Containerize stackube proxy

including * build docker image for stackube-proxy * deploy it via kubernetes daemonset and run the container in hostnetwork Change-Id: Iefe02f14f6e891f536cf04611d1fede340efa788 Implements: blueprint containerize-proxy Signed-off-by: mozhuli <21621232@zju.edu.cn>
2017-07-31 20:48:27 +08:00 · 2017-07-31 20:48:27 +08:00 · 351fffb9de
commit 351fffb9de
parent c260194511
7 changed files with 284 additions and 22 deletions
--- a/3
+++ b/3
@ -22,6 +22,7 @@ GIT_HOST = git.openstack.org
 SHELL := /bin/bash

 STACKUBE_VERSION = 0.1
+STACKUBE_PROXY_VERSION = 0.1
 KUBESTACK_VERSION = 0.1

 PWD := $(shell pwd)
@ -73,6 +74,8 @@ docker: depend
 	sudo docker build -t stackube/kubestack:v$(KUBESTACK_VERSION) ./deployment/kubestack/
 	cp _output/stackube-controller deployment/stackube-controller
 	sudo docker build -t stackube/stackube-controller:v$(STACKUBE_VERSION) ./deployment/stackube-controller/
+	cp _output/stackube-proxy deployment/stackube-proxy
+	sudo docker build -t stackube/stackube-proxy:v$(STACKUBE_PROXY_VERSION) ./deployment/stackube-proxy/

 .PHONY: test
 test: test-unit
--- a/deployment/stackube-configmap.yaml
+++ b/deployment/stackube-configmap.yaml
@ -0,0 +1,33 @@
+# Copyright (c) 2017 OpenStack Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This ConfigMap is used to configure stackube-controller,stackube-proxy and kubestack.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: stackube-config
+  namespace: kube-system
+data:
+  auth-url: "<Your-openstack-authentication-endpoint>"
+  username: "admin"
+  password: "password"
+  tenant-name: "admin"
+  region: "RegionOne"
+  ext-net-id: "<Your-external-network-id>"
+  plugin-name: "ovs"
+  integration-bridge: "br-int"
+  user-cidr: "10.244.0.0/16"
+  user-gateway: "10.244.0.1"
+  kubernetes-host: "<Your-kubernetes-host>"
+  kubernetes-port: "<Your-kubernetes-port>"
--- a/deployment/stackube-proxy.yaml
+++ b/deployment/stackube-proxy.yaml
@ -0,0 +1,164 @@
+# Copyright (c) 2017 OpenStack Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This manifest deploys stackube-proxy container in hostnetwork
+# on each master and worker node in a Kubernetes cluster.
+kind: DaemonSet
+apiVersion: extensions/v1beta1
+metadata:
+  name: stackube-proxy
+  namespace: kube-system
+  labels:
+    component: stackube-proxy
+    k8s-app: stackube-proxy
+    kubernetes.io/cluster-service: "true"
+    name: stackube-proxy
+spec:
+  selector:
+    matchLabels:
+      component: stackube-proxy
+      k8s-app: stackube-proxy
+      kubernetes.io/cluster-service: "true"
+      name: stackube-proxy
+  template:
+    metadata:
+      labels:
+        component: stackube-proxy
+        k8s-app: stackube-proxy
+        kubernetes.io/cluster-service: "true"
+        name: stackube-proxy
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+        scheduler.alpha.kubernetes.io/tolerations: |
+          [{"key": "dedicated", "value": "master", "effect": "NoSchedule" },
+           {"key":"CriticalAddonsOnly", "operator":"Exists"}]
+    spec:
+      hostNetwork: true
+      serviceAccountName: stackube-proxy
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      containers:
+        - name: stackube-proxy
+          resources: {}
+          image: stackube/stackube-proxy:v0.1
+          securityContext:
+            privileged: true
+          command: ["/start.sh"]
+          env:
+            # The endpoint of openstack authentication.
+            - name: AUTH_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: auth-url
+            # The username for openstack authentication.
+            - name: USERNAME
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: username
+            # The password for openstack authentication.
+            - name: PASSWORD
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: password
+            # The tenant name for openstack authentication.
+            - name: TENANT_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: tenant-name
+            # The region for openstack authentication.
+            - name: REGION
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: region
+            # The id of openstack external network.
+            - name: EXT_NET_ID
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: ext-net-id
+            # The kubernetes service host.
+            - name: KUBERNETES_SERVICE_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: kubernetes-host
+            # The kubernetes service port.
+            - name: KUBERNETES_SERVICE_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: stackube-config
+                  key: kubernetes-port
+          volumeMounts:
+            - mountPath: /var/run/netns
+              name: netns
+            - mountPath: /etc/ssl/certs
+              name: certs
+            - mountPath: /etc/pki
+              name: pki
+      volumes:
+        # Used to operate host netns.
+        - name: netns
+          hostPath:
+            path: /var/run/netns
+        # Used to verify the keystone server.
+        - name: certs
+          hostPath:
+            path: /etc/ssl/certs
+        - name: pki
+          hostPath:
+            path: /etc/pki
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: stackube-proxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: stackube-proxy
+subjects:
+- kind: ServiceAccount
+  name: stackube-proxy
+  namespace: kube-system
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: stackube-proxy
+rules:
+- apiGroups:
+  - "*"
+  resources:
+  - "*"
+  verbs:
+  - "*"
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: stackube-proxy
+  namespace: kube-system
--- a/deployment/stackube-proxy/Dockerfile
+++ b/deployment/stackube-proxy/Dockerfile
@ -0,0 +1,33 @@
+# Copyright (c) 2017 OpenStack Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM alpine:3.6
+
+MAINTAINER stackube team
+
+RUN apk --no-cache add bash iproute2
+
+# Download and install glibc in one layer
+RUN apk --no-cache add wget ca-certificates libgcc && \
+    wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub && \
+    wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk && \
+    wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-bin-2.23-r3.apk && \
+    apk add glibc-2.23-r3.apk glibc-bin-2.23-r3.apk && \
+    /usr/glibc-compat/sbin/ldconfig /lib /usr/glibc/usr/lib && \
+    apk del wget && \
+    rm -f glibc-2.23-r3.apk glibc-bin-2.23-r3.apk
+
+ADD stackube-proxy /stackube-proxy
+ADD start.sh /start.sh
+ADD stackube.conf.default /stackube.conf.tmp
--- a/deployment/stackube-proxy/stackube.conf.default
+++ b/deployment/stackube-proxy/stackube.conf.default
@ -0,0 +1,7 @@
+[Global]
+auth-url = _AUTH_URL_
+username = _USERNAME_
+password = _PASSWORD_
+tenant-name = _TENANT_NAME_
+region = _REGION_
+ext-net-id = _EXT_NET_ID_
--- a/deployment/stackube-proxy/start.sh
+++ b/deployment/stackube-proxy/start.sh
@ -0,0 +1,44 @@
+#!/bin/bash
+# Copyright (c) 2017 OpenStack Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Ensure all variables are defined.
+set -u
+
+TMP_CONF='/stackube.conf.tmp'
+# Check environment variables before any real actions.
+for i in 'AUTH_URL' 'USERNAME' 'PASSWORD' 'TENANT_NAME' 'REGION' 'EXT_NET_ID';do
+	if [ "${!i}" ];then
+		echo "environment variable $i = ${!i}"
+	else
+		echo "environment variable $i is empty, exit..."
+		exit
+	fi
+done
+
+# Insert parameters.
+sed -i s~_AUTH_URL_~${AUTH_URL:-}~g $TMP_CONF
+sed -i s/_USERNAME_/${USERNAME:-}/g $TMP_CONF
+sed -i s/_PASSWORD_/${PASSWORD:-}/g $TMP_CONF
+sed -i s/_TENANT_NAME_/${TENANT_NAME:-}/g $TMP_CONF
+sed -i s/_REGION_/${REGION:-}/g $TMP_CONF
+sed -i s/_EXT_NET_ID_/${EXT_NET_ID:-}/g $TMP_CONF
+
+# Move the temporary stackube config into place.
+STACKUBE_CONFIG_PATH='/etc/stackube.conf'
+mv $TMP_CONF $STACKUBE_CONFIG_PATH
+echo "Wrote stackube config: $(cat ${STACKUBE_CONFIG_PATH})"
+
+# Start stackube-proxy in-cluster.
+./stackube-proxy --kubeconfig=""
--- a/deployment/stackube.yaml
+++ b/deployment/stackube.yaml
@ -12,28 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-# This ConfigMap is used to configure stackube-controller and kubestack.
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: stackube-config
-  namespace: kube-system
-data:
-  auth-url: "<Your-openstack-authentication-endpoint>"
-  username: "admin"
-  password: "password"
-  tenant-name: "admin"
-  region: "RegionOne"
-  ext-net-id: "<Your-external-network-id>"
-  plugin-name: "ovs"
-  integration-bridge: "br-int"
-  user-cidr: "10.244.0.0/16"
-  user-gateway: "10.244.0.1"
-  kubernetes-host: "<Your-kubernetes-host>"
-  kubernetes-port: "<Your-kubernetes-port>"
-
---
-
 # This manifest installs kubestack CNI plugins and network config
 # on each master and worker node in a Kubernetes cluster.
 kind: DaemonSet