github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 18:02:01 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #101884 from avrittrohwer/gce-curl-cleanup

Browse Source 
Gce curl cleanup
This commit is contained in:
Kubernetes Prow Robot 2021-05-12 20:42:24 -07:00 committed by GitHub
commit 2076dabc38
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 68 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/common.sh
View File

@ -221,7 +221,7 @@ function get-kubeconfig-user-basicauth() {
# KUBE_PASSWORD # KUBE_PASSWORD
function gen-kube-basicauth() { function gen-kube-basicauth() {
KUBE_USER='admin' KUBE_USER='admin'
KUBE_PASSWORD=$(python -c 'import string,random; print("".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16)))') KUBE_PASSWORD=$(python3 -c 'import string,random; print("".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16)))')
} }
# Get the bearer token for the current-context in kubeconfig if one exists. # Get the bearer token for the current-context in kubeconfig if one exists.

21
cluster/gce/gci/configure-helper.sh
View File

@ -28,6 +28,9 @@ set -o pipefail
### Hardcoded constants ### Hardcoded constants
METADATA_SERVER_IP="${METADATA_SERVER_IP:-169.254.169.254}" METADATA_SERVER_IP="${METADATA_SERVER_IP:-169.254.169.254}"
# Standard curl flags.
CURL_FLAGS='--fail --silent --show-error --retry 5 --retry-delay 3 --connect-timeout 10 --retry-connrefused'
function convert-manifest-params { function convert-manifest-params {
# A helper function to convert the manifest args from a string to a list of # A helper function to convert the manifest args from a string to a list of
# flag arguments. # flag arguments.
@ -2278,14 +2281,10 @@ function download-extra-addons {
mkdir -p "${out_dir}" mkdir -p "${out_dir}"
# shellcheck disable=SC2206
local curl_cmd=( local curl_cmd=(
"curl" "curl"
"--fail" ${CURL_FLAGS}
"--retry" "5"
"--retry-delay" "3"
"--silent"
"--show-error"
"--retry-connrefused"
) )
if [[ -n "${EXTRA_ADDONS_HEADER:-}" ]]; then if [[ -n "${EXTRA_ADDONS_HEADER:-}" ]]; then
curl_cmd+=("-H" "${EXTRA_ADDONS_HEADER}") curl_cmd+=("-H" "${EXTRA_ADDONS_HEADER}")
@ -2307,12 +2306,8 @@ function get-metadata-value {
local default="${2:-}" local default="${2:-}"
local status local status
curl \ # shellcheck disable=SC2086
--retry 5 \ curl ${CURL_FLAGS} \
--retry-delay 3 \
--retry-connrefused \
--fail \
--silent \
-H 'Metadata-Flavor: Google' \ -H 'Metadata-Flavor: Google' \
"http://metadata/computeMetadata/v1/${1}" \ "http://metadata/computeMetadata/v1/${1}" \
|| status="$?" || status="$?"
@ -3158,7 +3153,7 @@ function log-trap-pop {
function log-error { function log-error {
local bootstep="$1" local bootstep="$1"
log-proto "${bootstep}" "${LOG_STATUS_ERROR}" "error calling '${BASH_COMMAND}'" log-proto "${bootstep}" "${LOG_STATUS_ERROR}" "encountered non-zero exit code"
} }
# Wraps a command with bootstrap logging. # Wraps a command with bootstrap logging.

72
cluster/gce/gci/configure.sh
View File

@ -33,6 +33,9 @@ DEFAULT_CRICTL_HASH='e4fb9822cb5f71ab8f85021c66170613aae972f4b32030e42868fb36a3b
DEFAULT_MOUNTER_TAR_SHA='7956fd42523de6b3107ddc3ce0e75233d2fcb78436ff07a1389b6eaac91fb2b1b72a08f7a219eaf96ba1ca4da8d45271002e0d60e0644e796c665f99bb356516' DEFAULT_MOUNTER_TAR_SHA='7956fd42523de6b3107ddc3ce0e75233d2fcb78436ff07a1389b6eaac91fb2b1b72a08f7a219eaf96ba1ca4da8d45271002e0d60e0644e796c665f99bb356516'
### ###
# Standard curl flags.
CURL_FLAGS='--fail --silent --show-error --retry 5 --retry-delay 3 --connect-timeout 10 --retry-connrefused'
function set-broken-motd { function set-broken-motd {
cat > /etc/motd <<EOF cat > /etc/motd <<EOF
Broken (or in progress) Kubernetes node setup! Check the cluster initialization status Broken (or in progress) Kubernetes node setup! Check the cluster initialization status
@ -59,12 +62,8 @@ function get-metadata-value {
local default="${2:-}" local default="${2:-}"
local status local status
curl \ # shellcheck disable=SC2086
--retry 5 \ curl ${CURL_FLAGS} \
--retry-delay 3 \
--retry-connrefused \
--fail \
--silent \
-H 'Metadata-Flavor: Google' \ -H 'Metadata-Flavor: Google' \
"http://metadata/computeMetadata/v1/${1}" \ "http://metadata/computeMetadata/v1/${1}" \
|| status="$?" || status="$?"
@ -82,7 +81,8 @@ function download-kube-env {
( (
umask 077 umask 077
local -r tmp_kube_env="/tmp/kube-env.yaml" local -r tmp_kube_env="/tmp/kube-env.yaml"
curl --fail --retry 5 --retry-delay 3 --retry-connrefused --silent --show-error \ # shellcheck disable=SC2086
retry-forever 10 curl ${CURL_FLAGS} \
-H "X-Google-Metadata-Request: True" \ -H "X-Google-Metadata-Request: True" \
-o "${tmp_kube_env}" \ -o "${tmp_kube_env}" \
http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env
@ -104,16 +104,13 @@ function download-kubelet-config {
( (
umask 077 umask 077
local -r tmp_kubelet_config="/tmp/kubelet-config.yaml" local -r tmp_kubelet_config="/tmp/kubelet-config.yaml"
if curl --fail --retry 5 --retry-delay 3 --retry-connrefused --silent --show-error \ # shellcheck disable=SC2086
retry-forever 10 curl ${CURL_FLAGS} \
-H "X-Google-Metadata-Request: True" \ -H "X-Google-Metadata-Request: True" \
-o "${tmp_kubelet_config}" \ -o "${tmp_kubelet_config}" \
http://metadata.google.internal/computeMetadata/v1/instance/attributes/kubelet-config; then http://metadata.google.internal/computeMetadata/v1/instance/attributes/kubelet-config
# only write to the final location if curl succeeds # only write to the final location if curl succeeds
mv "${tmp_kubelet_config}" "${dest}" mv "${tmp_kubelet_config}" "${dest}"
elif [[ "${REQUIRE_METADATA_KUBELET_CONFIG_FILE:-false}" == "true" ]]; then
echo "== Failed to download required Kubelet config file from metadata server =="
exit 1
fi
) )
} }
@ -122,7 +119,8 @@ function download-kube-master-certs {
( (
umask 077 umask 077
local -r tmp_kube_master_certs="/tmp/kube-master-certs.yaml" local -r tmp_kube_master_certs="/tmp/kube-master-certs.yaml"
curl --fail --retry 5 --retry-delay 3 --retry-connrefused --silent --show-error \ # shellcheck disable=SC2086
retry-forever 10 curl ${CURL_FLAGS} \
-H "X-Google-Metadata-Request: True" \ -H "X-Google-Metadata-Request: True" \
-o "${tmp_kube_master_certs}" \ -o "${tmp_kube_master_certs}" \
http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-master-certs http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-master-certs
@ -152,12 +150,19 @@ function validate-hash {
# Get default service account credentials of the VM. # Get default service account credentials of the VM.
GCE_METADATA_INTERNAL="http://metadata.google.internal/computeMetadata/v1/instance" GCE_METADATA_INTERNAL="http://metadata.google.internal/computeMetadata/v1/instance"
function get-credentials { function get-credentials {
curl --fail --retry 5 --retry-delay 3 --retry-connrefused --silent --show-error "${GCE_METADATA_INTERNAL}/service-accounts/default/token" -H "Metadata-Flavor: Google" -s | python3 -c \ # shellcheck disable=SC2086
'import sys; import json; print(json.loads(sys.stdin.read())["access_token"])' curl ${CURL_FLAGS} \
-H "Metadata-Flavor: Google" \
"${GCE_METADATA_INTERNAL}/service-accounts/default/token" \
| python3 -c 'import sys; import json; print(json.loads(sys.stdin.read())["access_token"])'
} }
function valid-storage-scope { function valid-storage-scope {
curl --fail --retry 5 --retry-delay 3 --retry-connrefused --silent --show-error "${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" -H "Metadata-Flavor: Google" -s | grep -E "auth/devstorage|auth/cloud-platform" # shellcheck disable=SC2086
curl ${CURL_FLAGS} \
-H "Metadata-Flavor: Google" \
"${GCE_METADATA_INTERNAL}/service-accounts/default/scopes" \
| grep -E "auth/devstorage|auth/cloud-platform"
} }
# Retry a download until we get it. Takes a hash and a set of URLs. # Retry a download until we get it. Takes a hash and a set of URLs.
@ -455,7 +460,10 @@ function install-docker {
release=$(lsb_release -cs) release=$(lsb_release -cs)
# Add the Docker apt-repository # Add the Docker apt-repository
curl -fsSL "https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID")/gpg" \ # shellcheck disable=SC2086
curl ${CURL_FLAGS} \
--location \
"https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID")/gpg" \
| apt-key add - | apt-key add -
add-apt-repository \ add-apt-repository \
"deb [arch=${HOST_ARCH}] https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID") \ "deb [arch=${HOST_ARCH}] https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID") \
@ -491,7 +499,10 @@ function install-containerd-ubuntu {
release=$(lsb_release -cs) release=$(lsb_release -cs)
# Add the Docker apt-repository (as we install containerd from there) # Add the Docker apt-repository (as we install containerd from there)
curl -fsSL "https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID")/gpg" \ # shellcheck disable=SC2086
curl ${CURL_FLAGS} \
--location \
"https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID")/gpg" \
| apt-key add - | apt-key add -
add-apt-repository \ add-apt-repository \
"deb [arch=${HOST_ARCH}] https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID") \ "deb [arch=${HOST_ARCH}] https://download.docker.com/${HOST_PLATFORM}/$(. /etc/os-release; echo "$ID") \
@ -511,8 +522,13 @@ function install-containerd-ubuntu {
exit 2 exit 2
fi fi
# containerd versions have slightly different url(s), so try both # containerd versions have slightly different url(s), so try both
( curl -fsSL "https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}-${HOST_PLATFORM}-${HOST_ARCH}.tar.gz" || \ # shellcheck disable=SC2086
curl -fsSL "https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}.${HOST_PLATFORM}-${HOST_ARCH}.tar.gz" ) \ ( curl ${CURL_FLAGS} \
--location \
"https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}-${HOST_PLATFORM}-${HOST_ARCH}.tar.gz" \
|| curl ${CURL_FLAGS} \
--location \
"https://github.com/containerd/containerd/releases/download/${UBUNTU_INSTALL_CONTAINERD_VERSION}/containerd-${UBUNTU_INSTALL_CONTAINERD_VERSION:1}.${HOST_PLATFORM}-${HOST_ARCH}.tar.gz" ) \
| tar --overwrite -xzv -C /usr/ | tar --overwrite -xzv -C /usr/
fi fi
if [[ -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then if [[ -n "${UBUNTU_INSTALL_RUNC_VERSION:-}" ]]; then
@ -521,7 +537,11 @@ function install-containerd-ubuntu {
echo "Unable to automatically install runc in non-amd64. Bailing out..." echo "Unable to automatically install runc in non-amd64. Bailing out..."
exit 2 exit 2
fi fi
curl -fsSL "https://github.com/opencontainers/runc/releases/download/${UBUNTU_INSTALL_RUNC_VERSION}/runc.${HOST_ARCH}" --output /usr/sbin/runc && chmod 755 /usr/sbin/runc # shellcheck disable=SC2086
curl ${CURL_FLAGS} \
--location \
"https://github.com/opencontainers/runc/releases/download/${UBUNTU_INSTALL_RUNC_VERSION}/runc.${HOST_ARCH}" --output /usr/sbin/runc \
&& chmod 755 /usr/sbin/runc
fi fi
sudo systemctl start containerd sudo systemctl start containerd
} }
@ -755,7 +775,7 @@ function log-trap-pop {
function log-error { function log-error {
local bootstep="$1" local bootstep="$1"
log-proto "${bootstep}" "${LOG_STATUS_ERROR}" "error calling '${BASH_COMMAND}'" log-proto "${bootstep}" "${LOG_STATUS_ERROR}" "encountered non-zero exit code"
} }
# Wraps a command with bootstrap logging. # Wraps a command with bootstrap logging.
@ -855,14 +875,14 @@ KUBE_HOME="/home/kubernetes"
KUBE_BIN="${KUBE_HOME}/bin" KUBE_BIN="${KUBE_HOME}/bin"
# download and source kube-env # download and source kube-env
log-wrap 'DownloadKubeEnv' retry-forever 30 download-kube-env log-wrap 'DownloadKubeEnv' download-kube-env
log-wrap 'SourceKubeEnv' source "${KUBE_HOME}/kube-env" log-wrap 'SourceKubeEnv' source "${KUBE_HOME}/kube-env"
log-wrap 'DownloadKubeletConfig' retry-forever 10 download-kubelet-config "${KUBE_HOME}/kubelet-config.yaml" log-wrap 'DownloadKubeletConfig' download-kubelet-config "${KUBE_HOME}/kubelet-config.yaml"
# master certs # master certs
if [[ "${KUBERNETES_MASTER:-}" == "true" ]]; then if [[ "${KUBERNETES_MASTER:-}" == "true" ]]; then
log-wrap 'DownloadKubeMasterCerts' retry-forever 10 download-kube-master-certs log-wrap 'DownloadKubeMasterCerts' download-kube-master-certs
fi fi
# ensure chosen container runtime is present # ensure chosen container runtime is present

5
cluster/gce/gci/master.yaml
View File

@ -9,7 +9,6 @@ users:
- name: kube-bootstrap-logs-forwarder - name: kube-bootstrap-logs-forwarder
gecos: User the kube-bootstrap-logs-forwarder.service runs as. gecos: User the kube-bootstrap-logs-forwarder.service runs as.
system: true system: true
sudo: false
write_files: write_files:
- path: /etc/systemd/system/kube-bootstrap-logs-forwarder.service - path: /etc/systemd/system/kube-bootstrap-logs-forwarder.service
@ -46,7 +45,7 @@ write_files:
ExecStartPre=/bin/mkdir -p /home/kubernetes/bin ExecStartPre=/bin/mkdir -p /home/kubernetes/bin
ExecStartPre=/bin/mount --bind /home/kubernetes/bin /home/kubernetes/bin ExecStartPre=/bin/mount --bind /home/kubernetes/bin /home/kubernetes/bin
ExecStartPre=/bin/mount -o remount,exec /home/kubernetes/bin ExecStartPre=/bin/mount -o remount,exec /home/kubernetes/bin
ExecStartPre=/usr/bin/curl --fail --retry 600 --retry-delay 3 --retry-connrefused --silent --show-error -H "X-Google-Metadata-Request: True" -o /home/kubernetes/bin/configure.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/configure-sh ExecStartPre=/usr/bin/curl --fail --retry 600 --retry-delay 3 --retry-connrefused --connect-timeout 10 --silent --show-error -H "X-Google-Metadata-Request: True" -o /home/kubernetes/bin/configure.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/configure-sh
ExecStartPre=/bin/chmod 544 /home/kubernetes/bin/configure.sh ExecStartPre=/bin/chmod 544 /home/kubernetes/bin/configure.sh
ExecStart=/home/kubernetes/bin/configure.sh ExecStart=/home/kubernetes/bin/configure.sh
@ -65,7 +64,7 @@ write_files:
[Service] [Service]
Type=oneshot Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
ExecStartPre=/usr/bin/curl --fail --retry 5 --retry-delay 3 --retry-connrefused --silent --show-error -H "X-Google-Metadata-Request: True" -o /home/kubernetes/bin/kube-master-internal-route.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-master-internal-route ExecStartPre=/usr/bin/curl --fail --retry 5 --retry-delay 3 --retry-connrefused --connect-timeout 10 --silent --show-error -H "X-Google-Metadata-Request: True" -o /home/kubernetes/bin/kube-master-internal-route.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-master-internal-route
ExecStartPre=/bin/chmod 544 /home/kubernetes/bin/kube-master-internal-route.sh ExecStartPre=/bin/chmod 544 /home/kubernetes/bin/kube-master-internal-route.sh
ExecStart=/home/kubernetes/bin/kube-master-internal-route.sh ExecStart=/home/kubernetes/bin/kube-master-internal-route.sh

2
cluster/gce/util.sh
View File

@ -1911,7 +1911,7 @@ function update-or-verify-gcloud() {
else else
local version local version
version=$(gcloud version --format=json) version=$(gcloud version --format=json)
python -c" python3 -c"
import json,sys import json,sys
from distutils import version from distutils import version