Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
shixiong
/
okd
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: f7db81c1d1
Branch-ok Tag-ek
okd
/
roles
/
openshift_node_group
/
files
/
sync.yaml

sync.yaml 6.3 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. kind: DaemonSet
    2. 

  2. apiVersion: apps/v1
    3. 

  3. metadata:
    4. 

  4.   name: sync
    5. 

  5.   namespace: openshift-node
    6. 

  6.   annotations:
    7. 

  7.     kubernetes.io/description: |
    8. 

  8.       This daemon set provides dynamic configuration of nodes and relabels nodes as appropriate.
    9. 

  9.     image.openshift.io/triggers: |
    10. 

  10.       [
    11. 

  11.         {"from":{"kind":"ImageStreamTag","name":"node:v3.11"},"fieldPath":"spec.template.spec.containers[?(@.name==\"sync\")].image"}
    12. 

  12.       ]
    13. 

  13. spec:
    14. 

  14.   selector:
    15. 

  15.     matchLabels:
    16. 

  16.       app: sync
    17. 

  17.   updateStrategy:
    18. 

  18.     type: RollingUpdate
    19. 

  19.     rollingUpdate:
    20. 

  20.       maxUnavailable: 50%
    21. 

  21.   template:
    22. 

  22.     metadata:
    23. 

  23.       labels:
    24. 

  24.         app: sync
    25. 

  25.         component: network
    26. 

  26.         type: infra
    27. 

  27.         openshift.io/component: sync
    28. 

  28.       annotations:
    29. 

  29.         scheduler.alpha.kubernetes.io/critical-pod: ''
    30. 

  30.     spec:
    31. 

  31.       serviceAccountName: sync
    32. 

  32.       terminationGracePeriodSeconds: 1
    33. 

  33.       # Must be hostPID because it invokes operations on processes in the host space.
    34. 

  34.       hostPID: true
    35. 

  35.       # Must be hostNetwork in order to schedule before any network plugins are loaded.
    36. 

  36.       hostNetwork: true
    37. 

  37.       containers:
    38. 

  38. 

  39.       # The sync container is a temporary config loop until Kubelet dynamic config is implemented. It refreshes
    40. 

  40.       # the contents of /etc/origin/node/ with the config map ${BOOTSTRAP_CONFIG_NAME} from the openshift-node
    41. 

  41.       # namespace. It will restart the Kubelet on the host if it detects the node-config.yaml has changed.
    42. 

  42.       #
    43. 

  43.       # 1. Dynamic Kubelet config must pull down a full configmap
    44. 

  44.       # 2. Nodes must relabel themselves https://github.com/kubernetes/kubernetes/issues/59314
    45. 

  45.       #
    46. 

  46.       - name: sync
    47. 

  47.         image: " "
    48. 

  48.         command:
    49. 

  49.         - /bin/bash
    50. 

  50.         - -c
    51. 

  51.         - |
    52. 

  52.           #!/bin/bash
    53. 

  53.           set -euo pipefail
    54. 

  54. 

  55.           # set by the node image
    56. 

  56.           unset KUBECONFIG
    57. 

  57. 

  58.           trap 'kill $(jobs -p); exit 0' TERM
    59. 

  59. 

  60.           # track the current state of the config
    61. 

  61.           if [[ -f /etc/origin/node/node-config.yaml ]]; then
    62. 

  62.             md5sum /etc/origin/node/node-config.yaml > /tmp/.old
    63. 

  63.           else
    64. 

  64.             touch /tmp/.old
    65. 

  65.           fi
    66. 

  66. 

  67.           # loop until BOOTSTRAP_CONFIG_NAME is set
    68. 

  68.           while true; do
    69. 

  69.             file=/etc/sysconfig/origin-node
    70. 

  70.             if [[ -f /etc/sysconfig/atomic-openshift-node ]]; then
    71. 

  71.               file=/etc/sysconfig/atomic-openshift-node
    72. 

  72.             elif [[ -f /etc/sysconfig/origin-node ]]; then
    73. 

  73.               file=/etc/sysconfig/origin-node
    74. 

  74.             else
    75. 

  75.               echo "info: Waiting for the node sysconfig file to be created" 2>&1
    76. 

  76.               sleep 15 & wait
    77. 

  77.               continue
    78. 

  78.             fi
    79. 

  79.             name="$(sed -nE 's|^BOOTSTRAP_CONFIG_NAME=([^#].+)|\1|p' "${file}" | head -1)"
    80. 

  80.             if [[ -z "${name}" ]]; then
    81. 

  81.               echo "info: Waiting for BOOTSTRAP_CONFIG_NAME to be set" 2>&1
    82. 

  82.               sleep 15 & wait
    83. 

  83.               continue
    84. 

  84.             fi
    85. 

  85.             # in the background check to see if the value changes and exit if so
    86. 

  86.             pid=$BASHPID
    87. 

  87.             (
    88. 

  88.               while true; do
    89. 

  89.                 if ! updated="$(sed -nE 's|^BOOTSTRAP_CONFIG_NAME=([^#].+)|\1|p' "${file}" | head -1)"; then
    90. 

  90.                   echo "error: Unable to check for bootstrap config, exiting" 2>&1
    91. 

  91.                   kill $pid
    92. 

  92.                   exit 1
    93. 

  93.                 fi
    94. 

  94.                 if [[ "${updated}" != "${name}" ]]; then
    95. 

  95.                   echo "info: Bootstrap configuration profile name changed, exiting" 2>&1
    96. 

  96.                   kill $pid
    97. 

  97.                   exit 0
    98. 

  98.                 fi
    99. 

  99.                 sleep 15
    100. 

  100.               done
    101. 

  101.             ) &
    102. 

  102.             break
    103. 

  103.           done
    104. 

  104. 

  105.           # periodically refresh both node-config.yaml and relabel the node
    106. 

  106.           while true; do
    107. 

  107.             if ! oc extract "configmaps/${name}" -n openshift-node --to=/etc/origin/node --confirm --request-timeout=10s --config /etc/origin/node/node.kubeconfig "--token=$( cat /var/run/secrets/kubernetes.io/serviceaccount/token )"  > /dev/null; then
    108. 

  108.               echo "error: Unable to retrieve latest config for node" 2>&1
    109. 

  109.               sleep 15 &
    110. 

  110.               wait $!
    111. 

  111.               continue
    112. 

  112.             fi
    113. 

  113.             # detect whether the node-config.yaml has changed, and if so trigger a restart of the kubelet.
    114. 

  114.             md5sum /etc/origin/node/node-config.yaml > /tmp/.new
    115. 

  115.             if [[ "$( cat /tmp/.old )" != "$( cat /tmp/.new )" ]]; then
    116. 

  116.               echo "info: Configuration changed, restarting kubelet" 2>&1
    117. 

  117.               # TODO: kubelet doesn't relabel nodes, best effort for now
    118. 

  118.               # https://github.com/kubernetes/kubernetes/issues/59314
    119. 

  119.               if args="$(openshift start node --write-flags --config /etc/origin/node/node-config.yaml)"; then
    120. 

  120.                 labels=$(tr ' ' '\n' <<<$args | sed -ne '/^--node-labels=/ { s/^--node-labels=//; p; }' | tr ',\n' ' ')
    121. 

  121.                 if [[ -n "${labels}" ]]; then
    122. 

  122.                   echo "info: Applying node labels $labels" 2>&1
    123. 

  123.                   if ! oc label --config=/etc/origin/node/node.kubeconfig "node/${NODE_NAME}" ${labels} --overwrite; then
    124. 

  124.                     echo "error: Unable to apply labels, will retry in 10" 2>&1
    125. 

  125.                     sleep 10 &
    126. 

  126.                     wait $!
    127. 

  127.                     continue
    128. 

  128.                   fi
    129. 

  129.                 fi
    130. 

  130.               else
    131. 

  131.                 echo "error: The downloaded node configuration is invalid, exiting" 2>&1
    132. 

  132.                 exit 1
    133. 

  133.               fi
    134. 

  134.               if ! kill $(pgrep -U 0 -f '^/usr/bin/hyperkube kubelet ' | head -n1); then
    135. 

  135.                 echo "error: Unable to restart Kubelet" 2>&1
    136. 

  136.               fi
    137. 

  137.             fi
    138. 

  138.             cp -f /tmp/.new /tmp/.old
    139. 

  139.             sleep 180 &
    140. 

  140.             wait $!
    141. 

  141.           done
    142. 

  142. 

  143.         env:
    144. 

  144.         - name: NODE_NAME
    145. 

  145.           valueFrom:
    146. 

  146.             fieldRef:
    147. 

  147.               fieldPath: spec.nodeName
    148. 

  148.         securityContext:
    149. 

  149.           runAsUser: 0
    150. 

  150.           privileged: true
    151. 

  151.         volumeMounts:
    152. 

  152.         # Directory which contains the host configuration. We read from this directory
    153. 

  153.         - mountPath: /etc/origin/node/
    154. 

  154.           name: host-config
    155. 

  155.         - mountPath: /etc/sysconfig
    156. 

  156.           name: host-sysconfig-node
    157. 

  157.           readOnly: true
    158. 

  158. 

  159.       volumes:
    160. 

  160.       # In bootstrap mode, the host config contains information not easily available
    161. 

  161.       # from other locations.
    162. 

  162.       - name: host-config
    163. 

  163.         hostPath:
    164. 

  164.           path: /etc/origin/node
    165. 

  165.       - name: host-sysconfig-node
    166. 

  166.         hostPath:
    167. 

  167.           path: /etc/sysconfig
    168.