diff --git a/cluster/get-kube-local.sh b/cluster/get-kube-local.sh index 700f33e1ce1..c3400d4f4bd 100755 --- a/cluster/get-kube-local.sh +++ b/cluster/get-kube-local.sh @@ -47,8 +47,12 @@ function echo_yellow { } function run { - output=$($1 2>&1 || true) - if [ $? -eq 0 ]; then + # For a moment we need to change bash options to capture message if a command fails. + set +o errexit + output=$($1 2>&1) + exit_code=$? + set -o errexit + if [ $exit_code -eq 0 ]; then echo_green "SUCCESS" else echo_red "FAILED" @@ -109,7 +113,8 @@ function get_latest_version_number { fi } -release=$(get_latest_version_number) +latest_release=$(get_latest_version_number) +release=${KUBE_VERSION:-latest_release} uname=$(uname) if [[ "${uname}" == "Darwin" ]]; then diff --git a/cluster/images/hyperkube/Dockerfile b/cluster/images/hyperkube/Dockerfile index ca7ef0f0e09..2c33882656b 100644 --- a/cluster/images/hyperkube/Dockerfile +++ b/cluster/images/hyperkube/Dockerfile @@ -20,6 +20,8 @@ RUN chmod a+rx /hyperkube COPY master-multi.json /etc/kubernetes/manifests-multi/master.json COPY master.json /etc/kubernetes/manifests/master.json +COPY etcd.json /etc/kubernetes/manifests/etcd.json +COPY kube-proxy.json /etc/kubernetes/manifests/kube-proxy.json COPY safe_format_and_mount /usr/share/google/safe_format_and_mount RUN chmod a+rx /usr/share/google/safe_format_and_mount diff --git a/cluster/images/hyperkube/Makefile b/cluster/images/hyperkube/Makefile index 17e37337b0f..da9a0a6da84 100644 --- a/cluster/images/hyperkube/Makefile +++ b/cluster/images/hyperkube/Makefile @@ -9,19 +9,28 @@ BASEIMAGE=debian:jessie # need to escape '/' for the regexp below # BASEIMAGE=armbuild\\/debian:jessie -all: +all: build + +build: cp ../../saltbase/salt/helpers/safe_format_and_mount . cp ../../saltbase/salt/generate-cert/make-ca-cert.sh . curl -O https://storage.googleapis.com/kubernetes-release/release/${VERSION}/bin/linux/${ARCH}/hyperkube - sed -i "s/VERSION/${VERSION}/g" master-multi.json master.json - sed -i "s/ARCH/${ARCH}/g" master-multi.json master.json + sed -i "s/VERSION/${VERSION}/g" master-multi.json master.json kube-proxy.json + sed -i "s/ARCH/${ARCH}/g" master-multi.json master.json kube-proxy.json sed -i "s/BASEIMAGE/${BASEIMAGE}/g" Dockerfile docker build -t gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} . - gcloud docker push gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} # Backward compatability. TODO: deprecate this image tag ifeq ($(ARCH),amd64) - docker tag gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} gcr.io/google_containers/hyperkube:${VERSION} - gcloud docker push gcr.io/google_containers/hyperkube:${VERSION} + docker tag -f gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} gcr.io/google_containers/hyperkube:${VERSION} endif +push: build + gcloud docker push gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} +ifeq ($(ARCH),amd64) + gcloud docker push gcr.io/google_containers/hyperkube:${VERSION} +endif + +clean: + rm -f safe_format_and_mount make-ca-cert.sh hyperkube + .PHONY: all diff --git a/cluster/images/hyperkube/etcd.json b/cluster/images/hyperkube/etcd.json new file mode 100644 index 00000000000..1f4a39280e8 --- /dev/null +++ b/cluster/images/hyperkube/etcd.json @@ -0,0 +1,33 @@ +{ + "apiVersion": "v1", + "kind": "Pod", + "metadata": {"name":"k8s-etcd"}, + "spec": { + "hostNetwork": true, + "containers": [ + { + "name": "etcd", + "image": "gcr.io/google_containers/etcd:2.2.1", + "command": [ + "/usr/local/bin/etcd", + "--listen-client-urls=http://127.0.0.1:4001", + "--advertise-client-urls=http://127.0.0.1:4001", + "--data-dir=/var/etcd/data" + ], + "volumeMounts": [ + { + "name": "varetcd", + "mountPath": "/var/etcd", + "readOnly": false + } + ] + } + ], + "volumes":[ + { + "name": "varetcd", + "emptyDir": {} + } + ] + } +} diff --git a/cluster/images/hyperkube/kube-proxy.json b/cluster/images/hyperkube/kube-proxy.json new file mode 100644 index 00000000000..7a1ed0de196 --- /dev/null +++ b/cluster/images/hyperkube/kube-proxy.json @@ -0,0 +1,24 @@ +{ + "apiVersion": "v1", + "kind": "Pod", + "metadata": {"name":"k8s-proxy"}, + "spec": { + "hostNetwork": true, + "containers": [ + { + "name": "kube-proxy", + "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION", + "command": [ + "/hyperkube", + "proxy", + "--master=http://127.0.0.1:8080", + "--v=2", + "--resource-container=\"\"" + ], + "securityContext": { + "privileged": true + } + } + ] + } +} diff --git a/cluster/images/hyperkube/master.json b/cluster/images/hyperkube/master.json index fdc5224084a..08fdf46d21a 100644 --- a/cluster/images/hyperkube/master.json +++ b/cluster/images/hyperkube/master.json @@ -41,7 +41,7 @@ "--tls-cert-file=/srv/kubernetes/server.cert", "--tls-private-key-file=/srv/kubernetes/server.key", "--token-auth-file=/srv/kubernetes/known_tokens.csv", - "--allow-privileged=True", + "--allow-privileged=true", "--v=4" ], "volumeMounts": [ @@ -63,7 +63,7 @@ }, { "name": "setup", - "image": "gcr.io/google_containers/hyperkube:VERSION", + "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION", "command": [ "/setup-files.sh" ], diff --git a/cluster/images/hyperkube/setup-files.sh b/cluster/images/hyperkube/setup-files.sh index a9d716a9a4c..fefb18a5015 100644 --- a/cluster/images/hyperkube/setup-files.sh +++ b/cluster/images/hyperkube/setup-files.sh @@ -31,7 +31,8 @@ create_token() { echo "admin,admin,admin" > /data/basic_auth.csv # Create HTTPS certificates -CERT_DIR=/data /make-ca-cert.sh $(hostname -i) +groupadd -f -r kube-cert-test +CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -i) # Create known tokens for service accounts echo "$(create_token),admin,admin" >> /data/known_tokens.csv diff --git a/cluster/images/hyperkube/turnup.sh b/cluster/images/hyperkube/turnup.sh index 14b1b520a7f..7e7fe6a83b7 100755 --- a/cluster/images/hyperkube/turnup.sh +++ b/cluster/images/hyperkube/turnup.sh @@ -20,13 +20,7 @@ set -o errexit set -o nounset set -o pipefail -docker run --net=host -d gcr.io/google_containers/etcd:2.2.1 \ - /usr/local/bin/etcd \ - --addr=127.0.0.1:4001 \ - --bind-addr=0.0.0.0:4001 \ - --data-dir=/var/etcd/data - -docker run --pid=host \ +docker run \ --volume=/:/rootfs:ro \ --volume=/sys:/sys:ro \ --volume=/dev:/dev \ @@ -42,9 +36,5 @@ docker run --pid=host \ --hostname-override="127.0.0.1" \ --address="0.0.0.0" \ --api-servers=http://localhost:8080 \ - --config=/etc/kubernetes/manifests --v=10 - -docker run -d --net=host --privileged \ - gcr.io/google_containers/hyperkube:v${K8S_VERSION} \ - /hyperkube proxy \ - --master=http://127.0.0.1:8080 --v=2 + --config=/etc/kubernetes/manifests \ + --allow-privileged=true --v=10 diff --git a/docs/getting-started-guides/docker.md b/docs/getting-started-guides/docker.md index cc934a2f595..7d8dae7d9b8 100644 --- a/docs/getting-started-guides/docker.md +++ b/docs/getting-started-guides/docker.md @@ -59,13 +59,7 @@ Here's a diagram of what the final result will look like: 2. Decide what Kubernetes version to use. Set the `${K8S_VERSION}` variable to a value such as "1.1.1". -### Step One: Run etcd - -```sh -docker run --net=host -d gcr.io/google_containers/etcd:2.2.1 /usr/local/bin/etcd --listen-client-urls=http://127.0.0.1:4001 --advertise-client-urls=http://127.0.0.1:4001 --data-dir=/var/etcd/data -``` - -### Step Two: Run the master +### Run it ```sh docker run \ @@ -80,17 +74,17 @@ docker run \ --privileged=true \ -d \ gcr.io/google_containers/hyperkube:v${K8S_VERSION} \ - /hyperkube kubelet --containerized --hostname-override="127.0.0.1" --address="0.0.0.0" --api-servers=http://localhost:8080 --config=/etc/kubernetes/manifests + /hyperkube kubelet \ + --containerized \ + --hostname-override="127.0.0.1" \ + --address="0.0.0.0" \ + --api-servers=http://localhost:8080 \ + --config=/etc/kubernetes/manifests \ + --allow-privileged=true --v=10 ``` This actually runs the kubelet, which in turn runs a [pod](../user-guide/pods.md) that contains the other master components. -### Step Three: Run the service proxy - -```sh -docker run -d --net=host --privileged gcr.io/google_containers/hyperkube:v${K8S_VERSION} /hyperkube proxy --master=http://127.0.0.1:8080 --v=2 -``` - ### Download ```kubectl``` At this point you should have a running Kubernetes cluster. You can test this