Merge "Align k8s CoreOS with atomic: add proxy config"
This commit is contained in:
commit
555ffb5554
|
@ -0,0 +1,46 @@
|
||||||
|
#cloud-config
|
||||||
|
write_files:
|
||||||
|
- path: /etc/systemd/system/add-proxy.service
|
||||||
|
owner: "root:root"
|
||||||
|
permissions: "0644"
|
||||||
|
content: |
|
||||||
|
[Unit]
|
||||||
|
Description=Configure proxy
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/etc/sysconfig/add-proxy.sh
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
- path: /etc/sysconfig/add-proxy.sh
|
||||||
|
owner: "root:root"
|
||||||
|
permissions: "0755"
|
||||||
|
content: |
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
. /etc/sysconfig/heat-params
|
||||||
|
|
||||||
|
DOCKER_PROXY_CONF=/etc/systemd/system/docker.service.d/http-proxy.conf
|
||||||
|
ENVIRONMENT=/etc/environment
|
||||||
|
|
||||||
|
mkdir -p /etc/systemd/system/docker.service.d
|
||||||
|
|
||||||
|
if [ -n "$HTTP_PROXY" ]; then
|
||||||
|
cat <<EOF | sed "s/^ *//" > $DOCKER_PROXY_CONF
|
||||||
|
HTTP_PROXY=$HTTP_PROXY
|
||||||
|
EOF
|
||||||
|
echo "http_proxy=$HTTP_PROXY" >> $ENVIRONMENT
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl --no-block restart docker.service
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$HTTPS_PROXY" ]; then
|
||||||
|
echo "https_proxy=$HTTPS_PROXY" >> $ENVIRONMENT
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$NO_PROXY" ]; then
|
||||||
|
echo "no_proxy=$NO_PROXY" >> ENVIRONMENT
|
||||||
|
fi
|
|
@ -131,6 +131,21 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: endpoint to retrieve TLS certs from
|
description: endpoint to retrieve TLS certs from
|
||||||
|
|
||||||
|
http_proxy:
|
||||||
|
type: string
|
||||||
|
description: http proxy address for docker
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
https_proxy:
|
||||||
|
type: string
|
||||||
|
description: https proxy address for docker
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
no_proxy:
|
||||||
|
type: string
|
||||||
|
description: no proxies for docker
|
||||||
|
default: ""
|
||||||
|
|
||||||
trustee_domain_id:
|
trustee_domain_id:
|
||||||
type: string
|
type: string
|
||||||
description: domain id of the trustee
|
description: domain id of the trustee
|
||||||
|
@ -320,6 +335,9 @@ resources:
|
||||||
network_driver: {get_param: network_driver}
|
network_driver: {get_param: network_driver}
|
||||||
kubernetes_port: {get_param: kubernetes_port}
|
kubernetes_port: {get_param: kubernetes_port}
|
||||||
tls_disabled: {get_param: tls_disabled}
|
tls_disabled: {get_param: tls_disabled}
|
||||||
|
http_proxy: {get_param: http_proxy}
|
||||||
|
https_proxy: {get_param: https_proxy}
|
||||||
|
no_proxy: {get_param: no_proxy}
|
||||||
kube_version: {get_param: kube_version}
|
kube_version: {get_param: kube_version}
|
||||||
wait_condition_timeout: {get_param: wait_condition_timeout}
|
wait_condition_timeout: {get_param: wait_condition_timeout}
|
||||||
bay_uuid: {get_param: bay_uuid}
|
bay_uuid: {get_param: bay_uuid}
|
||||||
|
@ -360,6 +378,9 @@ resources:
|
||||||
network_driver: {get_param: network_driver}
|
network_driver: {get_param: network_driver}
|
||||||
kubernetes_port: {get_param: kubernetes_port}
|
kubernetes_port: {get_param: kubernetes_port}
|
||||||
tls_disabled: {get_param: tls_disabled}
|
tls_disabled: {get_param: tls_disabled}
|
||||||
|
http_proxy: {get_param: http_proxy}
|
||||||
|
https_proxy: {get_param: https_proxy}
|
||||||
|
no_proxy: {get_param: no_proxy}
|
||||||
kube_version: {get_param: kube_version}
|
kube_version: {get_param: kube_version}
|
||||||
etcd_server_ip: {get_attr: [etcd_address_switch, private_ip]}
|
etcd_server_ip: {get_attr: [etcd_address_switch, private_ip]}
|
||||||
wait_condition_timeout: {get_param: wait_condition_timeout}
|
wait_condition_timeout: {get_param: wait_condition_timeout}
|
||||||
|
|
|
@ -113,6 +113,18 @@ parameters:
|
||||||
description: Private IP address of the Kubernetes master server.
|
description: Private IP address of the Kubernetes master server.
|
||||||
default: ""
|
default: ""
|
||||||
|
|
||||||
|
http_proxy:
|
||||||
|
type: string
|
||||||
|
description: http proxy address for docker
|
||||||
|
|
||||||
|
https_proxy:
|
||||||
|
type: string
|
||||||
|
description: https proxy address for docker
|
||||||
|
|
||||||
|
no_proxy:
|
||||||
|
type: string
|
||||||
|
description: no proxies for docker
|
||||||
|
|
||||||
trustee_user_id:
|
trustee_user_id:
|
||||||
type: string
|
type: string
|
||||||
description: user id of the trustee
|
description: user id of the trustee
|
||||||
|
@ -227,6 +239,9 @@ resources:
|
||||||
"$KUBE_VERSION": {get_param: kube_version}
|
"$KUBE_VERSION": {get_param: kube_version}
|
||||||
"$BAY_UUID": {get_param: bay_uuid}
|
"$BAY_UUID": {get_param: bay_uuid}
|
||||||
"$MAGNUM_URL": {get_param: magnum_url}
|
"$MAGNUM_URL": {get_param: magnum_url}
|
||||||
|
"$HTTP_PROXY": {get_param: http_proxy}
|
||||||
|
"$HTTPS_PROXY": {get_param: https_proxy}
|
||||||
|
"$NO_PROXY": {get_param: no_proxy}
|
||||||
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
|
@ -306,6 +321,12 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: fragments/wc-notify.yaml}
|
config: {get_file: fragments/wc-notify.yaml}
|
||||||
|
|
||||||
|
add_proxy:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config: {get_file: fragments/add-proxy.yaml}
|
||||||
|
|
||||||
kube_master_init:
|
kube_master_init:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
properties:
|
properties:
|
||||||
|
@ -315,6 +336,7 @@ resources:
|
||||||
template: |
|
template: |
|
||||||
$write_heat_params
|
$write_heat_params
|
||||||
$make_cert
|
$make_cert
|
||||||
|
$add_proxy
|
||||||
$configure_etcd
|
$configure_etcd
|
||||||
$write_network_config
|
$write_network_config
|
||||||
$enable_network_service
|
$enable_network_service
|
||||||
|
@ -330,6 +352,8 @@ resources:
|
||||||
units:
|
units:
|
||||||
- name: "make-cert.service"
|
- name: "make-cert.service"
|
||||||
command: "start"
|
command: "start"
|
||||||
|
- name: "add-proxy.service"
|
||||||
|
command: "start"
|
||||||
- name: "configure-etcd.service"
|
- name: "configure-etcd.service"
|
||||||
command: "start"
|
command: "start"
|
||||||
- name: "write-network-config.service"
|
- name: "write-network-config.service"
|
||||||
|
@ -355,6 +379,7 @@ resources:
|
||||||
params:
|
params:
|
||||||
"$write_heat_params": {get_attr: [write_heat_params, config]}
|
"$write_heat_params": {get_attr: [write_heat_params, config]}
|
||||||
"$make_cert": {get_attr: [make_cert, config]}
|
"$make_cert": {get_attr: [make_cert, config]}
|
||||||
|
"$add_proxy": {get_attr: [add_proxy, config]}
|
||||||
"$configure_etcd": {get_attr: [configure_etcd, config]}
|
"$configure_etcd": {get_attr: [configure_etcd, config]}
|
||||||
"$write_network_config": {get_attr: [write_network_config, config]}
|
"$write_network_config": {get_attr: [write_network_config, config]}
|
||||||
"$enable_network_service": {get_attr: [enable_network_service, config]}
|
"$enable_network_service": {get_attr: [enable_network_service, config]}
|
||||||
|
|
|
@ -82,6 +82,18 @@ parameters:
|
||||||
description: >
|
description: >
|
||||||
timeout for the Wait Conditions
|
timeout for the Wait Conditions
|
||||||
|
|
||||||
|
http_proxy:
|
||||||
|
type: string
|
||||||
|
description: http proxy address for docker
|
||||||
|
|
||||||
|
https_proxy:
|
||||||
|
type: string
|
||||||
|
description: https proxy address for docker
|
||||||
|
|
||||||
|
no_proxy:
|
||||||
|
type: string
|
||||||
|
description: no proxies for docker
|
||||||
|
|
||||||
trustee_user_id:
|
trustee_user_id:
|
||||||
type: string
|
type: string
|
||||||
description: user id of the trustee
|
description: user id of the trustee
|
||||||
|
@ -143,22 +155,25 @@ resources:
|
||||||
str_replace:
|
str_replace:
|
||||||
template: {get_file: fragments/write-heat-params.yaml}
|
template: {get_file: fragments/write-heat-params.yaml}
|
||||||
params:
|
params:
|
||||||
$KUBE_ALLOW_PRIV: {get_param: kube_allow_priv}
|
"$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
|
||||||
$KUBE_MASTER_IP: {get_param: kube_master_ip}
|
"$KUBE_MASTER_IP": {get_param: kube_master_ip}
|
||||||
$KUBE_NODE_PUBLIC_IP: {get_attr: [kube_minion_floating, floating_ip_address]}
|
"$KUBE_NODE_PUBLIC_IP": {get_attr: [kube_minion_floating, floating_ip_address]}
|
||||||
$KUBE_NODE_IP: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
|
"$KUBE_NODE_IP": {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
|
||||||
$WAIT_CURL: {get_attr: [minion_wait_handle, curl_cli]}
|
"$WAIT_CURL": {get_attr: [minion_wait_handle, curl_cli]}
|
||||||
$KUBE_API_PORT: {get_param: kubernetes_port}
|
"$KUBE_API_PORT": {get_param: kubernetes_port}
|
||||||
$TLS_DISABLED: {get_param: tls_disabled}
|
"$TLS_DISABLED": {get_param: tls_disabled}
|
||||||
$NETWORK_DRIVER: {get_param: network_driver}
|
"$NETWORK_DRIVER": {get_param: network_driver}
|
||||||
$ETCD_SERVER_IP: {get_param: etcd_server_ip}
|
"$ETCD_SERVER_IP": {get_param: etcd_server_ip}
|
||||||
$KUBE_VERSION: {get_param: kube_version}
|
"$KUBE_VERSION": {get_param: kube_version}
|
||||||
$BAY_UUID: {get_param: bay_uuid}
|
"$BAY_UUID": {get_param: bay_uuid}
|
||||||
$MAGNUM_URL: {get_param: magnum_url}
|
"$MAGNUM_URL": {get_param: magnum_url}
|
||||||
$TRUSTEE_USER_ID: {get_param: trustee_user_id}
|
"$HTTP_PROXY": {get_param: http_proxy}
|
||||||
$TRUSTEE_PASSWORD: {get_param: trustee_password}
|
"$HTTPS_PROXY": {get_param: https_proxy}
|
||||||
$TRUST_ID: {get_param: trust_id}
|
"$NO_PROXY": {get_param: no_proxy}
|
||||||
$AUTH_URL: {get_param: auth_url}
|
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||||
|
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||||
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
|
"$AUTH_URL": {get_param: auth_url}
|
||||||
|
|
||||||
write_kubeconfig:
|
write_kubeconfig:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
@ -196,6 +211,12 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: fragments/wc-notify.yaml}
|
config: {get_file: fragments/wc-notify.yaml}
|
||||||
|
|
||||||
|
add_proxy:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config: {get_file: fragments/add-proxy.yaml}
|
||||||
|
|
||||||
kube_minion_init:
|
kube_minion_init:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
properties:
|
properties:
|
||||||
|
@ -206,6 +227,7 @@ resources:
|
||||||
$write_heat_params
|
$write_heat_params
|
||||||
$write_kubeconfig
|
$write_kubeconfig
|
||||||
$make_cert
|
$make_cert
|
||||||
|
$add_proxy
|
||||||
$enable_network_service
|
$enable_network_service
|
||||||
$enable_kubelet
|
$enable_kubelet
|
||||||
$enable_kube_proxy
|
$enable_kube_proxy
|
||||||
|
@ -214,6 +236,8 @@ resources:
|
||||||
units:
|
units:
|
||||||
- name: "make-cert.service"
|
- name: "make-cert.service"
|
||||||
command: "start"
|
command: "start"
|
||||||
|
- name: "add-proxy.service"
|
||||||
|
command: "start"
|
||||||
- name: "enable-network-service.service"
|
- name: "enable-network-service.service"
|
||||||
command: "start"
|
command: "start"
|
||||||
- name: "enable-kubelet.service"
|
- name: "enable-kubelet.service"
|
||||||
|
@ -226,6 +250,7 @@ resources:
|
||||||
"$write_heat_params": {get_attr: [write_heat_params, config]}
|
"$write_heat_params": {get_attr: [write_heat_params, config]}
|
||||||
"$write_kubeconfig": {get_attr: [write_kubeconfig, config]}
|
"$write_kubeconfig": {get_attr: [write_kubeconfig, config]}
|
||||||
"$make_cert": {get_attr: [make_cert, config]}
|
"$make_cert": {get_attr: [make_cert, config]}
|
||||||
|
"$add_proxy": {get_attr: [add_proxy, config]}
|
||||||
"$enable_network_service": {get_attr: [enable_network_service, config]}
|
"$enable_network_service": {get_attr: [enable_network_service, config]}
|
||||||
"$enable_kubelet": {get_attr: [enable_kubelet, config]}
|
"$enable_kubelet": {get_attr: [enable_kubelet, config]}
|
||||||
"$enable_kube_proxy": {get_attr: [enable_kube_proxy, config]}
|
"$enable_kube_proxy": {get_attr: [enable_kube_proxy, config]}
|
||||||
|
|
Loading…
Reference in New Issue