[k8s] Add kubelet to the master nodes
Add kubelet on the master nodes. This work was
done already for calico, this patch applies the
same config when calico is used as well.
story: 2003521
task: 24797
Change-Id: Id33fb59ef23da740712d9a9b7ec4205bd6579b35
(cherry picked from commit 6390e0dbd3
)
This commit is contained in:
parent
9e973c12e9
commit
e8e8cffb54
|
@ -6,14 +6,9 @@ echo "configuring kubernetes (master)"
|
|||
|
||||
_prefix=${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}
|
||||
|
||||
# TODO(flwang): We should revisit this part to figure out if it's possible to
|
||||
# only run the calico-node container as a systemd service before starting the
|
||||
# minion nodes.
|
||||
if [ "$NETWORK_DRIVER" = "calico" ]; then
|
||||
mkdir -p /opt/cni
|
||||
_addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]}'
|
||||
atomic install --storage ostree --system --set=ADDTL_MOUNTS=${_addtl_mounts} --system-package=no --name=kubelet ${_prefix}kubernetes-kubelet:${KUBE_TAG}
|
||||
fi
|
||||
mkdir -p /opt/cni
|
||||
_addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]}'
|
||||
atomic install --storage ostree --system --set=ADDTL_MOUNTS=${_addtl_mounts} --system-package=no --name=kubelet ${_prefix}kubernetes-kubelet:${KUBE_TAG}
|
||||
atomic install --storage ostree --system --system-package=no --name=kube-apiserver ${_prefix}kubernetes-apiserver:${KUBE_TAG}
|
||||
atomic install --storage ostree --system --system-package=no --name=kube-controller-manager ${_prefix}kubernetes-controller-manager:${KUBE_TAG}
|
||||
atomic install --storage ostree --system --system-package=no --name=kube-scheduler ${_prefix}kubernetes-scheduler:${KUBE_TAG}
|
||||
|
@ -129,11 +124,13 @@ if [ -n "${INSECURE_REGISTRY_URL}" ]; then
|
|||
fi
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "calico" ]; then
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
fi
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"
|
||||
|
||||
KUBELET_KUBECONFIG=/etc/kubernetes/kubelet-config.yaml
|
||||
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
|
||||
cat << EOF >> ${KUBELET_KUBECONFIG}
|
||||
KUBELET_KUBECONFIG=/etc/kubernetes/kubelet-config.yaml
|
||||
HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
|
||||
cat << EOF >> ${KUBELET_KUBECONFIG}
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
|
@ -156,7 +153,7 @@ users:
|
|||
client-key: ${CERT_DIR}/server.key
|
||||
EOF
|
||||
|
||||
cat > /etc/kubernetes/get_require_kubeconfig.sh <<EOF
|
||||
cat > /etc/kubernetes/get_require_kubeconfig.sh << EOF
|
||||
#!/bin/bash
|
||||
|
||||
KUBE_VERSION=\$(kubelet --version | awk '{print \$2}')
|
||||
|
@ -165,37 +162,36 @@ if [[ "\${min_version}" != \$(echo -e "\${min_version}\n\${KUBE_VERSION}" | sort
|
|||
echo "--require-kubeconfig"
|
||||
fi
|
||||
EOF
|
||||
chmod +x /etc/kubernetes/get_require_kubeconfig.sh
|
||||
chmod +x /etc/kubernetes/get_require_kubeconfig.sh
|
||||
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-file=${CERT_DIR}/kubelet.crt --tls-private-key-file=${CERT_DIR}/kubelet.key --kubeconfig ${KUBELET_KUBECONFIG}"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --client-ca-file=${CERT_DIR}/ca.crt --tls-cert-file=${CERT_DIR}/kubelet.crt --tls-private-key-file=${CERT_DIR}/kubelet.key --kubeconfig ${KUBELET_KUBECONFIG}"
|
||||
|
||||
# specified cgroup driver
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
|
||||
# specified cgroup driver
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=${CGROUP_DRIVER}"
|
||||
|
||||
systemctl disable docker
|
||||
if cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
|
||||
cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
|
||||
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
|
||||
/etc/systemd/system/docker.service
|
||||
else
|
||||
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
|
||||
systemctl disable docker
|
||||
if cat /usr/lib/systemd/system/docker.service | grep 'native.cgroupdriver'; then
|
||||
cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
|
||||
sed -i "s/\(native.cgroupdriver=\)\w\+/\1$CGROUP_DRIVER/" \
|
||||
/etc/systemd/system/docker.service
|
||||
else
|
||||
cat > /etc/systemd/system/docker.service.d/cgroupdriver.conf << EOF
|
||||
ExecStart=---exec-opt native.cgroupdriver=$CGROUP_DRIVER
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable docker
|
||||
|
||||
if [ -z "${KUBE_NODE_IP}" ]; then
|
||||
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
|
||||
fi
|
||||
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --address=${KUBE_NODE_IP} --port=10250 --read-only-port=0 --anonymous-auth=false --authorization-mode=Webhook --authentication-token-webhook=true"
|
||||
|
||||
sed -i '
|
||||
/^KUBELET_ADDRESS=/ s/=.*/="--address=${KUBE_NODE_IP}"/
|
||||
/^KUBELET_HOSTNAME=/ s/=.*/=""/
|
||||
/^KUBELET_ARGS=/ s|=.*|="'"\$(/etc/kubernetes/get_require_kubeconfig.sh) ${KUBELET_ARGS}"'"|
|
||||
' /etc/kubernetes/kubelet
|
||||
fi
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable docker
|
||||
|
||||
if [ -z "${KUBE_NODE_IP}" ]; then
|
||||
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
|
||||
fi
|
||||
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --address=${KUBE_NODE_IP} --port=10250 --read-only-port=0 --anonymous-auth=false --authorization-mode=Webhook --authentication-token-webhook=true"
|
||||
|
||||
sed -i '
|
||||
/^KUBELET_ADDRESS=/ s/=.*/="--address=${KUBE_NODE_IP}"/
|
||||
/^KUBELET_HOSTNAME=/ s/=.*/=""/
|
||||
/^KUBELET_ARGS=/ s|=.*|="'"\$(/etc/kubernetes/get_require_kubeconfig.sh) ${KUBELET_ARGS}"'"|
|
||||
' /etc/kubernetes/kubelet
|
||||
|
|
|
@ -14,14 +14,8 @@ while [ ! -f /etc/kubernetes/certs/ca.key ] && \
|
|||
done
|
||||
|
||||
echo "starting services"
|
||||
for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kube-proxy; do
|
||||
for service in etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy; do
|
||||
echo "activating service $service"
|
||||
systemctl enable $service
|
||||
systemctl --no-block start $service
|
||||
done
|
||||
|
||||
if [ "$NETWORK_DRIVER" = "calico" ]; then
|
||||
echo "activating service kubelet"
|
||||
systemctl enable kubelet
|
||||
systemctl start kubelet
|
||||
fi
|
||||
done
|
|
@ -518,6 +518,12 @@ resources:
|
|||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-config-service.sh}
|
||||
|
||||
flannel_service:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/kubernetes/fragments/flannel-service.sh}
|
||||
|
||||
enable_services:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
|
@ -559,6 +565,7 @@ resources:
|
|||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: write_flannel_config}
|
||||
- config: {get_resource: flannel_config_service}
|
||||
- config: {get_resource: flannel_service}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Deploy kubelet in master nodes for the k8s_fedora_atomic driver.
|
||||
Previously it was done only for calico, now kubelet will run in all
|
||||
cases. Really useful, for monitoing the master nodes (eg deploy fluentd)
|
||||
or run the kubernetes control-plance self-hosted.
|
Loading…
Reference in New Issue