diff --git a/cluster/saltbase/pillar/mine.sls b/cluster/saltbase/pillar/mine.sls index 8a05ca0b665..f0147a5d032 100644 --- a/cluster/saltbase/pillar/mine.sls +++ b/cluster/saltbase/pillar/mine.sls @@ -1,4 +1,8 @@ # Allow everyone to see cached values of who sits at what IP +{% set networkInterfaceName = "eth0" %} +{% if grains.networkInterfaceName is defined %} + {% set networkInterfaceName = grains.networkInterfaceName %} +{% endif %} mine_functions: - network.ip_addrs: [eth0] + network.ip_addrs: [{{networkInterfaceName}}] grains.items: [] diff --git a/cluster/saltbase/salt/kube-apiserver/default b/cluster/saltbase/salt/kube-apiserver/default index 4e6e51f8595..cfcb55e98a0 100644 --- a/cluster/saltbase/salt/kube-apiserver/default +++ b/cluster/saltbase/salt/kube-apiserver/default @@ -10,6 +10,12 @@ {% set address = "-address=127.0.0.1" %} +{% set publicAddressOverride = "" %} +{% if grains.publicAddressOverride is defined %} + {% set publicAddressOverride = "-public_address_override=" + grains.publicAddressOverride %} +{% endif %} + + {% if grains.etcd_servers is defined %} {% set etcd_servers = "-etcd_servers=http://" + grains.etcd_servers + ":4001" %} {% else %} @@ -40,4 +46,4 @@ {% endif %} {% endif %} -DAEMON_ARGS="{{daemon_args}} {{address}} {{etcd_servers}} {{ cloud_provider }} --allow_privileged={{pillar['allow_privileged']}} {{portal_net}} {{cert_file}} {{key_file}} {{secure_port}} {{token_auth_file}}" +DAEMON_ARGS="{{daemon_args}} {{address}} {{etcd_servers}} {{ cloud_provider }} --allow_privileged={{pillar['allow_privileged']}} {{portal_net}} {{cert_file}} {{key_file}} {{secure_port}} {{token_auth_file}} {{publicAddressOverride}}" diff --git a/cluster/saltbase/salt/kubelet/init.sls b/cluster/saltbase/salt/kubelet/init.sls index e7493af8e0f..1212efe44db 100644 --- a/cluster/saltbase/salt/kubelet/init.sls +++ b/cluster/saltbase/salt/kubelet/init.sls @@ -38,6 +38,8 @@ {% endif %} +{% if grains.cloud is defined %} +{% if grains.cloud == 'gce' %} # Kubelet will run without this file but will not be able to send events to the apiserver. /var/lib/kubelet/kubernetes_auth: file.managed: @@ -45,6 +47,8 @@ - user: root - group: root - mode: 400 +{% endif %} +{% endif %} kubelet: group.present: @@ -65,5 +69,9 @@ kubelet: {% if grains['os_family'] != 'RedHat' %} - file: /etc/init.d/kubelet {% endif %} +{% if grains.cloud is defined %} +{% if grains.cloud == 'gce' %} - file: /var/lib/kubelet/kubernetes_auth +{% endif %} +{% endif %} diff --git a/cluster/vagrant/provision-master.sh b/cluster/vagrant/provision-master.sh index a0e6f95354b..c4605e799ff 100755 --- a/cluster/vagrant/provision-master.sh +++ b/cluster/vagrant/provision-master.sh @@ -68,7 +68,9 @@ cat </etc/salt/minion.d/grains.conf grains: node_ip: $MASTER_IP master_ip: $MASTER_IP + publicAddressOverride: $MASTER_IP network_mode: openvswitch + networkInterfaceName: eth1 etcd_servers: $MASTER_IP cloud: vagrant cloud_provider: vagrant diff --git a/cluster/vagrant/provision-minion.sh b/cluster/vagrant/provision-minion.sh index 60c48f1063b..24e36f0aff8 100755 --- a/cluster/vagrant/provision-minion.sh +++ b/cluster/vagrant/provision-minion.sh @@ -48,6 +48,8 @@ grains: network_mode: openvswitch node_ip: $MINION_IP etcd_servers: $MASTER_IP + networkInterfaceName: eth1 + apiservers: $MASTER_IP roles: - kubernetes-pool - kubernetes-pool-vagrant diff --git a/docs/salt.md b/docs/salt.md index d17be6717d7..20a6170aa89 100644 --- a/docs/salt.md +++ b/docs/salt.md @@ -51,6 +51,7 @@ The following enumerates the set of defined key/value pairs that are supported t Key | Value ------------- | ------------- +`apiservers` | (Optional) The IP address / host name where a kubelet can get read-only access to kube-apiserver `cbr-cidr` | (Optional) The minion IP address range used for the docker container bridge. `cloud` | (Optional) Which IaaS platform is used to host kubernetes, *gce*, *azure*, *aws*, *vagrant* `cloud_provider` | (Optional) The cloud_provider used by apiserver: *gce*, *azure*, *vagrant* @@ -60,6 +61,8 @@ Key | Value `node_ip` | (Optional) The IP address to use to address this node `minion_ip` | (Optional) Mapped to the kubelet hostname_override, K8S TODO - change this name `network_mode` | (Optional) Networking model to use among nodes: *openvswitch* +`networkInterfaceName` | (Optional) Networking interface to use to bind addresses, default value *etho0* +`publicAddressOverride` | (Optional) The IP address the kube-apiserver should use to bind against for external read-only access `roles` | (Required) 1. `kubernetes-master` means this machine is the master in the kubernetes cluster. 2. `kubernetes-pool` means this machine is a kubernetes-minion. Depending on the role, the Salt scripts will provision different resources on the machine. These keys may be leveraged by the Salt sls files to branch behavior.