github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 11:38:15 +00:00
Code Issues Projects Releases Wiki Activity

update related files

Browse Source
This commit is contained in:
Di Xu 2017-06-18 21:34:24 +08:00
parent b2f3244032
commit 7c72594c85
17 changed files with 46 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/addons/node-problem-detector/npd.yaml
View File

@ -76,6 +76,7 @@ spec:
- name: localtime - name: localtime
hostPath: hostPath:
path: /etc/localtime path: /etc/localtime
type: "FileOrCreate"
serviceAccountName: node-problem-detector serviceAccountName: node-problem-detector
tolerations: tolerations:
- operator: "Exists" - operator: "Exists"

10
cluster/gce/container-linux/configure-helper.sh
View File

@ -828,7 +828,7 @@ function compute-master-manifest-variables {
CLOUD_CONFIG_MOUNT="" CLOUD_CONFIG_MOUNT=""
if [[ -f /etc/gce.conf ]]; then if [[ -f /etc/gce.conf ]]; then
CLOUD_CONFIG_OPT="--cloud-config=/etc/gce.conf" CLOUD_CONFIG_OPT="--cloud-config=/etc/gce.conf"
CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\"}}," CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}},"
CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true}," CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true},"
fi fi
DOCKER_REGISTRY="gcr.io/google_containers" DOCKER_REGISTRY="gcr.io/google_containers"
@ -933,10 +933,10 @@ function start-kube-apiserver {
params+=" --admission-control-config-file=/etc/admission_controller.config" params+=" --admission-control-config-file=/etc/admission_controller.config"
# Mount the file to configure admission controllers if ImagePolicyWebhook is set. # Mount the file to configure admission controllers if ImagePolicyWebhook is set.
admission_controller_config_mount="{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"/etc/admission_controller.config\", \"readOnly\": false}," admission_controller_config_mount="{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"/etc/admission_controller.config\", \"readOnly\": false},"
admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\"}}," admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\", \"type\": \"FileOrCreate\"}},"
# Mount the file to configure the ImagePolicyWebhook's webhook. # Mount the file to configure the ImagePolicyWebhook's webhook.
image_policy_webhook_config_mount="{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," image_policy_webhook_config_mount="{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false},"
image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\"}}," image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}},"
fi fi
fi fi
@ -963,7 +963,7 @@ function start-kube-apiserver {
if [[ -n "${GCP_AUTHN_URL:-}" ]]; then if [[ -n "${GCP_AUTHN_URL:-}" ]]; then
params+=" --authentication-token-webhook-config-file=/etc/gcp_authn.config" params+=" --authentication-token-webhook-config-file=/etc/gcp_authn.config"
webhook_authn_config_mount="{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"/etc/gcp_authn.config\", \"readOnly\": false}," webhook_authn_config_mount="{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"/etc/gcp_authn.config\", \"readOnly\": false},"
webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\"}}," webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\", \"type\": \"FileOrCreate\"}},"
fi fi
local authorization_mode="RBAC" local authorization_mode="RBAC"
@ -994,7 +994,7 @@ function start-kube-apiserver {
authorization_mode+=",Webhook" authorization_mode+=",Webhook"
params+=" --authorization-webhook-config-file=/etc/gcp_authz.config" params+=" --authorization-webhook-config-file=/etc/gcp_authz.config"
webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false}," webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false},"
webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\"}}," webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\", \"type\": \"FileOrCreate\"}},"
fi fi
params+=" --authorization-mode=${authorization_mode}" params+=" --authorization-mode=${authorization_mode}"

14
cluster/gce/gci/configure-helper.sh
View File

@ -1154,7 +1154,7 @@ function compute-master-manifest-variables {
CLOUD_CONFIG_MOUNT="" CLOUD_CONFIG_MOUNT=""
if [[ -f /etc/gce.conf ]]; then if [[ -f /etc/gce.conf ]]; then
CLOUD_CONFIG_OPT="--cloud-config=/etc/gce.conf" CLOUD_CONFIG_OPT="--cloud-config=/etc/gce.conf"
CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\"}}," CLOUD_CONFIG_VOLUME="{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"/etc/gce.conf\", \"type\": \"FileOrCreate\"}},"
CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true}," CLOUD_CONFIG_MOUNT="{\"name\": \"cloudconfigmount\",\"mountPath\": \"/etc/gce.conf\", \"readOnly\": true},"
fi fi
DOCKER_REGISTRY="gcr.io/google_containers" DOCKER_REGISTRY="gcr.io/google_containers"
@ -1282,7 +1282,7 @@ function start-kube-apiserver {
# Create the audit policy file, and mount it into the apiserver pod. # Create the audit policy file, and mount it into the apiserver pod.
create-master-audit-policy "${audit_policy_file}" create-master-audit-policy "${audit_policy_file}"
audit_policy_config_mount="{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"${audit_policy_file}\", \"readOnly\": true}," audit_policy_config_mount="{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"${audit_policy_file}\", \"readOnly\": true},"
audit_policy_config_volume="{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"${audit_policy_file}\"}}," audit_policy_config_volume="{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"${audit_policy_file}\", \"type\": \"FileOrCreate\"}},"
if [[ "${ADVANCED_AUDIT_BACKEND:-log}" == *"log"* ]]; then if [[ "${ADVANCED_AUDIT_BACKEND:-log}" == *"log"* ]]; then
# The advanced audit log backend config matches the basic audit log config. # The advanced audit log backend config matches the basic audit log config.
@ -1304,7 +1304,7 @@ function start-kube-apiserver {
params+=" --audit-webhook-config-file=${audit_webhook_config_file}" params+=" --audit-webhook-config-file=${audit_webhook_config_file}"
create-master-audit-webhook-config "${audit_webhook_config_file}" create-master-audit-webhook-config "${audit_webhook_config_file}"
audit_webhook_config_mount="{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"${audit_webhook_config_file}\", \"readOnly\": true}," audit_webhook_config_mount="{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"${audit_webhook_config_file}\", \"readOnly\": true},"
audit_webhook_config_volume="{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"${audit_webhook_config_file}\"}}," audit_webhook_config_volume="{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"${audit_webhook_config_file}\", \"type\": \"FileOrCreate\"}},"
fi fi
fi fi
@ -1322,10 +1322,10 @@ function start-kube-apiserver {
params+=" --admission-control-config-file=/etc/admission_controller.config" params+=" --admission-control-config-file=/etc/admission_controller.config"
# Mount the file to configure admission controllers if ImagePolicyWebhook is set. # Mount the file to configure admission controllers if ImagePolicyWebhook is set.
admission_controller_config_mount="{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"/etc/admission_controller.config\", \"readOnly\": false}," admission_controller_config_mount="{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"/etc/admission_controller.config\", \"readOnly\": false},"
admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\"}}," admission_controller_config_volume="{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"/etc/admission_controller.config\", \"type\": \"FileOrCreate\"}},"
# Mount the file to configure the ImagePolicyWebhook's webhook. # Mount the file to configure the ImagePolicyWebhook's webhook.
image_policy_webhook_config_mount="{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," image_policy_webhook_config_mount="{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false},"
image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\"}}," image_policy_webhook_config_volume="{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}},"
fi fi
fi fi
@ -1352,7 +1352,7 @@ function start-kube-apiserver {
if [[ -n "${GCP_AUTHN_URL:-}" ]]; then if [[ -n "${GCP_AUTHN_URL:-}" ]]; then
params+=" --authentication-token-webhook-config-file=/etc/gcp_authn.config" params+=" --authentication-token-webhook-config-file=/etc/gcp_authn.config"
webhook_authn_config_mount="{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"/etc/gcp_authn.config\", \"readOnly\": false}," webhook_authn_config_mount="{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"/etc/gcp_authn.config\", \"readOnly\": false},"
webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\"}}," webhook_authn_config_volume="{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authn.config\", \"type\": \"FileOrCreate\"}},"
fi fi
@ -1384,7 +1384,7 @@ function start-kube-apiserver {
authorization_mode+=",Webhook" authorization_mode+=",Webhook"
params+=" --authorization-webhook-config-file=/etc/gcp_authz.config" params+=" --authorization-webhook-config-file=/etc/gcp_authz.config"
webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false}," webhook_config_mount="{\"name\": \"webhookconfigmount\",\"mountPath\": \"/etc/gcp_authz.config\", \"readOnly\": false},"
webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\"}}," webhook_config_volume="{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_authz.config\", \"type\": \"FileOrCreate\"}},"
fi fi
params+=" --authorization-mode=${authorization_mode}" params+=" --authorization-mode=${authorization_mode}"

5
cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest
View File

@ -5,7 +5,7 @@
{% if grains.cloud == 'gce' and grains.cloud_config is defined -%} {% if grains.cloud == 'gce' and grains.cloud_config is defined -%}
{% set cloud_config = "--cloud-config=" + grains.cloud_config -%} {% set cloud_config = "--cloud-config=" + grains.cloud_config -%}
{% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%}
{% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\"}}," -%} {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%}
{% endif -%} {% endif -%}
{% set params = pillar['autoscaler_mig_config'] + " " + cloud_config + " " + pillar.get('autoscaler_expander_config', '') -%} {% set params = pillar['autoscaler_mig_config'] + " " + cloud_config + " " + pillar.get('autoscaler_expander_config', '') -%}
@ -95,7 +95,8 @@
{ {
"name": "logfile", "name": "logfile",
"hostPath": { "hostPath": {
"path": "/var/log/cluster-autoscaler.log" "path": "/var/log/cluster-autoscaler.log",
"type": "FileOrCreate"
} }
} }
], ],

2
cluster/saltbase/salt/e2e-image-puller/e2e-image-puller.manifest
View File

@ -50,9 +50,11 @@ spec:
volumes: volumes:
- hostPath: - hostPath:
path: /var/run/docker.sock path: /var/run/docker.sock
type: Socket
name: socket name: socket
- hostPath: - hostPath:
path: /usr/bin/docker path: /usr/bin/docker
type: File
name: docker name: docker
# This pod is really fire-and-forget. # This pod is really fire-and-forget.
restartPolicy: OnFailure restartPolicy: OnFailure

3
cluster/saltbase/salt/etcd/etcd.manifest
View File

@ -103,7 +103,8 @@
}, },
{ "name": "varlogetcd", { "name": "varlogetcd",
"hostPath": { "hostPath": {
"path": "/var/log/etcd{{ suffix }}.log"} "path": "/var/log/etcd{{ suffix }}.log",
"type": "FileOrCreate"}
}, },
{ "name": "etc", { "name": "etc",
"hostPath": { "hostPath": {

20
cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest
View File

@ -25,7 +25,7 @@
{% if grains.cloud in [ 'aws', 'gce' ] and grains.cloud_config is defined -%} {% if grains.cloud in [ 'aws', 'gce' ] and grains.cloud_config is defined -%}
{% set cloud_config = "--cloud-config=" + grains.cloud_config -%} {% set cloud_config = "--cloud-config=" + grains.cloud_config -%}
{% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%}
{% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\"}}," -%} {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%}
{% endif -%} {% endif -%}
{% if grains.cloud in ['openstack'] -%} {% if grains.cloud in ['openstack'] -%}
@ -119,7 +119,7 @@
{% if grains.webhook_authentication_config is defined -%} {% if grains.webhook_authentication_config is defined -%}
{% set webhook_authentication_config = " --authentication-token-webhook-config-file=" + grains.webhook_authentication_config -%} {% set webhook_authentication_config = " --authentication-token-webhook-config-file=" + grains.webhook_authentication_config -%}
{% set webhook_authn_config_mount = "{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"" + grains.webhook_authentication_config + "\", \"readOnly\": false}," -%} {% set webhook_authn_config_mount = "{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"" + grains.webhook_authentication_config + "\", \"readOnly\": false}," -%}
{% set webhook_authn_config_volume = "{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authentication_config + "\"}}," -%} {% set webhook_authn_config_volume = "{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authentication_config + "\", \"type\": \"FileOrCreate\"}}," -%}
{% endif -%} {% endif -%}
{% set webhook_authorization_config = "" -%} {% set webhook_authorization_config = "" -%}
@ -128,7 +128,7 @@
{% if grains.webhook_authorization_config is defined -%} {% if grains.webhook_authorization_config is defined -%}
{% set webhook_authorization_config = " --authorization-webhook-config-file=" + grains.webhook_authorization_config -%} {% set webhook_authorization_config = " --authorization-webhook-config-file=" + grains.webhook_authorization_config -%}
{% set webhook_config_mount = "{\"name\": \"webhookconfigmount\",\"mountPath\": \"" + grains.webhook_authorization_config + "\", \"readOnly\": false}," -%} {% set webhook_config_mount = "{\"name\": \"webhookconfigmount\",\"mountPath\": \"" + grains.webhook_authorization_config + "\", \"readOnly\": false}," -%}
{% set webhook_config_volume = "{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authorization_config + "\"}}," -%} {% set webhook_config_volume = "{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authorization_config + "\", \"type\": \"FileOrCreate\"}}," -%}
{% set authz_mode = authz_mode + ",Webhook" -%} {% set authz_mode = authz_mode + ",Webhook" -%}
{% endif -%} {% endif -%}
@ -140,9 +140,9 @@
{% if grains.image_review_config is defined -%} {% if grains.image_review_config is defined -%}
{% set image_review_config = " --admission-control-config-file=" + grains.image_review_config -%} {% set image_review_config = " --admission-control-config-file=" + grains.image_review_config -%}
{% set admission_controller_config_mount = "{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"" + grains.image_review_config + "\", \"readOnly\": false}," -%} {% set admission_controller_config_mount = "{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"" + grains.image_review_config + "\", \"readOnly\": false}," -%}
{% set admission_controller_config_volume = "{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"" + grains.image_review_config + "\"}}," -%} {% set admission_controller_config_volume = "{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"" + grains.image_review_config + "\", \"type\": \"FileOrCreate\"}}," -%}
{% set image_policy_webhook_config_mount = "{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," -%} {% set image_policy_webhook_config_mount = "{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," -%}
{% set image_policy_webhook_config_volume = "{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\"}}," -%} {% set image_policy_webhook_config_volume = "{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}}," -%}
{% endif -%} {% endif -%}
{% set admission_control = "" -%} {% set admission_control = "" -%}
@ -185,14 +185,14 @@
{% elif pillar['enable_apiserver_advanced_audit'] is defined and pillar['enable_apiserver_advanced_audit'] in ['true'] -%} {% elif pillar['enable_apiserver_advanced_audit'] is defined and pillar['enable_apiserver_advanced_audit'] in ['true'] -%}
{% set audit_log = "--audit-policy-file=/etc/audit_policy.config" -%} {% set audit_log = "--audit-policy-file=/etc/audit_policy.config" -%}
{% set audit_policy_config_mount = "{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"/etc/audit_policy.config\", \"readOnly\": true}," -%} {% set audit_policy_config_mount = "{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"/etc/audit_policy.config\", \"readOnly\": true}," -%}
{% set audit_policy_config_volume = "{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_policy.config\"}}," -%} {% set audit_policy_config_volume = "{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_policy.config\", \"type\": \"FileOrCreate\"}}," -%}
{% if pillar['advanced_audit_backend'] is defined and 'log' in pillar['advanced_audit_backend'] -%} {% if pillar['advanced_audit_backend'] is defined and 'log' in pillar['advanced_audit_backend'] -%}
{% set audit_log = audit_log + " --audit-log-path=/var/log/kube-apiserver-audit.log --audit-log-maxage=0 --audit-log-maxbackup=0 --audit-log-maxsize=2000000000" -%} {% set audit_log = audit_log + " --audit-log-path=/var/log/kube-apiserver-audit.log --audit-log-maxage=0 --audit-log-maxbackup=0 --audit-log-maxsize=2000000000" -%}
{% endif %} {% endif %}
{% if pillar['advanced_audit_backend'] is defined and 'webhook' in pillar['advanced_audit_backend'] -%} {% if pillar['advanced_audit_backend'] is defined and 'webhook' in pillar['advanced_audit_backend'] -%}
{% set audit_log = audit_log + " --audit-webhook-mode=batch" -%} {% set audit_log = audit_log + " --audit-webhook-mode=batch" -%}
{% set audit_webhook_config_mount = "{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"/etc/audit_webhook.config\", \"readOnly\": true}," -%} {% set audit_webhook_config_mount = "{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"/etc/audit_webhook.config\", \"readOnly\": true}," -%}
{% set audit_webhook_config_volume = "{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_webhook.config\"}}," -%} {% set audit_webhook_config_volume = "{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_webhook.config\", \"type\": \"FileOrCreate\"}}," -%}
{% endif %} {% endif %}
{% endif -%} {% endif -%}
@ -308,11 +308,13 @@
}, },
{ "name": "logfile", { "name": "logfile",
"hostPath": { "hostPath": {
"path": "/var/log/kube-apiserver.log"} "path": "/var/log/kube-apiserver.log",
"type": "FileOrCreate"}
}, },
{ "name": "auditlogfile", { "name": "auditlogfile",
"hostPath": { "hostPath": {
"path": "/var/log/kube-apiserver-audit.log"} "path": "/var/log/kube-apiserver-audit.log",
"type": "FileOrCreate"}
}, },
{ "name": "etcssl", { "name": "etcssl",
"hostPath": { "hostPath": {

5
cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest
View File

@ -49,7 +49,7 @@
{% if grains.cloud in [ 'aws', 'gce' ] and grains.cloud_config is defined -%} {% if grains.cloud in [ 'aws', 'gce' ] and grains.cloud_config is defined -%}
{% set cloud_config = "--cloud-config=" + grains.cloud_config -%} {% set cloud_config = "--cloud-config=" + grains.cloud_config -%}
{% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%}
{% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\"}}," -%} {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%}
{% endif -%} {% endif -%}
{% if grains.cloud in ['openstack'] -%} {% if grains.cloud in ['openstack'] -%}
@ -164,7 +164,8 @@
}, },
{ "name": "logfile", { "name": "logfile",
"hostPath": { "hostPath": {
"path": "/var/log/kube-controller-manager.log"} "path": "/var/log/kube-controller-manager.log",
"type": "FileOrCreate"}
}, },
{ "name": "etcssl", { "name": "etcssl",
"hostPath": { "hostPath": {

2
cluster/saltbase/salt/kube-proxy/kube-proxy.manifest
View File

@ -102,6 +102,7 @@ spec:
name: etc-ssl-certs name: etc-ssl-certs
- hostPath: - hostPath:
path: /var/lib/kube-proxy/kubeconfig path: /var/lib/kube-proxy/kubeconfig
type: FileOrCreate
name: kubeconfig name: kubeconfig
- hostPath: - hostPath:
path: /var/log path: /var/log
@ -111,4 +112,5 @@ spec:
name: run name: run
- hostPath: - hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate
name: iptableslock name: iptableslock

2
cluster/saltbase/salt/kube-scheduler/kube-scheduler.manifest
View File

@ -83,7 +83,7 @@
}, },
{ {
"name": "logfile", "name": "logfile",
"hostPath": {"path": "/var/log/kube-scheduler.log"} "hostPath": {"path": "/var/log/kube-scheduler.log", "type": "FileOrCreate"}
} }
] ]
}} }}

2
cluster/saltbase/salt/l7-gcp/glbc.manifest
View File

@ -48,7 +48,9 @@ spec:
volumes: volumes:
- hostPath: - hostPath:
path: /etc/gce.conf path: /etc/gce.conf
type: FileOrCreate
name: cloudconfig name: cloudconfig
- hostPath: - hostPath:
path: /var/log/glbc.log path: /var/log/glbc.log
type: FileOrCreate
name: logfile name: logfile

1
cluster/saltbase/salt/rescheduler/rescheduler.manifest
View File

@ -32,4 +32,5 @@ spec:
volumes: volumes:
- hostPath: - hostPath:
path: /var/log/rescheduler.log path: /var/log/rescheduler.log
type: FileOrCreate
name: logfile name: logfile

2
cmd/kubeadm/app/phases/addons/proxy/manifests.go
View File

@ -81,7 +81,6 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /var/lib/kube-proxy - mountPath: /var/lib/kube-proxy
name: kube-proxy name: kube-proxy
# TODO: Make this a file hostpath mount
- mountPath: /run/xtables.lock - mountPath: /run/xtables.lock
name: xtables-lock name: xtables-lock
readOnly: false readOnly: false
@ -100,5 +99,6 @@ spec:
- name: xtables-lock - name: xtables-lock
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate
` `
) )

1
examples/newrelic/newrelic-daemonset.yaml
View File

@ -52,6 +52,7 @@ spec:
- name: run - name: run
hostPath: hostPath:
path: /var/run/docker.sock path: /var/run/docker.sock
type: Socket
- name: sys - name: sys
hostPath: hostPath:
path: /sys path: /sys

3
examples/oms/omsagent-daemonset.yaml
View File

@ -27,4 +27,5 @@ spec:
volumes: volumes:
- name: docker-sock - name: docker-sock
hostPath: hostPath:
path: /var/run/docker.sock path: /var/run/docker.sock
type: Socket

1
examples/sysdig-cloud/sysdig-daemonset.yaml
View File

@ -16,6 +16,7 @@ spec:
- name: docker-sock - name: docker-sock
hostPath: hostPath:
path: /var/run/docker.sock path: /var/run/docker.sock
type: Socket
- name: dev-vol - name: dev-vol
hostPath: hostPath:
path: /dev path: /dev

1
examples/sysdig-cloud/sysdig-rc.yaml
View File

@ -14,6 +14,7 @@ spec:
- name: docker-sock - name: docker-sock
hostPath: hostPath:
path: /var/run/docker.sock path: /var/run/docker.sock
type: Socket
- name: dev-vol - name: dev-vol
hostPath: hostPath:
path: /dev path: /dev