diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index 8fd2fa8422f..b6bcf8ba272 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -120,3 +120,4 @@ OPENCONTRAIL_PUBLIC_SUBNET="${OPENCONTRAIL_PUBLIC_SUBNET:-10.1.0.0/16}" # Optional: if set to true, kube-up will configure the cluster to run e2e tests. E2E_STORAGE_TEST_ENVIRONMENT=${KUBE_E2E_STORAGE_TEST_ENVIRONMENT:-false} +FIREWALL_ETCD="${FIREWALL_SSH:-${NETWORK}-allow-etcd}" diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh index 8eca5118d70..78b1cd69fd2 100755 --- a/cluster/gce/config-test.sh +++ b/cluster/gce/config-test.sh @@ -132,3 +132,6 @@ OPENCONTRAIL_PUBLIC_SUBNET="${OPENCONTRAIL_PUBLIC_SUBNET:-10.1.0.0/16}" # Optional: if set to true, kube-up will configure the cluster to run e2e tests. E2E_STORAGE_TEST_ENVIRONMENT=${KUBE_E2E_STORAGE_TEST_ENVIRONMENT:-false} +# Overlay network settings +OVERLAY_NETWORK=${OVERLAY_NETWORK:-true} +FIREWALL_ETCD="${FIREWALL_SSH:-${NETWORK}-allow-etcd}" diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index 655221c9d16..9e45f27fad5 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -304,7 +304,7 @@ function create-static-ip { echo -e "${color_red}Failed to create static ip $1 ${color_norm}" >&2 exit 2 fi - attempt=$(($attempt+1)) + attempt=$(($attempt+1)) echo -e "${color_yellow}Attempt $attempt failed to create static ip $1. Retrying.${color_norm}" >&2 sleep $(($attempt * 5)) else @@ -603,13 +603,28 @@ function kube-up { --allow "tcp:22" & fi - echo "Starting master and configuring firewalls" gcloud compute firewall-rules create "${MASTER_NAME}-https" \ --project "${PROJECT}" \ --network "${NETWORK}" \ --target-tags "${MASTER_TAG}" \ --allow tcp:443 & + if [[ "${OVERLAY_NETWORK}" == "true" ]]; then + # TODO: Where to put this? Scope it to flannel setup. + if ! "${GCLOUD}" compute firewall-rules --project "${PROJECT}" describe "${FIREWALL_ETCD}" &>/dev/null; then + "${GCLOUD}" compute firewall-rules create "${FIREWALL_ETCD}" \ + --network="${NETWORK}" \ + --project="${PROJECT}" \ + --source-ranges="10.0.0.0/8" \ + --target-tags "${MINION_TAG}" \ + --allow tcp:4001 & + else + echo "... Using etcd firewall-rule: ${FIREWALL_ETCD}" >&2 + fi + else + echo "Not opening etcd up to the cluster: ${OVERLAY_NETWORK} ${FIREWALL_ETCD}" + fi + # We have to make sure the disk is created before creating the master VM, so # run this in the foreground. gcloud compute disks create "${MASTER_NAME}-pd" \ @@ -672,7 +687,7 @@ function kube-up { write-node-env local template_name="${NODE_INSTANCE_PREFIX}-template" - + create-node-instance-template $template_name gcloud compute instance-groups managed \ diff --git a/cluster/saltbase/salt/etcd/etcd.manifest b/cluster/saltbase/salt/etcd/etcd.manifest index 33c04dab039..b9553ace2c6 100644 --- a/cluster/saltbase/salt/etcd/etcd.manifest +++ b/cluster/saltbase/salt/etcd/etcd.manifest @@ -19,7 +19,7 @@ "command": [ "/bin/sh", "-c", - "/usr/local/bin/etcd --listen-peer-urls http://127.0.0.1:{{ server_port }} --addr 127.0.0.1:{{ port }} --bind-addr 127.0.0.1:{{ port }} --data-dir /var/etcd/data{{ suffix }} 1>>/var/log/etcd{{ suffix }}.log 2>&1" + "/usr/local/bin/etcd --listen-peer-urls http://0.0.0.0:{{ server_port }} --addr 0.0.0.0:{{ port }} --bind-addr 0.0.0.0:{{ port }} --data-dir /var/etcd/data{{ suffix }} 1>>/var/log/etcd{{ suffix }}.log 2>&1" ], "livenessProbe": { "httpGet": { @@ -33,7 +33,7 @@ "ports":[ { "name": "serverport", "containerPort": {{ server_port }}, - "hostPort": {{ server_port }} + "hostPort": {{ server_port }} },{ "name": "clientport", "containerPort": {{ port }}, diff --git a/cluster/saltbase/salt/flannel/init.sls b/cluster/saltbase/salt/flannel/init.sls new file mode 100644 index 00000000000..d774f25aae3 --- /dev/null +++ b/cluster/saltbase/salt/flannel/init.sls @@ -0,0 +1,41 @@ +flannel-tar: + archive: + - extracted + - user: root + - name: /usr/local/src + - makedirs: True + - source: https://github.com/coreos/flannel/releases/download/v0.5.3/flannel-0.5.3-linux-amd64.tar.gz + - tar_options: v + - source_hash: md5=2a82ed82a37d71c85586977f0e475b70 + - archive_format: tar + - if_missing: /usr/local/src/flannel/flannel-0.5.3/ + +flannel-symlink: + file.symlink: + - name: /usr/local/bin/flanneld + - target: /usr/local/src/flannel-0.5.3/flanneld + - force: true + - watch: + - archive: flannel-tar + +/etc/init.d/flannel: + file.managed: + - source: salt://flannel/initd + - user: root + - group: root + - mode: 755 + +/var/run/flannel/network.json: + file.managed: + - source: salt://flannel/network.json + - makedirs: True + - user: root + - group: root + - mode: 755 + +flannel: + service.running: + - enable: True + - watch: + - file: /usr/local/bin/flanneld + - file: /etc/init.d/flannel diff --git a/cluster/saltbase/salt/flannel/initd b/cluster/saltbase/salt/flannel/initd new file mode 100644 index 00000000000..eacaaea5e8a --- /dev/null +++ b/cluster/saltbase/salt/flannel/initd @@ -0,0 +1,126 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: flanneld +# Required-Start: $local_fs $network $syslog +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Flannel daemon +# Description: +# Flannel daemon. +### END INIT INFO + + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Flannel overlay network daemon" +NAME=flanneld +DAEMON=/usr/local/bin/flanneld +DAEMON_ARGS="-etcd-endpoints http://e2e-test-beeps-master:4001 -etcd-prefix /kubernetes.io/network" +DAEMON_LOG_FILE=/var/log/$NAME.log +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +DAEMON_USER=root + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Avoid a potential race at boot time when both monit and init.d start + # the same service + PIDS=$(pidof $DAEMON) + for PID in ${PIDS}; do + kill -9 $PID + done + + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER -- \ + $DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 || exit 0 ;; + 2) log_end_msg 1 || exit 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) exit 1 ;; + esac + ;; + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac diff --git a/cluster/saltbase/salt/flannel/network.json b/cluster/saltbase/salt/flannel/network.json new file mode 100644 index 00000000000..93c980e6922 --- /dev/null +++ b/cluster/saltbase/salt/flannel/network.json @@ -0,0 +1,8 @@ +{ + "Network": "10.245.0.0/16", + "SubnetLen": 24, + "Backend": { + "Type": "vxlan", + "VNI": 1 + } +} diff --git a/cluster/saltbase/salt/top.sls b/cluster/saltbase/salt/top.sls index c80c527e372..387e177efc6 100644 --- a/cluster/saltbase/salt/top.sls +++ b/cluster/saltbase/salt/top.sls @@ -13,6 +13,10 @@ base: 'roles:kubernetes-pool': - match: grain - docker + - flannel +{% if grains['cloud'] is defined and grains['cloud'] == 'azure' %} + - openvpn-client +{% endif %} - helpers - cadvisor - kube-client-tools @@ -40,6 +44,7 @@ base: - match: grain - generate-cert - etcd + - flannel - kube-apiserver - kube-controller-manager - kube-scheduler diff --git a/cmd/kube-controller-manager/app/controllermanager.go b/cmd/kube-controller-manager/app/controllermanager.go index 448b7ed0d1f..6c2724c5e5c 100644 --- a/cmd/kube-controller-manager/app/controllermanager.go +++ b/cmd/kube-controller-manager/app/controllermanager.go @@ -292,7 +292,8 @@ func (s *CMServer) Run(_ []string) error { } if s.AllocateNodeCIDRs { - if cloud == nil { + // TODO: Pipe this as a command line flag that corresponds to overlay==true + if cloud == nil || true { glog.Warning("allocate-node-cidrs is set, but no cloud provider specified. Will not manage routes.") } else if routes, ok := cloud.Routes(); !ok { glog.Warning("allocate-node-cidrs is set, but cloud provider does not support routes. Will not manage routes.")