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
 
@@ -52,7 +52,7 @@ KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194
 KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
 
 if [ -n "$TRUST_ID" ]; then
-    KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/sysconfig/kube_openstack_config"
+    KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/kubernetes/kube_openstack_config"
 fi
 
 # Workaround for Cinder support (fixed in k8s >= 1.6)

magnum/drivers/common/templates/kubernetes/fragments/enable-kube-controller-manager-scheduler.sh

@@ -62,22 +62,16 @@ $(generate_pod_args "    - " $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUB
     - mountPath: /etc/ssl/certs
       name: ssl-certs-host
       readOnly: true
-    - mountPath: /srv/kubernetes
+    - mountPath: /etc/kubernetes
       name: kubernetes-config
       readOnly: true
-    - mountPath: /etc/sysconfig
-      name: sysconfig
-      readOnly: true
   volumes:
   - hostPath:
       path: /etc/ssl/certs
     name: ssl-certs-host
   - hostPath:
-      path: /srv/kubernetes
+      path: /etc/kubernetes
     name: kubernetes-config
-  - hostPath:
-      path: /etc/sysconfig
-    name: sysconfig
 EOF
     }
 
@@ -114,22 +108,16 @@ $(generate_pod_args "    - " $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUB
     - mountPath: /etc/ssl/certs
       name: ssl-certs-host
       readOnly: true
-    - mountPath: /srv/kubernetes
+    - mountPath: /etc/kubernetes
       name: kubernetes-config
       readOnly: true
-    - mountPath: /etc/sysconfig
-      name: sysconfig
-      readOnly: true
   volumes:
   - hostPath:
       path: /etc/ssl/certs
     name: ssl-certs-host
   - hostPath:
-      path: /srv/kubernetes
+      path: /etc/kubernetes
     name: kubernetes-config
-  - hostPath:
-      path: /etc/sysconfig
-    name: sysconfig
 EOF
     }
 }

magnum/drivers/common/templates/kubernetes/fragments/enable-kube-proxy-minion.sh

@@ -10,7 +10,7 @@ fi
 
 init_templates () {
     local KUBE_PROTOCOL="https"
-    local KUBE_CONFIG="/srv/kubernetes/kubeconfig.yaml"
+    local KUBE_CONFIG="/etc/kubernetes/kubeconfig.yaml"
     if [ "${TLS_DISABLED}" = "True" ]; then
         KUBE_PROTOCOL="http"
         KUBE_CONFIG=
@@ -42,13 +42,13 @@ spec:
     securityContext:
       privileged: true
     volumeMounts:
-    - mountPath: /srv/kubernetes
-      name: "srv-kube"
+    - mountPath: /etc/kubernetes
+      name: kubernetes-config
       readOnly: true
   volumes:
   - hostPath:
-      path: "/srv/kubernetes"
-    name: "srv-kube"
+      path: /etc/kubernetes
+    name: kubernetes-config
 EOF
     }
 }

magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh

@@ -24,11 +24,9 @@ if [ "$TLS_DISABLED" == "True" ]; then
     exit 0
 fi
 
-cert_dir=/srv/kubernetes
-cert_conf_dir=${cert_dir}/conf
+cert_dir=/etc/kubernetes/certs
 
 mkdir -p "$cert_dir"
-mkdir -p "$cert_conf_dir"
 
 CA_CERT=$cert_dir/ca.crt
 CLIENT_CERT=$cert_dir/client.crt
@@ -67,7 +65,7 @@ curl -k -X GET \
     $MAGNUM_URL/certificates/$CLUSTER_UUID | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > $CA_CERT
 
 # Create config for client's csr
-cat > ${cert_conf_dir}/client.conf <<EOF
+cat > ${cert_dir}/client.conf <<EOF
 [req]
 distinguished_name = req_distinguished_name
 req_extensions     = req_ext
@@ -91,7 +89,7 @@ openssl req -new -days 1000 \
         -key "${CLIENT_KEY}" \
         -out "${CLIENT_CSR}" \
         -reqexts req_ext \
-        -config "${cert_conf_dir}/client.conf"
+        -config "${cert_dir}/client.conf"
 
 # Send csr to Magnum to have it signed
 csr_req=$(python -c "import json; fp = open('${CLIENT_CSR}'); print json.dumps({'cluster_uuid': '$CLUSTER_UUID', 'csr': fp.read()}); fp.close()")
@@ -115,4 +113,4 @@ sed -i '
     s|CA_CERT|'"$CA_CERT"'|
     s|CLIENT_CERT|'"$CLIENT_CERT"'|
     s|CLIENT_KEY|'"$CLIENT_KEY"'|
-' /srv/kubernetes/kubeconfig.yaml
+' /etc/kubernetes/kubeconfig.yaml

magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh

@@ -57,11 +57,8 @@ sans="${sans},IP:${KUBE_SERVICE_IP}"
 
 sans="${sans},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
 
-cert_dir=/srv/kubernetes
-cert_conf_dir=${cert_dir}/conf
-
+cert_dir=/etc/kubernetes/certs
 mkdir -p "$cert_dir"
-mkdir -p "$cert_conf_dir"
 
 CA_CERT=$cert_dir/ca.crt
 SERVER_CERT=$cert_dir/server.crt
@@ -100,7 +97,7 @@ curl -k -X GET \
     $MAGNUM_URL/certificates/$CLUSTER_UUID | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${CA_CERT}
 
 # Create config for server's csr
-cat > ${cert_conf_dir}/server.conf <<EOF
+cat > ${cert_dir}/server.conf <<EOF
 [req]
 distinguished_name = req_distinguished_name
 req_extensions     = req_ext
@@ -119,7 +116,7 @@ openssl req -new -days 1000 \
         -key "${SERVER_KEY}" \
         -out "${SERVER_CSR}" \
         -reqexts req_ext \
-        -config "${cert_conf_dir}/server.conf"
+        -config "${cert_dir}/server.conf"
 
 # Send csr to Magnum to have it signed
 csr_req=$(python -c "import json; fp = open('${SERVER_CSR}'); print json.dumps({'cluster_uuid': '$CLUSTER_UUID', 'csr': fp.read()}); fp.close()")

magnum/drivers/common/templates/kubernetes/fragments/network-config-service.sh

@@ -5,7 +5,7 @@
 if [ "$NETWORK_DRIVER" != "flannel" ]; then
     exit 0
 fi
-CERT_DIR=/srv/kubernetes
+CERT_DIR=/etc/kubernetes/certs
 PROTOCOL=https
 FLANNEL_OPTIONS="-etcd-cafile $CERT_DIR/ca.crt \
 -etcd-certfile $CERT_DIR/server.crt \

magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh

@@ -2,7 +2,7 @@
 
 . /etc/sysconfig/heat-params
 
-KUBE_OS_CLOUD_CONFIG=/etc/sysconfig/kube_openstack_config
+KUBE_OS_CLOUD_CONFIG=/etc/kubernetes/kube_openstack_config
 
 # Generate a the configuration for Kubernetes services
 # to talk to OpenStack Neutron

magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml

@@ -1,7 +1,7 @@
 #cloud-config
 merge_how: dict(recurse_array)+list(append)
 write_files:
-  - path: /srv/kubernetes/kubeconfig.yaml
+  - path: /etc/kubernetes/kubeconfig.yaml
     owner: "root:root"
     permissions: "0644"
     content: |