Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes to allow refresh from 1.13 #649

Merged
merged 6 commits into from Sep 17, 2019
Merged

Fixes to allow refresh from 1.13 #649

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
491bf8f
Add cni-network when missing, eg refresh from 1.13
ktsakalozos Sep 16, 2019
4993f74
Use snapctl instead of systemctl
ktsakalozos Sep 16, 2019
1911f8c
Use the right names for services
ktsakalozos Sep 16, 2019
783affa
And missed the etcd
ktsakalozos Sep 16, 2019
5f90386
Allow some slack for flanneld to start
ktsakalozos Sep 16, 2019
2993ce4
Handle transition to containerd from docker. And handle missing flann…
ktsakalozos Sep 17, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 13 additions & 1 deletion microk8s-resources/wrappers/run-flanneld-with-args
View file
Open in desktop
Expand Up @@ -8,6 +8,19 @@ source $SNAP/actions/common/utils.sh

exit_if_service_not_expected_to_start flanneld

# Allow some slack for containerd and etcd to start
# so we avoid this edge case: https://forum.snapcraft.io/t/restarting-services-from-configure-hook-race-condition/2513/13
sleep 5

n=0
until [ $n -ge 10 ]
do
test -e "$SNAP_DATA/args/flannel-network-mgr-config" && "$SNAP_DATA/args/flanneld" && break
echo "Waiting for flannled configuration to appear. (attempt $n)"
n=$[$n+1]
sleep 2
done

# TODO rewrite for snaps
etcd_endpoints="$(cat $SNAP_DATA/args/flanneld | grep "etcd-endpoints" | tr "=" " "| awk '{print $2}')"
cert_file="$(cat $SNAP_DATA/args/flanneld | grep "etcd-certfile" | tr "=" " "| awk '{print $2}')"
Expand All @@ -27,7 +40,6 @@ fi

"${SNAP}/etcdctl" --endpoint "${etcd_endpoints}" --cert-file "${cert_file}" --key-file "${key_file}" --ca-file "${ca_file}" set "/coreos.com/network/config" "$data"


# This is really the only way I could find to get the args passed in correctly. WTF
declare -a args="($(cat $SNAP_DATA/args/flanneld))"
exec "$SNAP/opt/cni/bin/flanneld" "${args[@]}"
45 changes: 26 additions & 19 deletions snap/hooks/configure
View file
Open in desktop
Expand Up @@ -20,8 +20,8 @@ then
"$SNAP/bin/sed" -i 's@\${SNAP}/certs/serviceaccount.key@\${SNAP_DATA}/certs/serviceaccount.key@g' ${SNAP_DATA}/args/kube-apiserver
"$SNAP/bin/sed" -i 's@\${SNAP}/certs/ca.crt@\${SNAP_DATA}/certs/ca.crt@g' ${SNAP_DATA}/args/kube-controller-manager
"$SNAP/bin/sed" -i 's@\${SNAP}/certs/serviceaccount.key@\${SNAP_DATA}/certs/serviceaccount.key@g' ${SNAP_DATA}/args/kube-controller-manager
systemctl restart snap.${SNAP_NAME}.daemon-apiserver
systemctl restart snap.${SNAP_NAME}.daemon-controller-manager
snapctl restart ${SNAP_NAME}.daemon-apiserver
snapctl restart ${SNAP_NAME}.daemon-controller-manager
fi

#Allow the ability to add external IPs to the csr, by moving the csr.conf.template to SNAP_DATA
Expand All @@ -37,7 +37,7 @@ then
# Add a new line at the end
echo "" >> ${SNAP_DATA}/args/kube-apiserver
echo "--requestheader-client-ca-file=\${SNAP_DATA}/certs/ca.crt" >> ${SNAP_DATA}/args/kube-apiserver
systemctl restart snap.${SNAP_NAME}.daemon-apiserver
snapctl restart ${SNAP_NAME}.daemon-apiserver
fi

# Enable the aggregation layer (continue)
Expand All @@ -51,7 +51,7 @@ then
echo '--requestheader-username-headers=X-Remote-User' >> ${SNAP_DATA}/args/kube-apiserver
echo '--proxy-client-cert-file=${SNAP_DATA}/certs/front-proxy-client.crt' >> ${SNAP_DATA}/args/kube-apiserver
echo '--proxy-client-key-file=${SNAP_DATA}/certs/front-proxy-client.key' >> ${SNAP_DATA}/args/kube-apiserver
systemctl restart snap.${SNAP_NAME}.daemon-apiserver
snapctl restart ${SNAP_NAME}.daemon-apiserver
fi

# Patch for issue: https://github.com/ubuntu/microk8s/issues/121
Expand Down Expand Up @@ -80,11 +80,15 @@ then
fi

# Upgrading to containerd
if [ ! -e ${SNAP_DATA}/args/containerd ]
if [ ! -e ${SNAP_DATA}/args/containerd ] ||
grep -e "\-\-docker unix://\${SNAP_DATA}/docker.sock" ${SNAP_DATA}/args/kubelet
then
echo "Making sure we have containerd file"
cp ${SNAP_DATA}/args/containerd ${SNAP_DATA}/args/containerd.backup || true
cp ${SNAP}/default-args/containerd ${SNAP_DATA}/args/containerd
cp ${SNAP_DATA}/args/containerd-template.toml ${SNAP_DATA}/args/containerd-template.toml.backup || true
cp ${SNAP}/default-args/containerd-template.toml ${SNAP_DATA}/args/containerd-template.toml
cp ${SNAP_DATA}/args/containerd-env ${SNAP_DATA}/args/containerd-env.backup || true
cp ${SNAP}/default-args/containerd-env ${SNAP_DATA}/args/containerd-env

cp -r ${SNAP}/default-args/cni-network ${SNAP_DATA}/args/
Expand All @@ -98,8 +102,8 @@ then
skip_opt_in_config docker kubelet
skip_opt_in_config docker-endpoint kubelet

systemctl restart snap.${SNAP_NAME}.daemon-containerd
systemctl restart snap.${SNAP_NAME}.daemon-kubelet
snapctl restart ${SNAP_NAME}.daemon-containerd
snapctl restart ${SNAP_NAME}.daemon-kubelet

if [ -e ${SNAP_DATA}/args/dockerd ] && grep -e "default-runtime=nvidia" ${SNAP_DATA}/args/dockerd
then
Expand All @@ -115,8 +119,8 @@ fi
if [ "$(produce_certs)" == "1" ]
then
rm -rf .srl
systemctl restart snap.${SNAP_NAME}.daemon-apiserver.service
systemctl restart snap.${SNAP_NAME}.daemon-proxy.service
snapctl restart ${SNAP_NAME}.daemon-apiserver
snapctl restart ${SNAP_NAME}.daemon-proxy
fi

# Make containerd stream server listen to localhost
Expand All @@ -127,16 +131,16 @@ then
then
"$SNAP/bin/sed" -i 's@stream_server_port = "10010"@stream_server_port = "0"@g' ${SNAP_DATA}/args/containerd-template.toml
fi
systemctl restart snap.${SNAP_NAME}.daemon-containerd
systemctl restart snap.${SNAP_NAME}.daemon-kubelet
snapctl restart ${SNAP_NAME}.daemon-containerd
snapctl restart ${SNAP_NAME}.daemon-kubelet
fi

# With v1.15 allow-privileged is removed from kubelet
if grep -e "\-\-allow-privileged" ${SNAP_DATA}/args/kubelet
then
echo "Patching 1.15 allow-privileged"
sudo "${SNAP}/bin/sed" -i '/allow-privileged/d' ${SNAP_DATA}/args/kubelet
systemctl restart snap.${SNAP_NAME}.daemon-kubelet
snapctl restart ${SNAP_NAME}.daemon-kubelet
fi

if ([ -f "$SNAP_USER_COMMON/istio-auth.lock" ] || [ -f "$SNAP_USER_COMMON/istio-auth.lock" ]) && ! [ -f "$SNAP_DATA/bin/istioctl" ]
Expand Down Expand Up @@ -181,7 +185,7 @@ then
refresh_opt_in_config kubeconfig \${SNAP_DATA}/credentials/kubelet.config kubelet
refresh_opt_in_config token-auth-file \${SNAP_DATA}/credentials/known_tokens.csv kube-apiserver

systemctl restart snap.${SNAP_NAME}.daemon-kubelet
snapctl restart ${SNAP_NAME}.daemon-kubelet
need_api_restart=true
fi

Expand All @@ -206,7 +210,7 @@ then
skip_opt_in_config master kube-proxy
refresh_opt_in_config token-auth-file \${SNAP_DATA}/credentials/known_tokens.csv kube-apiserver

systemctl restart snap.${SNAP_NAME}.daemon-proxy
snapctl restart ${SNAP_NAME}.daemon-proxy
need_api_restart=true
fi

Expand All @@ -231,7 +235,7 @@ then
skip_opt_in_config master kube-scheduler
refresh_opt_in_config token-auth-file \${SNAP_DATA}/credentials/known_tokens.csv kube-apiserver

systemctl restart snap.${SNAP_NAME}.daemon-scheduler
snapctl restart ${SNAP_NAME}.daemon-scheduler
need_api_restart=true
fi

Expand All @@ -257,7 +261,7 @@ then
refresh_opt_in_config use-service-account-credentials true kube-controller-manager

refresh_opt_in_config token-auth-file \${SNAP_DATA}/credentials/known_tokens.csv kube-apiserver
systemctl restart snap.${SNAP_NAME}.daemon-controller-manager
snapctl restart ${SNAP_NAME}.daemon-controller-manager
fi

# Securing important directories
Expand All @@ -280,11 +284,14 @@ fi

if ! [ -f "${SNAP_DATA}/args/flanneld" ]
then
mkdir -p ${SNAP_DATA}/args/cni-network/
cp -r ${SNAP}/default-args/cni-network/flannel.conflist ${SNAP_DATA}/args/cni-network/
cp ${SNAP}/default-args/flanneld ${SNAP_DATA}/args/
cp ${SNAP}/default-args/flannel-template.conflist ${SNAP_DATA}/args/
cp ${SNAP}/default-args/flannel-network-mgr-config ${SNAP_DATA}/args/
systemctl restart snap.${SNAP_NAME}.daemon-flanneld
snapctl restart ${SNAP_NAME}.daemon-etcd
snapctl restart ${SNAP_NAME}.daemon-containerd
snapctl restart ${SNAP_NAME}.daemon-flanneld
fi

if grep -e "etcd.socket:2379" ${SNAP_DATA}/args/etcd
Expand All @@ -297,7 +304,7 @@ then
refresh_opt_in_config trusted-ca-file \${SNAP_DATA}/certs/ca.crt etcd
refresh_opt_in_config cert-file \${SNAP_DATA}/certs/server.crt etcd
refresh_opt_in_config key-file \${SNAP_DATA}/certs/server.key etcd
systemctl restart snap.${SNAP_NAME}.daemon-etcd
snapctl restart ${SNAP_NAME}.daemon-etcd

refresh_opt_in_config etcd-servers https://127.0.0.1:12379 kube-apiserver
refresh_opt_in_config etcd-cafile \${SNAP_DATA}/certs/ca.crt kube-apiserver
Expand All @@ -308,7 +315,7 @@ fi

if [ "${need_api_restart}" ]
then
systemctl restart snap.${SNAP_NAME}.daemon-apiserver
snapctl restart ${SNAP_NAME}.daemon-apiserver
fi

if [ -L "${SNAP_DATA}/bin/cilium" ]
Expand Down