Add documentation for HA Kubernetes

2025-09-13 13:14:05 +00:00 · 2015-06-02 11:40:39 -07:00
parent 712f303350
commit 431f1f4384
8 changed files with 610 additions and 0 deletions
--- a/docs/high-availability/etcd.manifest
+++ b/docs/high-availability/etcd.manifest
@@ -0,0 +1,104 @@
+{
+"apiVersion": "v1beta3",
+"kind": "Pod",
+"metadata": {"name":"etcd-server"},
+"spec":{
+"hostNetwork": true,
+"containers":[
+    {
+    "name": "etcd-container",
+    "image": "gcr.io/google_containers/etcd:2.0.9",
+    "command": [
+              "/usr/local/bin/etcd",
+              "--name", "${NODE_NAME}",
+              "--initial-advertise-peer-urls",
+              "http://${NODE_IP}:2380",
+              "--listen-peer-urls",
+              "http://${NODE_IP}:2380",
+	      "--advertise-client-urls",
+              "http://${NODE_IP}:4001",
+              "--listen-client-urls",
+	      "http://127.0.0.1:4001",
+              "--data-dir",
+	      "/var/etcd/data",
+              "--discovery",
+              "${DISCOVERY_TOKEN}"
+            ],
+    "ports":[
+      { "name": "serverport",
+        "containerPort": 2380,
+        "hostPort": 2380},{
+       "name": "clientport",
+        "containerPort": 4001,
+        "hostPort": 4001}
+        ],
+    "volumeMounts": [
+        { "name": "varetcd",
+        "mountPath": "/var/etcd",
+        "readOnly": false},
+        { "name": "etcssl",
+        "mountPath": "/etc/ssl",
+        "readOnly": true},
+        { "name": "usrsharessl",
+        "mountPath": "/usr/share/ssl",
+        "readOnly": true},
+        { "name": "varssl",
+        "mountPath": "/var/ssl",
+        "readOnly": true},
+        { "name": "usrssl",
+        "mountPath": "/usr/ssl",
+        "readOnly": true},
+        { "name": "usrlibssl",
+        "mountPath": "/usr/lib/ssl",
+        "readOnly": true},
+        { "name": "usrlocalopenssl",
+        "mountPath": "/usr/local/openssl",
+        "readOnly": true},
+        { "name": "etcopenssl",
+        "mountPath": "/etc/openssl",
+        "readOnly": true},
+        { "name": "etcpkitls",
+        "mountPath": "/etc/pki/tls",
+        "readOnly": true}
+        ]
+       }
+],
+"volumes":[
+  { "name": "varetcd",
+    "hostPath": {
+        "path": "/var/etcd/data"}
+  },
+  { "name": "etcssl",
+    "hostPath": {
+        "path": "/etc/ssl"}
+  },
+  { "name": "usrsharessl",
+    "hostPath": {
+        "path": "/usr/share/ssl"}
+  },
+  { "name": "varssl",
+    "hostPath": {
+        "path": "/var/ssl"}
+  },
+  { "name": "usrssl",
+    "hostPath": {
+        "path": "/usr/ssl"}
+  },
+  { "name": "usrlibssl",
+    "hostPath": {
+        "path": "/usr/lib/ssl"}
+  },
+  { "name": "usrlocalopenssl",
+    "hostPath": {
+        "path": "/usr/local/openssl"}
+  },
+  { "name": "etcopenssl",
+    "hostPath": {
+        "path": "/etc/openssl"}
+  },
+  { "name": "etcpkitls",
+    "hostPath": {
+        "path": "/etc/pki/tls"}
+  }
+]
+}}
--- a/docs/high-availability/ha.png
+++ b/docs/high-availability/ha.png
--- a/docs/high-availability/ha.svg
+++ b/docs/high-availability/ha.svg
--- a/docs/high-availability/kube-apiserver.manifest
+++ b/docs/high-availability/kube-apiserver.manifest
@@ -0,0 +1,103 @@
+  {
+"apiVersion": "v1beta3",
+"kind": "Pod",
+"metadata": {"name":"kube-apiserver"},
+"spec":{
+"hostNetwork": true,
+"containers":[
+    {
+    "name": "kube-apiserver",
+    "image": "gcr.io/google_containers/kube-apiserver:9680e782e08a1a1c94c656190011bd02",
+    "command": [
+                 "/bin/sh",
+                 "-c",
+                 "/usr/local/bin/kube-apiserver --address=127.0.0.1 --etcd_servers=http://127.0.0.1:4001 --cloud_provider=gce   --admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota --service-cluster-ip-range=10.0.0.0/16 --client_ca_file=/srv/kubernetes/ca.crt --basic_auth_file=/srv/kubernetes/basic_auth.csv --cluster_name=e2e-test-bburns --tls_cert_file=/srv/kubernetes/server.cert --tls_private_key_file=/srv/kubernetes/server.key --secure_port=443 --token_auth_file=/srv/kubernetes/known_tokens.csv  --v=2 --allow_privileged=False 1>>/var/log/kube-apiserver.log 2>&1"
+               ],
+    "ports":[
+      { "name": "https",
+        "containerPort": 443,
+        "hostPort": 443},{
+       "name": "http",
+        "containerPort": 7080,
+        "hostPort": 7080},{
+       "name": "local",
+        "containerPort": 8080,
+        "hostPort": 8080}
+        ],
+    "volumeMounts": [
+        { "name": "srvkube",
+        "mountPath": "/srv/kubernetes",
+        "readOnly": true},
+        { "name": "logfile",
+        "mountPath": "/var/log/kube-apiserver.log",
+        "readOnly": false},
+        { "name": "etcssl",
+        "mountPath": "/etc/ssl",
+        "readOnly": true},
+        { "name": "usrsharessl",
+        "mountPath": "/usr/share/ssl",
+        "readOnly": true},
+        { "name": "varssl",
+        "mountPath": "/var/ssl",
+        "readOnly": true},
+        { "name": "usrssl",
+        "mountPath": "/usr/ssl",
+        "readOnly": true},
+        { "name": "usrlibssl",
+        "mountPath": "/usr/lib/ssl",
+        "readOnly": true},
+        { "name": "usrlocalopenssl",
+        "mountPath": "/usr/local/openssl",
+        "readOnly": true},
+        { "name": "etcopenssl",
+        "mountPath": "/etc/openssl",
+        "readOnly": true},
+        { "name": "etcpkitls",
+        "mountPath": "/etc/pki/tls",
+        "readOnly": true}
+      ]
+    }
+],
+"volumes":[
+  { "name": "srvkube",
+    "hostPath": {
+        "path": "/srv/kubernetes"}
+  },
+  { "name": "logfile",
+    "hostPath": {
+        "path": "/var/log/kube-apiserver.log"}
+  },
+  { "name": "etcssl",
+    "hostPath": {
+        "path": "/etc/ssl"}
+  },
+  { "name": "usrsharessl",
+    "hostPath": {
+        "path": "/usr/share/ssl"}
+  },
+  { "name": "varssl",
+    "hostPath": {
+        "path": "/var/ssl"}
+  },
+  { "name": "usrssl",
+    "hostPath": {
+        "path": "/usr/ssl"}
+  },
+  { "name": "usrlibssl",
+    "hostPath": {
+        "path": "/usr/lib/ssl"}
+  },
+  { "name": "usrlocalopenssl",
+    "hostPath": {
+        "path": "/usr/local/openssl"}
+  },
+  { "name": "etcopenssl",
+    "hostPath": {
+        "path": "/etc/openssl"}
+  },
+  { "name": "etcpkitls",
+    "hostPath": {
+        "path": "/etc/pki/tls"}
+  }
+]
+}}
--- a/docs/high-availability/kube-controller-manager.manifest
+++ b/docs/high-availability/kube-controller-manager.manifest
@@ -0,0 +1,100 @@
+{
+"apiVersion": "v1beta3",
+"kind": "Pod",
+"metadata": {"name":"kube-controller-manager"},
+"spec":{
+"hostNetwork": true,
+"containers":[
+    {
+    "name": "kube-controller-manager",
+    "image": "gcr.io/google_containers/kube-controller-manager:fda24638d51a48baa13c35337fcd4793",
+    "command": [
+                 "/bin/sh",
+                 "-c",
+                 "/usr/local/bin/kube-controller-manager --master=127.0.0.1:8080 --cluster_name=e2e-test-bburns --cluster-cidr=10.245.0.0/16 --allocate-node-cidrs=true --cloud_provider=gce  --service_account_private_key_file=/srv/kubernetes/server.key --v=2 1>>/var/log/kube-controller-manager.log 2>&1"
+               ],
+    "livenessProbe": {
+      "httpGet": {
+        "path": "/healthz",
+        "port": 10252
+      },
+      "initialDelaySeconds": 15,
+      "timeoutSeconds": 1
+    },
+    "volumeMounts": [
+        { "name": "srvkube",
+        "mountPath": "/srv/kubernetes",
+        "readOnly": true},
+        { "name": "logfile",
+        "mountPath": "/var/log/kube-controller-manager.log",
+        "readOnly": false},
+        { "name": "etcssl",
+        "mountPath": "/etc/ssl",
+        "readOnly": true},
+        { "name": "usrsharessl",
+        "mountPath": "/usr/share/ssl",
+        "readOnly": true},
+        { "name": "varssl",
+        "mountPath": "/var/ssl",
+        "readOnly": true},
+        { "name": "usrssl",
+        "mountPath": "/usr/ssl",
+        "readOnly": true},
+        { "name": "usrlibssl",
+        "mountPath": "/usr/lib/ssl",
+        "readOnly": true},
+        { "name": "usrlocalopenssl",
+        "mountPath": "/usr/local/openssl",
+        "readOnly": true},
+        { "name": "etcopenssl",
+        "mountPath": "/etc/openssl",
+        "readOnly": true},
+        { "name": "etcpkitls",
+        "mountPath": "/etc/pki/tls",
+        "readOnly": true}
+      ]
+    }
+],
+"volumes":[
+  { "name": "srvkube",
+    "hostPath": {
+        "path": "/srv/kubernetes"}
+  },
+  { "name": "logfile",
+    "hostPath": {
+        "path": "/var/log/kube-controller-manager.log"}
+  },
+  { "name": "etcssl",
+    "hostPath": {
+        "path": "/etc/ssl"}
+  },
+  { "name": "usrsharessl",
+    "hostPath": {
+        "path": "/usr/share/ssl"}
+  },
+  { "name": "varssl",
+    "hostPath": {
+        "path": "/var/ssl"}
+  },
+  { "name": "usrssl",
+    "hostPath": {
+        "path": "/usr/ssl"}
+  },
+  { "name": "usrlibssl",
+    "hostPath": {
+        "path": "/usr/lib/ssl"}
+  },
+  { "name": "usrlocalopenssl",
+    "hostPath": {
+        "path": "/usr/local/openssl"}
+  },
+  { "name": "etcopenssl",
+    "hostPath": {
+        "path": "/etc/openssl"}
+  },
+  { "name": "etcpkitls",
+    "hostPath": {
+        "path": "/etc/pki/tls"}
+  }
+]
+}}
--- a/docs/high-availability/kube-scheduler.manifest
+++ b/docs/high-availability/kube-scheduler.manifest
@@ -0,0 +1,39 @@
+{
+"apiVersion": "v1beta3",
+"kind": "Pod",
+"metadata": {"name":"kube-scheduler"},
+"spec":{
+"hostNetwork": true,
+"containers":[
+    {
+    "name": "kube-scheduler",
+    "image": "gcr.io/google_containers/kube-scheduler:34d0b8f8b31e27937327961528739bc9",
+    "command": [
+                 "/bin/sh",
+                 "-c",
+                 "/usr/local/bin/kube-scheduler --master=127.0.0.1:8080 --v=2 1>>/var/log/kube-scheduler.log 2>&1"
+               ],
+    "livenessProbe": {
+      "httpGet": {
+        "path": "/healthz",
+        "port": 10251
+      },
+      "initialDelaySeconds": 15,
+      "timeoutSeconds": 1
+    },
+    "volumeMounts": [
+        {
+          "name": "logfile",
+          "mountPath": "/var/log/kube-scheduler.log",
+          "readOnly": false
+        }
+      ]
+    }
+],
+"volumes":[
+  { "name": "logfile",
+    "hostPath": {
+        "path": "/var/log/kube-scheduler.log"}
+  }
+]
+}}
--- a/docs/high-availability/podmaster.manifest
+++ b/docs/high-availability/podmaster.manifest
@@ -0,0 +1,57 @@
+{
+"apiVersion": "v1beta3",
+"kind": "Pod",
+"metadata": {"name":"scheduler-master"},
+"spec":{
+"hostNetwork": true,
+"containers":[
+    {
+    "name": "scheduler-elector",
+    "image": "gcr.io/google_containers/podmaster:1.1",
+    "command": [
+              "/podmaster",
+              "--etcd-servers=http://127.0.0.1:4001",
+              "--key=scheduler",
+              "--source-file=/kubernetes/kube-scheduler.manifest",
+              "--dest-file=/manifests/kube-scheduler.manifest"
+            ],
+    "volumeMounts": [
+      { "name": "k8s",
+        "mountPath": "/kubernetes",
+        "readOnly": true},
+      { "name": "manifests",
+        "mountPath": "/manifests",
+        "readOnly": false}
+    ] 
+   },
+   {
+    "name": "controller-manager-elector",
+    "image": "gcr.io/google_containers/podmaster:1.1",
+    "command": [
+              "/podmaster",
+              "--etcd-servers=http://127.0.0.1:4001",
+              "--key=controller",
+              "--source-file=/kubernetes/kube-controller-manager.manifest",
+              "--dest-file=/manifests/kube-controller-manager.manifest"
+            ],
+    "volumeMounts": [
+      { "name": "k8s",
+        "mountPath": "/kubernetes",
+        "readOnly": true},
+      { "name": "manifests",
+        "mountPath": "/manifests",
+        "readOnly": false}
+    ]
+   }
+],
+"volumes":[
+  { "name": "k8s",
+    "hostPath": {
+        "path": "/srv/kubernetes"}
+  },
+{ "name": "manifests",
+    "hostPath": {
+        "path": "/etc/kubernetes/manifests"}
+  }
+]
+}}