Move things into a 'kube-system' namespace.

2025-09-07 12:11:43 +00:00 · 2015-06-24 21:55:40 -07:00
parent c8f8e5f333
commit 988aa6fdf6
33 changed files with 100 additions and 56 deletions
--- a/cluster/addons/cluster-monitoring/google/heapster-controller.yaml
+++ b/cluster/addons/cluster-monitoring/google/heapster-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: monitoring-heapster-v5
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: heapster
    version: v5
--- a/cluster/addons/cluster-monitoring/google/heapster-service.yaml
+++ b/cluster/addons/cluster-monitoring/google/heapster-service.yaml
@@ -2,6 +2,7 @@ kind: Service
 apiVersion: v1
 metadata: 
  name: monitoring-heapster
+  namespace: kube-system
  labels: 
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "Heapster"
--- a/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml
+++ b/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: monitoring-heapster-v5
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: heapster
    version: v5
--- a/cluster/addons/cluster-monitoring/influxdb/grafana-service.yaml
+++ b/cluster/addons/cluster-monitoring/influxdb/grafana-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: monitoring-grafana
-  namespace: default 
+  namespace: kube-system
  labels: 
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "Grafana"
--- a/cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml
+++ b/cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: monitoring-heapster-v5
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: heapster
    version: v5
--- a/cluster/addons/cluster-monitoring/influxdb/heapster-service.yaml
+++ b/cluster/addons/cluster-monitoring/influxdb/heapster-service.yaml
@@ -1,8 +1,9 @@
 kind: Service
 apiVersion: v1
-metadata: 
+metadata:
  name: monitoring-heapster
-  labels: 
+  namespace: kube-system
+  labels:
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "Heapster"
 spec: 
--- a/cluster/addons/cluster-monitoring/influxdb/influxdb-grafana-controller.yaml
+++ b/cluster/addons/cluster-monitoring/influxdb/influxdb-grafana-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: monitoring-influx-grafana-v1
-  namespace: default 
+  namespace: kube-system
  labels: 
    k8s-app: influxGrafana
    version: v1
@@ -42,7 +42,7 @@ spec:
              memory: 100Mi
          env: 
            - name: INFLUXDB_EXTERNAL_URL
-              value: /api/v1/proxy/namespaces/default/services/monitoring-influxdb:api/db/
+              value: /api/v1/proxy/namespaces/kube-system/services/monitoring-influxdb:api/db/
            - name: INFLUXDB_HOST
              value: monitoring-influxdb
            - name: INFLUXDB_PORT
--- a/cluster/addons/cluster-monitoring/influxdb/influxdb-service.yaml
+++ b/cluster/addons/cluster-monitoring/influxdb/influxdb-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: monitoring-influxdb
-  namespace: default 
+  namespace: kube-system
  labels: 
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "InfluxDB"
--- a/cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml
+++ b/cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: monitoring-heapster-v5
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: heapster
    version: v5
--- a/cluster/addons/cluster-monitoring/standalone/heapster-service.yaml
+++ b/cluster/addons/cluster-monitoring/standalone/heapster-service.yaml
@@ -2,6 +2,7 @@ kind: Service
 apiVersion: v1
 metadata: 
  name: monitoring-heapster
+  namespace: kube-system
  labels: 
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "Heapster"
--- a/cluster/addons/dns/skydns-rc.yaml.in
+++ b/cluster/addons/dns/skydns-rc.yaml.in
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: kube-dns-v5
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: kube-dns
    version: v5
--- a/cluster/addons/dns/skydns-svc.yaml.in
+++ b/cluster/addons/dns/skydns-svc.yaml.in
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: kube-dns
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
--- a/cluster/addons/fluentd-elasticsearch/es-controller.yaml
+++ b/cluster/addons/fluentd-elasticsearch/es-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: elasticsearch-logging-v1
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: elasticsearch-logging
    version: v1
@@ -20,7 +20,7 @@ spec:
        kubernetes.io/cluster-service: "true"
    spec:
      containers:
-      - image: gcr.io/google_containers/elasticsearch:1.4
+      - image: gcr.io/google_containers/elasticsearch:1.5
        name: elasticsearch-logging         
        resources:
          limits:
--- a/cluster/addons/fluentd-elasticsearch/es-image/Makefile
+++ b/cluster/addons/fluentd-elasticsearch/es-image/Makefile
@@ -1,7 +1,8 @@
 .PHONY:	elasticsearch_logging_discovery build push

-# Keep this one version ahead to help prevent accidental pushes.
-TAG = 1.4
+# The current value of the tag to be used for building and
+# pushing an image to gcr.io
+TAG = 1.5

 build:	elasticsearch_logging_discovery
 	docker build -t gcr.io/google_containers/elasticsearch:$(TAG) .
--- a/cluster/addons/fluentd-elasticsearch/es-image/elasticsearch_logging_discovery.go
+++ b/cluster/addons/fluentd-elasticsearch/es-image/elasticsearch_logging_discovery.go
@@ -50,7 +50,7 @@ func main() {
 	// Look for endpoints associated with the Elasticsearch loggging service.
 	// First wait for the service to become available.
 	for t := time.Now(); time.Since(t) < 5*time.Minute; time.Sleep(10 * time.Second) {
-		elasticsearch, err = c.Services(api.NamespaceDefault).Get("elasticsearch-logging")
+		elasticsearch, err = c.Services(api.NamespaceSystem).Get("elasticsearch-logging")
 		if err == nil {
 			break
 		}
@@ -67,7 +67,7 @@ func main() {
 	// Wait for some endpoints.
 	count := 0
 	for t := time.Now(); time.Since(t) < 5*time.Minute; time.Sleep(10 * time.Second) {
-		endpoints, err = c.Endpoints(api.NamespaceDefault).Get("elasticsearch-logging")
+		endpoints, err = c.Endpoints(api.NamespaceSystem).Get("elasticsearch-logging")
 		if err != nil {
 			continue
 		}
--- a/cluster/addons/fluentd-elasticsearch/es-service.yaml
+++ b/cluster/addons/fluentd-elasticsearch/es-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: elasticsearch-logging
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: elasticsearch-logging
    kubernetes.io/cluster-service: "true"
--- a/cluster/addons/fluentd-elasticsearch/fluentd-es-image/td-agent.conf
+++ b/cluster/addons/fluentd-elasticsearch/fluentd-es-image/td-agent.conf
@@ -19,7 +19,7 @@
 # The time_format specification below makes sure we properly
 # parse the time format produced by Docker. This will be
 # submitted to Elasticsearch and should appear like:
-# $ curl 'http://elasticsearch-logging.default:9200/_search?pretty'
+# $ curl 'http://elasticsearch-logging:9200/_search?pretty'
 # ...
 # {
 #      "_index" : "logstash-2014.09.25",
@@ -94,6 +94,21 @@
  tag docker
 </source>

+<match kubernetes.**>
+   type elasticsearch
+   log_level info
+   include_tag_key true
+   host elasticsearch-logging
+   port 9200
+   logstash_format true
+   flush_interval 5s
+   # Never wait longer than 5 minutes between retries.
+   max_retry_wait 300
+   # Disable the limit on the number of retries (retry forever).
+   disable_retry_limit
+</match>
+>>>>>>> Move things into a 'kube-system' namespace.
+
 <source>
  type tail
  format none
--- a/cluster/addons/fluentd-elasticsearch/kibana-controller.yaml
+++ b/cluster/addons/fluentd-elasticsearch/kibana-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: kibana-logging-v1
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: kibana-logging
    version: v1
--- a/cluster/addons/fluentd-elasticsearch/kibana-service.yaml
+++ b/cluster/addons/fluentd-elasticsearch/kibana-service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: kibana-logging
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: kibana-logging
    kubernetes.io/cluster-service: "true"
--- a/cluster/addons/kube-ui/kube-ui-rc.yaml
+++ b/cluster/addons/kube-ui/kube-ui-rc.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ReplicationController
 metadata:
  name: kube-ui-v1
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: kube-ui
    version: v1
--- a/cluster/addons/kube-ui/kube-ui-svc.yaml
+++ b/cluster/addons/kube-ui/kube-ui-svc.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: kube-ui
-  namespace: default
+  namespace: kube-system
  labels:
    k8s-app: kube-ui
    kubernetes.io/cluster-service: "true"
--- a/cluster/saltbase/salt/fluentd-es/fluentd-es.yaml
+++ b/cluster/saltbase/salt/fluentd-es/fluentd-es.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: fluentd-elasticsearch
+  namespace: kube-system
 spec:
  containers:
  - name: fluentd-elasticsearch
--- a/cluster/saltbase/salt/fluentd-gcp/fluentd-gcp.yaml
+++ b/cluster/saltbase/salt/fluentd-gcp/fluentd-gcp.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: fluentd-cloud-logging
+  namespace: kube-system
 spec:
  containers:
  - name: fluentd-cloud-logging
--- a/cluster/saltbase/salt/kube-addons/init.sls
+++ b/cluster/saltbase/salt/kube-addons/init.sls
@@ -11,6 +11,13 @@ addon-dir-create:
    - require:
        - file: addon-dir-delete

+/etc/kubernetes/addons/namespace.yaml:
+  file.managed:
+    - source: salt://kube-addons/namespace.yaml
+    - user: root
+    - group: root
+    - file_mode: 644
+
 {% if pillar.get('enable_cluster_monitoring', '').lower() == 'influxdb' %}
 /etc/kubernetes/addons/cluster-monitoring/influxdb:
  file.recurse:
--- a/cluster/saltbase/salt/kube-addons/kube-addons.sh
+++ b/cluster/saltbase/salt/kube-addons/kube-addons.sh
@@ -21,6 +21,8 @@ KUBECTL=${KUBECTL_BIN:-/usr/local/bin/kubectl}

 ADDON_CHECK_INTERVAL_SEC=${TEST_ADDON_CHECK_INTERVAL_SEC:-600}

+SYSTEM_NAMESPACE=kube-system
+
 function create-kubeconfig-secret() {
  local -r token=$1
  local -r username=$2
@@ -47,6 +49,7 @@ contexts:
 - context:
    cluster: local
    user: ${username}
+    namespace: ${SYSTEM_NAMESPACE} 
  name: service-account-context
 current-context: service-account-context
 EOF
@@ -67,6 +70,7 @@ contexts:
 - context:
    cluster: local
    user: ${username}
+    namespace: ${SYSTEM_NAMESPACE}
  name: service-account-context
 current-context: service-account-context
 EOF
@@ -82,36 +86,39 @@ metadata:
  name: token-${safe_username}
 type: Opaque
 EOF
-  create-resource-from-string "${secretyaml}" 100 10 "Secret-for-token-for-user-${username}" &
-# TODO: label the secrets with special label so kubectl does not show these?
+  create-resource-from-string "${secretyaml}" 100 10 "Secret-for-token-for-user-${username}" "${SYSTEM_NAMESPACE}" &
 }

 # $1 filename of addon to start.
 # $2 count of tries to start the addon.
 # $3 delay in seconds between two consecutive tries
+# $4 namespace
 function start_addon() {
  local -r addon_filename=$1;
  local -r tries=$2;
  local -r delay=$3;
+  local -r namespace=$4

-  create-resource-from-string "$(cat ${addon_filename})" "${tries}" "${delay}" "${addon_filename}"
+  create-resource-from-string "$(cat ${addon_filename})" "${tries}" "${delay}" "${addon_filename}" "${namespace}"
 }

 # $1 string with json or yaml.
 # $2 count of tries to start the addon.
 # $3 delay in seconds between two consecutive tries
-# $3 name of this object to use when logging about it.
+# $4 name of this object to use when logging about it.
+# $5 namespace for this object
 function create-resource-from-string() {
  local -r config_string=$1;
  local tries=$2;
  local -r delay=$3;
  local -r config_name=$4;
+  local -r namespace=$5;
  while [ ${tries} -gt 0 ]; do
-    echo "${config_string}" | ${KUBECTL} create -f - && \
-        echo "== Successfully started ${config_name} at $(date -Is)" && \
+    echo "${config_string}" | ${KUBECTL} --namespace="${namespace}" create -f - && \
+        echo "== Successfully started ${config_name} in namespace ${namespace} at $(date -Is)" && \
        return 0;
    let tries=tries-1;
-    echo "== Failed to start ${config_name} at $(date -Is). ${tries} tries remaining. =="
+    echo "== Failed to start ${config_name} in namespace ${namespace} at $(date -Is). ${tries} tries remaining. =="
    sleep ${delay};
  done
  return 1;
@@ -143,6 +150,8 @@ done

 echo "== default service account has token ${token_found} =="

+start_addon /etc/kubernetes/addons/namespace.yaml 100 10 "" &
+
 # Generate secrets for "internal service accounts".
 # TODO(etune): move to a completely yaml/object based
 # workflow so that service accounts can be created
@@ -162,7 +171,7 @@ while read line; do
  else
    # Set the server to https://kubernetes. Pods/components that
    # do not have DNS available will have to override the server.
-    create-kubeconfig-secret "${token}" "${username}" "https://kubernetes"
+    create-kubeconfig-secret "${token}" "${username}" "https://kubernetes.default"
  fi
 done < /srv/kubernetes/known_tokens.csv

@@ -170,7 +179,7 @@ done < /srv/kubernetes/known_tokens.csv
 # are defined in a namespace other than default, we should still create the limits for the
 # default namespace.
 for obj in $(find /etc/kubernetes/admission-controls \( -name \*.yaml -o -name \*.json \)); do
-  start_addon ${obj} 100 10 &
+  start_addon ${obj} 100 10 default &
  echo "++ obj ${obj} is created ++"
 done

--- a/cluster/saltbase/salt/kube-addons/namespace.yaml
+++ b/cluster/saltbase/salt/kube-addons/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system
--- a/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml
+++ b/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml
@@ -2,6 +2,7 @@ apiVersion: "v1"
 kind: "LimitRange"
 metadata:
  name: "limits"
+  namespace: default
 spec:
  limits:
    - type: "Container"