From 10a70a6ffd0fc01e7199c90848b19bbf47599a1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lucas=20K=C3=A4ldstr=C3=B6m?= Date: Wed, 6 Jan 2016 09:50:16 +0200 Subject: [PATCH] Added shared volume to the master-multi setup, so serviceAccounts also works for multi-host setups. --- cluster/images/hyperkube/master-multi.json | 47 ++++++++++++++++++++-- cluster/images/hyperkube/master.json | 8 ++-- cluster/images/hyperkube/turnup.sh | 2 + 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/cluster/images/hyperkube/master-multi.json b/cluster/images/hyperkube/master-multi.json index 6ee7d3166f4..d50aaef9d89 100644 --- a/cluster/images/hyperkube/master-multi.json +++ b/cluster/images/hyperkube/master-multi.json @@ -12,10 +12,17 @@ "/hyperkube", "controller-manager", "--master=127.0.0.1:8080", - "--terminated-pod-gc-threshold=100", + "--service-account-private-key-file=/srv/kubernetes/server.key", + "--root-ca-file=/srv/kubernetes/ca.crt", "--min-resync-period=3m", "--v=2" - ] + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/srv/kubernetes" + } + ] }, { "name": "apiserver", @@ -27,8 +34,21 @@ "--insecure-bind-address=0.0.0.0", "--etcd-servers=http://127.0.0.1:4001", "--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota", - "--v=2" - ] + "--client-ca-file=/srv/kubernetes/ca.crt", + "--basic-auth-file=/srv/kubernetes/basic_auth.csv", + "--min-request-timeout=300", + "--tls-cert-file=/srv/kubernetes/server.cert", + "--tls-private-key-file=/srv/kubernetes/server.key", + "--token-auth-file=/srv/kubernetes/known_tokens.csv", + "--allow-privileged=true", + "--v=4" + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/srv/kubernetes" + } + ] }, { "name": "scheduler", @@ -39,6 +59,25 @@ "--master=127.0.0.1:8080", "--v=2" ] + }, + { + "name": "setup", + "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION", + "command": [ + "/setup-files.sh" + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/data" + } + ] + } + ], + "volumes": [ + { + "name": "data", + "emptyDir": {} } ] } diff --git a/cluster/images/hyperkube/master.json b/cluster/images/hyperkube/master.json index f16064c381a..e07106cf246 100644 --- a/cluster/images/hyperkube/master.json +++ b/cluster/images/hyperkube/master.json @@ -12,11 +12,11 @@ "/hyperkube", "controller-manager", "--master=127.0.0.1:8080", - "--min-resync-period=3m", "--service-account-private-key-file=/srv/kubernetes/server.key", "--root-ca-file=/srv/kubernetes/ca.crt", + "--min-resync-period=3m", "--v=2" - ], + ], "volumeMounts": [ { "name": "data", @@ -33,7 +33,7 @@ "--service-cluster-ip-range=10.0.0.1/24", "--insecure-bind-address=127.0.0.1", "--etcd-servers=http://127.0.0.1:4001", - "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,SecurityContextDeny,ResourceQuota", + "--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota", "--client-ca-file=/srv/kubernetes/ca.crt", "--basic-auth-file=/srv/kubernetes/basic_auth.csv", "--min-request-timeout=300", @@ -42,7 +42,7 @@ "--token-auth-file=/srv/kubernetes/known_tokens.csv", "--allow-privileged=true", "--v=4" - ], + ], "volumeMounts": [ { "name": "data", diff --git a/cluster/images/hyperkube/turnup.sh b/cluster/images/hyperkube/turnup.sh index 907164f24ee..00000c8345e 100755 --- a/cluster/images/hyperkube/turnup.sh +++ b/cluster/images/hyperkube/turnup.sh @@ -20,6 +20,8 @@ set -o errexit set -o nounset set -o pipefail +K8S_VERSION=${K8S_VERSION:-"1.1.3"} + docker run \ --volume=/:/rootfs:ro \ --volume=/sys:/sys:ro \