From d2c1f66496e6c72529f8f4992ea3b52e8bfe8ba1 Mon Sep 17 00:00:00 2001 From: galal-hussein Date: Tue, 15 Oct 2019 23:17:26 +0200 Subject: [PATCH] Add k3s cloud provider --- manifests/ccm.yaml | 72 ++++++++++++++++++++++++ pkg/agent/config/config.go | 2 + pkg/agent/run.go | 88 ++++++++++++++++++++++++++++++ pkg/cli/cmds/agent.go | 7 +++ pkg/cli/cmds/server.go | 67 ++++++++++++++--------- pkg/cli/server/server.go | 2 + pkg/cloudprovider/cloudprovider.go | 57 +++++++++++++++++++ pkg/cloudprovider/instances.go | 85 +++++++++++++++++++++++++++++ pkg/daemons/agent/agent.go | 4 ++ pkg/daemons/config/types.go | 77 ++++++++++++++------------ pkg/daemons/control/server.go | 72 ++++++++++++++++++++++++ pkg/deploy/zz_generated_bindata.go | 23 ++++++++ pkg/servicelb/controller.go | 9 ++- 13 files changed, 502 insertions(+), 63 deletions(-) create mode 100644 manifests/ccm.yaml create mode 100644 pkg/cloudprovider/cloudprovider.go create mode 100644 pkg/cloudprovider/instances.go diff --git a/manifests/ccm.yaml b/manifests/ccm.yaml new file mode 100644 index 0000000000..14909d914a --- /dev/null +++ b/manifests/ccm.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cloud-controller-manager +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cloud-controller-manager +subjects: +- kind: User + name: cloud-controller-manager + namespace: kube-system diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index 33b63db4e6..6bd0296128 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -337,6 +337,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) { nodeConfig.Images = filepath.Join(envInfo.DataDir, "images") nodeConfig.AgentConfig.NodeIP = nodeIP nodeConfig.AgentConfig.NodeName = nodeName + nodeConfig.AgentConfig.NodeExternalIP = envInfo.NodeExternalIP nodeConfig.AgentConfig.ServingKubeletCert = servingKubeletCert nodeConfig.AgentConfig.ServingKubeletKey = servingKubeletKey nodeConfig.AgentConfig.ClusterDNS = controlConfig.ClusterDNS @@ -398,6 +399,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) { nodeConfig.AgentConfig.NodeTaints = envInfo.Taints nodeConfig.AgentConfig.NodeLabels = envInfo.Labels nodeConfig.AgentConfig.PrivateRegistry = envInfo.PrivateRegistry + nodeConfig.AgentConfig.DisableCCM = controlConfig.DisableCCM return nodeConfig, nil } diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 95777c7f16..aa2f34b809 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -18,8 +18,19 @@ import ( "github.com/rancher/k3s/pkg/cli/cmds" "github.com/rancher/k3s/pkg/clientaccess" "github.com/rancher/k3s/pkg/daemons/agent" + daemonconfig "github.com/rancher/k3s/pkg/daemons/config" "github.com/rancher/k3s/pkg/rootless" + "github.com/rancher/wrangler-api/pkg/generated/controllers/core" + corev1 "github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1" + "github.com/rancher/wrangler/pkg/start" "github.com/sirupsen/logrus" + "k8s.io/client-go/tools/clientcmd" +) + +const ( + InternalIPLabel = "k3s.io/internal-ip" + ExternalIPLabel = "k3s.io/external-ip" + HostnameLabel = "k3s.io/hostname" ) func run(ctx context.Context, cfg cmds.Agent, lb *loadbalancer.LoadBalancer) error { @@ -58,6 +69,12 @@ func run(ctx context.Context, cfg cmds.Agent, lb *loadbalancer.LoadBalancer) err } } + if !nodeConfig.AgentConfig.DisableCCM { + if err := syncAddressesLabels(ctx, &nodeConfig.AgentConfig); err != nil { + return err + } + } + <-ctx.Done() return ctx.Err() } @@ -124,3 +141,74 @@ func validate() error { return nil } + +func syncAddressesLabels(ctx context.Context, agentConfig *daemonconfig.Agent) error { + for { + nodeController, nodeCache, err := startNodeController(ctx, agentConfig) + if err != nil { + logrus.Infof("Waiting for kubelet to be ready on node %s: %v", agentConfig.NodeName, err) + time.Sleep(1 * time.Second) + continue + } + nodeCached, err := nodeCache.Get(agentConfig.NodeName) + if err != nil { + logrus.Infof("Waiting for kubelet to be ready on node %s: %v", agentConfig.NodeName, err) + time.Sleep(1 * time.Second) + continue + } + node := nodeCached.DeepCopy() + updated := updateLabelMap(ctx, agentConfig, node.Labels) + if updated { + _, err = nodeController.Update(node) + if err == nil { + logrus.Infof("addresses labels has been set succesfully on node: %s", agentConfig.NodeName) + break + } + logrus.Infof("Failed to update node %s: %v", agentConfig.NodeName, err) + time.Sleep(1 * time.Second) + continue + } + logrus.Infof("addresses labels has already been set succesfully on node: %s", agentConfig.NodeName) + return nil + } + return nil +} + +func startNodeController(ctx context.Context, agentConfig *daemonconfig.Agent) (corev1.NodeController, corev1.NodeCache, error) { + restConfig, err := clientcmd.BuildConfigFromFlags("", agentConfig.KubeConfigKubelet) + if err != nil { + return nil, nil, err + } + coreFactory := core.NewFactoryFromConfigOrDie(restConfig) + nodeController := coreFactory.Core().V1().Node() + nodeCache := nodeController.Cache() + if err := start.All(ctx, 1, coreFactory); err != nil { + return nil, nil, err + } + + return nodeController, nodeCache, nil +} + +func updateLabelMap(ctx context.Context, agentConfig *daemonconfig.Agent, nodeLabels map[string]string) bool { + if nodeLabels == nil { + nodeLabels = make(map[string]string) + } + updated := false + if internalIPLabel, ok := nodeLabels[InternalIPLabel]; !ok || internalIPLabel != agentConfig.NodeIP { + nodeLabels[InternalIPLabel] = agentConfig.NodeIP + updated = true + } + if hostnameLabel, ok := nodeLabels[HostnameLabel]; !ok || hostnameLabel != agentConfig.NodeName { + nodeLabels[HostnameLabel] = agentConfig.NodeName + updated = true + } + nodeExternalIP := agentConfig.NodeExternalIP + if externalIPLabel := nodeLabels[ExternalIPLabel]; externalIPLabel != nodeExternalIP && nodeExternalIP != "" { + nodeLabels[ExternalIPLabel] = nodeExternalIP + updated = true + } else if nodeExternalIP == "" && externalIPLabel != "" { + delete(nodeLabels, ExternalIPLabel) + updated = true + } + return updated +} diff --git a/pkg/cli/cmds/agent.go b/pkg/cli/cmds/agent.go index a2499634df..3492622819 100644 --- a/pkg/cli/cmds/agent.go +++ b/pkg/cli/cmds/agent.go @@ -15,6 +15,7 @@ type Agent struct { ResolvConf string DataDir string NodeIP string + NodeExternalIP string NodeName string ClusterSecret string PauseImage string @@ -45,6 +46,11 @@ var ( Usage: "(agent) IP address to advertise for node", Destination: &AgentConfig.NodeIP, } + NodeExternalIPFlag = cli.StringFlag{ + Name: "node-external-ip", + Usage: "(agent) External IP address to advertise for node", + Destination: &AgentConfig.NodeExternalIP, + } NodeNameFlag = cli.StringFlag{ Name: "node-name", Usage: "(agent) Node name", @@ -175,6 +181,7 @@ func NewAgentCommand(action func(ctx *cli.Context) error) cli.Command { NodeLabels, NodeTaints, PrivateRegistryFlag, + NodeExternalIPFlag, }, } } diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index 0d57f47dd8..377d67a967 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -8,33 +8,35 @@ import ( ) type Server struct { - ClusterCIDR string - ClusterSecret string - ServiceCIDR string - ClusterDNS string - ClusterDomain string - HTTPSPort int - HTTPPort int - DataDir string - DisableAgent bool - KubeConfigOutput string - KubeConfigMode string - TLSSan cli.StringSlice - BindAddress string - ExtraAPIArgs cli.StringSlice - ExtraSchedulerArgs cli.StringSlice - ExtraControllerArgs cli.StringSlice - Rootless bool - StoreBootstrap bool - StorageEndpoint string - StorageCAFile string - StorageCertFile string - StorageKeyFile string - AdvertiseIP string - AdvertisePort int - DisableScheduler bool - FlannelBackend string - DefaultLocalStoragePath string + ClusterCIDR string + ClusterSecret string + ServiceCIDR string + ClusterDNS string + ClusterDomain string + HTTPSPort int + HTTPPort int + DataDir string + DisableAgent bool + KubeConfigOutput string + KubeConfigMode string + TLSSan cli.StringSlice + BindAddress string + ExtraAPIArgs cli.StringSlice + ExtraSchedulerArgs cli.StringSlice + ExtraControllerArgs cli.StringSlice + ExtraCloudControllerArgs cli.StringSlice + Rootless bool + StoreBootstrap bool + StorageEndpoint string + StorageCAFile string + StorageCertFile string + StorageKeyFile string + AdvertiseIP string + AdvertisePort int + DisableScheduler bool + FlannelBackend string + DefaultLocalStoragePath string + DisableCCM bool } var ServerConfig Server @@ -143,6 +145,11 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command { Usage: "Customized flag for kube-controller-manager process", Value: &ServerConfig.ExtraControllerArgs, }, + cli.StringSliceFlag{ + Name: "kube-cloud-controller-arg", + Usage: "Customized flag for kube-cloud-controller-manager process", + Value: &ServerConfig.ExtraCloudControllerArgs, + }, cli.BoolFlag{ Name: "rootless", Usage: "(experimental) Run rootless", @@ -194,6 +201,11 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command { Usage: "Disable Kubernetes default scheduler", Destination: &ServerConfig.DisableScheduler, }, + cli.BoolFlag{ + Name: "disable-cloud-controller", + Usage: "Disable k3s default cloud controller manager", + Destination: &ServerConfig.DisableCCM, + }, cli.StringFlag{ Name: "flannel-backend", Usage: fmt.Sprintf("(experimental) One of '%s', '%s', '%s', or '%s'", config.FlannelBackendNone, config.FlannelBackendVXLAN, config.FlannelBackendIPSEC, config.FlannelBackendWireguard), @@ -219,6 +231,7 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command { NodeLabels, NodeTaints, PrivateRegistryFlag, + NodeExternalIPFlag, }, } } diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 43a78e9581..c2ddadb81a 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -85,6 +85,8 @@ func run(app *cli.Context, cfg *cmds.Server) error { serverConfig.ControlConfig.AdvertisePort = cfg.AdvertisePort serverConfig.ControlConfig.BootstrapReadOnly = !cfg.StoreBootstrap serverConfig.ControlConfig.FlannelBackend = cfg.FlannelBackend + serverConfig.ControlConfig.ExtraCloudControllerArgs = cfg.ExtraCloudControllerArgs + serverConfig.ControlConfig.DisableCCM = cfg.DisableCCM if cmds.AgentConfig.FlannelIface != "" && cmds.AgentConfig.NodeIP == "" { cmds.AgentConfig.NodeIP = netutil.GetIPFromInterface(cmds.AgentConfig.FlannelIface) diff --git a/pkg/cloudprovider/cloudprovider.go b/pkg/cloudprovider/cloudprovider.go new file mode 100644 index 0000000000..16e6825e18 --- /dev/null +++ b/pkg/cloudprovider/cloudprovider.go @@ -0,0 +1,57 @@ +package cloudprovider + +import ( + "context" + "io" + + "github.com/rancher/wrangler-api/pkg/generated/controllers/core" + coreclient "github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1" + "github.com/rancher/wrangler/pkg/start" + cloudprovider "k8s.io/cloud-provider" +) + +type k3s struct { + NodeCache coreclient.NodeCache +} + +func init() { + cloudprovider.RegisterCloudProvider("k3s", func(config io.Reader) (cloudprovider.Interface, error) { + return &k3s{}, nil + }) +} + +func (k *k3s) Initialize(clientBuilder cloudprovider.ControllerClientBuilder, stop <-chan struct{}) { + coreFactory := core.NewFactoryFromConfigOrDie(clientBuilder.ConfigOrDie("cloud-controller-manager")) + + go start.All(context.Background(), 1, coreFactory) + + k.NodeCache = coreFactory.Core().V1().Node().Cache() +} + +func (k *k3s) Instances() (cloudprovider.Instances, bool) { + return k, true +} + +func (k *k3s) LoadBalancer() (cloudprovider.LoadBalancer, bool) { + return nil, false +} + +func (k *k3s) Zones() (cloudprovider.Zones, bool) { + return nil, false +} + +func (k *k3s) Clusters() (cloudprovider.Clusters, bool) { + return nil, false +} + +func (k *k3s) Routes() (cloudprovider.Routes, bool) { + return nil, false +} + +func (k *k3s) ProviderName() string { + return "k3s" +} + +func (k *k3s) HasClusterID() bool { + return false +} diff --git a/pkg/cloudprovider/instances.go b/pkg/cloudprovider/instances.go new file mode 100644 index 0000000000..3b340b7bea --- /dev/null +++ b/pkg/cloudprovider/instances.go @@ -0,0 +1,85 @@ +package cloudprovider + +import ( + "context" + "fmt" + + "github.com/sirupsen/logrus" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + cloudprovider "k8s.io/cloud-provider" +) + +const ( + InternalIPLabel = "k3s.io/internal-ip" + ExternalIPLabel = "k3s.io/external-ip" + HostnameLabel = "k3s.io/hostname" +) + +func (k *k3s) AddSSHKeyToAllInstances(ctx context.Context, user string, keyData []byte) error { + return cloudprovider.NotImplemented +} + +func (k *k3s) CurrentNodeName(ctx context.Context, hostname string) (types.NodeName, error) { + return types.NodeName(hostname), nil +} + +func (k *k3s) InstanceExistsByProviderID(ctx context.Context, providerID string) (bool, error) { + return true, nil +} + +func (k *k3s) InstanceID(ctx context.Context, nodeName types.NodeName) (string, error) { + _, err := k.NodeCache.Get(string(nodeName)) + if err != nil { + return "", fmt.Errorf("Failed to find node %s: %v", nodeName, err) + } + return string(nodeName), nil +} + +func (k *k3s) InstanceShutdownByProviderID(ctx context.Context, providerID string) (bool, error) { + return true, cloudprovider.NotImplemented +} + +func (k *k3s) InstanceType(ctx context.Context, name types.NodeName) (string, error) { + _, err := k.InstanceID(ctx, name) + if err != nil { + return "", err + } + return "k3s", nil +} + +func (k *k3s) InstanceTypeByProviderID(ctx context.Context, providerID string) (string, error) { + return "", cloudprovider.NotImplemented +} + +func (k *k3s) NodeAddresses(ctx context.Context, name types.NodeName) ([]corev1.NodeAddress, error) { + addresses := []corev1.NodeAddress{} + node, err := k.NodeCache.Get(string(name)) + if err != nil { + return nil, fmt.Errorf("Failed to find node %s: %v", name, err) + } + // check internal address + if node.Labels[InternalIPLabel] != "" { + addresses = append(addresses, corev1.NodeAddress{Type: corev1.NodeInternalIP, Address: node.Labels[InternalIPLabel]}) + } else { + logrus.Infof("couldn't find node internal ip label on node %s", name) + } + + // check external address + if node.Labels[ExternalIPLabel] != "" { + addresses = append(addresses, corev1.NodeAddress{Type: corev1.NodeExternalIP, Address: node.Labels[ExternalIPLabel]}) + } + + // check hostname + if node.Labels[HostnameLabel] != "" { + addresses = append(addresses, corev1.NodeAddress{Type: corev1.NodeHostName, Address: node.Labels[HostnameLabel]}) + } else { + logrus.Infof("couldn't find node hostname label on node %s", name) + } + + return addresses, nil +} + +func (k *k3s) NodeAddressesByProviderID(ctx context.Context, providerID string) ([]corev1.NodeAddress, error) { + return nil, cloudprovider.NotImplemented +} diff --git a/pkg/daemons/agent/agent.go b/pkg/daemons/agent/agent.go index 6f4d1101d8..b7d5709c94 100644 --- a/pkg/daemons/agent/agent.go +++ b/pkg/daemons/agent/agent.go @@ -133,6 +133,10 @@ func kubelet(cfg *config.Agent) { if len(cfg.NodeTaints) > 0 { argsMap["register-with-taints"] = strings.Join(cfg.NodeTaints, ",") } + if !cfg.DisableCCM { + argsMap["cloud-provider"] = "external" + } + args := config.GetArgsList(argsMap, cfg.ExtraKubeletArgs) command.SetArgs(args) diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go index 57ac2e5df2..e1dbce6ae6 100644 --- a/pkg/daemons/config/types.go +++ b/pkg/daemons/config/types.go @@ -63,6 +63,7 @@ type Agent struct { KubeConfigKubelet string KubeConfigKubeProxy string NodeIP string + NodeExternalIP string RuntimeSocket string ListenAddress string ClientCA string @@ -77,33 +78,36 @@ type Agent struct { IPSECPSK string StrongSwanDir string PrivateRegistry string + DisableCCM bool } type Control struct { - AdvertisePort int - AdvertiseIP string - ListenPort int - HTTPSPort int - ClusterSecret string - ClusterIPRange *net.IPNet - ServiceIPRange *net.IPNet - ClusterDNS net.IP - ClusterDomain string - NoCoreDNS bool - KubeConfigOutput string - KubeConfigMode string - DataDir string - Skips []string - BootstrapReadOnly bool - Storage endpoint.Config - NoScheduler bool - ExtraAPIArgs []string - ExtraControllerArgs []string - ExtraSchedulerAPIArgs []string - NoLeaderElect bool - FlannelBackend string - IPSECPSK string - DefaultLocalStoragePath string + AdvertisePort int + AdvertiseIP string + ListenPort int + HTTPSPort int + ClusterSecret string + ClusterIPRange *net.IPNet + ServiceIPRange *net.IPNet + ClusterDNS net.IP + ClusterDomain string + NoCoreDNS bool + KubeConfigOutput string + KubeConfigMode string + DataDir string + Skips []string + BootstrapReadOnly bool + Storage endpoint.Config + NoScheduler bool + ExtraAPIArgs []string + ExtraControllerArgs []string + ExtraSchedulerAPIArgs []string + ExtraCloudControllerArgs []string + NoLeaderElect bool + FlannelBackend string + IPSECPSK string + DefaultLocalStoragePath string + DisableCCM bool Runtime *ControlRuntime `json:"-"` } @@ -130,10 +134,11 @@ type ControlRuntime struct { ClientKubeAPIKey string NodePasswdFile string - KubeConfigAdmin string - KubeConfigController string - KubeConfigScheduler string - KubeConfigAPIServer string + KubeConfigAdmin string + KubeConfigController string + KubeConfigScheduler string + KubeConfigAPIServer string + KubeConfigCloudController string ServingKubeAPICert string ServingKubeAPIKey string @@ -146,13 +151,15 @@ type ControlRuntime struct { ClientAuthProxyCert string ClientAuthProxyKey string - ClientAdminCert string - ClientAdminKey string - ClientControllerCert string - ClientControllerKey string - ClientSchedulerCert string - ClientSchedulerKey string - ClientKubeProxyCert string + ClientAdminCert string + ClientAdminKey string + ClientControllerCert string + ClientControllerKey string + ClientSchedulerCert string + ClientSchedulerKey string + ClientKubeProxyCert string + ClientCloudControllerCert string + ClientCloudControllerKey string } type ArgString []string diff --git a/pkg/daemons/control/server.go b/pkg/daemons/control/server.go index d1fb15e142..d7a7d655ff 100644 --- a/pkg/daemons/control/server.go +++ b/pkg/daemons/control/server.go @@ -22,11 +22,17 @@ import ( "time" certutil "github.com/rancher/dynamiclistener/cert" + // registering k3s cloud provider + _ "github.com/rancher/k3s/pkg/cloudprovider" "github.com/rancher/k3s/pkg/daemons/config" "github.com/rancher/kine/pkg/client" "github.com/rancher/kine/pkg/endpoint" + "github.com/rancher/wrangler-api/pkg/generated/controllers/rbac" "github.com/sirupsen/logrus" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apiserver/pkg/authentication/authenticator" + "k8s.io/client-go/tools/clientcmd" + ccmapp "k8s.io/kubernetes/cmd/cloud-controller-manager/app" "k8s.io/kubernetes/cmd/kube-apiserver/app" cmapp "k8s.io/kubernetes/cmd/kube-controller-manager/app" sapp "k8s.io/kubernetes/cmd/kube-scheduler/app" @@ -94,6 +100,10 @@ func Server(ctx context.Context, cfg *config.Control) error { controllerManager(cfg, runtime) + if !cfg.DisableCCM { + cloudControllerManager(cfg, runtime) + } + return nil } @@ -267,11 +277,14 @@ func prepare(ctx context.Context, config *config.Control, runtime *config.Contro runtime.KubeConfigController = path.Join(config.DataDir, "cred", "controller.kubeconfig") runtime.KubeConfigScheduler = path.Join(config.DataDir, "cred", "scheduler.kubeconfig") runtime.KubeConfigAPIServer = path.Join(config.DataDir, "cred", "api-server.kubeconfig") + runtime.KubeConfigCloudController = path.Join(config.DataDir, "cred", "cloud-controller.kubeconfig") runtime.ClientAdminCert = path.Join(config.DataDir, "tls", "client-admin.crt") runtime.ClientAdminKey = path.Join(config.DataDir, "tls", "client-admin.key") runtime.ClientControllerCert = path.Join(config.DataDir, "tls", "client-controller.crt") runtime.ClientControllerKey = path.Join(config.DataDir, "tls", "client-controller.key") + runtime.ClientCloudControllerCert = path.Join(config.DataDir, "tls", "client-cloud-controller.crt") + runtime.ClientCloudControllerKey = path.Join(config.DataDir, "tls", "client-cloud-controller.key") runtime.ClientSchedulerCert = path.Join(config.DataDir, "tls", "client-scheduler.crt") runtime.ClientSchedulerKey = path.Join(config.DataDir, "tls", "client-scheduler.key") runtime.ClientKubeAPICert = path.Join(config.DataDir, "tls", "client-kube-apiserver.crt") @@ -573,6 +586,16 @@ func genClientCerts(config *config.Control, runtime *config.ControlRuntime) erro return err } + certGen, err = factory("cloud-controller-manager", nil, runtime.ClientCloudControllerCert, runtime.ClientCloudControllerKey) + if err != nil { + return err + } + if certGen { + if err := KubeConfig(runtime.KubeConfigCloudController, apiEndpoint, runtime.ServerCA, runtime.ClientCloudControllerCert, runtime.ClientCloudControllerKey); err != nil { + return err + } + } + return nil } @@ -798,3 +821,52 @@ func expired(certFile string) bool { } return certutil.IsCertExpired(certificates[0]) } + +func cloudControllerManager(cfg *config.Control, runtime *config.ControlRuntime) { + argsMap := map[string]string{ + "kubeconfig": runtime.KubeConfigCloudController, + "allocate-node-cidrs": "true", + "cluster-cidr": cfg.ClusterIPRange.String(), + "bind-address": localhostIP.String(), + "secure-port": "0", + "cloud-provider": "k3s", + "allow-untagged-cloud": "true", + "node-status-update-frequency": "1m", + } + if cfg.NoLeaderElect { + argsMap["leader-elect"] = "false" + } + + args := config.GetArgsList(argsMap, cfg.ExtraCloudControllerArgs) + + command := ccmapp.NewCloudControllerManagerCommand() + command.SetArgs(args) + // register k3s cloud provider + + go func() { + for { + // check for the cloud controller rbac binding + if err := checkForCloudControllerPrivileges(runtime); err != nil { + logrus.Infof("Waiting for cloudcontroller rbac role to be created") + time.Sleep(time.Second) + continue + } + break + } + logrus.Infof("Running cloud-controller-manager %s", config.ArgString(args)) + logrus.Fatalf("cloud-controller-manager exited: %v", command.Execute()) + }() +} + +func checkForCloudControllerPrivileges(runtime *config.ControlRuntime) error { + restConfig, err := clientcmd.BuildConfigFromFlags("", runtime.KubeConfigAdmin) + if err != nil { + return err + } + crb := rbac.NewFactoryFromConfigOrDie(restConfig).Rbac().V1().ClusterRoleBinding() + _, err = crb.Get("cloud-controller-manager", metav1.GetOptions{}) + if err != nil { + return err + } + return nil +} diff --git a/pkg/deploy/zz_generated_bindata.go b/pkg/deploy/zz_generated_bindata.go index 51630b9afb..8f8c353bd1 100644 --- a/pkg/deploy/zz_generated_bindata.go +++ b/pkg/deploy/zz_generated_bindata.go @@ -1,5 +1,6 @@ // Code generated for package deploy by go-bindata DO NOT EDIT. (@generated) // sources: +// manifests/ccm.yaml // manifests/coredns.yaml // manifests/local-storage.yaml // manifests/rolebindings.yaml @@ -80,6 +81,26 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } +var _ccmYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\x93\x3f\x4f\x33\x31\x0c\xc6\xf7\x7c\x0a\xab\x4b\xa5\x57\xba\x56\xef\x86\x6e\x84\x81\xbd\x12\xec\xbe\xc4\xb4\xa1\xb9\x38\xb2\x9d\xab\xe0\xd3\xa3\x6b\xcb\xc0\x15\xfa\x6f\xb3\xac\x3c\x3f\x3f\x8e\x6d\x2c\xf1\x95\x44\x23\xe7\x16\xa4\x43\xbf\xc0\x6a\x1b\x96\xf8\x89\x16\x39\x2f\xb6\x0f\xba\x88\xbc\x1c\xfe\xbb\x6d\xcc\xa1\x85\xa7\x54\xd5\x48\x56\x9c\xc8\xf5\x64\x18\xd0\xb0\x75\x00\x19\x7b\x6a\xc1\x27\xae\xa1\xf1\x9c\x4d\x38\x25\x92\xa6\xc7\x8c\x6b\x12\x27\x35\x91\xb6\xae\x01\x2c\xf1\x59\xb8\x16\x1d\x45\x0d\xcc\x66\x0e\x40\x48\xb9\x8a\xa7\x63\x8e\x06\xca\xa6\x0e\x60\x20\xe9\x8e\x39\x2f\x84\x46\xfb\xb0\xa0\xf9\xcd\x3e\xaa\x25\x8c\xc9\xab\xa0\x99\x03\x4d\x98\xf3\x7f\xf3\x1b\xb4\x4b\x35\xb4\x3a\x41\x1c\xbc\x5c\x05\x51\x92\x21\xfa\xa9\x87\x14\xd5\x7e\xef\x6a\x0c\x77\x37\xe3\xd1\x7b\xae\x7f\xfd\xde\x55\xa0\x32\x2e\x83\x1a\x65\x1b\x38\xd5\x7e\x6a\x78\x4d\xf6\xd3\xf8\x7d\x76\x29\x87\xc2\xf1\xdc\x98\x4f\x0a\xed\x4e\xe6\xde\x34\xee\xfe\xed\x7d\x8c\x39\xc4\xbc\xbe\x69\x89\x39\xd1\x8a\xde\xc6\x97\xdf\x2d\x9e\xa9\xea\x00\x4e\x4f\xe6\x62\x0d\xad\xdd\x3b\x79\xdb\xdf\xca\x41\xfe\xa2\x24\x97\x75\x87\x07\x5a\xd0\x53\x0b\xdb\xda\x51\xa3\x1f\x6a\xd4\xbb\xaf\x00\x00\x00\xff\xff\xed\x32\x7e\x6b\xe0\x03\x00\x00") + +func ccmYamlBytes() ([]byte, error) { + return bindataRead( + _ccmYaml, + "ccm.yaml", + ) +} + +func ccmYaml() (*asset, error) { + bytes, err := ccmYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "ccm.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _corednsYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x56\x5f\x6f\xdb\x36\x10\x7f\xf7\xa7\x20\x34\xf4\x6d\x72\x62\x04\xed\x32\xbe\xb5\x71\xd6\x06\x68\x5c\x23\x4e\xfa\x32\x0c\xc5\x99\x3a\x5b\x5c\x28\x1e\x47\x9e\xdc\x78\x5d\xbe\xfb\xa0\xbf\x16\x1d\xa5\x68\x8b\xea\x89\xe2\xf1\x7e\x77\xbc\x3f\xbf\x23\x38\xfd\x11\x7d\xd0\x64\xa5\xd8\xcd\x26\xf7\xda\x66\x52\xac\xd0\xef\xb4\xc2\xd7\x4a\x51\x69\x79\x52\x20\x43\x06\x0c\x72\x22\x84\x85\x02\xa5\x50\xe4\x31\xb3\xa1\xfd\x0f\x0e\x14\x4a\x71\x5f\xae\x31\x0d\xfb\xc0\x58\x4c\xd2\x34\x9d\x0c\xa1\xfd\x1a\xd4\x14\x4a\xce\xc9\xeb\x7f\x81\x35\xd9\xe9\xfd\x79\x98\x6a\x3a\xd9\xcd\xd6\xc8\xd0\x59\xbe\x30\x65\x60\xf4\x37\x64\x30\x32\x6b\x60\x8d\x26\x54\x2b\x51\xdb\xf1\x16\x19\x6b\xfd\x35\x11\x07\xf6\xe0\x9c\xb6\xdb\xc6\x50\x9a\xe1\x06\x4a\xc3\xa1\xf7\xb7\xf1\x4a\x76\x6e\xfb\xd2\x60\x90\x93\x54\x80\xd3\x6f\x3d\x95\xae\x46\x4e\x45\x92\x4c\x84\xf0\x18\xa8\xf4\x0a\xdb\x3d\xb4\x99\x23\x6d\x6b\xb0\x54\x84\x26\x32\xcd\x8f\xa3\xac\x59\xf4\x41\xa8\x7e\x77\xe8\xd7\xad\xae\xd1\x81\xeb\xc5\x67\x60\x95\x7f\x9b\x3d\x4b\xd9\x31\xcc\x16\xf9\x67\x04\xf4\x8d\xb6\x99\xb6\xdb\x28\xae\x60\x2d\x71\xad\xde\x06\x77\x0c\x37\x8a\x37\x94\x4c\xa5\xcb\x80\x51\x8a\x84\x7d\x89\xc9\xcf\x4f\x0f\x19\xbc\xc1\x4d\xed\x5f\x1b\xb0\xaf\x5c\x78\x22\xc4\xd3\xda\x79\x06\x39\x94\xeb\xbf\x51\x71\x9d\xfb\xd1\x52\xff\xe1\x02\xef\x7b\xe7\x82\xec\x46\x6f\xaf\xc1\xfd\x48\xdb\x74\xc7\x2f\xc8\xe3\x46\x1b\x94\xe2\xbf\x3a\xa6\x53\xf9\xf2\x4c\x7c\xa9\x97\xd5\x87\xde\x93\x0f\xfd\x6f\x8e\x60\x38\xef\x7f\x0f\x09\x10\x2f\xbe\x5c\xbc\xbf\x5b\xdd\x5e\xde\x7c\x9a\x7f\xb8\x7e\x7d\xb5\x78\x7c\x21\xb4\x4d\x21\xcb\xfc\x14\xbc\x03\xa1\xdd\xab\x66\x71\xc0\x16\x75\x59\x0b\x6d\x03\xaa\xd2\xe3\x60\xbf\x74\x81\x3d\x42\x31\xd8\xda\x80\x31\x9c\x7b\x2a\xb7\xf9\x38\x70\x7f\xf6\xf1\xe0\x2d\x05\x0e\xe2\x04\x59\x9d\xb4\xf1\x38\x59\x50\x86\xef\xea\xed\xa1\x1f\x1e\x0d\x41\x26\x66\x61\xdc\xe0\x08\xb4\xf3\x54\x20\xe7\x58\x06\x21\x7f\x9f\xbd\x3c\xeb\x05\x1b\xf2\x9f\xc1\x67\x62\xda\xd8\xad\x5a\xce\xec\xa6\x8a\xec\xa6\x3f\xa2\x40\xe5\x28\xce\x4e\xfb\x0d\x43\xe4\x26\xb1\x2f\x03\x19\x64\x6b\x30\x60\x55\x13\xa0\xc7\x27\xf5\x00\xce\x85\x93\xbe\x28\xe6\xe8\x0c\xed\x0b\xfc\x31\x32\x3d\xea\xaf\xf3\x90\x82\x73\xed\x91\x46\xf1\xb8\xeb\x1a\xe0\xa4\x2a\xa3\xf9\x62\x95\x4c\x82\x43\x55\x69\xff\xe2\xd1\x19\xad\x20\x48\x31\x9b\x08\x51\x35\x26\xe3\x76\xdf\x00\xf3\xde\xa1\x14\x37\x64\x8c\xb6\xdb\xbb\xba\xc5\x1b\x4a\x18\xee\xc8\x36\x06\x05\x3c\xdc\x59\xd8\x81\x36\xb0\xae\xea\xb4\x86\x43\x83\x8a\xc9\x37\x67\x8a\x8a\xf3\xde\x0f\x1c\x1f\x77\x9d\xb1\x70\xa6\x07\x1e\x46\xa7\x0e\x74\xa4\xff\xdc\xe5\xbb\xeb\xd5\xeb\xa8\xa1\x17\x47\x11\xae\xef\x49\x06\xfd\x90\xf3\xaa\x2f\x15\xf7\xb8\xaf\x42\xe6\x35\x6b\x05\xe6\x75\x96\x91\x0d\x1f\xac\xd9\x27\x83\xf2\x23\x57\x69\x92\x97\x22\xb9\x7c\xd0\x81\x43\x27\xac\x58\x7b\x15\x5d\xbf\xfa\x2a\x22\x3e\xa2\x4f\x0a\x52\x18\x6d\xcb\x87\xf6\x90\x22\xcb\xa0\x2d\xfa\xde\x97\xf4\x49\x59\x34\x9f\x2e\x60\x7b\xd8\xee\x7a\x47\xce\xa6\xaf\xa6\x67\xf1\xa1\x65\x69\xcc\x92\x8c\x56\x7b\x29\xae\x36\x0b\xe2\xa5\xc7\x80\x35\xbb\x75\xd5\x3c\x18\x39\x7d\x4d\xeb\x42\x73\xb4\x53\xa5\xa3\x20\xbf\x97\x62\xf6\xdb\xe9\xb5\x8e\x5a\xf3\x9f\x12\xc3\xf1\x69\xe5\x4a\x29\x66\xa7\xa7\xc5\x28\x46\x04\x01\x7e\x1b\xa4\xf8\x53\x24\x69\xd5\x84\xc9\xaf\x22\x89\x08\xa1\xe3\xbf\x44\xfc\xd5\xab\xec\xc8\x94\x05\x5e\x57\x59\x8d\xf2\xd6\x45\xab\xa2\xdd\xb4\x39\x34\xb0\x5f\x54\xe7\x97\xc0\xb9\x8c\x28\x27\xba\x0b\x64\x55\x9e\xa5\xa8\xa6\xd9\x81\x4b\xc8\xc7\x76\xfa\x4c\x2d\xc9\xb3\x14\x03\x76\xe9\x1a\x39\xc6\x75\x9e\x98\x14\x19\x29\xee\xe6\xcb\xef\xc5\x49\x59\xb9\x51\xac\xdb\x8b\xaf\x60\x45\x9c\xd7\xa1\x15\xc8\x5e\xab\x71\xcf\x86\x68\x35\xdf\x6b\xde\x5f\x90\x65\x7c\xe0\x61\x6a\xc1\x18\xfa\xbc\xf4\x7a\xa7\x0d\x6e\xf1\x32\x28\x30\x75\xff\xc8\x8a\x8f\xc3\x30\xdc\x0a\x1c\xac\xb5\xd1\xac\xf1\xa8\x38\x20\xcb\xe2\x8d\x54\x2c\x2e\x6f\x3f\xbd\xb9\x5a\xcc\x3f\xad\x2e\x6f\x3e\x5e\x5d\x5c\x46\xe2\xcc\x93\x3b\x56\x00\x63\x46\x12\x77\x43\xc4\x7f\x68\x83\xed\xac\x8f\xd3\x68\xf4\x0e\x2d\x86\xb0\xf4\xb4\xc6\x21\x5e\xce\xec\xde\x22\xc7\x26\x5c\x53\x28\x47\x03\x55\xb4\xe5\x20\xc5\xf9\xe9\xf9\x69\xb4\x1d\x54\x8e\x55\x90\xdf\xdd\xde\x2e\x07\x02\x6d\x35\x6b\x30\x73\x34\xb0\x5f\xa1\x22\x9b\x05\x29\x5e\x0d\x55\x59\x17\x48\x25\xf7\xc2\x97\x03\x59\x28\x95\xc2\x10\x6e\x73\x8f\x21\x27\x93\x35\xec\xda\x7d\x1b\xd0\xa6\xf4\x38\x90\x76\xba\x99\x0d\x5d\xdb\xcf\x9b\x27\x56\x2b\x68\xba\xe2\x3b\xba\x46\x75\x8f\x98\x38\x3c\xe3\xc4\x54\x5f\x98\xb1\x08\xc7\xe9\xaa\x19\xb5\x6b\xe5\x48\xd6\x45\x7a\x54\xd8\x2a\xf6\x8f\x82\x51\xcd\x83\xf4\xd9\x97\x58\xfb\xb4\x1b\x99\xb8\x83\xe1\xf1\xec\xc8\x7d\xf2\x32\x3e\x3c\x2e\x2a\x1e\x6f\xea\x21\xa9\x3a\x2e\x19\x11\x07\xe5\xc1\x3d\xfb\x42\xfe\x86\x09\xae\x9a\xc7\x6c\xda\x8e\xb3\x01\xd2\xb7\xce\xfa\x78\x1a\x8f\xd9\x6c\x6d\x5c\x2d\xe5\xf0\xa1\xb8\x58\x3d\xbe\x98\x0c\xf8\x2f\x3d\x62\x37\x37\xa4\xad\x63\x92\x4b\x47\x28\xec\x19\x85\x86\x7b\xd2\x11\x96\x72\x31\x99\xc5\x2a\xff\x07\x00\x00\xff\xff\xe6\x56\x5e\x9e\xb1\x0e\x00\x00") func corednsYamlBytes() ([]byte, error) { @@ -212,6 +233,7 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. var _bindata = map[string]func() (*asset, error){ + "ccm.yaml": ccmYaml, "coredns.yaml": corednsYaml, "local-storage.yaml": localStorageYaml, "rolebindings.yaml": rolebindingsYaml, @@ -259,6 +281,7 @@ type bintree struct { } var _bintree = &bintree{nil, map[string]*bintree{ + "ccm.yaml": &bintree{ccmYaml, map[string]*bintree{}}, "coredns.yaml": &bintree{corednsYaml, map[string]*bintree{}}, "local-storage.yaml": &bintree{localStorageYaml, map[string]*bintree{}}, "rolebindings.yaml": &bintree{rolebindingsYaml, map[string]*bintree{}}, diff --git a/pkg/servicelb/controller.go b/pkg/servicelb/controller.go index 3d31fffee3..1fc65fb17d 100644 --- a/pkg/servicelb/controller.go +++ b/pkg/servicelb/controller.go @@ -221,10 +221,17 @@ func (h *handler) podIPs(pods []*core.Pod) ([]string, error) { } for _, addr := range node.Status.Addresses { - if addr.Type == core.NodeInternalIP { + if addr.Type == core.NodeExternalIP { ips[addr.Address] = true } } + if len(ips) == 0 { + for _, addr := range node.Status.Addresses { + if addr.Type == core.NodeInternalIP { + ips[addr.Address] = true + } + } + } } var ipList []string