github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #3008 from cjcullen/deploy 

Only create a single firewall rule for all minions.
pull/6/head
Joe Beda 2014-12-18 09:00:46 -08:00
parent a781c02229 90364b30b0
commit a781bd6b04
3 changed files with 11 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/gce/config-default.sh
View File

@ -32,6 +32,7 @@ MASTER_NAME="${INSTANCE_PREFIX}-master"
MASTER_TAG="${INSTANCE_PREFIX}-master" MASTER_TAG="${INSTANCE_PREFIX}-master"
MINION_TAG="${INSTANCE_PREFIX}-minion" MINION_TAG="${INSTANCE_PREFIX}-minion"
MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${NUM_MINIONS}})) MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${NUM_MINIONS}}))
CLUSTER_IP_RANGE="10.244.0.0/16"
MINION_IP_RANGES=($(eval echo "10.244.{1..${NUM_MINIONS}}.0/24")) MINION_IP_RANGES=($(eval echo "10.244.{1..${NUM_MINIONS}}.0/24"))
MINION_SCOPES=("storage-ro" "compute-rw") MINION_SCOPES=("storage-ro" "compute-rw")
# Increase the sleep interval value if concerned about API rate limits. 3, in seconds, is the default. # Increase the sleep interval value if concerned about API rate limits. 3, in seconds, is the default.

1
cluster/gce/config-test.sh
View File

@ -32,6 +32,7 @@ MASTER_NAME="${INSTANCE_PREFIX}-master"
MASTER_TAG="${INSTANCE_PREFIX}-master" MASTER_TAG="${INSTANCE_PREFIX}-master"
MINION_TAG="${INSTANCE_PREFIX}-minion" MINION_TAG="${INSTANCE_PREFIX}-minion"
MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${NUM_MINIONS}})) MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${NUM_MINIONS}}))
CLUSTER_IP_RANGE="10.245.0.0/16"
MINION_IP_RANGES=($(eval echo "10.245.{1..${NUM_MINIONS}}.0/24")) MINION_IP_RANGES=($(eval echo "10.245.{1..${NUM_MINIONS}}.0/24"))
MINION_SCOPES=("storage-ro" "compute-rw") MINION_SCOPES=("storage-ro" "compute-rw")
# Increase the sleep interval value if concerned about API rate limits. 3, in seconds, is the default. # Increase the sleep interval value if concerned about API rate limits. 3, in seconds, is the default.

32
cluster/gce/util.sh
View File

@ -249,6 +249,7 @@ function wait-for-jobs {
# Robustly try to create a firewall rule. # Robustly try to create a firewall rule.
# $1: The name of firewall rule. # $1: The name of firewall rule.
# $2: IP ranges. # $2: IP ranges.
# $3: Target tags for this firewall rule.
function create-firewall-rule { function create-firewall-rule {
local attempt=0 local attempt=0
while true; do while true; do
@ -256,6 +257,7 @@ function create-firewall-rule {
--project "${PROJECT}" \ --project "${PROJECT}" \
--network "${NETWORK}" \ --network "${NETWORK}" \
--source-ranges "$2" \ --source-ranges "$2" \
--target-tags "$3" \
--allow tcp udp icmp esp ah sctp; then --allow tcp udp icmp esp ah sctp; then
if (( attempt > 5 )); then if (( attempt > 5 )); then
echo -e "${color_red}Failed to create firewall rule $1 ${color_norm}" echo -e "${color_red}Failed to create firewall rule $1 ${color_norm}"
@ -416,16 +418,9 @@ function kube-up {
--scopes "storage-ro" "compute-rw" \ --scopes "storage-ro" "compute-rw" \
--metadata-from-file "startup-script=${KUBE_TEMP}/master-start.sh" & --metadata-from-file "startup-script=${KUBE_TEMP}/master-start.sh" &
# Create the firewall rules, 10 at a time. # Create a single firewall rule for all minions.
for (( i=0; i<${#MINION_NAMES[@]}; i++)); do create-firewall-rule "${MINION_TAG}-all" "${CLUSTER_IP_RANGE}" "${MINION_TAG}" &
create-firewall-rule "${MINION_NAMES[$i]}-all" "${MINION_IP_RANGES[$i]}" &
if [ $i -ne 0 ] && [ $((i%10)) -eq 0 ]; then
echo Waiting for a batch of firewall rules at $i...
wait-for-jobs
fi
done
# Wait for last batch of jobs. # Wait for last batch of jobs.
wait-for-jobs wait-for-jobs
@ -613,20 +608,11 @@ function kube-down {
--quiet \ --quiet \
"${MASTER_NAME}-https" || true "${MASTER_NAME}-https" || true
# Delete firewall rules for minions. # Delete firewall rule for minions.
# TODO(satnam6502): Adjust this if we move to just one big firewall rule.\ gcloud compute firewall-rules delete \
local -a firewall_rules --project "${PROJECT}" \
firewall_rules=( $(gcloud compute firewall-rules list --project "${PROJECT}" \ --quiet \
--regexp "${INSTANCE_PREFIX}-minion-[0-9]+-all" \ "${MINION_TAG}-all" || true
| awk 'NR >= 2 { print $1 }') )
while (( "${#firewall_rules[@]}" > 0 )); do
echo Deleting firewall rules "${firewall_rules[*]::10}"
gcloud compute firewall-rules delete \
--project "${PROJECT}" \
--quiet \
"${firewall_rules[@]::10}" || true
firewall_rules=( "${firewall_rules[@]:10}" )
done
# Delete routes. # Delete routes.
local -a routes local -a routes