From d711fd8764fc26041f82729e7b74c25738e7a55c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lucas=20K=C3=A4ldstr=C3=B6m?= Date: Thu, 25 Aug 2016 01:24:05 +0300 Subject: [PATCH] Refactor hyperkube, remove unnecessary packages, optimize layers, bump cni version, add new features, run kube-proxy in a daemonset --- cluster/images/hyperkube/Dockerfile | 32 ++++------ cluster/images/hyperkube/Makefile | 51 ++++++++-------- .../hyperkube/cni-conf/10-containernet.conf | 9 +-- cluster/images/hyperkube/copy-addons.sh | 9 ++- cluster/images/hyperkube/kube-proxy-ds.yaml | 14 +++-- cluster/images/hyperkube/setup-files.sh | 19 +++--- ...ager.json => addon-manager-multinode.json} | 9 +-- .../static-pods/addon-manager-singlenode.json | 52 ++++++++++++++++ .../images/hyperkube/static-pods/etcd.json | 8 +-- .../hyperkube/static-pods/kube-proxy.json | 10 +-- .../hyperkube/static-pods/master-multi.json | 61 ++++++++++--------- .../images/hyperkube/static-pods/master.json | 60 +++++++++--------- 12 files changed, 197 insertions(+), 137 deletions(-) rename cluster/images/hyperkube/static-pods/{addon-manager.json => addon-manager-multinode.json} (80%) create mode 100644 cluster/images/hyperkube/static-pods/addon-manager-singlenode.json diff --git a/cluster/images/hyperkube/Dockerfile b/cluster/images/hyperkube/Dockerfile index 1281b18d79e..c1855473095 100644 --- a/cluster/images/hyperkube/Dockerfile +++ b/cluster/images/hyperkube/Dockerfile @@ -24,10 +24,8 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \ ethtool \ ca-certificates \ conntrack \ - file \ util-linux \ socat \ - curl \ git \ nfs-common \ && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \ @@ -40,34 +38,28 @@ RUN cp /usr/bin/nsenter /nsenter COPY hyperkube /hyperkube # Manifests for the docker guide -COPY static-pods/master.json /etc/kubernetes/manifests/ -COPY static-pods/etcd.json /etc/kubernetes/manifests/ -COPY static-pods/addon-manager.json /etc/kubernetes/manifests/ - -# TODO: Move out kube-proxy to a DaemonSet again -COPY static-pods/kube-proxy.json /etc/kubernetes/manifests/ +COPY static-pods/master.json \ + static-pods/etcd.json \ + static-pods/addon-manager-singlenode.json \ + static-pods/kube-proxy.json \ + /etc/kubernetes/manifests/ # Manifests for the docker-multinode guide -COPY static-pods/master-multi.json /etc/kubernetes/manifests-multi/ -COPY static-pods/addon-manager.json /etc/kubernetes/manifests-multi/ - -# TODO: Move out kube-proxy to a DaemonSet again -COPY static-pods/kube-proxy.json /etc/kubernetes/manifests-multi/ +COPY static-pods/master-multi.json \ + static-pods/addon-manager-multinode.json \ + /etc/kubernetes/manifests-multi/ # Copy over all addons COPY addons /etc/kubernetes/addons -# Other required scripts for the setup -COPY safe_format_and_mount /usr/share/google/safe_format_and_mount -COPY setup-files.sh /setup-files.sh -COPY make-ca-cert.sh /make-ca-cert.sh -COPY copy-addons.sh /copy-addons.sh +# Copy other required scripts for the setup +COPY setup-files.sh make-ca-cert.sh copy-addons.sh / # easy-rsa package required by make-ca-cert ADD https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz /root/kube/ -# Copy the cni folder into /opt/ -COPY cni /opt/cni +# Copy the the cni-bin folder into /opt/cni/bin +COPY cni-bin /opt/cni/bin # Copy overlay configuration to default directory COPY cni-conf /etc/cni/net.d diff --git a/cluster/images/hyperkube/Makefile b/cluster/images/hyperkube/Makefile index ffa11e6102c..32d4518b40c 100644 --- a/cluster/images/hyperkube/Makefile +++ b/cluster/images/hyperkube/Makefile @@ -15,12 +15,12 @@ # Build the hyperkube image. # # Usage: -# [ARCH=amd64] [REGISTRY="gcr.io/google_containers"] make (build|push) VERSION={some_version_number e.g. v1.2.0} +# [ARCH=amd64] [REGISTRY="gcr.io/google_containers"] make (build|push) VERSION={some_released_version_of_kubernetes} REGISTRY?=gcr.io/google_containers ARCH?=amd64 TEMP_DIR:=$(shell mktemp -d) -CNI_RELEASE=8a936732094c0941e1543ef5d292a1f4fffa1ac5 +CNI_RELEASE=9d5e6e60e79491207834ae8439e80c943db65a69 UNAME_S:=$(shell uname -s) ifeq ($(UNAME_S),Darwin) @@ -54,33 +54,35 @@ ifndef VERSION $(error VERSION is undefined) endif cp -r ./* ${TEMP_DIR} - mkdir -p ${TEMP_DIR}/cni ${TEMP_DIR}/addons - cp ../../saltbase/salt/helpers/safe_format_and_mount ${TEMP_DIR} + mkdir -p ${TEMP_DIR}/cni-bin ${TEMP_DIR}/addons ${TEMP_DIR}/addons/singlenode ${TEMP_DIR}/addons/multinode cp ../../saltbase/salt/generate-cert/make-ca-cert.sh ${TEMP_DIR} - cp ../../addons/dns/skydns-rc.yaml.base ${TEMP_DIR}/addons/skydns-rc.yaml - cp ../../addons/dns/skydns-svc.yaml.base ${TEMP_DIR}/addons/skydns-svc.yaml - cp ../../addons/dashboard/dashboard-controller.yaml ${TEMP_DIR}/addons - cp ../../addons/dashboard/dashboard-service.yaml ${TEMP_DIR}/addons - - # TODO: Move out kube-proxy to a DaemonSet again - #cp kube-proxy-ds.yaml ${TEMP_DIR}/addons/kube-proxy.yaml + + # Singlenode addons + cp ../../addons/dns/skydns-rc.yaml.base ${TEMP_DIR}/addons/singlenode/skydns-rc.yaml + cp ../../addons/dns/skydns-svc.yaml.base ${TEMP_DIR}/addons/singlenode/skydns-svc.yaml + cp ../../addons/dashboard/dashboard-controller.yaml ${TEMP_DIR}/addons/singlenode/ + cp ../../addons/dashboard/dashboard-service.yaml ${TEMP_DIR}/addons/singlenode/ + + # Multinode addons; all singlenode addons plus kube-proxy (and soon flannel) + cp ${TEMP_DIR}/addons/singlenode/*.yaml ${TEMP_DIR}/addons/multinode/ + cp kube-proxy-ds.yaml ${TEMP_DIR}/addons/multinode/kube-proxy.yaml + cp ../../../_output/dockerized/bin/linux/${ARCH}/hyperkube ${TEMP_DIR} - cd ${TEMP_DIR} && sed -i.back "s|VERSION|${VERSION}|g" addons/*.yaml static-pods/*.json - cd ${TEMP_DIR} && sed -i.back "s|REGISTRY|${REGISTRY}|g" addons/*.yaml static-pods/*.json - cd ${TEMP_DIR} && sed -i.back "s|ARCH|${ARCH}|g" addons/*.yaml static-pods/*.json + cd ${TEMP_DIR} && sed -i.back "s|VERSION|${VERSION}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json + cd ${TEMP_DIR} && sed -i.back "s|REGISTRY|${REGISTRY}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json + cd ${TEMP_DIR} && sed -i.back "s|ARCH|${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json cd ${TEMP_DIR} && sed -i.back "s|ARCH|${QEMUARCH}|g" Dockerfile cd ${TEMP_DIR} && sed -i.back "s|BASEIMAGE|${BASEIMAGE}|g" Dockerfile - cd ${TEMP_DIR} && sed -i.back "s|-amd64|-${ARCH}|g" addons/*.yaml - cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__REPLICAS__|1|g;s|__PILLAR__DNS__SERVER__|10.0.0.10|g;" addons/skydns*.yaml - cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__DOMAIN__|cluster.local|g;s|__PILLAR__FEDERATIONS__DOMAIN__MAP__||g;" addons/skydns*.yaml - rm ${TEMP_DIR}/addons/*.back + cd ${TEMP_DIR} && sed -i.back "s|-amd64|-${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml + cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__REPLICAS__|1|g;s|__PILLAR__DNS__SERVER__|10.0.0.10|g;" addons/singlenode/skydns*.yaml addons/multinode/skydns*.yaml + cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__DOMAIN__|cluster.local|g;s|__PILLAR__FEDERATIONS__DOMAIN__MAP__||g;" addons/singlenode/skydns*.yaml addons/multinode/skydns*.yaml + cd ${TEMP_DIR} && rm -f addons/singlenode/*.back addons/multinode/*.back static-pods/*.back # Make scripts executable before they are copied into the Docker image. If we make them executable later, in another layer # they'll take up twice the space because the new executable binary differs from the old one, but everything is cached in layers. cd ${TEMP_DIR} && chmod a+rx \ hyperkube \ - safe_format_and_mount \ setup-files.sh \ make-ca-cert.sh \ copy-addons.sh @@ -88,8 +90,6 @@ endif ifeq ($(ARCH),amd64) # When building "normally" for amd64, remove the whole line, it has no part in the amd64 image cd ${TEMP_DIR} && ${SED_CMD} "/CROSS_BUILD_/d" Dockerfile - # Download CNI - curl -sSL --retry 5 https://storage.googleapis.com/kubernetes-release/network-plugins/cni-${CNI_RELEASE}.tar.gz | tar -xz -C ${TEMP_DIR}/cni else cd ${TEMP_DIR} && ${SED_CMD} "s/CROSS_BUILD_//g" Dockerfile @@ -97,17 +97,16 @@ else # Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel docker run --rm --privileged multiarch/qemu-user-static:register --reset curl -sSL --retry 5 https://github.com/multiarch/qemu-user-static/releases/download/v2.5.0/x86_64_qemu-${QEMUARCH}-static.tar.xz | tar -xJ -C ${TEMP_DIR} +endif - # This cross-compiles cni for the other architectures, until CNI releases binaries for all arches: https://github.com/containernetworking/cni/pull/241 - docker run -it -v ${TEMP_DIR}/cni:/cnibin golang:1.6 /bin/bash -c "\ + # This cross-compiles cni for all architectures + # TODO(freehan): Push the latest cni for all arches to storage.googleapis.com so we may just download the binaries + docker run -it -v ${TEMP_DIR}/cni-bin:/cnibin golang:1.6 /bin/bash -c "\ git clone https://github.com/containernetworking/cni \ && cd cni \ && git checkout $(CNI_RELEASE) \ - && curl -sSL https://patch-diff.githubusercontent.com/raw/containernetworking/cni/pull/241.patch > multiarch.patch \ - && git apply --exclude=.travis.yml --exclude=scripts/release-with-rkt.sh < multiarch.patch \ && GOARCH=$(ARCH) ./build \ && cp bin/* /cnibin" -endif docker build -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR} rm -rf "${TEMP_DIR}" diff --git a/cluster/images/hyperkube/cni-conf/10-containernet.conf b/cluster/images/hyperkube/cni-conf/10-containernet.conf index 8bac40b4e8f..a1a31c0ed33 100644 --- a/cluster/images/hyperkube/cni-conf/10-containernet.conf +++ b/cluster/images/hyperkube/cni-conf/10-containernet.conf @@ -1,9 +1,10 @@ { - "name": "containernet", - "type": "flannel", - "delegate": { + "name": "containernet", + "type": "flannel", + "delegate": { "bridge": "cni0", "mtu": 1450, - "isDefaultGateway": true + "isDefaultGateway": true, + "forceAddress": true } } diff --git a/cluster/images/hyperkube/copy-addons.sh b/cluster/images/hyperkube/copy-addons.sh index 16e7a7dd5cf..763aa7cc026 100755 --- a/cluster/images/hyperkube/copy-addons.sh +++ b/cluster/images/hyperkube/copy-addons.sh @@ -13,16 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. - # Now we're running in the sidecar container # /etc/kubernetes/addons holds the data in the hyperkube container # /srv/kubernetes is an emptyDir that maps to /etc/kubernetes in the addon-manager container # This way we're using the latest manifests from hyperkube without updating # kube-addon-manager which is used for other deployments too +# Inside /etc/kubernetes/addons, there are two directories: singlenode and multinode +# If "singlenode" is passed to this script; those manifests are copied to the addon-manager and vice versa with "multinode" +SUBDIRECTORY=$1 + # While there is no data copied over to the emptyDir, try to copy it. -while [[ ! -d /srv/kubernetes/addons ]]; do - cp -r /etc/kubernetes/* /srv/kubernetes/ +while [[ -z $(ls /srv/kubernetes/addons) ]]; do + cp -r /etc/kubernetes/addons/${SUBDIRECTORY}/* /srv/kubernetes/addons/ done # Then sleep forever diff --git a/cluster/images/hyperkube/kube-proxy-ds.yaml b/cluster/images/hyperkube/kube-proxy-ds.yaml index c0ccb0b8c56..55641747247 100644 --- a/cluster/images/hyperkube/kube-proxy-ds.yaml +++ b/cluster/images/hyperkube/kube-proxy-ds.yaml @@ -12,12 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -# TODO: Move out kube-proxy to a DaemonSet again -# This is disabled for the v1.3 release, due to bootstrapping complexities apiVersion: extensions/v1beta1 kind: DaemonSet metadata: - name: k8s-proxy + name: k8s-proxy-v1 namespace: kube-system labels: k8s-app: k8s-proxy @@ -38,8 +36,16 @@ spec: command: - /hyperkube - proxy - - --master=http://127.0.0.1:8080 + - --kubeconfig=/var/lib/kubelet/kubeconfig/kubeconfig.yaml - --v=2 - --resource-container="" securityContext: privileged: true + volumeMounts: + - name: kubeconfig + mountPath: /var/lib/kubelet/kubeconfig + readOnly: true + volumes: + - name: kubeconfig + hostPath: + path: /var/lib/kubelet/kubeconfig diff --git a/cluster/images/hyperkube/setup-files.sh b/cluster/images/hyperkube/setup-files.sh index 4a1d8815131..ca432bcd42b 100644 --- a/cluster/images/hyperkube/setup-files.sh +++ b/cluster/images/hyperkube/setup-files.sh @@ -30,39 +30,40 @@ create_token() { # list of Subject Alternative Names of the server TLS certificate # Should contain internal IP, i.e. IP:10.0.0.1 for 10.0.0.0/24 cluster IP range EXTRA_SANS=$1 +DATA_DIR=/srv/kubernetes # Files in /data are persistent across reboots, so we don't want to re-create the files if they already # exist, because the state is persistent in etcd too, and we don't want a conflict between "old" data in # etcd and "new" data that this script would create for apiserver. Therefore, if the file exist, skip it. -if [[ ! -f /data/ca.crt ]]; then +if [[ ! -f ${DATA_DIR}/ca.crt ]]; then # Create HTTPS certificates - groupadd -f -r kube-cert-test + groupadd -f -r kube-cert # hostname -I gets the ip of the node - CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS} + /make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS} echo "Certificates created $(date)" else echo "Certificates already found, not recreating." fi -if [[ ! -f /data/basic_auth.csv ]]; then +if [[ ! -f ${DATA_DIR}/basic_auth.csv ]]; then # Create basic token authorization - echo "admin,admin,admin" > /data/basic_auth.csv + echo "admin,admin,admin" > ${DATA_DIR}/basic_auth.csv echo "basic_auth.csv created $(date)" else echo "basic_auth.csv already found, not recreating." fi -if [[ ! -f /data/known_tokens.csv ]]; then +if [[ ! -f ${DATA_DIR}/known_tokens.csv ]]; then # Create known tokens for service accounts - echo "$(create_token),admin,admin" >> /data/known_tokens.csv - echo "$(create_token),kubelet,kubelet" >> /data/known_tokens.csv - echo "$(create_token),kube_proxy,kube_proxy" >> /data/known_tokens.csv + echo "$(create_token),admin,admin" >> ${DATA_DIR}/known_tokens.csv + echo "$(create_token),kubelet,kubelet" >> ${DATA_DIR}/known_tokens.csv + echo "$(create_token),kube_proxy,kube_proxy" >> ${DATA_DIR}/known_tokens.csv echo "known_tokens.csv created $(date)" else diff --git a/cluster/images/hyperkube/static-pods/addon-manager.json b/cluster/images/hyperkube/static-pods/addon-manager-multinode.json similarity index 80% rename from cluster/images/hyperkube/static-pods/addon-manager.json rename to cluster/images/hyperkube/static-pods/addon-manager-multinode.json index edf54eb14cd..a27b283003b 100644 --- a/cluster/images/hyperkube/static-pods/addon-manager.json +++ b/cluster/images/hyperkube/static-pods/addon-manager-multinode.json @@ -11,7 +11,7 @@ "containers": [ { "name": "kube-addon-manager", - "image": "gcr.io/google-containers/kube-addon-manager-ARCH:v5.1", + "image": "REGISTRY/kube-addon-manager-ARCH:v5.1", "resources": { "requests": { "cpu": "5m", @@ -21,7 +21,7 @@ "volumeMounts": [ { "name": "addons", - "mountPath": "/etc/kubernetes/", + "mountPath": "/etc/kubernetes/addons", "readOnly": true } ] @@ -30,12 +30,13 @@ "name": "kube-addon-manager-data", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/copy-addons.sh" + "/copy-addons.sh", + "multinode" ], "volumeMounts": [ { "name": "addons", - "mountPath": "/srv/kubernetes/", + "mountPath": "/srv/kubernetes/addons", "readOnly": false } ] diff --git a/cluster/images/hyperkube/static-pods/addon-manager-singlenode.json b/cluster/images/hyperkube/static-pods/addon-manager-singlenode.json new file mode 100644 index 00000000000..91baed268dc --- /dev/null +++ b/cluster/images/hyperkube/static-pods/addon-manager-singlenode.json @@ -0,0 +1,52 @@ +{ + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "name": "kube-addon-manager", + "namespace": "kube-system", + "version": "v1" + }, + "spec": { + "hostNetwork": true, + "containers": [ + { + "name": "kube-addon-manager", + "image": "REGISTRY/kube-addon-manager-ARCH:v5.1", + "resources": { + "requests": { + "cpu": "5m", + "memory": "50Mi" + } + }, + "volumeMounts": [ + { + "name": "addons", + "mountPath": "/etc/kubernetes/addons", + "readOnly": true + } + ] + }, + { + "name": "kube-addon-manager-data", + "image": "REGISTRY/hyperkube-ARCH:VERSION", + "command": [ + "/copy-addons.sh", + "singlenode" + ], + "volumeMounts": [ + { + "name": "addons", + "mountPath": "/srv/kubernetes/addons", + "readOnly": false + } + ] + } + ], + "volumes":[ + { + "name": "addons", + "emptyDir": {} + } + ] + } +} diff --git a/cluster/images/hyperkube/static-pods/etcd.json b/cluster/images/hyperkube/static-pods/etcd.json index a70b6f2b957..ee976cc5b04 100644 --- a/cluster/images/hyperkube/static-pods/etcd.json +++ b/cluster/images/hyperkube/static-pods/etcd.json @@ -12,10 +12,10 @@ "name": "etcd", "image": "gcr.io/google_containers/etcd-ARCH:3.0.4", "command": [ - "/usr/local/bin/etcd", - "--listen-client-urls=http://127.0.0.1:2379", - "--advertise-client-urls=http://127.0.0.1:2379", - "--data-dir=/var/etcd/data" + "/usr/local/bin/etcd", + "--listen-client-urls=http://127.0.0.1:2379,http://127.0.0.1:4001", + "--advertise-client-urls=http://127.0.0.1:2379,http://127.0.0.1:4001", + "--data-dir=/var/etcd/data" ], "volumeMounts": [ { diff --git a/cluster/images/hyperkube/static-pods/kube-proxy.json b/cluster/images/hyperkube/static-pods/kube-proxy.json index 24138aaec4a..11f40f2d453 100644 --- a/cluster/images/hyperkube/static-pods/kube-proxy.json +++ b/cluster/images/hyperkube/static-pods/kube-proxy.json @@ -12,11 +12,11 @@ "name": "kube-proxy", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/hyperkube", - "proxy", - "--master=http://127.0.0.1:8080", - "--v=2", - "--resource-container=\"\"" + "/hyperkube", + "proxy", + "--master=http://127.0.0.1:8080", + "--v=2", + "--resource-container=\"\"" ], "securityContext": { "privileged": true diff --git a/cluster/images/hyperkube/static-pods/master-multi.json b/cluster/images/hyperkube/static-pods/master-multi.json index b69da036a15..73fd4db3f59 100644 --- a/cluster/images/hyperkube/static-pods/master-multi.json +++ b/cluster/images/hyperkube/static-pods/master-multi.json @@ -12,13 +12,15 @@ "name": "controller-manager", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/hyperkube", - "controller-manager", - "--master=127.0.0.1:8080", - "--service-account-private-key-file=/srv/kubernetes/server.key", - "--root-ca-file=/srv/kubernetes/ca.crt", - "--min-resync-period=3m", - "--v=2" + "/hyperkube", + "controller-manager", + "--master=127.0.0.1:8080", + "--service-account-private-key-file=/srv/kubernetes/server.key", + "--root-ca-file=/srv/kubernetes/ca.crt", + "--min-resync-period=3m", + "--leader-elect=true", + "--cluster-cidr=10.1.0.0/16", + "--v=2" ], "volumeMounts": [ { @@ -31,20 +33,20 @@ "name": "apiserver", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/hyperkube", - "apiserver", - "--service-cluster-ip-range=10.0.0.1/24", - "--insecure-bind-address=0.0.0.0", - "--etcd-servers=http://127.0.0.1:2379", - "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", - "--client-ca-file=/srv/kubernetes/ca.crt", - "--basic-auth-file=/srv/kubernetes/basic_auth.csv", - "--min-request-timeout=300", - "--tls-cert-file=/srv/kubernetes/server.cert", - "--tls-private-key-file=/srv/kubernetes/server.key", - "--token-auth-file=/srv/kubernetes/known_tokens.csv", - "--allow-privileged=true", - "--v=2" + "/hyperkube", + "apiserver", + "--service-cluster-ip-range=10.0.0.1/24", + "--insecure-bind-address=0.0.0.0", + "--etcd-servers=http://127.0.0.1:2379", + "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", + "--client-ca-file=/srv/kubernetes/ca.crt", + "--basic-auth-file=/srv/kubernetes/basic_auth.csv", + "--min-request-timeout=300", + "--tls-cert-file=/srv/kubernetes/server.cert", + "--tls-private-key-file=/srv/kubernetes/server.key", + "--token-auth-file=/srv/kubernetes/known_tokens.csv", + "--allow-privileged=true", + "--v=2" ], "volumeMounts": [ { @@ -57,23 +59,24 @@ "name": "scheduler", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/hyperkube", - "scheduler", - "--master=127.0.0.1:8080", - "--v=2" - ] + "/hyperkube", + "scheduler", + "--master=127.0.0.1:8080", + "--leader-elect=true", + "--v=2" + ] }, { "name": "setup", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/setup-files.sh", - "IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local" + "/setup-files.sh", + "IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local" ], "volumeMounts": [ { "name": "data", - "mountPath": "/data" + "mountPath": "/srv/kubernetes" } ] } diff --git a/cluster/images/hyperkube/static-pods/master.json b/cluster/images/hyperkube/static-pods/master.json index 704f8f9076c..a7096691d5c 100644 --- a/cluster/images/hyperkube/static-pods/master.json +++ b/cluster/images/hyperkube/static-pods/master.json @@ -12,13 +12,14 @@ "name": "controller-manager", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/hyperkube", - "controller-manager", - "--master=127.0.0.1:8080", - "--service-account-private-key-file=/srv/kubernetes/server.key", - "--root-ca-file=/srv/kubernetes/ca.crt", - "--min-resync-period=3m", - "--v=2" + "/hyperkube", + "controller-manager", + "--master=127.0.0.1:8080", + "--service-account-private-key-file=/srv/kubernetes/server.key", + "--root-ca-file=/srv/kubernetes/ca.crt", + "--min-resync-period=3m", + "--leader-elect=true", + "--v=2" ], "volumeMounts": [ { @@ -31,20 +32,20 @@ "name": "apiserver", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/hyperkube", - "apiserver", - "--service-cluster-ip-range=10.0.0.1/24", - "--insecure-bind-address=127.0.0.1", - "--etcd-servers=http://127.0.0.1:2379", - "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", - "--client-ca-file=/srv/kubernetes/ca.crt", - "--basic-auth-file=/srv/kubernetes/basic_auth.csv", - "--min-request-timeout=300", - "--tls-cert-file=/srv/kubernetes/server.cert", - "--tls-private-key-file=/srv/kubernetes/server.key", - "--token-auth-file=/srv/kubernetes/known_tokens.csv", - "--allow-privileged=true", - "--v=2" + "/hyperkube", + "apiserver", + "--service-cluster-ip-range=10.0.0.1/24", + "--insecure-bind-address=127.0.0.1", + "--etcd-servers=http://127.0.0.1:2379", + "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", + "--client-ca-file=/srv/kubernetes/ca.crt", + "--basic-auth-file=/srv/kubernetes/basic_auth.csv", + "--min-request-timeout=300", + "--tls-cert-file=/srv/kubernetes/server.cert", + "--tls-private-key-file=/srv/kubernetes/server.key", + "--token-auth-file=/srv/kubernetes/known_tokens.csv", + "--allow-privileged=true", + "--v=2" ], "volumeMounts": [ { @@ -57,23 +58,24 @@ "name": "scheduler", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/hyperkube", - "scheduler", - "--master=127.0.0.1:8080", - "--v=2" - ] + "/hyperkube", + "scheduler", + "--master=127.0.0.1:8080", + "--leader-elect=true", + "--v=2" + ] }, { "name": "setup", "image": "REGISTRY/hyperkube-ARCH:VERSION", "command": [ - "/setup-files.sh", - "IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local" + "/setup-files.sh", + "IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local" ], "volumeMounts": [ { "name": "data", - "mountPath": "/data" + "mountPath": "/srv/kubernetes" } ] }