Self Hosting of Resources #715
Comments
|
This should be a global discussion about all dependency management in the project. We could/should offer a way to easily overload some of these parameters... My gut makes me think |
|
Agreed - this was really just an error/shortcut I made - I didn't think it through. I'd say a "base directory" for all our resources would be helpful. And we should pull from there:
And then you could repoint your base directory to your private builds / whatever. We already can preload docker images over HTTP and then I think it's mostly "just" a matter of improving our build process. I saw @mikedanese 's super cool work on getting bazel into the core, and I think it would be great to leverage that once it's in (though we will still want an easy "make" for building kops the CLI tool itself) |
|
I would say that we can define a docker Reg for -
Http / s3 repo for all artifacts like nodeup. |
|
#730 another one |
|
Will start logging these as I notice them |
|
Thanks ... nodeup as well. All of the dockers :) |
|
@robertojrojas this is what I was talking about. This is a tip of the ice burg problem. You interested in assisting? |
|
@chrislovecnm sure! So, there are deps needed at the time kops is executing and deps needed within the cloud provider (with or without internet access), right? |
|
We have
What is the best way to communicate this to you? |
|
Oh and thanks. This is a huge need for the community btw. For example DNS attacks have stopped deployments. Aka not good. |
|
We should support K8S internal containers such as pause-amd64, for that we should pass the flag "--pod_infra_container_image" to the kubelet. |
|
External dependencies CNICan be specified using environment variable CNI_VERSION_URL kops/upup/pkg/fi/cloudup/networking.go Line 72 in 789bfcf ChannelCan be specified on the command line via --channel Line 29 in 968366d NodeUp / ProtokubeThe base url can be changed via KOPS_BASE_URL Protokube - kops/upup/pkg/fi/cloudup/urls.go Line 75 in de16272 NodeUp - kops/upup/pkg/fi/cloudup/urls.go Line 61 in de16272 ImagesIf c.Cluster.Spec.KubernetesVersion is a url the following images are loaded from that url.
imagePath := baseURL + "/bin/linux/amd64/" + component + ".tar" Individual images can be specified for each of the above items via the config - https://github.com/kubernetes/kops/blob/97afdf9f97f56ab5a369b444d2c39621e8e6ba73/pkg/apis/kops/v1alpha2/componentconfig.go Pause containerCan be specified on the kubelet via --pod-infra-container-image Containers referenced on gcrgcr.io/google_containers/hyperkube-amd64 Currently these containers depend on gcr.io and can no be pre-loaded. |
|
Networking provider such as weave or calico as well ... |
|
List above looks quite comprehensive. But I don't see kubelet in the list. Where does that come from? |
|
Implementation
Extended List @sstarcher has a great list, but here are a few more.
|
And also the security paranoid. In our case, it would potentially simplify some things. |
|
Still a work in progress /assign |
|
/close as this is implemented |
|
|
Is there a document for us to refer? |
|
@chrislovecnm Done? Is there a link on how to get started? |
|
I would also like to see documentation on this as well. Our use case is that we would like to push a docker config to all of our nodes to require that all images must come from our private registry and must be signed which would obviously break cluster components without this. |
During the DNS attack today on github.com and other internet end-points, we were not able to deploy new K8s clusters. We need to address capability of self-hosting docker containers and other components that are downloaded. For instance with channels:
"https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable": error fetching
Larger companies will want to self-host binaries, dockers, and metadata.
Keywords:
The text was updated successfully, but these errors were encountered: