From 2f703953963a80f0e0a29c5e21008cdb6cf634be Mon Sep 17 00:00:00 2001 From: Abhishek Shah Date: Thu, 9 Apr 2015 14:35:07 -0700 Subject: [PATCH] kube-apiserver in a pod. --- cluster/saltbase/salt/kube-apiserver/init.sls | 86 +++---------- cluster/saltbase/salt/kube-apiserver/initd | 121 ------------------ .../{default => kube-apiserver.manifest} | 57 ++++++++- .../kube-apiserver/kube-apiserver.service | 11 -- 4 files changed, 72 insertions(+), 203 deletions(-) delete mode 100644 cluster/saltbase/salt/kube-apiserver/initd rename cluster/saltbase/salt/kube-apiserver/{default => kube-apiserver.manifest} (56%) delete mode 100644 cluster/saltbase/salt/kube-apiserver/kube-apiserver.service diff --git a/cluster/saltbase/salt/kube-apiserver/init.sls b/cluster/saltbase/salt/kube-apiserver/init.sls index b829d449669..721b2a6e048 100644 --- a/cluster/saltbase/salt/kube-apiserver/init.sls +++ b/cluster/saltbase/salt/kube-apiserver/init.sls @@ -1,77 +1,27 @@ -{% if grains['os_family'] == 'RedHat' %} -{% set environment_file = '/etc/sysconfig/kube-apiserver' %} -{% else %} -{% set environment_file = '/etc/default/kube-apiserver' %} -{% endif %} - -{{ environment_file }}: - file.managed: - - source: salt://kube-apiserver/default - - template: jinja - - user: root - - group: root - - mode: 644 - -/usr/local/bin/kube-apiserver: - file.managed: - - source: salt://kube-bins/kube-apiserver - - user: root - - group: root - - mode: 755 - -{% if grains['os_family'] == 'RedHat' %} - -/usr/lib/systemd/system/kube-apiserver.service: - file.managed: - - source: salt://kube-apiserver/kube-apiserver.service - - user: root - - group: root - -{% else %} - -/etc/init.d/kube-apiserver: - file.managed: - - source: salt://kube-apiserver/initd - - user: root - - group: root - - mode: 755 - -{% endif %} - {% if grains.cloud is defined %} {% if grains.cloud in ['aws', 'gce', 'vagrant'] %} # TODO: generate and distribute tokens on other cloud providers. /srv/kubernetes/known_tokens.csv: file.managed: - source: salt://kube-apiserver/known_tokens.csv - - user: kube-apiserver - - group: kube-apiserver - - mode: 400 - - watch: - - user: kube-apiserver - - group: kube-apiserver - - watch_in: - - service: kube-apiserver +# - watch_in: +# - service: kube-apiserver {% endif %} {% endif %} -kube-apiserver: - group.present: - - system: True - user.present: - - system: True - - gid_from_name: True - - groups: - - kube-cert - - shell: /sbin/nologin - - home: /var/kube-apiserver - - require: - - group: kube-apiserver - service.running: - - enable: True - - watch: - - file: {{ environment_file }} - - file: /usr/local/bin/kube-apiserver -{% if grains['os_family'] != 'RedHat' %} - - file: /etc/init.d/kube-apiserver -{% endif %} +# Copy kube-apiserver manifest to manifests folder for kubelet. +/etc/kubernetes/manifests/kube-apiserver.manifest: + file.managed: + - source: salt://kube-apiserver/kube-apiserver.manifest + - template: jinja + - user: root + - group: root + - mode: 644 + - makedirs: true + - dir_mode: 755 + +#stop legacy kube-apiserver service +stop_kube-apiserver: + service.dead: + - name: kube-apiserver + - enable: None \ No newline at end of file diff --git a/cluster/saltbase/salt/kube-apiserver/initd b/cluster/saltbase/salt/kube-apiserver/initd deleted file mode 100644 index 9db0f60932d..00000000000 --- a/cluster/saltbase/salt/kube-apiserver/initd +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# -### BEGIN INIT INFO -# Provides: kube-apiserver -# Required-Start: $local_fs $network $syslog -# Required-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: The Kubernetes API server -# Description: -# The Kubernetes API server maintains docker state against a state file. -### END INIT INFO - - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="The Kubernetes API server" -NAME=kube-apiserver -DAEMON=/usr/local/bin/kube-apiserver -DAEMON_LOG_FILE=/var/log/$NAME.log -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME -DAEMON_USER=kube-apiserver - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.2-14) to ensure that this file is present -# and status_of_proc is working. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Raise the file descriptor limit - we expect to open a lot of sockets! - ulimit -n 65536 - - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --background --no-close \ - --make-pidfile --pidfile $PIDFILE \ - --exec $DAEMON -c $DAEMON_USER --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --background --no-close \ - --make-pidfile --pidfile $PIDFILE \ - --exec $DAEMON -c $DAEMON_USER -- \ - $DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \ - || return 2 -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - - -case "$1" in - start) - log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) log_end_msg 0 || exit 0 ;; - 2) log_end_msg 1 || exit 1 ;; - esac - ;; - stop) - log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) log_end_msg 0 ;; - 2) exit 1 ;; - esac - ;; - status) - status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - - restart|force-reload) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac diff --git a/cluster/saltbase/salt/kube-apiserver/default b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest similarity index 56% rename from cluster/saltbase/salt/kube-apiserver/default rename to cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest index d2d13db1742..437b8b3f2d6 100644 --- a/cluster/saltbase/salt/kube-apiserver/default +++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest @@ -18,7 +18,7 @@ {% set cloud_config = "--cloud_config=/etc/aws.conf" -%} {% endif -%} -{% endif -%} # grains.cloud is defined +{% endif -%} {% set address = "--address=127.0.0.1" -%} @@ -45,7 +45,6 @@ {% if grains.cloud is defined -%} {% if grains.cloud in [ 'aws', 'gce', 'vagrant' ] -%} - # TODO: generate and distribute tokens for other cloud providers. {% set token_auth_file = "--token_auth_file=/srv/kubernetes/known_tokens.csv" -%} {% endif -%} {% endif -%} @@ -60,4 +59,56 @@ {% set runtime_config = "--runtime_config=" + grains.runtime_config -%} {% endif -%} -DAEMON_ARGS="{{daemon_args}} {{address}} {{etcd_servers}} {{ cloud_provider }} {{ cloud_config }} {{ runtime_config }} {{admission_control}} --allow_privileged={{pillar['allow_privileged']}} {{portal_net}} {{cluster_name}} {{cert_file}} {{key_file}} {{secure_port}} {{token_auth_file}} {{publicAddressOverride}} {{pillar['log_level']}}" +{ +"apiVersion": "v1beta3", +"kind": "Pod", +"metadata": {"name":"kube-apiserver"}, +"spec":{ +"hostNetwork": true, +"containers":[ + { + "name": "kube-apiserver", + "image": "gcr.io/google_containers/kube-apiserver:{{pillar['kube-apiserver_docker_tag']}}", + "command": [ + "/kube-apiserver", + "{{address}}", + "{{etcd_servers}}", + "{{ cloud_provider }}", + "{{ cloud_config }}", + "{{ runtime_config }}", + "{{admission_control}}", + "--allow_privileged={{pillar['allow_privileged']}}", + "{{portal_net}}", + "{{cluster_name}}", + "{{cert_file}}", + "{{key_file}}", + "{{secure_port}}", + "{{token_auth_file}}", + "{{publicAddressOverride}}", + "{{pillar['log_level']}}" + ], + "ports":[ + { "name": "https", + "containerPort": 6443, + "hostPort": 6443},{ + "name": "http", + "containerPort": 7080, + "hostPort": 7080},{ + "name": "local", + "containerPort": 8080, + "hostPort": 8080} + ], + "volumeMounts": [ + { "name": "srv-kubernetes", + "mountPath": "/srv/kubernetes", + "readOnly": true} + ] + } +], +"volumes":[ + { "name": "srv-kubernetes", + "hostPath": { + "path": "/srv/kubernetes"} + } +] +}} diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.service b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.service deleted file mode 100644 index 80575cafb6c..00000000000 --- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Kubernetes API Server -Documentation=https://github.com/GoogleCloudPlatform/kubernetes - -[Service] -EnvironmentFile=/etc/sysconfig/kube-apiserver -ExecStart=/usr/local/bin/kube-apiserver "$DAEMON_ARGS" -Restart=on-failure - -[Install] -WantedBy=multi-user.target