From f8505cd286353b540f28bed32977c1b6247ce616 Mon Sep 17 00:00:00 2001 From: Joe Beda Date: Tue, 25 Nov 2014 17:47:02 -0800 Subject: [PATCH] For GCE, allow insecure registries anywhere in 10.0.0.0/8. --- cluster/gce/config-default.sh | 3 +++ cluster/gce/config-test.sh | 3 +++ cluster/gce/templates/salt-minion.sh | 14 +++++++++++--- cluster/gce/util.sh | 1 + cluster/saltbase/salt/docker/docker-defaults | 7 +++---- 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index 296d9abe959..cd9ae10646f 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -48,3 +48,6 @@ ENABLE_DOCKER_REGISTRY_CACHE=true # Optional: Enable node logging. ENABLE_NODE_LOGGING=true LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp + +# Don't require https for registries in our local RFC1918 network +EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh index 6bad3a681c5..18c7c236e0e 100755 --- a/cluster/gce/config-test.sh +++ b/cluster/gce/config-test.sh @@ -45,3 +45,6 @@ ENABLE_NODE_LOGGING=true LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp ENABLE_CLUSTER_MONITORING=false + +# Don't require https for registries in our local RFC1918 network +EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8" diff --git a/cluster/gce/templates/salt-minion.sh b/cluster/gce/templates/salt-minion.sh index 9a768f129fd..39576a0e887 100755 --- a/cluster/gce/templates/salt-minion.sh +++ b/cluster/gce/templates/salt-minion.sh @@ -36,13 +36,21 @@ grains: cloud: gce EOF +DOCKER_OPTS="" + +if [[ -n "${EXTRA_DOCKER_OPTS-}" ]]; then + DOCKER_OPTS="${EXTRA_DOCKER_OPTS}" +fi + # Decide if enable the cache -if [[ "${ENABLE_DOCKER_REGISTRY_CACHE}" == "true" ]]; then +if [[ "${ENABLE_DOCKER_REGISTRY_CACHE}" == "true" ]]; then REGION=$(echo "${ZONE}" | cut -f 1,2 -d -) echo "Enable docker registry cache at region: " $REGION - DOCKER_OPTS="--registry-mirror=\"https://${REGION}.docker-cache.clustermaster.net\"" + DOCKER_OPTS="${DOCKER_OPTS} --registry-mirror='https://${REGION}.docker-cache.clustermaster.net'" +fi - cat <>/etc/salt/minion.d/grains.conf +if [[ -n "{DOCKER_OPTS}" ]]; then +cat <>/etc/salt/minion.d/grains.conf docker_opts: $DOCKER_OPTS EOF fi diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index 54147ef9898..061ed0a5858 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -318,6 +318,7 @@ function kube-up { echo "ZONE='${ZONE}'" echo "MASTER_NAME='${MASTER_NAME}'" echo "MINION_IP_RANGE='${MINION_IP_RANGES[$i]}'" + echo "EXTRA_DOCKER_OPTS='${EXTRA_DOCKER_OPTS}'" echo "ENABLE_DOCKER_REGISTRY_CACHE='${ENABLE_DOCKER_REGISTRY_CACHE:-false}'" grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/common.sh" grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/salt-minion.sh" diff --git a/cluster/saltbase/salt/docker/docker-defaults b/cluster/saltbase/salt/docker/docker-defaults index 115a0bb2475..ed75833e8ad 100644 --- a/cluster/saltbase/salt/docker/docker-defaults +++ b/cluster/saltbase/salt/docker/docker-defaults @@ -1,6 +1,5 @@ +DOCKER_OPTS="" {% if grains.docker_opts is defined %} - {% set docker_opts = grains.docker_opts %} -{% else %} - {% set docker_opts = "" %} +DOCKER_OPTS="${DOCKER_OPTS} {{grains.docker_opts}}" {% endif %} -DOCKER_OPTS="{{docker_opts}} --bridge cbr0 --iptables=false --ip-masq=false -r=false" +DOCKER_OPTS="${DOCKER_OPTS} --bridge cbr0 --iptables=false --ip-masq=false -r=false"