Merge "[k8s] Add kubelet to the master nodes"

5 years ago · 3fcf6439ec
parent 7b6415a5bc 6390e0dbd3
commit 3fcf6439ec
4 changed files with 48 additions and 44 deletions
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@ -6,14 +6,9 @@ echo "configuring kubernetes (master)"

 _prefix=${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}

-# TODO(flwang): We should revisit this part to figure out if it's possible to
-# only run the calico-node container as a systemd service before starting the
-# minion nodes.
-if [ "$NETWORK_DRIVER" = "calico" ]; then
-    mkdir -p /opt/cni
-    _addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]}'
-    atomic install --storage ostree --system --set=ADDTL_MOUNTS=${_addtl_mounts} --system-package=no --name=kubelet ${_prefix}kubernetes-kubelet:${KUBE_TAG}
-fi
+mkdir -p /opt/cni
+_addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]}'
+atomic install --storage ostree --system --set=ADDTL_MOUNTS=${_addtl_mounts} --system-package=no --name=kubelet ${_prefix}kubernetes-kubelet:${KUBE_TAG}
 atomic install --storage ostree --system --system-package=no --name=kube-apiserver ${_prefix}kubernetes-apiserver:${KUBE_TAG}
 atomic install --storage ostree --system --system-package=no --name=kube-controller-manager ${_prefix}kubernetes-controller-manager:${KUBE_TAG}
 atomic install --storage ostree --system --system-package=no --name=kube-scheduler ${_prefix}kubernetes-scheduler:${KUBE_TAG}
@ -130,11 +125,13 @@ if [ -n "${INSECURE_REGISTRY_URL}" ]; then
 fi

 if [ "$NETWORK_DRIVER" = "calico" ]; then
-    KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"
+    KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
+fi
+KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"

-    KUBELET_KUBECONFIG=/etc/kubernetes/kubelet-config.yaml
-    HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
-    cat << EOF >> ${KUBELET_KUBECONFIG}
+KUBELET_KUBECONFIG=/etc/kubernetes/kubelet-config.yaml
+HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
+cat << EOF >> ${KUBELET_KUBECONFIG}
 apiVersion: v1
 clusters:
 - cluster:
@ -157,7 +154,7 @@ users:
    client-key: ${CERT_DIR}/server.key
 EOF

-    cat > /etc/kubernetes/get_require_kubeconfig.sh <<EOF
+cat > /etc/kubernetes/get_require_kubeconfig.sh << EOF
 #!/bin/bash

 KUBE_VERSION=\$(kubelet --version | awk '{print \$2}')
@ -166,37 +163,36 @@ if [[ "\${min_version}" != \$(echo -e "\${min_version}\n\${KUBE_VERSION}" | sort
    echo "--require-kubeconfig"
 fi
 EOF
-    chmod +x /etc/kubernetes/get_require_kubeconfig.sh
+chmod +x /etc/kubernetes/get_require_kubeconfig.sh

-    KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-file=${CERT_DIR}/kubelet.crt --tls-private-key-file=${CERT_DIR}/kubelet.key --kubeconfig ${KUBELET_KUBECONFIG}"
+KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-file=${CERT_DIR}/kubelet.crt --tls-private-key-file=${CERT_DIR}/kubelet.key --kubeconfig ${KUBELET_KUBECONFIG}"

-    # specified cgroup driver
-    KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
+# specified cgroup driver
+KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"

-    systemctl disable docker
-    if cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
-            cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
-            sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
-                    /etc/systemd/system/docker.service
-    else
-            cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
+systemctl disable docker
+if cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
+        cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
+        sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
+                /etc/systemd/system/docker.service
+else
+        cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
 ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
 EOF

-    fi
+fi

-    systemctl daemon-reload
-    systemctl enable docker
+systemctl daemon-reload
+systemctl enable docker

-    if [ -z "${KUBE_NODE_IP}" ]; then
-        KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
-    fi
+if [ -z "${KUBE_NODE_IP}" ]; then
+    KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
+fi

-    KUBELET_ARGS="${KUBELET_ARGS} --address=${KUBE_NODE_IP} --port=10250 --read-only-port=0 --anonymous-auth=false --authorization-mode=Webhook --authentication-token-webhook=true"
+KUBELET_ARGS="${KUBELET_ARGS} --address=${KUBE_NODE_IP} --port=10250 --read-only-port=0 --anonymous-auth=false --authorization-mode=Webhook --authentication-token-webhook=true"

-    sed -i '
-    /^KUBELET_ADDRESS=/ s/=.*/="--address=${KUBE_NODE_IP}"/
-    /^KUBELET_HOSTNAME=/ s/=.*/=""/
-    /^KUBELET_ARGS=/ s|=.*|="'"\$(/etc/kubernetes/get_require_kubeconfig.sh) ${KUBELET_ARGS}"'"|
+sed -i '
+/^KUBELET_ADDRESS=/ s/=.*/="--address=${KUBE_NODE_IP}"/
+/^KUBELET_HOSTNAME=/ s/=.*/=""/
+/^KUBELET_ARGS=/ s|=.*|="'"\$(/etc/kubernetes/get_require_kubeconfig.sh) ${KUBELET_ARGS}"'"|
 ' /etc/kubernetes/kubelet
-fi
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh
@ -14,14 +14,8 @@ while [ ! -f /etc/kubernetes/certs/ca.key ] && \
 done

 echo "starting services"
-for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kube-proxy; do
+for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
    echo "activating service $service"
    systemctl enable $service
    systemctl --no-block start $service
-done
-
-if [ "$NETWORK_DRIVER" = "calico" ]; then
-    echo "activating service kubelet"
-    systemctl enable kubelet
-    systemctl start kubelet
-fi
+done
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@ -558,6 +558,12 @@ resources:
      group: ungrouped
      config: {get_file: ../../common/templates/kubernetes/fragments/flannel-config-service.sh}

+  flannel_service:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
+
  enable_services:
    type: OS::Heat::SoftwareConfig
    properties:
@ -611,6 +617,7 @@ resources:
        - config: {get_resource: enable_services}
        - config: {get_resource: write_flannel_config}
        - config: {get_resource: flannel_config_service}
+        - config: {get_resource: flannel_service}
        - config: {get_resource: kube_apiserver_to_kubelet_role}
        - config: {get_resource: master_wc_notify}

--- a/releasenotes/notes/add-kubelet-to-master-nodes-da2d4ea0d3a332cd.yaml
+++ b/releasenotes/notes/add-kubelet-to-master-nodes-da2d4ea0d3a332cd.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Deploy kubelet in master nodes for the k8s_fedora_atomic driver.
+    Previously it was done only for calico, now kubelet will run in all
+    cases. Really useful, for monitoing the master nodes (eg deploy fluentd)
+    or run the kubernetes control-plance self-hosted.