Merge pull request #10393 from ZJU-SEL/updatek8s

Bump the ubuntu k8s version to 0.19.3

cluster/ubuntu/build.sh

@@ -42,8 +42,10 @@ cp flannel-${FLANNEL_VERSION}/flanneld binaries/minion
 
 # ectd
 echo "Download etcd release ..."
-ETCD_VERSION=${ETCD_VERSION:-"2.0.9"}
+
+ETCD_VERSION=${ETCD_VERSION:-"2.0.12"}
 ETCD="etcd-v${ETCD_VERSION}-linux-amd64"
+
 if [ ! -f etcd.tar.gz ] ; then
   curl -L https://github.com/coreos/etcd/releases/download/v${ETCD_VERSION}/${ETCD}.tar.gz -o etcd.tar.gz
   tar xzf etcd.tar.gz
@@ -53,7 +55,8 @@ cp $ETCD/etcd $ETCD/etcdctl binaries/minion
 
 # k8s
 echo "Download kubernetes release ..."
-K8S_VERSION=${K8S_VERSION:-"0.18.0"}
+K8S_VERSION=${K8S_VERSION:-"0.19.3"}
+
 if [ ! -f kubernetes.tar.gz ] ; then
   curl -L https://github.com/GoogleCloudPlatform/kubernetes/releases/download/v${K8S_VERSION}/kubernetes.tar.gz -o kubernetes.tar.gz
   tar xzf kubernetes.tar.gz
@@ -71,4 +74,5 @@ cp kubernetes/server/kubernetes/server/bin/kubelet \
 cp kubernetes/server/kubernetes/server/bin/kubectl binaries/
 
 rm -rf flannel* kubernetes* etcd*
+
 echo "Done! All your commands locate in ./binaries dir"

cluster/ubuntu/config-default.sh

@@ -37,7 +37,7 @@ echo $FLANNEL_NET
 export FLANNEL_OPTS=${FLANNEL_OPTS:-"Network": 172.16.0.0/16}
 
 # Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=${ADMISSION_CONTROL:-NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ServiceAccount,ResourceQuota}
+export ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,ServiceAccount,ResourceQuota
 
 # Optional: Enable node logging.
 ENABLE_NODE_LOGGING=false

cluster/ubuntu/deployAddons.sh

@@ -19,13 +19,16 @@
 set -e
 
 KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..
-source "config-default.sh"
+source "util.sh"
+detect-master
+KUBE_SERVER="http:\/\/${KUBE_MASTER_IP}:8080"
 
 if [ "${ENABLE_CLUSTER_DNS}" == true ]; then
   echo "Deploying DNS on kubernetes"
-  sed -e "s/{{ pillar\['dns_replicas'\] }}/${DNS_REPLICAS}/g;s/{{ pillar\['dns_domain'\] }}/${DNS_DOMAIN}/g" skydns-rc.yaml.template > skydns-rc.yaml
+  sed -e "s/{{ pillar\['dns_replicas'\] }}/${DNS_REPLICAS}/g;s/{{ pillar\['dns_domain'\] }}/${DNS_DOMAIN}/g;s/kube_server_url/${KUBE_SERVER}/g;" skydns-rc.yaml.template > skydns-rc.yaml
   sed -e "s/{{ pillar\['dns_server'\] }}/${DNS_SERVER_IP}/g" skydns-svc.yaml.template > skydns-svc.yaml
+  
   # use kubectl to create skydns rc and service
-  "${KUBE_ROOT}/cluster/kubectl.sh" create -f skydns-rc.yaml
-  "${KUBE_ROOT}/cluster/kubectl.sh" create -f skydns-svc.yaml
+  "${KUBE_ROOT}/cluster/kubectl.sh" --namespace=kube-system create -f skydns-rc.yaml
+  "${KUBE_ROOT}/cluster/kubectl.sh" --namespace=kube-system create -f skydns-svc.yaml
 fi

cluster/ubuntu/skydns-rc.yaml.template

@@ -1,49 +1,61 @@
+apiVersion: v1
 kind: ReplicationController
-apiVersion: v1beta1
-id: kube-dns
-namespace: kube-system
-labels:
-  k8s-app: kube-dns
-  kubernetes.io/cluster-service: "true"
-desiredState:
-  replicas: {{ pillar['dns_replicas'] }}
-  replicaSelector:
+metadata:
+  name: kube-dns-v4
+  namespace: kube-system
+  labels:
     k8s-app: kube-dns
-  podTemplate:
-    labels:
-      name: kube-dns
-      k8s-app: kube-dns
-      kubernetes.io/cluster-service: "true"
-    desiredState:
-      manifest:
-        version: v1beta2
-        id: kube-dns
-        dnsPolicy: "Default"  # Don't use cluster DNS.
-        containers:
-          - name: etcd
-            image: quay.io/coreos/etcd:v2.0.3
-            command: [
-                    # entrypoint = "/etcd",
-                    "-listen-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001",
-                    "-initial-cluster-token=skydns-etcd",
-                    "-advertise-client-urls=http://127.0.0.1:4001",
-            ]
-          - name: kube2sky
-            image: gcr.io/google_containers/kube2sky:1.1
-            command: [
-                    # entrypoint = "/kube2sky",
-                    "-domain={{ pillar['dns_domain'] }}",
-            ]
-          - name: skydns
-            image: gcr.io/google_containers/skydns:2015-03-11-001
-            command: [
-                    # entrypoint = "/skydns",
-                    "-machines=http://localhost:4001",
-                    "-addr=0.0.0.0:53",
-                    "-domain={{ pillar['dns_domain'] }}.",
-            ]
-            ports:
-              - name: dns
-                containerPort: 53
-                protocol: UDP
-
+    version: v4
+    kubernetes.io/cluster-service: "true"
+spec:
+  replicas: {{ pillar['dns_replicas'] }}
+  selector:
+    k8s-app: kube-dns
+    version: v4
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns
+        version: v4
+        kubernetes.io/cluster-service: "true"
+    spec:
+      containers:
+      - name: etcd
+        image: gcr.io/google_containers/etcd:2.0.9
+        command:
+        - /usr/local/bin/etcd
+        - -listen-client-urls
+        - http://127.0.0.1:2379,http://127.0.0.1:4001
+        - -advertise-client-urls
+        - http://127.0.0.1:2379,http://127.0.0.1:4001
+        - -initial-cluster-token
+        - skydns-etcd
+      - name: kube2sky
+        image: gcr.io/google_containers/kube2sky:1.10
+        args:
+        # command = "/kube2sky"
+        - -domain={{ pillar['dns_domain'] }}
+        - -kube_master_url=kube_server_url
+      - name: skydns
+        image: gcr.io/google_containers/skydns:2015-03-11-001
+        args:
+        # command = "/skydns"
+        - -machines=http://localhost:4001
+        - -addr=0.0.0.0:53
+        - -domain={{ pillar['dns_domain'] }}.
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        livenessProbe:
+          exec:
+            command:
+            - /bin/sh
+            - -c
+            - nslookup kubernetes.default.svc.{{ pillar['dns_domain'] }} localhost >/dev/null
+          initialDelaySeconds: 30
+          timeoutSeconds: 5
+      dnsPolicy: Default  # Don't use cluster DNS.

cluster/ubuntu/skydns-svc.yaml.template

@@ -1,14 +1,20 @@
+apiVersion: v1
 kind: Service
-apiVersion: v1beta1
-id: kube-dns
-namespace: kube-system
-protocol: UDP
-port: 53
-portalIP: {{ pillar['dns_server'] }}
-containerPort: 53
-labels:
-  k8s-app: kube-dns
+metadata:
   name: kube-dns
-  kubernetes.io/cluster-service: "true"
-selector:
-  k8s-app: kube-dns
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    kubernetes.io/name: "KubeDNS"
+spec:
+  selector:
+    k8s-app: kube-dns
+  clusterIP:  {{ pillar['dns_server'] }}
+  ports:
+  - name: dns
+    port: 53
+    protocol: UDP
+  - name: dns-tcp
+    port: 53
+    protocol: TCP

cluster/ubuntu/util.sh

@@ -183,6 +183,16 @@ function verify-minion(){
   printf "\n"
 }
 
+function genServiceAccountsKey() {
+    SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-false}
+    SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-"/tmp/kube-serviceaccount.key"}
+    # Generate ServiceAccount key if needed
+    if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
+      mkdir -p "$(dirname ${SERVICE_ACCOUNT_KEY})"
+      openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
+    fi
+}
+
 function create-etcd-opts(){
   cat <<EOF > ~/kube/default/etcd
 ETCD_OPTS="-name $1 \
@@ -200,13 +210,17 @@ KUBE_APISERVER_OPTS="--address=0.0.0.0 \
 --port=8080 \
 --etcd_servers=http://127.0.0.1:4001 \
 --logtostderr=true \
---service-cluster-ip-range=${1}"
+--service-cluster-ip-range=${1} \
+--admission_control=${2} \
+--service_account_key_file=/tmp/kube-serviceaccount.key \
+--service_account_lookup=false "
 EOF
 }
 
 function create-kube-controller-manager-opts(){
   cat <<EOF > ~/kube/default/kube-controller-manager
 KUBE_CONTROLLER_MANAGER_OPTS="--master=127.0.0.1:8080 \
+--service_account_private_key_file=/tmp/kube-serviceaccount.key \
 --logtostderr=true"
 EOF
 
@@ -307,7 +321,7 @@ function detect-minions {
 }
 
 # Instantiate a kubernetes cluster on ubuntu
-function kube-up {
+function kube-up() {
   KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..
   source "${KUBE_ROOT}/cluster/ubuntu/${KUBE_CONFIG_FILE-"config-default.sh"}"
 
@@ -361,9 +375,10 @@ function provision-master() {
 
   # remote login to MASTER and use sudo to configue k8s master
   ssh $SSH_OPTS -t $MASTER "source ~/kube/util.sh; \
+                            genServiceAccountsKey; \
                             setClusterInfo; \
                             create-etcd-opts "${mm[${MASTER_IP}]}" "${MASTER_IP}" "${CLUSTER}"; \
-                            create-kube-apiserver-opts "${SERVICE_CLUSTER_IP_RANGE}"; \
+                            create-kube-apiserver-opts "${SERVICE_CLUSTER_IP_RANGE}" "${ADMISSION_CONTROL}"; \
                             create-kube-controller-manager-opts "${MINION_IPS}"; \
                             create-kube-scheduler-opts; \
                             create-flanneld-opts; \
@@ -402,8 +417,9 @@ function provision-masterandminion() {
   # remote login to the node and use sudo to configue k8s
   ssh $SSH_OPTS -t $MASTER "source ~/kube/util.sh; \
                             setClusterInfo; \
+                            genServiceAccountsKey; \
                             create-etcd-opts "${mm[${MASTER_IP}]}" "${MASTER_IP}" "${CLUSTER}"; \
-                            create-kube-apiserver-opts "${SERVICE_CLUSTER_IP_RANGE}"; \
+                            create-kube-apiserver-opts "${SERVICE_CLUSTER_IP_RANGE}" "${ADMISSION_CONTROL}"; \
                             create-kube-controller-manager-opts "${MINION_IPS}"; \
                             create-kube-scheduler-opts; \
                             create-kubelet-opts "${MASTER_IP}" "${MASTER_IP}" "${DNS_SERVER_IP}" "${DNS_DOMAIN}";