github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

Refactor hyperkube, remove unnecessary packages, optimize layers, bump cni version, add new features, run kube-proxy in a daemonset

Browse Source
This commit is contained in:
Lucas Käldström 2016-08-25 01:24:05 +03:00
parent c958d3d4fd
commit d711fd8764
12 changed files with 197 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
cluster/images/hyperkube/Dockerfile
View File

@ -24,10 +24,8 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
ethtool \ ethtool \
ca-certificates \ ca-certificates \
conntrack \ conntrack \
file \
util-linux \ util-linux \
socat \ socat \
curl \
git \ git \
nfs-common \ nfs-common \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \ && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
@ -40,34 +38,28 @@ RUN cp /usr/bin/nsenter /nsenter
COPY hyperkube /hyperkube COPY hyperkube /hyperkube
# Manifests for the docker guide # Manifests for the docker guide
COPY static-pods/master.json /etc/kubernetes/manifests/ COPY static-pods/master.json \
COPY static-pods/etcd.json /etc/kubernetes/manifests/ static-pods/etcd.json \
COPY static-pods/addon-manager.json /etc/kubernetes/manifests/ static-pods/addon-manager-singlenode.json \
static-pods/kube-proxy.json \
# TODO: Move out kube-proxy to a DaemonSet again /etc/kubernetes/manifests/
COPY static-pods/kube-proxy.json /etc/kubernetes/manifests/
# Manifests for the docker-multinode guide # Manifests for the docker-multinode guide
COPY static-pods/master-multi.json /etc/kubernetes/manifests-multi/ COPY static-pods/master-multi.json \
COPY static-pods/addon-manager.json /etc/kubernetes/manifests-multi/ static-pods/addon-manager-multinode.json \
/etc/kubernetes/manifests-multi/
# TODO: Move out kube-proxy to a DaemonSet again
COPY static-pods/kube-proxy.json /etc/kubernetes/manifests-multi/
# Copy over all addons # Copy over all addons
COPY addons /etc/kubernetes/addons COPY addons /etc/kubernetes/addons
# Other required scripts for the setup # Copy other required scripts for the setup
COPY safe_format_and_mount /usr/share/google/safe_format_and_mount COPY setup-files.sh make-ca-cert.sh copy-addons.sh /
COPY setup-files.sh /setup-files.sh
COPY make-ca-cert.sh /make-ca-cert.sh
COPY copy-addons.sh /copy-addons.sh
# easy-rsa package required by make-ca-cert # easy-rsa package required by make-ca-cert
ADD https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz /root/kube/ ADD https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz /root/kube/
# Copy the cni folder into /opt/ # Copy the the cni-bin folder into /opt/cni/bin
COPY cni /opt/cni COPY cni-bin /opt/cni/bin
# Copy overlay configuration to default directory # Copy overlay configuration to default directory
COPY cni-conf /etc/cni/net.d COPY cni-conf /etc/cni/net.d

49
cluster/images/hyperkube/Makefile
View File

@ -15,12 +15,12 @@
# Build the hyperkube image. # Build the hyperkube image.
# #
# Usage: # Usage:
# [ARCH=amd64] [REGISTRY="gcr.io/google_containers"] make (build|push) VERSION={some_version_number e.g. v1.2.0} # [ARCH=amd64] [REGISTRY="gcr.io/google_containers"] make (build|push) VERSION={some_released_version_of_kubernetes}
REGISTRY?=gcr.io/google_containers REGISTRY?=gcr.io/google_containers
ARCH?=amd64 ARCH?=amd64
TEMP_DIR:=$(shell mktemp -d) TEMP_DIR:=$(shell mktemp -d)
CNI_RELEASE=8a936732094c0941e1543ef5d292a1f4fffa1ac5 CNI_RELEASE=9d5e6e60e79491207834ae8439e80c943db65a69
UNAME_S:=$(shell uname -s) UNAME_S:=$(shell uname -s)
ifeq ($(UNAME_S),Darwin) ifeq ($(UNAME_S),Darwin)
@ -54,33 +54,35 @@ ifndef VERSION
$(error VERSION is undefined) $(error VERSION is undefined)
endif endif
cp -r ./* ${TEMP_DIR} cp -r ./* ${TEMP_DIR}
mkdir -p ${TEMP_DIR}/cni ${TEMP_DIR}/addons mkdir -p ${TEMP_DIR}/cni-bin ${TEMP_DIR}/addons ${TEMP_DIR}/addons/singlenode ${TEMP_DIR}/addons/multinode
cp ../../saltbase/salt/helpers/safe_format_and_mount ${TEMP_DIR}
cp ../../saltbase/salt/generate-cert/make-ca-cert.sh ${TEMP_DIR} cp ../../saltbase/salt/generate-cert/make-ca-cert.sh ${TEMP_DIR}
cp ../../addons/dns/skydns-rc.yaml.base ${TEMP_DIR}/addons/skydns-rc.yaml
cp ../../addons/dns/skydns-svc.yaml.base ${TEMP_DIR}/addons/skydns-svc.yaml
cp ../../addons/dashboard/dashboard-controller.yaml ${TEMP_DIR}/addons
cp ../../addons/dashboard/dashboard-service.yaml ${TEMP_DIR}/addons
# TODO: Move out kube-proxy to a DaemonSet again # Singlenode addons
#cp kube-proxy-ds.yaml ${TEMP_DIR}/addons/kube-proxy.yaml cp ../../addons/dns/skydns-rc.yaml.base ${TEMP_DIR}/addons/singlenode/skydns-rc.yaml
cp ../../addons/dns/skydns-svc.yaml.base ${TEMP_DIR}/addons/singlenode/skydns-svc.yaml
cp ../../addons/dashboard/dashboard-controller.yaml ${TEMP_DIR}/addons/singlenode/
cp ../../addons/dashboard/dashboard-service.yaml ${TEMP_DIR}/addons/singlenode/
# Multinode addons; all singlenode addons plus kube-proxy (and soon flannel)
cp ${TEMP_DIR}/addons/singlenode/*.yaml ${TEMP_DIR}/addons/multinode/
cp kube-proxy-ds.yaml ${TEMP_DIR}/addons/multinode/kube-proxy.yaml
cp ../../../_output/dockerized/bin/linux/${ARCH}/hyperkube ${TEMP_DIR} cp ../../../_output/dockerized/bin/linux/${ARCH}/hyperkube ${TEMP_DIR}
cd ${TEMP_DIR} && sed -i.back "s|VERSION|${VERSION}|g" addons/*.yaml static-pods/*.json cd ${TEMP_DIR} && sed -i.back "s|VERSION|${VERSION}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|REGISTRY|${REGISTRY}|g" addons/*.yaml static-pods/*.json cd ${TEMP_DIR} && sed -i.back "s|REGISTRY|${REGISTRY}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|ARCH|${ARCH}|g" addons/*.yaml static-pods/*.json cd ${TEMP_DIR} && sed -i.back "s|ARCH|${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|ARCH|${QEMUARCH}|g" Dockerfile cd ${TEMP_DIR} && sed -i.back "s|ARCH|${QEMUARCH}|g" Dockerfile
cd ${TEMP_DIR} && sed -i.back "s|BASEIMAGE|${BASEIMAGE}|g" Dockerfile cd ${TEMP_DIR} && sed -i.back "s|BASEIMAGE|${BASEIMAGE}|g" Dockerfile
cd ${TEMP_DIR} && sed -i.back "s|-amd64|-${ARCH}|g" addons/*.yaml cd ${TEMP_DIR} && sed -i.back "s|-amd64|-${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__REPLICAS__|1|g;s|__PILLAR__DNS__SERVER__|10.0.0.10|g;" addons/skydns*.yaml cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__REPLICAS__|1|g;s|__PILLAR__DNS__SERVER__|10.0.0.10|g;" addons/singlenode/skydns*.yaml addons/multinode/skydns*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__DOMAIN__|cluster.local|g;s|__PILLAR__FEDERATIONS__DOMAIN__MAP__||g;" addons/skydns*.yaml cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__DOMAIN__|cluster.local|g;s|__PILLAR__FEDERATIONS__DOMAIN__MAP__||g;" addons/singlenode/skydns*.yaml addons/multinode/skydns*.yaml
rm ${TEMP_DIR}/addons/*.back cd ${TEMP_DIR} && rm -f addons/singlenode/*.back addons/multinode/*.back static-pods/*.back
# Make scripts executable before they are copied into the Docker image. If we make them executable later, in another layer # Make scripts executable before they are copied into the Docker image. If we make them executable later, in another layer
# they'll take up twice the space because the new executable binary differs from the old one, but everything is cached in layers. # they'll take up twice the space because the new executable binary differs from the old one, but everything is cached in layers.
cd ${TEMP_DIR} && chmod a+rx \ cd ${TEMP_DIR} && chmod a+rx \
hyperkube \ hyperkube \
safe_format_and_mount \
setup-files.sh \ setup-files.sh \
make-ca-cert.sh \ make-ca-cert.sh \
copy-addons.sh copy-addons.sh
@ -88,8 +90,6 @@ endif
ifeq ($(ARCH),amd64) ifeq ($(ARCH),amd64)
# When building "normally" for amd64, remove the whole line, it has no part in the amd64 image # When building "normally" for amd64, remove the whole line, it has no part in the amd64 image
cd ${TEMP_DIR} && ${SED_CMD} "/CROSS_BUILD_/d" Dockerfile cd ${TEMP_DIR} && ${SED_CMD} "/CROSS_BUILD_/d" Dockerfile
# Download CNI
curl -sSL --retry 5 https://storage.googleapis.com/kubernetes-release/network-plugins/cni-${CNI_RELEASE}.tar.gz | tar -xz -C ${TEMP_DIR}/cni
else else
cd ${TEMP_DIR} && ${SED_CMD} "s/CROSS_BUILD_//g" Dockerfile cd ${TEMP_DIR} && ${SED_CMD} "s/CROSS_BUILD_//g" Dockerfile
@ -97,17 +97,16 @@ else
# Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel # Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel
docker run --rm --privileged multiarch/qemu-user-static:register --reset docker run --rm --privileged multiarch/qemu-user-static:register --reset
curl -sSL --retry 5 https://github.com/multiarch/qemu-user-static/releases/download/v2.5.0/x86_64_qemu-${QEMUARCH}-static.tar.xz | tar -xJ -C ${TEMP_DIR} curl -sSL --retry 5 https://github.com/multiarch/qemu-user-static/releases/download/v2.5.0/x86_64_qemu-${QEMUARCH}-static.tar.xz | tar -xJ -C ${TEMP_DIR}
endif
# This cross-compiles cni for the other architectures, until CNI releases binaries for all arches: https://github.com/containernetworking/cni/pull/241 # This cross-compiles cni for all architectures
docker run -it -v ${TEMP_DIR}/cni:/cnibin golang:1.6 /bin/bash -c "\ # TODO(freehan): Push the latest cni for all arches to storage.googleapis.com so we may just download the binaries
docker run -it -v ${TEMP_DIR}/cni-bin:/cnibin golang:1.6 /bin/bash -c "\
git clone https://github.com/containernetworking/cni \ git clone https://github.com/containernetworking/cni \
&& cd cni \ && cd cni \
&& git checkout $(CNI_RELEASE) \ && git checkout $(CNI_RELEASE) \
&& curl -sSL https://patch-diff.githubusercontent.com/raw/containernetworking/cni/pull/241.patch > multiarch.patch \
&& git apply --exclude=.travis.yml --exclude=scripts/release-with-rkt.sh < multiarch.patch \
&& GOARCH=$(ARCH) ./build \ && GOARCH=$(ARCH) ./build \
&& cp bin/* /cnibin" && cp bin/* /cnibin"
endif
docker build -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR} docker build -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR}
rm -rf "${TEMP_DIR}" rm -rf "${TEMP_DIR}"

9
cluster/images/hyperkube/cni-conf/10-containernet.conf
View File

@ -1,9 +1,10 @@
{ {
"name": "containernet", "name": "containernet",
"type": "flannel", "type": "flannel",
"delegate": { "delegate": {
"bridge": "cni0", "bridge": "cni0",
"mtu": 1450, "mtu": 1450,
"isDefaultGateway": true "isDefaultGateway": true,
"forceAddress": true
} }
} }

9
cluster/images/hyperkube/copy-addons.sh
View File

@ -13,16 +13,19 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# Now we're running in the sidecar container # Now we're running in the sidecar container
# /etc/kubernetes/addons holds the data in the hyperkube container # /etc/kubernetes/addons holds the data in the hyperkube container
# /srv/kubernetes is an emptyDir that maps to /etc/kubernetes in the addon-manager container # /srv/kubernetes is an emptyDir that maps to /etc/kubernetes in the addon-manager container
# This way we're using the latest manifests from hyperkube without updating # This way we're using the latest manifests from hyperkube without updating
# kube-addon-manager which is used for other deployments too # kube-addon-manager which is used for other deployments too
# Inside /etc/kubernetes/addons, there are two directories: singlenode and multinode
# If "singlenode" is passed to this script; those manifests are copied to the addon-manager and vice versa with "multinode"
SUBDIRECTORY=$1
# While there is no data copied over to the emptyDir, try to copy it. # While there is no data copied over to the emptyDir, try to copy it.
while [[ ! -d /srv/kubernetes/addons ]]; do while [[ -z $(ls /srv/kubernetes/addons) ]]; do
cp -r /etc/kubernetes/* /srv/kubernetes/ cp -r /etc/kubernetes/addons/${SUBDIRECTORY}/* /srv/kubernetes/addons/
done done
# Then sleep forever # Then sleep forever

14
cluster/images/hyperkube/kube-proxy-ds.yaml
View File

@ -12,12 +12,10 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# TODO: Move out kube-proxy to a DaemonSet again
# This is disabled for the v1.3 release, due to bootstrapping complexities
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: k8s-proxy name: k8s-proxy-v1
namespace: kube-system namespace: kube-system
labels: labels:
k8s-app: k8s-proxy k8s-app: k8s-proxy
@ -38,8 +36,16 @@ spec:
command: command:
- /hyperkube - /hyperkube
- proxy - proxy
- --master=http://127.0.0.1:8080 - --kubeconfig=/var/lib/kubelet/kubeconfig/kubeconfig.yaml
- --v=2 - --v=2
- --resource-container="" - --resource-container=""
securityContext: securityContext:
privileged: true privileged: true
volumeMounts:
- name: kubeconfig
mountPath: /var/lib/kubelet/kubeconfig
readOnly: true
volumes:
- name: kubeconfig
hostPath:
path: /var/lib/kubelet/kubeconfig

19
cluster/images/hyperkube/setup-files.sh
View File

@ -30,39 +30,40 @@ create_token() {
# list of Subject Alternative Names of the server TLS certificate # list of Subject Alternative Names of the server TLS certificate
# Should contain internal IP, i.e. IP:10.0.0.1 for 10.0.0.0/24 cluster IP range # Should contain internal IP, i.e. IP:10.0.0.1 for 10.0.0.0/24 cluster IP range
EXTRA_SANS=$1 EXTRA_SANS=$1
DATA_DIR=/srv/kubernetes
# Files in /data are persistent across reboots, so we don't want to re-create the files if they already # Files in /data are persistent across reboots, so we don't want to re-create the files if they already
# exist, because the state is persistent in etcd too, and we don't want a conflict between "old" data in # exist, because the state is persistent in etcd too, and we don't want a conflict between "old" data in
# etcd and "new" data that this script would create for apiserver. Therefore, if the file exist, skip it. # etcd and "new" data that this script would create for apiserver. Therefore, if the file exist, skip it.
if [[ ! -f /data/ca.crt ]]; then if [[ ! -f ${DATA_DIR}/ca.crt ]]; then
# Create HTTPS certificates # Create HTTPS certificates
groupadd -f -r kube-cert-test groupadd -f -r kube-cert
# hostname -I gets the ip of the node # hostname -I gets the ip of the node
CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS} /make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS}
echo "Certificates created $(date)" echo "Certificates created $(date)"
else else
echo "Certificates already found, not recreating." echo "Certificates already found, not recreating."
fi fi
if [[ ! -f /data/basic_auth.csv ]]; then if [[ ! -f ${DATA_DIR}/basic_auth.csv ]]; then
# Create basic token authorization # Create basic token authorization
echo "admin,admin,admin" > /data/basic_auth.csv echo "admin,admin,admin" > ${DATA_DIR}/basic_auth.csv
echo "basic_auth.csv created $(date)" echo "basic_auth.csv created $(date)"
else else
echo "basic_auth.csv already found, not recreating." echo "basic_auth.csv already found, not recreating."
fi fi
if [[ ! -f /data/known_tokens.csv ]]; then if [[ ! -f ${DATA_DIR}/known_tokens.csv ]]; then
# Create known tokens for service accounts # Create known tokens for service accounts
echo "$(create_token),admin,admin" >> /data/known_tokens.csv echo "$(create_token),admin,admin" >> ${DATA_DIR}/known_tokens.csv
echo "$(create_token),kubelet,kubelet" >> /data/known_tokens.csv echo "$(create_token),kubelet,kubelet" >> ${DATA_DIR}/known_tokens.csv
echo "$(create_token),kube_proxy,kube_proxy" >> /data/known_tokens.csv echo "$(create_token),kube_proxy,kube_proxy" >> ${DATA_DIR}/known_tokens.csv
echo "known_tokens.csv created $(date)" echo "known_tokens.csv created $(date)"
else else

9
cluster/images/hyperkube/static-pods/addon-manager.json → cluster/images/hyperkube/static-pods/addon-manager-multinode.json
View File

@ -11,7 +11,7 @@
"containers": [ "containers": [
{ {
"name": "kube-addon-manager", "name": "kube-addon-manager",
"image": "gcr.io/google-containers/kube-addon-manager-ARCH:v5.1", "image": "REGISTRY/kube-addon-manager-ARCH:v5.1",
"resources": { "resources": {
"requests": { "requests": {
"cpu": "5m", "cpu": "5m",
@ -21,7 +21,7 @@
"volumeMounts": [ "volumeMounts": [
{ {
"name": "addons", "name": "addons",
"mountPath": "/etc/kubernetes/", "mountPath": "/etc/kubernetes/addons",
"readOnly": true "readOnly": true
} }
] ]
@ -30,12 +30,13 @@
"name": "kube-addon-manager-data", "name": "kube-addon-manager-data",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/copy-addons.sh" "/copy-addons.sh",
"multinode"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
"name": "addons", "name": "addons",
"mountPath": "/srv/kubernetes/", "mountPath": "/srv/kubernetes/addons",
"readOnly": false "readOnly": false
} }
] ]

52
cluster/images/hyperkube/static-pods/addon-manager-singlenode.json Normal file
View File

@ -0,0 +1,52 @@
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "kube-addon-manager",
"namespace": "kube-system",
"version": "v1"
},
"spec": {
"hostNetwork": true,
"containers": [
{
"name": "kube-addon-manager",
"image": "REGISTRY/kube-addon-manager-ARCH:v5.1",
"resources": {
"requests": {
"cpu": "5m",
"memory": "50Mi"
}
},
"volumeMounts": [
{
"name": "addons",
"mountPath": "/etc/kubernetes/addons",
"readOnly": true
}
]
},
{
"name": "kube-addon-manager-data",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/copy-addons.sh",
"singlenode"
],
"volumeMounts": [
{
"name": "addons",
"mountPath": "/srv/kubernetes/addons",
"readOnly": false
}
]
}
],
"volumes":[
{
"name": "addons",
"emptyDir": {}
}
]
}
}

8
cluster/images/hyperkube/static-pods/etcd.json
View File

@ -12,10 +12,10 @@
"name": "etcd", "name": "etcd",
"image": "gcr.io/google_containers/etcd-ARCH:3.0.4", "image": "gcr.io/google_containers/etcd-ARCH:3.0.4",
"command": [ "command": [
"/usr/local/bin/etcd", "/usr/local/bin/etcd",
"--listen-client-urls=http://127.0.0.1:2379", "--listen-client-urls=http://127.0.0.1:2379,http://127.0.0.1:4001",
"--advertise-client-urls=http://127.0.0.1:2379", "--advertise-client-urls=http://127.0.0.1:2379,http://127.0.0.1:4001",
"--data-dir=/var/etcd/data" "--data-dir=/var/etcd/data"
], ],
"volumeMounts": [ "volumeMounts": [
{ {

10
cluster/images/hyperkube/static-pods/kube-proxy.json
View File

@ -12,11 +12,11 @@
"name": "kube-proxy", "name": "kube-proxy",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/hyperkube", "/hyperkube",
"proxy", "proxy",
"--master=http://127.0.0.1:8080", "--master=http://127.0.0.1:8080",
"--v=2", "--v=2",
"--resource-container=\"\"" "--resource-container=\"\""
], ],
"securityContext": { "securityContext": {
"privileged": true "privileged": true

61
cluster/images/hyperkube/static-pods/master-multi.json
View File

@ -12,13 +12,15 @@
"name": "controller-manager", "name": "controller-manager",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/hyperkube", "/hyperkube",
"controller-manager", "controller-manager",
"--master=127.0.0.1:8080", "--master=127.0.0.1:8080",
"--service-account-private-key-file=/srv/kubernetes/server.key", "--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt", "--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m", "--min-resync-period=3m",
"--v=2" "--leader-elect=true",
"--cluster-cidr=10.1.0.0/16",
"--v=2"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
@ -31,20 +33,20 @@
"name": "apiserver", "name": "apiserver",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/hyperkube", "/hyperkube",
"apiserver", "apiserver",
"--service-cluster-ip-range=10.0.0.1/24", "--service-cluster-ip-range=10.0.0.1/24",
"--insecure-bind-address=0.0.0.0", "--insecure-bind-address=0.0.0.0",
"--etcd-servers=http://127.0.0.1:2379", "--etcd-servers=http://127.0.0.1:2379",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt", "--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv", "--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300", "--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert", "--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key", "--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv", "--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true", "--allow-privileged=true",
"--v=2" "--v=2"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
@ -57,23 +59,24 @@
"name": "scheduler", "name": "scheduler",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/hyperkube", "/hyperkube",
"scheduler", "scheduler",
"--master=127.0.0.1:8080", "--master=127.0.0.1:8080",
"--v=2" "--leader-elect=true",
] "--v=2"
]
}, },
{ {
"name": "setup", "name": "setup",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/setup-files.sh", "/setup-files.sh",
"IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local" "IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
"name": "data", "name": "data",
"mountPath": "/data" "mountPath": "/srv/kubernetes"
} }
] ]
} }

60
cluster/images/hyperkube/static-pods/master.json
View File

@ -12,13 +12,14 @@
"name": "controller-manager", "name": "controller-manager",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/hyperkube", "/hyperkube",
"controller-manager", "controller-manager",
"--master=127.0.0.1:8080", "--master=127.0.0.1:8080",
"--service-account-private-key-file=/srv/kubernetes/server.key", "--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt", "--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m", "--min-resync-period=3m",
"--v=2" "--leader-elect=true",
"--v=2"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
@ -31,20 +32,20 @@
"name": "apiserver", "name": "apiserver",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/hyperkube", "/hyperkube",
"apiserver", "apiserver",
"--service-cluster-ip-range=10.0.0.1/24", "--service-cluster-ip-range=10.0.0.1/24",
"--insecure-bind-address=127.0.0.1", "--insecure-bind-address=127.0.0.1",
"--etcd-servers=http://127.0.0.1:2379", "--etcd-servers=http://127.0.0.1:2379",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota", "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt", "--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv", "--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300", "--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert", "--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key", "--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv", "--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true", "--allow-privileged=true",
"--v=2" "--v=2"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
@ -57,23 +58,24 @@
"name": "scheduler", "name": "scheduler",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/hyperkube", "/hyperkube",
"scheduler", "scheduler",
"--master=127.0.0.1:8080", "--master=127.0.0.1:8080",
"--v=2" "--leader-elect=true",
] "--v=2"
]
}, },
{ {
"name": "setup", "name": "setup",
"image": "REGISTRY/hyperkube-ARCH:VERSION", "image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [ "command": [
"/setup-files.sh", "/setup-files.sh",
"IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local" "IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
], ],
"volumeMounts": [ "volumeMounts": [
{ {
"name": "data", "name": "data",
"mountPath": "/data" "mountPath": "/srv/kubernetes"
} }
] ]
} }