def set_label(label, value): nodename = get_node_name() cmd = 'kubectl --kubeconfig={0} label node {1} {2}={3} --overwrite' cmd = cmd.format(kubeconfig_path, nodename, label, value) cmd = cmd.split() retry = 'Failed to apply label %s=%s. Will retry.' % (label, value) if not persistent_call(cmd, retry): raise ApplyNodeLabelFailed(retry)
def remove_label(label): nodename = get_node_name() cmd = 'kubectl --kubeconfig={0} label node {1} {2}-' cmd = cmd.format(kubeconfig_path, nodename, label) cmd = cmd.split() retry = 'Failed to remove label {0}. Will retry.'.format(label) if not persistent_call(cmd, retry): raise ApplyNodeLabelFailed(retry)
def request_kubelet_and_proxy_credentials(kube_control): """ Request kubelet node authorization with a well formed kubelet user. This also implies that we are requesting kube-proxy auth. """ # The kube-cotrol interface is created to support RBAC. # At this point we might as well do the right thing and return the hostname # even if it will only be used when we enable RBAC nodeuser = '******'.format(get_node_name().lower()) kube_control.set_auth_request(nodeuser)
def shutdown(): ''' When this unit is destroyed: - delete the current node - stop the worker services ''' try: if os.path.isfile(kubeconfig_path): kubectl('delete', 'node', get_node_name()) except CalledProcessError: hookenv.log('Failed to unregister node.') service_stop('snap.kubelet.daemon') service_stop('snap.kube-proxy.daemon')
def catch_change_in_creds(kube_control): """Request a service restart in case credential updates were detected.""" nodeuser = '******'.format(get_node_name().lower()) creds = kube_control.get_auth_credentials(nodeuser) if creds and creds['user'] == nodeuser: # We need to cache the credentials here because if the # master changes (master leader dies and replaced by a new one) # the new master will have no recollection of our certs. db.set('credentials', creds) set_state('worker.auth.bootstrapped') if data_changed('kube-control.creds', creds): set_state('kubernetes-worker.restart-needed')
def shutdown(): """When this unit is destroyed: - delete the current node - stop the worker services """ try: if os.path.isfile(kubelet_kubeconfig_path): kubectl("delete", "node", get_node_name()) except CalledProcessError: hookenv.log("Failed to unregister node.") service_stop("snap.kubelet.daemon") service_stop("snap.kube-proxy.daemon")
def catch_change_in_creds(kube_control): """Request a service restart in case credential updates were detected.""" nodeuser = "******".format(get_node_name().lower()) creds = kube_control.get_auth_credentials(nodeuser) if creds and creds["user"] == nodeuser: # We need to cache the credentials here because if the # control-plane changes (control-plane leader dies and replaced by a new one) # the new control-plane will have no recollection of our certs. db.set("credentials", creds) set_state("worker.auth.bootstrapped") if data_changed("kube-control.creds", creds): set_state("kubernetes-worker.restart-needed")
def configure_kube_proxy(api_servers, cluster_cidr): kube_proxy_opts = {} kube_proxy_opts['cluster-cidr'] = cluster_cidr kube_proxy_opts['kubeconfig'] = kubeproxyconfig_path kube_proxy_opts['logtostderr'] = 'true' kube_proxy_opts['v'] = '0' kube_proxy_opts['master'] = random.choice(api_servers) kube_proxy_opts['hostname-override'] = get_node_name() if b'lxc' in check_output('virt-what', shell=True): kube_proxy_opts['conntrack-max-per-core'] = '0' configure_kubernetes_service(configure_prefix, 'kube-proxy', kube_proxy_opts, 'proxy-extra-args')
def pre_series_upgrade(): # NB: We use --force here because unmanaged pods are going to die anyway # when the node is shut down, and it's better to let drain cleanly # terminate them. We use --delete-local-data because the dashboard, at # least, uses local data (emptyDir); but local data is documented as being # ephemeral anyway, so we can assume it should be ok. kubectl( "drain", get_node_name(), "--ignore-daemonsets", "--force", "--delete-local-data", ) service_pause("snap.kubelet.daemon") service_pause("snap.kube-proxy.daemon")
def update_nrpe_config(): services = ["snap.{}.daemon".format(s) for s in worker_services] data = render("nagios_plugin.py", None, {"node_name": get_node_name()}) plugin_path = install_nagios_plugin_from_text(data, "check_k8s_worker.py") hostname = nrpe.get_nagios_hostname() current_unit = nrpe.get_nagios_unit_name() nrpe_setup = nrpe.NRPE(hostname=hostname) nrpe_setup.add_check("node", "Node registered with API Server", str(plugin_path)) nrpe.add_init_service_checks(nrpe_setup, services, current_unit) nrpe_setup.write() creds = db.get("credentials") servers = get_kube_api_servers() if creds and servers: server = servers[get_unit_number() % len(servers)] create_kubeconfig( nrpe_kubeconfig_path, server, ca_crt_path, token=creds["client_token"], user="******", ) # Make sure Nagios dirs are the correct permissions. cmd = ["chown", "-R", "nagios:nagios"] for p in ["/var/lib/nagios/", os.path.dirname(nrpe_kubeconfig_path)]: if os.path.exists(p): check_call(cmd + [p]) remove_state("nrpe-external-master.reconfigure") set_state("nrpe-external-master.initial-config") # request CPU governor check from nrpe relation to be performance rel_settings = { "requested_cpu_governor": "performance", } for rid in hookenv.relation_ids("nrpe-external-master"): hookenv.relation_set(relation_id=rid, relation_settings=rel_settings)
def post_series_upgrade(): service_resume("snap.kubelet.daemon") service_resume("snap.kube-proxy.daemon") kubectl("uncordon", get_node_name())
def __init__(self, kubeconfig_path: Union[PathLike, str]): self.kubeconfig_path = kubeconfig_path self.node = get_node_name()