Merge pull request #26596 from jcrugzz/ALLOW-PRIVILEGED

Automatic merge from submit-queue [fix] allow ALLOW_PRIVILEGED to be passed to kubelet and kube-api This is something that we need for running docker in docker. Please let me know if you would consider this change. Thanks :)
2025-07-26 05:03:09 +00:00 · 2016-06-25 08:52:14 -07:00 · 2016-06-25 08:52:14 -07:00 · 50d58f4437
commit 50d58f4437
parent 99951007ff 44cc9aa9b6
2 changed files with 21 additions and 10 deletions
--- a/cluster/ubuntu/config-default.sh
+++ b/cluster/ubuntu/config-default.sh
@ -17,7 +17,7 @@
 ## Contains configuration values for the Ubuntu cluster
 # Define all your cluster nodes, MASTER node comes first"
-# And separated with blank space like <user_1@ip_1> <user_2@ip_2> <user_3@ip_3> 
+# And separated with blank space like <user_1@ip_1> <user_2@ip_2> <user_3@ip_3>
 export nodes=${nodes:-"vcap@10.10.103.250 vcap@10.10.103.162 vcap@10.10.103.223"}
 # Define all your nodes role: a(master) or i(minion) or ai(both master and minion),
@ -112,5 +112,8 @@ ENABLE_CLUSTER_UI="${KUBE_ENABLE_CLUSTER_UI:-true}"
 # Add environment variable separated with blank space like "http_proxy=http://10.x.x.x:8080 https_proxy=https://10.x.x.x:8443"
 PROXY_SETTING=${PROXY_SETTING:-""}
 # Optional: Allows kublet/kube-api to be run in privileged mode
 ALLOW_PRIVILEGED=${ALLOW_PRIVILEGED:-"false"}
 DEBUG=${DEBUG:-"false"}
--- a/cluster/ubuntu/util.sh
+++ b/cluster/ubuntu/util.sh
@ -234,6 +234,7 @@ EOF
 # $2: Admission Controllers to invoke in the API server.
 # $3: A port range to reserve for services with NodePort visibility.
 # $4: The IP address on which to advertise the apiserver to members of the cluster.
 # $5: Tells kube-api to run in privileged mode
 function create-kube-apiserver-opts() {
  cat <<EOF > ~/kube/default/kube-apiserver
 KUBE_APISERVER_OPTS="\
@ -245,6 +246,7 @@ KUBE_APISERVER_OPTS="\
 --admission-control=${2}\
 --service-node-port-range=${3}\
 --advertise-address=${4}\
 --allow-privileged=${5}\
 --client-ca-file=/srv/kubernetes/ca.crt\
 --tls-cert-file=/srv/kubernetes/server.cert\
 --tls-private-key-file=/srv/kubernetes/server.key"
@ -279,9 +281,10 @@ EOF
 # $3: If non-empty then the DNS server IP to configure in each pod.
 # $4: If non-empty then added to each pod's domain search list.
 # $5: Pathname of the kubelet config file or directory.
-# $6: If empty then flannel is used otherwise CNI is used.
+# $6: Whether or not we run kubelet in priviliged mode
 # $7: If empty then flannel is used otherwise CNI is used.
 function create-kubelet-opts() {
-  if [ -n "$6" ] ; then
+  if [ -n "$7" ] ; then
      cni_opts=" --network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
  else
      cni_opts=""
@ -294,6 +297,7 @@ KUBELET_OPTS="\
 --cluster-dns=${3} \
 --cluster-domain=${4} \
 --config=${5} \
 --allow-privileged=${6}
 $cni_opts"
 EOF
 }
@ -472,7 +476,8 @@ function provision-master() {
      '${SERVICE_CLUSTER_IP_RANGE}' \
      '${ADMISSION_CONTROL}' \
      '${SERVICE_NODE_PORT_RANGE}' \
-      '${MASTER_IP}'
+      '${MASTER_IP}' \
      '${ALLOW_PRIVILIGED}'
    create-kube-controller-manager-opts '${NODE_IPS}'
    create-kube-scheduler-opts
    create-flanneld-opts '127.0.0.1' '${MASTER_IP}'
@ -534,7 +539,7 @@ function provision-node() {
                    service kube-proxy start'
    NEED_RECONFIG_DOCKER=false
  fi
-  
+
  BASH_DEBUG_FLAGS=""
  if [[ "$DEBUG" == "true" ]] ; then
    BASH_DEBUG_FLAGS="set -x"
@ -553,6 +558,7 @@ function provision-node() {
      '${DNS_SERVER_IP}' \
      '${DNS_DOMAIN}' \
      '${KUBELET_CONFIG}' \
      '${ALLOW_PRIVILEGED}' \
      '${CNI_PLUGIN_CONF}'
    create-kube-proxy-opts \
      '${1#*@}' \
@ -560,7 +566,7 @@ function provision-node() {
      '${KUBE_PROXY_EXTRA_OPTS}'
    create-flanneld-opts '${MASTER_IP}' '${1#*@}'
-    sudo -E -p '[sudo] password to start node: ' -- /bin/bash -ce '    
+    sudo -E -p '[sudo] password to start node: ' -- /bin/bash -ce '
      ${BASH_DEBUG_FLAGS}
      cp ~/kube/default/* /etc/default/
      cp ~/kube/init_conf/* /etc/init/
@ -615,7 +621,7 @@ function provision-masterandnode() {
        "'
    NEED_RECONFIG_DOCKER=false
  fi
-  
+
  EXTRA_SANS=(
    IP:${MASTER_IP}
    IP:${SERVICE_CLUSTER_IP_RANGE%.*}.1
@ -644,7 +650,8 @@ function provision-masterandnode() {
      '${SERVICE_CLUSTER_IP_RANGE}' \
      '${ADMISSION_CONTROL}' \
      '${SERVICE_NODE_PORT_RANGE}' \
-      '${MASTER_IP}'
+      '${MASTER_IP}' \
      '${ALLOW_PRIVILEGED}'
    create-kube-controller-manager-opts '${NODE_IPS}'
    create-kube-scheduler-opts
    create-kubelet-opts \
@ -653,6 +660,7 @@ function provision-masterandnode() {
      '${DNS_SERVER_IP}' \
      '${DNS_DOMAIN}' \
      '${KUBELET_CONFIG}' \
      '${ALLOW_PRIVILEGED}' \
      '${CNI_PLUGIN_CONF}'
    create-kube-proxy-opts \
      '${MASTER_IP}' \
@ -660,7 +668,7 @@ function provision-masterandnode() {
      '${KUBE_PROXY_EXTRA_OPTS}'
    create-flanneld-opts '127.0.0.1' '${MASTER_IP}'
-    FLANNEL_OTHER_NET_CONFIG='${FLANNEL_OTHER_NET_CONFIG}' sudo -E -p '[sudo] password to start master: ' -- /bin/bash -ce ' 
+    FLANNEL_OTHER_NET_CONFIG='${FLANNEL_OTHER_NET_CONFIG}' sudo -E -p '[sudo] password to start master: ' -- /bin/bash -ce '
      ${BASH_DEBUG_FLAGS}
      cp ~/kube/default/* /etc/default/
      cp ~/kube/init_conf/* /etc/init/
@ -697,7 +705,7 @@ function check-pods-torn-down() {
 # Delete a kubernetes cluster
 function kube-down() {
  export KUBECTL_PATH="${KUBE_ROOT}/cluster/ubuntu/binaries/kubectl"
-  
+
  export KUBE_CONFIG_FILE=${KUBE_CONFIG_FILE:-${KUBE_ROOT}/cluster/ubuntu/config-default.sh}
  source "${KUBE_CONFIG_FILE}"