#!/bin/bash # Copyright 2014 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. set -o errexit set -o nounset set -o pipefail # This script is only used for e2e tests! Don't use it in production! # This is also a temporary bridge to slowly switch over everything to # federation/develop.sh. Carefully moving things step-by-step, ensuring # things don't break. # TODO(madhusudancs): Remove this script and its dependencies. global KUBE_ROOT := "$[dirname $(BASH_SOURCE)]/../.." # For $FEDERATION_NAME, $FEDERATION_NAMESPACE, $FEDERATION_KUBE_CONTEXT, # $HOST_CLUSTER_CONTEXT and $FEDERATION_USE_PV_FOR_ETCD. source "$(KUBE_ROOT)/federation/cluster/common.sh" global DNS_ZONE_NAME := $(FEDERATION_DNS_ZONE_NAME:-) global DNS_PROVIDER := $(FEDERATION_DNS_PROVIDER:-google-clouddns) # get_version returns the version in KUBERNETES_RELEASE or defaults to the # value in the federation `versions` file. # TODO(madhusudancs): This is a duplicate of the function in # federation/develop/develop.sh with a minor difference. This # function tries to default to the version information in # _output/federation/versions file where as the one in develop.sh # tries to default to the version in the kubernetes versions file. # These functions should be consolidated to read the version from # kubernetes version defs file. proc get_version { var -r versions_file = ""$(KUBE_ROOT)/_output/federation/versions"" if [[ -n "${KUBERNETES_RELEASE:-}" ]] { echo $(KUBERNETES_RELEASE//+/_) return } if [[ ! -f "${versions_file}" ]] { echo "Couldn't determine the release version: neither the " \ "KUBERNETES_RELEASE environment variable is set, nor does " \ "the versions file exist at $(versions_file)" exit 1 } # Read the version back from the versions file if no version is given. var -r kube_version = $[cat $(versions_file) | python -c '\ import json, sys;\ print json.load(sys.stdin)["KUBE_VERSION"]] echo $(kube_version//+/_) } proc wait_for_rbac { # The very first thing that kubefed does when it comes up is run RBAC API # discovery. If it doesn't appear to be available, issue 'get role' to ensure # that kubectl updates its cache. $(KUBE_ROOT)/cluster/kubectl.sh get role var i = '1' var timeout = '60' while [[ ${i} -le ${timeout} ]] { if [[ "$(${KUBE_ROOT}/cluster/kubectl.sh api-versions)" =~ "rbac.authorization.k8s.io/" ]] { break } $(KUBE_ROOT)/cluster/kubectl.sh get role sleep 1 i := $(i+1) } if [[ ${i} -gt ${timeout} ]] { kube::log::status "rbac.authorization.k8s.io API group not available after at least $(timeout) seconds:" kube::log::status $[$(KUBE_ROOT)/cluster/kubectl.sh api-versions] exit 123 } kube::log::status "rbac.authorization.k8s.io API group is available" } # Initializes the control plane. # TODO(madhusudancs): Move this to federation/develop.sh. proc init { kube::log::status "Deploying federation control plane for $(FEDERATION_NAME) in cluster $(HOST_CLUSTER_CONTEXT)" var -r project = $(KUBE_PROJECT:-${PROJECT:-}) var -r kube_registry = $(KUBE_REGISTRY:-gcr.io/${project}) var -r kube_version = $[get_version] kube::log::status "DNS_ZONE_NAME: \"$(DNS_ZONE_NAME)\", DNS_PROVIDER: \"$(DNS_PROVIDER)\"" kube::log::status "Image: \"$(kube_registry)/hyperkube-amd64:$(kube_version)\"" wait_for_rbac # Send INT after 20m and KILL 1m after that if process is still alive. timeout --signal=INT --kill-after=1m 20m \ "$(KUBE_ROOT)/federation/develop/kubefed.sh" init \ $(FEDERATION_NAME) \ --federation-system-namespace=$(FEDERATION_NAMESPACE) \ --host-cluster-context="$(HOST_CLUSTER_CONTEXT)" \ --dns-zone-name="$(DNS_ZONE_NAME)" \ --dns-provider="$(DNS_PROVIDER)" \ --image="$(kube_registry)/hyperkube-amd64:$(kube_version)" \ --apiserver-enable-basic-auth=true \ --apiserver-enable-token-auth=true \ --apiserver-arg-overrides="--runtime-config=api/all=true,--v=4" \ --controllermanager-arg-overrides="--v=4" \ --etcd-persistent-storage=$(FEDERATION_USE_PV_FOR_ETCD) \ --v=4 } # join_clusters joins the clusters in the local kubeconfig to federation. The clusters # and their kubeconfig entries in the local kubeconfig are created while deploying clusters, i.e. when kube-up is run. proc join_clusters { for context in [$[federation_cluster_contexts]] { kube::log::status "Joining cluster with name '$(context)' to federation with name '$(FEDERATION_NAME)'" "$(KUBE_ROOT)/federation/develop/kubefed.sh" join \ $(context) \ --federation-system-namespace=$(FEDERATION_NAMESPACE) \ --host-cluster-context="$(HOST_CLUSTER_CONTEXT)" \ --context="$(FEDERATION_KUBE_CONTEXT)" \ --v=4 } } init join_clusters (CommandList children: [ (C {(set)} {(-o)} {(errexit)}) (C {(set)} {(-o)} {(nounset)}) (C {(set)} {(-o)} {(pipefail)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBE_ROOT) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(dirname)} {(DQ (${ VSub_Name BASH_SOURCE))})] ) left_token: spids: [81 89] ) (/../..) } spids: [80] ) ] spids: [80] ) (C {(source)} {(DQ (${ VSub_Name KUBE_ROOT) (/federation/cluster/common.sh))}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:DNS_ZONE_NAME) op: Equal rhs: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [110 113] ) ) } spids: [108] ) ] spids: [108] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:DNS_PROVIDER) op: Equal rhs: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(google-clouddns)}) spids: [118 122] ) ) } spids: [116] ) ] spids: [116] ) (FuncDef name: get_version body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:versions_file) op: Equal rhs: {(DQ (${ VSub_Name KUBE_ROOT) (/_output/federation/versions))} spids: [166] ) ] spids: [162] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [183 186] ) ) } ) ) terminator: ) ] action: [ (C {(echo)} { (DQ (BracedVarSub token: suffix_op: (PatSub pat: {("+")} replace: {(_)} do_all: True do_prefix: False do_suffix: False ) spids: [198 205] ) ) } ) (ControlFlow token:) ] spids: [-1 192] ) ] spids: [-1 212] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (LogicalNot child: (BoolUnary op_id: BoolUnary_f child: {(DQ (${ VSub_Name versions_file))} ) ) ) terminator: ) ] action: [ (C {(echo)} {(DQ ("Couldn't determine the release version: neither the "))} {(DQ ("KUBERNETES_RELEASE environment variable is set, nor does "))} {(DQ ("the versions file exist at ") (${ VSub_Name versions_file))} ) (C {(exit)} {(1)}) ] spids: [-1 233] ) ] spids: [-1 263] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:kube_version) op: Equal rhs: { (DQ (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (C {(cat)} {(DQ (${ VSub_Name versions_file))}) (C {(python)} {(-c)} { (SQ <"\\\n"> <"import json, sys;\\\n"> <"print json.load(sys.stdin)[\"KUBE_VERSION\"]"> ) } ) ] negated: False ) ] ) left_token: spids: [277 297] ) ) } spids: [275] ) ] spids: [271] ) (C {(echo)} { (DQ (BracedVarSub token: suffix_op: (PatSub pat: {("+")} replace: {(_)} do_all: True do_prefix: False do_suffix: False ) spids: [305 312] ) ) } ) ] spids: [159] ) spids: [153 158] ) (FuncDef name: wait_for_rbac body: (BraceGroup children: [ (C {(${ VSub_Name KUBE_ROOT) (/cluster/kubectl.sh)} {(get)} {(role)}) (Assignment keyword: Assign_Local pairs: [(assign_pair lhs:(LhsName name:i) op:Equal rhs:{(1)} spids:[351])] spids: [349] ) (Assignment keyword: Assign_Local pairs: [(assign_pair lhs:(LhsName name:timeout) op:Equal rhs:{(60)} spids:[357])] spids: [355] ) (While cond: [ (Sentence child: (DBracket expr: (BoolBinary op_id: BoolBinary_le left: {(${ VSub_Name i)} right: {(${ VSub_Name timeout)} ) ) terminator: ) ] body: (DoGroup children: [ (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolBinary op_id: BoolBinary_EqualTilde left: { (DQ (CommandSubPart command_list: (CommandList children: [ (C {(${ VSub_Name KUBE_ROOT) (/cluster/kubectl.sh) } {(api-versions)} ) ] ) left_token: spids: [386 393] ) ) } right: {(DQ (rbac.authorization.k8s.io/))} ) ) terminator: ) ] action: [(ControlFlow token:)] spids: [-1 405] ) ] spids: [-1 411] ) (C {(${ VSub_Name KUBE_ROOT) (/cluster/kubectl.sh)} {(get)} {(role)}) (C {(sleep)} {(1)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:i) op: Equal rhs: { (ArithSubPart anode: (ArithBinary op_id: Arith_Plus left: (ArithVarRef name:i) right: (ArithWord w:{(Lit_Digits 1)}) ) spids: [430 435] ) } spids: [429] ) ] spids: [429] ) ] spids: [378 438] ) ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolBinary op_id: BoolBinary_gt left: {(${ VSub_Name i)} right: {(${ VSub_Name timeout)} ) ) terminator: ) ] action: [ (C {(kube) (Lit_Other ":") (Lit_Other ":") (log) (Lit_Other ":") (Lit_Other ":") (status) } { (DQ ("rbac.authorization.k8s.io API group not available after at least ") (${ VSub_Name timeout) (" seconds:") ) } ) (C {(kube) (Lit_Other ":") (Lit_Other ":") (log) (Lit_Other ":") (Lit_Other ":") (status) } { (DQ (CommandSubPart command_list: (CommandList children: [ (C {(${ VSub_Name KUBE_ROOT) (/cluster/kubectl.sh)} {(api-versions)}) ] ) left_token: spids: [487 494] ) ) } ) (C {(exit)} {(123)}) ] spids: [-1 458] ) ] spids: [-1 503] ) (C {(kube) (Lit_Other ":") (Lit_Other ":") (log) (Lit_Other ":") (Lit_Other ":") (status)} {(DQ ("rbac.authorization.k8s.io API group is available"))} ) ] spids: [324] ) spids: [318 323] ) (FuncDef name: init body: (BraceGroup children: [ (C {(kube) (Lit_Other ":") (Lit_Other ":") (log) (Lit_Other ":") (Lit_Other ":") (status)} { (DQ ("Deploying federation control plane for ") (${ VSub_Name FEDERATION_NAME) (" in cluster ") (${ VSub_Name HOST_CLUSTER_CONTEXT) ) } ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:project) op: Equal rhs: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id: VTest_ColonHyphen arg_word: { (BracedVarSub token: suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{}) spids: [566 569] ) } ) spids: [563 570] ) ) } spids: [561] ) ] spids: [557] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:kube_registry) op: Equal rhs: { (DQ (BracedVarSub token: suffix_op: (StringUnary op_id: VTest_ColonHyphen arg_word: {(gcr.io) (Lit_Slash /) (${ VSub_Name project)} ) spids: [580 588] ) ) } spids: [578] ) ] spids: [574] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:kube_version) op: Equal rhs: { (DQ (CommandSubPart command_list: (CommandList children:[(C {(get_version)})]) left_token: spids: [598 600] ) ) } spids: [596] ) ] spids: [592] ) (C {(kube) (Lit_Other ":") (Lit_Other ":") (log) (Lit_Other ":") (Lit_Other ":") (status)} { (DQ ("DNS_ZONE_NAME: ") (EscapedLiteralPart token:) (${ VSub_Name DNS_ZONE_NAME) (EscapedLiteralPart token:) (", DNS_PROVIDER: ") (EscapedLiteralPart token:) (${ VSub_Name DNS_PROVIDER) (EscapedLiteralPart token:) ) } ) (C {(kube) (Lit_Other ":") (Lit_Other ":") (log) (Lit_Other ":") (Lit_Other ":") (status)} { (DQ ("Image: ") (EscapedLiteralPart token:) (${ VSub_Name kube_registry) ("/hyperkube-amd64:") (${ VSub_Name kube_version) (EscapedLiteralPart token:) ) } ) (C {(wait_for_rbac)}) (C {(timeout)} {(--signal) (Lit_Other "=") (INT)} {(--kill-after) (Lit_Other "=") (1m)} {(20m)} {(DQ (${ VSub_Name KUBE_ROOT) (/federation/develop/kubefed.sh))} {(init)} {(DQ (${ VSub_Name FEDERATION_NAME))} {(--federation-system-namespace) (Lit_Other "=") (${ VSub_Name FEDERATION_NAMESPACE)} {(--host-cluster-context) (Lit_Other "=") (DQ (${ VSub_Name HOST_CLUSTER_CONTEXT))} {(--dns-zone-name) (Lit_Other "=") (DQ (${ VSub_Name DNS_ZONE_NAME))} {(--dns-provider) (Lit_Other "=") (DQ (${ VSub_Name DNS_PROVIDER))} {(--image) (Lit_Other "=") (DQ (${ VSub_Name kube_registry) ("/hyperkube-amd64:") (${ VSub_Name kube_version)) } {(--apiserver-enable-basic-auth) (Lit_Other "=") (true)} {(--apiserver-enable-token-auth) (Lit_Other "=") (true)} {(--apiserver-arg-overrides) (Lit_Other "=") (DQ ("--runtime-config=api/all=true,--v=4"))} {(--controllermanager-arg-overrides) (Lit_Other "=") (DQ ("--v=4"))} {(--etcd-persistent-storage) (Lit_Other "=") (${ VSub_Name FEDERATION_USE_PV_FOR_ETCD)} {(--v) (Lit_Other "=") (4)} ) ] spids: [533] ) spids: [527 532] ) (FuncDef name: join_clusters body: (BraceGroup children: [ (ForEach iter_name: context iter_words: [ { (CommandSubPart command_list: (CommandList children:[(C {(federation_cluster_contexts)})]) left_token: spids: [809 811] ) } ] do_arg_iter: False body: (DoGroup children: [ (C {(kube) (Lit_Other ":") (Lit_Other ":") (log) (Lit_Other ":") (Lit_Other ":") (status) } { (DQ ("Joining cluster with name '") (${ VSub_Name context) ("' to federation with name '") (${ VSub_Name FEDERATION_NAME) ("'") ) } ) (C {(DQ (${ VSub_Name KUBE_ROOT) (/federation/develop/kubefed.sh))} {(join)} {(DQ (${ VSub_Name context))} {(--federation-system-namespace) (Lit_Other "=") (${ VSub_Name FEDERATION_NAMESPACE)} {(--host-cluster-context) (Lit_Other "=") (DQ (${ VSub_Name HOST_CLUSTER_CONTEXT)) } {(--context) (Lit_Other "=") (DQ (${ VSub_Name FEDERATION_KUBE_CONTEXT))} {(--v) (Lit_Other "=") (4)} ) ] spids: [814 891] ) spids: [808 812] ) ] spids: [800] ) spids: [794 799] ) (C {(init)}) (C {(join_clusters)}) ] )