Add proxy for k8s
This patch adds proxy in follow places: 1. etcd needs ETCD_DISCOVERY_PROXY when try to do discovery /etc/etcd/etcd.conf 2. docker daemon need set proxy to allow downloads images /etc/systemd/system/docker.service.d/proxy.conf 3. and for os level, we need to set http_proxy, https_proxy and no_proxy too /etc/bashrc Implements: blueprint discovery-proxy Co-authored-by: Manjeet Singh Bhatia <manjeet.s.bhatia@intel.com> Change-Id: I19c92dc9b4fe195037b5ad4ca49b529cf6be4cfb
This commit is contained in:
parent
d59d4c2465
commit
ec92085271
|
@ -0,0 +1,36 @@
|
|||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
DOCKER_PROXY_CONF=/etc/systemd/system/docker.service.d/proxy.conf
|
||||
|
||||
if [ -n "$HTTP_PROXY" ]; then
|
||||
cat <<EOF | sed "s/^ *//" > $DOCKER_PROXY_CONF
|
||||
[Service]
|
||||
Environment=HTTP_PROXY=$HTTP_PROXY
|
||||
EOF
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl --no-block restart docker.service
|
||||
|
||||
if [ -f "/etc/bashrc" ]; then
|
||||
echo "declare -x http_proxy=$HTTP_PROXY" >> /etc/bashrc
|
||||
else
|
||||
echo "File /etc/bashrc does not exist, not setting http_proxy"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$HTTPS_PROXY" ]; then
|
||||
if [ -f "/etc/bashrc" ]; then
|
||||
echo "declare -x https_proxy=$HTTPS_PROXY" >> /etc/bashrc
|
||||
else
|
||||
echo "File /etc/bashrc does not exist, not setting https_proxy"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$NO_PROXY" ]; then
|
||||
if [ -f "/etc/bashrc" ]; then
|
||||
echo "declare -x no_proxy=$NO_PROXY" >> /etc/bashrc
|
||||
else
|
||||
echo "File /etc/bashrc does not exist, not setting no_proxy"
|
||||
fi
|
|
@ -15,3 +15,7 @@ ETCD_ADVERTISE_CLIENT_URLS="http://$myip:2379"
|
|||
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://$myip:2380"
|
||||
ETCD_DISCOVERY="$ETCD_DISCOVERY_URL"
|
||||
EOF
|
||||
|
||||
if [ -n "$HTTP_PROXY" ]; then
|
||||
echo "ETCD_DISCOVERY_PROXY=$HTTP_PROXY" >> /etc/etcd/etcd.conf
|
||||
fi
|
||||
|
|
|
@ -24,3 +24,6 @@ write_files:
|
|||
BAY_UUID="$BAY_UUID"
|
||||
USER_TOKEN="$USER_TOKEN"
|
||||
MAGNUM_URL="$MAGNUM_URL"
|
||||
HTTP_PROXY="$HTTP_PROXY"
|
||||
HTTPS_PROXY="$HTTPS_PROXY"
|
||||
NO_PROXY="$NO_PROXY"
|
||||
|
|
|
@ -26,3 +26,6 @@ write_files:
|
|||
BAY_UUID="$BAY_UUID"
|
||||
USER_TOKEN="$USER_TOKEN"
|
||||
MAGNUM_URL="$MAGNUM_URL"
|
||||
HTTP_PROXY="$HTTP_PROXY"
|
||||
HTTPS_PROXY="$HTTPS_PROXY"
|
||||
NO_PROXY="$NO_PROXY"
|
||||
|
|
|
@ -231,6 +231,21 @@ parameters:
|
|||
type: string
|
||||
description: endpoint to retrieve TLS certs from
|
||||
|
||||
http_proxy:
|
||||
type: string
|
||||
description: http proxy address for docker
|
||||
default: ""
|
||||
|
||||
https_proxy:
|
||||
type: string
|
||||
description: https proxy address for docker
|
||||
default: ""
|
||||
|
||||
no_proxy:
|
||||
type: string
|
||||
description: no proxies for docker
|
||||
default: ""
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
|
@ -402,6 +417,9 @@ resources:
|
|||
tls_disabled: {get_param: tls_disabled}
|
||||
secgroup_base_id: {get_resource: secgroup_base}
|
||||
secgroup_kube_master_id: {get_resource: secgroup_kube_master}
|
||||
http_proxy: {get_param: http_proxy}
|
||||
https_proxy: {get_param: https_proxy}
|
||||
no_proxy: {get_param: no_proxy}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -449,6 +467,9 @@ resources:
|
|||
kubernetes_port: {get_param: kubernetes_port}
|
||||
tls_disabled: {get_param: tls_disabled}
|
||||
secgroup_kube_minion_id: {get_resource: secgroup_kube_minion}
|
||||
http_proxy: {get_param: http_proxy}
|
||||
https_proxy: {get_param: https_proxy}
|
||||
no_proxy: {get_param: no_proxy}
|
||||
|
||||
outputs:
|
||||
|
||||
|
|
|
@ -135,6 +135,18 @@ parameters:
|
|||
type: string
|
||||
description: >
|
||||
tenant name
|
||||
http_proxy:
|
||||
type: string
|
||||
description: http proxy address for docker
|
||||
default: ""
|
||||
https_proxy:
|
||||
type: string
|
||||
description: https proxy address for docker
|
||||
default: ""
|
||||
no_proxy:
|
||||
type: string
|
||||
description: no proxies for docker
|
||||
default: ""
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -181,6 +193,9 @@ resources:
|
|||
"$BAY_UUID": {get_param: bay_uuid}
|
||||
"$USER_TOKEN": {get_param: user_token}
|
||||
"$MAGNUM_URL": {get_param: magnum_url}
|
||||
"$HTTP_PROXY": {get_param: http_proxy}
|
||||
"$HTTPS_PROXY": {get_param: https_proxy}
|
||||
"$NO_PROXY": {get_param: no_proxy}
|
||||
|
||||
make_cert:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
|
@ -254,6 +269,12 @@ resources:
|
|||
group: ungrouped
|
||||
config: {get_file: fragments/disable-selinux.sh}
|
||||
|
||||
add_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/add-proxy.sh}
|
||||
|
||||
kube_master_init:
|
||||
type: OS::Heat::MultipartMime
|
||||
properties:
|
||||
|
@ -265,6 +286,7 @@ resources:
|
|||
- config: {get_resource: write_kube_os_config}
|
||||
- config: {get_resource: make_cert}
|
||||
- config: {get_resource: configure_kubernetes}
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: write_network_config}
|
||||
- config: {get_resource: network_config_service}
|
||||
|
|
|
@ -149,6 +149,21 @@ parameters:
|
|||
type: string
|
||||
description: ID of the security group for kubernetes minion.
|
||||
|
||||
http_proxy:
|
||||
type: string
|
||||
description: http proxy address for docker
|
||||
default: ""
|
||||
|
||||
https_proxy:
|
||||
type: string
|
||||
description: https proxy address for docker
|
||||
default: ""
|
||||
|
||||
no_proxy:
|
||||
type: string
|
||||
description: no proxies for docker
|
||||
default: ""
|
||||
|
||||
resources:
|
||||
|
||||
minion_wait_handle:
|
||||
|
@ -196,6 +211,9 @@ resources:
|
|||
$BAY_UUID: {get_param: bay_uuid}
|
||||
$USER_TOKEN: {get_param: user_token}
|
||||
$MAGNUM_URL: {get_param: magnum_url}
|
||||
$HTTP_PROXY: {get_param: http_proxy}
|
||||
$HTTPS_PROXY: {get_param: https_proxy}
|
||||
$NO_PROXY: {get_param: no_proxy}
|
||||
|
||||
write_kubeconfig:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
|
@ -281,6 +299,12 @@ resources:
|
|||
group: ungrouped
|
||||
config: {get_file: fragments/disable-selinux.sh}
|
||||
|
||||
add_proxy:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/add-proxy.sh}
|
||||
|
||||
kube_minion_init:
|
||||
type: OS::Heat::MultipartMime
|
||||
properties:
|
||||
|
@ -295,6 +319,7 @@ resources:
|
|||
- config: {get_resource: kube_register}
|
||||
- config: {get_resource: configure_kubernetes_minion}
|
||||
- config: {get_resource: network_service}
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: minion_wc_notify}
|
||||
|
||||
|
|
Loading…
Reference in New Issue