From f05c9a6a93fbed59495a3fb0ed61de1ce00ce5a0 Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Wed, 8 Jul 2020 07:52:49 +0530 Subject: [PATCH] ci: fix psp issue in minikube latest version With minikube versions greater than 1.6.2 and less than 1.11.1, the YAML files minikube path will not be automatically applied to the cluster. we will get errors during bootstrap of the cluster if the admission controller is enabled. To use Pod Security Policies with these versions of minikube, first start a cluster without the `PodSecurityPolicy` admission controller enabled. Next, apply the psp yaml. and stop the cluster and then restart it with the admission controller enabled. ``` minikube start kubectl apply -f /path/to/psp.yaml minikube stop minikube start --extra-config=apiserver.enable-admission-plugins=PodSecurityPolicy ``` Signed-off-by: Madhu Rajanna --- scripts/minikube.sh | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) diff --git a/scripts/minikube.sh b/scripts/minikube.sh index 37664ed1f..d35c8b458 100755 --- a/scripts/minikube.sh +++ b/scripts/minikube.sh @@ -28,6 +28,14 @@ function copy_image_to_cluster() { docker save "${build_image}" | (eval "$(minikube docker-env --shell bash)" && docker load && docker tag "${build_image}" "${final_image}") } +# parse the minikube version, return the digit passed as argument +# v1.11.0 -> minikube_version 1 -> 1 +# v1.11.0 -> minikube_version 2 -> 11 +# v1.11.0 -> minikube_version 3 -> 0 +minikube_version() { + echo "${MINIKUBE_VERSION}" | sed 's/^v//' | cut -d'.' -f"${1}" +} + # install minikube function install_minikube() { if type minikube >/dev/null 2>&1; then @@ -95,6 +103,19 @@ EXTRA_CONFIG="${EXTRA_CONFIG} --extra-config=kubelet.resolv-conf=${RESOLV_CONF}" #extra Rook configuration ROOK_BLOCK_POOL_NAME=${ROOK_BLOCK_POOL_NAME:-"newrbdpool"} +function minikube_supports_psp() { + local MINIKUBE_MAJOR + local MINIKUBE_MINOR + local MINIKUBE_PATCH + MINIKUBE_MAJOR=$(minikube_version 1) + MINIKUBE_MINOR=$(minikube_version 2) + MINIKUBE_PATCH=$(minikube_version 3) + if [[ "${MINIKUBE_MAJOR}" -ge 1 ]] && [[ "${MINIKUBE_MINOR}" -ge 11 ]] && [[ "${MINIKUBE_PATCH}" -ge 1 ]] || [[ "${MINIKUBE_MAJOR}" -ge 1 ]] && [[ "${MINIKUBE_MINOR}" -ge 12 ]]; then + return 1 + fi + return 0 +} + case "${1:-}" in up) install_minikube @@ -104,11 +125,21 @@ up) install_kubectl fi - enable_psp - echo "starting minikube with kubeadm bootstrapper" - # shellcheck disable=SC2086 - minikube start --memory="${MEMORY}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --vm-driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" ${EXTRA_CONFIG} + if minikube_supports_psp; then + enable_psp + # shellcheck disable=SC2086 + minikube start --memory="${MEMORY}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --vm-driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" ${EXTRA_CONFIG} + else + # This is a workaround to fix psp issues in minikube >1.6.2 and <1.11.0 + # shellcheck disable=SC2086 + minikube start --memory="${MEMORY}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --vm-driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" + DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" + kubectl apply -f "$DIR"/psp.yaml + minikube stop + # shellcheck disable=SC2086 + minikube start --memory="${MEMORY}" -b kubeadm --kubernetes-version="${KUBE_VERSION}" --vm-driver="${VM_DRIVER}" --feature-gates="${K8S_FEATURE_GATES}" ${EXTRA_CONFIG} + fi # create a link so the default dataDirHostPath will work for this # environment