step="enable-auto-scaling" printf "Starting to run ${step}\n" . /etc/sysconfig/heat-params _docker_ca_prefix=${} auto_scaling_enabled=$(echo $AUTO_SCALING_ENABLED | tr '[:upper:]' '[:lower:]') auto_healing_enabled=$(echo $AUTO_HEALING_ENABLED | tr '[:upper:]' '[:lower:]') autohealing_controller=$(echo ${AUTO_HEALING_CONTROLLER} | tr '[:upper:]' '[:lower:]') if [[ "${auto_scaling_enabled}" = "true" || ("${auto_healing_enabled}" = "true" && "${autohealing_controller}" = "draino") ]]; then # Generate Autoscaler manifest file AUTOSCALER_DEPLOY=/srv/magnum/kubernetes/manifests/autoscaler.yaml [ -f ${AUTOSCALER_DEPLOY} ] || { echo "Writing File: $AUTOSCALER_DEPLOY" mkdir -p $(dirname ${AUTOSCALER_DEPLOY}) cat << EOF > ${AUTOSCALER_DEPLOY} --- apiVersion: kind: ClusterRole metadata: name: cluster-autoscaler-role rules: - apiGroups: [""] resources: ["leases"] verbs: ["create"] - apiGroups: [""] resources: ["leases"] resourceNames: ["cluster-autoscaler"] verbs: ["get", "update", "patch", "delete"] # TODO: remove in 1.18; CA uses lease objects for leader election since 1.17 - apiGroups: [""] resources: ["endpoints"] verbs: ["create"] - apiGroups: [""] resources: ["endpoints"] resourceNames: ["cluster-autoscaler"] verbs: ["get", "update", "patch", "delete"] # accessing & modifying cluster state (nodes & pods) - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods/eviction"] verbs: ["create"] # read-only access to cluster state - apiGroups: [""] resources: ["services", "replicationcontrollers", "persistentvolumes", "persistentvolumeclaims"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["daemonsets", "replicasets"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["statefulsets"] verbs: ["get", "list", "watch"] - apiGroups: ["batch"] resources: ["jobs"] verbs: ["get", "list", "watch"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["storageclasses", "csinodes"] verbs: ["get", "list", "watch"] # misc access - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: [""] resources: ["configmaps"] resourceNames: ["cluster-autoscaler-status"] verbs: ["get", "update", "patch", "delete"] --- apiVersion: kind: ClusterRoleBinding metadata: name: cluster-autoscaler-rolebinding namespace: kube-system roleRef: apiGroup: kind: ClusterRole name: cluster-autoscaler-role subjects: - kind: ServiceAccount name: cluster-autoscaler-account namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: cluster-autoscaler-account namespace: kube-system --- kind: Deployment apiVersion: apps/v1 metadata: name: cluster-autoscaler namespace: kube-system labels: app: cluster-autoscaler spec: replicas: 1 selector: matchLabels: app: cluster-autoscaler template: metadata: namespace: kube-system labels: app: cluster-autoscaler spec: nodeSelector: "" securityContext: runAsUser: 1001 tolerations: - effect: NoSchedule operator: Exists - key: CriticalAddonsOnly operator: Exists - effect: NoExecute operator: Exists - key: value: "true" effect: NoSchedule - key: effect: NoSchedule serviceAccountName: cluster-autoscaler-account containers: - name: cluster-autoscaler image: ${_docker_ca_prefix}cluster-autoscaler:${AUTOSCALER_TAG} imagePullPolicy: Always command: - ./cluster-autoscaler - --alsologtostderr - --cloud-provider=magnum - --cluster-name=${CLUSTER_UUID} - --cloud-config=/config/cloud-config - --nodes=${MIN_NODE_COUNT}:${MAX_NODE_COUNT}:default-worker - --scale-down-unneeded-time=10m - --scale-down-delay-after-failure=3m - --scale-down-delay-after-add=10m ports: - containerPort: 8085 name: metrics protocol: TCP volumeMounts: - name: ca-bundle mountPath: /etc/kubernetes readOnly: true - name: cloud-config mountPath: /config readOnly: true volumes: - name: ca-bundle secret: secretName: ca-bundle - name: cloud-config secret: secretName: cluster-autoscaler-cloud-config EOF } echo "Waiting for Kubernetes API..." until [ "ok" = "$(kubectl get --raw='/healthz')" ] do sleep 5 done kubectl create secret generic ca-bundle --from-file=/etc/kubernetes/ca-bundle.crt -n kube-system cat <