mirror of
https://github.com/outbackdingo/matchbox.git
synced 2026-01-28 02:19:35 +00:00
Merge pull request #115 from coreos/port-to-ignition
Rewrite k8s-master and k8s-worker Profiles from cloud-config to Ignition
This commit is contained in:
Dalton Hubble
@@ -8,8 +8,7 @@ Cloud-Config template files can be added in the `/etc/bootcfg/cloud` directory o
|
||||
data/
|
||||
├── cloud
|
||||
│ ├── cloud.yaml
|
||||
│ ├── kubernetes-master.sh
|
||||
│ └── kubernetes-worker.sh
|
||||
│ └── script.sh
|
||||
├── ignition
|
||||
└── profiles
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
|
||||
# Examples
|
||||
|
||||
These examples show declarative configurations for network booting libvirt VMs into CoreOS clusters (Kubernetes, etcd) using `bootcfg`.
|
||||
These examples network boot and provision VMs into CoreOS clusters using `bootcfg`.
|
||||
|
||||
| Name | Description | CoreOS Version | FS | Reference |
|
||||
|------------|-------------|----------------|----|-----------|
|
||||
|
||||
0
examples/cloud/.gitkeep
Normal file
0
examples/cloud/.gitkeep
Normal file
@@ -1,588 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# List of etcd servers (http://ip:port), comma separated
|
||||
export ETCD_ENDPOINTS={{.k8s_etcd_endpoints}}
|
||||
|
||||
# Specify the version (vX.Y.Z) of Kubernetes assets to deploy
|
||||
export K8S_VER=v1.1.8_coreos.0
|
||||
|
||||
# The CIDR network to use for pod IPs.
|
||||
# Each pod launched in the cluster will be assigned an IP out of this range.
|
||||
# Each node will be configured such that these IPs will be routable using the flannel overlay network.
|
||||
export POD_NETWORK={{.k8s_pod_network}}
|
||||
|
||||
# The CIDR network to use for service cluster IPs.
|
||||
# Each service will be assigned a cluster IP out of this range.
|
||||
# This must not overlap with any IP ranges assigned to the POD_NETWORK, or other existing network infrastructure.
|
||||
# Routing to these IPs is handled by a proxy service local to each node, and are not required to be routable between nodes.
|
||||
export SERVICE_IP_RANGE={{.k8s_service_ip_range}}
|
||||
|
||||
# The IP address of the Kubernetes API Service
|
||||
# If the SERVICE_IP_RANGE is changed above, this must be set to the first IP in that range.
|
||||
export K8S_SERVICE_IP={{.k8s_service_ip}}
|
||||
|
||||
# The IP address of the cluster DNS service.
|
||||
# This IP must be in the range of the SERVICE_IP_RANGE and cannot be the first IP in the range.
|
||||
# This same IP must be configured on all worker nodes to enable DNS service discovery.
|
||||
export DNS_SERVICE_IP={{.k8s_dns_service_ip}}
|
||||
|
||||
# ADVERTISE_IP is the host node's IP.
|
||||
export ADVERTISE_IP={{.ipv4_address}}
|
||||
|
||||
# TLS Certificate assets are hosted by the Config Server
|
||||
export CERT_ENDPOINT={{.k8s_cert_endpoint}}
|
||||
|
||||
function init_config {
|
||||
local REQUIRED=('ADVERTISE_IP' 'POD_NETWORK' 'ETCD_ENDPOINTS' 'SERVICE_IP_RANGE' 'K8S_SERVICE_IP' 'DNS_SERVICE_IP' 'K8S_VER' )
|
||||
|
||||
for REQ in "${REQUIRED[@]}"; do
|
||||
if [ -z "$(eval echo \$$REQ)" ]; then
|
||||
echo "Missing required config value: ${REQ}"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
function get_certs {
|
||||
DEST=/etc/kubernetes/ssl
|
||||
mkdir -p $DEST
|
||||
echo "Waiting for Certificate Endpoint..."
|
||||
until curl --silent $CERT_ENDPOINT
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
curl $CERT_ENDPOINT/tls/apiserver.pem -o $DEST/apiserver.pem
|
||||
curl $CERT_ENDPOINT/tls/apiserver-key.pem -o $DEST/apiserver-key.pem
|
||||
curl $CERT_ENDPOINT/tls/ca.pem -o $DEST/ca.pem
|
||||
}
|
||||
|
||||
function init_flannel {
|
||||
echo "Waiting for etcd..."
|
||||
while true
|
||||
do
|
||||
IFS=',' read -ra ES <<< "$ETCD_ENDPOINTS"
|
||||
for ETCD in "${ES[@]}"; do
|
||||
echo "Trying: $ETCD"
|
||||
if [ -n "$(curl --silent "$ETCD/v2/machines")" ]; then
|
||||
local ACTIVE_ETCD=$ETCD
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
if [ -n "$ACTIVE_ETCD" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
RES=$(curl --silent -X PUT -d "value={\"Network\":\"$POD_NETWORK\",\"Backend\":{\"Type\":\"vxlan\"}}" "$ACTIVE_ETCD/v2/keys/coreos.com/network/config?prevExist=false")
|
||||
if [ -z "$(echo $RES | grep '"action":"create"')" ] && [ -z "$(echo $RES | grep 'Key already exists')" ]; then
|
||||
echo "Unexpected error configuring flannel pod network: $RES"
|
||||
fi
|
||||
}
|
||||
|
||||
function init_templates {
|
||||
local TEMPLATE=/etc/systemd/system/kubelet.service
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
|
||||
Environment=KUBELET_VERSION=${K8S_VER}
|
||||
ExecStart=/usr/lib/coreos/kubelet-wrapper \
|
||||
--api_servers=http://127.0.0.1:8080 \
|
||||
--register-node=false \
|
||||
--allow-privileged=true \
|
||||
--config=/etc/kubernetes/manifests \
|
||||
--hostname-override=${ADVERTISE_IP} \
|
||||
--cluster_dns=${DNS_SERVICE_IP} \
|
||||
--cluster_domain=cluster.local
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-proxy
|
||||
image: quay.io/coreos/hyperkube:$K8S_VER
|
||||
command:
|
||||
- /hyperkube
|
||||
- proxy
|
||||
- --master=http://127.0.0.1:8080
|
||||
- --proxy-mode=iptables
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
name: ssl-certs-host
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-apiserver
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-apiserver
|
||||
image: quay.io/coreos/hyperkube:$K8S_VER
|
||||
command:
|
||||
- /hyperkube
|
||||
- apiserver
|
||||
- --bind-address=0.0.0.0
|
||||
- --etcd-servers=${ETCD_ENDPOINTS}
|
||||
- --allow-privileged=true
|
||||
- --service-cluster-ip-range=${SERVICE_IP_RANGE}
|
||||
- --secure-port=443
|
||||
- --advertise-address=${ADVERTISE_IP}
|
||||
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
|
||||
- --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
|
||||
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
|
||||
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
|
||||
- --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
|
||||
ports:
|
||||
- containerPort: 443
|
||||
hostPort: 443
|
||||
name: https
|
||||
- containerPort: 8080
|
||||
hostPort: 8080
|
||||
name: local
|
||||
volumeMounts:
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
readOnly: true
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
name: ssl-certs-host
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/kubernetes/manifests/kube-podmaster.yaml
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-podmaster
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: scheduler-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers=${ETCD_ENDPOINTS}
|
||||
- --key=scheduler
|
||||
- --whoami=${ADVERTISE_IP}
|
||||
- --source-file=/src/manifests/kube-scheduler.yaml
|
||||
- --dest-file=/dst/manifests/kube-scheduler.yaml
|
||||
volumeMounts:
|
||||
- mountPath: /src/manifests
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: /dst/manifests
|
||||
name: manifest-dst
|
||||
- name: controller-manager-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers=${ETCD_ENDPOINTS}
|
||||
- --key=controller
|
||||
- --whoami=${ADVERTISE_IP}
|
||||
- --source-file=/src/manifests/kube-controller-manager.yaml
|
||||
- --dest-file=/dst/manifests/kube-controller-manager.yaml
|
||||
terminationMessagePath: /dev/termination-log
|
||||
volumeMounts:
|
||||
- mountPath: /src/manifests
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: /dst/manifests
|
||||
name: manifest-dst
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /srv/kubernetes/manifests
|
||||
name: manifest-src
|
||||
- hostPath:
|
||||
path: /etc/kubernetes/manifests
|
||||
name: manifest-dst
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/srv/kubernetes/manifests/kube-controller-manager.yaml
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-controller-manager
|
||||
namespace: kube-system
|
||||
spec:
|
||||
containers:
|
||||
- name: kube-controller-manager
|
||||
image: quay.io/coreos/hyperkube:$K8S_VER
|
||||
command:
|
||||
- /hyperkube
|
||||
- controller-manager
|
||||
- --master=http://127.0.0.1:8080
|
||||
- --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
|
||||
- --root-ca-file=/etc/kubernetes/ssl/ca.pem
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
path: /healthz
|
||||
port: 10252
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
readOnly: true
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
hostNetwork: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
name: ssl-certs-host
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/srv/kubernetes/manifests/kube-scheduler.yaml
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-scheduler
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-scheduler
|
||||
image: quay.io/coreos/hyperkube:$K8S_VER
|
||||
command:
|
||||
- /hyperkube
|
||||
- scheduler
|
||||
- --master=http://127.0.0.1:8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
path: /healthz
|
||||
port: 10251
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 1
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/srv/kubernetes/manifests/kube-system.json
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Namespace",
|
||||
"metadata": {
|
||||
"name": "kube-system"
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/srv/kubernetes/manifests/kube-dns-rc.json
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "ReplicationController",
|
||||
"metadata": {
|
||||
"labels": {
|
||||
"k8s-app": "kube-dns",
|
||||
"kubernetes.io/cluster-service": "true",
|
||||
"version": "v9"
|
||||
},
|
||||
"name": "kube-dns-v9",
|
||||
"namespace": "kube-system"
|
||||
},
|
||||
"spec": {
|
||||
"replicas": 1,
|
||||
"selector": {
|
||||
"k8s-app": "kube-dns",
|
||||
"version": "v9"
|
||||
},
|
||||
"template": {
|
||||
"metadata": {
|
||||
"labels": {
|
||||
"k8s-app": "kube-dns",
|
||||
"kubernetes.io/cluster-service": "true",
|
||||
"version": "v9"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"containers": [
|
||||
{
|
||||
"command": [
|
||||
"/usr/local/bin/etcd",
|
||||
"-data-dir",
|
||||
"/var/etcd/data",
|
||||
"-listen-client-urls",
|
||||
"http://127.0.0.1:2379,http://127.0.0.1:4001",
|
||||
"-advertise-client-urls",
|
||||
"http://127.0.0.1:2379,http://127.0.0.1:4001",
|
||||
"-initial-cluster-token",
|
||||
"skydns-etcd"
|
||||
],
|
||||
"image": "gcr.io/google_containers/etcd:2.0.9",
|
||||
"name": "etcd",
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "100m",
|
||||
"memory": "50Mi"
|
||||
}
|
||||
},
|
||||
"volumeMounts": [
|
||||
{
|
||||
"mountPath": "/var/etcd/data",
|
||||
"name": "etcd-storage"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"args": [
|
||||
"-domain=cluster.local"
|
||||
],
|
||||
"image": "gcr.io/google_containers/kube2sky:1.11",
|
||||
"name": "kube2sky",
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "100m",
|
||||
"memory": "50Mi"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"args": [
|
||||
"-machines=http://127.0.0.1:4001",
|
||||
"-addr=0.0.0.0:53",
|
||||
"-ns-rotate=false",
|
||||
"-domain=cluster.local."
|
||||
],
|
||||
"image": "gcr.io/google_containers/skydns:2015-10-13-8c72f8c",
|
||||
"livenessProbe": {
|
||||
"httpGet": {
|
||||
"path": "/healthz",
|
||||
"port": 8080,
|
||||
"scheme": "HTTP"
|
||||
},
|
||||
"initialDelaySeconds": 30,
|
||||
"timeoutSeconds": 5
|
||||
},
|
||||
"name": "skydns",
|
||||
"ports": [
|
||||
{
|
||||
"containerPort": 53,
|
||||
"name": "dns",
|
||||
"protocol": "UDP"
|
||||
},
|
||||
{
|
||||
"containerPort": 53,
|
||||
"name": "dns-tcp",
|
||||
"protocol": "TCP"
|
||||
}
|
||||
],
|
||||
"readinessProbe": {
|
||||
"httpGet": {
|
||||
"path": "/healthz",
|
||||
"port": 8080,
|
||||
"scheme": "HTTP"
|
||||
},
|
||||
"initialDelaySeconds": 1,
|
||||
"timeoutSeconds": 5
|
||||
},
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "100m",
|
||||
"memory": "50Mi"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"args": [
|
||||
"-cmd=nslookup kubernetes.default.svc.cluster.local localhost >/dev/null",
|
||||
"-port=8080"
|
||||
],
|
||||
"image": "gcr.io/google_containers/exechealthz:1.0",
|
||||
"name": "healthz",
|
||||
"ports": [
|
||||
{
|
||||
"containerPort": 8080,
|
||||
"protocol": "TCP"
|
||||
}
|
||||
],
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "10m",
|
||||
"memory": "20Mi"
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"dnsPolicy": "Default",
|
||||
"volumes": [
|
||||
{
|
||||
"emptyDir": {},
|
||||
"name": "etcd-storage"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/srv/kubernetes/manifests/kube-dns-svc.json
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Service",
|
||||
"metadata": {
|
||||
"name": "kube-dns",
|
||||
"namespace": "kube-system",
|
||||
"labels": {
|
||||
"k8s-app": "kube-dns",
|
||||
"kubernetes.io/name": "KubeDNS",
|
||||
"kubernetes.io/cluster-service": "true"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"clusterIP": "$DNS_SERVICE_IP",
|
||||
"ports": [
|
||||
{
|
||||
"protocol": "UDP",
|
||||
"name": "dns",
|
||||
"port": 53
|
||||
},
|
||||
{
|
||||
"protocol": "TCP",
|
||||
"name": "dns-tcp",
|
||||
"port": 53
|
||||
}
|
||||
],
|
||||
"selector": {
|
||||
"k8s-app": "kube-dns"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/flannel/options.env
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
FLANNELD_IFACE=$ADVERTISE_IP
|
||||
FLANNELD_ETCD_ENDPOINTS=$ETCD_ENDPOINTS
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf.conf
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/systemd/system/docker.service.d/40-flannel.conf
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
[Unit]
|
||||
Requires=flanneld.service
|
||||
After=flanneld.service
|
||||
EOF
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function start_addons {
|
||||
echo "Waiting for Kubernetes API..."
|
||||
until curl --silent "http://127.0.0.1:8080/version"
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
echo
|
||||
echo "K8S: kube-system namespace"
|
||||
curl --silent -XPOST -d"$(cat /srv/kubernetes/manifests/kube-system.json)" "http://127.0.0.1:8080/api/v1/namespaces" > /dev/null
|
||||
echo "K8S: DNS addon"
|
||||
curl --silent -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-rc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/replicationcontrollers" > /dev/null
|
||||
curl --silent -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-svc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" > /dev/null
|
||||
}
|
||||
|
||||
init_config
|
||||
get_certs
|
||||
init_templates
|
||||
init_flannel
|
||||
|
||||
{{if .autoupdate}}{{else}}systemctl stop update-engine; systemctl mask update-engine{{end}}
|
||||
systemctl daemon-reload
|
||||
systemctl enable kubelet; systemctl start kubelet
|
||||
|
||||
start_addons
|
||||
|
||||
echo "done" > /home/core/master
|
||||
@@ -1,188 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# List of etcd servers (http://ip:port), comma separated
|
||||
export ETCD_ENDPOINTS={{.k8s_etcd_endpoints}}
|
||||
|
||||
# The endpoint the worker node should use to contact controller nodes (https://ip:port)
|
||||
# In HA configurations this should be an external DNS record or loadbalancer in front of the control nodes.
|
||||
# However, it is also possible to point directly to a single control node.
|
||||
export CONTROLLER_ENDPOINT={{.k8s_controller_endpoint}}
|
||||
|
||||
# Specify the version (vX.Y.Z) of Kubernetes assets to deploy
|
||||
export K8S_VER=v1.1.8_coreos.0
|
||||
|
||||
# The IP address of the cluster DNS service.
|
||||
# This must be the same DNS_SERVICE_IP used when configuring the controller nodes.
|
||||
export DNS_SERVICE_IP={{.k8s_dns_service_ip}}
|
||||
|
||||
# ADVERTISE_IP is the host node's IP.
|
||||
export ADVERTISE_IP={{.ipv4_address}}
|
||||
|
||||
# TLS Certificate assets are hosted by the Config Server
|
||||
export CERT_ENDPOINT={{.k8s_cert_endpoint}}
|
||||
|
||||
function init_config {
|
||||
local REQUIRED=( 'ADVERTISE_IP' 'ETCD_ENDPOINTS' 'CONTROLLER_ENDPOINT' 'DNS_SERVICE_IP' 'K8S_VER' )
|
||||
|
||||
for REQ in "${REQUIRED[@]}"; do
|
||||
if [ -z "$(eval echo \$$REQ)" ]; then
|
||||
echo "Missing required config value: ${REQ}"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
function get_certs {
|
||||
DEST=/etc/kubernetes/ssl
|
||||
mkdir -p $DEST
|
||||
echo "Waiting for Certificate Endpoint..."
|
||||
until curl --silent $CERT_ENDPOINT
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
curl $CERT_ENDPOINT/tls/worker.pem -o $DEST/worker.pem
|
||||
curl $CERT_ENDPOINT/tls/worker-key.pem -o $DEST/worker-key.pem
|
||||
curl $CERT_ENDPOINT/tls/ca.pem -o $DEST/ca.pem
|
||||
}
|
||||
|
||||
function init_templates {
|
||||
local TEMPLATE=/etc/systemd/system/kubelet.service
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
|
||||
Environment=KUBELET_VERSION=${K8S_VER}
|
||||
ExecStart=/usr/lib/coreos/kubelet-wrapper \
|
||||
--api_servers=${CONTROLLER_ENDPOINT} \
|
||||
--register-node=true \
|
||||
--allow-privileged=true \
|
||||
--config=/etc/kubernetes/manifests \
|
||||
--hostname-override=${ADVERTISE_IP} \
|
||||
--cluster_dns=${DNS_SERVICE_IP} \
|
||||
--cluster_domain=cluster.local \
|
||||
--kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml \
|
||||
--tls-cert-file=/etc/kubernetes/ssl/worker.pem \
|
||||
--tls-private-key-file=/etc/kubernetes/ssl/worker-key.pem
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/kubernetes/worker-kubeconfig.yaml
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- name: local
|
||||
cluster:
|
||||
certificate-authority: /etc/kubernetes/ssl/ca.pem
|
||||
users:
|
||||
- name: kubelet
|
||||
user:
|
||||
client-certificate: /etc/kubernetes/ssl/worker.pem
|
||||
client-key: /etc/kubernetes/ssl/worker-key.pem
|
||||
contexts:
|
||||
- context:
|
||||
cluster: local
|
||||
user: kubelet
|
||||
name: kubelet-context
|
||||
current-context: kubelet-context
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-proxy
|
||||
image: quay.io/coreos/hyperkube:$K8S_VER
|
||||
command:
|
||||
- /hyperkube
|
||||
- proxy
|
||||
- --master=${CONTROLLER_ENDPOINT}
|
||||
- --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
|
||||
- --proxy-mode=iptables
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: "ssl-certs"
|
||||
- mountPath: /etc/kubernetes/worker-kubeconfig.yaml
|
||||
name: "kubeconfig"
|
||||
readOnly: true
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: "etc-kube-ssl"
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: "ssl-certs"
|
||||
hostPath:
|
||||
path: "/usr/share/ca-certificates"
|
||||
- name: "kubeconfig"
|
||||
hostPath:
|
||||
path: "/etc/kubernetes/worker-kubeconfig.yaml"
|
||||
- name: "etc-kube-ssl"
|
||||
hostPath:
|
||||
path: "/etc/kubernetes/ssl"
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/flannel/options.env
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
FLANNELD_IFACE=$ADVERTISE_IP
|
||||
FLANNELD_ETCD_ENDPOINTS=$ETCD_ENDPOINTS
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf.conf
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env
|
||||
EOF
|
||||
}
|
||||
|
||||
local TEMPLATE=/etc/systemd/system/docker.service.d/40-flannel.conf
|
||||
[ -f $TEMPLATE ] || {
|
||||
echo "TEMPLATE: $TEMPLATE"
|
||||
mkdir -p $(dirname $TEMPLATE)
|
||||
cat << EOF > $TEMPLATE
|
||||
[Unit]
|
||||
Requires=flanneld.service
|
||||
After=flanneld.service
|
||||
EOF
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
init_config
|
||||
get_certs
|
||||
init_templates
|
||||
|
||||
{{if .autoupdate}}{{else}}systemctl stop update-engine; systemctl mask update-engine{{end}}
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable kubelet; systemctl start kubelet
|
||||
|
||||
echo "done" > /home/core/worker
|
||||
@@ -11,8 +11,7 @@ systemd:
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/curl {{.ignition_endpoint}}?{{.query}}&os=installed -o ignition.json
|
||||
ExecStart=/usr/bin/curl {{.cloud_endpoint}}?{{.query}}&os=installed -o cloud
|
||||
ExecStart=/usr/bin/coreos-install -d /dev/sda -C {{.coreos_channel}} -V {{.coreos_version}} -i ignition.json {{if .cloud_endpoint}}-c cloud{{end}}
|
||||
ExecStart=/usr/bin/coreos-install -d /dev/sda -C {{.coreos_channel}} -V {{.coreos_version}} -i ignition.json
|
||||
ExecStart=/usr/bin/udevadm settle
|
||||
ExecStart=/usr/bin/systemctl reboot
|
||||
[Install]
|
||||
|
||||
28
examples/ignition/install-shutdown.yaml
Normal file
28
examples/ignition/install-shutdown.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
---
|
||||
ignition_version: 1
|
||||
systemd:
|
||||
units:
|
||||
- name: install.service
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Requires=network-online.target
|
||||
After=network-online.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/curl {{.ignition_endpoint}}?{{.query}}&os=installed -o ignition.json
|
||||
ExecStart=/usr/bin/coreos-install -d /dev/sda -C {{.coreos_channel}} -V {{.coreos_version}} -i ignition.json
|
||||
ExecStart=/usr/bin/udevadm settle
|
||||
ExecStart=/usr/bin/systemctl poweroff
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
{{ if .ssh_authorized_keys }}
|
||||
passwd:
|
||||
users:
|
||||
- name: core
|
||||
ssh_authorized_keys:
|
||||
{{ range $element := .ssh_authorized_keys }}
|
||||
- {{$element}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
554
examples/ignition/k8s-master.yaml
Normal file
554
examples/ignition/k8s-master.yaml
Normal file
@@ -0,0 +1,554 @@
|
||||
---
|
||||
ignition_version: 1
|
||||
systemd:
|
||||
units:
|
||||
- name: etcd2.service
|
||||
enable: true
|
||||
dropins:
|
||||
- name: 40-etcd-cluster.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment="ETCD_NAME={{.etcd_name}}"
|
||||
Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.ipv4_address}}:2379"
|
||||
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=http://{{.ipv4_address}}:2380"
|
||||
Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379"
|
||||
Environment="ETCD_LISTEN_PEER_URLS=http://{{.ipv4_address}}:2380"
|
||||
Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}"
|
||||
- name: fleet.service
|
||||
enable: true
|
||||
dropins:
|
||||
- name: 40-fleet-metadata.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment="FLEET_METADATA={{.fleet_metadata}}"
|
||||
- name: flanneld.service
|
||||
dropins:
|
||||
- name: 40-ExecStartPre-symlink.conf
|
||||
contents: |
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env
|
||||
ExecStartPre=/opt/init-flannel
|
||||
- name: docker.service
|
||||
dropins:
|
||||
- name: 40-flannel.conf
|
||||
contents: |
|
||||
[Unit]
|
||||
Requires=flanneld.service
|
||||
After=flanneld.service
|
||||
- name: k8s-certs@.service
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Fetch Kubernetes certificate assets
|
||||
Requires=network-online.target
|
||||
After=network-online.target
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl
|
||||
ExecStart=/usr/bin/bash -c "[ -f {{.k8s_cert_endpoint}}/tls/%i ] || curl {{.k8s_cert_endpoint}}/tls/%i -o /etc/kubernetes/ssl/%i"
|
||||
- name: k8s-assets.target
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Load Kubernetes Assets
|
||||
Requires=k8s-certs@apiserver.pem.service
|
||||
After=k8s-certs@apiserver.pem.service
|
||||
Requires=k8s-certs@apiserver-key.pem.service
|
||||
After=k8s-certs@apiserver-key.pem.service
|
||||
Requires=k8s-certs@ca.pem.service
|
||||
After=k8s-certs@ca.pem.service
|
||||
- name: kubelet.service
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Kubelet via Hyperkube ACI
|
||||
Requires=flanneld.service
|
||||
After=flanneld.service
|
||||
Requires=k8s-assets.target
|
||||
After=k8s-assets.target
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
|
||||
Environment=KUBELET_VERSION={{.k8s_version}}
|
||||
ExecStart=/usr/lib/coreos/kubelet-wrapper \
|
||||
--api_servers=http://127.0.0.1:8080 \
|
||||
--register-node=false \
|
||||
--allow-privileged=true \
|
||||
--config=/etc/kubernetes/manifests \
|
||||
--hostname-override={{.ipv4_address}} \
|
||||
--cluster_dns={{.k8s_dns_service_ip}} \
|
||||
--cluster_domain=cluster.local
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
- name: k8s-addons.service
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Start Kubernetes DNS Controller and Service
|
||||
Requires=kubelet.service
|
||||
After=kubelet.service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/opt/k8s-addons
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
storage:
|
||||
{{ if .pxe }}
|
||||
disks:
|
||||
- device: /dev/sda
|
||||
wipe_table: true
|
||||
partitions:
|
||||
- label: ROOT
|
||||
filesystems:
|
||||
- device: "/dev/sda1"
|
||||
format: "ext4"
|
||||
create:
|
||||
force: true
|
||||
options:
|
||||
- "-LROOT"
|
||||
{{else}}
|
||||
filesystems:
|
||||
- device: "/dev/disk/by-label/ROOT"
|
||||
format: "ext4"
|
||||
{{end}}
|
||||
files:
|
||||
- path: /etc/kubernetes/manifests/kube-proxy.yaml
|
||||
contents: |
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-proxy
|
||||
image: quay.io/coreos/hyperkube:{{.k8s_version}}
|
||||
command:
|
||||
- /hyperkube
|
||||
- proxy
|
||||
- --master=http://127.0.0.1:8080
|
||||
- --proxy-mode=iptables
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
name: ssl-certs-host
|
||||
- path: /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
contents: |
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-apiserver
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-apiserver
|
||||
image: quay.io/coreos/hyperkube:{{.k8s_version}}
|
||||
command:
|
||||
- /hyperkube
|
||||
- apiserver
|
||||
- --bind-address=0.0.0.0
|
||||
- --etcd-servers={{.k8s_etcd_endpoints}}
|
||||
- --allow-privileged=true
|
||||
- --service-cluster-ip-range={{.k8s_service_ip_range}}
|
||||
- --secure-port=443
|
||||
- --advertise-address={{.ipv4_address}}
|
||||
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
|
||||
- --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
|
||||
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
|
||||
- --client-ca-file=/etc/kubernetes/ssl/ca.pem
|
||||
- --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
|
||||
ports:
|
||||
- containerPort: 443
|
||||
hostPort: 443
|
||||
name: https
|
||||
- containerPort: 8080
|
||||
hostPort: 8080
|
||||
name: local
|
||||
volumeMounts:
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
readOnly: true
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
name: ssl-certs-host
|
||||
- path: /etc/kubernetes/manifests/kube-podmaster.yaml
|
||||
contents: |
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-podmaster
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: scheduler-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers={{.k8s_etcd_endpoints}}
|
||||
- --key=scheduler
|
||||
- --whoami={{.ipv4_address}}
|
||||
- --source-file=/src/manifests/kube-scheduler.yaml
|
||||
- --dest-file=/dst/manifests/kube-scheduler.yaml
|
||||
volumeMounts:
|
||||
- mountPath: /src/manifests
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: /dst/manifests
|
||||
name: manifest-dst
|
||||
- name: controller-manager-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers={{.k8s_etcd_endpoints}}
|
||||
- --key=controller
|
||||
- --whoami={{.ipv4_address}}
|
||||
- --source-file=/src/manifests/kube-controller-manager.yaml
|
||||
- --dest-file=/dst/manifests/kube-controller-manager.yaml
|
||||
terminationMessagePath: /dev/termination-log
|
||||
volumeMounts:
|
||||
- mountPath: /src/manifests
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: /dst/manifests
|
||||
name: manifest-dst
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /srv/kubernetes/manifests
|
||||
name: manifest-src
|
||||
- hostPath:
|
||||
path: /etc/kubernetes/manifests
|
||||
name: manifest-dst
|
||||
- path: /etc/flannel/options.env
|
||||
contents: |
|
||||
FLANNELD_IFACE={{.ipv4_address}}
|
||||
FLANNELD_ETCD_ENDPOINTS={{.k8s_etcd_endpoints}}
|
||||
- path: /srv/kubernetes/manifests/kube-controller-manager.yaml
|
||||
contents: |
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-controller-manager
|
||||
namespace: kube-system
|
||||
spec:
|
||||
containers:
|
||||
- name: kube-controller-manager
|
||||
image: quay.io/coreos/hyperkube:{{.k8s_version}}
|
||||
command:
|
||||
- /hyperkube
|
||||
- controller-manager
|
||||
- --master=http://127.0.0.1:8080
|
||||
- --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
|
||||
- --root-ca-file=/etc/kubernetes/ssl/ca.pem
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
path: /healthz
|
||||
port: 10252
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
readOnly: true
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
hostNetwork: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/kubernetes/ssl
|
||||
name: ssl-certs-kubernetes
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
name: ssl-certs-host
|
||||
- path: /srv/kubernetes/manifests/kube-scheduler.yaml
|
||||
contents: |
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-scheduler
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-scheduler
|
||||
image: quay.io/coreos/hyperkube:{{.k8s_version}}
|
||||
command:
|
||||
- /hyperkube
|
||||
- scheduler
|
||||
- --master=http://127.0.0.1:8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
path: /healthz
|
||||
port: 10251
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 1
|
||||
- path: /srv/kubernetes/manifests/kube-dns-rc.json
|
||||
contents: |
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "ReplicationController",
|
||||
"metadata": {
|
||||
"labels": {
|
||||
"k8s-app": "kube-dns",
|
||||
"kubernetes.io/cluster-service": "true",
|
||||
"version": "v9"
|
||||
},
|
||||
"name": "kube-dns-v9",
|
||||
"namespace": "kube-system"
|
||||
},
|
||||
"spec": {
|
||||
"replicas": 1,
|
||||
"selector": {
|
||||
"k8s-app": "kube-dns",
|
||||
"version": "v9"
|
||||
},
|
||||
"template": {
|
||||
"metadata": {
|
||||
"labels": {
|
||||
"k8s-app": "kube-dns",
|
||||
"kubernetes.io/cluster-service": "true",
|
||||
"version": "v9"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"containers": [
|
||||
{
|
||||
"command": [
|
||||
"/usr/local/bin/etcd",
|
||||
"-data-dir",
|
||||
"/var/etcd/data",
|
||||
"-listen-client-urls",
|
||||
"http://127.0.0.1:2379,http://127.0.0.1:4001",
|
||||
"-advertise-client-urls",
|
||||
"http://127.0.0.1:2379,http://127.0.0.1:4001",
|
||||
"-initial-cluster-token",
|
||||
"skydns-etcd"
|
||||
],
|
||||
"image": "gcr.io/google_containers/etcd:2.0.9",
|
||||
"name": "etcd",
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "100m",
|
||||
"memory": "50Mi"
|
||||
}
|
||||
},
|
||||
"volumeMounts": [
|
||||
{
|
||||
"mountPath": "/var/etcd/data",
|
||||
"name": "etcd-storage"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"args": [
|
||||
"-domain=cluster.local"
|
||||
],
|
||||
"image": "gcr.io/google_containers/kube2sky:1.11",
|
||||
"name": "kube2sky",
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "100m",
|
||||
"memory": "50Mi"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"args": [
|
||||
"-machines=http://127.0.0.1:4001",
|
||||
"-addr=0.0.0.0:53",
|
||||
"-ns-rotate=false",
|
||||
"-domain=cluster.local."
|
||||
],
|
||||
"image": "gcr.io/google_containers/skydns:2015-10-13-8c72f8c",
|
||||
"livenessProbe": {
|
||||
"httpGet": {
|
||||
"path": "/healthz",
|
||||
"port": 8080,
|
||||
"scheme": "HTTP"
|
||||
},
|
||||
"initialDelaySeconds": 30,
|
||||
"timeoutSeconds": 5
|
||||
},
|
||||
"name": "skydns",
|
||||
"ports": [
|
||||
{
|
||||
"containerPort": 53,
|
||||
"name": "dns",
|
||||
"protocol": "UDP"
|
||||
},
|
||||
{
|
||||
"containerPort": 53,
|
||||
"name": "dns-tcp",
|
||||
"protocol": "TCP"
|
||||
}
|
||||
],
|
||||
"readinessProbe": {
|
||||
"httpGet": {
|
||||
"path": "/healthz",
|
||||
"port": 8080,
|
||||
"scheme": "HTTP"
|
||||
},
|
||||
"initialDelaySeconds": 1,
|
||||
"timeoutSeconds": 5
|
||||
},
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "100m",
|
||||
"memory": "50Mi"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"args": [
|
||||
"-cmd=nslookup kubernetes.default.svc.cluster.local localhost >/dev/null",
|
||||
"-port=8080"
|
||||
],
|
||||
"image": "gcr.io/google_containers/exechealthz:1.0",
|
||||
"name": "healthz",
|
||||
"ports": [
|
||||
{
|
||||
"containerPort": 8080,
|
||||
"protocol": "TCP"
|
||||
}
|
||||
],
|
||||
"resources": {
|
||||
"limits": {
|
||||
"cpu": "10m",
|
||||
"memory": "20Mi"
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"dnsPolicy": "Default",
|
||||
"volumes": [
|
||||
{
|
||||
"emptyDir": {},
|
||||
"name": "etcd-storage"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
- path: /srv/kubernetes/manifests/kube-dns-svc.json
|
||||
contents: |
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Service",
|
||||
"metadata": {
|
||||
"name": "kube-dns",
|
||||
"namespace": "kube-system",
|
||||
"labels": {
|
||||
"k8s-app": "kube-dns",
|
||||
"kubernetes.io/name": "KubeDNS",
|
||||
"kubernetes.io/cluster-service": "true"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"clusterIP": "{{.k8s_dns_service_ip}}",
|
||||
"ports": [
|
||||
{
|
||||
"protocol": "UDP",
|
||||
"name": "dns",
|
||||
"port": 53
|
||||
},
|
||||
{
|
||||
"protocol": "TCP",
|
||||
"name": "dns-tcp",
|
||||
"port": 53
|
||||
}
|
||||
],
|
||||
"selector": {
|
||||
"k8s-app": "kube-dns"
|
||||
}
|
||||
}
|
||||
}
|
||||
- path: /srv/kubernetes/manifests/kube-system.json
|
||||
contents: |
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Namespace",
|
||||
"metadata": {
|
||||
"name": "kube-system"
|
||||
}
|
||||
}
|
||||
- path: /opt/init-flannel
|
||||
mode: 0544
|
||||
contents: |
|
||||
#!/bin/bash
|
||||
function init_flannel {
|
||||
echo "Waiting for etcd..."
|
||||
while true
|
||||
do
|
||||
IFS=',' read -ra ES <<< "{{.k8s_etcd_endpoints}}"
|
||||
for ETCD in "${ES[@]}"; do
|
||||
echo "Trying: $ETCD"
|
||||
if [ -n "$(curl --silent "$ETCD/v2/machines")" ]; then
|
||||
local ACTIVE_ETCD=$ETCD
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
if [ -n "$ACTIVE_ETCD" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
RES=$(curl --silent -X PUT -d "value={\"Network\":\"{{.k8s_pod_network}}\",\"Backend\":{\"Type\":\"vxlan\"}}" "$ACTIVE_ETCD/v2/keys/coreos.com/network/config?prevExist=false")
|
||||
if [ -z "$(echo $RES | grep '"action":"create"')" ] && [ -z "$(echo $RES | grep 'Key already exists')" ]; then
|
||||
echo "Unexpected error configuring flannel pod network: $RES"
|
||||
fi
|
||||
}
|
||||
init_flannel
|
||||
- path: /opt/k8s-addons
|
||||
mode: 0544
|
||||
contents: |
|
||||
#!/bin/bash
|
||||
echo "Waiting for Kubernetes API..."
|
||||
until curl --silent "http://127.0.0.1:8080/version"
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
echo "K8S: kube-system namespace"
|
||||
curl --silent -XPOST -d"$(cat /srv/kubernetes/manifests/kube-system.json)" "http://127.0.0.1:8080/api/v1/namespaces" > /dev/null
|
||||
echo "K8S: DNS addon"
|
||||
curl --silent -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-rc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/replicationcontrollers" > /dev/null
|
||||
curl --silent -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-svc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" > /dev/null
|
||||
|
||||
networkd:
|
||||
units:
|
||||
- name: 00-{{.networkd_name}}.network
|
||||
contents: |
|
||||
[Match]
|
||||
Name={{.networkd_name}}
|
||||
[Network]
|
||||
Gateway={{.networkd_gateway}}
|
||||
DNS={{.networkd_dns}}
|
||||
DNS=8.8.8.8
|
||||
Address={{.networkd_address}}
|
||||
|
||||
{{ if .ssh_authorized_keys }}
|
||||
passwd:
|
||||
users:
|
||||
- name: core
|
||||
ssh_authorized_keys:
|
||||
{{ range $element := .ssh_authorized_keys }}
|
||||
- {{$element}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
185
examples/ignition/k8s-worker.yaml
Normal file
185
examples/ignition/k8s-worker.yaml
Normal file
@@ -0,0 +1,185 @@
|
||||
---
|
||||
ignition_version: 1
|
||||
systemd:
|
||||
units:
|
||||
- name: etcd2.service
|
||||
enable: true
|
||||
dropins:
|
||||
- name: 40-etcd-cluster.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment="ETCD_NAME={{.etcd_name}}"
|
||||
Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.ipv4_address}}:2379"
|
||||
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=http://{{.ipv4_address}}:2380"
|
||||
Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379"
|
||||
Environment="ETCD_LISTEN_PEER_URLS=http://{{.ipv4_address}}:2380"
|
||||
Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}"
|
||||
- name: fleet.service
|
||||
enable: true
|
||||
dropins:
|
||||
- name: 40-fleet-metadata.conf
|
||||
contents: |
|
||||
[Service]
|
||||
Environment="FLEET_METADATA={{.fleet_metadata}}"
|
||||
- name: flanneld.service
|
||||
dropins:
|
||||
- name: 40-ExecStartPre-symlink.conf
|
||||
contents: |
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env
|
||||
- name: docker.service
|
||||
dropins:
|
||||
- name: 40-flannel.conf
|
||||
contents: |
|
||||
[Unit]
|
||||
Requires=flanneld.service
|
||||
After=flanneld.service
|
||||
- name: k8s-certs@.service
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Fetch Kubernetes certificate assets
|
||||
Requires=network-online.target
|
||||
After=network-online.target
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl
|
||||
ExecStart=/usr/bin/bash -c "[ -f {{.k8s_cert_endpoint}}/tls/%i ] || curl {{.k8s_cert_endpoint}}/tls/%i -o /etc/kubernetes/ssl/%i"
|
||||
- name: k8s-assets.target
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Load Kubernetes Assets
|
||||
Requires=k8s-certs@worker.pem.service
|
||||
After=k8s-certs@worker.pem.service
|
||||
Requires=k8s-certs@worker-key.pem.service
|
||||
After=k8s-certs@worker-key.pem.service
|
||||
Requires=k8s-certs@ca.pem.service
|
||||
After=k8s-certs@ca.pem.service
|
||||
- name: kubelet.service
|
||||
enable: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Kubelet via Hyperkube ACI
|
||||
Requires=k8s-assets.target
|
||||
After=k8s-assets.target
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
|
||||
Environment=KUBELET_VERSION={{.k8s_version}}
|
||||
ExecStart=/usr/lib/coreos/kubelet-wrapper \
|
||||
--api_servers={{.k8s_controller_endpoint}} \
|
||||
--register-node=true \
|
||||
--allow-privileged=true \
|
||||
--config=/etc/kubernetes/manifests \
|
||||
--hostname-override={{.ipv4_address}} \
|
||||
--cluster_dns={{.k8s_dns_service_ip}} \
|
||||
--cluster_domain=cluster.local \
|
||||
--kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml \
|
||||
--tls-cert-file=/etc/kubernetes/ssl/worker.pem \
|
||||
--tls-private-key-file=/etc/kubernetes/ssl/worker-key.pem
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
storage:
|
||||
{{ if .pxe }}
|
||||
disks:
|
||||
- device: /dev/sda
|
||||
wipe_table: true
|
||||
partitions:
|
||||
- label: ROOT
|
||||
filesystems:
|
||||
- device: "/dev/sda1"
|
||||
format: "ext4"
|
||||
create:
|
||||
force: true
|
||||
options:
|
||||
- "-LROOT"
|
||||
{{else}}
|
||||
filesystems:
|
||||
- device: "/dev/disk/by-label/ROOT"
|
||||
format: "ext4"
|
||||
{{end}}
|
||||
files:
|
||||
- path: /etc/kubernetes/worker-kubeconfig.yaml
|
||||
contents: |
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- name: local
|
||||
cluster:
|
||||
certificate-authority: /etc/kubernetes/ssl/ca.pem
|
||||
users:
|
||||
- name: kubelet
|
||||
user:
|
||||
client-certificate: /etc/kubernetes/ssl/worker.pem
|
||||
client-key: /etc/kubernetes/ssl/worker-key.pem
|
||||
contexts:
|
||||
- context:
|
||||
cluster: local
|
||||
user: kubelet
|
||||
name: kubelet-context
|
||||
current-context: kubelet-context
|
||||
- path: /etc/kubernetes/manifests/kube-proxy.yaml
|
||||
contents: |
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-proxy
|
||||
image: quay.io/coreos/hyperkube:{{.k8s_version}}
|
||||
command:
|
||||
- /hyperkube
|
||||
- proxy
|
||||
- --master={{.k8s_controller_endpoint}}
|
||||
- --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
|
||||
- --proxy-mode=iptables
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: "ssl-certs"
|
||||
- mountPath: /etc/kubernetes/worker-kubeconfig.yaml
|
||||
name: "kubeconfig"
|
||||
readOnly: true
|
||||
- mountPath: /etc/kubernetes/ssl
|
||||
name: "etc-kube-ssl"
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: "ssl-certs"
|
||||
hostPath:
|
||||
path: "/usr/share/ca-certificates"
|
||||
- name: "kubeconfig"
|
||||
hostPath:
|
||||
path: "/etc/kubernetes/worker-kubeconfig.yaml"
|
||||
- name: "etc-kube-ssl"
|
||||
hostPath:
|
||||
path: "/etc/kubernetes/ssl"
|
||||
- path: /etc/flannel/options.env
|
||||
contents: |
|
||||
FLANNELD_IFACE={{.ipv4_address}}
|
||||
FLANNELD_ETCD_ENDPOINTS={{.k8s_etcd_endpoints}}
|
||||
|
||||
networkd:
|
||||
units:
|
||||
- name: 00-{{.networkd_name}}.network
|
||||
contents: |
|
||||
[Match]
|
||||
Name={{.networkd_name}}
|
||||
[Network]
|
||||
Gateway={{.networkd_gateway}}
|
||||
DNS={{.networkd_dns}}
|
||||
DNS=8.8.8.8
|
||||
Address={{.networkd_address}}
|
||||
|
||||
{{ if .ssh_authorized_keys }}
|
||||
passwd:
|
||||
users:
|
||||
- name: core
|
||||
ssh_authorized_keys:
|
||||
{{ range $element := .ssh_authorized_keys }}
|
||||
- {{$element}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
@@ -2,15 +2,17 @@
|
||||
api_version: v1alpha1
|
||||
groups:
|
||||
- name: Master Node
|
||||
profile: kubernetes-master
|
||||
profile: k8s-master
|
||||
require:
|
||||
uuid: 16e7d8a7-bfa9-428b-9117-363341bb330b
|
||||
metadata:
|
||||
ipv4_address: 172.17.0.21
|
||||
pxe: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.17.0.1
|
||||
networkd_dns: 172.17.0.3
|
||||
networkd_address: 172.17.0.21/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.17.0.21:2379,http://172.17.0.22:2379,http://172.17.0.23:2379"
|
||||
k8s_pod_network: 10.2.0.0/16
|
||||
k8s_service_ip_range: 10.3.0.0/24
|
||||
@@ -22,15 +24,17 @@ groups:
|
||||
etcd_initial_cluster: "node1=http://172.17.0.21:2380,node2=http://172.17.0.22:2380,node3=http://172.17.0.23:2380"
|
||||
|
||||
- name: Worker 1
|
||||
profile: kubernetes-worker
|
||||
profile: k8s-worker
|
||||
require:
|
||||
uuid: 264cd073-ca62-44b3-98c0-50aad5b5f819
|
||||
metadata:
|
||||
ipv4_address: 172.17.0.22
|
||||
pxe: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.17.0.1
|
||||
networkd_dns: 172.17.0.3
|
||||
networkd_address: 172.17.0.22/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.17.0.21:2379,http://172.17.0.22:2379,http://172.17.0.23:2379"
|
||||
k8s_controller_endpoint: https://172.17.0.21
|
||||
k8s_dns_service_ip: 10.3.0.1
|
||||
@@ -40,15 +44,17 @@ groups:
|
||||
etcd_initial_cluster: "node1=http://172.17.0.21:2380,node2=http://172.17.0.22:2380,node3=http://172.17.0.23:2380"
|
||||
|
||||
- name: Worker 2
|
||||
profile: kubernetes-worker
|
||||
profile: k8s-worker
|
||||
require:
|
||||
uuid: 39d2e747-2648-4d68-ae92-bbc70b245055
|
||||
metadata:
|
||||
ipv4_address: 172.17.0.23
|
||||
pxe: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.17.0.1
|
||||
networkd_dns: 172.17.0.3
|
||||
networkd_address: 172.17.0.23/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.17.0.21:2379,http://172.17.0.22:2379,http://172.17.0.23:2379"
|
||||
k8s_controller_endpoint: https://172.17.0.21
|
||||
k8s_dns_service_ip: 10.3.0.1
|
||||
|
||||
@@ -7,7 +7,6 @@ groups:
|
||||
coreos_channel: alpha
|
||||
coreos_version: 983.0.0
|
||||
ignition_endpoint: http://bootcfg.foo:8080/ignition
|
||||
cloud_endpoint: http://bootcfg.foo:8080/cloud
|
||||
|
||||
- name: Master Node
|
||||
profile: k8s-master-install
|
||||
@@ -16,11 +15,11 @@ groups:
|
||||
os: installed
|
||||
metadata:
|
||||
ipv4_address: 172.15.0.21
|
||||
autoupdate: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.15.0.1
|
||||
networkd_dns: 172.15.0.3
|
||||
networkd_address: 172.15.0.21/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.15.0.21:2379,http://172.15.0.22:2379,http://172.15.0.23:2379"
|
||||
k8s_pod_network: 10.2.0.0/16
|
||||
k8s_service_ip_range: 10.3.0.0/24
|
||||
@@ -39,11 +38,11 @@ groups:
|
||||
os: installed
|
||||
metadata:
|
||||
ipv4_address: 172.15.0.22
|
||||
autoupdate: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.15.0.1
|
||||
networkd_dns: 172.15.0.3
|
||||
networkd_address: 172.15.0.22/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.15.0.21:2379,http://172.15.0.22:2379,http://172.15.0.23:2379"
|
||||
k8s_controller_endpoint: https://172.15.0.21
|
||||
k8s_dns_service_ip: 10.3.0.1
|
||||
@@ -60,11 +59,11 @@ groups:
|
||||
os: installed
|
||||
metadata:
|
||||
ipv4_address: 172.15.0.23
|
||||
autoupdate: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.15.0.1
|
||||
networkd_dns: 172.15.0.3
|
||||
networkd_address: 172.15.0.23/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.15.0.21:2379,http://172.15.0.22:2379,http://172.15.0.23:2379"
|
||||
k8s_controller_endpoint: https://172.15.0.21
|
||||
k8s_dns_service_ip: 10.3.0.1
|
||||
@@ -72,4 +71,4 @@ groups:
|
||||
fleet_metadata: "role=etcd,name=node3"
|
||||
etcd_name: node3
|
||||
etcd_initial_cluster: "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380"
|
||||
ssh_authorized_keys:
|
||||
ssh_authorized_keys:
|
||||
|
||||
@@ -2,15 +2,17 @@
|
||||
api_version: v1alpha1
|
||||
groups:
|
||||
- name: Master Node
|
||||
profile: kubernetes-master
|
||||
profile: k8s-master
|
||||
require:
|
||||
uuid: 16e7d8a7-bfa9-428b-9117-363341bb330b
|
||||
metadata:
|
||||
ipv4_address: 172.15.0.21
|
||||
pxe: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.15.0.1
|
||||
networkd_dns: 172.15.0.3
|
||||
networkd_address: 172.15.0.21/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.15.0.21:2379,http://172.15.0.22:2379,http://172.15.0.23:2379"
|
||||
k8s_pod_network: 10.2.0.0/16
|
||||
k8s_service_ip_range: 10.3.0.0/24
|
||||
@@ -23,15 +25,17 @@ groups:
|
||||
ssh_authorized_keys:
|
||||
|
||||
- name: Worker 1
|
||||
profile: kubernetes-worker
|
||||
profile: k8s-worker
|
||||
require:
|
||||
uuid: 264cd073-ca62-44b3-98c0-50aad5b5f819
|
||||
metadata:
|
||||
ipv4_address: 172.15.0.22
|
||||
pxe: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.15.0.1
|
||||
networkd_dns: 172.15.0.3
|
||||
networkd_address: 172.15.0.22/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.15.0.21:2379,http://172.15.0.22:2379,http://172.15.0.23:2379"
|
||||
k8s_controller_endpoint: https://172.15.0.21
|
||||
k8s_dns_service_ip: 10.3.0.1
|
||||
@@ -42,15 +46,17 @@ groups:
|
||||
ssh_authorized_keys:
|
||||
|
||||
- name: Worker 2
|
||||
profile: kubernetes-worker
|
||||
profile: k8s-worker
|
||||
require:
|
||||
uuid: 39d2e747-2648-4d68-ae92-bbc70b245055
|
||||
metadata:
|
||||
ipv4_address: 172.15.0.23
|
||||
pxe: "true"
|
||||
networkd_name: ens3
|
||||
networkd_gateway: 172.15.0.1
|
||||
networkd_dns: 172.15.0.3
|
||||
networkd_address: 172.15.0.23/16
|
||||
k8s_version: v1.1.8_coreos.0
|
||||
k8s_etcd_endpoints: "http://172.15.0.21:2379,http://172.15.0.22:2379,http://172.15.0.23:2379"
|
||||
k8s_controller_endpoint: https://172.15.0.21
|
||||
k8s_dns_service_ip: 10.3.0.1
|
||||
|
||||
15
examples/profiles/install-shutdown/profile.json
Normal file
15
examples/profiles/install-shutdown/profile.json
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"id": "install-shutdown",
|
||||
"name": "Install CoreOS and Shutdown",
|
||||
"boot": {
|
||||
"kernel": "/assets/coreos/983.0.0/coreos_production_pxe.vmlinuz",
|
||||
"initrd": ["/assets/coreos/983.0.0/coreos_production_pxe_image.cpio.gz"],
|
||||
"cmdline": {
|
||||
"coreos.config.url": "http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.autologin": "",
|
||||
"coreos.first_boot": ""
|
||||
}
|
||||
},
|
||||
"cloud_id": "",
|
||||
"ignition_id": "install-shutdown.yaml"
|
||||
}
|
||||
@@ -1,15 +1,14 @@
|
||||
{
|
||||
"id": "kubernetes-master",
|
||||
"id": "k8s-master-install",
|
||||
"boot": {
|
||||
"kernel": "/assets/coreos/983.0.0/coreos_production_pxe.vmlinuz",
|
||||
"initrd": ["/assets/coreos/983.0.0/coreos_production_pxe_image.cpio.gz"],
|
||||
"cmdline": {
|
||||
"cloud-config-url": "http://bootcfg.foo:8080/cloud?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.config.url": "http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.autologin": "",
|
||||
"coreos.first_boot": ""
|
||||
}
|
||||
},
|
||||
"cloud_id": "kubernetes-master.sh",
|
||||
"ignition_id": "etcd.yaml"
|
||||
"cloud_id": "",
|
||||
"ignition_id": "k8s-master.yaml"
|
||||
}
|
||||
|
||||
@@ -1,16 +1,15 @@
|
||||
{
|
||||
"id": "kubernetes-master",
|
||||
"id": "k8s-master",
|
||||
"boot": {
|
||||
"kernel": "/assets/coreos/983.0.0/coreos_production_pxe.vmlinuz",
|
||||
"initrd": ["/assets/coreos/983.0.0/coreos_production_pxe_image.cpio.gz"],
|
||||
"cmdline": {
|
||||
"root": "/dev/sda1",
|
||||
"cloud-config-url": "http://bootcfg.foo:8080/cloud?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.config.url": "http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.autologin": "",
|
||||
"coreos.first_boot": ""
|
||||
}
|
||||
},
|
||||
"cloud_id": "kubernetes-master.sh",
|
||||
"ignition_id": "etcd-root-fs.yaml"
|
||||
"cloud_id": "",
|
||||
"ignition_id": "k8s-master.yaml"
|
||||
}
|
||||
@@ -1,15 +1,14 @@
|
||||
{
|
||||
"id": "kubernetes-worker",
|
||||
"id": "k8s-worker-install",
|
||||
"boot": {
|
||||
"kernel": "/assets/coreos/983.0.0/coreos_production_pxe.vmlinuz",
|
||||
"initrd": ["/assets/coreos/983.0.0/coreos_production_pxe_image.cpio.gz"],
|
||||
"cmdline": {
|
||||
"cloud-config-url": "http://bootcfg.foo:8080/cloud?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.config.url": "http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.autologin": "",
|
||||
"coreos.first_boot": ""
|
||||
}
|
||||
},
|
||||
"cloud_id": "kubernetes-worker.sh",
|
||||
"ignition_id": "etcd.yaml"
|
||||
"cloud_id": "",
|
||||
"ignition_id": "k8s-worker.yaml"
|
||||
}
|
||||
|
||||
@@ -1,16 +1,15 @@
|
||||
{
|
||||
"id": "kubernetes-worker",
|
||||
"id": "k8s-worker",
|
||||
"boot": {
|
||||
"kernel": "/assets/coreos/983.0.0/coreos_production_pxe.vmlinuz",
|
||||
"initrd": ["/assets/coreos/983.0.0/coreos_production_pxe_image.cpio.gz"],
|
||||
"cmdline": {
|
||||
"root": "/dev/sda1",
|
||||
"cloud-config-url": "http://bootcfg.foo:8080/cloud?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.config.url": "http://bootcfg.foo:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
|
||||
"coreos.autologin": "",
|
||||
"coreos.first_boot": ""
|
||||
}
|
||||
},
|
||||
"cloud_id": "kubernetes-worker.sh",
|
||||
"ignition_id": "etcd-root-fs.yaml"
|
||||
"cloud_id": "",
|
||||
"ignition_id": "k8s-worker.yaml"
|
||||
}
|
||||
Reference in New Issue
Block a user