82 lines
3.0 KiB
Bash
82 lines
3.0 KiB
Bash
#!/bin/sh
|
|
|
|
. /etc/sysconfig/heat-params
|
|
|
|
echo "configuring kubernetes (master)"
|
|
|
|
# Generate ServiceAccount key if needed
|
|
SERVICE_ACCOUNT_KEY="/var/lib/kubernetes/serviceaccount.key"
|
|
if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
|
|
mkdir -p "$(dirname ${SERVICE_ACCOUNT_KEY})"
|
|
openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
|
|
fi
|
|
|
|
# Setting correct permissions for Kubernetes files
|
|
chown -R kube:kube /var/lib/kubernetes
|
|
|
|
KUBE_API_ARGS="--service-account-key-file=$SERVICE_ACCOUNT_KEY --runtime_config=api/all=true"
|
|
|
|
if [ "$TLS_DISABLED" == "True" ]; then
|
|
sed -i '
|
|
/^# KUBE_API_PORT=/ s|.*|KUBE_API_PORT="--port=8080 --insecure-port='"$KUBE_API_PORT"'"|
|
|
' /etc/kubernetes/apiserver
|
|
else
|
|
# insecure port is used internaly
|
|
sed -i '
|
|
/^# KUBE_API_PORT=/ s|.*|KUBE_API_PORT="--port=8080 --insecure-port=8080 --secure-port='"$KUBE_API_PORT"'"|
|
|
' /etc/kubernetes/apiserver
|
|
KUBE_API_ARGS="$KUBE_API_ARGS --tls_cert_file=/etc/kubernetes/ssl/server.crt"
|
|
KUBE_API_ARGS="$KUBE_API_ARGS --tls_private_key_file=/etc/kubernetes/ssl/server.key"
|
|
KUBE_API_ARGS="$KUBE_API_ARGS --client_ca_file=/etc/kubernetes/ssl/ca.crt"
|
|
fi
|
|
|
|
sed -i '
|
|
/^KUBE_ALLOW_PRIV=/ s|=.*|="--allow-privileged='"$KUBE_ALLOW_PRIV"'"|
|
|
' /etc/kubernetes/config
|
|
|
|
sed -i '
|
|
/^KUBE_API_ADDRESS=/ s|=.*|="--advertise-address='"$KUBE_NODE_IP"' --insecure-bind-address=0.0.0.0 --bind_address=0.0.0.0"|
|
|
/^KUBE_SERVICE_ADDRESSES=/ s|=.*|="--service-cluster-ip-range='"$PORTAL_NETWORK_CIDR"'"|
|
|
/^KUBE_API_ARGS=/ s|=.*|="'"$KUBE_API_ARGS"'"|
|
|
/^KUBE_ETCD_SERVERS=/ s/=.*/="--etcd-servers=http:\/\/127.0.0.1:2379"/
|
|
/^KUBE_ADMISSION_CONTROL=/ s/=.*/="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota"/
|
|
' /etc/kubernetes/apiserver
|
|
|
|
cat >> /etc/kubernetes/apiserver <<EOF
|
|
#Uncomment the following line to enable Load Balancer feature
|
|
#KUBE_API_ARGS="--runtime-config=api/all=true --cloud-config=/etc/sysconfig/kubernetes_openstack_config --cloud-provider=openstack"
|
|
EOF
|
|
|
|
sed -i '
|
|
/^KUBE_CONTROLLER_MANAGER_ARGS=/ s|=.*|="--service_account_private_key_file='"$SERVICE_ACCOUNT_KEY"' --leader-elect=true --cluster-name=kubernetes --cluster-cidr='"$FLANNEL_NETWORK_CIDR"'"|
|
|
' /etc/kubernetes/controller-manager
|
|
|
|
cat >> /etc/kubernetes/controller-manager <<EOF
|
|
|
|
#Uncomment the following line to enable Kubernetes Load Balancer feature
|
|
#KUBE_CONTROLLER_MANAGER_ARGS="--cloud-config=/etc/sysconfig/kubernetes_openstack_config --cloud-provider=openstack"
|
|
EOF
|
|
|
|
# Generate a the configuration for Kubernetes services to talk to OpenStack Neutron
|
|
cat > /etc/sysconfig/kubernetes_openstack_config <<EOF
|
|
[Global]
|
|
auth-url=$AUTH_URL
|
|
Username=$USERNAME
|
|
Password=$PASSWORD
|
|
tenant-name=$TENANT_NAME
|
|
[LoadBalancer]
|
|
subnet-id=$CLUSTER_SUBNET
|
|
create-monitor=yes
|
|
monitor-delay=1m
|
|
monitor-timeout=30s
|
|
monitor-max-retries=3
|
|
EOF
|
|
|
|
for service in kube-apiserver kube-scheduler kube-controller-manager; do
|
|
echo "activating $service service"
|
|
systemctl enable $service
|
|
|
|
echo "starting $service services"
|
|
systemctl --no-block start $service
|
|
done
|