From 51b20b35e225188fb58dd8ca2ab32089af3689ac Mon Sep 17 00:00:00 2001 From: Brendan Burns Date: Fri, 12 Jun 2015 21:00:16 -0700 Subject: [PATCH 1/2] Revert "Revert "Optionalize (default false) --insecure-registry."" This reverts commit 1645c9a9b8ee3f81247f54bce79540c4d3b6365c. --- cluster/aws/config-default.sh | 6 ++++-- cluster/aws/config-test.sh | 6 ++++-- cluster/gce/config-default.sh | 6 ++++-- cluster/gce/config-test.sh | 6 ++++-- cluster/saltbase/salt/docker/default | 2 +- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/cluster/aws/config-default.sh b/cluster/aws/config-default.sh index b63ec1628c8..8ed226a48c1 100644 --- a/cluster/aws/config-default.sh +++ b/cluster/aws/config-default.sh @@ -70,8 +70,10 @@ LOGGING_DESTINATION="${KUBE_LOGGING_DESTINATION:-elasticsearch}" # options: elas ENABLE_CLUSTER_LOGGING="${KUBE_ENABLE_CLUSTER_LOGGING:-true}" ELASTICSEARCH_LOGGING_REPLICAS=1 -# Don't require https for registries in our local RFC1918 network -EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +# Optional: Don't require https for registries in our local RFC1918 network +if [[ ${KUBE_ENABLE_INSECURE_REGISTRY:-false} == "true" ]]; then + EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +fi # Optional: Install cluster DNS. ENABLE_CLUSTER_DNS=true diff --git a/cluster/aws/config-test.sh b/cluster/aws/config-test.sh index 3ddf633cf8f..87cdf8c29cf 100755 --- a/cluster/aws/config-test.sh +++ b/cluster/aws/config-test.sh @@ -67,8 +67,10 @@ LOGGING_DESTINATION="${KUBE_LOGGING_DESTINATION:-elasticsearch}" # options: elas ENABLE_CLUSTER_LOGGING="${KUBE_ENABLE_CLUSTER_LOGGING:-false}" ELASTICSEARCH_LOGGING_REPLICAS=1 -# Don't require https for registries in our local RFC1918 network -EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +# Optional: Don't require https for registries in our local RFC1918 network +if [[ ${KUBE_ENABLE_INSECURE_REGISTRY:-false} == "true" ]]; then + EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +fi # Optional: Install cluster DNS. ENABLE_CLUSTER_DNS=true diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index a4b4459db21..f142ffe14a7 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -68,8 +68,10 @@ LOGGING_DESTINATION="${KUBE_LOGGING_DESTINATION:-elasticsearch}" # options: elas ENABLE_CLUSTER_LOGGING="${KUBE_ENABLE_CLUSTER_LOGGING:-true}" ELASTICSEARCH_LOGGING_REPLICAS=1 -# Don't require https for registries in our local RFC1918 network -EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +# Optional: Don't require https for registries in our local RFC1918 network +if [[ ${KUBE_ENABLE_INSECURE_REGISTRY:-false} == "true" ]]; then + EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +fi # Optional: Install cluster DNS. ENABLE_CLUSTER_DNS=true diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh index d8035a4c84a..ee1d406e7fb 100755 --- a/cluster/gce/config-test.sh +++ b/cluster/gce/config-test.sh @@ -67,8 +67,10 @@ LOGGING_DESTINATION="${KUBE_LOGGING_DESTINATION:-elasticsearch}" # options: elas ENABLE_CLUSTER_LOGGING="${KUBE_ENABLE_CLUSTER_LOGGING:-true}" ELASTICSEARCH_LOGGING_REPLICAS=1 -# Don't require https for registries in our local RFC1918 network -EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +# Optional: Don't require https for registries in our local RFC1918 network +if [[ ${KUBE_ENABLE_INSECURE_REGISTRY:-false} == "true" ]]; then + EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" +fi # Optional: Install cluster DNS. ENABLE_CLUSTER_DNS=true diff --git a/cluster/saltbase/salt/docker/default b/cluster/saltbase/salt/docker/default index 5674af107a3..706f082a521 100644 --- a/cluster/saltbase/salt/docker/default +++ b/cluster/saltbase/salt/docker/default @@ -1,5 +1,5 @@ {% set docker_opts = "" -%} -{% if grains.docker_opts is defined -%} +{% if grains.docker_opts is defined and grains.docker_opts -%} {% set docker_opts = grains.docker_opts -%} {% endif -%} From 2c59a3c4a42f158607f447a3883e5c970a74b6ac Mon Sep 17 00:00:00 2001 From: Brendan Burns Date: Fri, 12 Jun 2015 21:47:30 -0700 Subject: [PATCH 2/2] Fix the scripts to default empty string if EXTRA_DOCKER_OPTS isn't set. --- cluster/gce/coreos/helper.sh | 2 +- cluster/gce/debian/helper.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/gce/coreos/helper.sh b/cluster/gce/coreos/helper.sh index 3901666ca5b..d50fb58f09e 100644 --- a/cluster/gce/coreos/helper.sh +++ b/cluster/gce/coreos/helper.sh @@ -84,7 +84,7 @@ ADMISSION_CONTROL=$(yaml-quote ${ADMISSION_CONTROL:-}) MASTER_IP_RANGE=$(yaml-quote ${MASTER_IP_RANGE}) KUBERNETES_MASTER_NAME=$(yaml-quote ${MASTER_NAME}) ZONE=$(yaml-quote ${ZONE}) -EXTRA_DOCKER_OPTS=$(yaml-quote ${EXTRA_DOCKER_OPTS}) +EXTRA_DOCKER_OPTS=$(yaml-quote ${EXTRA_DOCKER_OPTS:-}) ENABLE_DOCKER_REGISTRY_CACHE=$(yaml-quote ${ENABLE_DOCKER_REGISTRY_CACHE:-false}) PROJECT_ID=$(yaml-quote ${PROJECT}) KUBERNETES_CONTAINER_RUNTIME=$(yaml-quote ${CONTAINER_RUNTIME}) diff --git a/cluster/gce/debian/helper.sh b/cluster/gce/debian/helper.sh index 264c4259eea..2b29eb26d7b 100644 --- a/cluster/gce/debian/helper.sh +++ b/cluster/gce/debian/helper.sh @@ -70,7 +70,7 @@ EOF cat >>$file <