Merge pull request #17213 from luxas/16987-default-serviceaccount-secret-hyperkube

Auto commit by PR queue bot
2025-07-23 11:50:44 +00:00 · 2016-01-21 04:31:45 -08:00 · 2016-01-21 04:31:45 -08:00 · 36b6d80912
commit 36b6d80912
parent 0c368c090c 10a70a6ffd
3 changed files with 49 additions and 8 deletions
--- a/cluster/images/hyperkube/master-multi.json
+++ b/cluster/images/hyperkube/master-multi.json
@ -12,10 +12,17 @@
              "/hyperkube",
              "controller-manager",
              "--master=127.0.0.1:8080",
-              "--terminated-pod-gc-threshold=100",
+              "--service-account-private-key-file=/srv/kubernetes/server.key",
+              "--root-ca-file=/srv/kubernetes/ca.crt",
              "--min-resync-period=3m",
              "--v=2"
-        ]
+      ],
+      "volumeMounts": [
+        {
+          "name": "data",
+          "mountPath": "/srv/kubernetes"
+        }
+      ]
    },
    {
      "name": "apiserver",
@ -27,8 +34,21 @@
              "--insecure-bind-address=0.0.0.0",
              "--etcd-servers=http://127.0.0.1:4001",
              "--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",
-              "--v=2"
-        ]
+              "--client-ca-file=/srv/kubernetes/ca.crt",
+              "--basic-auth-file=/srv/kubernetes/basic_auth.csv",
+              "--min-request-timeout=300",
+              "--tls-cert-file=/srv/kubernetes/server.cert",
+              "--tls-private-key-file=/srv/kubernetes/server.key",
+              "--token-auth-file=/srv/kubernetes/known_tokens.csv",
+              "--allow-privileged=true",
+              "--v=4"
+      ],
+      "volumeMounts": [
+        {
+          "name": "data",
+          "mountPath": "/srv/kubernetes"
+        }
+      ]
    },
    {
      "name": "scheduler",
@ -39,6 +59,25 @@
              "--master=127.0.0.1:8080",
              "--v=2"
        ]
+    },
+    {
+      "name": "setup",
+      "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION",
+      "command": [
+              "/setup-files.sh"
+      ],
+      "volumeMounts": [
+        {
+          "name": "data",
+          "mountPath": "/data"
+        }
+      ]
+    }
+  ],
+  "volumes": [
+    {
+      "name": "data",
+      "emptyDir": {}
    }
  ]
 }
--- a/cluster/images/hyperkube/master.json
+++ b/cluster/images/hyperkube/master.json
@ -12,11 +12,11 @@
              "/hyperkube",
              "controller-manager",
              "--master=127.0.0.1:8080",
-              "--min-resync-period=3m",
              "--service-account-private-key-file=/srv/kubernetes/server.key",
              "--root-ca-file=/srv/kubernetes/ca.crt",
+              "--min-resync-period=3m",
              "--v=2"
-        ],
+      ],
      "volumeMounts": [
        {
          "name": "data",
@ -33,7 +33,7 @@
              "--service-cluster-ip-range=10.0.0.1/24",
              "--insecure-bind-address=127.0.0.1",
              "--etcd-servers=http://127.0.0.1:4001",
-              "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,SecurityContextDeny,ResourceQuota",
+              "--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",
              "--client-ca-file=/srv/kubernetes/ca.crt",
              "--basic-auth-file=/srv/kubernetes/basic_auth.csv",
              "--min-request-timeout=300",
@ -42,7 +42,7 @@
              "--token-auth-file=/srv/kubernetes/known_tokens.csv",
              "--allow-privileged=true",
              "--v=4"
-        ],
+      ],
      "volumeMounts": [
        {
          "name": "data",
--- a/cluster/images/hyperkube/turnup.sh
+++ b/cluster/images/hyperkube/turnup.sh
@ -20,6 +20,8 @@ set -o errexit
 set -o nounset
 set -o pipefail

+K8S_VERSION=${K8S_VERSION:-"1.1.3"}
+
 docker run \
  --volume=/:/rootfs:ro \
  --volume=/sys:/sys:ro \