vendor files

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/configure-proxy.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# The contents of these variables swapped in by heat via environments presented to kube-up.sh
+
+export ETC_ENVIRONMENT='FTP_PROXY=$FTP_PROXY
+HTTP_PROXY=$HTTP_PROXY
+HTTPS_PROXY=$HTTPS_PROXY
+SOCKS_PROXY=$SOCKS_PROXY
+NO_PROXY=$NO_PROXY
+ftp_proxy=$FTP_PROXY
+http_proxy=$HTTP_PROXY
+https_proxy=$HTTPS_PROXY
+socks_proxy=$SOCKS_PROXY
+no_proxy=$NO_PROXY
+'
+
+export ETC_PROFILE_D='export FTP_PROXY=$FTP_PROXY
+export HTTP_PROXY=$HTTP_PROXY
+export HTTPS_PROXY=$HTTPS_PROXY
+export SOCKS_PROXY=$SOCKS_PROXY
+export NO_PROXY=$NO_PROXY
+export ftp_proxy=$FTP_PROXY
+export http_proxy=$HTTP_PROXY
+export https_proxy=$HTTPS_PROXY
+export socks_proxy=$SOCKS_PROXY
+export no_proxy=$NO_PROXY
+'
+
+export DOCKER_PROXY='[Service]
+      Environment="HTTP_PROXY=$HTTP_PROXY"
+      Environment="HTTPS_PROXY=$HTTPS_PROXY"
+      Environment="SOCKS_PROXY=$SOCKS_PROXY"
+      Environment="NO_PROXY=$NO_PROXY"
+      Environment="ftp_proxy=$FTP_PROXY"
+      Environment="http_proxy=$HTTP_PROXY"
+      Environment="https_proxy=$HTTPS_PROXY"
+      Environment="socks_proxy=$SOCKS_PROXY"
+      Environment="no_proxy=$NO_PROXY"
+'
+
+# This again is set by heat
+ENABLE_PROXY='$ENABLE_PROXY'
+
+# Heat itself doesn't have conditionals, so this is how we set up our proxy without breaking non-proxy setups.
+if [[ "${ENABLE_PROXY}" == "true" ]]; then
+  mkdir -p /etc/systemd/system/docker.service.d/
+
+  echo "${ETC_ENVIRONMENT}" >> /etc/environment
+  echo "${ETC_PROFILE_D}" > /etc/profile.d/proxy_config.sh
+  echo "${DOCKER_PROXY}" > etc/systemd/system/docker.service.d/http-proxy.conf
+  echo "proxy=$HTTP_PROXY" >> /etc/yum.conf
+fi

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/configure-salt.yaml

@@ -0,0 +1,68 @@
+#cloud-config
+merge_how: dict(recurse_array)+list(append)
+bootcmd:
+  - mkdir -p /etc/salt/minion.d
+  - mkdir -p /srv/salt-overlay/pillar
+write_files:
+  - path: /etc/salt/minion.d/log-level-debug.conf
+    content: |
+      log_level: warning
+      log_level_logfile: warning
+  - path: /etc/salt/minion.d/grains.conf
+    content: |
+      grains:
+        node_ip: $MASTER_IP
+        cbr-cidr: $MASTER_IP_RANGE
+        publicAddressOverride: $MASTER_IP
+        network_mode: openvswitch
+        networkInterfaceName: eth0
+        api_servers: $MASTER_IP
+        kubelet_kubeconfig: /srv/salt-overlay/salt/kubelet/kubeconfig
+        cloud: openstack
+        cloud_config: /srv/kubernetes/openstack.conf
+        roles:
+          - $role
+        runtime_config: ""
+        docker_opts: "--bridge=cbr0 --iptables=false --ip-masq=false"
+        master_extra_sans: "DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local,DNS:kubernetes-master"
+        keep_host_etcd: true
+        kube_user: $KUBE_USER
+  - path: /srv/kubernetes/openstack.conf
+    content: |
+      [Global]
+      auth-url=$OS_AUTH_URL
+      username=$OS_USERNAME
+      password=$OS_PASSWORD
+      region=$OS_REGION_NAME
+      tenant-name=$OS_TENANT_NAME
+      domain-name=$OS_USER_DOMAIN_NAME
+      [LoadBalancer]
+      lb-version=$LBAAS_VERSION
+      subnet-id=$SUBNET_ID
+      floating-network-id=$FLOATING_NETWORK_ID
+      [Route]
+      router-id=$router_id
+  - path: /srv/salt-overlay/pillar/cluster-params.sls
+    content: |
+      allocate_node_cidrs: "true"
+      service_cluster_ip_range: 10.246.0.0/16
+      cert_ip: 10.246.0.1
+      enable_cluster_monitoring: influxdb
+      enable_cluster_logging: "true"
+      enable_cluster_ui: "true"
+      enable_node_logging: "true"
+      logging_destination: elasticsearch
+      elasticsearch_replicas: "1"
+      enable_cluster_dns: "true"
+      dns_server: 10.246.0.10
+      dns_domain: cluster.local
+      enable_dns_horizontal_autoscaler: "false"
+      instance_prefix: kubernetes
+      admission_control: Initializers,NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,ResourceQuota
+      enable_cpu_cfs_quota: "true"
+      network_provider: none
+      cluster_cidr: "$cluster_cidr"
+      opencontrail_tag: R2.20
+      opencontrail_kubernetes_tag: master
+      opencontrail_public_subnet: 10.1.0.0/16
+      e2e_storage_test_environment: "false"

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/deploy-kube-auth-files-master.yaml

@@ -0,0 +1,44 @@
+#cloud-config
+merge_how: dict(recurse_array)+list(append)
+bootcmd:
+  - mkdir -p /srv/salt-overlay/salt/kube-apiserver
+  - mkdir -p /srv/salt-overlay/salt/kubelet
+write_files:
+  - path: /srv/salt-overlay/salt/kube-apiserver/basic_auth.csv
+    permissions: "0600"
+    content: |
+      $apiserver_password,$apiserver_user,admin
+  - path: /srv/salt-overlay/salt/kube-apiserver/known_tokens.csv
+    permissions: "0600"
+    content: |
+      $token_kubelet,kubelet,kubelet
+      $token_kube_proxy,kube_proxy,kube_proxy
+      TokenSystemScheduler,system:scheduler,system:scheduler
+      TokenSystemControllerManager,system:controller_manager,system:controller_manager
+      TokenSystemLogging,system:logging,system:logging
+      TokenSystemMonitoring,system:monitoring,system:monitoring
+      TokenSystemDns,system:dns,system:dns
+  - path: /srv/salt-overlay/salt/kubelet/kubernetes_auth
+    permissions: "0600"
+    content: |
+      {"BearerToken": "$token_kubelet", "Insecure": true }
+  - path: /srv/salt-overlay/salt/kubelet/kubeconfig
+    permissions: "0600"
+    content: |
+      apiVersion: v1
+      kind: Config
+      users:
+        - name: kubelet
+          user:
+            token: $token_kubelet
+      clusters:
+        - name: local
+          cluster:
+            server: https://$MASTER_IP
+            insecure-skip-tls-verify: true
+      contexts:
+        - context:
+            cluster: local
+            user: kubelet
+          name: service-account-context
+      current-context: service-account-context

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/deploy-kube-auth-files-node.yaml

@@ -0,0 +1,45 @@
+#cloud-config
+merge_how: dict(recurse_array)+list(append)
+bootcmd:
+  - mkdir -p /srv/salt-overlay/salt/kubelet
+  - mkdir -p /srv/salt-overlay/salt/kube-proxy
+write_files:
+  - path: /srv/salt-overlay/salt/kubelet/kubeconfig
+    permissions: "0600"
+    content: |
+      apiVersion: v1
+      kind: Config
+      users:
+        - name: kubelet
+          user:
+            token: $token_kubelet
+      clusters:
+        - name: local
+          cluster:
+            server: https://$MASTER_IP
+            insecure-skip-tls-verify: true
+      contexts:
+        - context:
+            cluster: local
+            user: kubelet
+          name: service-account-context
+      current-context: service-account-context
+  - path: /srv/salt-overlay/salt/kube-proxy/kubeconfig
+    permissions: "0600"
+    content: |
+      apiVersion: v1
+      kind: Config
+      users:
+        - name: kube-proxy
+          user:
+            token: $token_kube_proxy
+      clusters:
+        - name: local
+          cluster:
+            insecure-skip-tls-verify: true
+      contexts:
+        - context:
+            cluster: local
+            user: kube-proxy
+          name: service-account-context
+      current-context: service-account-context

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/hostname-hack.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Workaround for this, which has been fixed but not widely distributed: https://bugs.launchpad.net/cloud-init/+bug/1246485
+# See also http://blog.oddbit.com/2014/12/10/cloudinit-and-the-case-of-the-changing-hostname/
+hostname > /etc/hostname

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/hostname-hack.yaml

@@ -0,0 +1,9 @@
+#cloud-config
+merge_how: dict(recurse_array)+list(append)
+
+write_files:
+  - path: /etc/cloud/cloud.cfg.d/99_hostname.cfg
+    owner: "root:root"
+    permissions: "0644"
+    content: |
+      preserve_hostname: true

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/kube-user.yaml

@@ -0,0 +1,10 @@
+#cloud-config
+system_info:
+  default_user:
+    name: minion
+    lock_passwd: true
+    gecos: Kubernetes Interactive User
+    groups: [wheel, adm, systemd-journal]
+    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+    shell: /bin/bash
+

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/provision-network-master.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+. /etc/sysconfig/heat-params
+
+# nothing to do

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/provision-network-node.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Kubernetes node shoud be able to resolve its hostname.
+# In some cloud providers, myhostname is not enabled by default.
+grep '^hosts:.*myhostname' /etc/nsswitch.conf || (
+  sed -e 's/^hosts:\(.*\)/hosts:\1 myhostname/' -i /etc/nsswitch.conf
+)

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/run-salt.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+. /etc/sysconfig/heat-params
+
+#Reads in profile, need to relax restrictions for some OSes.
+set +o nounset
+. /etc/profile
+set -o nounset
+
+rm -rf /kube-install
+mkdir -p /kube-install
+cd /kube-install
+
+curl "${KUBERNETES_SERVER_URL}" -o kubernetes-server.tar.gz
+curl "${KUBERNETES_SALT_URL}" -o kubernetes-salt.tar.gz
+
+tar xzf kubernetes-salt.tar.gz
+./kubernetes/saltbase/install.sh kubernetes-server.tar.gz
+
+if ! which salt-call >/dev/null 2>&1; then
+  echo "+++ Install salt binaries from https://bootstrap.saltstack.com"
+  # Install salt binaries but do not start daemon after installation
+  curl -sS -L --connect-timeout 20 --retry 6 --retry-delay 10 https://bootstrap.saltstack.com | sh -s -- "-X"
+fi
+
+# Salt server runs at locahost
+echo "127.0.0.1 salt" >> /etc/hosts
+
+echo "+++ run salt-call and finalize installation"
+# Run salt-call
+# salt-call wants to start docker daemon but is unable to.
+# See <https://github.com/projectatomic/docker-storage-setup/issues/77>.
+# Run salt-call in background and make cloud-final finished.
+# Salt-call might be unstable in some environments, execute it twice.
+salt-call --local state.highstate && salt-call --local state.highstate && $$wc_notify --data-binary '{"status": "SUCCESS"}' || $$wc_notify --data-binary '{"status": "FAILURE"}' &

vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/fragments/write-heat-params.yaml

@@ -0,0 +1,11 @@
+#cloud-config
+merge_how: dict(recurse_array)+list(append)
+write_files:
+  - path: /etc/sysconfig/heat-params
+    owner: "root:root"
+    permissions: "0644"
+    content: |
+      KUBERNETES_SERVER_URL="$KUBERNETES_SERVER_URL"
+      KUBERNETES_SALT_URL="$KUBERNETES_SALT_URL"
+      MASTER_IP=$MASTER_IP
+      CONTAINER_SUBNET=10.246.0.0/16