-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
bootkube.sh
103 lines (85 loc) · 2.86 KB
/
bootkube.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/bin/bash
set -e
echo "Rendering Kubernetes core manifests..."
# shellcheck disable=SC2154
/usr/bin/docker run \
--volume "$PWD:/assets:z" \
--volume /etc/kubernetes:/etc/kubernetes:z \
"${kube_core_renderer_image}" \
--config=/assets/kco-config.yaml \
--output=/assets
echo "Rendering TNC manifests..."
# shellcheck disable=SC2154
/usr/bin/docker run \
--user 0 \
--volume "$PWD:/assets:z" \
"${tnc_operator_image}" \
--config=/assets/tnco-config.yaml \
--render-bootstrap=true \
--render-output=/assets/tnc-bootstrap
mkdir -p /etc/kubernetes/manifests/
cp "$PWD/tnc-bootstrap/tectonic-node-controller-pod.yaml" /etc/kubernetes/manifests/
cp "$PWD/tnc-bootstrap/tectonic-node-controller-config.yaml" /etc/kubernetes/tnc-config
# We originally wanted to run the etcd cert signer as
# a static pod, but kubelet could't remove static pod
# when API server is not up, so we have to run this as
# docker container.
# See https://github.com/kubernetes/kubernetes/issues/43292
echo "Starting etcd certificate signer..."
# shellcheck disable=SC2154
SIGNER=$(/usr/bin/docker run -d \
--tmpfs /tmp \
--volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \
--network host \
"${etcd_cert_signer_image}" \
serve \
--cacrt=/opt/tectonic/tls/etcd-client-ca.crt \
--cakey=/opt/tectonic/tls/etcd-client-ca.key \
--servcrt=/opt/tectonic/tls/apiserver.crt \
--servkey=/opt/tectonic/tls/apiserver.key \
--address=0.0.0.0:6443 \
--csrdir=/tmp \
--peercertdur=26280h \
--servercertdur=26280h)
echo "Waiting for etcd cluster..."
# Wait for the etcd cluster to come up.
i=0
while true; do
set +e
# shellcheck disable=SC2154,SC2086
/usr/bin/docker run \
--rm \
--name etcdctl \
--env ETCDCTL_API=3 \
--volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \
"${etcdctl_image}" \
/usr/local/bin/etcdctl \
--dial-timeout=10m \
--cacert=/opt/tectonic/tls/etcd-client-ca.crt \
--cert=/opt/tectonic/tls/etcd-client.crt \
--key=/opt/tectonic/tls/etcd-client.key \
--endpoints=${etcd_cluster} \
endpoint health
status=$?
set -e
if [ "$status" -eq 0 ]; then
break
fi
i=$((i+1))
[ $i -eq 10 ] && echo "etcdctl failed too many times." && exit 1
echo "etcdctl failed. Retrying in 5 seconds..."
sleep 5
done
echo "etcd cluster up. Killing etcd certificate signer..."
/usr/bin/docker kill "$SIGNER"
rm /etc/kubernetes/manifests/tectonic-node-controller-pod.yaml
cp -r "$PWD/bootstrap-configs" /etc/kubernetes/bootstrap-configs
echo "Starting bootkube..."
# shellcheck disable=SC2154
/usr/bin/docker run \
--volume "$PWD:/assets:z" \
--volume /etc/kubernetes:/etc/kubernetes:z \
--network=host \
--entrypoint=/bootkube \
"${bootkube_image}" \
start --asset-dir=/assets