Skip to content
This repository has been archived by the owner on Sep 30, 2020. It is now read-only.

Commit

Permalink
Merge pull request #217 from HotelsDotCom/bash-improvements
Browse files Browse the repository at this point in the history 
Bash improvements
  • Loading branch information
@mumoshu
mumoshu authored Jan 12, 2017
2 parents 7a8d466 + 5a63386 commit 2f60703
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 75 deletions.
69 changes: 32 additions & 37 deletions config/templates/cloud-config-controller
View file
Original file line number Diff line number Diff line change
Expand Up @@ -367,25 +367,23 @@ write_files:
owner: root:root
content: |
#!/bin/bash -e
/usr/bin/curl -H "Content-Type: application/yaml" -XPOST \
-d"$(cat /srv/kubernetes/manifests/kube-dns-de.yaml)" \
"http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments"

/usr/bin/curl -H "Content-Type: application/yaml" -XPOST \
-d"$(cat /srv/kubernetes/manifests/kube-dns-autoscaler-de.yaml)" \
"http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments"
post_yaml() {
/usr/bin/curl -H "Content-Type: application/yaml" -XPOST \
--data-binary "$1" "$2"
}

/usr/bin/curl -H "Content-Type: application/yaml" -XPOST \
-d"$(cat /srv/kubernetes/manifests/kube-dashboard-rc.yaml)" \
"http://127.0.0.1:8080/api/v1/namespaces/kube-system/replicationcontrollers"
mfdir=/srv/kubernetes/manifests
for manifest in $mfdir/{kube-dns-de,kube-dns-autoscaler-de,heapster-de}.yaml;do
post_yaml "@$mfdir/$manifest" \
"http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments"
done

/usr/bin/curl -H "Content-Type: application/yaml" -XPOST \
-d"$(cat /srv/kubernetes/manifests/heapster-de.yaml)" \
"http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments"
post_yaml "@$mfdir/kube-dashboard-rc.yaml" \
"http://127.0.0.1:8080/api/v1/namespaces/kube-system/replicationcontrollers"

for manifest in {kube-dns,heapster,kube-dashboard}-svc.yaml;do
/usr/bin/curl -H "Content-Type: application/yaml" -XPOST \
-d"$(cat /srv/kubernetes/manifests/$manifest)" \
post_yaml "@$mfdir/$manifest" \
"http://127.0.0.1:8080/api/v1/namespaces/kube-system/services"
done

Expand Down Expand Up @@ -415,7 +413,7 @@ write_files:
owner: root:root
content: |
#!/bin/bash -e
/usr/bin/curl -H "Content-Type: application/json" -XPOST -d @"/srv/kubernetes/manifests/calico-system.json" "http://127.0.0.1:8080/api/v1/namespaces"
/usr/bin/curl -H "Content-Type: application/json" -XPOST --data-binary @"/srv/kubernetes/manifests/calico-system.json" "http://127.0.0.1:8080/api/v1/namespaces"

/usr/bin/cp /srv/kubernetes/manifests/calico-policy-controller.yaml /etc/kubernetes/manifests
{{ end }}
Expand All @@ -426,34 +424,31 @@ write_files:
content: |
#!/bin/bash -e

sudo rkt run \
rkt run \
--volume=ssl,kind=host,source=/etc/kubernetes/ssl,readOnly=false \
--mount=volume=ssl,target=/etc/kubernetes/ssl \
--uuid-file-save=/var/run/coreos/decrypt-tls-assets.uuid \
--volume=dns,kind=host,source=/etc/resolv.conf,readOnly=true --mount volume=dns,target=/etc/resolv.conf \
--net=host \
--trust-keys-from-https \
{{.AWSCliImageRepo}}:{{.AWSCliTag}} --exec=/bin/bash -- \
-c \
'echo decrypting tls assets; \
for encKey in $(find /etc/kubernetes/ssl/*.pem.enc); do \
echo decrypting $encKey to $encKey.b64; \
-ec \
'echo decrypting tls assets
shopt -s nullglob
for encKey in /etc/kubernetes/ssl/*.pem.enc; do
echo decrypting $encKey
f=$(mktemp $encKey.XXXXXXXX)
/usr/bin/aws \
--region {{.Region}} kms decrypt \
--ciphertext-blob fileb://$encKey \
--output text \
--query Plaintext \
> $encKey.b64; \
done; \
| base64 -d > $f
mv -f $f ${encKey%.enc}
done;
echo done.'

sudo rkt rm --uuid-file=/var/run/coreos/decrypt-tls-assets.uuid

echo base64 decoding decrypted tls assets
for encKey in $(find /etc/kubernetes/ssl/*.pem.enc);do
base64 --decode < $encKey.b64 > ${encKey%.enc}
done
echo done.
rkt rm --uuid-file=/var/run/coreos/decrypt-tls-assets.uuid || :

- path: /opt/bin/taint-and-uncordon
owner: root:root
Expand All @@ -468,14 +463,14 @@ write_files:
-v /etc/resolv.conf:/etc/resolv.conf \
{{.HyperkubeImageRepo}}:{{.K8sVer}} /bin/bash \
-vxec \
'echo "tainting this node."; \
hostname="'${hostname}'"; \
kubectl="/kubectl --server=http://127.0.0.1:8080"; \
taint="$kubectl taint node --overwrite"; \
$taint "$hostname" "node.alpha.kubernetes.io/role=master:NoSchedule"; \
echo "done."; \
echo "uncordoning this node."; \
$kubectl uncordon "$hostname"; \
'echo "tainting this node."
hostname="'${hostname}'"
kubectl="/kubectl --server=http://127.0.0.1:8080"
taint="$kubectl taint node --overwrite"
$taint "$hostname" "node.alpha.kubernetes.io/role=master:NoSchedule"
echo "done."
echo "uncordoning this node."
$kubectl uncordon "$hostname"
echo "done."'

- path: /etc/kubernetes/manifests/kube-proxy.yaml
Expand Down
73 changes: 35 additions & 38 deletions config/templates/cloud-config-worker
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,34 +442,31 @@ write_files:
content: |
#!/bin/bash -e

sudo rkt run \
rkt run \
--volume=ssl,kind=host,source=/etc/kubernetes/ssl,readOnly=false \
--mount=volume=ssl,target=/etc/kubernetes/ssl \
--uuid-file-save=/var/run/coreos/decrypt-tls-assets.uuid \
--volume=dns,kind=host,source=/etc/resolv.conf,readOnly=true --mount volume=dns,target=/etc/resolv.conf \
--net=host \
--trust-keys-from-https \
{{.AWSCliImageRepo}}:{{.AWSCliTag}} --exec=/bin/bash -- \
-c \
'echo decrypting tls assets; \
for encKey in $(find /etc/kubernetes/ssl/*.pem.enc); do \
echo decrypting $encKey to $encKey.b64; \
-ec \
'echo decrypting tls assets
shopt -s nullglob
for encKey in /etc/kubernetes/ssl/*.pem.enc; do
echo decrypting $encKey
f=$(mktemp $encKey.XXXXXXXX)
/usr/bin/aws \
--region {{.Region}} kms decrypt \
--ciphertext-blob fileb://$encKey \
--output text \
--query Plaintext \
> $encKey.b64; \
done; \
| base64 -d > $f
mv -f $f ${encKey%.enc}
done;
echo done.'

sudo rkt rm --uuid-file=/var/run/coreos/decrypt-tls-assets.uuid

echo base64 decoding decrypted tls assets
for encKey in $(find /etc/kubernetes/ssl/*.pem.enc);do
base64 --decode < $encKey.b64 > ${encKey%.enc}
done
echo done.
rkt rm --uuid-file=/var/run/coreos/decrypt-tls-assets.uuid || :

{{if .Worker.SpotFleet.Enabled}}
- path: /opt/bin/tag-spot-instance
Expand All @@ -489,13 +486,13 @@ write_files:
--trust-keys-from-https \
--insecure-options=ondisk \
{{.AWSCliImageRepo}}:{{.AWSCliTag}} --exec=/bin/bash -- \
-vxc \
'echo tagging this spot instance; \
instance_id="'$instance_id'"; \
-vxec \
'echo tagging this spot instance
instance_id="'$instance_id'"
/usr/bin/aws \
--region {{.Region}} ec2 create-tags \
--resource $instance_id \
--tags '"'"'Key=KubernetesCluster,Value="{{.ClusterName}}"'"'"' '"'"'Key=Name,Value="{{.StackName}}-kube-aws-worker"'"'"' '"'"'Key="kube-aws:node-pool:name",Value="{{.NodePoolName}}"'"'"'; \
--tags '"'"'Key=KubernetesCluster,Value="{{.ClusterName}}"'"'"' '"'"'Key=Name,Value="{{.StackName}}-kube-aws-worker"'"'"' '"'"'Key="kube-aws:node-pool:name",Value="{{.NodePoolName}}"'"'"'
echo done.'

sudo rkt rm --uuid-file=/var/run/coreos/tag-spot-instance.uuid
Expand All @@ -517,15 +514,15 @@ write_files:
--trust-keys-from-https \
--insecure-options=ondisk \
{{.AWSCliImageRepo}}:{{.AWSCliTag}} --exec=/bin/bash -- \
-vxc \
'echo adding this spot instance to load balancers; \
instance_id="'$instance_id'"; \
lbs=({{range $i, $lb := .Experimental.LoadBalancer.Names}}"{{$lb}}" {{end}}); \
add_to_lb="/usr/bin/aws --region {{.Region}} elb register-instances-with-load-balancer --instances $instance_id --load-balancer-name"; \
for lb in ${lbs[@]}; do \
echo "$lb"; \
$add_to_lb "$lb"; \
done; \
-vxec \
'echo adding this spot instance to load balancers
instance_id="'$instance_id'"
lbs=({{range $i, $lb := .Experimental.LoadBalancer.Names}}"{{$lb}}" {{end}})
add_to_lb="/usr/bin/aws --region {{.Region}} elb register-instances-with-load-balancer --instances $instance_id --load-balancer-name"
for lb in ${lbs[@]}; do
echo "$lb"
$add_to_lb "$lb"
done
echo done.'

sudo rkt rm --uuid-file=/var/run/coreos/add-to-load-balancers.uuid
Expand All @@ -545,17 +542,17 @@ write_files:
-v /etc/resolv.conf:/etc/resolv.conf \
{{.HyperkubeImageRepo}}:{{.K8sVer}} /bin/bash \
-vxec \
'echo "tainting this node."; \
hostname="'${hostname}'"; \
taints=({{range $i, $taint := .Experimental.Taints}}"{{$taint.String}}" {{end}}); \
kubectl="/kubectl --server=https://{{.ExternalDNSName}}:443 --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml"; \
taint="$kubectl taint node --overwrite"; \
for t in ${taints[@]}; do \
$taint "$hostname" "$t"; \
done; \
echo "done."; \
echo "uncordoning this node."; \
$kubectl uncordon $hostname;\
'echo "tainting this node."
hostname="'${hostname}'"
taints=({{range $i, $taint := .Experimental.Taints}}"{{$taint.String}}" {{end}})
kubectl="/kubectl --server=https://{{.ExternalDNSName}}:443 --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml"
taint="$kubectl taint node --overwrite"
for t in ${taints[@]}; do
$taint "$hostname" "$t"
done
echo "done."
echo "uncordoning this node."
$kubectl uncordon $hostname
echo "done."'

- path: /etc/kubernetes/manifests/kube-proxy.yaml
Expand Down

0 comments on commit 2f60703

Please sign in to comment.