Merge "Align k8s CoreOS with atomic: add proxy config"

magnum/drivers/k8s_coreos_v1/templates/fragments/add-proxy.yaml

@@ -0,0 +1,46 @@
+#cloud-config
+write_files:
+  - path: /etc/systemd/system/add-proxy.service
+    owner: "root:root"
+    permissions: "0644"
+    content: |
+      [Unit]
+      Description=Configure proxy
+
+      [Service]
+      Type=oneshot
+      ExecStart=/etc/sysconfig/add-proxy.sh
+
+      [Install]
+      WantedBy=multi-user.target
+
+  - path: /etc/sysconfig/add-proxy.sh
+    owner: "root:root"
+    permissions: "0755"
+    content: |
+      #!/bin/sh
+
+      . /etc/sysconfig/heat-params
+
+      DOCKER_PROXY_CONF=/etc/systemd/system/docker.service.d/http-proxy.conf
+      ENVIRONMENT=/etc/environment
+
+      mkdir -p /etc/systemd/system/docker.service.d
+
+      if [ -n "$HTTP_PROXY" ]; then
+          cat <<EOF | sed "s/^ *//" > $DOCKER_PROXY_CONF
+          HTTP_PROXY=$HTTP_PROXY
+      EOF
+        echo "http_proxy=$HTTP_PROXY" >> $ENVIRONMENT
+
+        systemctl daemon-reload
+        systemctl --no-block restart docker.service
+      fi
+
+      if [ -n "$HTTPS_PROXY" ]; then
+        echo "https_proxy=$HTTPS_PROXY" >> $ENVIRONMENT
+      fi
+
+      if [ -n "$NO_PROXY" ]; then
+          echo "no_proxy=$NO_PROXY" >> ENVIRONMENT
+      fi

magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml

@@ -131,6 +131,21 @@ parameters:
     type: string
     description: endpoint to retrieve TLS certs from
 
+  http_proxy:
+    type: string
+    description: http proxy address for docker
+    default: ""
+
+  https_proxy:
+    type: string
+    description: https proxy address for docker
+    default: ""
+
+  no_proxy:
+    type: string
+    description: no proxies for docker
+    default: ""
+
   trustee_domain_id:
     type: string
     description: domain id of the trustee
@@ -320,6 +335,9 @@ resources:
           network_driver: {get_param: network_driver}
           kubernetes_port: {get_param: kubernetes_port}
           tls_disabled: {get_param: tls_disabled}
+          http_proxy: {get_param: http_proxy}
+          https_proxy: {get_param: https_proxy}
+          no_proxy: {get_param: no_proxy}
           kube_version: {get_param: kube_version}
           wait_condition_timeout: {get_param: wait_condition_timeout}
           bay_uuid: {get_param: bay_uuid}
@@ -360,6 +378,9 @@ resources:
           network_driver: {get_param: network_driver}
           kubernetes_port: {get_param: kubernetes_port}
           tls_disabled: {get_param: tls_disabled}
+          http_proxy: {get_param: http_proxy}
+          https_proxy: {get_param: https_proxy}
+          no_proxy: {get_param: no_proxy}
           kube_version: {get_param: kube_version}
           etcd_server_ip: {get_attr: [etcd_address_switch, private_ip]}
           wait_condition_timeout: {get_param: wait_condition_timeout}

magnum/drivers/k8s_coreos_v1/templates/kubemaster.yaml

@@ -113,6 +113,18 @@ parameters:
     description: Private IP address of the Kubernetes master server.
     default: ""
 
+  http_proxy:
+    type: string
+    description: http proxy address for docker
+
+  https_proxy:
+    type: string
+    description: https proxy address for docker
+
+  no_proxy:
+    type: string
+    description: no proxies for docker
+
   trustee_user_id:
     type: string
     description: user id of the trustee
@@ -227,6 +239,9 @@ resources:
             "$KUBE_VERSION": {get_param: kube_version}
             "$BAY_UUID": {get_param: bay_uuid}
             "$MAGNUM_URL": {get_param: magnum_url}
+            "$HTTP_PROXY": {get_param: http_proxy}
+            "$HTTPS_PROXY": {get_param: https_proxy}
+            "$NO_PROXY": {get_param: no_proxy}
             "$TRUSTEE_USER_ID": {get_param: trustee_user_id}
             "$TRUSTEE_PASSWORD": {get_param: trustee_password}
             "$TRUST_ID": {get_param: trust_id}
@@ -306,6 +321,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/wc-notify.yaml}
 
+  add_proxy:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/add-proxy.yaml}
+
   kube_master_init:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -315,6 +336,7 @@ resources:
           template: |
             $write_heat_params
             $make_cert
+            $add_proxy
             $configure_etcd
             $write_network_config
             $enable_network_service
@@ -330,6 +352,8 @@ resources:
               units:
                 - name: "make-cert.service"
                   command: "start"
+                - name: "add-proxy.service"
+                  command: "start"
                 - name: "configure-etcd.service"
                   command: "start"
                 - name: "write-network-config.service"
@@ -355,6 +379,7 @@ resources:
           params:
             "$write_heat_params": {get_attr: [write_heat_params, config]}
             "$make_cert": {get_attr: [make_cert, config]}
+            "$add_proxy": {get_attr: [add_proxy, config]}
             "$configure_etcd": {get_attr: [configure_etcd, config]}
             "$write_network_config": {get_attr: [write_network_config, config]}
             "$enable_network_service": {get_attr: [enable_network_service, config]}

magnum/drivers/k8s_coreos_v1/templates/kubeminion.yaml

@@ -82,6 +82,18 @@ parameters:
     description: >
       timeout for the Wait Conditions
 
+  http_proxy:
+    type: string
+    description: http proxy address for docker
+
+  https_proxy:
+    type: string
+    description: https proxy address for docker
+
+  no_proxy:
+    type: string
+    description: no proxies for docker
+
   trustee_user_id:
     type: string
     description: user id of the trustee
@@ -143,22 +155,25 @@ resources:
         str_replace:
           template: {get_file: fragments/write-heat-params.yaml}
           params:
-            $KUBE_ALLOW_PRIV: {get_param: kube_allow_priv}
+            "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
-            $KUBE_MASTER_IP: {get_param: kube_master_ip}
+            "$KUBE_MASTER_IP": {get_param: kube_master_ip}
-            $KUBE_NODE_PUBLIC_IP: {get_attr: [kube_minion_floating, floating_ip_address]}
+            "$KUBE_NODE_PUBLIC_IP": {get_attr: [kube_minion_floating, floating_ip_address]}
-            $KUBE_NODE_IP: {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
+            "$KUBE_NODE_IP": {get_attr: [kube_minion_eth0, fixed_ips, 0, ip_address]}
-            $WAIT_CURL: {get_attr: [minion_wait_handle, curl_cli]}
+            "$WAIT_CURL": {get_attr: [minion_wait_handle, curl_cli]}
-            $KUBE_API_PORT: {get_param: kubernetes_port}
+            "$KUBE_API_PORT": {get_param: kubernetes_port}
-            $TLS_DISABLED: {get_param: tls_disabled}
+            "$TLS_DISABLED": {get_param: tls_disabled}
-            $NETWORK_DRIVER: {get_param: network_driver}
+            "$NETWORK_DRIVER": {get_param: network_driver}
-            $ETCD_SERVER_IP: {get_param: etcd_server_ip}
+            "$ETCD_SERVER_IP": {get_param: etcd_server_ip}
-            $KUBE_VERSION: {get_param: kube_version}
+            "$KUBE_VERSION": {get_param: kube_version}
-            $BAY_UUID: {get_param: bay_uuid}
+            "$BAY_UUID": {get_param: bay_uuid}
-            $MAGNUM_URL: {get_param: magnum_url}
+            "$MAGNUM_URL": {get_param: magnum_url}
-            $TRUSTEE_USER_ID: {get_param: trustee_user_id}
+            "$HTTP_PROXY": {get_param: http_proxy}
-            $TRUSTEE_PASSWORD: {get_param: trustee_password}
+            "$HTTPS_PROXY": {get_param: https_proxy}
-            $TRUST_ID: {get_param: trust_id}
+            "$NO_PROXY": {get_param: no_proxy}
-            $AUTH_URL: {get_param: auth_url}
+            "$TRUSTEE_USER_ID": {get_param: trustee_user_id}
+            "$TRUSTEE_PASSWORD": {get_param: trustee_password}
+            "$TRUST_ID": {get_param: trust_id}
+            "$AUTH_URL": {get_param: auth_url}
 
   write_kubeconfig:
     type: OS::Heat::SoftwareConfig
@@ -196,6 +211,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/wc-notify.yaml}
 
+  add_proxy:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/add-proxy.yaml}
+
   kube_minion_init:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -206,6 +227,7 @@ resources:
             $write_heat_params
             $write_kubeconfig
             $make_cert
+            $add_proxy
             $enable_network_service
             $enable_kubelet
             $enable_kube_proxy
@@ -214,6 +236,8 @@ resources:
               units:
                 - name: "make-cert.service"
                   command: "start"
+                - name: "add-proxy.service"
+                  command: "start"
                 - name: "enable-network-service.service"
                   command: "start"
                 - name: "enable-kubelet.service"
@@ -226,6 +250,7 @@ resources:
             "$write_heat_params": {get_attr: [write_heat_params, config]}
             "$write_kubeconfig": {get_attr: [write_kubeconfig, config]}
             "$make_cert": {get_attr: [make_cert, config]}
+            "$add_proxy": {get_attr: [add_proxy, config]}
             "$enable_network_service": {get_attr: [enable_network_service, config]}
             "$enable_kubelet": {get_attr: [enable_kubelet, config]}
             "$enable_kube_proxy": {get_attr: [enable_kube_proxy, config]}