k3s/cluster/gce/windows/configure.ps1

# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

<#
.SYNOPSIS
  Top-level script that runs on Windows nodes to join them to the K8s cluster.
#>

# IMPORTANT PLEASE NOTE:
# Any time the file structure in the `windows` directory changes, `windows/BUILD`
# and `k8s.io/release/lib/releaselib.sh` must be manually updated with the changes.
# We HIGHLY recommend not changing the file structure, because consumers of
# Kubernetes releases depend on the release structure remaining stable.

$ErrorActionPreference = 'Stop'

# Turn on tracing to debug
# Set-PSDebug -Trace 1

# Update TLS setting to enable Github downloads and disable progress bar to
# increase download speed.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$ProgressPreference = 'SilentlyContinue'

# Returns the GCE instance metadata value for $Key where key is an "attribute"
# of the instance. If the key is not present in the instance metadata returns
# $Default if set, otherwise returns $null.
function Get-InstanceMetadataAttribute {
  param (
    [parameter(Mandatory=$true)] [string]$Key,
    [parameter(Mandatory=$false)] [string]$Default
  )

  $url = ("http://metadata.google.internal/computeMetadata/v1/instance/" +
          "attributes/$Key")
  try {
    $client = New-Object Net.WebClient
    $client.Headers.Add('Metadata-Flavor', 'Google')
    return ($client.DownloadString($url)).Trim()
  }
  catch [System.Net.WebException] {
    if ($Default) {
      return $Default
    }
    else {
      Write-Host "Failed to retrieve value for $Key."
      return $null
    }
  }
}

# Fetches the value of $MetadataKey, saves it to C:\$Filename and imports it as
# a PowerShell module.
#
# Note: this function depends on common.psm1.
function FetchAndImport-ModuleFromMetadata {
  param (
    [parameter(Mandatory=$true)] [string]$MetadataKey,
    [parameter(Mandatory=$true)] [string]$Filename
  )

  $module = Get-InstanceMetadataAttribute $MetadataKey
  if (Test-Path C:\$Filename) {
    if (-not $REDO_STEPS) {
      Log-Output "Skip: C:\$Filename already exists, not overwriting"
      Import-Module -Force C:\$Filename
      return
    }
    Log-Output "Warning: C:\$Filename already exists, will overwrite it."
  }
  New-Item -ItemType file -Force C:\$Filename | Out-Null
  Set-Content C:\$Filename $module
  Import-Module -Force C:\$Filename
}

try {
  # Don't use FetchAndImport-ModuleFromMetadata for common.psm1 - the common
  # module includes variables and functions that any other function may depend
  # on.
  $module = Get-InstanceMetadataAttribute 'common-psm1'
  New-Item -ItemType file -Force C:\common.psm1 | Out-Null
  Set-Content C:\common.psm1 $module
  Import-Module -Force C:\common.psm1

  # TODO(pjh): update the function to set $Filename automatically from the key,
  # then put these calls into a loop over a list of XYZ-psm1 keys.
  FetchAndImport-ModuleFromMetadata 'k8s-node-setup-psm1' 'k8s-node-setup.psm1'

  Dump-DebugInfoToConsole
  Set-PrerequisiteOptions
  $kube_env = Fetch-KubeEnv
  Disable-WindowsDefender

  if (Test-IsTestCluster $kube_env) {
    Log-Output 'Test cluster detected, installing OpenSSH.'
    FetchAndImport-ModuleFromMetadata 'install-ssh-psm1' 'install-ssh.psm1'
    InstallAndStart-OpenSsh
    StartProcess-WriteSshKeys
  }

  Set-EnvironmentVars
  Create-Directories
  Download-HelperScripts
  InstallAndStart-LoggingAgent

  Create-DockerRegistryKey
  Configure-Dockerd
  DownloadAndInstall-KubernetesBinaries
  Create-NodePki
  Create-KubeletKubeconfig
  Create-KubeproxyKubeconfig
  Set-PodCidr
  Configure-HostNetworkingService
  Configure-CniNetworking
  Configure-GcePdTools
  Configure-Kubelet

  Start-WorkerServices
  Log-Output 'Waiting 15 seconds for node to join cluster.'
  Start-Sleep 15
  Verify-WorkerServices

  $config = New-FileRotationConfig
  Schedule-LogRotation -Pattern '.*\.log$' -Path ${env:LOGS_DIR} -RepetitionInterval $(New-Timespan -Hour 1) -Config $config
}
catch {
  Write-Host 'Exception caught in script:'
  Write-Host $_.InvocationInfo.PositionMessage
  Write-Host "Kubernetes Windows node setup failed: $($_.Exception.Message)"
  exit 1
}
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`# Copyright 2019 The Kubernetes Authors.`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`<#`
			`.SYNOPSIS`
			`Top-level script that runs on Windows nodes to join them to the K8s cluster.`
			`#>`

upload Windows startup scripts to GCS for CI 2019-02-25 21:53:11 +00:00			`# IMPORTANT PLEASE NOTE:`
			# Any time the file structure in the `windows` directory changes, `windows/BUILD`
			# and `k8s.io/release/lib/releaselib.sh` must be manually updated with the changes.
			`# We HIGHLY recommend not changing the file structure, because consumers of`
			`# Kubernetes releases depend on the release structure remaining stable.`

Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`$ErrorActionPreference = 'Stop'`

			`# Turn on tracing to debug`
			`# Set-PSDebug -Trace 1`

			`# Update TLS setting to enable Github downloads and disable progress bar to`
			`# increase download speed.`
			`[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12`
			`$ProgressPreference = 'SilentlyContinue'`

Enhance metadata fetching functions. Introduce Get-InstanceMetadata which can be used to fetch non-"attribute" metadata values. 2019-03-01 01:17:02 +00:00			`# Returns the GCE instance metadata value for $Key where key is an "attribute"`
			`# of the instance. If the key is not present in the instance metadata returns`
			`# $Default if set, otherwise returns $null.`
			`function Get-InstanceMetadataAttribute {`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`param (`
			`[parameter(Mandatory=$true)] [string]$Key,`
			`[parameter(Mandatory=$false)] [string]$Default`
			`)`

			`$url = ("http://metadata.google.internal/computeMetadata/v1/instance/" +`
			`"attributes/$Key")`
			`try {`
			`$client = New-Object Net.WebClient`
			`$client.Headers.Add('Metadata-Flavor', 'Google')`
			`return ($client.DownloadString($url)).Trim()`
			`}`
			`catch [System.Net.WebException] {`
			`if ($Default) {`
			`return $Default`
			`}`
			`else {`
			`Write-Host "Failed to retrieve value for $Key."`
			`return $null`
			`}`
			`}`
			`}`

			`# Fetches the value of $MetadataKey, saves it to C:\$Filename and imports it as`
			`# a PowerShell module.`
			`#`
			`# Note: this function depends on common.psm1.`
			`function FetchAndImport-ModuleFromMetadata {`
			`param (`
			`[parameter(Mandatory=$true)] [string]$MetadataKey,`
			`[parameter(Mandatory=$true)] [string]$Filename`
			`)`

Enhance metadata fetching functions. Introduce Get-InstanceMetadata which can be used to fetch non-"attribute" metadata values. 2019-03-01 01:17:02 +00:00			`$module = Get-InstanceMetadataAttribute $MetadataKey`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`if (Test-Path C:\$Filename) {`
			`if (-not $REDO_STEPS) {`
			`Log-Output "Skip: C:\$Filename already exists, not overwriting"`
			`Import-Module -Force C:\$Filename`
			`return`
			`}`
			`Log-Output "Warning: C:\$Filename already exists, will overwrite it."`
			`}`
			`New-Item -ItemType file -Force C:\$Filename \| Out-Null`
			`Set-Content C:\$Filename $module`
			`Import-Module -Force C:\$Filename`
			`}`

			`try {`
			`# Don't use FetchAndImport-ModuleFromMetadata for common.psm1 - the common`
			`# module includes variables and functions that any other function may depend`
			`# on.`
Enhance metadata fetching functions. Introduce Get-InstanceMetadata which can be used to fetch non-"attribute" metadata values. 2019-03-01 01:17:02 +00:00			`$module = Get-InstanceMetadataAttribute 'common-psm1'`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`New-Item -ItemType file -Force C:\common.psm1 \| Out-Null`
			`Set-Content C:\common.psm1 $module`
			`Import-Module -Force C:\common.psm1`

			`# TODO(pjh): update the function to set $Filename automatically from the key,`
			`# then put these calls into a loop over a list of XYZ-psm1 keys.`
			`FetchAndImport-ModuleFromMetadata 'k8s-node-setup-psm1' 'k8s-node-setup.psm1'`

Dump Windows version information during cluster bringup. 2019-02-28 22:45:09 +00:00			`Dump-DebugInfoToConsole`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`Set-PrerequisiteOptions`
			`$kube_env = Fetch-KubeEnv`
Disable Windows Defender in Windows nodes on GCE again. This reverts commit fbf4fe4714d749ced197ce51b3b806304dda091a. Windows Defender seems to be causing our Windows nodes to crash and reboot during e2e tests, e.g. https://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-e2e-windows-gce/228/artifacts/e2e-228-36623-windows-node-group-q4. 2019-03-06 19:41:44 +00:00			`Disable-WindowsDefender`
Enable OpenSSH on Windows nodes in test clusters. Also switches to the most recent 64-bit version of OpenSSH for Windows. Tested: PROJECT=${CLOUDSDK_CORE_PROJECT} KUBERNETES_SKIP_CONFIRM=y NUM_NODES=2 \ NUM_WINDOWS_NODES=2 KUBE_GCE_ENABLE_IP_ALIASES=true TEST_CLUSTER=true \ ./cluster/kube-up.sh 2019-02-14 01:24:19 +00:00
Disable Windows Defender on Windows test nodes. 2019-02-23 00:52:17 +00:00			`if (Test-IsTestCluster $kube_env) {`
Enable OpenSSH on Windows nodes in test clusters. Also switches to the most recent 64-bit version of OpenSSH for Windows. Tested: PROJECT=${CLOUDSDK_CORE_PROJECT} KUBERNETES_SKIP_CONFIRM=y NUM_NODES=2 \ NUM_WINDOWS_NODES=2 KUBE_GCE_ENABLE_IP_ALIASES=true TEST_CLUSTER=true \ ./cluster/kube-up.sh 2019-02-14 01:24:19 +00:00			`Log-Output 'Test cluster detected, installing OpenSSH.'`
			`FetchAndImport-ModuleFromMetadata 'install-ssh-psm1' 'install-ssh.psm1'`
			`InstallAndStart-OpenSsh`
			`StartProcess-WriteSshKeys`
			`}`

Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`Set-EnvironmentVars`
			`Create-Directories`
			`Download-HelperScripts`
GCE/Windows: enable stackdriver logging agent This change bumps the stackdriver logging agent version to v1-9, re-enable it, and change the script/configuration to: * Create /var/log in the startup script, since the fluentd configuration expects the directory to exists * Add support for collecting kubelet/kube-proxy logs 2019-04-17 23:54:34 +00:00			`InstallAndStart-LoggingAgent`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00
GCE: add EventLog registry key for docker 2019-02-22 01:00:18 +00:00			`Create-DockerRegistryKey`
GCE/Windows: Configure Docker to rotate container logs 2019-04-23 18:53:16 +00:00			`Configure-Dockerd`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`DownloadAndInstall-KubernetesBinaries`
			`Create-NodePki`
			`Create-KubeletKubeconfig`
			`Create-KubeproxyKubeconfig`
			`Set-PodCidr`
			`Configure-HostNetworkingService`
			`Configure-CniNetworking`
Add GcePD windows support This PR adds the support for GCEPD volume. For now, it uses a workaround (https://github.com/pjh/gce-tools) to get disk number in windows for a given GCE PD name. 2019-02-26 18:41:42 +00:00			`Configure-GcePdTools`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`Configure-Kubelet`

			`Start-WorkerServices`
			`Log-Output 'Waiting 15 seconds for node to join cluster.'`
			`Start-Sleep 15`
			`Verify-WorkerServices`
Rotate windows logs 2019-02-27 19:54:07 +00:00
			`$config = New-FileRotationConfig`
			`Schedule-LogRotation -Pattern '.*\.log$' -Path ${env:LOGS_DIR} -RepetitionInterval $(New-Timespan -Hour 1) -Config $config`
Update cluster/gce scripts to support Windows nodes. 2019-01-31 03:46:45 +00:00			`}`
			`catch {`
			`Write-Host 'Exception caught in script:'`
			`Write-Host $_.InvocationInfo.PositionMessage`
			`Write-Host "Kubernetes Windows node setup failed: $($_.Exception.Message)"`
			`exit 1`
			`}`