From 351fffb9de0be639d3139c7c29a6d44800dc7ea5 Mon Sep 17 00:00:00 2001 From: mozhulee <21621232@zju.edu.cn> Date: Mon, 31 Jul 2017 20:48:27 +0800 Subject: [PATCH] Containerize stackube proxy including * build docker image for stackube-proxy * deploy it via kubernetes daemonset and run the container in hostnetwork Change-Id: Iefe02f14f6e891f536cf04611d1fede340efa788 Implements: blueprint containerize-proxy Signed-off-by: mozhuli <21621232@zju.edu.cn> --- Makefile | 3 + deployment/stackube-configmap.yaml | 33 ++++ deployment/stackube-proxy.yaml | 164 ++++++++++++++++++ deployment/stackube-proxy/Dockerfile | 33 ++++ .../stackube-proxy/stackube.conf.default | 7 + deployment/stackube-proxy/start.sh | 44 +++++ deployment/stackube.yaml | 22 --- 7 files changed, 284 insertions(+), 22 deletions(-) create mode 100644 deployment/stackube-configmap.yaml create mode 100644 deployment/stackube-proxy.yaml create mode 100644 deployment/stackube-proxy/Dockerfile create mode 100644 deployment/stackube-proxy/stackube.conf.default create mode 100755 deployment/stackube-proxy/start.sh diff --git a/Makefile b/Makefile index 1d18100..ca93f1d 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,7 @@ GIT_HOST = git.openstack.org SHELL := /bin/bash STACKUBE_VERSION = 0.1 +STACKUBE_PROXY_VERSION = 0.1 KUBESTACK_VERSION = 0.1 PWD := $(shell pwd) @@ -73,6 +74,8 @@ docker: depend sudo docker build -t stackube/kubestack:v$(KUBESTACK_VERSION) ./deployment/kubestack/ cp _output/stackube-controller deployment/stackube-controller sudo docker build -t stackube/stackube-controller:v$(STACKUBE_VERSION) ./deployment/stackube-controller/ + cp _output/stackube-proxy deployment/stackube-proxy + sudo docker build -t stackube/stackube-proxy:v$(STACKUBE_PROXY_VERSION) ./deployment/stackube-proxy/ .PHONY: test test: test-unit diff --git a/deployment/stackube-configmap.yaml b/deployment/stackube-configmap.yaml new file mode 100644 index 0000000..2c83ff1 --- /dev/null +++ b/deployment/stackube-configmap.yaml @@ -0,0 +1,33 @@ +# Copyright (c) 2017 OpenStack Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This ConfigMap is used to configure stackube-controller,stackube-proxy and kubestack. +kind: ConfigMap +apiVersion: v1 +metadata: + name: stackube-config + namespace: kube-system +data: + auth-url: "" + username: "admin" + password: "password" + tenant-name: "admin" + region: "RegionOne" + ext-net-id: "" + plugin-name: "ovs" + integration-bridge: "br-int" + user-cidr: "10.244.0.0/16" + user-gateway: "10.244.0.1" + kubernetes-host: "" + kubernetes-port: "" \ No newline at end of file diff --git a/deployment/stackube-proxy.yaml b/deployment/stackube-proxy.yaml new file mode 100644 index 0000000..7acc710 --- /dev/null +++ b/deployment/stackube-proxy.yaml @@ -0,0 +1,164 @@ +# Copyright (c) 2017 OpenStack Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This manifest deploys stackube-proxy container in hostnetwork +# on each master and worker node in a Kubernetes cluster. +kind: DaemonSet +apiVersion: extensions/v1beta1 +metadata: + name: stackube-proxy + namespace: kube-system + labels: + component: stackube-proxy + k8s-app: stackube-proxy + kubernetes.io/cluster-service: "true" + name: stackube-proxy +spec: + selector: + matchLabels: + component: stackube-proxy + k8s-app: stackube-proxy + kubernetes.io/cluster-service: "true" + name: stackube-proxy + template: + metadata: + labels: + component: stackube-proxy + k8s-app: stackube-proxy + kubernetes.io/cluster-service: "true" + name: stackube-proxy + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: | + [{"key": "dedicated", "value": "master", "effect": "NoSchedule" }, + {"key":"CriticalAddonsOnly", "operator":"Exists"}] + spec: + hostNetwork: true + serviceAccountName: stackube-proxy + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: {} + terminationGracePeriodSeconds: 30 + containers: + - name: stackube-proxy + resources: {} + image: stackube/stackube-proxy:v0.1 + securityContext: + privileged: true + command: ["/start.sh"] + env: + # The endpoint of openstack authentication. + - name: AUTH_URL + valueFrom: + configMapKeyRef: + name: stackube-config + key: auth-url + # The username for openstack authentication. + - name: USERNAME + valueFrom: + configMapKeyRef: + name: stackube-config + key: username + # The password for openstack authentication. + - name: PASSWORD + valueFrom: + configMapKeyRef: + name: stackube-config + key: password + # The tenant name for openstack authentication. + - name: TENANT_NAME + valueFrom: + configMapKeyRef: + name: stackube-config + key: tenant-name + # The region for openstack authentication. + - name: REGION + valueFrom: + configMapKeyRef: + name: stackube-config + key: region + # The id of openstack external network. + - name: EXT_NET_ID + valueFrom: + configMapKeyRef: + name: stackube-config + key: ext-net-id + # The kubernetes service host. + - name: KUBERNETES_SERVICE_HOST + valueFrom: + configMapKeyRef: + name: stackube-config + key: kubernetes-host + # The kubernetes service port. + - name: KUBERNETES_SERVICE_PORT + valueFrom: + configMapKeyRef: + name: stackube-config + key: kubernetes-port + volumeMounts: + - mountPath: /var/run/netns + name: netns + - mountPath: /etc/ssl/certs + name: certs + - mountPath: /etc/pki + name: pki + volumes: + # Used to operate host netns. + - name: netns + hostPath: + path: /var/run/netns + # Used to verify the keystone server. + - name: certs + hostPath: + path: /etc/ssl/certs + - name: pki + hostPath: + path: /etc/pki + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: stackube-proxy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: stackube-proxy +subjects: +- kind: ServiceAccount + name: stackube-proxy + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: stackube-proxy +rules: +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: stackube-proxy + namespace: kube-system \ No newline at end of file diff --git a/deployment/stackube-proxy/Dockerfile b/deployment/stackube-proxy/Dockerfile new file mode 100644 index 0000000..48782b4 --- /dev/null +++ b/deployment/stackube-proxy/Dockerfile @@ -0,0 +1,33 @@ +# Copyright (c) 2017 OpenStack Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM alpine:3.6 + +MAINTAINER stackube team + +RUN apk --no-cache add bash iproute2 + +# Download and install glibc in one layer +RUN apk --no-cache add wget ca-certificates libgcc && \ + wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub && \ + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk && \ + wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-bin-2.23-r3.apk && \ + apk add glibc-2.23-r3.apk glibc-bin-2.23-r3.apk && \ + /usr/glibc-compat/sbin/ldconfig /lib /usr/glibc/usr/lib && \ + apk del wget && \ + rm -f glibc-2.23-r3.apk glibc-bin-2.23-r3.apk + +ADD stackube-proxy /stackube-proxy +ADD start.sh /start.sh +ADD stackube.conf.default /stackube.conf.tmp diff --git a/deployment/stackube-proxy/stackube.conf.default b/deployment/stackube-proxy/stackube.conf.default new file mode 100644 index 0000000..cd6b88b --- /dev/null +++ b/deployment/stackube-proxy/stackube.conf.default @@ -0,0 +1,7 @@ +[Global] +auth-url = _AUTH_URL_ +username = _USERNAME_ +password = _PASSWORD_ +tenant-name = _TENANT_NAME_ +region = _REGION_ +ext-net-id = _EXT_NET_ID_ \ No newline at end of file diff --git a/deployment/stackube-proxy/start.sh b/deployment/stackube-proxy/start.sh new file mode 100755 index 0000000..d0592f1 --- /dev/null +++ b/deployment/stackube-proxy/start.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# Copyright (c) 2017 OpenStack Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Ensure all variables are defined. +set -u + +TMP_CONF='/stackube.conf.tmp' +# Check environment variables before any real actions. +for i in 'AUTH_URL' 'USERNAME' 'PASSWORD' 'TENANT_NAME' 'REGION' 'EXT_NET_ID';do + if [ "${!i}" ];then + echo "environment variable $i = ${!i}" + else + echo "environment variable $i is empty, exit..." + exit + fi +done + +# Insert parameters. +sed -i s~_AUTH_URL_~${AUTH_URL:-}~g $TMP_CONF +sed -i s/_USERNAME_/${USERNAME:-}/g $TMP_CONF +sed -i s/_PASSWORD_/${PASSWORD:-}/g $TMP_CONF +sed -i s/_TENANT_NAME_/${TENANT_NAME:-}/g $TMP_CONF +sed -i s/_REGION_/${REGION:-}/g $TMP_CONF +sed -i s/_EXT_NET_ID_/${EXT_NET_ID:-}/g $TMP_CONF + +# Move the temporary stackube config into place. +STACKUBE_CONFIG_PATH='/etc/stackube.conf' +mv $TMP_CONF $STACKUBE_CONFIG_PATH +echo "Wrote stackube config: $(cat ${STACKUBE_CONFIG_PATH})" + +# Start stackube-proxy in-cluster. +./stackube-proxy --kubeconfig="" \ No newline at end of file diff --git a/deployment/stackube.yaml b/deployment/stackube.yaml index ab59562..8b1c4d2 100644 --- a/deployment/stackube.yaml +++ b/deployment/stackube.yaml @@ -12,28 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# This ConfigMap is used to configure stackube-controller and kubestack. -kind: ConfigMap -apiVersion: v1 -metadata: - name: stackube-config - namespace: kube-system -data: - auth-url: "" - username: "admin" - password: "password" - tenant-name: "admin" - region: "RegionOne" - ext-net-id: "" - plugin-name: "ovs" - integration-bridge: "br-int" - user-cidr: "10.244.0.0/16" - user-gateway: "10.244.0.1" - kubernetes-host: "" - kubernetes-port: "" - ---- - # This manifest installs kubestack CNI plugins and network config # on each master and worker node in a Kubernetes cluster. kind: DaemonSet