Adding support for provisioning behind a Proxy.

This assumes you have your environement variables set correctly. When ENABLE_PROXY is set to true, it takes the current proxy settings and applies them to the heat configuration. Also modified the defaults system in config-default.sh
2025-08-11 13:02:14 +00:00 · 2016-04-12 16:11:35 -07:00 · 2016-04-12 16:11:35 -07:00 · b4333adeac
commit b4333adeac
parent b5913ab43e
6 changed files with 187 additions and 14 deletions
--- a/cluster/openstack/config-default.sh
+++ b/cluster/openstack/config-default.sh
@ -17,38 +17,40 @@
 ## Contains configuration values for the Openstack cluster

 # Stack name
-STACK_NAME="KubernetesStack"
+STACK_NAME=${STACK_NAME:-KubernetesStack}

 # Keypair for kubernetes stack
-KUBERNETES_KEYPAIR_NAME="kubernetes_keypair"
+KUBERNETES_KEYPAIR_NAME=${KUBERNETES_KEYPAIR_NAME:-kubernetes_keypair}

 # Kubernetes release tar file
-KUBERNETES_RELEASE_TAR="kubernetes-server-linux-amd64.tar.gz"
+KUBERNETES_RELEASE_TAR=${KUBERNETES_RELEASE_TAR:-kubernetes-server-linux-amd64.tar.gz}

-NUMBER_OF_MINIONS="1"
+NUMBER_OF_MINIONS=${NUMBER_OF_MINIONS-1}

-MAX_NUMBER_OF_MINIONS="1"
+MAX_NUMBER_OF_MINIONS=${MAX_NUMBER_OF_MINIONS:-1}

-MASTER_FLAVOR="m1.small"
+MASTER_FLAVOR=${MASTER_FLAVOR:-m1.small}

-MINION_FLAVOR="m1.small"
+MINION_FLAVOR=${MINION_FLAVOR:-m1.small}

-EXTERNAL_NETWORK="public"
+EXTERNAL_NETWORK=${EXTERNAL_NETWORK:-public}

-SWIFT_SERVER_URL="http://192.168.123.100:8080"
+SWIFT_SERVER_URL=${SWIFT_SERVER_URL:-http://192.168.123.100:8080}

 # Flag indicates if new image must be created. If 'false' then image with IMAGE_ID will be used.
 # If 'true' then new image will be created from file config-image.sh
-CREATE_IMAGE="true" # use "true" for devstack
+CREATE_IMAGE=${CREATE_IMAGE:-true} # use "true" for devstack

 # Image id which will be used for kubernetes stack
-IMAGE_ID="f0f394b1-5546-4b68-b2bc-8abe8a7e6b8b"
+IMAGE_ID=${IMAGE_ID:-f0f394b1-5546-4b68-b2bc-8abe8a7e6b8b}

 # DNS server address
-DNS_SERVER="8.8.8.8"
+DNS_SERVER=${DNS_SERVER:-8.8.8.8}

 # Public RSA key path
-CLIENT_PUBLIC_KEY_PATH="~/.ssh/id_rsa.pub"
+CLIENT_PUBLIC_KEY_PATH=${CLIENT_PUBLIC_KEY_PATH:-~/.ssh/id_rsa.pub}

 # Max time period for stack provisioning. Time in minutes.
-STACK_CREATE_TIMEOUT=60
+STACK_CREATE_TIMEOUT=${STACK_CREATE_TIMEOUT:-60}
+
+ENABLE_PROXY=${ENABLE_PROXY:-false}
--- a/cluster/openstack/kubernetes-heat/fragments/configure-proxy.sh
+++ b/cluster/openstack/kubernetes-heat/fragments/configure-proxy.sh
@ -0,0 +1,68 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+#These values are meant to be swapped in by heat
+
+export ETC_ENVIRONMENT='FTP_PROXY=$FTP_PROXY
+HTTP_PROXY=$HTTP_PROXY
+HTTPS_PROXY=$HTTPS_PROXY
+SOCKS_PROXY=$SOCKS_PROXY
+NO_PROXY=$NO_PROXY
+ftp_proxy=$FTP_PROXY
+http_proxy=$HTTP_PROXY
+https_proxy=$HTTPS_PROXY
+socks_proxy=$SOCKS_PROXY
+no_proxy=$NO_PROXY
+'
+
+export ETC_PROFILE_D='export FTP_PROXY=$FTP_PROXY
+export HTTP_PROXY=$HTTP_PROXY
+export HTTPS_PROXY=$HTTPS_PROXY
+export SOCKS_PROXY=$SOCKS_PROXY
+export NO_PROXY=$NO_PROXY
+export ftp_proxy=$FTP_PROXY
+export http_proxy=$HTTP_PROXY
+export https_proxy=$HTTPS_PROXY
+export socks_proxy=$SOCKS_PROXY
+export no_proxy=$NO_PROXY
+'
+
+export DOCKER_PROXY='[Service]
+      Environment="HTTP_PROXY=$HTTP_PROXY"
+      Environment="HTTPS_PROXY=$HTTPS_PROXY"
+      Environment="SOCKS_PROXY=$SOCKS_PROXY"
+      Environment="NO_PROXY=$NO_PROXY"
+      Environment="ftp_proxy=$FTP_PROXY"
+      Environment="http_proxy=$HTTP_PROXY"
+      Environment="https_proxy=$HTTPS_PROXY"
+      Environment="socks_proxy=$SOCKS_PROXY"
+      Environment="no_proxy=$NO_PROXY"
+'
+
+ENABLE_PROXY='$ENABLE_PROXY'
+
+if [[ "${ENABLE_PROXY}" == "true" ]]; then
+  mkdir -p /etc/systemd/system/docker.service.d/
+
+  echo "$ETC_ENVIRONMENT" >> /etc/environment
+  echo "$ETC_PROFILE_D" > /etc/profile.d/proxy_config.sh
+  echo "$DOCKER_PROXY" > etc/systemd/system/docker.service.d/http-proxy.conf
+  echo "proxy=$HTTP_PROXY" >> /etc/yum.conf
+fi
--- a/cluster/openstack/kubernetes-heat/fragments/run-salt.sh
+++ b/cluster/openstack/kubernetes-heat/fragments/run-salt.sh
@ -20,6 +20,11 @@ set -o pipefail

 . /etc/sysconfig/heat-params

+#Reads in profile, need to relax restrictions for some OSes.
+set +o nounset
+. /etc/profile
+set -o nounset
+
 rm -rf /kube-install
 mkdir -p /kube-install
 cd /kube-install
--- a/cluster/openstack/kubernetes-heat/kubecluster.yaml
+++ b/cluster/openstack/kubernetes-heat/kubecluster.yaml
@ -90,6 +90,36 @@ parameters:
      timeout for the Wait Conditions
    default: 6000

+  enable_proxy:
+    type: string
+    description: Whether or not to enable proxy settings
+    default: false
+
+  ftp_proxy:
+    type: string
+    description: FTP Proxy URL
+    default: localhost
+
+  http_proxy:
+    type: string
+    description: HTTP Proxy URL
+    default: localhost
+
+  https_proxy:
+    type: string
+    description: HTTPS Proxy URL
+    default: localhost
+
+  socks_proxy:
+    type: string
+    description: SOCKS Proxy URL
+    default: localhost
+
+  no_proxy:
+    type: string
+    description: Comma seperated list of domains/addresses that bypass proxying.
+    default: localhost
+
 resources:

  master_wait_handle:
@ -180,6 +210,21 @@ resources:
            "$KUBERNETES_SALT_URL": {get_param: kubernetes_salt_url}
            "$MASTER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}

+  proxy_config:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config:
+        str_replace:
+          template: {get_file: fragments/configure-proxy.sh}
+          params:
+            "$ENABLE_PROXY": {get_param: enable_proxy }
+            "$FTP_PROXY": {get_param: ftp_proxy }
+            "$HTTP_PROXY": {get_param: http_proxy }
+            "$HTTPS_PROXY": {get_param: https_proxy }
+            "$SOCKS_PROXY": {get_param: socks_proxy }
+            "$NO_PROXY": {get_param: no_proxy }
+
  kube_user:
    type: OS::Heat::SoftwareConfig
    properties:
@ -231,6 +276,7 @@ resources:
    properties:
      parts:
        - config: {get_resource: write_heat_params}
+        - config: {get_resource: proxy_config}
        - config: {get_resource: kube_user}
        - config: {get_resource: provision_network_master}
        - config: {get_resource: deploy_kube_auth_files_master}
--- a/cluster/openstack/kubernetes-heat/kubeminion.yaml
+++ b/cluster/openstack/kubernetes-heat/kubeminion.yaml
@ -41,6 +41,36 @@ parameters:
    type: string
    description: Token used by kube-proxy

+  enable_proxy:
+    type: string
+    description: Whether or not to enable proxy settings
+    default: false
+
+  ftp_proxy:
+    type: string
+    description: FTP Proxy URL
+    default: localhost
+
+  http_proxy:
+    type: string
+    description: HTTP Proxy URL
+    default: localhost
+
+  https_proxy:
+    type: string
+    description: HTTPS Proxy URL
+    default: localhost
+
+  socks_proxy:
+    type: string
+    description: SOCKS Proxy URL
+    default: localhost
+
+  no_proxy:
+    type: string
+    description: Comma seperated list of domains/addresses that bypass proxying.
+    default: localhost
+
  # The following are all generated in the parent template.
  kube_master_ip:
    type: string
@ -95,6 +125,21 @@ resources:
            "$KUBERNETES_SALT_URL": {get_param: kubernetes_salt_url}
            "$MASTER_IP": {get_param: kube_master_ip}

+  proxy_config:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config:
+        str_replace:
+          template: {get_file: fragments/configure-proxy.sh}
+          params:
+            "$ENABLE_PROXY": {get_param: enable_proxy }
+            "$FTP_PROXY": {get_param: ftp_proxy }
+            "$HTTP_PROXY": {get_param: http_proxy }
+            "$HTTPS_PROXY": {get_param: https_proxy }
+            "$SOCKS_PROXY": {get_param: socks_proxy }
+            "$NO_PROXY": {get_param: no_proxy }
+
  kube_user:
    type: OS::Heat::SoftwareConfig
    properties:
@ -144,6 +189,7 @@ resources:
    properties:
      parts:
        - config: {get_resource: write_heat_params}
+        - config: {get_resource: proxy_config}
        - config: {get_resource: kube_user}
        - config: {get_resource: provision_network_node}
        - config: {get_resource: deploy_kube_auth_files_node}
--- a/cluster/openstack/util.sh
+++ b/cluster/openstack/util.sh
@ -200,6 +200,12 @@ function run-heat-script() {
      -P dns_nameserver=${DNS_SERVER} \
      -P kubernetes_salt_url=${swift_repo_url}/kubernetes-salt.tar.gz \
      -P kubernetes_server_url=${swift_repo_url}/kubernetes-server.tar.gz \
+      -P enable_proxy=${ENABLE_PROXY} \
+      -P ftp_proxy="${FTP_PROXY}" \
+      -P http_proxy="${HTTP_PROXY}" \
+      -P https_proxy="${HTTPS_PROXY}" \
+      -P socks_proxy="${SOCKS_PROXY}" \
+      -P no_proxy="${NO_PROXY}" \
      --template-file kubecluster.yaml \
      ${STACK_NAME}
    )