openstack/magnum
Code Issues Proposed changes

Merge "[k8s-fcos] Fix insecure registry" into stable/ussuri

Browse Source
This commit is contained in:
Zuul
2021-03-02 12:10:11 +00:00
committed by Gerrit Code Review
parent bc52296489 92260bf0c9
commit a0345cd664
6 changed files with 52 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
View File

@@ -447,11 +447,11 @@ if [ -f /etc/sysconfig/docker ] ; then
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
# json-file is required for conformance. # json-file is required for conformance.
# https://docs.docker.com/config/containers/logging/json-file/ # https://docs.docker.com/config/containers/logging/json-file/
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5"
if [ -n "${INSECURE_REGISTRY_URL}" ]; then if [ -n "${INSECURE_REGISTRY_URL}" ]; then
echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}"
fi fi
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker
fi fi
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"

6
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
View File

@@ -264,11 +264,11 @@ if [ -f /etc/sysconfig/docker ] ; then
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
# json-file is required for conformance. # json-file is required for conformance.
# https://docs.docker.com/config/containers/logging/json-file/ # https://docs.docker.com/config/containers/logging/json-file/
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5"
if [ -n "${INSECURE_REGISTRY_URL}" ]; then if [ -n "${INSECURE_REGISTRY_URL}" ]; then
echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}"
fi fi
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker
fi fi
KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}pause:3.1" KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}pause:3.1"

18
magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml
View File

@@ -5,9 +5,9 @@
# #
# You can use podman or docker to generate the ignition formatted json: # You can use podman or docker to generate the ignition formatted json:
# podman run --rm \ # podman run --rm \
# -v ./fcct-config.yaml:/config.fcc:z \ # -v $(pwd)/fcct-config.yaml:/config.fcc \
# quay.io/coreos/fcct:release \ # quay.io/coreos/fcct:release \
# --pretty --strict --input /config.fcc > ./user_data.json # --pretty --strict /config.fcc > ./user_data.json
# #
# [0] https://github.com/coreos/fcct # [0] https://github.com/coreos/fcct
# [1] https://github.com/coreos/fedora-coreos-docs/blob/master/modules/ROOT/pages/producing-ign.adoc # [1] https://github.com/coreos/fedora-coreos-docs/blob/master/modules/ROOT/pages/producing-ign.adoc
@@ -69,6 +69,18 @@ storage:
# -1 is unlimited # -1 is unlimited
# 50m # 50m
max_log_size = 52428800 max_log_size = 52428800
- path: /etc/containers/__REGISTRIES_CONF__
# 420 (decimal) == 644 (octal)
mode: 420
user:
name: root
group:
name: root
append:
- inline: |
[[registry]]
location = "__INSECURE_REGISTRY_URL__"
insecure = true
- path: /etc/hostname - path: /etc/hostname
# 420 (decimal) == 644 (octal) # 420 (decimal) == 644 (octal)
mode: 420 mode: 420

8
magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
View File

@@ -708,6 +708,14 @@ resources:
__HTTPS_PROXY__: {get_param: https_proxy} __HTTPS_PROXY__: {get_param: https_proxy}
__NO_PROXY__: {get_param: no_proxy} __NO_PROXY__: {get_param: no_proxy}
__SELINUX_MODE__: {get_param: selinux_mode} __SELINUX_MODE__: {get_param: selinux_mode}
__INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url}
__REGISTRIES_CONF__:
if:
- equals:
- get_param: insecure_registry_url
- ""
- ".registries.conf"
- "registries.conf"
master_config: master_config:
type: OS::Heat::SoftwareConfig type: OS::Heat::SoftwareConfig

8
magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
View File

@@ -387,6 +387,14 @@ resources:
__HTTPS_PROXY__: {get_param: https_proxy} __HTTPS_PROXY__: {get_param: https_proxy}
__NO_PROXY__: {get_param: no_proxy} __NO_PROXY__: {get_param: no_proxy}
__SELINUX_MODE__: {get_param: selinux_mode} __SELINUX_MODE__: {get_param: selinux_mode}
__INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url}
__REGISTRIES_CONF__:
if:
- equals:
- get_param: insecure_registry_url
- ""
- ".registries.conf"
- "registries.conf"
###################################################################### ######################################################################
# #

15
magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json
View File

@@ -63,6 +63,21 @@
}, },
"mode": 420 "mode": 420
}, },
{
"group": {
"name": "root"
},
"path": "/etc/containers/__REGISTRIES_CONF__",
"user": {
"name": "root"
},
"append": [
{
"source": "data:,%5B%5Bregistry%5D%5D%0Alocation%20%3D%20%22__INSECURE_REGISTRY_URL__%22%0Ainsecure%20%3D%20true%0A"
}
],
"mode": 420
},
{ {
"group": { "group": {
"name": "root" "name": "root"