diff --git a/cluster/rackspace/authorization.sh b/cluster/rackspace/authorization.sh index 61ff97974b1..6527abd3045 100644 --- a/cluster/rackspace/authorization.sh +++ b/cluster/rackspace/authorization.sh @@ -19,14 +19,14 @@ create_token() { echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null) } -get_token_from_csv() { +get_tokens_from_csv() { KUBE_BEARER_TOKEN=$(awk -F, '/admin/ {print $1}' ${KUBE_TEMP}/${1}_tokens.csv) KUBELET_TOKEN=$(awk -F, '/kubelet/ {print $1}' ${KUBE_TEMP}/${1}_tokens.csv) KUBE_PROXY_TOKEN=$(awk -F, '/kube_proxy/ {print $1}' ${KUBE_TEMP}/${1}_tokens.csv) } generate_admin_token() { - echo "$(create_token),admin,admin" >> ${KUBE_TEMP}/${1}_tokens.csv + echo "$(create_token),admin,admin" >> ${KUBE_TEMP}/known_tokens.csv } # Creates a csv file each time called (i.e one per kubelet). diff --git a/cluster/rackspace/cloud-config/master-cloud-config.yaml b/cluster/rackspace/cloud-config/master-cloud-config.yaml index 1102d3a023a..a55a132805c 100644 --- a/cluster/rackspace/cloud-config/master-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/master-cloud-config.yaml @@ -85,7 +85,6 @@ coreos: [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-apiserver /opt/bin/kube-apiserver ExecStartPre=/usr/bin/mkdir -p /var/lib/kube-apiserver - ExecStartPre=/usr/bin/cp /media/configdrive/openstack/content/0000 /var/lib/kube-apiserver/known_tokens.csv ExecStart=/opt/bin/kube-apiserver \ --address=127.0.0.1 \ --cloud_provider=rackspace \ @@ -147,26 +146,6 @@ coreos: --master=127.0.0.1:8080 Restart=always RestartSec=5 - - name: kube-register.service - command: start - content: | - [Unit] - Description=Kubernetes Registration Service - Documentation=https://github.com/kelseyhightower/kube-register - Requires=kube-apiserver.service - After=kube-apiserver.service - Requires=fleet.service - After=fleet.service - [Service] - ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-register -z /opt/bin/kube-register https://github.com/kelseyhightower/kube-register/releases/download/v0.0.3/kube-register-0.0.3-linux-amd64 - ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-register - ExecStart=/opt/bin/kube-register \ - --api-endpoint=http://127.0.0.1:8080 \ - --fleet-endpoint=unix:///var/run/fleet.sock \ - --healthz-port=10248 \ - --metadata=kubernetes_role=minion - Restart=always - RestartSec=10 #Running nginx service with --net="host" is a necessary evil until running all k8s services in docker. - name: kubernetes-nginx.service command: start diff --git a/cluster/rackspace/cloud-config/minion-cloud-config.yaml b/cluster/rackspace/cloud-config/minion-cloud-config.yaml index badbec83be4..3d4b5740683 100644 --- a/cluster/rackspace/cloud-config/minion-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/minion-cloud-config.yaml @@ -26,13 +26,30 @@ write_files: else echo "kubernetes release found. Skipping download." fi - - path: /run/setup-auth.sh + - path: /run/config-kubelet.sh permissions: 0755 content: | #!/bin/bash -e set -x /usr/bin/mkdir -p /var/lib/kubelet - /bin/echo "{\"BearerToken\": \"KUBELET_TOKEN\", \"Insecure\": true }" > /var/lib/kubelet/kubernetes_auth + cat > /var/lib/kubelet/kubeconfig << EOF + apiVersion: v1 + kind: Config + users: + - name: kubelet + user: + token: KUBELET_TOKEN + clusters: + - name: local + cluster: + insecure-skip-tls-verify: true + contexts: + - context: + cluster: local + user: kubelet + name: service-account-context + current-context: service-account-context + EOF - path: /run/config-kube-proxy.sh permissions: 0755 content: | @@ -128,7 +145,7 @@ coreos: Requires=download-release.service [Service] EnvironmentFile=/run/kubelet/apiservers.env - ExecStartPre=/run/setup-auth.sh + ExecStartPre=/run/config-kubelet.sh ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kubelet /opt/bin/kubelet ExecStart=/opt/bin/kubelet \ --address=$private_ipv4 \ diff --git a/cluster/rackspace/config-default.sh b/cluster/rackspace/config-default.sh index 57c1de01bf5..7dffb34a534 100644 --- a/cluster/rackspace/config-default.sh +++ b/cluster/rackspace/config-default.sh @@ -19,22 +19,22 @@ # KUBE_IMAGE, KUBE_MASTER_FLAVOR, KUBE_MINION_FLAVOR, NUM_MINIONS, NOVA_NETWORK and SSH_KEY_NAME # Shared -KUBE_IMAGE="${KUBE_IMAGE-2c210e44-5149-4ae3-83d6-f855a4d28490}" # CoreOS(Beta) +KUBE_IMAGE="${KUBE_IMAGE-f2a71670-ced3-4274-80b6-0efcd0f8f91b}" # CoreOS(Beta) SSH_KEY_NAME="${SSH_KEY_NAME-id_kubernetes}" NOVA_NETWORK_LABEL="kubernetes-pool-net" NOVA_NETWORK_CIDR="${NOVA_NETWORK-192.168.0.0/24}" INSTANCE_PREFIX="kubernetes" # Master -KUBE_MASTER_FLAVOR="${KUBE_MASTER_FLAVOR-performance1-1}" +KUBE_MASTER_FLAVOR="${KUBE_MASTER_FLAVOR-general1-1}" MASTER_NAME="${INSTANCE_PREFIX}-master" MASTER_TAG="tags=${INSTANCE_PREFIX}-master" # Minion -KUBE_MINION_FLAVOR="${KUBE_MINION_FLAVOR-performance1-2}" -RAX_NUM_MINIONS="${RAX_NUM_MINIONS-4}" +KUBE_MINION_FLAVOR="${KUBE_MINION_FLAVOR-general1-2}" +NUM_MINIONS="${NUM_MINIONS-4}" MINION_TAG="tags=${INSTANCE_PREFIX}-minion" -MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${RAX_NUM_MINIONS}})) +MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${NUM_MINIONS}})) KUBE_NETWORK="10.240.0.0/16" SERVICE_CLUSTER_IP_RANGE="10.0.0.0/16" # formerly PORTAL_NET diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh index faa6705f651..5929627cd7a 100644 --- a/cluster/rackspace/util.sh +++ b/cluster/rackspace/util.sh @@ -180,7 +180,6 @@ rax-boot-master() { --meta ${MASTER_TAG} \ --meta ETCD=${DISCOVERY_ID} \ --user-data ${KUBE_TEMP}/master-cloud-config.yaml \ ---file /var/lib/kube-apiserver/known_tokens.csv=${KUBE_TEMP}/known_tokens.csv \ --config-drive true \ --nic net-id=${NETWORK_UUID} \ ${MASTER_NAME}" @@ -209,6 +208,7 @@ rax-boot-minions() { -e "s|INDEX|$((i + 1))|g" \ -e "s|KUBELET_TOKEN|${KUBELET_TOKEN}|" \ -e "s|KUBE_NETWORK|${KUBE_NETWORK}|" \ + -e "s|KUBELET_TOKEN|${KUBELET_TOKEN}|" \ -e "s|KUBE_PROXY_TOKEN|${KUBE_PROXY_TOKEN}|" \ -e "s|LOGGING_DESTINATION|${LOGGING_DESTINATION:-}|" \ $(dirname $0)/rackspace/cloud-config/minion-cloud-config.yaml > $KUBE_TEMP/minion-cloud-config-$(($i + 1)).yaml @@ -316,9 +316,16 @@ kube-up() { prep_known_tokens rax-boot-master - rax-boot-minions + detect-master + + # TODO look for a better way to get the known_tokens to the master. This is needed over file injection since the files were too large on a 4 node cluster. + $(scp -o StrictHostKeyChecking=no -i ~/.ssh/${SSH_KEY_NAME} ${KUBE_TEMP}/known_tokens.csv core@${KUBE_MASTER_IP}:known_tokens.csv) + $(ssh -o StrictHostKeyChecking=no -i ~/.ssh/${SSH_KEY_NAME} core@${KUBE_MASTER_IP} sudo mv /home/core/known_tokens.csv /var/lib/kube-apiserver/known_tokens.csv) + $(ssh -o StrictHostKeyChecking=no -i ~/.ssh/${SSH_KEY_NAME} core@${KUBE_MASTER_IP} sudo chown root.root /var/lib/kube-apiserver/known_tokens.csv) + $(ssh -o StrictHostKeyChecking=no -i ~/.ssh/${SSH_KEY_NAME} core@${KUBE_MASTER_IP} sudo systemctl restart kube-apiserver) + FAIL=0 for job in `jobs -p` do @@ -329,8 +336,6 @@ kube-up() { exit 2 fi - detect-master - echo "Waiting for cluster initialization." echo echo " This will continually check to see if the API for kubernetes is reachable." diff --git a/docs/getting-started-guides/README.md b/docs/getting-started-guides/README.md index 33d5530673f..b6ab6f3c4a2 100644 --- a/docs/getting-started-guides/README.md +++ b/docs/getting-started-guides/README.md @@ -39,7 +39,7 @@ Docker Multi Node | Flannel| N/A | local | [docs](docker-multino Local | | | _none_ | [docs](../../docs/getting-started-guides/locally.md) | Community (@preillyme) | libvirt/KVM | CoreOS | CoreOS | libvirt/KVM | [docs](../../docs/getting-started-guides/libvirt-coreos.md) | Community (@lhuard1A) | oVirt | | | | [docs](../../docs/getting-started-guides/ovirt.md) | Community (@simon3z) | -Rackspace | CoreOS | CoreOS | flannel | [docs](../../docs/getting-started-guides/rackspace.md) | Community (@doublerr) | use k8s version 0.16.2 +Rackspace | CoreOS | CoreOS | flannel | [docs](../../docs/getting-started-guides/rackspace.md) | Community (@doublerr) | use k8s version 0.18.0 *Note*: The above table is ordered by version test/used in notes followed by support level. diff --git a/docs/getting-started-guides/rackspace.md b/docs/getting-started-guides/rackspace.md index aee3737710a..7cdf423c3c5 100644 --- a/docs/getting-started-guides/rackspace.md +++ b/docs/getting-started-guides/rackspace.md @@ -35,7 +35,7 @@ There is a specific `cluster/rackspace` directory with the scripts for the follo - flanneld uses this network for next hop routing. These routes allow the containers running on each node to communicate with one another on this private network. 2. A SSH key will be created and uploaded if needed. This key must be used to ssh into the machines since we won't capture the password. 3. The master server and additional nodes will be created via the `nova` CLI. A `cloud-config.yaml` is generated and provided as user-data with the entire configuration for the systems. -4. We then boot as many nodes as defined via `$RAX_NUM_MINIONS`. +4. We then boot as many nodes as defined via `$NUM_MINIONS`. ## Some notes: - The scripts expect `eth2` to be the cloud network that the containers will communicate across.