Fix k8s deployment when cluster_user_trust=False
At the moment, cluster deployment fails when cluster_user_trust=False. This is because the entire SoftwareDeployment exits rather than a single script fragment. This patch fixes this by scoping the remainder of the script conditional on whether TRUST_ID is defined. Finally, default `cloud_provider_enabled` to false when `cluster_user_trust` is false. Raise an error when `cloud_provider_enabled` is overridden to true when `cluster_user_trust` is false. This ensures that the minion kubelet is correctly configured. Change-Id: Ibd9270c87bfa5d2f490e2e226e33ca56696d9e81 Story: 2006531 Task: 36587changes/22/681922/9
parent
41768e0ae1
commit
eebcc9b7a1
|
@ -127,7 +127,7 @@ if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
|
|||
KUBE_ADMISSION_CONTROL="--admission-control=NodeRestriction,${ADMISSION_CONTROL_LIST}"
|
||||
fi
|
||||
|
||||
if [ -n "$TRUST_ID" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
if [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
KUBE_API_ARGS="$KUBE_API_ARGS --cloud-provider=external"
|
||||
fi
|
||||
|
||||
|
@ -181,7 +181,7 @@ if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
|
|||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --service-account-private-key-file=$CERT_DIR/service_account_private.key --root-ca-file=$CERT_DIR/ca.crt"
|
||||
fi
|
||||
|
||||
if [ -n "$TRUST_ID" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
if [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cloud-provider=external"
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --external-cloud-volume-plugin=openstack --cloud-config=/etc/kubernetes/cloud-config"
|
||||
fi
|
||||
|
@ -205,7 +205,7 @@ KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=$
|
|||
KUBELET_ARGS="${KUBELET_ARGS} --volume-plugin-dir=/var/lib/kubelet/volumeplugins"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} ${KUBELET_OPTIONS}"
|
||||
|
||||
if [ -n "$TRUST_ID" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
if [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --cloud-provider=external"
|
||||
fi
|
||||
|
||||
|
|
|
@ -151,7 +151,7 @@ kubectl -n kube-system create secret generic os-trustee \
|
|||
--from-file=os-certAuthority=/etc/kubernetes/ca-bundle.crt
|
||||
|
||||
#TODO: add heat variables for master count to determine leaderelect true/False ?
|
||||
if [ -n "${TRUST_ID}" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
if [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
|
||||
occm_image="${CONTAINER_INFRA_PREFIX:-docker.io/k8scloudprovider/}openstack-cloud-controller-manager:${CLOUD_PROVIDER_TAG}"
|
||||
OCCM=/srv/magnum/kubernetes/openstack-cloud-controller-manager.yaml
|
||||
|
||||
|
|
|
@ -5,17 +5,14 @@ set +x
|
|||
set -x
|
||||
|
||||
$ssh_cmd mkdir -p /etc/kubernetes/
|
||||
|
||||
if [ -z "${TRUST_ID}" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
KUBE_OS_CLOUD_CONFIG=/etc/kubernetes/cloud-config
|
||||
$ssh_cmd cp /etc/pki/tls/certs/ca-bundle.crt /etc/kubernetes/ca-bundle.crt
|
||||
|
||||
# Generate a the configuration for Kubernetes services
|
||||
# to talk to OpenStack Neutron and Cinder
|
||||
CLOUD_CONFIG=$(cat <<EOF
|
||||
if [ -n "${TRUST_ID}" ]; then
|
||||
KUBE_OS_CLOUD_CONFIG=/etc/kubernetes/cloud-config
|
||||
|
||||
# Generate a the configuration for Kubernetes services
|
||||
# to talk to OpenStack Neutron and Cinder
|
||||
cat > ${KUBE_OS_CLOUD_CONFIG} <<EOF
|
||||
[Global]
|
||||
auth-url=$AUTH_URL
|
||||
user-id=$TRUSTEE_USER_ID
|
||||
|
@ -33,24 +30,20 @@ monitor-max-retries=3
|
|||
[BlockStorage]
|
||||
bs-version=v2
|
||||
EOF
|
||||
)
|
||||
|
||||
cat > ${KUBE_OS_CLOUD_CONFIG} <<EOF
|
||||
$CLOUD_CONFIG
|
||||
EOF
|
||||
# Provide optional region parameter if it's set.
|
||||
if [ -n "${REGION_NAME}" ]; then
|
||||
sed -i '/ca-file/a region='${REGION_NAME}'' $KUBE_OS_CLOUD_CONFIG
|
||||
fi
|
||||
|
||||
# Provide optional region parameter if it's set.
|
||||
if [ -n "${REGION_NAME}" ]; then
|
||||
sed -i '/ca-file/a region='${REGION_NAME}'' $KUBE_OS_CLOUD_CONFIG
|
||||
fi
|
||||
# backwards compatibility, some apps may expect this file from previous magnum versions.
|
||||
$ssh_cmd cp ${KUBE_OS_CLOUD_CONFIG} /etc/kubernetes/kube_openstack_config
|
||||
|
||||
# backwards compatibility, some apps may expect this file from previous magnum versions.
|
||||
$ssh_cmd cp ${KUBE_OS_CLOUD_CONFIG} /etc/kubernetes/kube_openstack_config
|
||||
|
||||
# Append additional networking config to config file provided to openstack
|
||||
# cloud controller manager (not supported by in-tree Cinder).
|
||||
cat > ${KUBE_OS_CLOUD_CONFIG}-occm <<EOF
|
||||
$CLOUD_CONFIG
|
||||
# Append additional networking config to config file provided to openstack
|
||||
# cloud controller manager (not supported by in-tree Cinder).
|
||||
$ssh_cmd cp ${KUBE_OS_CLOUD_CONFIG} ${KUBE_OS_CLOUD_CONFIG}-occm
|
||||
cat >> ${KUBE_OS_CLOUD_CONFIG}-occm <<EOF
|
||||
[Networking]
|
||||
internal-network-name=$CLUSTER_NETWORK_NAME
|
||||
EOF
|
||||
fi
|
||||
|
|
|
@ -110,7 +110,13 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
|
|||
# check cloud provider and cinder options. If cinder is selected,
|
||||
# the cloud provider needs to be enabled.
|
||||
cloud_provider_enabled = cluster.labels.get(
|
||||
'cloud_provider_enabled', 'true').lower()
|
||||
'cloud_provider_enabled',
|
||||
'true' if CONF.trust.cluster_user_trust else 'false').lower()
|
||||
if (not CONF.trust.cluster_user_trust
|
||||
and cloud_provider_enabled == 'true'):
|
||||
raise exception.InvalidParameterValue(_(
|
||||
'"cluster_user_trust" must be set to True in magnum.conf when '
|
||||
'"cloud_provider_enabled" label is set to true.'))
|
||||
if (cluster_template.volume_driver == 'cinder'
|
||||
and cloud_provider_enabled == 'false'):
|
||||
raise exception.InvalidParameterValue(_(
|
||||
|
|
Loading…
Reference in New Issue