#!/usr/bin/env bash # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. set -e if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then : ${TTL:="10m"} DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing,authentication --groups '')" DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')" API_SERVER=$(cat /etc/kubernetes/admin.conf | python3 -c "import sys, yaml; print(yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop())") exec echo "kubeadm join \ --token ${DISCOVERY_TOKEN} \ --discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \ ${API_SERVER}" elif [ "x${ACTION}" == "xjoin-kube" ]; then exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-node.yaml \ --inventory=/opt/playbooks/inventory.ini \ --extra-vars="kubeadm_join_command=\"${KUBEADM_JOIN_COMMAND}\"" fi : ${ACTION:="deploy-kube"} : ${CONTAINER_NAME:="null"} : ${CONTAINER_RUNTIME:="docker"} : ${CNI_ENABLED:="calico"} : ${CNI_HOST_IP:="10.96.232.136"} : ${NET_SUPPORT_LINUXBRIDGE:="true"} : ${PVC_SUPPORT_CEPH:="false"} : ${PVC_SUPPORT_NFS:="false"} : ${HELM_TILLER_IMAGE:="ghcr.io/helm/tiller:${HELM_VERSION}"} : ${KUBE_VERSION:="${KUBE_VERSION}"} : ${KUBE_IMAGE_REPO:="k8s.gcr.io"} : ${KUBE_API_BIND_PORT:="6443"} : ${KUBE_NET_DNS_DOMAIN:="cluster.local"} : ${KUBE_NET_POD_SUBNET:="192.168.0.0/16"} : ${KUBE_NET_SUBNET_SUBNET:="10.96.0.0/12"} : ${KUBE_BIND_DEVICE:=""} : ${KUBE_BIND_ADDR:=""} : ${KUBE_API_BIND_DEVICE:="${KUBE_BIND_DEVICE}"} : ${KUBE_API_BIND_ADDR:="${KUBE_BIND_ADDR}"} : ${KUBE_CERTS_DIR:="/etc/kubernetes/pki"} : ${KUBE_SELF_HOSTED:="false"} : ${KUBE_KEYSTONE_AUTH:="false"} : ${KUBELET_NODE_LABELS:=""} : ${GATE_FQDN_TEST:="false"} : ${GATE_INGRESS_IP:="127.0.0.1"} : ${GATE_FQDN_TLD:="openstackhelm.test"} PLAYBOOK_VARS="{ \"my_container_name\": \"${CONTAINER_NAME}\", \"user\": { \"uid\": ${USER_UID}, \"gid\": ${USER_GID}, \"home\": \"${USER_HOME}\" }, \"cluster\": { \"cni\": \"${CNI_ENABLED}\", \"cni_host_ip\": \"${CNI_HOST_IP}\" }, \"kubelet\": { \"container_runtime\": \"${CONTAINER_RUNTIME}\", \"net_support_linuxbridge\": ${NET_SUPPORT_LINUXBRIDGE}, \"pv_support_nfs\": ${PVC_SUPPORT_NFS}, \"pv_support_ceph\": ${PVC_SUPPORT_CEPH} }, \"helm\": { \"tiller_image\": \"${HELM_TILLER_IMAGE}\" }, \"k8s\": { \"kubernetesVersion\": \"${KUBE_VERSION}\", \"imageRepository\": \"${KUBE_IMAGE_REPO}\", \"certificatesDir\": \"${KUBE_CERTS_DIR}\", \"selfHosted\": \"${KUBE_SELF_HOSTED}\", \"keystoneAuth\": \"${KUBE_KEYSTONE_AUTH}\", \"api\": { \"bindPort\": ${KUBE_API_BIND_PORT} }, \"networking\": { \"dnsDomain\": \"${KUBE_NET_DNS_DOMAIN}\", \"podSubnet\": \"${KUBE_NET_POD_SUBNET}\", \"serviceSubnet\": \"${KUBE_NET_SUBNET_SUBNET}\" } }, \"gate\": { \"fqdn_testing\": \"${GATE_FQDN_TEST}\", \"ingress_ip\": \"${GATE_INGRESS_IP}\", \"fqdn_tld\": \"${GATE_FQDN_TLD}\" } }" set -x if [ "x${ACTION}" == "xdeploy-kubelet" ]; then if [ "x${KUBE_BIND_ADDR}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_addr\": \"${KUBE_BIND_ADDR}\"}") elif [ "x${KUBE_BIND_DEVICE}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_device\": \"${KUBE_BIND_DEVICE}\"}") fi if [ "x${KUBELET_NODE_LABELS}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"kubelet_labels\": \"${KUBELET_NODE_LABELS}\"}") fi exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \ --inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/vars.yaml \ --extra-vars="${PLAYBOOK_VARS}" elif [ "x${ACTION}" == "xdeploy-kube" ]; then if [ "x${KUBE_API_BIND_ADDR}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddress\": \"${KUBE_API_BIND_ADDR}\"}") elif [ "x${KUBE_API_BIND_DEVICE}" != "x" ]; then PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddressDevice\": \"${KUBE_API_BIND_DEVICE}\"}") fi exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \ --inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/vars.yaml \ --extra-vars="${PLAYBOOK_VARS}" elif [ "x${ACTION}" == "xclean-host" ]; then exec ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \ --inventory=/opt/playbooks/inventory.ini \ --inventory=/opt/playbooks/vars.yaml \ --extra-vars="${PLAYBOOK_VARS}" else exec ${ACTION} fi