// Generate the IP failover monitor (keepalived) container configuration.
func generateFailoverMonitorContainerConfig(name string, options *ipfailover.IPFailoverConfigCmdOptions, env app.Environment) *kapi.Container {
containerName := fmt.Sprintf("%s-%s", name, options.Type)
imageName := fmt.Sprintf("%s-%s", options.Type, ipfailover.DefaultName)
image := options.ImageTemplate.ExpandOrDie(imageName)
// Container port to expose the service interconnects between keepaliveds.
ports := make([]kapi.ContainerPort, 1)
ports[0] = kapi.ContainerPort{
ContainerPort: options.ServicePort,
HostPort: options.ServicePort,
}
mounts := make([]kapi.VolumeMount, 1)
mounts[0] = kapi.VolumeMount{
Name: libModulesVolumeName,
ReadOnly: true,
MountPath: libModulesPath,
}
privileged := true
return &kapi.Container{
Name: containerName,
Image: image,
Ports: ports,
SecurityContext: &kapi.SecurityContext{
Privileged: &privileged,
},
ImagePullPolicy: kapi.PullIfNotPresent,
VolumeMounts: mounts,
Env: env.List(),
}
}
// buildTemplates converts a set of resolved, valid references into references to template objects.
func (c *AppConfig) buildTemplates(components app.ComponentReferences, environment app.Environment) ([]runtime.Object, error) {
objects := []runtime.Object{}
for _, ref := range components {
if !ref.Input().Match.IsTemplate() {
continue
}
tpl := ref.Input().Match.Template
glog.V(4).Infof("processing template %s/%s", c.originNamespace, tpl.Name)
for _, env := range environment.List() {
// only set environment values that match what's expected by the template.
if v := template.GetParameterByName(tpl, env.Name); v != nil {
v.Value = env.Value
v.Generate = ""
template.AddParameter(tpl, *v)
} else {
return nil, fmt.Errorf("unexpected parameter name %q", env.Name)
}
}
result, err := c.osclient.TemplateConfigs(c.originNamespace).Create(tpl)
if err != nil {
return nil, fmt.Errorf("error processing template %s/%s: %v", c.originNamespace, tpl.Name, err)
}
errs := runtime.DecodeList(result.Objects, kapi.Scheme)
if len(errs) > 0 {
err = errors.NewAggregate(errs)
return nil, fmt.Errorf("error processing template %s/%s: %v", c.originNamespace, tpl.Name, errs)
}
objects = append(objects, result.Objects...)
}
return objects, nil
}
// RunCmdRouter contains all the necessary functionality for the OpenShift cli router command
func RunCmdRouter(f *clientcmd.Factory, cmd *cobra.Command, out io.Writer, cfg *RouterConfig, args []string) error {
var name string
switch len(args) {
case 0:
name = "router"
case 1:
name = args[0]
default:
return cmdutil.UsageError(cmd, "You may pass zero or one arguments to provide a name for the router")
}
if len(cfg.StatsUsername) > 0 {
if strings.Contains(cfg.StatsUsername, ":") {
return cmdutil.UsageError(cmd, "username %s must not contain ':'", cfg.StatsUsername)
}
}
ports, err := app.ContainerPortsFromString(cfg.Ports)
if err != nil {
glog.Fatal(err)
}
if cfg.StatsPort > 0 {
ports = append(ports, kapi.ContainerPort{
Name: "stats",
HostPort: cfg.StatsPort,
ContainerPort: cfg.StatsPort,
Protocol: kapi.ProtocolTCP,
})
}
label := map[string]string{"router": name}
if cfg.Labels != defaultLabel {
valid, remove, err := app.LabelsFromSpec(strings.Split(cfg.Labels, ","))
if err != nil {
glog.Fatal(err)
}
if len(remove) > 0 {
return cmdutil.UsageError(cmd, "You may not pass negative labels in %q", cfg.Labels)
}
label = valid
}
nodeSelector := map[string]string{}
if len(cfg.Selector) > 0 {
valid, remove, err := app.LabelsFromSpec(strings.Split(cfg.Selector, ","))
if err != nil {
glog.Fatal(err)
}
if len(remove) > 0 {
return cmdutil.UsageError(cmd, "You may not pass negative labels in selector %q", cfg.Selector)
}
nodeSelector = valid
}
image := cfg.ImageTemplate.ExpandOrDie(cfg.Type)
namespace, err := f.OpenShiftClientConfig.Namespace()
if err != nil {
return fmt.Errorf("error getting client: %v", err)
}
_, kClient, err := f.Clients()
if err != nil {
return fmt.Errorf("error getting client: %v", err)
}
p, output, err := cmdutil.PrinterForCommand(cmd)
if err != nil {
return fmt.Errorf("unable to configure printer: %v", err)
}
generate := output
if !generate {
_, err = kClient.Services(namespace).Get(name)
if err != nil {
if !errors.IsNotFound(err) {
return fmt.Errorf("can't check for existing router %q: %v", name, err)
}
generate = true
}
}
if generate {
if cfg.DryRun && !output {
return fmt.Errorf("router %q does not exist (no service)", name)
}
// create new router
if len(cfg.Credentials) == 0 {
return fmt.Errorf("router could not be created; you must specify a .kubeconfig file path containing credentials for connecting the router to the master with --credentials")
}
clientConfigLoadingRules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: cfg.Credentials, Precedence: []string{}}
credentials, err := clientConfigLoadingRules.Load()
if err != nil {
return fmt.Errorf("router could not be created; the provided credentials %q could not be loaded: %v", cfg.Credentials, err)
}
config, err := kclientcmd.NewDefaultClientConfig(*credentials, &kclientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return fmt.Errorf("router could not be created; the provided credentials %q could not be used: %v", cfg.Credentials, err)
}
if err := kclient.LoadTLSFiles(config); err != nil {
return fmt.Errorf("router could not be created; the provided credentials %q could not load certificate info: %v", cfg.Credentials, err)
}
insecure := "false"
if config.Insecure {
insecure = "true"
}
defaultCert, err := loadDefaultCert(cfg.DefaultCertificate)
if err != nil {
return fmt.Errorf("router could not be created; error reading default certificate file", err)
}
if len(cfg.StatsPassword) == 0 {
cfg.StatsPassword = generateStatsPassword()
fmt.Fprintf(out, "password for stats user %s has been set to %s\n", cfg.StatsUsername, cfg.StatsPassword)
}
env := app.Environment{
"OPENSHIFT_MASTER": config.Host,
"OPENSHIFT_CA_DATA": string(config.CAData),
"OPENSHIFT_KEY_DATA": string(config.KeyData),
"OPENSHIFT_CERT_DATA": string(config.CertData),
"OPENSHIFT_INSECURE": insecure,
"DEFAULT_CERTIFICATE": defaultCert,
"ROUTER_SERVICE_NAME": name,
"ROUTER_SERVICE_NAMESPACE": namespace,
"STATS_PORT": strconv.Itoa(cfg.StatsPort),
"STATS_USERNAME": cfg.StatsUsername,
"STATS_PASSWORD": cfg.StatsPassword,
}
objects := []runtime.Object{
&dapi.DeploymentConfig{
ObjectMeta: kapi.ObjectMeta{
Name: name,
Labels: label,
},
Triggers: []dapi.DeploymentTriggerPolicy{
{Type: dapi.DeploymentTriggerOnConfigChange},
},
Template: dapi.DeploymentTemplate{
ControllerTemplate: kapi.ReplicationControllerSpec{
Replicas: cfg.Replicas,
Selector: label,
Template: &kapi.PodTemplateSpec{
ObjectMeta: kapi.ObjectMeta{Labels: label},
Spec: kapi.PodSpec{
ServiceAccount: cfg.ServiceAccount,
NodeSelector: nodeSelector,
Containers: []kapi.Container{
{
Name: "router",
Image: image,
Ports: ports,
Env: env.List(),
LivenessProbe: &kapi.Probe{
Handler: kapi.Handler{
TCPSocket: &kapi.TCPSocketAction{
Port: kutil.IntOrString{
IntVal: ports[0].ContainerPort,
},
},
},
InitialDelaySeconds: 10,
},
ImagePullPolicy: kapi.PullIfNotPresent,
},
},
},
},
},
},
},
}
objects = app.AddServices(objects)
// TODO: label all created objects with the same label - router=<name>
list := &kapi.List{Items: objects}
if output {
if err := p.PrintObj(list, out); err != nil {
return fmt.Errorf("Unable to print object: %v", err)
}
return nil
}
mapper, typer := f.Factory.Object()
bulk := configcmd.Bulk{
Mapper: mapper,
Typer: typer,
RESTClientFactory: f.Factory.RESTClient,
After: configcmd.NewPrintNameOrErrorAfter(out, os.Stderr),
}
if errs := bulk.Create(list, namespace); len(errs) != 0 {
return errExit
}
return nil
}
fmt.Fprintf(out, "Router %q service exists\n", name)
return nil
}
// RunCmdRegistry contains all the necessary functionality for the OpenShift cli registry command
func RunCmdRegistry(f *clientcmd.Factory, cmd *cobra.Command, out io.Writer, cfg *RegistryConfig, args []string) error {
var name string
switch len(args) {
case 0:
name = "docker-registry"
default:
return cmdutil.UsageError(cmd, "No arguments are allowed to this command")
}
ports, err := app.ContainerPortsFromString(cfg.Ports)
if err != nil {
return err
}
label := map[string]string{
"docker-registry": "default",
}
if cfg.Labels != defaultLabel {
valid, remove, err := app.LabelsFromSpec(strings.Split(cfg.Labels, ","))
if err != nil {
return err
}
if len(remove) > 0 {
return cmdutil.UsageError(cmd, "You may not pass negative labels in %q", cfg.Labels)
}
label = valid
}
nodeSelector := map[string]string{}
if len(cfg.Selector) > 0 {
valid, remove, err := app.LabelsFromSpec(strings.Split(cfg.Selector, ","))
if err != nil {
return err
}
if len(remove) > 0 {
return cmdutil.UsageError(cmd, "You may not pass negative labels in selector %q", cfg.Selector)
}
nodeSelector = valid
}
image := cfg.ImageTemplate.ExpandOrDie(cfg.Type)
namespace, err := f.OpenShiftClientConfig.Namespace()
if err != nil {
return fmt.Errorf("error getting client: %v", err)
}
_, kClient, err := f.Clients()
if err != nil {
return fmt.Errorf("error getting client: %v", err)
}
p, output, err := cmdutil.PrinterForCommand(cmd)
if err != nil {
return fmt.Errorf("unable to configure printer: %v", err)
}
// Check if the specified service account already exists
_, err = kClient.ServiceAccounts(namespace).Get(cfg.ServiceAccount)
if err != nil && !errors.IsNotFound(err) {
return fmt.Errorf("Unable to create the registry service account: can't check for existing service-account %q: %v", cfg.ServiceAccount, err)
}
generateServiceAccount := err != nil
generate := output
if !generate {
_, err = kClient.Services(namespace).Get(name)
if err != nil {
if !errors.IsNotFound(err) {
return fmt.Errorf("can't check for existing docker-registry %q: %v", name, err)
}
generate = true
}
}
if generate {
if cfg.DryRun && !output {
return fmt.Errorf("docker-registry %q does not exist (no service).", name)
}
// create new registry
if len(cfg.Credentials) == 0 {
return fmt.Errorf("registry does not exist; you must specify a .kubeconfig file path containing credentials for connecting the registry to the master with --credentials")
}
clientConfigLoadingRules := &kclientcmd.ClientConfigLoadingRules{ExplicitPath: cfg.Credentials}
credentials, err := clientConfigLoadingRules.Load()
if err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not be loaded: %v", cfg.Credentials, err)
}
config, err := kclientcmd.NewDefaultClientConfig(*credentials, &kclientcmd.ConfigOverrides{}).ClientConfig()
if err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not be used: %v", cfg.Credentials, err)
}
if err := kclient.LoadTLSFiles(config); err != nil {
return fmt.Errorf("registry does not exist; the provided credentials %q could not load certificate info: %v", cfg.Credentials, err)
}
insecure := "false"
if config.Insecure {
insecure = "true"
} else {
if len(config.KeyData) == 0 || len(config.CertData) == 0 {
return fmt.Errorf("registry does not exist; the provided credentials %q are missing the client certificate and/or key", cfg.Credentials)
}
}
env := app.Environment{
"OPENSHIFT_MASTER": config.Host,
"OPENSHIFT_CA_DATA": string(config.CAData),
"OPENSHIFT_KEY_DATA": string(config.KeyData),
"OPENSHIFT_CERT_DATA": string(config.CertData),
"OPENSHIFT_INSECURE": insecure,
}
mountHost := len(cfg.HostMount) > 0
podTemplate := &kapi.PodTemplateSpec{
ObjectMeta: kapi.ObjectMeta{Labels: label},
Spec: kapi.PodSpec{
ServiceAccount: cfg.ServiceAccount,
NodeSelector: nodeSelector,
Containers: []kapi.Container{
{
Name: "registry",
Image: image,
Ports: ports,
Env: env.List(),
VolumeMounts: []kapi.VolumeMount{
{
Name: "registry-storage",
MountPath: cfg.Volume,
},
},
SecurityContext: &kapi.SecurityContext{
Privileged: &mountHost,
},
// TODO reenable the liveness probe when we no longer support the v1 registry.
/*
LivenessProbe: &kapi.Probe{
InitialDelaySeconds: 3,
TimeoutSeconds: 5,
Handler: kapi.Handler{
HTTPGet: &kapi.HTTPGetAction{
Path: "/healthz",
Port: util.NewIntOrStringFromInt(5000),
},
},
},
*/
},
},
Volumes: []kapi.Volume{
{
Name: "registry-storage",
VolumeSource: kapi.VolumeSource{},
},
},
},
}
if mountHost {
podTemplate.Spec.Volumes[0].HostPath = &kapi.HostPathVolumeSource{Path: cfg.HostMount}
} else {
podTemplate.Spec.Volumes[0].EmptyDir = &kapi.EmptyDirVolumeSource{}
}
objects := []runtime.Object{
&dapi.DeploymentConfig{
ObjectMeta: kapi.ObjectMeta{
Name: name,
Labels: label,
},
Triggers: []dapi.DeploymentTriggerPolicy{
{Type: dapi.DeploymentTriggerOnConfigChange},
},
Template: dapi.DeploymentTemplate{
ControllerTemplate: kapi.ReplicationControllerSpec{
Replicas: cfg.Replicas,
Selector: label,
Template: podTemplate,
},
},
},
}
objects = app.AddServices(objects)
if generateServiceAccount {
// Add the new service account to "privileged"
scc, err := kClient.SecurityContextConstraints().Get("privileged")
if err != nil {
return fmt.Errorf("Unable to create the registry service account: can't check for existing security context constraints privileged: %v", err)
}
userName := "******" + namespace + ":" + cfg.ServiceAccount
inList := false
for _, u := range scc.Users {
if u == userName {
inList = true
break
}
}
if !inList {
scc.Users = append(scc.Users, userName)
_, err = kClient.SecurityContextConstraints().Update(scc)
if err != nil && !errors.IsNotFound(err) {
return fmt.Errorf("error updating security context constraints: %v", err)
}
}
// Create the service account before anything else
objects = append([]runtime.Object{&kapi.ServiceAccount{ObjectMeta: kapi.ObjectMeta{Name: cfg.ServiceAccount}}}, objects...)
}
// TODO: label all created objects with the same label
list := &kapi.List{Items: objects}
if output {
if err := p.PrintObj(list, out); err != nil {
return fmt.Errorf("unable to print object: %v", err)
}
return nil
}
mapper, typer := f.Factory.Object()
bulk := configcmd.Bulk{
Mapper: mapper,
Typer: typer,
RESTClientFactory: f.Factory.RESTClient,
After: configcmd.NewPrintNameOrErrorAfter(out, os.Stderr),
}
if errs := bulk.Create(list, namespace); len(errs) != 0 {
return errExit
}
return nil
}
fmt.Fprintf(out, "Docker registry %q service exists\n", name)
return nil
}
