openstack/tacker
Code Issues Proposed changes
922818ba25
tacker/tools/gen_vim_config.sh
Ai Hamano 3a1ccca97d Update k8s v1.25.2 and helm 3.10.1 
This patch updates the k8s version to 1.25.2 and helm version to 3.10.1.

The following changes have been made in kubernetes 1.24, so this patch
supports them.
  - Dockershim Removed from kubelet
    -> Changed from Dockershim to CRIO
  - Service account tokens are no longer auto-generated
    for every ServiceAccount
    -> Changed secrets to be created manually

Also fixes the following API versions that have already been removed
in kubernetes 1.25.
  - autoscaling/v2beta1
  - extensions/v1beta1

Implements: blueprint update-k8s-helm-prometheus
Change-Id: Ic9c2f66251c5d11a652184be5908d91e0ee3fb7d
2022-11-16 13:39:41 +09:00

403 lines
11 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (C) 2021 Nippon Telegraph and Telephone Corporation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Uncomment for debugging.
#set -x
# Default values for optional inputs.
VIMC_DEFAULT_PROJ=admin
VIMC_DEFAULT_OS_DOMAIN=Default
VIMC_DEFAULT_TYPE=openstack
VIMC_DEFAULT_OUTPUT=vim_config.yaml
#######################################
# Find token from first entry of secrets.
# Returns:
# Secret token retrieved from kubectl.
#######################################
function k8s_token() {
# NOTES:
# - Service account tokens are no longer automatically generated
# for each ServiceAccount in Kubernetes 1.24,
# so it is necessary to manually register Secret.
kubectl create -f - <<EOF &>/dev/null
apiVersion: v1
kind: Secret
metadata:
name: default-token-k8svim
annotations:
kubernetes.io/service-account.name: "default"
type: kubernetes.io/service-account-token
EOF
local _secret=$(kubectl get secret -o jsonpath="{.items[0].metadata.name}")
echo $(kubectl get secret ${_secret} -o jsonpath="{.data.token}" |
base64 --decode)
}
#######################################
# Get endpoint of n-th from endpoints.
# Arguments:
# Index of endpoints, usually 0.
# Returns:
# URL of endpoint retrieved from kubectl.
#######################################
function k8s_endpoints() {
local _k8s_ep0_ip=$(kubectl get endpoints -o \
jsonpath="{.items[$1].subsets[0].addresses[0].ip}")
local _k8s_ep0_port=$(kubectl get endpoints -o \
jsonpath="{.items[$1].subsets[0].ports[0].port}")
echo "https://${_k8s_ep0_ip}:${_k8s_ep0_port}"
}
#######################################
# Get cert from first entry of secrets.
# Returns:
# Contents of CA sert retrieved from kubectl.
#######################################
function k8s_ssl_ca_cert() {
local _secret=$(kubectl get secret -o jsonpath="{.items[0].metadata.name}")
echo $(kubectl get secrets $_secret -o jsonpath="{.data.ca\.crt}" |
base64 --decode)
}
#######################################
# Setup contents of config from given params and output to a file.
# Globals:
# VIMC_OS_CERT_VERIFY
# VIMC_OUTPUT
# VIMC_ENDPOINT
# VIMC_OS_USER
# VIMC_OS_PASSWORD
# VIMC_PROJ
# VIMC_OS_PROJ_DOMAIN
# VIMC_OS_USER_DOMAIN
# Outputs:
# Writes contents of config for OpenStack VIM to a file, ${VIMC_OUTPUT}.
#######################################
function setup_os_config() {
local _cert_verify=
if "${VIMC_OS_CERT_VERIFY}"; then
_cert_verify=True
else
_cert_verify=False
fi
cat << EOF > ${VIMC_OUTPUT}
auth_url: "${VIMC_ENDPOINT}"
username: "${VIMC_OS_USER}"
password: "${VIMC_OS_PASSWORD}"
project_name: "${VIMC_PROJ}"
domain_name: "${VIMC_OS_PROJ_DOMAIN}"
project_domain_name: "${VIMC_OS_PROJ_DOMAIN}"
user_domain_name: "${VIMC_OS_USER_DOMAIN}"
cert_verify: "${_cert_verify}"
EOF
}
#######################################
# Setup contents of config from given params and output to a file.
# Globals:
# VIMC_K8S_USE_CERT
# VIMC_OUTPUT
# VIMC_ENDPOINT
# VIMC_K8S_TOKEN
# VIMC_PROJ
# Outputs:
# Write contents of config for OpenStack Kubernetes to a file, ${VIMC_OUTPUT}.
#######################################
function setup_k8s_config() {
# In the contents of cert, blanks are replaced with `\n` without
# in header and footer. So, remove before the procedure at once, then
# add after that again.
local _cert_header="-----BEGIN CERTIFICATE-----"
local _cert_footer="-----END CERTIFICATE-----"
# Delimiter used temporarily for replacing blanks.
local _delim=":"
if "${VIMC_K8S_USE_CERT}"; then
local _k8s_cert=`k8s_ssl_ca_cert`
_k8s_cert=`echo ${_k8s_cert} | sed "s/${_cert_header}//"`
_k8s_cert=`echo ${_k8s_cert} | sed "s/${_cert_footer}//"`
_k8s_cert=`echo ${_k8s_cert} | sed -e "s/ /${_delim}/g"`
_k8s_cert=`echo \
"${_cert_header}${_delim}${_k8s_cert}${_delim}${_cert_footer}"`
_k8s_cert=`echo ${_k8s_cert} | sed -e "s/${_delim}/\\n/g"`
else
_k8s_cert="None"
fi
cat << EOF > ${VIMC_OUTPUT}
auth_url: "${VIMC_ENDPOINT}"
bearer_token: "${VIMC_K8S_TOKEN}"
ssl_ca_cert: "${_k8s_cert}"
project_name: "${VIMC_PROJ}"
type: "kubernetes"
EOF
}
#######################################
# Show help message.
# Outputs:
# Writes help message to stdout.
#######################################
function show_help() {
cat << EOS
Generate config file for registering Kubernetes VIM
usage:
$(basename $0) [-t VIM_TYPE] [-o OUTPUT_FILE] [-e ENDPOINT]
[-p PROJCT_NAME] [-u USER_NAME] [--token TOKEN] [-c] [-h]
options:
All of options are optional.
1) Common options
-t|--type VIM_TYPE
type of VIM.
* 'openstack' or 'os' for OpenStack
* 'kubernetes' or 'k8s' for Kubernetes
-o|--output OUTPUT_FILE
name of output file, default is '${VIMC_DEFAULT_OUTPUT}'.
-e|--endpoint ENDPOINT
endpoint consists of url and port, such as 'https://127.0.0.1:6443'.
-p|--project PROJECT_NAME
name of project in which VIM is registered, default value is
'${VIMC_DEFAULT_PROJ}'.
-h|--help
show this message.
2) Options for OpenStack VIM
--os-user USER_NAME
name of OpenStack user, value of 'OS_USERNAME' is used by default.
--os-password PASSWORD
password of OpenStack user, value of 'OS_PASSWORD' is used by default.
--os-project-domain PROJ_DOMAIN
name of project domain, value of 'OS_PROJECT_DOMAIN_ID' is used by
default.
--os-user-domain USER_DOMAIN
name of user domain, value of 'OS_USER_DOMAIN_ID' is used by default.
--os-disable-cert-verify
use this option only if you set 'cert_verify' to False to disable
verifying against system certificates for keystone.
3) Options for Kubernetes VIM
--k8s-token TOKEN
bearer token.
--k8s-use-cert
use SSL CA cert.
EOS
}
#######################################
# Main function for OpenStack VIM config.
# Globals:
# VIMC_ENDPOINT
# VIMC_OS_USER
# VIMC_OS_PASSWORD
# VIMC_OS_PROJ_DOMAIN
# VIMC_OS_USER_DOMAIN
#######################################
function os_main() {
VIMC_ENDPOINT=${VIMC_ENDPOINT:-${OS_AUTH_URL}}
if [ ! ${VIMC_ENDPOINT} ]; then
clean_exit 1 \
"Error: Set 'OS_AUTH_URL' or use '--endpoint'."
fi
VIMC_OS_USER=${VIMC_OS_USER:-${OS_USERNAME}}
if [ ! ${VIMC_OS_USER} ]; then
clean_exit 1 \
"Error: No username found. Set 'OS_USERNAME' or use '--os-user'."
fi
VIMC_OS_PASSWORD=${VIMC_OS_PASSWORD:-${OS_PASSWORD}}
if [ ! ${VIMC_OS_PASSWORD} ]; then
clean_exit 1 \
"Error: No password found. Set 'OS_PASSWORD' or use '--os-password'."
fi
VIMC_OS_PROJ_DOMAIN=${VIMC_OS_PROJ_DOMAIN:-${OS_PROJECT_DOMAIN_ID}}
if [ ! ${VIMC_OS_PROJ_DOMAIN} ]; then
VIMC_OS_PROJ_DOMAIN=${VIMC_DEFAULT_OS_DOMAIN}
fi
VIMC_OS_USER_DOMAIN=${VIMC_OS_USER_DOMAIN:-${OS_USER_DOMAIN_ID}}
if [ ! ${VIMC_OS_USER_DOMAIN} ]; then
VIMC_OS_USER_DOMAIN=${VIMC_DEFAULT_OS_DOMAIN}
fi
setup_os_config
}
#######################################
# Main function for Kubernetes VIM config.
# Globals:
# VIMC_K8S_TOKEN
# VIMC_ENDPOINT
#######################################
function k8s_main() {
kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole cluster-admin --serviceaccount=default:default \
&>/dev/null
VIMC_K8S_TOKEN=${VIMC_K8S_TOKEN:-`k8s_token`}
VIMC_ENDPOINT=${VIMC_ENDPOINT:-`k8s_endpoints 0`}
setup_k8s_config
}
#######################################
# Re-wind OPTIND and clean all other variables as finalization.
# Globals:
# OPTIND
# PREV_OPTIND
# VIMC_DEFAULT_TYPE
# VIMC_DEFAULT_OUTPUT
# VIMC_DEFAULT_PROJ
# VIMC_TYPE
# VIMC_OUTPUT
# VIMC_ENDPOINT
# VIMC_PROJ
# VIMC_OS_USER
# VIMC_OS_PASSWORD
# VIMC_OS_PROJ_DOMAIN
# VIMC_OS_USER_DOMAIN
# VIMC_OS_CERT_VERIFY
# VIMC_K8S_TOKEN
# VIMC_K8S_USE_CERT
#######################################
function cleanup() {
OPTIND=${PREV_OPTIND}
VIMC_DEFAULT_TYPE=
VIMC_DEFAULT_OUTPUT=
VIMC_DEFAULT_PROJ=
VIMC_TYPE=
VIMC_OUTPUT=
VIMC_ENDPOINT=
VIMC_PROJ=
VIMC_OS_USER=
VIMC_OS_PASSWORD=
VIMC_OS_PROJ_DOMAIN=
VIMC_OS_USER_DOMAIN=
VIMC_OS_CERT_VERIFY=
VIMC_K8S_TOKEN=
VIMC_K8S_USE_CERT=
}
#######################################
# Ensure cleanup before exit.
# Arguments:
# Exit code (optional).
# Error message to be output to stderr (optional).
#######################################
function clean_exit() {
cleanup
if [[ $2 != "" ]]; then
echo $2 >&2
fi
exit $1
}
#######################################
# Main procedure is started from here.
#######################################
PREV_OPTIND=${OPTIND}
OPTIND=1
while getopts t:o:e:p:ch-: opt; do
optarg=${OPTARG}
if [[ "${opt}" = - ]]; then
opt="-${OPTARG%%=*}"
optarg="${OPTARG/${OPTARG%%=*}/}"
optarg="${optarg#=}"
if [[ -z "$optarg" ]] && [[ ! "${!OPTIND}" = -* ]]; then
optarg="${!OPTIND}"
shift
fi
fi
case "-${opt}" in
-t|--type)
VIMC_TYPE=${optarg};
;;
-o|--output)
VIMC_OUTPUT=${optarg};
;;
-e|--endpoint)
VIMC_ENDPOINT=${optarg};
;;
-p|--project)
VIMC_PROJ=${optarg};
;;
--os-user)
VIMC_OS_USER=${optarg};
;;
--os-password)
VIMC_OS_PASSWORD=${optarg};
;;
--os-project-domain)
VIMC_OS_PROJ_DOMAIN=${optarg};
;;
--os-user-domain)
VIMC_OS_USER_DOMAIN=${optarg};
;;
--os-disable-cert-verify)
VIMC_OS_CERT_VERIFY=false;
;;
--k8s-token)
VIMC_K8S_TOKEN=${optarg};
;;
--k8s-use-cert)
VIMC_K8S_USE_CERT=true;
;;
-h|--help)
show_help;
clean_exit;
;;
--*)
clean_exit 1 "Error: Illegal option '${opt##-}'.";
;;
esac
done
VIMC_TYPE=${VIMC_TYPE:-${VIMC_DEFAULT_TYPE}}
VIMC_OUTPUT=${VIMC_OUTPUT:-${VIMC_DEFAULT_OUTPUT}}
VIMC_PROJ=${VIMC_PROJ:-${VIMC_DEFAULT_PROJ}}
VIMC_OS_CERT_VERIFY=${VIMC_OS_CERT_VERIFY:-true}
VIMC_K8S_USE_CERT=${VIMC_K8S_USE_CERT:-false}
if [[ ${VIMC_TYPE} == "openstack" || ${VIMC_TYPE} == "os" ]]; then
os_main
echo "Config for OpenStack VIM '${VIMC_OUTPUT}' generated."
elif [[ ${VIMC_TYPE} == "kubernetes" || ${VIMC_TYPE} == "k8s" ]]; then
k8s_main
echo "Config for Kubernetes VIM '${VIMC_OUTPUT}' generated."
else
echo "Error: No type matched with '${VIMC_TYPE}'." >&2
fi
cleanup
set +x
View Git Blame Copy Permalink