Permalink
Browse files

Update some flags

  • Loading branch information...
brendandburns committed Nov 13, 2015
1 parent abbed4f commit ce90b83689f08cb5ebb6b632dab7f95a48060425
@@ -8,6 +8,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
file \
util-linux \
socat \
curl \
&& DEBIAN_FRONTEND=noninteractive apt-get autoremove -y \
&& DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -21,3 +22,9 @@ COPY master.json /etc/kubernetes/manifests/master.json
COPY safe_format_and_mount /usr/share/google/safe_format_and_mount
RUN chmod a+rx /usr/share/google/safe_format_and_mount
COPY setup-files.sh /setup-files.sh
RUN chmod a+rx /setup-files.sh
COPY make-ca-cert.sh /make-ca-cert.sh
RUN chmod a+x /make-ca-cert.sh
@@ -1,9 +1,10 @@
# build the hyperkube image.
VERSION=v1.0.1
VERSION=v1.1.1
all:
cp ../../saltbase/salt/helpers/safe_format_and_mount .
cp ../../saltbase/salt/generate-cert/make-ca-cert.sh .
curl -O https://storage.googleapis.com/kubernetes-release/release/${VERSION}/bin/linux/amd64/hyperkube
sed -i "s/VERSION/${VERSION}/g" master-multi.json master.json
docker build -t gcr.io/google_containers/hyperkube:${VERSION} .
@@ -12,6 +12,8 @@
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--terminated-pod-gc-threshold=100",
"--min-resync-period=3m",
"--v=2"
]
},
@@ -25,6 +27,7 @@
"--address=0.0.0.0",
"--etcd-servers=http://127.0.0.1:4001",
"--cluster-name=kubernetes",
"--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",
"--v=2"
]
},
@@ -12,8 +12,17 @@
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--min-resync-period=3m",
"--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt",
"--v=2"
]
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/srv/kubernetes"
}
]
},
{
"name": "apiserver",
@@ -25,8 +34,22 @@
"--address=127.0.0.1",
"--etcd-servers=http://127.0.0.1:4001",
"--cluster-name=kubernetes",
"--v=2"
]
"--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=True",
"--v=4"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/srv/kubernetes"
}
]
},
{
"name": "scheduler",
@@ -37,6 +60,25 @@
"--master=127.0.0.1:8080",
"--v=2"
]
},
{
"name": "setup",
"image": "gcr.io/google_containers/hyperkube:VERSION",
"command": [
"/setup-files.sh"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/data"
}
]
}
],
"volumes": [
{
"name": "data",
"emptyDir": {}
}
]
}
@@ -0,0 +1,43 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script is intended to set up the files necessary to run a master.
# It currently creates:
# * The basic auth file for access to the kubernetes api server
# * Service tokens for accessing the kubernetes api server
# * The CA cert and keys for HTTPS access to the kubernetes api server
set -o errexit
set -o nounset
set -o pipefail
create_token() {
echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null)
}
# Create basic token authorization
echo "admin,admin,admin" > /data/basic_auth.csv
# Create HTTPS certificates
CERT_DIR=/data /make-ca-cert.sh $(hostname -i)
# Create known tokens for service accounts
echo "$(create_token),admin,admin" >> /data/known_tokens.csv
echo "$(create_token),kubelet,kubelet" >> /data/known_tokens.csv
echo "$(create_token),kube_proxy,kube_proxy" >> /data/known_tokens.csv
while true; do
sleep 3600
done
@@ -0,0 +1,31 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Tears down an existing cluster. Warning destroys _all_ docker containers on the machine
set -o errexit
set -o nounset
set -o pipefail
echo "Warning, this will delete all Docker containers on this machine."
echo "Proceed? [Y/n]"
read resp
if [[ $resp == "n" || $resp == "N" ]]; then
exit 0
fi
docker ps -aq | xargs docker rm -f
@@ -0,0 +1,50 @@
#!/bin/bash
# Copyright 2015 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Useful for testing images and changes, turns up a fresh single node cluster
set -o errexit
set -o nounset
set -o pipefail
docker run --net=host -d gcr.io/google_containers/etcd:2.2.1 \
/usr/local/bin/etcd \
--addr=127.0.0.1:4001 \
--bind-addr=0.0.0.0:4001 \
--data-dir=/var/etcd/data
docker run --pid=host \
--volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \
--volume=/dev:/dev \
--volume=/var/lib/docker/:/var/lib/docker:rw \
--volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
--volume=/var/run:/var/run:rw \
--net=host \
--pid=host \
--privileged=true \
-d gcr.io/google_containers/hyperkube:v${K8S_VERSION} \
/hyperkube kubelet \
--containerized \
--hostname-override="127.0.0.1" \
--address="0.0.0.0" \
--api-servers=http://localhost:8080 \
--config=/etc/kubernetes/manifests --v=10
docker run -d --net=host --privileged \
gcr.io/google_containers/hyperkube:v${K8S_VERSION} \
/hyperkube proxy \
--master=http://127.0.0.1:8080 --v=2
@@ -84,7 +84,7 @@ parameters as follows:
```
4. Decide what Kubernetes version to use. Set the `${K8S_VERSION}` variable to
a value such as "1.0.7".
a value such as "1.1.1".
### Step One: Run etcd
@@ -124,8 +124,8 @@ At this point you should have a running Kubernetes cluster. You can test this
by downloading the kubectl binary for `${K8S_VERSION}` (look at the URL in the
following links) and make it available by editing your PATH environment
variable.
([OS X](http://storage.googleapis.com/kubernetes-release/release/v1.0.7/bin/darwin/amd64/kubectl))
([linux](http://storage.googleapis.com/kubernetes-release/release/v1.0.7/bin/linux/amd64/kubectl))
([OS X](http://storage.googleapis.com/kubernetes-release/release/v1.1.1/bin/darwin/amd64/kubectl))
([linux](http://storage.googleapis.com/kubernetes-release/release/v1.1.1/bin/linux/amd64/kubectl))
For example, OS X:
@@ -176,6 +176,7 @@ func (n *NsenterMounter) IsLikelyNotMountPoint(file string) (bool, error) {
exec := exec.New()
out, err := exec.Command(nsenterPath, args...).CombinedOutput()
if err != nil {
glog.Errorf("Failed to nsenter mount, return file doesn't exist: %v", err)
// If the command itself is correct, then if we encountered error
// then most likely this means that the directory does not exist.
return true, os.ErrNotExist

1 comment on commit ce90b83

@k8s-teamcity-mesosphere

This comment has been minimized.

Show comment
Hide comment
@k8s-teamcity-mesosphere

k8s-teamcity-mesosphere Nov 20, 2015

TeamCity OSS :: Kubernetes Mesos :: 4 - Smoke Tests Build 6110 outcome was SUCCESS
Summary: Tests passed: 1, ignored: 199 Build time: 00:04:14

TeamCity OSS :: Kubernetes Mesos :: 4 - Smoke Tests Build 6110 outcome was SUCCESS
Summary: Tests passed: 1, ignored: 199 Build time: 00:04:14

Please sign in to comment.