From 7f2f1657973a6b5f12888f5afa0713e5234bccc1 Mon Sep 17 00:00:00 2001 From: Dawn Chen Date: Fri, 10 Apr 2015 22:54:52 -0700 Subject: [PATCH] Revert "kube-apiserver in a pod." --- .../{kube-apiserver.manifest => default} | 57 +-------- cluster/saltbase/salt/kube-apiserver/init.sls | 86 ++++++++++--- cluster/saltbase/salt/kube-apiserver/initd | 121 ++++++++++++++++++ .../kube-apiserver/kube-apiserver.service | 11 ++ 4 files changed, 203 insertions(+), 72 deletions(-) rename cluster/saltbase/salt/kube-apiserver/{kube-apiserver.manifest => default} (56%) create mode 100644 cluster/saltbase/salt/kube-apiserver/initd create mode 100644 cluster/saltbase/salt/kube-apiserver/kube-apiserver.service diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest b/cluster/saltbase/salt/kube-apiserver/default similarity index 56% rename from cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest rename to cluster/saltbase/salt/kube-apiserver/default index 437b8b3f2d6..d2d13db1742 100644 --- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest +++ b/cluster/saltbase/salt/kube-apiserver/default @@ -18,7 +18,7 @@ {% set cloud_config = "--cloud_config=/etc/aws.conf" -%} {% endif -%} -{% endif -%} +{% endif -%} # grains.cloud is defined {% set address = "--address=127.0.0.1" -%} @@ -45,6 +45,7 @@ {% if grains.cloud is defined -%} {% if grains.cloud in [ 'aws', 'gce', 'vagrant' ] -%} + # TODO: generate and distribute tokens for other cloud providers. {% set token_auth_file = "--token_auth_file=/srv/kubernetes/known_tokens.csv" -%} {% endif -%} {% endif -%} @@ -59,56 +60,4 @@ {% set runtime_config = "--runtime_config=" + grains.runtime_config -%} {% endif -%} -{ -"apiVersion": "v1beta3", -"kind": "Pod", -"metadata": {"name":"kube-apiserver"}, -"spec":{ -"hostNetwork": true, -"containers":[ - { - "name": "kube-apiserver", - "image": "gcr.io/google_containers/kube-apiserver:{{pillar['kube-apiserver_docker_tag']}}", - "command": [ - "/kube-apiserver", - "{{address}}", - "{{etcd_servers}}", - "{{ cloud_provider }}", - "{{ cloud_config }}", - "{{ runtime_config }}", - "{{admission_control}}", - "--allow_privileged={{pillar['allow_privileged']}}", - "{{portal_net}}", - "{{cluster_name}}", - "{{cert_file}}", - "{{key_file}}", - "{{secure_port}}", - "{{token_auth_file}}", - "{{publicAddressOverride}}", - "{{pillar['log_level']}}" - ], - "ports":[ - { "name": "https", - "containerPort": 6443, - "hostPort": 6443},{ - "name": "http", - "containerPort": 7080, - "hostPort": 7080},{ - "name": "local", - "containerPort": 8080, - "hostPort": 8080} - ], - "volumeMounts": [ - { "name": "srv-kubernetes", - "mountPath": "/srv/kubernetes", - "readOnly": true} - ] - } -], -"volumes":[ - { "name": "srv-kubernetes", - "hostPath": { - "path": "/srv/kubernetes"} - } -] -}} +DAEMON_ARGS="{{daemon_args}} {{address}} {{etcd_servers}} {{ cloud_provider }} {{ cloud_config }} {{ runtime_config }} {{admission_control}} --allow_privileged={{pillar['allow_privileged']}} {{portal_net}} {{cluster_name}} {{cert_file}} {{key_file}} {{secure_port}} {{token_auth_file}} {{publicAddressOverride}} {{pillar['log_level']}}" diff --git a/cluster/saltbase/salt/kube-apiserver/init.sls b/cluster/saltbase/salt/kube-apiserver/init.sls index 721b2a6e048..b829d449669 100644 --- a/cluster/saltbase/salt/kube-apiserver/init.sls +++ b/cluster/saltbase/salt/kube-apiserver/init.sls @@ -1,27 +1,77 @@ +{% if grains['os_family'] == 'RedHat' %} +{% set environment_file = '/etc/sysconfig/kube-apiserver' %} +{% else %} +{% set environment_file = '/etc/default/kube-apiserver' %} +{% endif %} + +{{ environment_file }}: + file.managed: + - source: salt://kube-apiserver/default + - template: jinja + - user: root + - group: root + - mode: 644 + +/usr/local/bin/kube-apiserver: + file.managed: + - source: salt://kube-bins/kube-apiserver + - user: root + - group: root + - mode: 755 + +{% if grains['os_family'] == 'RedHat' %} + +/usr/lib/systemd/system/kube-apiserver.service: + file.managed: + - source: salt://kube-apiserver/kube-apiserver.service + - user: root + - group: root + +{% else %} + +/etc/init.d/kube-apiserver: + file.managed: + - source: salt://kube-apiserver/initd + - user: root + - group: root + - mode: 755 + +{% endif %} + {% if grains.cloud is defined %} {% if grains.cloud in ['aws', 'gce', 'vagrant'] %} # TODO: generate and distribute tokens on other cloud providers. /srv/kubernetes/known_tokens.csv: file.managed: - source: salt://kube-apiserver/known_tokens.csv -# - watch_in: -# - service: kube-apiserver + - user: kube-apiserver + - group: kube-apiserver + - mode: 400 + - watch: + - user: kube-apiserver + - group: kube-apiserver + - watch_in: + - service: kube-apiserver {% endif %} {% endif %} -# Copy kube-apiserver manifest to manifests folder for kubelet. -/etc/kubernetes/manifests/kube-apiserver.manifest: - file.managed: - - source: salt://kube-apiserver/kube-apiserver.manifest - - template: jinja - - user: root - - group: root - - mode: 644 - - makedirs: true - - dir_mode: 755 - -#stop legacy kube-apiserver service -stop_kube-apiserver: - service.dead: - - name: kube-apiserver - - enable: None \ No newline at end of file +kube-apiserver: + group.present: + - system: True + user.present: + - system: True + - gid_from_name: True + - groups: + - kube-cert + - shell: /sbin/nologin + - home: /var/kube-apiserver + - require: + - group: kube-apiserver + service.running: + - enable: True + - watch: + - file: {{ environment_file }} + - file: /usr/local/bin/kube-apiserver +{% if grains['os_family'] != 'RedHat' %} + - file: /etc/init.d/kube-apiserver +{% endif %} diff --git a/cluster/saltbase/salt/kube-apiserver/initd b/cluster/saltbase/salt/kube-apiserver/initd new file mode 100644 index 00000000000..9db0f60932d --- /dev/null +++ b/cluster/saltbase/salt/kube-apiserver/initd @@ -0,0 +1,121 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: kube-apiserver +# Required-Start: $local_fs $network $syslog +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: The Kubernetes API server +# Description: +# The Kubernetes API server maintains docker state against a state file. +### END INIT INFO + + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="The Kubernetes API server" +NAME=kube-apiserver +DAEMON=/usr/local/bin/kube-apiserver +DAEMON_LOG_FILE=/var/log/$NAME.log +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +DAEMON_USER=kube-apiserver + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Raise the file descriptor limit - we expect to open a lot of sockets! + ulimit -n 65536 + + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER -- \ + $DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 || exit 0 ;; + 2) log_end_msg 1 || exit 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) exit 1 ;; + esac + ;; + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.service b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.service new file mode 100644 index 00000000000..80575cafb6c --- /dev/null +++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.service @@ -0,0 +1,11 @@ +[Unit] +Description=Kubernetes API Server +Documentation=https://github.com/GoogleCloudPlatform/kubernetes + +[Service] +EnvironmentFile=/etc/sysconfig/kube-apiserver +ExecStart=/usr/local/bin/kube-apiserver "$DAEMON_ARGS" +Restart=on-failure + +[Install] +WantedBy=multi-user.target