Merge pull request #28458 from rbtcollins/master

Automatic merge from submit-queue (batch tested with PRs 38260, 32811, 28458, 33570, 37096)

Fix support for DNS in local-up-cluster.sh

[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/.github/PULL_REQUEST_TEMPLATE.md?pixel)]()

The default appears to be gce now, so this tries to spawn a service in
gce... not the desired outcome for a local test setup.

We also need to sync the kubectl config in the script with the instructions for users, since if people don't test with DNS enabled, it bitrots (which this aims to fix).

To test manually, run something like
```
sudo KUBE_ENABLE_CLUSTER_DNS=true API_HOST_IP=0.0.0.0 ./hack/local-up-cluster.sh
```

The API_HOST_IP=0.0.0.0 is required, otherwise the master is not contactable by kubedns, and the dns pod will fail readychecking on the healthz pod.
This commit is contained in:
Kubernetes Submit Queue 2016-12-08 02:11:22 -08:00 committed by GitHub
commit 8cf079bd74
2 changed files with 20 additions and 15 deletions

View File

@ -34,9 +34,16 @@ kube::etcd::start() {
version=$(etcd --version | tail -n +1 | head -n 1 | cut -d " " -f 3) version=$(etcd --version | tail -n +1 | head -n 1 | cut -d " " -f 3)
if [[ "${version}" < "${ETCD_VERSION}" ]]; then if [[ "${version}" < "${ETCD_VERSION}" ]]; then
kube::log::usage "etcd version ${ETCD_VERSION} or greater required." export PATH=$KUBE_ROOT/third_party/etcd:$PATH
kube::log::info "You can use 'hack/install-etcd.sh' to install a copy in third_party/." hash etcd
exit 1 echo $PATH
ls $KUBE_ROOT/third_party/etcd
version=$(etcd --version | head -n 1 | cut -d " " -f 3)
if [[ "${version}" < "${ETCD_VERSION}" ]]; then
kube::log::usage "etcd version ${ETCD_VERSION} or greater required."
kube::log::info "You can use 'hack/install-etcd.sh' to install a copy in third_party/."
exit 1
fi
fi fi
# Start etcd # Start etcd

View File

@ -16,7 +16,8 @@
# This command builds and runs a local kubernetes cluster. It's just like # This command builds and runs a local kubernetes cluster. It's just like
# local-up.sh, but this one launches the three separate binaries. # local-up.sh, but this one launches the three separate binaries.
# You may need to run this as root to allow kubelet to open docker's socket. # You may need to run this as root to allow kubelet to open docker's socket,
# and to write the test CA in /var/run/kubernetes.
DOCKER_OPTS=${DOCKER_OPTS:-""} DOCKER_OPTS=${DOCKER_OPTS:-""}
DOCKER=(docker ${DOCKER_OPTS}) DOCKER=(docker ${DOCKER_OPTS})
DOCKERIZE_KUBELET=${DOCKERIZE_KUBELET:-""} DOCKERIZE_KUBELET=${DOCKERIZE_KUBELET:-""}
@ -194,6 +195,8 @@ CPU_CFS_QUOTA=${CPU_CFS_QUOTA:-true}
ENABLE_HOSTPATH_PROVISIONER=${ENABLE_HOSTPATH_PROVISIONER:-"false"} ENABLE_HOSTPATH_PROVISIONER=${ENABLE_HOSTPATH_PROVISIONER:-"false"}
CLAIM_BINDER_SYNC_PERIOD=${CLAIM_BINDER_SYNC_PERIOD:-"15s"} # current k8s default CLAIM_BINDER_SYNC_PERIOD=${CLAIM_BINDER_SYNC_PERIOD:-"15s"} # current k8s default
ENABLE_CONTROLLER_ATTACH_DETACH=${ENABLE_CONTROLLER_ATTACH_DETACH:-"true"} # current default ENABLE_CONTROLLER_ATTACH_DETACH=${ENABLE_CONTROLLER_ATTACH_DETACH:-"true"} # current default
# This is the default dir and filename where the apiserver will generate a self-signed cert
# which should be able to be used as the CA to verify itself
CERT_DIR=${CERT_DIR:-"/var/run/kubernetes"} CERT_DIR=${CERT_DIR:-"/var/run/kubernetes"}
ROOT_CA_FILE=$CERT_DIR/apiserver.crt ROOT_CA_FILE=$CERT_DIR/apiserver.crt
EXPERIMENTAL_CRI=${EXPERIMENTAL_CRI:-"false"} EXPERIMENTAL_CRI=${EXPERIMENTAL_CRI:-"false"}
@ -587,10 +590,10 @@ function start_kubelet {
fi fi
auth_args="" auth_args=""
if [[ -n "${KUBELET_AUTHORIZATION_WEBHOOK}" ]]; then if [[ -n "${KUBELET_AUTHORIZATION_WEBHOOK:-}" ]]; then
auth_args="${auth_args} --authorization-mode=Webhook" auth_args="${auth_args} --authorization-mode=Webhook"
fi fi
if [[ -n "${KUBELET_AUTHENTICATION_WEBHOOK}" ]]; then if [[ -n "${KUBELET_AUTHENTICATION_WEBHOOK:-}" ]]; then
auth_args="${auth_args} --authentication-token-webhook" auth_args="${auth_args} --authentication-token-webhook"
fi fi
if [[ -n "${CLIENT_CA_FILE:-}" ]]; then if [[ -n "${CLIENT_CA_FILE:-}" ]]; then
@ -609,7 +612,7 @@ function start_kubelet {
image_service_endpoint_args="" image_service_endpoint_args=""
if [[ -n "${IMAGE_SERVICE_ENDPOINT}" ]]; then if [[ -n "${IMAGE_SERVICE_ENDPOINT}" ]]; then
image_service_endpoint_args="--image-service-endpoint=${IMAGE_SERVICE_ENDPOINT}" image_service_endpoint_args="--image-service-endpoint=${IMAGE_SERVICE_ENDPOINT}"
fi fi
sudo -E "${GO_OUT}/hyperkube" kubelet ${priv_arg}\ sudo -E "${GO_OUT}/hyperkube" kubelet ${priv_arg}\
@ -720,17 +723,12 @@ function start_kubedns {
sed -i -e "/{{ pillar\['federations_domain_map'\] }}/d" skydns-rc.yaml sed -i -e "/{{ pillar\['federations_domain_map'\] }}/d" skydns-rc.yaml
fi fi
sed -e "s/{{ pillar\['dns_server'\] }}/${DNS_SERVER_IP}/g" "${KUBE_ROOT}/cluster/addons/dns/skydns-svc.yaml.in" >| skydns-svc.yaml sed -e "s/{{ pillar\['dns_server'\] }}/${DNS_SERVER_IP}/g" "${KUBE_ROOT}/cluster/addons/dns/skydns-svc.yaml.in" >| skydns-svc.yaml
cat <<EOF >namespace.yaml export KUBERNETES_PROVIDER=local
apiVersion: v1
kind: Namespace
metadata:
name: kube-system
EOF
${KUBECTL} config set-cluster local --server=https://${API_HOST}:${API_SECURE_PORT} --certificate-authority=${ROOT_CA_FILE} ${KUBECTL} config set-cluster local --server=https://${API_HOST}:${API_SECURE_PORT} --certificate-authority=${ROOT_CA_FILE}
${KUBECTL} config set-context local --cluster=local ${KUBECTL} config set-credentials myself --username=admin --password=admin
${KUBECTL} config set-context local --cluster=local --user=myself
${KUBECTL} config use-context local ${KUBECTL} config use-context local
${KUBECTL} create -f namespace.yaml
# use kubectl to create skydns rc and service # use kubectl to create skydns rc and service
${KUBECTL} --namespace=kube-system create -f skydns-rc.yaml ${KUBECTL} --namespace=kube-system create -f skydns-rc.yaml
${KUBECTL} --namespace=kube-system create -f skydns-svc.yaml ${KUBECTL} --namespace=kube-system create -f skydns-svc.yaml