kube-apiserver in a pod.

2015-04-09 14:35:07 -07:00
parent a0fa592b80
commit c9d7010461
5 changed files with 191 additions and 259 deletions
--- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest
+++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest
@@ -0,0 +1,170 @@
+{% set daemon_args = "$DAEMON_ARGS" -%}
+{% if grains['os_family'] == 'RedHat' -%}
+	{% set daemon_args = "" -%}
+{% endif -%}
+
+{% set cloud_provider = "" -%}
+{% set cloud_config = "" -%}
+
+{% if grains.cloud is defined -%}
+{% set cloud_provider = "--cloud_provider=" + grains.cloud -%}
+
+{% if grains.cloud == 'gce' -%}
+  {% if grains.cloud_config is defined -%}
+    {% set cloud_config = "--cloud_config=" + grains.cloud_config -%}
+  {% endif -%}
+
+{% elif grains.cloud == 'aws' -%}
+  {% set cloud_config = "--cloud_config=/etc/aws.conf" -%}
+{% endif -%}
+
+{% endif -%}
+
+{% set address = "--address=127.0.0.1" -%}
+
+{% if pillar['instance_prefix'] is defined -%}
+  {% set cluster_name = "--cluster_name=" + pillar['instance_prefix'] -%}
+{% endif -%}
+
+{% set publicAddressOverride = "" -%}
+{% if grains.publicAddressOverride is defined -%}
+  {% set publicAddressOverride = "--public_address_override=" + grains.publicAddressOverride -%}
+{% endif -%}
+
+{% set etcd_servers = "--etcd_servers=http://127.0.0.1:4001" -%}
+
+{% if pillar['portal_net'] is defined -%}
+  {% set portal_net = "--portal_net=" + pillar['portal_net'] -%}
+{% endif -%}
+
+{% set cert_file = "--tls_cert_file=/srv/kubernetes/server.cert" -%}
+{% set key_file = "--tls_private_key_file=/srv/kubernetes/server.key" -%}
+
+{% set secure_port = "--secure_port=6443" -%}
+{% set token_auth_file = "--token_auth_file=/dev/null" -%}
+
+{% if grains.cloud is defined -%}
+{% if grains.cloud in [ 'aws', 'gce', 'vagrant' ] -%}
+    {% set token_auth_file = "--token_auth_file=/srv/kubernetes/known_tokens.csv" -%}
+{% endif -%}
+{% endif -%}
+
+{% set admission_control = "" -%}
+{% if pillar['admission_control'] is defined -%}
+ {% set admission_control = "--admission_control=" + pillar['admission_control'] -%}
+{% endif -%}
+
+{% set runtime_config = "" -%}
+{% if grains.runtime_config is defined -%}
+ {% set runtime_config = "--runtime_config=" + grains.runtime_config -%}
+{% endif -%}
+
+{
+"apiVersion": "v1beta3",
+"kind": "Pod",
+"metadata": {"name":"kube-apiserver"},
+"spec":{
+"hostNetwork": true,
+"containers":[
+    {
+    "name": "kube-apiserver",
+    "image": "gcr.io/google_containers/kube-apiserver:{{pillar['kube-apiserver_docker_tag']}}",
+    "command": [
+                 "/kube-apiserver",
+                 "{{address}}",
+                 "{{etcd_servers}}",
+                 "{{ cloud_provider }}",
+                 "{{ cloud_config }}",
+                 "{{ runtime_config }}",
+                 "{{admission_control}}",
+                 "--allow_privileged={{pillar['allow_privileged']}}",
+                 "{{portal_net}}",
+                 "{{cluster_name}}",
+                 "{{cert_file}}",
+                 "{{key_file}}",
+                 "{{secure_port}}",
+                 "{{token_auth_file}}",
+                 "{{publicAddressOverride}}",
+                 "{{pillar['log_level']}}"
+               ],
+    "ports":[
+      { "name": "https",
+        "containerPort": 6443,
+        "hostPort": 6443},{
+       "name": "http",
+        "containerPort": 7080,
+        "hostPort": 7080},{
+       "name": "local",
+        "containerPort": 8080,
+        "hostPort": 8080}
+        ],
+    "volumeMounts": [
+        { "name": "srvkube",
+        "mountPath": "/srv/kubernetes",
+        "readOnly": true},
+        { "name": "etcssl",
+        "mountPath": "/etc/ssl",
+        "readOnly": true},
+        { "name": "usrsharessl",
+        "mountPath": "/usr/share/ssl",
+        "readOnly": true},
+        { "name": "varssl",
+        "mountPath": "/var/ssl",
+        "readOnly": true},
+        { "name": "usrssl",
+        "mountPath": "/usr/ssl",
+        "readOnly": true},
+        { "name": "usrlibssl",
+        "mountPath": "/usr/lib/ssl",
+        "readOnly": true},
+        { "name": "usrlocalopenssl",
+        "mountPath": "/usr/local/openssl",
+        "readOnly": true},
+        { "name": "etcopenssl",
+        "mountPath": "/etc/openssl",
+        "readOnly": true},
+        { "name": "etcpkitls",
+        "mountPath": "/etc/pki/tls",
+        "readOnly": true}
+      ]
+    }
+],
+"volumes":[
+  { "name": "srvkube",
+    "hostPath": {
+        "path": "/srv/kubernetes"}
+  },
+  { "name": "etcssl",
+    "hostPath": {
+        "path": "/etc/ssl"}
+  },
+  { "name": "usrsharessl",
+    "hostPath": {
+        "path": "/usr/share/ssl"}
+  },
+  { "name": "varssl",
+    "hostPath": {
+        "path": "/var/ssl"}
+  },
+  { "name": "usrssl",
+    "hostPath": {
+        "path": "/usr/ssl"}
+  },
+  { "name": "usrlibssl",
+    "hostPath": {
+        "path": "/usr/lib/ssl"}
+  },
+  { "name": "usrlocalopenssl",
+    "hostPath": {
+        "path": "/usr/local/openssl"}
+  },
+  { "name": "etcopenssl",
+    "hostPath": {
+        "path": "/etc/openssl"}
+  },
+  { "name": "etcpkitls",
+    "hostPath": {
+        "path": "/etc/pki/tls"}
+  }
+]
+}}