diff --git a/cluster/gce/trusty/configure.sh b/cluster/gce/trusty/configure.sh index 588d835e862..254c9780fc2 100644 --- a/cluster/gce/trusty/configure.sh +++ b/cluster/gce/trusty/configure.sh @@ -122,17 +122,34 @@ install_kube_binary_config() { # a test cluster. readonly BIN_PATH="/usr/bin" if ! which kubelet > /dev/null || ! which kubectl > /dev/null; then + # This should be the case of trusty. cp "${src_dir}/kubelet" "${BIN_PATH}" cp "${src_dir}/kubectl" "${BIN_PATH}" - elif [ "${TEST_CLUSTER:-}" = "true" ]; then - kube_bin="${kube_home}/bin" + else + # This should be the case of GCI. + readonly kube_bin="${kube_home}/bin" mkdir -p "${kube_bin}" + mount --bind "${kube_bin}" "${kube_bin}" + mount -o remount,rw,exec "${kube_bin}" cp "${src_dir}/kubelet" "${kube_bin}" cp "${src_dir}/kubectl" "${kube_bin}" - mount --bind "${kube_bin}/kubelet" "${BIN_PATH}/kubelet" - mount --bind -o remount,ro,^noexec "${BIN_PATH}/kubelet" "${BIN_PATH}/kubelet" - mount --bind "${kube_bin}/kubectl" "${BIN_PATH}/kubectl" - mount --bind -o remount,ro,^noexec "${BIN_PATH}/kubectl" "${BIN_PATH}/kubectl" + chmod 544 "${kube_bin}/kubelet" + chmod 544 "${kube_bin}/kubectl" + # If the built-in binary version is different from the expected version, we use + # the downloaded binary. The simplest implementation is to always use the downloaded + # binary without checking the version. But we have another version guardian in GKE. + # So, we compare the versions to ensure this run-time binary replacement is only + # applied for OSS kubernetes. + readonly builtin_version="$(/usr/bin/kubelet --version=true | cut -f2 -d " ")" + readonly required_version="$(/home/kubernetes/bin/kubelet --version=true | cut -f2 -d " ")" + if [ "${TEST_CLUSTER:-}" = "true" ] || [ "${builtin_version}" != "${required_version}" ]; then + mount --bind "${kube_bin}/kubelet" "${BIN_PATH}/kubelet" + mount --bind "${kube_bin}/kubectl" "${BIN_PATH}/kubectl" + else + # Remove downloaded binary just to prevent misuse. + rm -f "${kube_bin}/kubelet" + rm -f "${kube_bin}/kubectl" + fi fi # Put kube-system pods manifests in /home/kubernetes/kube-manifests/.