vms/recipes/alpine/provisionning/conf/kubernetes/initkubernetes.start

#!/bin/sh

ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
LOG_FILE="/var/log/initkubernets.log"
FIRST_BOOT="/var/run/firstboot.flag"

infoLog() {
    echo "Info: $@" | tee -a ${LOG_FILE}
}

errorLog() {
    echo "Error: $@" | tee -a ${LOG_FILE}
}

waitReadyState() {
    local vmID="${1}"
    local timeout="${2}"

    local tick=0
    while true ;do
        local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY")
        if [ "${ready}" = "YES" ];then
            return 0
        elif [ "${timeout}" -eq "${tick}" ];then
            return ${timeout}
        else
            sleep 1
            tick=$((tick+1))
        fi
    done
}

returnToken() {
    infoLog "Returning tokens"
    local caSecretKey="${1}"
    local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1)
    local kubeToken=$(kubeadm token list  | awk '/authentication,signing.*The default*/ {print $1}')
    local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf)

    if [ -n "${ONEGATE_ENDPOINT}" ];then
        infoLog "Onegate detected"
        data="READY=YES"
        data="${data} MASTER_ADDR=${masterAddr}"
        data="${data} MASTER_TOKEN=${kubeToken}"
        data="${data} MASTER_CA_TOKEN=sha256:${caToken}"
        data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}"
        onegate vm update --data "${data}"
        infoLog "Onegate data seted"
    else
        infoLog "Onegate is not present"
        echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token
        infoLog "Tokens are available at /root/kube.token"
    fi
}

joinCluster() {
    local master="${MASTER_ADDR}"
    local token="${MASTER_TOKEN}"
    local caToken="${MASTER_CA_TOKEN}"
    local caSecretKey="${MASTER_CA_SECRET_KEY}"
    local sname="${SERVICE_NAME}"

    if [ -n "${ONEGATE_ENDPOINT}" ];then
        local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[]  | select(.name == "leader") | .nodes[0].deploy_id')
        if [ "${?}" -eq 0 ]; then
            waitReadyState ${masterID} 600
            if [ "${?}" -ne 0 ];then
                errorLog "Master node is node ready after 600s"
                return 3
            fi
            local masterInfo=$(onegate vm show ${masterID} --json | \
                jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP")
            master=$(echo ${masterInfo} | cut -d " " -f 1)
            token=$(echo ${masterInfo} | cut -d " " -f 2)
            caToken=$(echo ${masterInfo} | cut -d " " -f 3)
            caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4)
            masterIP=$(echo ${masterInfo} | cut -d " " -f 5)
            sname=$(onegate service show --json | jq -cr ".SERVICE.name")
        fi

        # Setting dns resolution for cluster
        echo "${masterIP} ${sname}" >> /etc/hosts
        onegate service show --json  | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
    fi
    if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then
        opts="--node-name $(hostname -f)"
        opts="${opts} --token ${token}"
        opts="${opts} --discovery-token-ca-cert-hash ${caToken}"
        if [ -n "${1}" ];then
            opts="${opts} --control-plane"
            opts="${opts} --certificate-key ${caSecretKey}"
        fi
        opts="${opts} ${master}"

        kubeadm join ${opts} | tee -a "${LOG_FILE}"
    else
        errorLog "Something is missing, can't join the cluster:"
        errorLog "   Master addr: [${master}]"
        errorLog "   Master token: [${token}]"
        errorLog "   Master CA token: [${caToken}]"
        return 3
    fi
}

getServiceName() {
    local sname=$(onegate service show --json | jq -cr ".SERVICE.name")
    local tmout=30
    local tick=0
    while true ;do
        if [ -z "${sname}" ];then
            sname=$(onegate service show --json | jq -cr ".SERVICE.name")
        else
            echo ${sname}
            return 0
        fi
        sleep 1
        tick=$((tick+1))
        if [ ${tmout} -eq ${tick} ];then
            hostname -f
            return 3
        fi
    done
}

initLeader() {
    sname="$(hostname -f)"

    if [ -n "${ONEGATE_ENDPOINT}" ];then
        sname=$(getServiceName)
        sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP")
        echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts
        onegate service show --json  | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
    fi

    caSecretKey=$(date | sha256sum | awk '{print $1}')

    infoLog "Kubernetes init started"
    kubeadm init --pod-network-cidr=10.244.0.0/16        \
        --node-name="${SET_HOSTNAME}"                    \
        --control-plane-endpoint "${sname}:6443"         \
        --upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}"
    infoLog "Kubernetes init ended"

    infoLog "Configuring kubectl"
    mkdir /root/.kube
    ln -s /etc/kubernetes/admin.conf /root/.kube/config
    infoLog "kubectl configured"

    infoLog "Installing cilium"
    sleep 20
    kubectl config view --minify -o jsonpath='{.clusters[].name}'
    sleep 20
    cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}"
    infoLog "Cilium is installed"

    returnToken "${caSecretKey}"
}

initKube() {
    if [ "${SERVER_ROLE}" == "leader" ];then
        initLeader
    elif [ "${SERVER_ROLE}" == "worker" ];then
        joinCluster
    elif [ "${SERVER_ROLE}" == "master" ];then
        joinCluster "${SERVER_ROLE}"
    fi
    touch ${FIRST_BOOT}
    infoLog "Kubernetes cluster init is finished"
}

if [ -f "${ENV_FILE}" ]; then
  . "${ENV_FILE}"
fi

if [ -f  "${FIRST_BOOT}" ];then
    exit 0
else
    uuidgen > /etc/machine-id
    swapoff -a # Make sure swap is disabled
    initKube &
fi