Fix kube-router config generation (#5531)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
This commit is contained in:
parent
6221b94fdf
commit
588896712e
6 changed files with 112 additions and 76 deletions
|
@ -8,8 +8,8 @@
|
||||||
resource: "ds"
|
resource: "ds"
|
||||||
namespace: "kube-system"
|
namespace: "kube-system"
|
||||||
state: "latest"
|
state: "latest"
|
||||||
when:
|
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||||
- inventory_hostname == groups['kube-master'][0]
|
run_once: true
|
||||||
|
|
||||||
- name: kube-router | Wait for kube-router pods to be ready
|
- name: kube-router | Wait for kube-router pods to be ready
|
||||||
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||||
|
@ -18,5 +18,6 @@
|
||||||
retries: 30
|
retries: 30
|
||||||
delay: 10
|
delay: 10
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
when:
|
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||||
- inventory_hostname == groups['kube-master'][0]
|
run_once: true
|
||||||
|
changed_when: false
|
||||||
|
|
20
roles/network_plugin/kube-router/handlers/main.yml
Normal file
20
roles/network_plugin/kube-router/handlers/main.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
- name: reset_kube_router
|
||||||
|
command: /bin/true
|
||||||
|
notify:
|
||||||
|
- docker | delete kube-router containers
|
||||||
|
- containerd | delete kube-router containers
|
||||||
|
|
||||||
|
- name: docker | delete kube-router containers
|
||||||
|
shell: "docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f"
|
||||||
|
register: docker_kube_router_remove
|
||||||
|
until: docker_kube_router_remove is succeeded
|
||||||
|
retries: 5
|
||||||
|
when: container_manager in ["docker"]
|
||||||
|
|
||||||
|
- name: containerd | delete kube-router containers
|
||||||
|
shell: 'crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "crictl stopp % && crictl rmp %"'
|
||||||
|
register: crictl_kube_router_remove
|
||||||
|
until: crictl_kube_router_remove is succeeded
|
||||||
|
retries: 5
|
||||||
|
when: container_manager in ["crio", "containerd"]
|
|
@ -19,7 +19,63 @@
|
||||||
owner: kube
|
owner: kube
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
|
|
||||||
|
- name: kube-router | Create config directory
|
||||||
|
file:
|
||||||
|
path: /var/lib/kube-router
|
||||||
|
state: directory
|
||||||
|
owner: kube
|
||||||
|
recurse: true
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: kube-router | Create kubeconfig
|
||||||
|
template:
|
||||||
|
src: kubeconfig.yml.j2
|
||||||
|
dest: /var/lib/kube-router/kubeconfig
|
||||||
|
owner: kube
|
||||||
|
notify:
|
||||||
|
- reset_kube_router
|
||||||
|
|
||||||
|
- name: kube-router | Slurp cni config
|
||||||
|
slurp:
|
||||||
|
src: /etc/cni/net.d/10-kuberouter.conf
|
||||||
|
register: cni_config_slurp
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: kube-router | Set cni_config variable
|
||||||
|
set_fact:
|
||||||
|
cni_config: "{{ cni_config_slurp.content | b64decode | from_json }}"
|
||||||
|
when:
|
||||||
|
- not cni_config_slurp.failed
|
||||||
|
|
||||||
|
- name: kube-router | Set host_subnet variable
|
||||||
|
set_fact:
|
||||||
|
host_subnet: "{{ cni_config.ipam.subnet }}"
|
||||||
|
when:
|
||||||
|
- cni_config is defined
|
||||||
|
- cni_config.ipam is defined
|
||||||
|
- cni_config.ipam.subnet is defined
|
||||||
|
|
||||||
|
- name: kube-router | Set wanted cni config variable
|
||||||
|
set_fact:
|
||||||
|
wanted_cni_config: "{{ lookup('template', 'cni-conf.json.j2') }}"
|
||||||
|
|
||||||
|
- name: kube-router | Set wanted_cni_config variable
|
||||||
|
set_fact:
|
||||||
|
wanted_cni_config: "{{ wanted_cni_config | combine({ 'ipam': { 'subnet': host_subnet }}, recursive=True) }}"
|
||||||
|
when: host_subnet is defined
|
||||||
|
|
||||||
|
- name: kube-router | Create cni config
|
||||||
|
copy:
|
||||||
|
content: "{{ wanted_cni_config | to_nice_json }}"
|
||||||
|
dest: /etc/cni/net.d/10-kuberouter.conf
|
||||||
|
owner: kube
|
||||||
|
changed_when: wanted_cni_config != cni_config
|
||||||
|
notify:
|
||||||
|
- reset_kube_router
|
||||||
|
|
||||||
- name: kube-router | Create manifest
|
- name: kube-router | Create manifest
|
||||||
template:
|
template:
|
||||||
src: kube-router.yml.j2
|
src: kube-router.yml.j2
|
||||||
dest: "{{ kube_config_dir }}/kube-router.yml"
|
dest: "{{ kube_config_dir }}/kube-router.yml"
|
||||||
|
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||||
|
run_once: true
|
||||||
|
|
13
roles/network_plugin/kube-router/templates/cni-conf.json.j2
Normal file
13
roles/network_plugin/kube-router/templates/cni-conf.json.j2
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
"name":"kubernetes",
|
||||||
|
"cniVersion": "0.2.0",
|
||||||
|
"type":"bridge",
|
||||||
|
"bridge":"kube-bridge",
|
||||||
|
"isDefaultGateway":true,
|
||||||
|
{% if kube_router_support_hairpin_mode %}
|
||||||
|
"hairpinMode":true,
|
||||||
|
{% endif %}
|
||||||
|
"ipam": {
|
||||||
|
"type":"host-local"
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,47 +1,3 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: kube-router-cfg
|
|
||||||
namespace: kube-system
|
|
||||||
labels:
|
|
||||||
tier: node
|
|
||||||
k8s-app: kube-router
|
|
||||||
data:
|
|
||||||
cni-conf.json: |
|
|
||||||
{
|
|
||||||
"name":"kubernetes",
|
|
||||||
"cniVersion": "0.2.0",
|
|
||||||
"type":"bridge",
|
|
||||||
"bridge":"kube-bridge",
|
|
||||||
"isDefaultGateway":true,
|
|
||||||
{% if kube_router_support_hairpin_mode %}
|
|
||||||
"hairpinMode":true,
|
|
||||||
{% endif %}
|
|
||||||
"ipam": {
|
|
||||||
"type":"host-local"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
kubeconfig: |
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Config
|
|
||||||
clusterCIDR: {{ kube_pods_subnet }}
|
|
||||||
clusters:
|
|
||||||
- name: cluster
|
|
||||||
cluster:
|
|
||||||
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
||||||
server: {{ kube_apiserver_endpoint }}
|
|
||||||
users:
|
|
||||||
- name: kube-router
|
|
||||||
user:
|
|
||||||
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
||||||
contexts:
|
|
||||||
- context:
|
|
||||||
cluster: cluster
|
|
||||||
user: kube-router
|
|
||||||
name: kube-router-context
|
|
||||||
current-context: kube-router-context
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -146,31 +102,6 @@ spec:
|
||||||
name: metrics
|
name: metrics
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
{% endif %}
|
{% endif %}
|
||||||
initContainers:
|
|
||||||
- name: install-cni
|
|
||||||
image: {{ busybox_image_repo }}:{{ busybox_image_tag }}
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
command:
|
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- set -e -x;
|
|
||||||
if [ ! -f /etc/cni/net.d/10-kuberouter.conf ]; then
|
|
||||||
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
|
|
||||||
cp /etc/kube-router/cni-conf.json ${TMP};
|
|
||||||
mv ${TMP} /etc/cni/net.d/10-kuberouter.conf;
|
|
||||||
fi;
|
|
||||||
if [ ! -f /var/lib/kube-router/kubeconfig ]; then
|
|
||||||
TMP=/var/lib/kube-router/.tmp-kubeconfig;
|
|
||||||
cp /etc/kube-router/kubeconfig ${TMP};
|
|
||||||
mv ${TMP} /var/lib/kube-router/kubeconfig;
|
|
||||||
fi
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /etc/cni/net.d
|
|
||||||
name: cni-conf-dir
|
|
||||||
- mountPath: /etc/kube-router
|
|
||||||
name: kube-router-cfg
|
|
||||||
- name: kubeconfig
|
|
||||||
mountPath: /var/lib/kube-router
|
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
{% if kube_router_enable_dsr %}
|
{% if kube_router_enable_dsr %}
|
||||||
|
@ -195,9 +126,6 @@ spec:
|
||||||
- name: cni-conf-dir
|
- name: cni-conf-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/cni/net.d
|
path: /etc/cni/net.d
|
||||||
- name: kube-router-cfg
|
|
||||||
configMap:
|
|
||||||
name: kube-router-cfg
|
|
||||||
- name: kubeconfig
|
- name: kubeconfig
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/lib/kube-router
|
path: /var/lib/kube-router
|
||||||
|
|
18
roles/network_plugin/kube-router/templates/kubeconfig.yml.j2
Normal file
18
roles/network_plugin/kube-router/templates/kubeconfig.yml.j2
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Config
|
||||||
|
clusterCIDR: {{ kube_pods_subnet }}
|
||||||
|
clusters:
|
||||||
|
- name: cluster
|
||||||
|
cluster:
|
||||||
|
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||||
|
server: {{ kube_apiserver_endpoint }}
|
||||||
|
users:
|
||||||
|
- name: kube-router
|
||||||
|
user:
|
||||||
|
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
|
contexts:
|
||||||
|
- context:
|
||||||
|
cluster: cluster
|
||||||
|
user: kube-router
|
||||||
|
name: kube-router-context
|
||||||
|
current-context: kube-router-context
|
Loading…
Reference in a new issue