github.com/abayer/test-infra@v0.0.5/dind/start.sh

github.com/abayer/test-infra@v0.0.5/dind/start.sh (about)

     1  #!/bin/bash
     2  
     3  # Copyright 2017 The Kubernetes Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  wait_for_docker ()
    18  {
    19    # Start docker.
    20    systemctl enable docker
    21    systemctl start docker
    22  
    23    # Wait for docker.
    24    until docker version; do sleep 1 ;done
    25  }
    26  
    27  start_kubelet ()
    28  {
    29    # Start the kubelet.
    30    mkdir -p /etc/kubernetes/manifests
    31    mkdir -p /etc/srv/kubernetes
    32  
    33    # Change the kubelet to not fail with swap on.
    34    cat > /etc/systemd/system/kubelet.service.d/20-kubeadm.conf << EOM
    35  [Service]
    36  Environment="KUBELET_EXTRA_ARGS=-v4 --fail-swap-on=false"
    37  EOM
    38    systemctl enable kubelet
    39    systemctl start kubelet
    40  }
    41  
    42  start_node ()
    43  {
    44    mount --make-rshared /lib/modules
    45    wait_for_docker
    46    start_kubelet
    47    mount --make-rshared /etc/kubernetes
    48    mount --make-shared /run
    49    mount --make-shared /
    50    mount --make-shared /var/lib/docker
    51    mount --make-shared /var/lib/kubelet
    52  
    53    # To support arbitrary host mounts, we would need all mounts shared.
    54    #mount --make-rshared /
    55  
    56    # kube-proxy attempts to write some values into sysfs for performance. But these
    57    # values cannot be written outside of the original netns, even if the fs is rw.
    58    # This causes kube-proxy to panic if run inside dind.
    59    #
    60    # Historically, --max-conntrack or --conntrack-max-per-core could be set to 0,
    61    # and kube-proxy would skip the write (#25543). kube-proxy no longer respects
    62    # the CLI arguments if a config file is present.
    63    #
    64    # Instead, we can make sysfs ro, so that kube-proxy will forego write attempts.
    65    mount -o remount,ro /sys
    66  }
    67  
    68  start_worker ()
    69  {
    70    start_node
    71  
    72    # Load docker images
    73    docker load -i /kube-proxy.tar
    74  
    75    # Kubeadm expects kube-proxy-amd64, but bazel names it kube-proxy
    76    docker tag k8s.gcr.io/kube-proxy:$(cat /docker_version) k8s.gcr.io/kube-proxy-amd64:$(cat /docker_version)
    77  
    78    # Start kubeadm.
    79    /usr/bin/kubeadm join --token=abcdef.abcdefghijklmnop --discovery-token-unsafe-skip-ca-verification=true --ignore-preflight-errors=all 172.18.0.2:6443 2>&1
    80  }
    81  
    82  start_master ()
    83  {
    84    start_node
    85  
    86    # Load the docker images
    87    docker load -i /kube-apiserver.tar
    88    docker load -i /kube-controller-manager.tar
    89    docker load -i /kube-proxy.tar
    90    docker load -i /kube-scheduler.tar
    91    # kubeadm expects all image names to be tagged as amd64, but bazel doesn't
    92    # build with that suffix yet.
    93    docker tag k8s.gcr.io/kube-apiserver:$(cat /docker_version) k8s.gcr.io/kube-apiserver-amd64:$(cat /docker_version)
    94    docker tag k8s.gcr.io/kube-controller-manager:$(cat /docker_version) k8s.gcr.io/kube-controller-manager-amd64:$(cat /docker_version)
    95    docker tag k8s.gcr.io/kube-proxy:$(cat /docker_version) k8s.gcr.io/kube-proxy-amd64:$(cat /docker_version)
    96    docker tag k8s.gcr.io/kube-scheduler:$(cat /docker_version) k8s.gcr.io/kube-scheduler-amd64:$(cat /docker_version)
    97  
    98    # Run kubeadm init to config a master.
    99    /usr/bin/kubeadm init --token=abcdef.abcdefghijklmnop --ignore-preflight-errors=all --kubernetes-version=$(cat source_version | sed 's/^.//') --pod-network-cidr=192.168.0.0/16 --apiserver-cert-extra-sans $1 2>&1
   100  
   101    # We'll want to read the kube-config from outside the container, so open read
   102    # permissions on admin.conf.
   103    chmod a+r /etc/kubernetes/admin.conf
   104  
   105    # Apply a pod network.
   106    kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml
   107  
   108    # Install the metrics server, and the HPA.
   109    kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /addons/metrics-server/
   110  }
   111  
   112  start_cluster ()
   113  {
   114    mount --make-rshared /
   115    /cluster-up -logtostderr -v=2 2>&1
   116  }
   117  
   118  start_host()
   119  {
   120    mount --make-rshared /lib/modules
   121    wait_for_docker
   122  
   123    start_cluster
   124  }
   125  
   126  
   127  # Start a new process to do work.
   128  if [[ $1 == "worker" ]] ; then
   129    start_worker
   130  elif [[ $1 == "master" ]] ; then
   131    start_master $2
   132  elif [[ $1 == "dind" ]] ; then
   133    # Don't run dindind. Just run a cluster from the current docker level.
   134    start_cluster
   135  else
   136    # Run dindind, where the cluster lives under a single container.
   137    start_host
   138  fi