openstack/magnum
Code Issues Proposed changes
magnum/contrib/drivers/k8s_opensuse_v1/templates/fragments/configure-kubernetes-master.sh
sayalilunkad 6a5d02c482 [opensuse] Enabling external loadbalancer feature 
Adding config to enable OpenStack loadbalancer for Kubernetes
cluster as backend. By default we keep it disabled to avoid having
to inject the openstack credentials in the cluster always.

Change-Id: I02f690b220e933d492671f53724a604a167d5abb
2017-06-02 15:09:42 +02:00

83 lines
3.3 KiB
Bash
Raw Blame History

#!/bin/sh
. /etc/sysconfig/heat-params
echo "configuring kubernetes (master)"
# Generate ServiceAccount key if needed
SERVICE_ACCOUNT_KEY="/var/lib/kubernetes/serviceaccount.key"
if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
mkdir -p "$(dirname ${SERVICE_ACCOUNT_KEY})"
openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
fi
# Setting correct permissions for Kubernetes files
chown -R kube:kube /var/lib/kubernetes
KUBE_API_ARGS="--service-account-key-file=$SERVICE_ACCOUNT_KEY --runtime_config=api/all=true"
if [ "$TLS_DISABLED" == "True" ]; then
sed -i '
/^# KUBE_API_PORT=/ s|.*|KUBE_API_PORT="--port=8080 --insecure-port='"$KUBE_API_PORT"'"|
' /etc/kubernetes/apiserver
else
# insecure port is used internaly
sed -i '
/^# KUBE_API_PORT=/ s|.*|KUBE_API_PORT="--port=8080 --insecure-port=8080 --secure-port='"$KUBE_API_PORT"'"|
' /etc/kubernetes/apiserver
KUBE_API_ARGS="$KUBE_API_ARGS --tls_cert_file=/etc/kubernetes/ssl/server.crt"
KUBE_API_ARGS="$KUBE_API_ARGS --tls_private_key_file=/etc/kubernetes/ssl/server.key"
KUBE_API_ARGS="$KUBE_API_ARGS --client_ca_file=/etc/kubernetes/ssl/ca.crt"
fi
sed -i '
/^KUBE_ALLOW_PRIV=/ s|=.*|="--allow-privileged='"$KUBE_ALLOW_PRIV"'"|
' /etc/kubernetes/config
sed -i '
/^KUBE_API_ADDRESS=/ s|=.*|="--advertise-address='"$KUBE_NODE_IP"' --insecure-bind-address=0.0.0.0 --bind_address=0.0.0.0"|
/^KUBE_SERVICE_ADDRESSES=/ s|=.*|="--service-cluster-ip-range='"$PORTAL_NETWORK_CIDR"'"|
/^KUBE_API_ARGS=/ s|=.*|="--service-account-key-file='"$SERVICE_ACCOUNT_KEY"' --runtime-config=api\/all=true"|
/^KUBE_ETCD_SERVERS=/ s/=.*/="--etcd-servers=http:\/\/127.0.0.1:2379"/
/^KUBE_ADMISSION_CONTROL=/ s/=.*/="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota"/
' /etc/kubernetes/apiserver
cat >> /etc/kubernetes/apiserver <<EOF
#Uncomment the following line to enable Load Balancer feature
#KUBE_API_ARGS="--service-account-key-file='"$SERVICE_ACCOUNT_KEY"' --runtime-config=api\/all=true" --runtime-config=api\/all=true --cloud-config=/etc/sysconfig/kubernetes_openstack_config --cloud-provider=openstack"
EOF
sed -i '
/^KUBE_CONTROLLER_MANAGER_ARGS=/ s|=.*|="--service_account_private_key_file='"$SERVICE_ACCOUNT_KEY"' --leader-elect=true --cluster-name=kubernetes --cluster-cidr='"$FLANNEL_NETWORK_CIDR"'"|
' /etc/kubernetes/controller-manager
cat >> /etc/kubernetes/controller-manager <<EOF
#Uncomment the following line to enable Load Balancer feature
#KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file='"$SERVICE_ACCOUNT_KEY"' --leader-elect=true --cluster-name=kubernetes --cluster-cidr='"$FLANNEL_NETWORK_CIDR"' --cloud-config=/etc/sysconfig/kubernetes_openstack_config --cloud-provider=openstack"
EOF
# Generate a the configuration for Kubernetes services to talk to OpenStack Neutron
cat > /etc/sysconfig/kubernetes_openstack_config <<EOF
[Global]
auth-url=$AUTH_URL
username=$USERNAME
password=$PASSWORD
tenant-name=$TENANT_NAME
domain-name=$DOMAIN_NAME
[LoadBalancer]
lb-version=v2
subnet-id=$CLUSTER_SUBNET
create-monitor=yes
monitor-delay=1m
monitor-timeout=30s
monitor-max-retries=3
EOF
for service in kube-apiserver kube-scheduler kube-controller-manager; do
echo "activating $service service"
systemctl enable $service
echo "starting $service services"
systemctl --no-block start $service
done
View Git Blame Copy Permalink