Add proxy for k8s

This patch adds proxy in follow places: 1. etcd needs ETCD_DISCOVERY_PROXY when try to do discovery /etc/etcd/etcd.conf 2. docker daemon need set proxy to allow downloads images /etc/systemd/system/docker.service.d/proxy.conf 3. and for os level, we need to set http_proxy, https_proxy and no_proxy too /etc/bashrc Implements: blueprint discovery-proxy Co-authored-by: Manjeet Singh Bhatia <manjeet.s.bhatia@intel.com> Change-Id: I19c92dc9b4fe195037b5ad4ca49b529cf6be4cfb
2015-10-19 11:58:15 +08:00 · 2015-10-19 11:58:15 +08:00 · ec92085271
parent d59d4c2465
commit ec92085271
7 changed files with 114 additions and 0 deletions
--- a/magnum/templates/heat-kubernetes/fragments/add-proxy.sh
+++ b/magnum/templates/heat-kubernetes/fragments/add-proxy.sh
@ -0,0 +1,36 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+
+DOCKER_PROXY_CONF=/etc/systemd/system/docker.service.d/proxy.conf
+
+if [ -n "$HTTP_PROXY" ]; then
+    cat <<EOF | sed "s/^ *//" > $DOCKER_PROXY_CONF
+    [Service]
+    Environment=HTTP_PROXY=$HTTP_PROXY
+EOF
+
+    systemctl daemon-reload
+    systemctl --no-block restart docker.service
+
+    if [ -f "/etc/bashrc" ]; then
+        echo "declare -x http_proxy=$HTTP_PROXY" >> /etc/bashrc
+    else
+        echo "File /etc/bashrc does not exist, not setting http_proxy"
+    fi
+fi
+
+if [ -n "$HTTPS_PROXY" ]; then
+    if [ -f "/etc/bashrc" ]; then
+        echo "declare -x https_proxy=$HTTPS_PROXY" >> /etc/bashrc
+    else
+        echo "File /etc/bashrc does not exist, not setting https_proxy"
+    fi
+fi
+
+if [ -n "$NO_PROXY" ]; then
+    if [ -f "/etc/bashrc" ]; then
+        echo "declare -x no_proxy=$NO_PROXY" >> /etc/bashrc
+    else
+        echo "File /etc/bashrc does not exist, not setting no_proxy"
+fi
--- a/magnum/templates/heat-kubernetes/fragments/configure-etcd.sh
+++ b/magnum/templates/heat-kubernetes/fragments/configure-etcd.sh
@ -15,3 +15,7 @@ ETCD_ADVERTISE_CLIENT_URLS="http://$myip:2379"
 ETCD_INITIAL_ADVERTISE_PEER_URLS="http://$myip:2380"
 ETCD_DISCOVERY="$ETCD_DISCOVERY_URL"
 EOF
+
+if [ -n "$HTTP_PROXY" ]; then
+    echo "ETCD_DISCOVERY_PROXY=$HTTP_PROXY" >> /etc/etcd/etcd.conf
+fi
--- a/magnum/templates/heat-kubernetes/fragments/write-heat-params-master.yaml
+++ b/magnum/templates/heat-kubernetes/fragments/write-heat-params-master.yaml
@ -24,3 +24,6 @@ write_files:
      BAY_UUID="$BAY_UUID"
      USER_TOKEN="$USER_TOKEN"
      MAGNUM_URL="$MAGNUM_URL"
+      HTTP_PROXY="$HTTP_PROXY"
+      HTTPS_PROXY="$HTTPS_PROXY"
+      NO_PROXY="$NO_PROXY"
--- a/magnum/templates/heat-kubernetes/fragments/write-heat-params.yaml
+++ b/magnum/templates/heat-kubernetes/fragments/write-heat-params.yaml
@ -26,3 +26,6 @@ write_files:
      BAY_UUID="$BAY_UUID"
      USER_TOKEN="$USER_TOKEN"
      MAGNUM_URL="$MAGNUM_URL"
+      HTTP_PROXY="$HTTP_PROXY"
+      HTTPS_PROXY="$HTTPS_PROXY"
+      NO_PROXY="$NO_PROXY"
--- a/magnum/templates/heat-kubernetes/kubecluster.yaml
+++ b/magnum/templates/heat-kubernetes/kubecluster.yaml
@ -231,6 +231,21 @@ parameters:
    type: string
    description: endpoint to retrieve TLS certs from

+  http_proxy:
+    type: string
+    description: http proxy address for docker
+    default: ""
+
+  https_proxy:
+    type: string
+    description: https proxy address for docker
+    default: ""
+
+  no_proxy:
+    type: string
+    description: no proxies for docker
+    default: ""
+
 resources:

  ######################################################################
@ -402,6 +417,9 @@ resources:
          tls_disabled: {get_param: tls_disabled}
          secgroup_base_id: {get_resource: secgroup_base}
          secgroup_kube_master_id: {get_resource: secgroup_kube_master}
+          http_proxy: {get_param: http_proxy}
+          https_proxy: {get_param: https_proxy}
+          no_proxy: {get_param: no_proxy}

  ######################################################################
  #
@ -449,6 +467,9 @@ resources:
          kubernetes_port: {get_param: kubernetes_port}
          tls_disabled: {get_param: tls_disabled}
          secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
+          http_proxy: {get_param: http_proxy}
+          https_proxy: {get_param: https_proxy}
+          no_proxy: {get_param: no_proxy}

 outputs:

--- a/magnum/templates/heat-kubernetes/kubemaster.yaml
+++ b/magnum/templates/heat-kubernetes/kubemaster.yaml
@ -135,6 +135,18 @@ parameters:
    type: string
    description: >
      tenant name
+  http_proxy:
+    type: string
+    description: http proxy address for docker
+    default: ""
+  https_proxy:
+    type: string
+    description: https proxy address for docker
+    default: ""
+  no_proxy:
+    type: string
+    description: no proxies for docker
+    default: ""

 resources:

@ -181,6 +193,9 @@ resources:
            "$BAY_UUID": {get_param: bay_uuid}
            "$USER_TOKEN": {get_param: user_token}
            "$MAGNUM_URL": {get_param: magnum_url}
+            "$HTTP_PROXY": {get_param: http_proxy}
+            "$HTTPS_PROXY": {get_param: https_proxy}
+            "$NO_PROXY": {get_param: no_proxy}

  make_cert:
    type: OS::Heat::SoftwareConfig
@ -254,6 +269,12 @@ resources:
      group: ungrouped
      config: {get_file: fragments/disable-selinux.sh}

+  add_proxy:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/add-proxy.sh}
+
  kube_master_init:
    type: OS::Heat::MultipartMime
    properties:
@ -265,6 +286,7 @@ resources:
        - config: {get_resource: write_kube_os_config}
        - config: {get_resource: make_cert}
        - config: {get_resource: configure_kubernetes}
+        - config: {get_resource: add_proxy}
        - config: {get_resource: enable_services}
        - config: {get_resource: write_network_config}
        - config: {get_resource: network_config_service}
--- a/magnum/templates/heat-kubernetes/kubeminion.yaml
+++ b/magnum/templates/heat-kubernetes/kubeminion.yaml
@ -149,6 +149,21 @@ parameters:
    type: string
    description: ID of the security group for kubernetes minion.

+  http_proxy:
+    type: string
+    description: http proxy address for docker
+    default: ""
+
+  https_proxy:
+    type: string
+    description: https proxy address for docker
+    default: ""
+
+  no_proxy:
+    type: string
+    description: no proxies for docker
+    default: ""
+
 resources:

  minion_wait_handle:
@ -196,6 +211,9 @@ resources:
            $BAY_UUID: {get_param: bay_uuid}
            $USER_TOKEN: {get_param: user_token}
            $MAGNUM_URL: {get_param: magnum_url}
+            $HTTP_PROXY: {get_param: http_proxy}
+            $HTTPS_PROXY: {get_param: https_proxy}
+            $NO_PROXY: {get_param: no_proxy}

  write_kubeconfig:
    type: OS::Heat::SoftwareConfig
@ -281,6 +299,12 @@ resources:
      group: ungrouped
      config: {get_file: fragments/disable-selinux.sh}

+  add_proxy:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/add-proxy.sh}
+
  kube_minion_init:
    type: OS::Heat::MultipartMime
    properties:
@ -295,6 +319,7 @@ resources:
        - config: {get_resource: kube_register}
        - config: {get_resource: configure_kubernetes_minion}
        - config: {get_resource: network_service}
+        - config: {get_resource: add_proxy}
        - config: {get_resource: enable_services}
        - config: {get_resource: minion_wc_notify}