github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-11 21:12:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2620 from jbeda/insecure-registry-fix

Browse Source 
For GCE, allow insecure registries anywhere in 10.0.0.0/8.
This commit is contained in:
Brendan Burns 2014-12-01 12:13:12 -08:00
commit b9b7c47da3
5 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cluster/gce/config-default.sh
View File

@ -48,3 +48,6 @@ ENABLE_DOCKER_REGISTRY_CACHE=true
# Optional: Enable node logging. # Optional: Enable node logging.
ENABLE_NODE_LOGGING=true ENABLE_NODE_LOGGING=true
LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp
# Don't require https for registries in our local RFC1918 network
EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8"

3
cluster/gce/config-test.sh
View File

@ -45,3 +45,6 @@ ENABLE_NODE_LOGGING=true
LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp
ENABLE_CLUSTER_MONITORING=false ENABLE_CLUSTER_MONITORING=false
# Don't require https for registries in our local RFC1918 network
EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8"

12
cluster/gce/templates/salt-minion.sh
View File

@ -36,13 +36,21 @@ grains:
cloud: gce cloud: gce
EOF EOF
DOCKER_OPTS=""
if [[ -n "${EXTRA_DOCKER_OPTS-}" ]]; then
DOCKER_OPTS="${EXTRA_DOCKER_OPTS}"
fi
# Decide if enable the cache # Decide if enable the cache
if [[ "${ENABLE_DOCKER_REGISTRY_CACHE}" == "true" ]]; then if [[ "${ENABLE_DOCKER_REGISTRY_CACHE}" == "true" ]]; then
REGION=$(echo "${ZONE}" | cut -f 1,2 -d -) REGION=$(echo "${ZONE}" | cut -f 1,2 -d -)
echo "Enable docker registry cache at region: " $REGION echo "Enable docker registry cache at region: " $REGION
DOCKER_OPTS="--registry-mirror=\"https://${REGION}.docker-cache.clustermaster.net\"" DOCKER_OPTS="${DOCKER_OPTS} --registry-mirror='https://${REGION}.docker-cache.clustermaster.net'"
fi
cat <<EOF >>/etc/salt/minion.d/grains.conf if [[ -n "{DOCKER_OPTS}" ]]; then
cat <<EOF >>/etc/salt/minion.d/grains.conf
docker_opts: $DOCKER_OPTS docker_opts: $DOCKER_OPTS
EOF EOF
fi fi

1
cluster/gce/util.sh
View File

@ -318,6 +318,7 @@ function kube-up {
echo "ZONE='${ZONE}'" echo "ZONE='${ZONE}'"
echo "MASTER_NAME='${MASTER_NAME}'" echo "MASTER_NAME='${MASTER_NAME}'"
echo "MINION_IP_RANGE='${MINION_IP_RANGES[$i]}'" echo "MINION_IP_RANGE='${MINION_IP_RANGES[$i]}'"
echo "EXTRA_DOCKER_OPTS='${EXTRA_DOCKER_OPTS}'"
echo "ENABLE_DOCKER_REGISTRY_CACHE='${ENABLE_DOCKER_REGISTRY_CACHE:-false}'" echo "ENABLE_DOCKER_REGISTRY_CACHE='${ENABLE_DOCKER_REGISTRY_CACHE:-false}'"
grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/common.sh" grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/common.sh"
grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/salt-minion.sh" grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/salt-minion.sh"

7
cluster/saltbase/salt/docker/docker-defaults
View File

@ -1,6 +1,5 @@
DOCKER_OPTS=""
{% if grains.docker_opts is defined %} {% if grains.docker_opts is defined %}
{% set docker_opts = grains.docker_opts %} DOCKER_OPTS="${DOCKER_OPTS} {{grains.docker_opts}}"
{% else %}
{% set docker_opts = "" %}
{% endif %} {% endif %}
DOCKER_OPTS="{{docker_opts}} --bridge cbr0 --iptables=false --ip-masq=false -r=false" DOCKER_OPTS="${DOCKER_OPTS} --bridge cbr0 --iptables=false --ip-masq=false -r=false"