scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor hyperkube, remove unnecessary packages, optimize layers, bump cni version, add new features, run kube-proxy in a daemonset

Browse Source
This commit is contained in:
Lucas Käldström
2016-08-25 01:24:05 +03:00
parent c958d3d4fd
commit d711fd8764
12 changed files with 197 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
cluster/images/hyperkube/Dockerfile
View File

@@ -24,10 +24,8 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
ethtool \
ca-certificates \
conntrack \
file \
util-linux \
socat \
curl \
git \
nfs-common \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
@@ -40,34 +38,28 @@ RUN cp /usr/bin/nsenter /nsenter
COPY hyperkube /hyperkube
# Manifests for the docker guide
COPY static-pods/master.json /etc/kubernetes/manifests/
COPY static-pods/etcd.json /etc/kubernetes/manifests/
COPY static-pods/addon-manager.json /etc/kubernetes/manifests/
# TODO: Move out kube-proxy to a DaemonSet again
COPY static-pods/kube-proxy.json /etc/kubernetes/manifests/
COPY static-pods/master.json \
static-pods/etcd.json \
static-pods/addon-manager-singlenode.json \
static-pods/kube-proxy.json \
/etc/kubernetes/manifests/
# Manifests for the docker-multinode guide
COPY static-pods/master-multi.json /etc/kubernetes/manifests-multi/
COPY static-pods/addon-manager.json /etc/kubernetes/manifests-multi/
# TODO: Move out kube-proxy to a DaemonSet again
COPY static-pods/kube-proxy.json /etc/kubernetes/manifests-multi/
COPY static-pods/master-multi.json \
static-pods/addon-manager-multinode.json \
/etc/kubernetes/manifests-multi/
# Copy over all addons
COPY addons /etc/kubernetes/addons
# Other required scripts for the setup
COPY safe_format_and_mount /usr/share/google/safe_format_and_mount
COPY setup-files.sh /setup-files.sh
COPY make-ca-cert.sh /make-ca-cert.sh
COPY copy-addons.sh /copy-addons.sh
# Copy other required scripts for the setup
COPY setup-files.sh make-ca-cert.sh copy-addons.sh /
# easy-rsa package required by make-ca-cert
ADD https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz /root/kube/
# Copy the cni folder into /opt/
COPY cni /opt/cni
# Copy the the cni-bin folder into /opt/cni/bin
COPY cni-bin /opt/cni/bin
# Copy overlay configuration to default directory
COPY cni-conf /etc/cni/net.d

51
cluster/images/hyperkube/Makefile
View File

@@ -15,12 +15,12 @@
# Build the hyperkube image.
#
# Usage:
# [ARCH=amd64] [REGISTRY="gcr.io/google_containers"] make (build|push) VERSION={some_version_number e.g. v1.2.0}
# [ARCH=amd64] [REGISTRY="gcr.io/google_containers"] make (build|push) VERSION={some_released_version_of_kubernetes}
REGISTRY?=gcr.io/google_containers
ARCH?=amd64
TEMP_DIR:=$(shell mktemp -d)
CNI_RELEASE=8a936732094c0941e1543ef5d292a1f4fffa1ac5
CNI_RELEASE=9d5e6e60e79491207834ae8439e80c943db65a69
UNAME_S:=$(shell uname -s)
ifeq ($(UNAME_S),Darwin)
@@ -54,33 +54,35 @@ ifndef VERSION
$(error VERSION is undefined)
endif
cp -r ./* ${TEMP_DIR}
mkdir -p ${TEMP_DIR}/cni ${TEMP_DIR}/addons
cp ../../saltbase/salt/helpers/safe_format_and_mount ${TEMP_DIR}
mkdir -p ${TEMP_DIR}/cni-bin ${TEMP_DIR}/addons ${TEMP_DIR}/addons/singlenode ${TEMP_DIR}/addons/multinode
cp ../../saltbase/salt/generate-cert/make-ca-cert.sh ${TEMP_DIR}
cp ../../addons/dns/skydns-rc.yaml.base ${TEMP_DIR}/addons/skydns-rc.yaml
cp ../../addons/dns/skydns-svc.yaml.base ${TEMP_DIR}/addons/skydns-svc.yaml
cp ../../addons/dashboard/dashboard-controller.yaml ${TEMP_DIR}/addons
cp ../../addons/dashboard/dashboard-service.yaml ${TEMP_DIR}/addons
# TODO: Move out kube-proxy to a DaemonSet again
#cp kube-proxy-ds.yaml ${TEMP_DIR}/addons/kube-proxy.yaml
# Singlenode addons
cp ../../addons/dns/skydns-rc.yaml.base ${TEMP_DIR}/addons/singlenode/skydns-rc.yaml
cp ../../addons/dns/skydns-svc.yaml.base ${TEMP_DIR}/addons/singlenode/skydns-svc.yaml
cp ../../addons/dashboard/dashboard-controller.yaml ${TEMP_DIR}/addons/singlenode/
cp ../../addons/dashboard/dashboard-service.yaml ${TEMP_DIR}/addons/singlenode/
# Multinode addons; all singlenode addons plus kube-proxy (and soon flannel)
cp ${TEMP_DIR}/addons/singlenode/*.yaml ${TEMP_DIR}/addons/multinode/
cp kube-proxy-ds.yaml ${TEMP_DIR}/addons/multinode/kube-proxy.yaml
cp ../../../_output/dockerized/bin/linux/${ARCH}/hyperkube ${TEMP_DIR}
cd ${TEMP_DIR} && sed -i.back "s|VERSION|${VERSION}|g" addons/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|REGISTRY|${REGISTRY}|g" addons/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|ARCH|${ARCH}|g" addons/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|VERSION|${VERSION}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|REGISTRY|${REGISTRY}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|ARCH|${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|ARCH|${QEMUARCH}|g" Dockerfile
cd ${TEMP_DIR} && sed -i.back "s|BASEIMAGE|${BASEIMAGE}|g" Dockerfile
cd ${TEMP_DIR} && sed -i.back "s|-amd64|-${ARCH}|g" addons/*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__REPLICAS__|1|g;s|__PILLAR__DNS__SERVER__|10.0.0.10|g;" addons/skydns*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__DOMAIN__|cluster.local|g;s|__PILLAR__FEDERATIONS__DOMAIN__MAP__||g;" addons/skydns*.yaml
rm ${TEMP_DIR}/addons/*.back
cd ${TEMP_DIR} && sed -i.back "s|-amd64|-${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__REPLICAS__|1|g;s|__PILLAR__DNS__SERVER__|10.0.0.10|g;" addons/singlenode/skydns*.yaml addons/multinode/skydns*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__DOMAIN__|cluster.local|g;s|__PILLAR__FEDERATIONS__DOMAIN__MAP__||g;" addons/singlenode/skydns*.yaml addons/multinode/skydns*.yaml
cd ${TEMP_DIR} && rm -f addons/singlenode/*.back addons/multinode/*.back static-pods/*.back
# Make scripts executable before they are copied into the Docker image. If we make them executable later, in another layer
# they'll take up twice the space because the new executable binary differs from the old one, but everything is cached in layers.
cd ${TEMP_DIR} && chmod a+rx \
hyperkube \
safe_format_and_mount \
setup-files.sh \
make-ca-cert.sh \
copy-addons.sh
@@ -88,8 +90,6 @@ endif
ifeq ($(ARCH),amd64)
# When building "normally" for amd64, remove the whole line, it has no part in the amd64 image
cd ${TEMP_DIR} && ${SED_CMD} "/CROSS_BUILD_/d" Dockerfile
# Download CNI
curl -sSL --retry 5 https://storage.googleapis.com/kubernetes-release/network-plugins/cni-${CNI_RELEASE}.tar.gz | tar -xz -C ${TEMP_DIR}/cni
else
cd ${TEMP_DIR} && ${SED_CMD} "s/CROSS_BUILD_//g" Dockerfile
@@ -97,17 +97,16 @@ else
# Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel
docker run --rm --privileged multiarch/qemu-user-static:register --reset
curl -sSL --retry 5 https://github.com/multiarch/qemu-user-static/releases/download/v2.5.0/x86_64_qemu-${QEMUARCH}-static.tar.xz | tar -xJ -C ${TEMP_DIR}
endif
# This cross-compiles cni for the other architectures, until CNI releases binaries for all arches: https://github.com/containernetworking/cni/pull/241
docker run -it -v ${TEMP_DIR}/cni:/cnibin golang:1.6 /bin/bash -c "\
# This cross-compiles cni for all architectures
# TODO(freehan): Push the latest cni for all arches to storage.googleapis.com so we may just download the binaries
docker run -it -v ${TEMP_DIR}/cni-bin:/cnibin golang:1.6 /bin/bash -c "\
git clone https://github.com/containernetworking/cni \
&& cd cni \
&& git checkout $(CNI_RELEASE) \
&& curl -sSL https://patch-diff.githubusercontent.com/raw/containernetworking/cni/pull/241.patch > multiarch.patch \
&& git apply --exclude=.travis.yml --exclude=scripts/release-with-rkt.sh < multiarch.patch \
&& GOARCH=$(ARCH) ./build \
&& cp bin/* /cnibin"
endif
docker build -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR}
rm -rf "${TEMP_DIR}"

9
cluster/images/hyperkube/cni-conf/10-containernet.conf
View File

@@ -1,9 +1,10 @@
{
"name": "containernet",
"type": "flannel",
"delegate": {
"name": "containernet",
"type": "flannel",
"delegate": {
"bridge": "cni0",
"mtu": 1450,
"isDefaultGateway": true
"isDefaultGateway": true,
"forceAddress": true
}
}

9
cluster/images/hyperkube/copy-addons.sh
View File

@@ -13,16 +13,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Now we're running in the sidecar container
# /etc/kubernetes/addons holds the data in the hyperkube container
# /srv/kubernetes is an emptyDir that maps to /etc/kubernetes in the addon-manager container
# This way we're using the latest manifests from hyperkube without updating
# kube-addon-manager which is used for other deployments too
# Inside /etc/kubernetes/addons, there are two directories: singlenode and multinode
# If "singlenode" is passed to this script; those manifests are copied to the addon-manager and vice versa with "multinode"
SUBDIRECTORY=$1
# While there is no data copied over to the emptyDir, try to copy it.
while [[ ! -d /srv/kubernetes/addons ]]; do
cp -r /etc/kubernetes/* /srv/kubernetes/
while [[ -z $(ls /srv/kubernetes/addons) ]]; do
cp -r /etc/kubernetes/addons/${SUBDIRECTORY}/* /srv/kubernetes/addons/
done
# Then sleep forever

14
cluster/images/hyperkube/kube-proxy-ds.yaml
View File

@@ -12,12 +12,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO: Move out kube-proxy to a DaemonSet again
# This is disabled for the v1.3 release, due to bootstrapping complexities
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: k8s-proxy
name: k8s-proxy-v1
namespace: kube-system
labels:
k8s-app: k8s-proxy
@@ -38,8 +36,16 @@ spec:
command:
- /hyperkube
- proxy
- --master=http://127.0.0.1:8080
- --kubeconfig=/var/lib/kubelet/kubeconfig/kubeconfig.yaml
- --v=2
- --resource-container=""
securityContext:
privileged: true
volumeMounts:
- name: kubeconfig
mountPath: /var/lib/kubelet/kubeconfig
readOnly: true
volumes:
- name: kubeconfig
hostPath:
path: /var/lib/kubelet/kubeconfig

19
cluster/images/hyperkube/setup-files.sh
View File

@@ -30,39 +30,40 @@ create_token() {
# list of Subject Alternative Names of the server TLS certificate
# Should contain internal IP, i.e. IP:10.0.0.1 for 10.0.0.0/24 cluster IP range
EXTRA_SANS=$1
DATA_DIR=/srv/kubernetes
# Files in /data are persistent across reboots, so we don't want to re-create the files if they already
# exist, because the state is persistent in etcd too, and we don't want a conflict between "old" data in
# etcd and "new" data that this script would create for apiserver. Therefore, if the file exist, skip it.
if [[ ! -f /data/ca.crt ]]; then
if [[ ! -f ${DATA_DIR}/ca.crt ]]; then
# Create HTTPS certificates
groupadd -f -r kube-cert-test
groupadd -f -r kube-cert
# hostname -I gets the ip of the node
CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS}
/make-ca-cert.sh $(hostname -I | awk '{print $1}') ${EXTRA_SANS}
echo "Certificates created $(date)"
else
echo "Certificates already found, not recreating."
fi
if [[ ! -f /data/basic_auth.csv ]]; then
if [[ ! -f ${DATA_DIR}/basic_auth.csv ]]; then
# Create basic token authorization
echo "admin,admin,admin" > /data/basic_auth.csv
echo "admin,admin,admin" > ${DATA_DIR}/basic_auth.csv
echo "basic_auth.csv created $(date)"
else
echo "basic_auth.csv already found, not recreating."
fi
if [[ ! -f /data/known_tokens.csv ]]; then
if [[ ! -f ${DATA_DIR}/known_tokens.csv ]]; then
# Create known tokens for service accounts
echo "$(create_token),admin,admin" >> /data/known_tokens.csv
echo "$(create_token),kubelet,kubelet" >> /data/known_tokens.csv
echo "$(create_token),kube_proxy,kube_proxy" >> /data/known_tokens.csv
echo "$(create_token),admin,admin" >> ${DATA_DIR}/known_tokens.csv
echo "$(create_token),kubelet,kubelet" >> ${DATA_DIR}/known_tokens.csv
echo "$(create_token),kube_proxy,kube_proxy" >> ${DATA_DIR}/known_tokens.csv
echo "known_tokens.csv created $(date)"
else

9
cluster/images/hyperkube/static-pods/addon-manager.json → cluster/images/hyperkube/static-pods/addon-manager-multinode.json
View File

@@ -11,7 +11,7 @@
"containers": [
{
"name": "kube-addon-manager",
"image": "gcr.io/google-containers/kube-addon-manager-ARCH:v5.1",
"image": "REGISTRY/kube-addon-manager-ARCH:v5.1",
"resources": {
"requests": {
"cpu": "5m",
@@ -21,7 +21,7 @@
"volumeMounts": [
{
"name": "addons",
"mountPath": "/etc/kubernetes/",
"mountPath": "/etc/kubernetes/addons",
"readOnly": true
}
]
@@ -30,12 +30,13 @@
"name": "kube-addon-manager-data",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/copy-addons.sh"
"/copy-addons.sh",
"multinode"
],
"volumeMounts": [
{
"name": "addons",
"mountPath": "/srv/kubernetes/",
"mountPath": "/srv/kubernetes/addons",
"readOnly": false
}
]

52
cluster/images/hyperkube/static-pods/addon-manager-singlenode.json Normal file
View File

@@ -0,0 +1,52 @@
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "kube-addon-manager",
"namespace": "kube-system",
"version": "v1"
},
"spec": {
"hostNetwork": true,
"containers": [
{
"name": "kube-addon-manager",
"image": "REGISTRY/kube-addon-manager-ARCH:v5.1",
"resources": {
"requests": {
"cpu": "5m",
"memory": "50Mi"
}
},
"volumeMounts": [
{
"name": "addons",
"mountPath": "/etc/kubernetes/addons",
"readOnly": true
}
]
},
{
"name": "kube-addon-manager-data",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/copy-addons.sh",
"singlenode"
],
"volumeMounts": [
{
"name": "addons",
"mountPath": "/srv/kubernetes/addons",
"readOnly": false
}
]
}
],
"volumes":[
{
"name": "addons",
"emptyDir": {}
}
]
}
}

8
cluster/images/hyperkube/static-pods/etcd.json
View File

@@ -12,10 +12,10 @@
"name": "etcd",
"image": "gcr.io/google_containers/etcd-ARCH:3.0.4",
"command": [
"/usr/local/bin/etcd",
"--listen-client-urls=http://127.0.0.1:2379",
"--advertise-client-urls=http://127.0.0.1:2379",
"--data-dir=/var/etcd/data"
"/usr/local/bin/etcd",
"--listen-client-urls=http://127.0.0.1:2379,http://127.0.0.1:4001",
"--advertise-client-urls=http://127.0.0.1:2379,http://127.0.0.1:4001",
"--data-dir=/var/etcd/data"
],
"volumeMounts": [
{

10
cluster/images/hyperkube/static-pods/kube-proxy.json
View File

@@ -12,11 +12,11 @@
"name": "kube-proxy",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/hyperkube",
"proxy",
"--master=http://127.0.0.1:8080",
"--v=2",
"--resource-container=\"\""
"/hyperkube",
"proxy",
"--master=http://127.0.0.1:8080",
"--v=2",
"--resource-container=\"\""
],
"securityContext": {
"privileged": true

61
cluster/images/hyperkube/static-pods/master-multi.json
View File

@@ -12,13 +12,15 @@
"name": "controller-manager",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m",
"--v=2"
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m",
"--leader-elect=true",
"--cluster-cidr=10.1.0.0/16",
"--v=2"
],
"volumeMounts": [
{
@@ -31,20 +33,20 @@
"name": "apiserver",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/hyperkube",
"apiserver",
"--service-cluster-ip-range=10.0.0.1/24",
"--insecure-bind-address=0.0.0.0",
"--etcd-servers=http://127.0.0.1:2379",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true",
"--v=2"
"/hyperkube",
"apiserver",
"--service-cluster-ip-range=10.0.0.1/24",
"--insecure-bind-address=0.0.0.0",
"--etcd-servers=http://127.0.0.1:2379",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true",
"--v=2"
],
"volumeMounts": [
{
@@ -57,23 +59,24 @@
"name": "scheduler",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/hyperkube",
"scheduler",
"--master=127.0.0.1:8080",
"--v=2"
]
"/hyperkube",
"scheduler",
"--master=127.0.0.1:8080",
"--leader-elect=true",
"--v=2"
]
},
{
"name": "setup",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/setup-files.sh",
"IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
"/setup-files.sh",
"IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/data"
"mountPath": "/srv/kubernetes"
}
]
}

60
cluster/images/hyperkube/static-pods/master.json
View File

@@ -12,13 +12,14 @@
"name": "controller-manager",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m",
"--v=2"
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt",
"--min-resync-period=3m",
"--leader-elect=true",
"--v=2"
],
"volumeMounts": [
{
@@ -31,20 +32,20 @@
"name": "apiserver",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/hyperkube",
"apiserver",
"--service-cluster-ip-range=10.0.0.1/24",
"--insecure-bind-address=127.0.0.1",
"--etcd-servers=http://127.0.0.1:2379",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true",
"--v=2"
"/hyperkube",
"apiserver",
"--service-cluster-ip-range=10.0.0.1/24",
"--insecure-bind-address=127.0.0.1",
"--etcd-servers=http://127.0.0.1:2379",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true",
"--v=2"
],
"volumeMounts": [
{
@@ -57,23 +58,24 @@
"name": "scheduler",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/hyperkube",
"scheduler",
"--master=127.0.0.1:8080",
"--v=2"
]
"/hyperkube",
"scheduler",
"--master=127.0.0.1:8080",
"--leader-elect=true",
"--v=2"
]
},
{
"name": "setup",
"image": "REGISTRY/hyperkube-ARCH:VERSION",
"command": [
"/setup-files.sh",
"IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
"/setup-files.sh",
"IP:10.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/data"
"mountPath": "/srv/kubernetes"
}
]
}