diff --git a/cloud/google/machineactuator.go b/cloud/google/machineactuator.go index a75a0a8f8609..60f8df6d4122 100644 --- a/cloud/google/machineactuator.go +++ b/cloud/google/machineactuator.go @@ -40,13 +40,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" + "sigs.k8s.io/cluster-api/cloud/google/clients" gceconfig "sigs.k8s.io/cluster-api/cloud/google/gceproviderconfig" gceconfigv1 "sigs.k8s.io/cluster-api/cloud/google/gceproviderconfig/v1alpha1" "sigs.k8s.io/cluster-api/cloud/google/machinesetup" apierrors "sigs.k8s.io/cluster-api/errors" clusterv1 "sigs.k8s.io/cluster-api/pkg/apis/cluster/v1alpha1" client "sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset/typed/cluster/v1alpha1" - "sigs.k8s.io/cluster-api/cloud/google/clients" "sigs.k8s.io/cluster-api/util" ) @@ -78,12 +78,12 @@ type GCEClientComputeService interface { type GCEClient struct { computeService GCEClientComputeService - scheme *runtime.Scheme - codecFactory *serializer.CodecFactory - kubeadmToken string - sshCreds SshCreds - machineClient client.MachineInterface - configWatch *machinesetup.ConfigWatch + scheme *runtime.Scheme + codecFactory *serializer.CodecFactory + kubeadmToken string + sshCreds SshCreds + machineClient client.MachineInterface + configWatch *machinesetup.ConfigWatch } const ( @@ -267,9 +267,22 @@ func (gce *GCEClient) Create(cluster *clusterv1.Cluster, machine *clusterv1.Mach labels[BootstrapLabelKey] = "true" } + // The service account is needed for the Kubernetes GCE cloud provider code. It is needed on the master VM. + serviceAccounts := []*compute.ServiceAccount{nil} + if util.IsMaster(machine) { + serviceAccounts = append(serviceAccounts, + &compute.ServiceAccount{ + Email: "default", + Scopes: []string{ + "https://www.googleapis.com/auth/cloud-platform", + }, + }) + } + op, err := gce.computeService.InstancesInsert(project, zone, &compute.Instance{ - Name: name, - MachineType: fmt.Sprintf("zones/%s/machineTypes/%s", zone, config.MachineType), + Name: name, + MachineType: fmt.Sprintf("zones/%s/machineTypes/%s", zone, config.MachineType), + CanIpForward: true, NetworkInterfaces: []*compute.NetworkInterface{ { Network: "global/networks/default", @@ -297,7 +310,8 @@ func (gce *GCEClient) Create(cluster *clusterv1.Cluster, machine *clusterv1.Mach Tags: &compute.Tags{ Items: []string{"https-server"}, }, - Labels: labels, + Labels: labels, + ServiceAccounts: serviceAccounts, }) if err == nil { diff --git a/gcp-deployer/machine_setup_configs.yaml b/gcp-deployer/machine_setup_configs.yaml index cbdcd98540b1..92e5d05073bd 100644 --- a/gcp-deployer/machine_setup_configs.yaml +++ b/gcp-deployer/machine_setup_configs.yaml @@ -1,160 +1,4 @@ items: -- machineParams: - - os: ubuntu-1710-weave - roles: - - Node - versions: - kubelet: 1.9.4 - containerRuntime: - name: docker - version: 1.12.0 - image: projects/ubuntu-os-cloud/global/images/family/ubuntu-1710 - metadata: - startupScript: | - set -e - set -x - ( - apt-get update - apt-get install -y apt-transport-https prips - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys F76221572C52609D - cat < /etc/apt/sources.list.d/k8s.list - deb [arch=amd64] https://apt.dockerproject.org/repo ubuntu-xenial main - EOF - apt-get update - apt-get install -y docker-engine=1.12.0-0~xenial - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - - cat < /etc/apt/sources.list.d/kubernetes.list - deb http://apt.kubernetes.io/ kubernetes-xenial main - EOF - apt-get update - # Our Debian packages have versions like "1.8.0-00" or "1.8.0-01". Do a prefix - # search based on our SemVer to find the right (newest) package version. - function getversion() { - name=$1 - prefix=$2 - version=$(apt-cache madison $name | awk '{ print $3 }' | grep ^$prefix | head -n1) - if [[ -z "$version" ]]; then - echo Can\'t find package $name with prefix $prefix - exit 1 - fi - echo $version - } - KUBELET=$(getversion kubelet ${KUBELET_VERSION}-) - KUBEADM=$(getversion kubeadm ${KUBELET_VERSION}-) - KUBECTL=$(getversion kubectl ${KUBELET_VERSION}-) - apt-get install -y kubelet=${KUBELET} kubeadm=${KUBEADM} kubectl=${KUBECTL} - systemctl enable docker || true - systemctl start docker || true - # kubeadm uses 10th IP as DNS server - CLUSTER_DNS_SERVER=$(prips ${SERVICE_CIDR} | head -n 11 | tail -n 1) - # Override Kubelet DNS args. - cat > /etc/systemd/system/kubelet.service.d/20-kubenet.conf <&1 | tee /var/log/startup.log -- machineParams: - - os: ubuntu-1710-weave - roles: - - Master - versions: - kubelet: 1.9.4 - controlPlane: 1.9.4 - containerRuntime: - name: docker - version: 1.12.0 - image: projects/ubuntu-os-cloud/global/images/family/ubuntu-1710 - metadata: - startupScript: | - set -e - set -x - ( - ARCH=amd64 - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - - touch /etc/apt/sources.list.d/kubernetes.list - sh -c 'echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list' - apt-get update -y - apt-get install -y \ - socat \ - ebtables \ - docker.io \ - apt-transport-https \ - cloud-utils \ - prips - curl -sSL https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCH}/kubeadm > /usr/bin/kubeadm.dl - chmod a+rx /usr/bin/kubeadm.dl - # kubeadm uses 10th IP as DNS server - CLUSTER_DNS_SERVER=$(prips ${SERVICE_CIDR} | head -n 11 | tail -n 1) - # Our Debian packages have versions like "1.8.0-00" or "1.8.0-01". Do a prefix - # search based on our SemVer to find the right (newest) package version. - function getversion() { - name=$1 - prefix=$2 - version=$(apt-cache madison $name | awk '{ print $3 }' | grep ^$prefix | head -n1) - if [[ -z "$version" ]]; then - echo Can\'t find package $name with prefix $prefix - exit 1 - fi - echo $version - } - KUBELET=$(getversion kubelet ${KUBELET_VERSION}-) - KUBEADM=$(getversion kubeadm ${KUBELET_VERSION}-) - apt-get install -y \ - kubelet=${KUBELET} \ - kubeadm=${KUBEADM} - mv /usr/bin/kubeadm.dl /usr/bin/kubeadm - chmod a+rx /usr/bin/kubeadm - systemctl enable docker - systemctl start docker - # Override Kubelet DNS args. - cat > /etc/systemd/system/kubelet.service.d/20-kubenet.conf < /tmp/.ip - PUBLICIP=`curl --retry 5 -sfH "Metadata-Flavor: Google" "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip"` - # Set up kubeadm config file to pass parameters to kubeadm init. - cat > /etc/kubernetes/kubeadm_config.yaml <&1 | tee /var/log/startup.log -# These configs currently don't work - they need service accounts. - machineParams: - os: ubuntu-1604-lts roles: @@ -179,10 +23,23 @@ items: apt-get install -y \ socat \ ebtables \ - docker.io \ apt-transport-https \ cloud-utils \ prips + + function install_configure_docker () { + # prevent docker from auto-starting + echo "exit 101" > /usr/sbin/policy-rc.d + chmod +x /usr/sbin/policy-rc.d + trap "rm /usr/sbin/policy-rc.d" RETURN + apt-get install -y docker.io + echo 'DOCKER_OPTS="--iptables=false --ip-masq=false"' > /etc/default/docker + systemctl daemon-reload + systemctl enable docker + systemctl start docker + } + install_configure_docker + curl -sSL https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCH}/kubeadm > /usr/bin/kubeadm.dl chmod a+rx /usr/bin/kubeadm.dl # kubeadm uses 10th IP as DNS server @@ -206,12 +63,11 @@ items: kubeadm=${KUBEADM} mv /usr/bin/kubeadm.dl /usr/bin/kubeadm chmod a+rx /usr/bin/kubeadm - systemctl enable docker - systemctl start docker + # Override network args to use kubenet instead of cni, and override Kubelet DNS args. cat > /etc/systemd/system/kubelet.service.d/20-kubenet.conf < /tmp/.ip PUBLICIP=`curl --retry 5 -sfH "Metadata-Flavor: Google" "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip"` + # Set up the GCE cloud config, which gets picked up by kubeadm init since cloudProvider is set to GCE. cat > /etc/kubernetes/cloud-config < /etc/kubernetes/kubeadm_config.yaml <&1 | tee /var/log/startup.log - machineParams: - os: ubuntu-1604-lts @@ -277,7 +140,20 @@ items: deb [arch=amd64] https://apt.dockerproject.org/repo ubuntu-xenial main EOF apt-get update - apt-get install -y docker-engine=1.12.0-0~xenial + + function install_configure_docker () { + # prevent docker from auto-starting + echo "exit 101" > /usr/sbin/policy-rc.d + chmod +x /usr/sbin/policy-rc.d + trap "rm /usr/sbin/policy-rc.d" RETURN + apt-get install -y docker-engine=1.12.0-0~xenial + echo 'DOCKER_OPTS="--iptables=false --ip-masq=false"' > /etc/default/docker + systemctl daemon-reload + systemctl enable docker + systemctl start docker + } + install_configure_docker + curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - cat < /etc/apt/sources.list.d/kubernetes.list deb http://apt.kubernetes.io/ kubernetes-xenial main @@ -299,14 +175,12 @@ items: KUBEADM=$(getversion kubeadm ${KUBELET_VERSION}-) KUBECTL=$(getversion kubectl ${KUBELET_VERSION}-) apt-get install -y kubelet=${KUBELET} kubeadm=${KUBEADM} kubectl=${KUBECTL} - systemctl enable docker || true - systemctl start docker || true # kubeadm uses 10th IP as DNS server CLUSTER_DNS_SERVER=$(prips ${SERVICE_CIDR} | head -n 11 | tail -n 1) # Override network args to use kubenet instead of cni, and override Kubelet DNS args. cat > /etc/systemd/system/kubelet.service.d/20-kubenet.conf <