Major update.

Adam Heath
Showing 8 changed files with 137 additions and 68 deletions
docker-compose.yaml
etc/registries.yaml
scripts/_parse_args.bash
scripts/install-cluster-dns.sh
scripts/start-docker.sh
scripts/stop-docker.sh
scripts/update-docker-kubeconfig.sh
scripts/wait-for-etcd.sh
--- a/docker-compose.yaml
View file @be31880
+++ b/docker-compose.yaml
View file @be31880
-version: '2.4'
+version: '3.4'
+x-extra-hosts: &_x_extra_hosts
+  extra_hosts:
+    - "${APP_REGISTRY_NAME}:${APP_REGISTRY_ADDRESS}"
 x-etcd-environment: &_x-etcd-environment
  ALLOW_NONE_AUTHENTICATION: "yes"
@@ -16,7 +20,35 @@ x-etcd-base: &_x-etcd-base
  command: ["/opt/bitnami/scripts/etcd/run.sh"]
  user: root
+x-root-cert-volume: &_x-root-cert-volume
+  type: bind
+  source: ${CONTEXT_DIR}/certs/root.crt
+  target: /etc/ssl/certs/root.crt
+  read_only: true
+  bind:
+    create_host_path: false
+x-kubelet-volume: &_x-kubelet-volume
+  type: volume
+  target: /var/lib/kubelet
+#  volume:
+#    propagation: shared
+x-registries-yaml-volume: &_x-registries-yaml-volume
+  type: bind
+  source: ${APISERVER_DIR}/etc/registries.yaml
+  target: /etc/rancher/k3s/registries.yaml
+  read_only: true
+  bind:
+    create_host_path: false
+x-k3s-master-env: &_x-k3s-master-env
+  K3S_KUBECONFIG_OUTPUT: /output/kubeconfig.yaml
+  K3S_KUBECONFIG_MODE: "666"
+  K3S_NODE_NAME: master
 x-k3s-master-base: &_x-k3s-master-base
+  <<: *_x_extra_hosts
  image: "docker.io/rancher/k3s:${K3S_VERSION:-latest}"
  networks:
    default:
@@ -35,18 +67,27 @@ x-k3s-master-base: &_x-k3s-master-base
  ports:
    - 6443
  environment:
-    - K3S_KUBECONFIG_OUTPUT=/output/kubeconfig.yaml
+    <<: *_x-k3s-master-env
-    - K3S_KUBECONFIG_MODE=666
-    - K3S_NODE_NAME=master
  volumes:
    - server:/var/lib/rancher/k3s/server
    - output:/output
-    - ./etc/registries.yaml:/etc/rancher/k3s/registries.yaml:ro
+    - ${APP_ROOT_DIR?Please set APP_ROOT_DIR}:${APP_ROOT_MOUNT?Please set APP_ROOT_MOUNT(where to mount $PWD)}
-    - ./certs/root.crt:/etc/ssl/certs/root.crt:ro
+#    - *_x-registries-yaml-volume
-    - ./certs/registry.crt:/etc/ssl/certs/registry.crt:ro
+    - *_x-root-cert-volume
-    - .:${APP_ROOT_MOUNT?Please set APP_ROOT_MOUNT(where to mount $PWD)}
+    - *_x-kubelet-volume
+x-k3s-agent-env: &_x-k3s-agent-env
+  K3S_URL: https://k3s-master:6443
+  K3S_TOKEN_FILE: /var/lib/rancher/k3s/server/node-token
+  K3S_NODE_NAME: k3s-agent
+  VIRTUAL_HOST: ${VHOST_STUB},*${VHOST_SUFFIX},${APP_REGISTRY_NAME}
+  VIRTUAL_PROTO: https
+  VIRTUAL_PORT: "443"
+  SELF_SIGNED_HOST: ${VHOST_STUB},*${VHOST_SUFFIX}
+  HTTPS_METHOD: noredirect
 x-k3s-agent-base: &_x-k3s-agent-base
+  <<: *_x_extra_hosts
  image: "docker.io/rancher/k3s:${K3S_VERSION:-latest}"
  tmpfs:
    - /run
@@ -57,10 +98,10 @@ x-k3s-agent-base: &_x-k3s-agent-base
      soft: 65535
      hard: 65535
  volumes:
-    - .:${APP_ROOT_MOUNT?Please specify where to mount $PWD}
+    - ${APP_ROOT_DIR?Please set APP_ROOT_DIR}:${APP_ROOT_MOUNT?Please specify where to mount $PWD}
-    - ./etc/registries.yaml:/etc/rancher/k3s/registries.yaml:ro
+#    - *_x-registries-yaml-volume
-    - ./certs/root.crt:/etc/ssl/certs/root.crt:ro
+    - *_x-root-cert-volume
-    - ./certs/registry.crt:/etc/ssl/certs/registry.crt:ro
+    - *_x-kubelet-volume
    - server:/var/lib/rancher/k3s/server:ro
  privileged: true
  restart: always
@@ -70,14 +111,7 @@ x-k3s-agent-base: &_x-k3s-agent-base
  ports:
    - 443
  environment:
-    - K3S_URL=https://k3s-master:6443
+    <<: *_x-k3s-agent-env
-    - K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token
-    - K3S_NODE_NAME=k3s-agent
-    - VIRTUAL_HOST=${VHOST_STUB},*${VHOST_SUFFIX}
-    - VIRTUAL_PROTO=https
-    - VIRTUAL_PORT=443
-    - SELF_SIGNED_HOST=${VHOST_STUB},*${VHOST_SUFFIX}
-    - HTTPS_METHOD=noredirect
 x-coredns-base: &_x-coredns-base
  image: docker.io/coredns/coredns
@@ -86,13 +120,13 @@ x-coredns-base: &_x-coredns-base
  volumes:
    - server:/var/lib/rancher/k3s/server
    - output:/output
-    - ./etc/coredns:/etc/coredns:ro
+    - ${APISERVER_DIR}/etc/coredns:/etc/coredns:ro
 networks:
  default:
  nginx:
-    external:
    name: nginx
+    external: true
 services:
  etcd1:
@@ -103,7 +137,7 @@ services:
      ETCD_INITIAL_ADVERTISE_PEER_URLS: http://etcd1:2380
      ETCD_ADVERTISE_CLIENT_URLS: http://etcd1:2379
    volumes:
-    - ./scripts/etcd-entrypoint.sh:/etcd-entrypoint.sh:ro
+    - ${APISERVER_DIR}/scripts/etcd-entrypoint.sh:/etcd-entrypoint.sh:ro
    - etcd1-data:/bitnami/etcd/data
  etcd2:
@@ -114,7 +148,7 @@ services:
      ETCD_INITIAL_ADVERTISE_PEER_URLS: http://etcd2:2380
      ETCD_ADVERTISE_CLIENT_URLS: http://etcd2:2379
    volumes:
-    - ./scripts/etcd-entrypoint.sh:/etcd-entrypoint.sh:ro
+    - ${APISERVER_DIR}/scripts/etcd-entrypoint.sh:/etcd-entrypoint.sh:ro
    - etcd2-data:/bitnami/etcd/data
  etcd3:
@@ -125,41 +159,47 @@ services:
      ETCD_INITIAL_ADVERTISE_PEER_URLS: http://etcd3:2380
      ETCD_ADVERTISE_CLIENT_URLS: http://etcd3:2379
    volumes:
-    - ./scripts/etcd-entrypoint.sh:/etcd-entrypoint.sh:ro
+    - ${APISERVER_DIR}/scripts/etcd-entrypoint.sh:/etcd-entrypoint.sh:ro
    - etcd3-data:/bitnami/etcd/data
  k3s-master-1:
    <<: *_x-k3s-master-base
    command: [
      "server",
-      "--with-node-id",
+      "--disable=traefik,coredns,local-storage",
-      "--disable=traefik,coredns",
      "--node-taint", "node-role.kubernetes.io/master=true:NoSchedule",
      "--datastore-endpoint=http://etcd1:2379",
      "--cluster-init",
    ]
+    environment:
+      <<: *_x-k3s-agent-env
+      K3S_NODE_NAME: master-1
  k3s-master-2:
    <<: *_x-k3s-master-base
    command: [
      "server",
-      "--with-node-id",
+      "--disable=traefik,coredns,local-storage",
-      "--disable=traefik,coredns",
      "--node-taint", "node-role.kubernetes.io/master=true:NoSchedule",
      "--datastore-endpoint=http://etcd2:2379",
      "--server=http://k3s-master-1:6443",
    ]
+    environment:
+      <<: *_x-k3s-agent-env
+      K3S_NODE_NAME: master-2
  k3s-master-3:
    <<: *_x-k3s-master-base
    command: [
      "server",
-      "--with-node-id",
+      "--disable=traefik,coredns,local-storage",
-      "--disable=traefik,coredns",
      "--node-taint", "node-role.kubernetes.io/master=true:NoSchedule",
      "--datastore-endpoint=http://etcd3:2379",
      "--server=http://k3s-master-1:6443",
    ]
+    environment:
+      <<: *_x-k3s-agent-env
+      K3S_NODE_NAME: master-3
  k3s-coredns-1:
    <<: *_x-coredns-base
@@ -174,15 +214,19 @@ services:
    <<: *_x-k3s-agent-base
    command: [
      "agent",
-      "--with-node-id",
    ]
+    environment:
+      <<: *_x-k3s-agent-env
+      K3S_NODE_NAME: agent-1
  k3s-agent-2:
    <<: *_x-k3s-agent-base
    command: [
      "agent",
-      "--with-node-id",
    ]
+    environment:
+      <<: *_x-k3s-agent-env
+      K3S_NODE_NAME: agent-2
 volumes:
  etcd1-data:
--- a/etc/registries.yaml
View file @be31880
+++ b/etc/registries.yaml
View file @be31880
 mirrors:
-  "registry.uniquely-me.local":
+  "registry.local":
    endpoint:
-      - https://registry.uniquely-me.local
+      - https://registry.local
 configs:
-  registry.uniquely-me.local:
+  registry.local:
    tls:
      ca_file: "/etc/ssl/certs/registry.crt"
--- a/scripts/_parse_args.bash
View file @be31880
+++ b/scripts/_parse_args.bash
View file @be31880
 #!/bin/bash
-CONTEXT_DIR="$TOP_DIR"
+CONTEXT_DIR="$APISERVER_DIR"
 declare -a args
 declare -A features=(
 	[cert-manager]=1
 	[istio]=1
 )
+declare -a compose_files=(-f "$APISERVER_DIR/docker-compose.yaml")
+declare -a k8s_nodes=()
 while [[ $# -gt 0 ]]; do
 	arg="$1"
@@ -24,6 +26,14 @@ while [[ $# -gt 0 ]]; do
 			features[$1]=
 			shift
 			;;
+		(-f)
+			compose_files+=(-f "$1")
+			shift
+			;;
+		(-n)
+			k8s_nodes+=("$1")
+			shift
+			;;
 		(*)
 			args+=("$arg")
 			;;
@@ -41,3 +51,7 @@ for feature in "${!features[@]}"; do
 done
 export CONTEXT_DIR
+_compose() {
+	docker-compose --project-directory "$CONTEXT_DIR" "${compose_files[@]}" "$@"
+}
--- a/scripts/install-cluster-dns.sh
View file @be31880
+++ b/scripts/install-cluster-dns.sh
View file @be31880
@@ -4,9 +4,14 @@ set -e
 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
 export TOP_DIR
-COREDNS_IP_1=$(docker-compose -f "$TOP_DIR/docker-compose.yaml" exec -T k3s-master-1 ping -c 1 -q k3s-coredns-1 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
+CONTEXT_DIR="$1"
-COREDNS_IP_2=$(docker-compose -f "$TOP_DIR/docker-compose.yaml" exec -T k3s-master-1 ping -c 1 -q k3s-coredns-2 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
+_compose() {
-COREDNS_IP_3=$(docker-compose -f "$TOP_DIR/docker-compose.yaml" exec -T k3s-master-1 ping -c 1 -q k3s-coredns-3 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
+	docker-compose --project-directory "$CONTEXT_DIR" -f "$TOP_DIR/docker-compose.yaml" "$@"
+}
+COREDNS_IP_1=$(_compose exec -T k3s-master-1 ping -c 1 -q k3s-coredns-1 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
+COREDNS_IP_2=$(_compose exec -T k3s-master-1 ping -c 1 -q k3s-coredns-2 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
+COREDNS_IP_3=$(_compose exec -T k3s-master-1 ping -c 1 -q k3s-coredns-3 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
 kubectl apply -f /dev/stdin << _EOF_
 apiVersion: v1
--- a/scripts/start-docker.sh
View file @be31880
+++ b/scripts/start-docker.sh
View file @be31880
@@ -2,14 +2,14 @@
 set -e
-TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
+APISERVER_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
-export TOP_DIR
+export APISERVER_DIR
-. "$TOP_DIR/scripts/_parse_args.bash"
+. "$APISERVER_DIR/scripts/_parse_args.bash"
 case "$1" in
 	(switch-to)
-		"$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
+		"$APISERVER_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
 		exit
 		;;
 	("")
@@ -20,23 +20,22 @@ case "$1" in
 		;;
 esac
-"$TOP_DIR/scripts/ensure-certs.sh"
+"$APISERVER_DIR/scripts/ensure-certs.sh"
-"$TOP_DIR/scripts/wait-for-etcd.sh"
+"$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR"
-docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-1
+_compose up -d k3s-master-1
-"$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
+"$APISERVER_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
-"$TOP_DIR/scripts/wait-for-master-1.sh"
+"$APISERVER_DIR/scripts/wait-for-master-1.sh"
-docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-coredns-1 k3s-coredns-2 k3s-coredns-3
+_compose up -d k3s-coredns-1 k3s-coredns-2 k3s-coredns-3
-"$TOP_DIR/scripts/install-cluster-dns.sh"
+"$APISERVER_DIR/scripts/install-cluster-dns.sh" "$CONTEXT_DIR"
-docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-agent-1 k3s-agent-2
+_compose up -d k3s-agent-1 k3s-agent-2 k3s-storage-1 "${k8s_nodes[@]}"
-docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-2 k3s-master-3
+_compose up -d k3s-master-2 k3s-master-3
-"$TOP_DIR/scripts/wait-for-system-pods.sh" 2
+"$APISERVER_DIR/scripts/wait-for-system-pods.sh" 1
+#_compose up -d k3s-proxy
-#docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-proxy
+#[[ ${features[istio]} ]] && istioctl install -yf "$APISERVER_DIR/istio-minimal-operator.yaml"
-#[[ ${features[istio]} ]] && istioctl install -yf "$TOP_DIR/istio-minimal-operator.yaml"
+cd "$APISERVER_DIR"
-cd "$TOP_DIR"
 #helmfile apply
--- a/scripts/stop-docker.sh
View file @be31880
+++ b/scripts/stop-docker.sh
View file @be31880
@@ -2,10 +2,10 @@
 set -e
-TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
+APISERVER_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
-export TOP_DIR
+export APISERVER_DIR
-. "$TOP_DIR/scripts/_parse_args.bash"
+. "$APISERVER_DIR/scripts/_parse_args.bash"
-docker-compose -f "$TOP_DIR/docker-compose.yaml" down "$@"
+_compose down "$@"
--- a/scripts/update-docker-kubeconfig.sh
View file @be31880
+++ b/scripts/update-docker-kubeconfig.sh
View file @be31880
@@ -7,6 +7,12 @@ CONTEXT_DIR="$1"
 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
 export TOP_DIR
+CONTEXT_DIR="$1"
+_compose() {
+	docker-compose --project-directory "$CONTEXT_DIR" -f "$TOP_DIR/docker-compose.yaml" "$@"
+}
 tmpd="$(mktemp -d)"
 onexit() {
 	[[ $tmpd ]] && rm -rf "$tmpd"
@@ -18,7 +24,7 @@ trap onexit EXIT
 declare -i count=10
 while [[ $count > 0 ]]; do
-	if docker-compose -f "$TOP_DIR/docker-compose.yaml" exec -T k3s-master-1 cat /output/kubeconfig.yaml > "$tmpd/config.docker" 2>/dev/null; then
+	if _compose exec -T k3s-master-1 cat /output/kubeconfig.yaml > "$tmpd/config.docker" 2>/dev/null; then
 		break
 	fi
 	sleep 1
@@ -26,7 +32,7 @@ while [[ $count > 0 ]]; do
 done
 chmod 600 "$tmpd/config.docker"
-MASTER_IP=$(docker-compose -f "$TOP_DIR/docker-compose.yaml" exec -T k3s-master-1 ping -c 1 -q k3s-master-1 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
+MASTER_IP=$(_compose exec -T k3s-master-1 ping -c 1 -q k3s-master-1 | sed -n 's/^PING.*(\(.*\)).*/\1/p')
 kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.clusters[].cluster.certificate-authority-data}' | base64 -d > "$tmpd/cluster-certificate-authority"
 kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-certificate-data}' | base64 -d > "$tmpd/client-certificate"
--- a/scripts/wait-for-etcd.sh
View file @be31880
+++ b/scripts/wait-for-etcd.sh
View file @be31880
@@ -5,21 +5,22 @@ set -e
 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
 export TOP_DIR
+CONTEXT_DIR="$1"
 ETCD_ENDPOINTS="http://etcd1:2380,http://etcd2:2380,http://etcd3:2380"
-docker_compose() {
+_compose() {
-	docker-compose -f "$TOP_DIR/docker-compose.yaml" "$@"
+	docker-compose --project-directory "$CONTEXT_DIR" -f "$TOP_DIR/docker-compose.yaml" "$@"
 }
 etcdctl() {
-	docker_compose exec etcd1 etcdctl "$@"
+	_compose exec etcd1 etcdctl "$@"
 }
 cnt=5
 printf 'Waiting for etcd cluster: '
 while [ $cnt -ne 0 ]; do
-	docker_compose up -d etcd1 etcd2 etcd3 1>/dev/null 2>/dev/null
+	_compose up -d etcd1 etcd2 etcd3 1>/dev/null 2>/dev/null
 	if etcdctl --endpoints "$ETCD_ENDPOINTS" endpoint health 1>/dev/null 2>/dev/null; then
 		if [ $cnt -ne 5 ]; then
 			printf ' '