github.com/openshift/installer@v1.4.17/docs/user/agent/add-node/node-joiner-monitor.sh

github.com/openshift/installer@v1.4.17/docs/user/agent/add-node/node-joiner-monitor.sh (about)

     1  #!/bin/bash
     2  
     3  set -eu
     4  
     5  if [ $# -eq 0 ]; then
     6      echo "At least one IP address must be provided"
     7      exit 1
     8  fi
     9  
    10  ipAddresses="$*"
    11  
    12  # Setup a cleanup function to ensure to remove the temporary
    13  # file when the script will be completed.
    14  cleanup() {
    15    if [ -f "$pullSecretFile" ]; then
    16      echo "Removing temporary file $pullSecretFile"
    17      rm "$pullSecretFile"
    18    fi
    19  }
    20  trap cleanup EXIT TERM
    21  
    22  # Retrieve the pullsecret and store it in a temporary file. 
    23  pullSecretFile=$(mktemp -p "/tmp" -t "nodejoiner-XXXXXXXXXX")
    24  oc get secret -n openshift-config pull-secret -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d > "$pullSecretFile"
    25  
    26  # Extract the baremetal-installer image pullspec from the current cluster.
    27  nodeJoinerPullspec=$(oc adm release info --image-for=baremetal-installer --registry-config="$pullSecretFile")
    28  
    29  # Use the same random temp file suffix for the namespace.
    30  namespace=$(echo "openshift-node-joiner-${pullSecretFile#/tmp/nodejoiner-}" | tr '[:upper:]' '[:lower:]')
    31  
    32  # Create the namespace to run the node-joiner-monitor, along with the required roles and bindings.
    33  staticResources=$(cat <<EOF
    34  apiVersion: v1
    35  kind: Namespace
    36  metadata:
    37    name: ${namespace}
    38  ---
    39  apiVersion: v1
    40  kind: ServiceAccount
    41  metadata:
    42    name: node-joiner-monitor
    43    namespace: ${namespace}
    44  ---
    45  apiVersion: rbac.authorization.k8s.io/v1
    46  kind: ClusterRole
    47  metadata:
    48    name: node-joiner-monitor
    49  rules:
    50  - apiGroups:
    51    - certificates.k8s.io
    52    resources:
    53    - certificatesigningrequests
    54    verbs:
    55    - get
    56    - list
    57  - apiGroups:
    58    - ""
    59    resources:
    60    - pods
    61    - nodes
    62    verbs:
    63    - get
    64    - list
    65  ---
    66  apiVersion: rbac.authorization.k8s.io/v1
    67  kind: ClusterRoleBinding
    68  metadata:
    69    name: node-joiner-monitor
    70  subjects:
    71  - kind: ServiceAccount
    72    name: node-joiner-monitor
    73    namespace: ${namespace}
    74  roleRef:
    75    kind: ClusterRole
    76    name: node-joiner-monitor
    77    apiGroup: rbac.authorization.k8s.io
    78  EOF
    79  )
    80  echo "$staticResources" | oc apply -f -
    81  
    82  # Run the node-joiner-monitor to monitor node joining cluster
    83  nodeJoinerPod=$(cat <<EOF
    84  apiVersion: v1
    85  kind: Pod
    86  metadata:
    87    name: node-joiner-monitor
    88    namespace: ${namespace}
    89    annotations:
    90      openshift.io/scc: anyuid
    91    labels:
    92      app: node-joiner-monitor    
    93  spec:
    94    restartPolicy: Never
    95    serviceAccountName: node-joiner-monitor
    96    securityContext:
    97      seccompProfile:
    98        type: RuntimeDefault
    99    containers:
   100    - name: node-joiner-monitor
   101      imagePullPolicy: IfNotPresent
   102      image: $nodeJoinerPullspec
   103      command: ["/bin/sh", "-c", "node-joiner monitor-add-nodes $ipAddresses --dir /tmp --log-level=info; sleep 5"]
   104  EOF
   105  )
   106  echo "$nodeJoinerPod" | oc apply -f -
   107  
   108  oc project "${namespace}"
   109  
   110  oc wait --for=condition=Ready=true --timeout=300s pod/node-joiner-monitor
   111  
   112  oc logs -f -n "${namespace}" node-joiner-monitor
   113   
   114  echo "Cleaning up"
   115  oc delete namespace "${namespace}" --grace-period=0 >/dev/null 2>&1 &