diff --git a/bindata/network/multus/multus.yaml b/bindata/network/multus/multus.yaml index 841f6eae1e..2db37c19e5 100644 --- a/bindata/network/multus/multus.yaml +++ b/bindata/network/multus/multus.yaml @@ -934,7 +934,7 @@ metadata: namespace: openshift-multus annotations: kubernetes.io/description: | - This deamon watches over the whereabouts service account token and CA + This daemon watches over the whereabouts service account token and CA file for changes and will regenerate a kubeconfig if changes are seen release.openshift.io/version: "{{.ReleaseVersion}}" spec: @@ -954,6 +954,7 @@ spec: labels: app: whereabouts-token-watcher spec: + hostNetwork: true nodeSelector: kubernetes.io/os: linux priorityClassName: "system-node-critical" @@ -971,11 +972,16 @@ spec: set -u -e + # Helper functions for logging + function log { echo "$(date -Iseconds) $@"; } + function warn { echo "$(date -Iseconds) WARNING: $@" >&2; } + function error { echo "$(date -Iseconds) ERROR: $@" >&2; } + SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount KUBE_CA_FILE=${KUBE_CA_FILE:-$SERVICE_ACCOUNT_PATH/ca.crt} - SERVICE_ACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token) SERVICE_ACCOUNT_TOKEN_PATH=$SERVICE_ACCOUNT_PATH/token SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false} + WHEREABOUTS_KUBECONFIG=${CNI_CONF_DIR:-/host/etc/cni/net.d}/whereabouts.d/whereabouts.kubeconfig function generateKubeConfig { # Check if we're running as a k8s pod. @@ -1017,7 +1023,7 @@ spec: users: - name: whereabouts user: - token: "${SERVICE_ACCOUNT_TOKEN}" + token: "$(cat $SERVICE_ACCOUNT_TOKEN_PATH)" contexts: - name: whereabouts-context context: @@ -1048,20 +1054,20 @@ spec: export LAST_SERVICEACCOUNT_MD5SUM="$(get_token_md5sum)" export LAST_KUBE_CA_FILE_MD5SUM="$(get_ca_file_md5sum)" - echo "Sleep and Watching for service account token and CA file changes..." + log "Sleep and Watching for service account token and CA file changes..." # enter sleep/watch loop while true; do # Check the md5sum of the service account token and ca. svcaccountsum="$(get_token_md5sum)" casum="$(get_ca_file_md5sum)" - if [ "$svcaccountsum" != "$LAST_SERVICEACCOUNT_MD5SUM" ] || ! [ "$SKIP_TLS_VERIFY" == "true" ] && [ "$casum" != "$LAST_KUBE_CA_FILE_MD5SUM" ]; then + if [ "$svcaccountsum" != "$LAST_SERVICEACCOUNT_MD5SUM" ] || ( [ "$SKIP_TLS_VERIFY" != "true" ] && [ "$casum" != "$LAST_KUBE_CA_FILE_MD5SUM" ] ); then log "Detected service account or CA file change, regenerating kubeconfig..." generateKubeConfig LAST_SERVICEACCOUNT_MD5SUM="$svcaccountsum" LAST_KUBE_CA_FILE_MD5SUM="$casum" fi - sleep 1s + sleep 60s done resources: @@ -1072,6 +1078,8 @@ spec: volumeMounts: - name: whereabouts-flatfile-configmap mountPath: /etc/whereabouts/config + - mountPath: /host/etc/cni/net.d + name: cni-net-dir env: - name: KUBERNETES_SERVICE_PORT value: "{{.KUBERNETES_SERVICE_PORT}}" @@ -1081,13 +1089,15 @@ spec: value: "/host/opt/cni/bin/" - name: CNI_CONF_DIR value: "/host/etc/cni/net.d" - - name: SLEEP - value: "false" - name: WHEREABOUTS_NAMESPACE value: "openshift-multus" volumes: - name: whereabouts-flatfile-configmap configMap: name: whereabouts-flatfile-config + - name: cni-net-dir + hostPath: + path: {{ .SystemCNIConfDir }} + type: Directory {{- end}} ---