github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #34719 from errordeveloper/api-and-disco-ports

Browse Source 
Automatic merge from submit-queue

Add flags for alternative API and discovery ports

**What this PR does / why we need it**:

We had many issues reported due to the fact that we are using port 443 by default, and we should allow users to override whatever defaults we pick. This doesn't touch on `localhost:8080` yet, which should just generally get rid of.

**Which issue this PR fixes**: fixes #34311 #34307 #33638

**Special notes for your reviewer**: cc @pires 

**Release note**:
```release-note
Add `kubeadm` flags `--api-port` and `--discovery-port`, change default API port to 6443
```
This commit is contained in:
Kubernetes Submit Queue 2016-10-17 05:54:38 -07:00 committed by GitHub
commit 714f816a34
13 changed files with 159 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kubeadm/app/apis/kubeadm/defaults.go
View File

@ -20,4 +20,6 @@ const (
DefaultServiceDNSDomain = "cluster.local" DefaultServiceDNSDomain = "cluster.local"
DefaultServicesSubnet = "10.12.0.0/12" DefaultServicesSubnet = "10.12.0.0/12"
DefaultKubernetesVersion = "v1.4.1" DefaultKubernetesVersion = "v1.4.1"
DefaultAPIBindPort = 6443
DefaultDiscoveryBindPort = 9898
) )

8
cmd/kubeadm/app/apis/kubeadm/types.go
View File

@ -23,6 +23,7 @@ type MasterConfiguration struct {
Secrets Secrets Secrets Secrets
API API API API
Discovery Discovery
Etcd Etcd Etcd Etcd
Networking Networking Networking Networking
KubernetesVersion string KubernetesVersion string
@ -32,6 +33,11 @@ type MasterConfiguration struct {
type API struct { type API struct {
AdvertiseAddresses []string AdvertiseAddresses []string
ExternalDNSNames []string ExternalDNSNames []string
BindPort int32
}
type Discovery struct {
BindPort int32
} }
type Networking struct { type Networking struct {
@ -59,6 +65,8 @@ type NodeConfiguration struct {
MasterAddresses []string MasterAddresses []string
Secrets Secrets Secrets Secrets
APIPort int32
DiscoveryPort int32
} }
// ClusterInfo TODO add description // ClusterInfo TODO add description

8
cmd/kubeadm/app/apis/kubeadm/v1alpha1/types.go
View File

@ -24,6 +24,7 @@ type MasterConfiguration struct {
Secrets Secrets `json:"secrets"` Secrets Secrets `json:"secrets"`
API API `json:"api"` API API `json:"api"`
Etcd Etcd `json:"etcd"` Etcd Etcd `json:"etcd"`
Discovery Discovery `json:"discovery"`
Networking Networking `json:"networking"` Networking Networking `json:"networking"`
KubernetesVersion string `json:"kubernetesVersion"` KubernetesVersion string `json:"kubernetesVersion"`
CloudProvider string `json:"cloudProvider"` CloudProvider string `json:"cloudProvider"`
@ -32,6 +33,11 @@ type MasterConfiguration struct {
type API struct { type API struct {
AdvertiseAddresses []string `json:"advertiseAddresses"` AdvertiseAddresses []string `json:"advertiseAddresses"`
ExternalDNSNames []string `json:"externalDNSNames"` ExternalDNSNames []string `json:"externalDNSNames"`
BindPort int32 `json:"bindPort"`
}
type Discovery struct {
BindPort int32 `json:"bindPort"`
} }
type Networking struct { type Networking struct {
@ -59,6 +65,8 @@ type NodeConfiguration struct {
MasterAddresses []string `json:"masterAddresses"` MasterAddresses []string `json:"masterAddresses"`
Secrets Secrets `json:"secrets"` Secrets Secrets `json:"secrets"`
APIPort int32 `json:"apiPort"`
DiscoveryPort int32 `json:"discoveryPort"`
} }
// ClusterInfo TODO add description // ClusterInfo TODO add description

32
cmd/kubeadm/app/cmd/init.go
View File

@ -20,6 +20,7 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"strings"
"github.com/renstrom/dedent" "github.com/renstrom/dedent"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -41,7 +42,7 @@ var (
You can now join any number of machines by running the following on each node: You can now join any number of machines by running the following on each node:
kubeadm join --token %s %s kubeadm join %s
`) `)
) )
@ -126,6 +127,16 @@ func NewCmdInit(out io.Writer) *cobra.Command {
"skip preflight checks normally run before modifying the system", "skip preflight checks normally run before modifying the system",
) )
cmd.PersistentFlags().Int32Var(
&cfg.API.BindPort, "api-port", kubeadmapi.DefaultAPIBindPort,
"Port for API to bind to",
)
cmd.PersistentFlags().Int32Var(
&cfg.Discovery.BindPort, "discovery-port", kubeadmapi.DefaultDiscoveryBindPort,
"Port for JWS discovery service to bind to",
)
return cmd return cmd
} }
@ -146,7 +157,7 @@ func NewInit(cfgPath string, cfg *kubeadmapi.MasterConfiguration, skipPreFlight
if !skipPreFlight { if !skipPreFlight {
fmt.Println("Running pre-flight checks") fmt.Println("Running pre-flight checks")
err := preflight.RunInitMasterChecks() err := preflight.RunInitMasterChecks(cfg)
if err != nil { if err != nil {
return nil, &preflight.PreFlightError{Msg: err.Error()} return nil, &preflight.PreFlightError{Msg: err.Error()}
} }
@ -190,7 +201,7 @@ func (i *Init) Run(out io.Writer) error {
return err return err
} }
kubeconfigs, err := kubemaster.CreateCertsAndConfigForClients(i.cfg.API.AdvertiseAddresses, []string{"kubelet", "admin"}, caKey, caCert) kubeconfigs, err := kubemaster.CreateCertsAndConfigForClients(i.cfg.API, []string{"kubelet", "admin"}, caKey, caCert)
if err != nil { if err != nil {
return err return err
} }
@ -228,11 +239,16 @@ func (i *Init) Run(out io.Writer) error {
return err return err
} }
// TODO(phase1+) use templates to reference struct fields directly as order of args is fragile // TODO(phase1+) we could probably use templates for this logic, and reference struct fields directly etc
fmt.Fprintf(out, initDoneMsgf, joinArgs := []string{fmt.Sprintf("--token=%s", i.cfg.Secrets.GivenToken)}
i.cfg.Secrets.GivenToken, if i.cfg.API.BindPort != kubeadmapi.DefaultAPIBindPort {
i.cfg.API.AdvertiseAddresses[0], joinArgs = append(joinArgs, fmt.Sprintf("--api-port=%d", i.cfg.API.BindPort))
) }
if i.cfg.Discovery.BindPort != kubeadmapi.DefaultDiscoveryBindPort {
joinArgs = append(joinArgs, fmt.Sprintf("--discovery-port=%d", i.cfg.Discovery.BindPort))
}
joinArgs = append(joinArgs, i.cfg.API.AdvertiseAddresses[0])
fmt.Fprintf(out, initDoneMsgf, strings.Join(joinArgs, " "))
return nil return nil
} }

10
cmd/kubeadm/app/cmd/join.go
View File

@ -70,6 +70,16 @@ func NewCmdJoin(out io.Writer) *cobra.Command {
"skip preflight checks normally run before modifying the system", "skip preflight checks normally run before modifying the system",
) )
cmd.PersistentFlags().Int32Var(
&cfg.APIPort, "api-port", kubeadmapi.DefaultAPIBindPort,
"(optional) API server port on the master",
)
cmd.PersistentFlags().Int32Var(
&cfg.DiscoveryPort, "discovery-port", kubeadmapi.DefaultDiscoveryBindPort,
"(optional) Discovery port on the master",
)
return cmd return cmd
} }

28
cmd/kubeadm/app/master/addons.go
View File

@ -32,7 +32,7 @@ import (
) )
// TODO(phase1+): kube-proxy should be a daemonset, three different daemonsets should not be here // TODO(phase1+): kube-proxy should be a daemonset, three different daemonsets should not be here
func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture string) api.PodSpec { func createKubeProxyPodSpec(cfg *kubeadmapi.MasterConfiguration, architecture string) api.PodSpec {
envParams := kubeadmapi.GetEnvParams() envParams := kubeadmapi.GetEnvParams()
privilegedTrue := true privilegedTrue := true
return api.PodSpec{ return api.PodSpec{
@ -42,8 +42,8 @@ func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture stri
}, },
Containers: []api.Container{{ Containers: []api.Container{{
Name: kubeProxy, Name: kubeProxy,
Image: images.GetCoreImage(images.KubeProxyImage, s, envParams["hyperkube_image"]), Image: images.GetCoreImage(images.KubeProxyImage, cfg, envParams["hyperkube_image"]),
Command: append(getComponentCommand("proxy", s), "--kubeconfig=/run/kubeconfig"), Command: append(getComponentCommand("proxy", cfg), "--kubeconfig=/run/kubeconfig"),
SecurityContext: &api.SecurityContext{Privileged: &privilegedTrue}, SecurityContext: &api.SecurityContext{Privileged: &privilegedTrue},
VolumeMounts: []api.VolumeMount{ VolumeMounts: []api.VolumeMount{
{ {
@ -85,7 +85,7 @@ func createKubeProxyPodSpec(s *kubeadmapi.MasterConfiguration, architecture stri
} }
} }
func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec { func createKubeDNSPodSpec(cfg *kubeadmapi.MasterConfiguration) api.PodSpec {
dnsPodResources := api.ResourceList{ dnsPodResources := api.ResourceList{
api.ResourceName(api.ResourceCPU): resource.MustParse("100m"), api.ResourceName(api.ResourceCPU): resource.MustParse("100m"),
@ -100,7 +100,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
kubeDNSPort := int32(10053) kubeDNSPort := int32(10053)
dnsmasqPort := int32(53) dnsmasqPort := int32(53)
nslookup := fmt.Sprintf("nslookup kubernetes.default.svc.%s 127.0.0.1", s.Networking.DNSDomain) nslookup := fmt.Sprintf("nslookup kubernetes.default.svc.%s 127.0.0.1", cfg.Networking.DNSDomain)
nslookup = fmt.Sprintf("-cmd=%s:%d >/dev/null && %s:%d >/dev/null", nslookup = fmt.Sprintf("-cmd=%s:%d >/dev/null && %s:%d >/dev/null",
nslookup, dnsmasqPort, nslookup, dnsmasqPort,
@ -121,7 +121,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
Requests: dnsPodResources, Requests: dnsPodResources,
}, },
Args: []string{ Args: []string{
fmt.Sprintf("--domain=%s", s.Networking.DNSDomain), fmt.Sprintf("--domain=%s", cfg.Networking.DNSDomain),
fmt.Sprintf("--dns-port=%d", kubeDNSPort), fmt.Sprintf("--dns-port=%d", kubeDNSPort),
// TODO __PILLAR__FEDERATIONS__DOMAIN__MAP__ // TODO __PILLAR__FEDERATIONS__DOMAIN__MAP__
}, },
@ -214,14 +214,14 @@ func createKubeDNSPodSpec(s *kubeadmapi.MasterConfiguration) api.PodSpec {
} }
func createKubeDNSServiceSpec(s *kubeadmapi.MasterConfiguration) (*api.ServiceSpec, error) { func createKubeDNSServiceSpec(cfg *kubeadmapi.MasterConfiguration) (*api.ServiceSpec, error) {
_, n, err := net.ParseCIDR(s.Networking.ServiceSubnet) _, n, err := net.ParseCIDR(cfg.Networking.ServiceSubnet)
if err != nil { if err != nil {
return nil, fmt.Errorf("could not parse %q: %v", s.Networking.ServiceSubnet, err) return nil, fmt.Errorf("could not parse %q: %v", cfg.Networking.ServiceSubnet, err)
} }
ip, err := ipallocator.GetIndexedIP(n, 10) ip, err := ipallocator.GetIndexedIP(n, 10)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to allocate IP address for kube-dns addon from the given CIDR (%q) [%v]", s.Networking.ServiceSubnet, err) return nil, fmt.Errorf("unable to allocate IP address for kube-dns addon from the given CIDR (%q) [%v]", cfg.Networking.ServiceSubnet, err)
} }
svc := &api.ServiceSpec{ svc := &api.ServiceSpec{
@ -236,11 +236,11 @@ func createKubeDNSServiceSpec(s *kubeadmapi.MasterConfiguration) (*api.ServiceSp
return svc, nil return svc, nil
} }
func CreateEssentialAddons(s *kubeadmapi.MasterConfiguration, client *clientset.Clientset) error { func CreateEssentialAddons(cfg *kubeadmapi.MasterConfiguration, client *clientset.Clientset) error {
arches := [3]string{"amd64", "arm", "arm64"} arches := [3]string{"amd64", "arm", "arm64"}
for _, arch := range arches { for _, arch := range arches {
kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(s, arch)) kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(cfg, arch))
SetMasterTaintTolerations(&kubeProxyDaemonSet.Spec.Template.ObjectMeta) SetMasterTaintTolerations(&kubeProxyDaemonSet.Spec.Template.ObjectMeta)
if _, err := client.Extensions().DaemonSets(api.NamespaceSystem).Create(kubeProxyDaemonSet); err != nil { if _, err := client.Extensions().DaemonSets(api.NamespaceSystem).Create(kubeProxyDaemonSet); err != nil {
@ -250,14 +250,14 @@ func CreateEssentialAddons(s *kubeadmapi.MasterConfiguration, client *clientset.
fmt.Println("<master/addons> created essential addon: kube-proxy") fmt.Println("<master/addons> created essential addon: kube-proxy")
kubeDNSDeployment := NewDeployment("kube-dns", 1, createKubeDNSPodSpec(s)) kubeDNSDeployment := NewDeployment("kube-dns", 1, createKubeDNSPodSpec(cfg))
SetMasterTaintTolerations(&kubeDNSDeployment.Spec.Template.ObjectMeta) SetMasterTaintTolerations(&kubeDNSDeployment.Spec.Template.ObjectMeta)
if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kubeDNSDeployment); err != nil { if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kubeDNSDeployment); err != nil {
return fmt.Errorf("<master/addons> failed creating essential kube-dns addon [%v]", err) return fmt.Errorf("<master/addons> failed creating essential kube-dns addon [%v]", err)
} }
kubeDNSServiceSpec, err := createKubeDNSServiceSpec(s) kubeDNSServiceSpec, err := createKubeDNSServiceSpec(cfg)
if err != nil { if err != nil {
return fmt.Errorf("<master/addons> failed creating essential kube-dns addon - %v", err) return fmt.Errorf("<master/addons> failed creating essential kube-dns addon - %v", err)
} }

22
cmd/kubeadm/app/master/discovery.go
View File

@ -40,18 +40,18 @@ const (
kubeDiscoverySecretName = "clusterinfo" kubeDiscoverySecretName = "clusterinfo"
) )
func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) map[string][]byte { func encodeKubeDiscoverySecretData(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) map[string][]byte {
var ( var (
data = map[string][]byte{} data = map[string][]byte{}
endpointList = []string{} endpointList = []string{}
tokenMap = map[string]string{} tokenMap = map[string]string{}
) )
for _, addr := range s.API.AdvertiseAddresses { for _, addr := range cfg.API.AdvertiseAddresses {
endpointList = append(endpointList, fmt.Sprintf("https://%s:443", addr)) endpointList = append(endpointList, fmt.Sprintf("https://%s:%d", addr, cfg.API.BindPort))
} }
tokenMap[s.Secrets.TokenID] = s.Secrets.BearerToken tokenMap[cfg.Secrets.TokenID] = cfg.Secrets.BearerToken
data["endpoint-list.json"], _ = json.Marshal(endpointList) data["endpoint-list.json"], _ = json.Marshal(endpointList)
data["token-map.json"], _ = json.Marshal(tokenMap) data["token-map.json"], _ = json.Marshal(tokenMap)
@ -60,7 +60,7 @@ func encodeKubeDiscoverySecretData(s *kubeadmapi.MasterConfiguration, caCert *x5
return data return data
} }
func newKubeDiscoveryPodSpec() api.PodSpec { func newKubeDiscoveryPodSpec(cfg *kubeadmapi.MasterConfiguration) api.PodSpec {
envParams := kubeadmapi.GetEnvParams() envParams := kubeadmapi.GetEnvParams()
return api.PodSpec{ return api.PodSpec{
// We have to use host network namespace, as `HostPort`/`HostIP` are Docker's // We have to use host network namespace, as `HostPort`/`HostIP` are Docker's
@ -80,7 +80,7 @@ func newKubeDiscoveryPodSpec() api.PodSpec {
Ports: []api.ContainerPort{ Ports: []api.ContainerPort{
// TODO when CNI issue (#31307) is resolved, we should consider adding // TODO when CNI issue (#31307) is resolved, we should consider adding
// `HostIP: s.API.AdvertiseAddrs[0]`, if there is only one address` // `HostIP: s.API.AdvertiseAddrs[0]`, if there is only one address`
{Name: "http", ContainerPort: 9898, HostPort: 9898}, {Name: "http", ContainerPort: kubeadmapi.DefaultDiscoveryBindPort, HostPort: cfg.Discovery.BindPort},
}, },
SecurityContext: &api.SecurityContext{ SecurityContext: &api.SecurityContext{
SELinuxOptions: &api.SELinuxOptions{ SELinuxOptions: &api.SELinuxOptions{
@ -101,13 +101,13 @@ func newKubeDiscoveryPodSpec() api.PodSpec {
} }
} }
func newKubeDiscovery(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) kubeDiscovery { func newKubeDiscovery(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate) kubeDiscovery {
kd := kubeDiscovery{ kd := kubeDiscovery{
Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec()), Deployment: NewDeployment(kubeDiscoveryName, 1, newKubeDiscoveryPodSpec(cfg)),
Secret: &api.Secret{ Secret: &api.Secret{
ObjectMeta: api.ObjectMeta{Name: kubeDiscoverySecretName}, ObjectMeta: api.ObjectMeta{Name: kubeDiscoverySecretName},
Type: api.SecretTypeOpaque, Type: api.SecretTypeOpaque,
Data: encodeKubeDiscoverySecretData(s, caCert), Data: encodeKubeDiscoverySecretData(cfg, caCert),
}, },
} }
@ -117,8 +117,8 @@ func newKubeDiscovery(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificat
return kd return kd
} }
func CreateDiscoveryDeploymentAndSecret(s *kubeadmapi.MasterConfiguration, client *clientset.Clientset, caCert *x509.Certificate) error { func CreateDiscoveryDeploymentAndSecret(cfg *kubeadmapi.MasterConfiguration, client *clientset.Clientset, caCert *x509.Certificate) error {
kd := newKubeDiscovery(s, caCert) kd := newKubeDiscovery(cfg, caCert)
if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kd.Deployment); err != nil { if _, err := client.Extensions().Deployments(api.NamespaceSystem).Create(kd.Deployment); err != nil {
return fmt.Errorf("<master/discovery> failed to create %q deployment [%v]", kubeDiscoveryName, err) return fmt.Errorf("<master/discovery> failed to create %q deployment [%v]", kubeDiscoveryName, err)

5
cmd/kubeadm/app/master/kubeconfig.go
View File

@ -22,19 +22,20 @@ import (
"fmt" "fmt"
// TODO: "k8s.io/client-go/client/tools/clientcmd/api" // TODO: "k8s.io/client-go/client/tools/clientcmd/api"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
certutil "k8s.io/kubernetes/pkg/util/cert" certutil "k8s.io/kubernetes/pkg/util/cert"
) )
func CreateCertsAndConfigForClients(advertiseAddresses, clientNames []string, caKey *rsa.PrivateKey, caCert *x509.Certificate) (map[string]*clientcmdapi.Config, error) { func CreateCertsAndConfigForClients(cfg kubeadmapi.API, clientNames []string, caKey *rsa.PrivateKey, caCert *x509.Certificate) (map[string]*clientcmdapi.Config, error) {
basicClientConfig := kubeadmutil.CreateBasicClientConfig( basicClientConfig := kubeadmutil.CreateBasicClientConfig(
"kubernetes", "kubernetes",
// TODO this is not great, but there is only one address we can use here // TODO this is not great, but there is only one address we can use here
// so we'll pick the first one, there is much of chance to have an empty // so we'll pick the first one, there is much of chance to have an empty
// slice by the time this gets called // slice by the time this gets called
fmt.Sprintf("https://%s:443", advertiseAddresses[0]), fmt.Sprintf("https://%s:%d", cfg.AdvertiseAddresses[0], cfg.BindPort),
certutil.EncodeCertPEM(caCert), certutil.EncodeCertPEM(caCert),
) )

62
cmd/kubeadm/app/master/manifests.go
View File

@ -53,37 +53,37 @@ const (
// WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk // WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk
// where kubelet will pick and schedule them. // where kubelet will pick and schedule them.
func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error { func WriteStaticPodManifests(cfg *kubeadmapi.MasterConfiguration) error {
envParams := kubeadmapi.GetEnvParams() envParams := kubeadmapi.GetEnvParams()
// Prepare static pod specs // Prepare static pod specs
staticPodSpecs := map[string]api.Pod{ staticPodSpecs := map[string]api.Pod{
kubeAPIServer: componentPod(api.Container{ kubeAPIServer: componentPod(api.Container{
Name: kubeAPIServer, Name: kubeAPIServer,
Image: images.GetCoreImage(images.KubeAPIServerImage, s, envParams["hyperkube_image"]), Image: images.GetCoreImage(images.KubeAPIServerImage, cfg, envParams["hyperkube_image"]),
Command: getComponentCommand(apiServer, s), Command: getComponentCommand(apiServer, cfg),
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()}, VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
LivenessProbe: componentProbe(8080, "/healthz"), LivenessProbe: componentProbe(8080, "/healthz"),
Resources: componentResources("250m"), Resources: componentResources("250m"),
}, certsVolume(s), k8sVolume(s)), }, certsVolume(cfg), k8sVolume(cfg)),
kubeControllerManager: componentPod(api.Container{ kubeControllerManager: componentPod(api.Container{
Name: kubeControllerManager, Name: kubeControllerManager,
Image: images.GetCoreImage(images.KubeControllerManagerImage, s, envParams["hyperkube_image"]), Image: images.GetCoreImage(images.KubeControllerManagerImage, cfg, envParams["hyperkube_image"]),
Command: getComponentCommand(controllerManager, s), Command: getComponentCommand(controllerManager, cfg),
VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()}, VolumeMounts: []api.VolumeMount{certsVolumeMount(), k8sVolumeMount()},
LivenessProbe: componentProbe(10252, "/healthz"), LivenessProbe: componentProbe(10252, "/healthz"),
Resources: componentResources("200m"), Resources: componentResources("200m"),
}, certsVolume(s), k8sVolume(s)), }, certsVolume(cfg), k8sVolume(cfg)),
kubeScheduler: componentPod(api.Container{ kubeScheduler: componentPod(api.Container{
Name: kubeScheduler, Name: kubeScheduler,
Image: images.GetCoreImage(images.KubeSchedulerImage, s, envParams["hyperkube_image"]), Image: images.GetCoreImage(images.KubeSchedulerImage, cfg, envParams["hyperkube_image"]),
Command: getComponentCommand(scheduler, s), Command: getComponentCommand(scheduler, cfg),
LivenessProbe: componentProbe(10251, "/healthz"), LivenessProbe: componentProbe(10251, "/healthz"),
Resources: componentResources("100m"), Resources: componentResources("100m"),
}), }),
} }
// Add etcd static pod spec only if external etcd is not configured // Add etcd static pod spec only if external etcd is not configured
if len(s.Etcd.Endpoints) == 0 { if len(cfg.Etcd.Endpoints) == 0 {
staticPodSpecs[etcd] = componentPod(api.Container{ staticPodSpecs[etcd] = componentPod(api.Container{
Name: etcd, Name: etcd,
Command: []string{ Command: []string{
@ -93,7 +93,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error {
"--data-dir=/var/etcd/data", "--data-dir=/var/etcd/data",
}, },
VolumeMounts: []api.VolumeMount{certsVolumeMount(), etcdVolumeMount(), k8sVolumeMount()}, VolumeMounts: []api.VolumeMount{certsVolumeMount(), etcdVolumeMount(), k8sVolumeMount()},
Image: images.GetCoreImage(images.KubeEtcdImage, s, envParams["etcd_image"]), Image: images.GetCoreImage(images.KubeEtcdImage, cfg, envParams["etcd_image"]),
LivenessProbe: componentProbe(2379, "/health"), LivenessProbe: componentProbe(2379, "/health"),
Resources: componentResources("200m"), Resources: componentResources("200m"),
SecurityContext: &api.SecurityContext{ SecurityContext: &api.SecurityContext{
@ -105,7 +105,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error {
Type: "unconfined_t", Type: "unconfined_t",
}, },
}, },
}, certsVolume(s), etcdVolume(s), k8sVolume(s)) }, certsVolume(cfg), etcdVolume(cfg), k8sVolume(cfg))
} }
manifestsPath := path.Join(envParams["kubernetes_dir"], "manifests") manifestsPath := path.Join(envParams["kubernetes_dir"], "manifests")
@ -126,7 +126,7 @@ func WriteStaticPodManifests(s *kubeadmapi.MasterConfiguration) error {
} }
// etcdVolume exposes a path on the host in order to guarantee data survival during reboot. // etcdVolume exposes a path on the host in order to guarantee data survival during reboot.
func etcdVolume(s *kubeadmapi.MasterConfiguration) api.Volume { func etcdVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume {
envParams := kubeadmapi.GetEnvParams() envParams := kubeadmapi.GetEnvParams()
return api.Volume{ return api.Volume{
Name: "etcd", Name: "etcd",
@ -144,7 +144,7 @@ func etcdVolumeMount() api.VolumeMount {
} }
// certsVolume exposes host SSL certificates to pod containers. // certsVolume exposes host SSL certificates to pod containers.
func certsVolume(s *kubeadmapi.MasterConfiguration) api.Volume { func certsVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume {
return api.Volume{ return api.Volume{
Name: "certs", Name: "certs",
VolumeSource: api.VolumeSource{ VolumeSource: api.VolumeSource{
@ -161,7 +161,7 @@ func certsVolumeMount() api.VolumeMount {
} }
} }
func k8sVolume(s *kubeadmapi.MasterConfiguration) api.Volume { func k8sVolume(cfg *kubeadmapi.MasterConfiguration) api.Volume {
envParams := kubeadmapi.GetEnvParams() envParams := kubeadmapi.GetEnvParams()
return api.Volume{ return api.Volume{
Name: "pki", Name: "pki",
@ -221,18 +221,18 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod {
} }
} }
func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (command []string) { func getComponentCommand(component string, cfg *kubeadmapi.MasterConfiguration) (command []string) {
baseFlags := map[string][]string{ baseFlags := map[string][]string{
apiServer: { apiServer: {
"--insecure-bind-address=127.0.0.1", "--insecure-bind-address=127.0.0.1",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
"--service-cluster-ip-range=" + s.Networking.ServiceSubnet, "--service-cluster-ip-range=" + cfg.Networking.ServiceSubnet,
"--service-account-key-file=" + pkiDir + "/apiserver-key.pem", "--service-account-key-file=" + pkiDir + "/apiserver-key.pem",
"--client-ca-file=" + pkiDir + "/ca.pem", "--client-ca-file=" + pkiDir + "/ca.pem",
"--tls-cert-file=" + pkiDir + "/apiserver.pem", "--tls-cert-file=" + pkiDir + "/apiserver.pem",
"--tls-private-key-file=" + pkiDir + "/apiserver-key.pem", "--tls-private-key-file=" + pkiDir + "/apiserver-key.pem",
"--token-auth-file=" + pkiDir + "/tokens.csv", "--token-auth-file=" + pkiDir + "/tokens.csv",
"--secure-port=443", fmt.Sprintf("--secure-port=%d", cfg.API.BindPort),
"--allow-privileged", "--allow-privileged",
}, },
controllerManager: { controllerManager: {
@ -266,30 +266,30 @@ func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (c
if component == apiServer { if component == apiServer {
// Use first address we are given // Use first address we are given
if len(s.API.AdvertiseAddresses) > 0 { if len(cfg.API.AdvertiseAddresses) > 0 {
command = append(command, fmt.Sprintf("--advertise-address=%s", s.API.AdvertiseAddresses[0])) command = append(command, fmt.Sprintf("--advertise-address=%s", cfg.API.AdvertiseAddresses[0]))
} }
// Check if the user decided to use an external etcd cluster // Check if the user decided to use an external etcd cluster
if len(s.Etcd.Endpoints) > 0 { if len(cfg.Etcd.Endpoints) > 0 {
command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(s.Etcd.Endpoints, ","))) command = append(command, fmt.Sprintf("--etcd-servers=%s", strings.Join(cfg.Etcd.Endpoints, ",")))
} else { } else {
command = append(command, "--etcd-servers=http://127.0.0.1:2379") command = append(command, "--etcd-servers=http://127.0.0.1:2379")
} }
// Is etcd secured? // Is etcd secured?
if s.Etcd.CAFile != "" { if cfg.Etcd.CAFile != "" {
command = append(command, fmt.Sprintf("--etcd-cafile=%s", s.Etcd.CAFile)) command = append(command, fmt.Sprintf("--etcd-cafile=%s", cfg.Etcd.CAFile))
} }
if s.Etcd.CertFile != "" && s.Etcd.KeyFile != "" { if cfg.Etcd.CertFile != "" && cfg.Etcd.KeyFile != "" {
etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", s.Etcd.CertFile) etcdClientFileArg := fmt.Sprintf("--etcd-certfile=%s", cfg.Etcd.CertFile)
etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", s.Etcd.KeyFile) etcdKeyFileArg := fmt.Sprintf("--etcd-keyfile=%s", cfg.Etcd.KeyFile)
command = append(command, etcdClientFileArg, etcdKeyFileArg) command = append(command, etcdClientFileArg, etcdKeyFileArg)
} }
} }
if component == controllerManager { if component == controllerManager {
if s.CloudProvider != "" { if cfg.CloudProvider != "" {
command = append(command, "--cloud-provider="+s.CloudProvider) command = append(command, "--cloud-provider="+cfg.CloudProvider)
// Only append the --cloud-config option if there's a such file // Only append the --cloud-config option if there's a such file
// TODO(phase1+) this won't work unless it's in one of the few directories we bind-mount // TODO(phase1+) this won't work unless it's in one of the few directories we bind-mount
@ -299,8 +299,8 @@ func getComponentCommand(component string, s *kubeadmapi.MasterConfiguration) (c
} }
// Let the controller-manager allocate Node CIDRs for the Pod network. // Let the controller-manager allocate Node CIDRs for the Pod network.
// Each node will get a subspace of the address CIDR provided with --pod-network-cidr. // Each node will get a subspace of the address CIDR provided with --pod-network-cidr.
if s.Networking.PodSubnet != "" { if cfg.Networking.PodSubnet != "" {
command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+s.Networking.PodSubnet) command = append(command, "--allocate-node-cidrs=true", "--cluster-cidr="+cfg.Networking.PodSubnet)
} }
} }

18
cmd/kubeadm/app/master/pki.go
View File

@ -46,7 +46,7 @@ func newCertificateAuthority() (*rsa.PrivateKey, *x509.Certificate, error) {
return key, cert, nil return key, cert, nil
} }
func newServerKeyAndCert(s *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey, altNames certutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) { func newServerKeyAndCert(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey, altNames certutil.AltNames) (*rsa.PrivateKey, *x509.Certificate, error) {
key, err := certutil.NewPrivateKey() key, err := certutil.NewPrivateKey()
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("unabel to create private key [%v]", err) return nil, nil, fmt.Errorf("unabel to create private key [%v]", err)
@ -56,16 +56,16 @@ func newServerKeyAndCert(s *kubeadmapi.MasterConfiguration, caCert *x509.Certifi
"kubernetes", "kubernetes",
"kubernetes.default", "kubernetes.default",
"kubernetes.default.svc", "kubernetes.default.svc",
fmt.Sprintf("kubernetes.default.svc.%s", s.Networking.DNSDomain), fmt.Sprintf("kubernetes.default.svc.%s", cfg.Networking.DNSDomain),
} }
_, n, err := net.ParseCIDR(s.Networking.ServiceSubnet) _, n, err := net.ParseCIDR(cfg.Networking.ServiceSubnet)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("error parsing CIDR %q: %v", s.Networking.ServiceSubnet, err) return nil, nil, fmt.Errorf("error parsing CIDR %q: %v", cfg.Networking.ServiceSubnet, err)
} }
internalAPIServerVirtualIP, err := ipallocator.GetIndexedIP(n, 1) internalAPIServerVirtualIP, err := ipallocator.GetIndexedIP(n, 1)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%v]", &s.Networking.ServiceSubnet, err) return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%v]", &cfg.Networking.ServiceSubnet, err)
} }
altNames.IPs = append(altNames.IPs, internalAPIServerVirtualIP) altNames.IPs = append(altNames.IPs, internalAPIServerVirtualIP)
@ -143,20 +143,20 @@ func newServiceAccountKey() (*rsa.PrivateKey, error) {
// It first generates a self-signed CA certificate, a server certificate (signed by the CA) and a key for // It first generates a self-signed CA certificate, a server certificate (signed by the CA) and a key for
// signing service account tokens. It returns CA key and certificate, which is convenient for use with // signing service account tokens. It returns CA key and certificate, which is convenient for use with
// client config funcs. // client config funcs.
func CreatePKIAssets(s *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.Certificate, error) { func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.Certificate, error) {
var ( var (
err error err error
altNames certutil.AltNames altNames certutil.AltNames
) )
for _, a := range s.API.AdvertiseAddresses { for _, a := range cfg.API.AdvertiseAddresses {
if ip := net.ParseIP(a); ip != nil { if ip := net.ParseIP(a); ip != nil {
altNames.IPs = append(altNames.IPs, ip) altNames.IPs = append(altNames.IPs, ip)
} else { } else {
return nil, nil, fmt.Errorf("could not parse ip %q", a) return nil, nil, fmt.Errorf("could not parse ip %q", a)
} }
} }
altNames.DNSNames = append(altNames.DNSNames, s.API.ExternalDNSNames...) altNames.DNSNames = append(altNames.DNSNames, cfg.API.ExternalDNSNames...)
pkiPath := path.Join(kubeadmapi.GetEnvParams()["host_pki_path"]) pkiPath := path.Join(kubeadmapi.GetEnvParams()["host_pki_path"])
@ -172,7 +172,7 @@ func CreatePKIAssets(s *kubeadmapi.MasterConfiguration) (*rsa.PrivateKey, *x509.
pub, prv, cert := pathsKeysCerts(pkiPath, "ca") pub, prv, cert := pathsKeysCerts(pkiPath, "ca")
fmt.Printf("Public: %s\nPrivate: %s\nCert: %s\n", pub, prv, cert) fmt.Printf("Public: %s\nPrivate: %s\nCert: %s\n", pub, prv, cert)
apiKey, apiCert, err := newServerKeyAndCert(s, caCert, caKey, altNames) apiKey, apiCert, err := newServerKeyAndCert(cfg, caCert, caKey, altNames)
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("<master/pki> failure while creating API server keys and certificate - %v", err) return nil, nil, fmt.Errorf("<master/pki> failure while creating API server keys and certificate - %v", err)
} }

2
cmd/kubeadm/app/node/discovery.go
View File

@ -33,7 +33,7 @@ import (
const discoveryRetryTimeout = 5 * time.Second const discoveryRetryTimeout = 5 * time.Second
func RetrieveTrustedClusterInfo(s *kubeadmapi.NodeConfiguration) (*kubeadmapi.ClusterInfo, error) { func RetrieveTrustedClusterInfo(s *kubeadmapi.NodeConfiguration) (*kubeadmapi.ClusterInfo, error) {
host, port := s.MasterAddresses[0], 9898 host, port := s.MasterAddresses[0], s.DiscoveryPort
requestURL := fmt.Sprintf("http://%s:%d/cluster-info/v1/?token-id=%s", host, port, s.Secrets.TokenID) requestURL := fmt.Sprintf("http://%s:%d/cluster-info/v1/?token-id=%s", host, port, s.Secrets.TokenID)
req, err := http.NewRequest("GET", requestURL, nil) req, err := http.NewRequest("GET", requestURL, nil)
if err != nil { if err != nil {

6
cmd/kubeadm/app/preflight/checks.go
View File

@ -24,6 +24,7 @@ import (
"os" "os"
"os/exec" "os/exec"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
"k8s.io/kubernetes/pkg/util/initsystem" "k8s.io/kubernetes/pkg/util/initsystem"
) )
@ -156,15 +157,16 @@ func (ipc InPathCheck) Check() (warnings, errors []error) {
return nil, nil return nil, nil
} }
func RunInitMasterChecks() error { func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error {
// TODO: Some of these ports should come from kubeadm config eventually: // TODO: Some of these ports should come from kubeadm config eventually:
checks := []PreFlightCheck{ checks := []PreFlightCheck{
IsRootCheck{root: true}, IsRootCheck{root: true},
ServiceCheck{Service: "kubelet"}, ServiceCheck{Service: "kubelet"},
ServiceCheck{Service: "docker"}, ServiceCheck{Service: "docker"},
PortOpenCheck{port: 443}, PortOpenCheck{port: int(cfg.API.BindPort)},
PortOpenCheck{port: 2379}, PortOpenCheck{port: 2379},
PortOpenCheck{port: 8080}, PortOpenCheck{port: 8080},
PortOpenCheck{port: int(cfg.Discovery.BindPort)},
PortOpenCheck{port: 10250}, PortOpenCheck{port: 10250},
PortOpenCheck{port: 10251}, PortOpenCheck{port: 10251},
PortOpenCheck{port: 10252}, PortOpenCheck{port: 10252},

64
hack/verify-flags/known-flags.txt
View File

@ -11,22 +11,26 @@ allow-privileged
allowed-not-ready-nodes allowed-not-ready-nodes
anonymous-auth anonymous-auth
api-advertise-addresses api-advertise-addresses
api-external-dns-names
api-burst api-burst
api-external-dns-names
api-port
api-prefix api-prefix
api-rate api-rate
apiserver-count
api-server-port api-server-port
api-servers api-servers
api-token api-token
api-version api-version
apiserver-count apiserver-count
apiserver-count
audit-log-maxage audit-log-maxage
audit-log-maxbackup audit-log-maxbackup
audit-log-maxsize audit-log-maxsize
audit-log-path audit-log-path
auth-path auth-path
auth-path
auth-provider auth-provider
auth-provider
auth-provider-arg
auth-provider-arg auth-provider-arg
authentication-token-webhook-cache-ttl authentication-token-webhook-cache-ttl
authentication-token-webhook-config-file authentication-token-webhook-config-file
@ -36,9 +40,6 @@ authorization-rbac-super-user
authorization-webhook-cache-authorized-ttl authorization-webhook-cache-authorized-ttl
authorization-webhook-cache-unauthorized-ttl authorization-webhook-cache-unauthorized-ttl
authorization-webhook-config-file authorization-webhook-config-file
auth-path
auth-provider
auth-provider-arg
babysit-daemons babysit-daemons
basic-auth-file basic-auth-file
bench-pods bench-pods
@ -55,8 +56,8 @@ build-tag
cadvisor-port cadvisor-port
cert-dir cert-dir
certificate-authority certificate-authority
cgroup-root
cgroup-driver cgroup-driver
cgroup-root
cgroups-per-qos cgroups-per-qos
chaos-chance chaos-chance
clean-start clean-start
@ -79,17 +80,17 @@ cluster-monitor-period
cluster-name cluster-name
cluster-signing-cert-file cluster-signing-cert-file
cluster-signing-key-file cluster-signing-key-file
cluster-tag
cni-bin-dir cni-bin-dir
cni-conf-dir cni-conf-dir
cluster-tag
concurrent-deployment-syncs concurrent-deployment-syncs
concurrent-endpoint-syncs concurrent-endpoint-syncs
concurrent-gc-syncs concurrent-gc-syncs
concurrent-namespace-syncs concurrent-namespace-syncs
concurrent-replicaset-syncs concurrent-replicaset-syncs
concurrent-resource-quota-syncs concurrent-resource-quota-syncs
concurrent-serviceaccount-token-syncs
concurrent-service-syncs concurrent-service-syncs
concurrent-serviceaccount-token-syncs
config-sync-period config-sync-period
configure-cbr0 configure-cbr0
configure-cloud-routes configure-cloud-routes
@ -100,10 +101,10 @@ conntrack-tcp-timeout-established
consumer-port consumer-port
consumer-service-name consumer-service-name
consumer-service-namespace consumer-service-namespace
contain-pod-resources
container-port container-port
container-runtime container-runtime
container-runtime-endpoint container-runtime-endpoint
contain-pod-resources
controller-start-interval controller-start-interval
cors-allowed-origins cors-allowed-origins
cpu-cfs-quota cpu-cfs-quota
@ -129,17 +130,18 @@ deserialization-cache-size
dest-file dest-file
disable-filter disable-filter
disable-kubenet disable-kubenet
discovery-port
dns-bind-address dns-bind-address
dns-port dns-port
dns-provider dns-provider
dns-provider-config dns-provider-config
dockercfg-path
docker-email docker-email
docker-endpoint docker-endpoint
docker-exec-handler docker-exec-handler
docker-password docker-password
docker-server docker-server
docker-username docker-username
dockercfg-path
driver-port driver-port
drop-embedded-fields drop-embedded-fields
dry-run dry-run
@ -153,10 +155,10 @@ enable-debugging-handlers
enable-dynamic-provisioning enable-dynamic-provisioning
enable-garbage-collector enable-garbage-collector
enable-garbage-collector enable-garbage-collector
enable-garbage-collector
enable-hostpath-provisioner enable-hostpath-provisioner
enable-server enable-server
enable-swagger-ui enable-swagger-ui
enable-garbage-collector
etcd-address etcd-address
etcd-cafile etcd-cafile
etcd-certfile etcd-certfile
@ -204,8 +206,8 @@ federated-api-qps
federated-kube-context federated-kube-context
federation-name federation-name
file-check-frequency file-check-frequency
file_content_in_loop
file-suffix file-suffix
file_content_in_loop
flex-volume-plugin-dir flex-volume-plugin-dir
forward-services forward-services
framework-name framework-name
@ -215,6 +217,7 @@ from-file
from-literal from-literal
func-dest func-dest
fuzz-iters fuzz-iters
garbage-collector-enabled
gather-logs-sizes gather-logs-sizes
gather-metrics-at-teardown gather-metrics-at-teardown
gather-resource-usage gather-resource-usage
@ -234,10 +237,10 @@ healthz-bind-address
healthz-port healthz-port
horizontal-pod-autoscaler-sync-period horizontal-pod-autoscaler-sync-period
host-ipc-sources host-ipc-sources
hostname-override
host-network-sources host-network-sources
host-pid-sources host-pid-sources
host-port-endpoints host-port-endpoints
hostname-override
http-check-frequency http-check-frequency
http-port http-port
ignore-daemonsets ignore-daemonsets
@ -249,8 +252,8 @@ image-project
image-pull-policy image-pull-policy
image-service-endpoint image-service-endpoint
include-extended-apis include-extended-apis
included-types-overrides
include-extended-apis include-extended-apis
included-types-overrides
input-base input-base
input-dirs input-dirs
insecure-allow-any-token insecure-allow-any-token
@ -286,6 +289,10 @@ kops-zones
kube-api-burst kube-api-burst
kube-api-content-type kube-api-content-type
kube-api-qps kube-api-qps
kube-master
kube-master
kube-master-url
kube-reserved
kubecfg-file kubecfg-file
kubectl-path kubectl-path
kubelet-address kubelet-address
@ -307,10 +314,6 @@ kubelet-read-only-port
kubelet-root-dir kubelet-root-dir
kubelet-sync-frequency kubelet-sync-frequency
kubelet-timeout kubelet-timeout
kube-master
kube-master
kube-master-url
kube-reserved
kubernetes-service-node-port kubernetes-service-node-port
label-columns label-columns
large-cluster-size-threshold large-cluster-size-threshold
@ -337,8 +340,6 @@ master-os-distro
master-service-namespace master-service-namespace
max-concurrency max-concurrency
max-connection-bytes-per-sec max-connection-bytes-per-sec
maximum-dead-containers
maximum-dead-containers-per-container
max-log-age max-log-age
max-log-backups max-log-backups
max-log-size max-log-size
@ -347,6 +348,8 @@ max-outgoing-burst
max-outgoing-qps max-outgoing-qps
max-pods max-pods
max-requests-inflight max-requests-inflight
maximum-dead-containers
maximum-dead-containers-per-container
mesos-authentication-principal mesos-authentication-principal
mesos-authentication-provider mesos-authentication-provider
mesos-authentication-secret-file mesos-authentication-secret-file
@ -360,20 +363,22 @@ mesos-launch-grace-period
mesos-master mesos-master
mesos-sandbox-overlay mesos-sandbox-overlay
mesos-user mesos-user
min-pr-number
min-request-timeout
min-resync-period
minimum-container-ttl-duration minimum-container-ttl-duration
minimum-image-ttl-duration minimum-image-ttl-duration
minion-max-log-age minion-max-log-age
minion-max-log-backups minion-max-log-backups
minion-max-log-size minion-max-log-size
minion-path-override minion-path-override
min-pr-number
min-request-timeout
min-resync-period
namespace-sync-period namespace-sync-period
network-plugin network-plugin
network-plugin-dir network-plugin-dir
network-plugin-mtu network-plugin-mtu
no-headers no-headers
no-headers
no-suggestions
no-suggestions no-suggestions
node-cidr-mask-size node-cidr-mask-size
node-eviction-rate node-eviction-rate
@ -392,9 +397,7 @@ node-port
node-startup-grace-period node-startup-grace-period
node-status-update-frequency node-status-update-frequency
node-sync-period node-sync-period
no-headers
non-masquerade-cidr non-masquerade-cidr
no-suggestions
num-nodes num-nodes
oidc-ca-file oidc-ca-file
oidc-client-id oidc-client-id
@ -403,6 +406,7 @@ oidc-issuer-url
oidc-username-claim oidc-username-claim
only-idl only-idl
oom-score-adj oom-score-adj
out-version
outofdisk-transition-frequency outofdisk-transition-frequency
output-base output-base
output-directory output-directory
@ -410,7 +414,6 @@ output-file-base
output-package output-package
output-print-type output-print-type
output-version output-version
out-version
path-override path-override
pod-cidr pod-cidr
pod-eviction-timeout pod-eviction-timeout
@ -433,7 +436,6 @@ proxy-logv
proxy-mode proxy-mode
proxy-port-range proxy-port-range
public-address-override public-address-override
pvclaimbinder-sync-period
pv-recycler-increment-timeout-nfs pv-recycler-increment-timeout-nfs
pv-recycler-maximum-retry pv-recycler-maximum-retry
pv-recycler-minimum-timeout-hostpath pv-recycler-minimum-timeout-hostpath
@ -441,6 +443,7 @@ pv-recycler-minimum-timeout-nfs
pv-recycler-pod-template-filepath-hostpath pv-recycler-pod-template-filepath-hostpath
pv-recycler-pod-template-filepath-nfs pv-recycler-pod-template-filepath-nfs
pv-recycler-timeout-increment-hostpath pv-recycler-timeout-increment-hostpath
pvclaimbinder-sync-period
read-only-port read-only-port
really-crash-for-testing really-crash-for-testing
reconcile-cidr reconcile-cidr
@ -459,8 +462,8 @@ replication-controller-lookup-cache-size
repo-root repo-root
report-dir report-dir
report-prefix report-prefix
required-contexts
require-kubeconfig require-kubeconfig
required-contexts
resolv-conf resolv-conf
resource-container resource-container
resource-quota-sync-period resource-quota-sync-period
@ -494,8 +497,8 @@ service-account-key-file
service-account-lookup service-account-lookup
service-account-private-key-file service-account-private-key-file
service-address service-address
service-cluster-ip-range
service-cidr service-cidr
service-cluster-ip-range
service-dns-domain service-dns-domain
service-generator service-generator
service-node-port-range service-node-port-range
@ -545,9 +548,9 @@ test-timeout
tls-ca-file tls-ca-file
tls-cert-file tls-cert-file
tls-private-key-file tls-private-key-file
to-version
token-auth-file token-auth-file
ttl-keys-prefix ttl-keys-prefix
to-version
ttl-secs ttl-secs
type-src type-src
udp-port udp-port
@ -561,6 +564,7 @@ use-kubernetes-cluster-service
use-kubernetes-version use-kubernetes-version
user-whitelist user-whitelist
verify-only verify-only
viper-config
volume-dir volume-dir
volume-plugin-dir volume-plugin-dir
volume-stats-agg-period volume-stats-agg-period