github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Added shared volume to the master-multi setup, so serviceAccounts also works for multi-host setups.

Browse Source
This commit is contained in:
Lucas Käldström 2016-01-06 09:50:16 +02:00
parent c8f1019c10
commit 10a70a6ffd
3 changed files with 49 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
cluster/images/hyperkube/master-multi.json
View File

@ -12,10 +12,17 @@
"/hyperkube", "/hyperkube",
"controller-manager", "controller-manager",
"--master=127.0.0.1:8080", "--master=127.0.0.1:8080",
"--terminated-pod-gc-threshold=100", "--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m", "--min-resync-period=3m",
"--v=2" "--v=2"
] ],
"volumeMounts": [
{
"name": "data",
"mountPath": "/srv/kubernetes"
}
]
}, },
{ {
"name": "apiserver", "name": "apiserver",
@ -27,8 +34,21 @@
"--insecure-bind-address=0.0.0.0", "--insecure-bind-address=0.0.0.0",
"--etcd-servers=http://127.0.0.1:4001", "--etcd-servers=http://127.0.0.1:4001",
"--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota", "--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",
"--v=2" "--client-ca-file=/srv/kubernetes/ca.crt",
] "--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true",
"--v=4"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/srv/kubernetes"
}
]
}, },
{ {
"name": "scheduler", "name": "scheduler",
@ -39,6 +59,25 @@
"--master=127.0.0.1:8080", "--master=127.0.0.1:8080",
"--v=2" "--v=2"
] ]
},
{
"name": "setup",
"image": "gcr.io/google_containers/hyperkube-ARCH:VERSION",
"command": [
"/setup-files.sh"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/data"
}
]
}
],
"volumes": [
{
"name": "data",
"emptyDir": {}
} }
] ]
} }

8
cluster/images/hyperkube/master.json
View File

@ -12,11 +12,11 @@
"/hyperkube", "/hyperkube",
"controller-manager", "controller-manager",
"--master=127.0.0.1:8080", "--master=127.0.0.1:8080",
"--min-resync-period=3m",
"--service-account-private-key-file=/srv/kubernetes/server.key", "--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt", "--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m",
"--v=2" "--v=2"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
"name": "data", "name": "data",
@ -33,7 +33,7 @@
"--service-cluster-ip-range=10.0.0.1/24", "--service-cluster-ip-range=10.0.0.1/24",
"--insecure-bind-address=127.0.0.1", "--insecure-bind-address=127.0.0.1",
"--etcd-servers=http://127.0.0.1:4001", "--etcd-servers=http://127.0.0.1:4001",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,SecurityContextDeny,ResourceQuota", "--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt", "--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv", "--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300", "--min-request-timeout=300",
@ -42,7 +42,7 @@
"--token-auth-file=/srv/kubernetes/known_tokens.csv", "--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true", "--allow-privileged=true",
"--v=4" "--v=4"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
"name": "data", "name": "data",

2
cluster/images/hyperkube/turnup.sh
View File

@ -20,6 +20,8 @@ set -o errexit
set -o nounset set -o nounset
set -o pipefail set -o pipefail
K8S_VERSION=${K8S_VERSION:-"1.1.3"}
docker run \ docker run \
--volume=/:/rootfs:ro \ --volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \ --volume=/sys:/sys:ro \