Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package tools
- import (
- "crypto/x509"
- "encoding/base64"
- "fmt"
- "time"
- "golang.org/x/crypto/ssh"
- "models"
- "service"
- )
- const (
- MASTER_TASK_ID = "MASTER"
- MASTER_INSECURE_ENDPOINT_PORT = int(60001)
- MASTER_SECURE_ENDPOINT_PORT = int(60002)
- K8S_BINARY = "static.ccs.tencentyun.com/k8s-1.10.5-e78e7740.tar.gz"
- DOCKER_BINARY = "static.ccs.tencentyun.com/docker-17.12.1-ce.tgz"
- )
- func GenServiceAccount(apiSrvKey string) ([]byte, error) {
- private, err := x509.ParsePKCS1PrivateKey([]byte(apiSrvKey))
- if err != nil {
- return nil, err
- }
- publicKey, err := ssh.NewPublicKey(private.PublicKey)
- if err != nil {
- return nil, err
- }
- return publicKey.Marshal(), nil
- }
- type MasterCertAndKey struct {
- ClsID string
- ApiServerCert string
- ApiServerKey string
- ApiServerKubeletCrt string
- ApiServerKubeletKey string
- ServiceAccountPrv string
- ServiceAccountPem string
- }
- type K8sConfigInfo struct {
- ServiceCIDR string
- PodCIDR string
- NodeMaskSize int
- }
- func GenerateMasterInstallJob(curNode *models.VmInstance, masterLb, etcdEndpPoints string, certAndKey MasterCertAndKey, info K8sConfigInfo) *models.Job {
- return &models.Job{
- TaskId: MASTER_TASK_ID,
- Status: models.JobStatus{
- State: models.JOB_STATE_TODO,
- CreatedAt: time.Now(),
- },
- Configs: []models.Config{
- {
- DstPath: service.CLUSTER_SERVER_CRT_PATH,
- Content: base64.StdEncoding.EncodeToString([]byte(certAndKey.ApiServerCert)),
- },
- {
- DstPath: service.CLUSTER_SERVER_KEY_PATH,
- Content: base64.StdEncoding.EncodeToString([]byte(certAndKey.ApiServerKey)),
- },
- {
- DstPath: service.CLUSTER_APISERVER_CLIENT_CRT_PATH,
- Content: base64.StdEncoding.EncodeToString([]byte(certAndKey.ApiServerKubeletCrt)),
- },
- {
- DstPath: service.CLUSTER_APISERVER_CLIENT_KEY_PATH,
- Content: base64.StdEncoding.EncodeToString([]byte(certAndKey.ApiServerKubeletKey)),
- },
- {
- DstPath: service.CLUSTER_SERVICE_ACCOUNT_PRV,
- Content: base64.StdEncoding.EncodeToString([]byte(certAndKey.ServiceAccountPrv)),
- },
- {
- DstPath: service.CLUSTER_SERVICE_ACCOUNT_PEM,
- Content: base64.StdEncoding.EncodeToString([]byte(certAndKey.ServiceAccountPem)),
- },
- },
- Cmds: []models.Cmd{
- {
- Name: "/usr/local/bin/tke-tool",
- Args: []string{
- "kubernetes",
- "master",
- "up",
- fmt.Sprintf("--hostname=%s", *curNode.LanIp),
- // apiserver
- fmt.Sprintf("--kube-apiserver-cluster-service-ip-range=%s", info.ServiceCIDR),
- fmt.Sprintf("--kube-apiserver-enable-api-aggregation=true"),
- fmt.Sprintf("--kube-apiserver-etcd-servers=%s", etcdEndpPoints),
- fmt.Sprintf("--kube-apiserver-cluster-ca=%s", service.CLUSTER_ETCD_CA_CRT_PATH),
- fmt.Sprintf("--kube-apiserver-etcd-ca=%s", service.CLUSTER_ETCD_CA_CRT_PATH),
- fmt.Sprintf("--kube-apiserver-etcd-cert=%s", service.CLUSTER_ETCD_CRT_PATH),
- fmt.Sprintf("--kube-apiserver-etcd-key=%s", service.CLUSTER_ETCD_KEY_PATH),
- fmt.Sprintf("--kube-apiserver-requestheader-client-ca=%s", service.CLUSTER_ETCD_CA_CRT_PATH),
- fmt.Sprintf("--kube-apiserver-proxy-client-cert=%s", service.CLUSTER_APISERVER_CLIENT_CRT_PATH),
- fmt.Sprintf("--kube-apiserver-proxy-client-key=%s", service.CLUSTER_APISERVER_CLIENT_KEY_PATH),
- fmt.Sprintf("--kube-apiserver-kubelet-ca=%s", service.CLUSTER_SERVICE_ACCOUNT_PRV),
- fmt.Sprintf("--kube-apiserver-kubelet-client-cert=%s", service.CLUSTER_APISERVER_CLIENT_CRT_PATH),
- fmt.Sprintf("--kube-apiserver-kubelet-client-key=%s", service.CLUSTER_APISERVER_CLIENT_KEY_PATH),
- fmt.Sprintf("--kube-apiserver-sa-key=%s", service.CLUSTER_SERVICE_ACCOUNT_PEM),
- fmt.Sprintf("--kube-apiserver-serve-tls-cert=%s", service.CLUSTER_SERVER_CRT_PATH),
- fmt.Sprintf("--kube-apiserver-serve-tls-key=%s", service.CLUSTER_SERVER_KEY_PATH),
- fmt.Sprintf("--kube-apiserver-secure-bind-address=%s", "0.0.0.0"),
- fmt.Sprintf("--kube-apiserver-secure-bind-port=%d", MASTER_SECURE_ENDPOINT_PORT),
- fmt.Sprintf("--kube-apiserver-insecure-bind-address=%s", *curNode.LanIp),
- fmt.Sprintf("--kube-apiserver-insecure-bind-port=%s", MASTER_INSECURE_ENDPOINT_PORT),
- // apiserver override
- fmt.Sprintf("--kube-apiserver-override-parameters=advertise-address=%s", masterLb),
- fmt.Sprintf("--kube-apiserver-override-parameters=cloud-provider=%s", "qcloud"),
- fmt.Sprintf("--kube-apiserver-override-parameters=basic-auth-file=%s", service.CLUSTER_BASIC_AUTH_PATH),
- fmt.Sprintf("--kube-apiserver-override-parameters=cloud-config=%s", service.CLUSTER_CLOUD_CONFIG_PATH),
- fmt.Sprintf("--kube-apiserver-override-parameters=token-auth-file=%s", service.CLUSTER_KNOWN_TOKEND_PATH),
- fmt.Sprintf("--kube-apiserver-override-parameters=etcd-prefix=%s", certAndKey.ClsID),
- fmt.Sprintf("--kube-apiserver-override-parameters=authorization-mode=%s", service.AUTHORIZATION_MODE_K8S_17x),
- fmt.Sprintf("--kube-apiserver-override-parameters=enable-admission-plugins=%s", service.ADMISSION_CONTROLE_K8S_17x),
- fmt.Sprintf("--kube-apiserver-override-parameters=authorization-policy-file=%s", service.DEFAULT_AUTHORIZATION_POLICY_PATH),
- fmt.Sprintf("--kube-apiserver-override-parameters=authorization-policy-file=%s", service.DEFAULT_AUTHORIZATION_POLICY_PATH),
- fmt.Sprintf("--kube-apiserver-override-parameters=external-hostname=%s.ccs.tencent-cloud.com", curNode.ClusterInstanceId),
- // controller manager
- fmt.Sprintf("--kube-controller-manager-apiserver=https:%s:%d", masterLb, MASTER_SECURE_ENDPOINT_PORT),
- fmt.Sprintf("--kube-controller-manager-apiserver-ca-cert=%s", service.CLUSTER_ETCD_CA_CRT_PATH),
- fmt.Sprintf("--kube-controller-manager-apiserver-client-cert=%s", service.CLUSTER_SERVER_CRT_PATH),
- fmt.Sprintf("--kube-controller-manager-apiserver-client-key=%s", service.CLUSTER_SERVER_KEY_PATH),
- fmt.Sprintf("--kube-controller-manager-cluster-sign-cert=%s", service.CLUSTER_SERVER_CRT_PATH),
- fmt.Sprintf("--kube-controller-manager-cluster-sign-key=%s", service.CLUSTER_SERVER_KEY_PATH),
- fmt.Sprintf("--kube-controller-manager-sa-private-key=%s", service.CLUSTER_SERVER_KEY_PATH),
- fmt.Sprintf("--kube-controller-manager-cluster-pod-ip-range=%s", info.PodCIDR),
- fmt.Sprintf("--kube-controller-manager-cluster-service-ip-range=%s", info.ServiceCIDR),
- fmt.Sprintf("--kube-controller-manager-node-cidr-mask-size=%d", info.NodeMaskSize),
- // cm override
- fmt.Sprintf("--kube-controller-manager-overrides-parameters=cluster-name=%s", curNode.ClusterInstanceId),
- fmt.Sprintf("--kube-controller-manager-overrides-parameters=cloud-provider=%s", "qcloud"),
- fmt.Sprintf("--kube-controller-manager-overrides-parameters=horizontal-pod-autoscaler-use-rest-clients=%s", "true"),
- // scheduler
- fmt.Sprintf("--kube-scheduler-apiserver=https://%s:%d", masterLb, MASTER_SECURE_ENDPOINT_PORT),
- fmt.Sprintf("--kube-scheduler-apiserver-ca-cert=%s", service.CLUSTER_ETCD_CA_CRT_PATH),
- fmt.Sprintf("--kube-scheduler-apiserver-client-cert=%s", service.CLUSTER_APISERVER_CLIENT_CRT_PATH),
- fmt.Sprintf("--kube-scheduler-apiserver-client-key=%s", service.CLUSTER_APISERVER_CLIENT_KEY_PATH),
- // kubelet
- fmt.Sprintf("--kubelet-apiserver=https://%s:%d", masterLb, MASTER_SECURE_ENDPOINT_PORT),
- fmt.Sprintf("--kubelet-apiserver-ca-cert=%s", service.CLUSTER_ETCD_CA_CRT_PATH),
- fmt.Sprintf("--kubelet-apiserver-client-cert=%s", service.CLUSTER_APISERVER_CLIENT_CRT_PATH),
- fmt.Sprintf("--kubelet-apiserver-client-key=%s", service.CLUSTER_APISERVER_CLIENT_KEY_PATH),
- fmt.Sprintf("--kubelet-secure-serve-cert=%s", service.CLUSTER_SERVER_CRT_PATH),
- fmt.Sprintf("--kubelet-secure-serve-key=%s", service.CLUSTER_SERVER_KEY_PATH),
- fmt.Sprintf("--kubelet-resource-url=http://%s", K8S_BINARY),
- fmt.Sprintf("--docker-resource-url=http://%s", DOCKER_BINARY),
- },
- },
- },
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement