Simplify local docker setup.

cluster/get-kube-local.sh

@@ -47,8 +47,12 @@ function echo_yellow {
 }
 
 function run {
-  output=$($1 2>&1 || true)
+  # For a moment we need to change bash options to capture message if a command fails.
-  if [ $? -eq 0 ]; then
+  set +o errexit
+  output=$($1 2>&1)
+  exit_code=$?
+  set -o errexit
+  if [ $exit_code -eq 0 ]; then
     echo_green "SUCCESS"
   else
     echo_red "FAILED"
@@ -109,7 +113,8 @@ function get_latest_version_number {
   fi
 }
 
-release=$(get_latest_version_number)
+latest_release=$(get_latest_version_number)
+release=${KUBE_VERSION:-latest_release}
 
 uname=$(uname)
 if [[ "${uname}" == "Darwin" ]]; then

cluster/images/hyperkube/Dockerfile

@@ -19,6 +19,8 @@ RUN chmod a+rx /hyperkube
 
 COPY master-multi.json /etc/kubernetes/manifests-multi/master.json
 COPY master.json /etc/kubernetes/manifests/master.json
+COPY etcd.json /etc/kubernetes/manifests/etcd.json
+COPY kube-proxy.json /etc/kubernetes/manifests/kube-proxy.json
 
 COPY safe_format_and_mount /usr/share/google/safe_format_and_mount
 RUN chmod a+rx /usr/share/google/safe_format_and_mount

cluster/images/hyperkube/Makefile

@@ -9,19 +9,28 @@ BASEIMAGE=debian:jessie
 # need to escape '/' for the regexp below
 # BASEIMAGE=armbuild\\/debian:jessie
 
-all:
+all: build
+
+build:
 	cp ../../saltbase/salt/helpers/safe_format_and_mount .
 	cp ../../saltbase/salt/generate-cert/make-ca-cert.sh  .
 	curl -O https://storage.googleapis.com/kubernetes-release/release/${VERSION}/bin/linux/${ARCH}/hyperkube
-	sed -i "s/VERSION/${VERSION}/g" master-multi.json master.json
+	sed -i "s/VERSION/${VERSION}/g" master-multi.json master.json kube-proxy.json
-        sed -i "s/ARCH/${ARCH}/g" master-multi.json master.json
+	sed -i "s/ARCH/${ARCH}/g" master-multi.json master.json kube-proxy.json
 	sed -i "s/BASEIMAGE/${BASEIMAGE}/g" Dockerfile
 	docker build -t gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} .
-	gcloud docker push gcr.io/google_containers/hyperkube-${ARCH}:${VERSION}
 	# Backward compatability.  TODO: deprecate this image tag
 ifeq ($(ARCH),amd64)
-		docker tag gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} gcr.io/google_containers/hyperkube:${VERSION}
+	docker tag -f gcr.io/google_containers/hyperkube-${ARCH}:${VERSION} gcr.io/google_containers/hyperkube:${VERSION}
+endif
+
+push: build
+	gcloud docker push gcr.io/google_containers/hyperkube-${ARCH}:${VERSION}
+ifeq ($(ARCH),amd64)
 	gcloud docker push gcr.io/google_containers/hyperkube:${VERSION}
 endif
 
+clean:
+	rm -f safe_format_and_mount make-ca-cert.sh hyperkube
+
 .PHONY: all

cluster/images/hyperkube/etcd.json

@@ -0,0 +1,33 @@
+{
+  "apiVersion": "v1",
+  "kind": "Pod",
+  "metadata": {"name":"k8s-etcd"},
+  "spec": {
+    "hostNetwork": true,
+    "containers": [
+      {
+        "name": "etcd",
+        "image": "gcr.io/google_containers/etcd:2.2.1",
+        "command": [
+                "/usr/local/bin/etcd",
+                "--listen-client-urls=http://127.0.0.1:4001",
+                "--advertise-client-urls=http://127.0.0.1:4001",
+                "--data-dir=/var/etcd/data"
+        ],
+        "volumeMounts": [
+          {
+            "name": "varetcd",
+            "mountPath": "/var/etcd",
+            "readOnly": false
+          }
+        ]
+      }
+    ],
+    "volumes":[
+      {
+        "name": "varetcd",
+        "emptyDir": {}
+      }
+    ]
+  }
+}

cluster/images/hyperkube/kube-proxy.json

@@ -0,0 +1,24 @@
+{
+  "apiVersion": "v1",
+  "kind": "Pod",
+  "metadata": {"name":"k8s-proxy"},
+  "spec": {
+    "hostNetwork": true,
+    "containers": [
+      {
+        "name": "kube-proxy",
+        "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION",
+        "command": [
+                "/hyperkube",
+                "proxy",
+                "--master=http://127.0.0.1:8080",
+                "--v=2",
+                "--resource-container=\"\""
+        ],
+        "securityContext": {
+          "privileged": true
+        }
+      }
+    ]
+  }
+}

cluster/images/hyperkube/master.json

@@ -41,7 +41,7 @@
               "--tls-cert-file=/srv/kubernetes/server.cert",
               "--tls-private-key-file=/srv/kubernetes/server.key",
               "--token-auth-file=/srv/kubernetes/known_tokens.csv",
-              "--allow-privileged=True",
+              "--allow-privileged=true",
               "--v=4"
         ],
       "volumeMounts": [
@@ -63,7 +63,7 @@
     },
     {
       "name": "setup",
-      "image": "gcr.io/google_containers/hyperkube:VERSION",
+      "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION",
       "command": [
               "/setup-files.sh"
       ],

cluster/images/hyperkube/setup-files.sh

@@ -31,7 +31,8 @@ create_token() {
 echo "admin,admin,admin" > /data/basic_auth.csv
 
 # Create HTTPS certificates
-CERT_DIR=/data /make-ca-cert.sh $(hostname -i)
+groupadd -f -r kube-cert-test
+CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -i)
 
 # Create known tokens for service accounts
 echo "$(create_token),admin,admin" >> /data/known_tokens.csv

cluster/images/hyperkube/turnup.sh

@@ -20,13 +20,7 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-docker run --net=host -d gcr.io/google_containers/etcd:2.2.1 \
+docker run \
-  /usr/local/bin/etcd \
-    --addr=127.0.0.1:4001 \
-    --bind-addr=0.0.0.0:4001 \
-    --data-dir=/var/etcd/data
-
-docker run --pid=host \
   --volume=/:/rootfs:ro \
   --volume=/sys:/sys:ro \
   --volume=/dev:/dev \
@@ -42,9 +36,5 @@ docker run --pid=host \
     --hostname-override="127.0.0.1" \
     --address="0.0.0.0" \
     --api-servers=http://localhost:8080 \
-    --config=/etc/kubernetes/manifests --v=10
+    --config=/etc/kubernetes/manifests \
-
+    --allow-privileged=true --v=10
-docker run -d --net=host --privileged \
-  gcr.io/google_containers/hyperkube:v${K8S_VERSION} \
-  /hyperkube proxy \
-    --master=http://127.0.0.1:8080 --v=2

docs/getting-started-guides/docker.md

@@ -59,13 +59,7 @@ Here's a diagram of what the final result will look like:
 2. Decide what Kubernetes version to use.  Set the `${K8S_VERSION}` variable to
    a value such as "1.1.1".
 
-### Step One: Run etcd
+### Run it
-
-```sh
-docker run --net=host -d gcr.io/google_containers/etcd:2.2.1 /usr/local/bin/etcd --listen-client-urls=http://127.0.0.1:4001 --advertise-client-urls=http://127.0.0.1:4001 --data-dir=/var/etcd/data
-```
-
-### Step Two: Run the master
 
 ```sh
 docker run \
@@ -80,17 +74,17 @@ docker run \
     --privileged=true \
     -d \
     gcr.io/google_containers/hyperkube:v${K8S_VERSION} \
-    /hyperkube kubelet --containerized --hostname-override="127.0.0.1" --address="0.0.0.0" --api-servers=http://localhost:8080 --config=/etc/kubernetes/manifests
+    /hyperkube kubelet \
+        --containerized \
+        --hostname-override="127.0.0.1" \
+        --address="0.0.0.0" \
+        --api-servers=http://localhost:8080 \
+        --config=/etc/kubernetes/manifests \
+        --allow-privileged=true --v=10
 ```
 
 This actually runs the kubelet, which in turn runs a [pod](../user-guide/pods.md) that contains the other master components.
 
-### Step Three: Run the service proxy
-
-```sh
-docker run -d --net=host --privileged gcr.io/google_containers/hyperkube:v${K8S_VERSION} /hyperkube proxy --master=http://127.0.0.1:8080 --v=2
-```
-
 ### Download ```kubectl```
 
 At this point you should have a running Kubernetes cluster.  You can test this