From 936f9cc95d00031c6ed4f44c35ab1f7df4b6fac2 Mon Sep 17 00:00:00 2001 From: Eric Tune Date: Wed, 14 Jan 2015 09:17:57 -0800 Subject: [PATCH 1/9] WIP: Update Rackspace so node talks to apiserver Kubernetes project has decided that it is better if kubelet and kube-proxy use the apiserver REST interface to get and set resources instead of accessing resource keys in etcd directly. This is necessary to support kubelet reporting of events, and also encapsulates the apiserver store details. This means that the kubelet and kube-proxy need to know the apiserver host(s) via a flag. Since the Rackspace config already used etcd to advertise the minions to the controller-manager, I used the same pattern to advertise the apiserver(s) to the minions. Setting --public_address_override=$private_ipv4 is intended to ensure that the master serves its http interface on the right ethernet device, since I think there are two on a droplet. The new apiserver-advertiser.service puts the IPs of any apiservers in etcd. The kubelet and kube-proxy now take an environment file which contains the list of apiserver IPs, and that env var goes into a flag. The etcd_servers argument is removed -- the point is for these binaries to not access etcd. The new apiserver-finder.service watches for changes in etcd and restarts kubelet and kube proxy when there are new apiservers. --- .../cloud-config/master-cloud-config.yaml | 12 +++++ .../cloud-config/minion-cloud-config.yaml | 48 ++++++++++++++++++- 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/cluster/rackspace/cloud-config/master-cloud-config.yaml b/cluster/rackspace/cloud-config/master-cloud-config.yaml index f97199f7945..ae449178f61 100644 --- a/cluster/rackspace/cloud-config/master-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/master-cloud-config.yaml @@ -80,6 +80,18 @@ coreos: ExecStart=/opt/bin/kube-apiserver --address=127.0.0.1 --port=8080 --etcd_servers=http://127.0.0.1:4001 --portal_net=PORTAL_NET --logtostderr=true --cloud_provider=rackspace --cloud_config=/etc/cloud.conf --v=2 Restart=always RestartSec=2 + - name: apiserver-advertiser.service + command: start + content: | + [Unit] + Description=Kubernetes Apiserver Advertiser + After=etcd.service + Requires=etcd.service + After=master-apiserver.service + [Service] + ExecStart=/bin/sh -c 'etcdctl set /corekube/apiservers/$private_ipv4 $private_ipv4' + Restart=always + RestartSec=120 - name: master-controller-manager.service command: start content: | diff --git a/cluster/rackspace/cloud-config/minion-cloud-config.yaml b/cluster/rackspace/cloud-config/minion-cloud-config.yaml index 11cbadfdd0a..c55a63a3ad7 100644 --- a/cluster/rackspace/cloud-config/minion-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/minion-cloud-config.yaml @@ -12,6 +12,14 @@ write_files: set) ip route replace $net via $nh dev eth2 metric 900 ;; expire) ip route del $net via $nh metric 900 ;; esac + - path: /opt/bin/regen-apiserver-list.sh + permissions: 0755 + content: | + #!/bin/sh + m=$(echo $(etcdctl ls --recursive /corekube/apiservers | cut -d/ -f4 | sort) | tr ' ' ,) + mkdir -p /run/kubelet + echo "APISERVER_IPS=$m" > /run/kubelet/apiservers.env + echo "FIRST_APISERVER_URL=http://${m%%\,*}:7080" >> /run/kubelet/apiservers.env - path: /opt/bin/download-release.sh permissions: 0755 content: | @@ -67,8 +75,9 @@ coreos: After=download-release.service Requires=download-release.service [Service] + EnvironmentFile=/run/kubelet/apiserver.env ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kubelet /opt/bin/kubelet - ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --etcd_servers=http://127.0.0.1:4001 --logtostderr=true --config=/opt/kubernetes-manifests --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN + ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --api_servers=$FIRST_APISERVER_URL --logtostderr=true --config=/opt/kubernetes-manifests --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN Restart=always RestartSec=2 - name: minion-proxy.service @@ -84,10 +93,31 @@ coreos: After=download-release.service Requires=download-release.service [Service] + EnvironmentFile=/run/kubelet/apiserver.env ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-proxy /opt/bin/kube-proxy - ExecStart=/opt/bin/kube-proxy --bind_address=$private_ipv4 --etcd_servers=http://127.0.0.1:4001 --logtostderr=true --v=2 + ExecStart=/opt/bin/kube-proxy --bind_address=$private_ipv4 --master=$FIRST_APISERVER_URL --logtostderr=true Restart=always RestartSec=2 + - name: kubelet-sighup.path + command: start + content: | + [Path] + PathChanged=/run/kubelet/apiservers.env + - name: kubelet-sighup.service + command: start + content: | + [Service] + ExecStart=/usr/bin/pkill -SIGHUP -f kubelet + - name: kube-proxy-sighup.path + command: start + content: | + [Path] + PathChanged=/run/kubelet/apiservers.env + - name: kube-proxy-sighup.service + command: start + content: | + [Service] + ExecStart=/usr/bin/pkill -SIGHUP -f kube-proxy - name: minion-advertiser.service command: start content: | @@ -100,6 +130,20 @@ coreos: ExecStart=/bin/sh -c 'while :; do etcdctl set /corekube/minions/$private_ipv4 $private_ipv4 --ttl 300; sleep 120; done' Restart=always RestartSec=120 + - name: apiserver-finder.service + command: start + content: | + [Unit] + Description=Kubernetes Apiserver finder + After=network-online.target + Requires=network-online.target + After=etcd.service + Requires=etcd.service + [Service] + ExecStartPre=/opt/bin/regen-apiserver-list.sh + ExecStart=/usr/bin/etcdctl exec-watch --recursive /corekube/apiservers -- /opt/bin/regen-apiserver-list.sh + Restart=always + RestartSec=30 - name: net-advertiser.service command: start content: | From 75dac16c34b02d32368e622a71c0809db7d3170f Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 4 May 2015 23:44:27 -0700 Subject: [PATCH 2/9] leverage $public_ip4 for apiserver communication --- .../rackspace/cloud-config/master-cloud-config.yaml | 2 +- .../rackspace/cloud-config/minion-cloud-config.yaml | 10 +++++----- cluster/rackspace/util.sh | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cluster/rackspace/cloud-config/master-cloud-config.yaml b/cluster/rackspace/cloud-config/master-cloud-config.yaml index ae449178f61..6a7214c28c6 100644 --- a/cluster/rackspace/cloud-config/master-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/master-cloud-config.yaml @@ -89,7 +89,7 @@ coreos: Requires=etcd.service After=master-apiserver.service [Service] - ExecStart=/bin/sh -c 'etcdctl set /corekube/apiservers/$private_ipv4 $private_ipv4' + ExecStart=/bin/sh -c 'etcdctl set /corekube/apiservers/$public_ipv4 $public_ipv4' Restart=always RestartSec=120 - name: master-controller-manager.service diff --git a/cluster/rackspace/cloud-config/minion-cloud-config.yaml b/cluster/rackspace/cloud-config/minion-cloud-config.yaml index c55a63a3ad7..aba5ee0361b 100644 --- a/cluster/rackspace/cloud-config/minion-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/minion-cloud-config.yaml @@ -19,7 +19,7 @@ write_files: m=$(echo $(etcdctl ls --recursive /corekube/apiservers | cut -d/ -f4 | sort) | tr ' ' ,) mkdir -p /run/kubelet echo "APISERVER_IPS=$m" > /run/kubelet/apiservers.env - echo "FIRST_APISERVER_URL=http://${m%%\,*}:7080" >> /run/kubelet/apiservers.env + echo "FIRST_APISERVER_URL=http://${m%%\,*}:6443" >> /run/kubelet/apiservers.env - path: /opt/bin/download-release.sh permissions: 0755 content: | @@ -75,9 +75,9 @@ coreos: After=download-release.service Requires=download-release.service [Service] - EnvironmentFile=/run/kubelet/apiserver.env + EnvironmentFile=/run/kubelet/apiservers.env ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kubelet /opt/bin/kubelet - ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --api_servers=$FIRST_APISERVER_URL --logtostderr=true --config=/opt/kubernetes-manifests --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN + ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --api_servers=${FIRST_APISERVER_URL} --logtostderr=true --config=/opt/kubernetes-manifests --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN Restart=always RestartSec=2 - name: minion-proxy.service @@ -93,9 +93,9 @@ coreos: After=download-release.service Requires=download-release.service [Service] - EnvironmentFile=/run/kubelet/apiserver.env + EnvironmentFile=/run/kubelet/apiservers.env ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-proxy /opt/bin/kube-proxy - ExecStart=/opt/bin/kube-proxy --bind_address=$private_ipv4 --master=$FIRST_APISERVER_URL --logtostderr=true + ExecStart=/opt/bin/kube-proxy --bind_address=$private_ipv4 --master=${FIRST_APISERVER_URL} --logtostderr=true Restart=always RestartSec=2 - name: kubelet-sighup.path diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh index 2f7553fdc78..eff0161e4fb 100644 --- a/cluster/rackspace/util.sh +++ b/cluster/rackspace/util.sh @@ -60,7 +60,7 @@ get-password() { get-kubeconfig-basicauth if [[ -z "${KUBE_USER}" || -z "${KUBE_PASSWORD}" ]]; then KUBE_USER=admin - KUBE_PASSWORD=$(python -c 'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))') + KUBE_PASSWORD=$(python2.7 -c 'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))') fi } @@ -276,7 +276,7 @@ kube-up() { trap "rm -rf ${KUBE_TEMP}" EXIT get-password - python $(dirname $0)/../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $KUBE_USER $KUBE_PASSWORD + python2.7 $(dirname $0)/../third_party/htpasswd/htpasswd.py -b -c ${KUBE_TEMP}/htpasswd $KUBE_USER $KUBE_PASSWORD HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd) rax-nova-network From b2aa089df07618ad2d1da89ad4d489986dbd3949 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Sat, 21 Mar 2015 23:34:35 -0500 Subject: [PATCH 3/9] fix download-release.sh Download-release.sh was overwriting previous downloads even if the temp URL had expired which resulted in the release and binaries being overriden. --- .../cloud-config/master-cloud-config.yaml | 17 ++++++++++++----- cluster/rackspace/util.sh | 3 ++- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/cluster/rackspace/cloud-config/master-cloud-config.yaml b/cluster/rackspace/cloud-config/master-cloud-config.yaml index 6a7214c28c6..0d171c0dd5f 100644 --- a/cluster/rackspace/cloud-config/master-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/master-cloud-config.yaml @@ -23,12 +23,19 @@ write_files: permissions: 0755 content: | #!/bin/bash + # This temp URL is only good for the length of time specified at cluster creation time. + # Afterward, it will result in a 403. OBJECT_URL="CLOUD_FILES_URL" - echo "Downloading release ($OBJECT_URL)" - wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz - echo "Unpacking release" - rm -rf /opt/kubernetes || false - tar xzf /opt/kubernetes.tar.gz -C /opt/ + if [ ! -s /opt/kubernetes.tar.gz ] + then + echo "Downloading release ($OBJECT_URL)" + wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz + echo "Unpacking release" + rm -rf /opt/kubernetes || false + tar xzf /opt/kubernetes.tar.gz -C /opt/ + else + echo "kubernetes release found. Skipping download." + fi - path: /opt/.kubernetes_auth permissions: 0600 content: | diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh index eff0161e4fb..50d7663c007 100644 --- a/cluster/rackspace/util.sh +++ b/cluster/rackspace/util.sh @@ -106,7 +106,8 @@ find-object-url() { KUBE_TAR=${CLOUDFILES_CONTAINER}/${CONTAINER_PREFIX}/kubernetes-server-linux-amd64.tar.gz - RELEASE_TMP_URL=$(swiftly -A ${OS_AUTH_URL} -U ${OS_USERNAME} -K ${OS_PASSWORD} tempurl GET ${KUBE_TAR}) + # Create temp URL good for 24 hours + RELEASE_TMP_URL=$(swiftly -A ${OS_AUTH_URL} -U ${OS_USERNAME} -K ${OS_PASSWORD} tempurl GET ${KUBE_TAR} 86400 ) echo "cluster/rackspace/util.sh: Object temp URL:" echo -e "\t${RELEASE_TMP_URL}" From 6ae14b3630fa256e9eb5435411af14893753678a Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 4 May 2015 14:44:06 -0700 Subject: [PATCH 4/9] add initial support for flannel --- .../cloud-config/minion-cloud-config.yaml | 115 ++++++------------ cluster/rackspace/config-default.sh | 2 +- 2 files changed, 38 insertions(+), 79 deletions(-) diff --git a/cluster/rackspace/cloud-config/minion-cloud-config.yaml b/cluster/rackspace/cloud-config/minion-cloud-config.yaml index aba5ee0361b..f9a379b2bed 100644 --- a/cluster/rackspace/cloud-config/minion-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/minion-cloud-config.yaml @@ -1,17 +1,6 @@ #cloud-config write_files: - - path: /opt/bin/kube-net-update.sh - permissions: 0755 - content: | - #!/bin/sh - set -x -e - nh=${ETCD_WATCH_KEY##*/} - net=$ETCD_WATCH_VALUE - case $ETCD_WATCH_ACTION in - set) ip route replace $net via $nh dev eth2 metric 900 ;; - expire) ip route del $net via $nh metric 900 ;; - esac - path: /opt/bin/regen-apiserver-list.sh permissions: 0755 content: | @@ -24,12 +13,19 @@ write_files: permissions: 0755 content: | #!/bin/bash + # This temp URL is only good for the length of time specified at cluster creation time. + # Afterward, it will result in a 403. OBJECT_URL="CLOUD_FILES_URL" - echo "Downloading release ($OBJECT_URL)" - wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz - echo "Unpacking release" - rm -rf /opt/kubernetes || false - tar xzf /opt/kubernetes.tar.gz -C /opt/ + if [ ! -s /opt/kubernetes.tar.gz ] + then + echo "Downloading release ($OBJECT_URL)" + wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz + echo "Unpacking release" + rm -rf /opt/kubernetes || false + tar xzf /opt/kubernetes.tar.gz -C /opt/ + else + echo "kubernetes release found. Skipping download." + fi coreos: etcd: @@ -51,6 +47,31 @@ coreos: command: start - name: fleet.service command: start + - name: flanneld.service + command: start + drop-ins: + - name: 50-network-config.conf + content: | + [Service] + ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{ "Network": "10.240.0.0/16", "Backend": {"Type": "host-gw"}}' + ExecStart= + ExecStart=/usr/libexec/sdnotify-proxy /run/flannel/sd.sock \ + /usr/bin/docker run --net=host --privileged=true --rm \ + --volume=/run/flannel:/run/flannel \ + --env=NOTIFY_SOCKET=/run/flannel/sd.sock \ + --env-file=/run/flannel/options.env \ + --volume=${ETCD_SSL_DIR}:/etc/ssl/etcd:ro \ + quay.io/coreos/flannel:${FLANNEL_VER} /opt/bin/flanneld -etcd-endpoints http://127.0.0.1:4001 --ip-masq=true --iface=eth2 + - name: docker.service + command: start + drop-ins: + - name: 51-docker-mirror.conf + content: | + [Unit] + # making sure that flanneld finished startup, otherwise containers + # won't land in flannel's network... + Requires=flanneld.service + After=flanneld.service - name: download-release.service command: start content: | @@ -144,30 +165,6 @@ coreos: ExecStart=/usr/bin/etcdctl exec-watch --recursive /corekube/apiservers -- /opt/bin/regen-apiserver-list.sh Restart=always RestartSec=30 - - name: net-advertiser.service - command: start - content: | - [Unit] - Description=Kubernetes Network Advertiser - After=etcd.service - Requires=etcd.service - After=minion-kubelet.service - [Service] - ExecStart=/bin/sh -c 'eth2_ip=$$(ip -o -f inet a show dev eth2 | sed "s/.* inet \([0-9.]\+\).*/\1/"); while :; do etcdctl set /corekube/net/$$eth2_ip 10.240.INDEX.0/24 --ttl 300; sleep 120; done' - Restart=always - RestartSec=120 - - name: net-router.service - command: start - content: | - [Unit] - Description=Kubernetes Network Router - After=etcd.service - Requires=etcd.service - After=minion-kubelet.service - [Service] - ExecStart=/usr/bin/etcdctl exec-watch --recursive /corekube/net -- /opt/bin/kube-net-update.sh - Restart=always - RestartSec=120 - name: cbr0.netdev command: start content: | @@ -193,41 +190,3 @@ coreos: ExecStart=/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 10.240.INDEX.0/24 -j MASQUERADE RemainAfterExit=yes Type=oneshot - - name: docker.service - command: start - content: | - [Unit] - After=network.target - Description=Docker Application Container Engine - Documentation=http://docs.docker.io - - [Service] - ExecStartPre=/bin/mount --make-rprivate / - ExecStart=/usr/bin/docker -d -H fd:// -b cbr0 --iptables=false - Restart=always - RestartSec=30 - - [Install] - WantedBy=multi-user.target - - name: format-data.service - command: start - content: | - [Unit] - Description=Formats data drive - [Service] - Type=oneshot - RemainAfterExit=yes - ExecStart=/usr/sbin/wipefs -f /dev/xvde1 - ExecStart=/usr/sbin/mkfs.btrfs -f /dev/xvde1 - - name: var-lib-docker-volumes.mount - command: start - content: | - [Unit] - Description=Mount data drive to /var/lib/docker/volumes - Requires=format-data.service - After=format-data.service - Before=docker.service - [Mount] - What=/dev/xvde1 - Where=/var/lib/docker/volumes - Type=btrfs diff --git a/cluster/rackspace/config-default.sh b/cluster/rackspace/config-default.sh index 9092a7f1f8c..cc5003ac01f 100644 --- a/cluster/rackspace/config-default.sh +++ b/cluster/rackspace/config-default.sh @@ -19,7 +19,7 @@ # KUBE_IMAGE, KUBE_MASTER_FLAVOR, KUBE_MINION_FLAVOR, NUM_MINIONS, NOVA_NETWORK and SSH_KEY_NAME # Shared -KUBE_IMAGE="${KUBE_IMAGE-b63e1435-a46f-4726-b984-e3f15ae92753}" # CoreOS(Beta) +KUBE_IMAGE="${KUBE_IMAGE-28ff3081-8312-42dd-8ec3-a82148cbbe6b}" # CoreOS(Beta) SSH_KEY_NAME="${SSH_KEY_NAME-id_kubernetes}" NOVA_NETWORK_LABEL="kubernetes-pool-net" NOVA_NETWORK_CIDR="${NOVA_NETWORK-192.168.0.0/24}" From 6968074c90f8cbc697ea1dcf26d14d4acbd553ac Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Tue, 5 May 2015 15:14:19 -0700 Subject: [PATCH 5/9] remove manifest config and bump rax coreos image --- cluster/rackspace/cloud-config/minion-cloud-config.yaml | 2 +- cluster/rackspace/config-default.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/rackspace/cloud-config/minion-cloud-config.yaml b/cluster/rackspace/cloud-config/minion-cloud-config.yaml index f9a379b2bed..d01fd1f8137 100644 --- a/cluster/rackspace/cloud-config/minion-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/minion-cloud-config.yaml @@ -98,7 +98,7 @@ coreos: [Service] EnvironmentFile=/run/kubelet/apiservers.env ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kubelet /opt/bin/kubelet - ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --api_servers=${FIRST_APISERVER_URL} --logtostderr=true --config=/opt/kubernetes-manifests --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN + ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --api_servers=${FIRST_APISERVER_URL} --logtostderr=true --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN Restart=always RestartSec=2 - name: minion-proxy.service diff --git a/cluster/rackspace/config-default.sh b/cluster/rackspace/config-default.sh index cc5003ac01f..aa6be717f2a 100644 --- a/cluster/rackspace/config-default.sh +++ b/cluster/rackspace/config-default.sh @@ -19,7 +19,7 @@ # KUBE_IMAGE, KUBE_MASTER_FLAVOR, KUBE_MINION_FLAVOR, NUM_MINIONS, NOVA_NETWORK and SSH_KEY_NAME # Shared -KUBE_IMAGE="${KUBE_IMAGE-28ff3081-8312-42dd-8ec3-a82148cbbe6b}" # CoreOS(Beta) +KUBE_IMAGE="${KUBE_IMAGE-2c210e44-5149-4ae3-83d6-f855a4d28490}" # CoreOS(Beta) SSH_KEY_NAME="${SSH_KEY_NAME-id_kubernetes}" NOVA_NETWORK_LABEL="kubernetes-pool-net" NOVA_NETWORK_CIDR="${NOVA_NETWORK-192.168.0.0/24}" From 16a448082fc5347b607b4d04c3c1841060bfd2c8 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Wed, 6 May 2015 20:48:30 -0500 Subject: [PATCH 6/9] add functions to generate tokens --- cluster/rackspace/authorization.sh | 36 +++++++++++++++++ .../cloud-config/master-cloud-config.yaml | 2 +- cluster/rackspace/util.sh | 39 ++++++++++++++++--- 3 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 cluster/rackspace/authorization.sh diff --git a/cluster/rackspace/authorization.sh b/cluster/rackspace/authorization.sh new file mode 100644 index 00000000000..61ff97974b1 --- /dev/null +++ b/cluster/rackspace/authorization.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Copyright 2015 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create generic token following GCE standard +create_token() { + echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null) +} + +get_token_from_csv() { + KUBE_BEARER_TOKEN=$(awk -F, '/admin/ {print $1}' ${KUBE_TEMP}/${1}_tokens.csv) + KUBELET_TOKEN=$(awk -F, '/kubelet/ {print $1}' ${KUBE_TEMP}/${1}_tokens.csv) + KUBE_PROXY_TOKEN=$(awk -F, '/kube_proxy/ {print $1}' ${KUBE_TEMP}/${1}_tokens.csv) +} + +generate_admin_token() { + echo "$(create_token),admin,admin" >> ${KUBE_TEMP}/${1}_tokens.csv +} + +# Creates a csv file each time called (i.e one per kubelet). +generate_kubelet_tokens() { + echo "$(create_token),kubelet,kubelet" > ${KUBE_TEMP}/${1}_tokens.csv + echo "$(create_token),kube_proxy,kube_proxy" >> ${KUBE_TEMP}/${1}_tokens.csv +} diff --git a/cluster/rackspace/cloud-config/master-cloud-config.yaml b/cluster/rackspace/cloud-config/master-cloud-config.yaml index 0d171c0dd5f..e23f0e5d64b 100644 --- a/cluster/rackspace/cloud-config/master-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/master-cloud-config.yaml @@ -84,7 +84,7 @@ coreos: Requires=download-release.service [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-apiserver /opt/bin/kube-apiserver - ExecStart=/opt/bin/kube-apiserver --address=127.0.0.1 --port=8080 --etcd_servers=http://127.0.0.1:4001 --portal_net=PORTAL_NET --logtostderr=true --cloud_provider=rackspace --cloud_config=/etc/cloud.conf --v=2 + ExecStart=/opt/bin/kube-apiserver --token-auth-file=/var/lib/kubernetes/apiserver/known_tokens.csv --address=127.0.0.1 --port=8080 --etcd_servers=http://127.0.0.1:4001 --portal_net=PORTAL_NET --logtostderr=true --cloud_provider=rackspace --cloud_config=/etc/cloud.conf --v=2 Restart=always RestartSec=2 - name: apiserver-advertiser.service diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh index 50d7663c007..e9caa8a8e31 100644 --- a/cluster/rackspace/util.sh +++ b/cluster/rackspace/util.sh @@ -21,6 +21,7 @@ KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../.. source $(dirname ${BASH_SOURCE})/${KUBE_CONFIG_FILE-"config-default.sh"} source "${KUBE_ROOT}/cluster/common.sh" +source "${KUBE_ROOT}/cluster/rackspace/authorization.sh" verify-prereqs() { # Make sure that prerequisites are installed. @@ -129,10 +130,29 @@ copy_dev_tarballs() { echo "cluster/rackspace/util.sh: Uploading to Cloud Files" ${SWIFTLY_CMD} put -i ${RELEASE_DIR}/kubernetes-server-linux-amd64.tar.gz \ ${CLOUDFILES_CONTAINER}/${CONTAINER_PREFIX}/kubernetes-server-linux-amd64.tar.gz > /dev/null 2>&1 - + echo "Release pushed." } +prep_known_tokens() { + for (( i=0; i<${#MINION_NAMES[@]}; i++)); do + generate_kubelet_tokens ${MINION_NAMES[i]} + cat ${KUBE_TEMP}/${MINION_NAMES[i]}_token.csv >> ${KUBE_TEMP}/known_tokens.csv + done + + # Generate tokens for other "service accounts". Append to known_tokens. + # + # NB: If this list ever changes, this script actually has to + # change to detect the existence of this file, kill any deleted + # old tokens and add any new tokens (to handle the upgrade case). + local -r service_accounts=("system:scheduler" "system:controller_manager" "system:logging" "system:monitoring" "system:dns") + for account in "${service_accounts[@]}"; do + echo "$(create_token),${account},${account}" >> ${KUBE_TEMP}/known_tokens.csv + done + + generate_admin_token +} + rax-boot-master() { DISCOVERY_URL=$(curl https://discovery.etcd.io/new) @@ -160,6 +180,7 @@ rax-boot-master() { --meta ${MASTER_TAG} \ --meta ETCD=${DISCOVERY_ID} \ --user-data ${KUBE_TEMP}/master-cloud-config.yaml \ +--file /var/lib/kubernetes/apiserver/known_tokens.csv=${KUBE_TEMP}/known_tokens.csv \ --config-drive true \ --nic net-id=${NETWORK_UUID} \ ${MASTER_NAME}" @@ -176,15 +197,19 @@ rax-boot-minions() { for (( i=0; i<${#MINION_NAMES[@]}; i++)); do + get_tokens_from_csv ${MINION_NAMES[i]} + sed -e "s|DISCOVERY_ID|${DISCOVERY_ID}|" \ - -e "s|INDEX|$((i + 1))|g" \ -e "s|CLOUD_FILES_URL|${RELEASE_TMP_URL//&/\\&}|" \ - -e "s|ENABLE_NODE_MONITORING|${ENABLE_NODE_MONITORING:-false}|" \ - -e "s|ENABLE_NODE_LOGGING|${ENABLE_NODE_LOGGING:-false}|" \ - -e "s|LOGGING_DESTINATION|${LOGGING_DESTINATION:-}|" \ - -e "s|ENABLE_CLUSTER_DNS|${ENABLE_CLUSTER_DNS:-false}|" \ -e "s|DNS_SERVER_IP|${DNS_SERVER_IP:-}|" \ -e "s|DNS_DOMAIN|${DNS_DOMAIN:-}|" \ + -e "s|ENABLE_CLUSTER_DNS|${ENABLE_CLUSTER_DNS:-false}|" \ + -e "s|ENABLE_NODE_MONITORING|${ENABLE_NODE_MONITORING:-false}|" \ + -e "s|ENABLE_NODE_LOGGING|${ENABLE_NODE_LOGGING:-false}|" \ + -e "s|INDEX|$((i + 1))|g" \ + -e "s|KUBE_BEARER_TOKEN|${KUBE_BEARER_TOKEN}|" \ + -e "s|KUBE_PROXY_TOKEN|${KUBE_PROXY_TOKEN}|" \ + -e "s|LOGGING_DESTINATION|${LOGGING_DESTINATION:-}|" \ $(dirname $0)/rackspace/cloud-config/minion-cloud-config.yaml > $KUBE_TEMP/minion-cloud-config-$(($i + 1)).yaml @@ -287,6 +312,8 @@ kube-up() { rax-ssh-key echo "cluster/rackspace/util.sh: Starting Cloud Servers" + prep_known_tokens + rax-boot-master rax-boot-minions From 1e8ee4d1f1e5ec52aab91f197e66027952021fde Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Fri, 8 May 2015 16:13:11 -0500 Subject: [PATCH 7/9] minor fixes to get a working cluster --- .../cloud-config/master-cloud-config.yaml | 58 ++++++++++----- .../cloud-config/minion-cloud-config.yaml | 73 ++++++++++++++----- cluster/rackspace/config-default.sh | 2 +- cluster/rackspace/util.sh | 5 +- 4 files changed, 97 insertions(+), 41 deletions(-) diff --git a/cluster/rackspace/cloud-config/master-cloud-config.yaml b/cluster/rackspace/cloud-config/master-cloud-config.yaml index e23f0e5d64b..83e09db30b7 100644 --- a/cluster/rackspace/cloud-config/master-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/master-cloud-config.yaml @@ -72,7 +72,7 @@ coreos: Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/bash /opt/bin/download-release.sh - - name: master-apiserver.service + - name: kube-apiserver.service command: start content: | [Unit] @@ -84,9 +84,20 @@ coreos: Requires=download-release.service [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-apiserver /opt/bin/kube-apiserver - ExecStart=/opt/bin/kube-apiserver --token-auth-file=/var/lib/kubernetes/apiserver/known_tokens.csv --address=127.0.0.1 --port=8080 --etcd_servers=http://127.0.0.1:4001 --portal_net=PORTAL_NET --logtostderr=true --cloud_provider=rackspace --cloud_config=/etc/cloud.conf --v=2 + ExecStartPre=/usr/bin/mkdir -p /var/lib/kube-apiserver + ExecStartPre=/usr/bin/cp /media/configdrive/openstack/content/0000 /var/lib/kube-apiserver/known_tokens.csv + ExecStart=/opt/bin/kube-apiserver \ + --address=127.0.0.1 \ + --cloud_provider=rackspace \ + --cloud_config=/etc/cloud.conf \ + --etcd_servers=http://127.0.0.1:4001 \ + --logtostderr=true \ + --port=8080 \ + --portal_net=PORTAL_NET \ + --token-auth-file=/var/lib/kube-apiserver/known_tokens.csv \ + --v=2 Restart=always - RestartSec=2 + RestartSec=5 - name: apiserver-advertiser.service command: start content: | @@ -99,7 +110,7 @@ coreos: ExecStart=/bin/sh -c 'etcdctl set /corekube/apiservers/$public_ipv4 $public_ipv4' Restart=always RestartSec=120 - - name: master-controller-manager.service + - name: kube-controller-manager.service command: start content: | [Unit] @@ -107,14 +118,19 @@ coreos: Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network-online.target Requires=network-online.target - After=master-apiserver.service - Requires=master-apiserver.service + After=kube-apiserver.service + Requires=kube-apiserver.service [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-controller-manager /opt/bin/kube-controller-manager - ExecStart=/opt/bin/kube-controller-manager --master=127.0.0.1:8080 --logtostderr=true --cloud_provider=rackspace --cloud_config=/etc/cloud.conf --v=2 + ExecStart=/opt/bin/kube-controller-manager \ + --cloud_provider=rackspace \ + --cloud_config=/etc/cloud.conf \ + --logtostderr=true \ + --master=127.0.0.1:8080 \ + --v=2 Restart=always - RestartSec=2 - - name: master-scheduler.service + RestartSec=5 + - name: kube-scheduler.service command: start content: | [Unit] @@ -122,27 +138,33 @@ coreos: Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network-online.target Requires=network-online.target - After=master-apiserver.service - Requires=master-apiserver.service + After=kube-apiserver.service + Requires=kube-apiserver.service [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-scheduler /opt/bin/kube-scheduler - ExecStart=/opt/bin/kube-scheduler --master=127.0.0.1:8080 --logtostderr=true + ExecStart=/opt/bin/kube-scheduler \ + --logtostderr=true \ + --master=127.0.0.1:8080 Restart=always - RestartSec=10 - - name: master-register.service + RestartSec=5 + - name: kube-register.service command: start content: | [Unit] Description=Kubernetes Registration Service Documentation=https://github.com/kelseyhightower/kube-register - + Requires=kube-apiserver.service + After=kube-apiserver.service + Requires=fleet.service + After=fleet.service [Service] - ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes/kube-register + ExecStartPre=/usr/bin/curl -L -o /opt/bin/kube-register -z /opt/bin/kube-register https://github.com/kelseyhightower/kube-register/releases/download/v0.0.3/kube-register-0.0.3-linux-amd64 ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-register ExecStart=/opt/bin/kube-register \ - --metadata=kubernetes_role=minion \ + --api-endpoint=http://127.0.0.1:8080 \ --fleet-endpoint=unix:///var/run/fleet.sock \ - --api-endpoint=http://127.0.0.1:8080 + --healthz-port=10248 \ + --metadata=kubernetes_role=minion Restart=always RestartSec=10 #Running nginx service with --net="host" is a necessary evil until running all k8s services in docker. diff --git a/cluster/rackspace/cloud-config/minion-cloud-config.yaml b/cluster/rackspace/cloud-config/minion-cloud-config.yaml index d01fd1f8137..dce60807b20 100644 --- a/cluster/rackspace/cloud-config/minion-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/minion-cloud-config.yaml @@ -8,7 +8,7 @@ write_files: m=$(echo $(etcdctl ls --recursive /corekube/apiservers | cut -d/ -f4 | sort) | tr ' ' ,) mkdir -p /run/kubelet echo "APISERVER_IPS=$m" > /run/kubelet/apiservers.env - echo "FIRST_APISERVER_URL=http://${m%%\,*}:6443" >> /run/kubelet/apiservers.env + echo "FIRST_APISERVER_URL=https://${m%%\,*}:6443" >> /run/kubelet/apiservers.env - path: /opt/bin/download-release.sh permissions: 0755 content: | @@ -26,6 +26,37 @@ write_files: else echo "kubernetes release found. Skipping download." fi + - path: /run/setup-auth.sh + permissions: 0755 + content: | + #!/bin/bash -e + set -x + /usr/bin/mkdir -p /var/lib/kubelet + /bin/echo "{\"BearerToken\": \"KUBE_BEARER_TOKEN\", \"Insecure\": true }" > /var/lib/kubelet/kubernetes_auth + - path: /run/config-kube-proxy.sh + permissions: 0755 + content: | + #!/bin/bash -e + set -x + /usr/bin/mkdir -p /var/lib/kube-proxy + cat > /var/lib/kube-proxy/kubeconfig << EOF + apiVersion: v1 + kind: Config + users: + - name: kube-proxy + user: + token: KUBE_PROXY_TOKEN + clusters: + - name: local + cluster: + insecure-skip-tls-verify: true + contexts: + - context: + cluster: local + user: kube-proxy + name: service-account-context + current-context: service-account-context + EOF coreos: etcd: @@ -53,7 +84,7 @@ coreos: - name: 50-network-config.conf content: | [Service] - ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{ "Network": "10.240.0.0/16", "Backend": {"Type": "host-gw"}}' + ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{ "Network": "KUBE_NETWORK", "Backend": {"Type": "host-gw"}}' ExecStart= ExecStart=/usr/libexec/sdnotify-proxy /run/flannel/sd.sock \ /usr/bin/docker run --net=host --privileged=true --rm \ @@ -83,7 +114,7 @@ coreos: Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/bash /opt/bin/download-release.sh - - name: minion-kubelet.service + - name: kubelet.service command: start content: | [Unit] @@ -97,11 +128,20 @@ coreos: Requires=download-release.service [Service] EnvironmentFile=/run/kubelet/apiservers.env + ExecStartPre=/run/setup-auth.sh ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kubelet /opt/bin/kubelet - ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --api_servers=${FIRST_APISERVER_URL} --logtostderr=true --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN + ExecStart=/opt/bin/kubelet \ + --address=$private_ipv4 \ + --api_servers=${FIRST_APISERVER_URL} \ + --cluster_dns=DNS_SERVER_IP \ + --cluster_domain=DNS_DOMAIN \ + --healthz-bind-address=$private_ipv4 \ + --hostname_override=$private_ipv4 \ + --logtostderr=true \ + --v=2 Restart=always - RestartSec=2 - - name: minion-proxy.service + RestartSec=5 + - name: kube-proxy.service command: start content: | [Unit] @@ -115,10 +155,15 @@ coreos: Requires=download-release.service [Service] EnvironmentFile=/run/kubelet/apiservers.env + ExecStartPre=/run/config-kube-proxy.sh ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-proxy /opt/bin/kube-proxy - ExecStart=/opt/bin/kube-proxy --bind_address=$private_ipv4 --master=${FIRST_APISERVER_URL} --logtostderr=true + ExecStart=/opt/bin/kube-proxy \ + --bind_address=$private_ipv4 \ + --kubeconfig=/var/lib/kube-proxy/kubeconfig \ + --logtostderr=true \ + --master=${FIRST_APISERVER_URL} Restart=always - RestartSec=2 + RestartSec=5 - name: kubelet-sighup.path command: start content: | @@ -139,18 +184,6 @@ coreos: content: | [Service] ExecStart=/usr/bin/pkill -SIGHUP -f kube-proxy - - name: minion-advertiser.service - command: start - content: | - [Unit] - Description=Kubernetes Minion Advertiser - After=etcd.service - Requires=etcd.service - After=minion-kubelet.service - [Service] - ExecStart=/bin/sh -c 'while :; do etcdctl set /corekube/minions/$private_ipv4 $private_ipv4 --ttl 300; sleep 120; done' - Restart=always - RestartSec=120 - name: apiserver-finder.service command: start content: | diff --git a/cluster/rackspace/config-default.sh b/cluster/rackspace/config-default.sh index aa6be717f2a..6cc4fc918aa 100644 --- a/cluster/rackspace/config-default.sh +++ b/cluster/rackspace/config-default.sh @@ -35,7 +35,7 @@ KUBE_MINION_FLAVOR="${KUBE_MINION_FLAVOR-performance1-2}" RAX_NUM_MINIONS="${RAX_NUM_MINIONS-4}" MINION_TAG="tags=${INSTANCE_PREFIX}-minion" MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${RAX_NUM_MINIONS}})) -KUBE_NETWORK=($(eval echo "10.240.{1..${RAX_NUM_MINIONS}}.0/24")) +KUBE_NETWORK="10.240.0.0/16" PORTAL_NET="10.0.0.0/16" # Optional: Install node monitoring. diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh index e9caa8a8e31..a1490ee2234 100644 --- a/cluster/rackspace/util.sh +++ b/cluster/rackspace/util.sh @@ -137,7 +137,7 @@ copy_dev_tarballs() { prep_known_tokens() { for (( i=0; i<${#MINION_NAMES[@]}; i++)); do generate_kubelet_tokens ${MINION_NAMES[i]} - cat ${KUBE_TEMP}/${MINION_NAMES[i]}_token.csv >> ${KUBE_TEMP}/known_tokens.csv + cat ${KUBE_TEMP}/${MINION_NAMES[i]}_tokens.csv >> ${KUBE_TEMP}/known_tokens.csv done # Generate tokens for other "service accounts". Append to known_tokens. @@ -180,7 +180,7 @@ rax-boot-master() { --meta ${MASTER_TAG} \ --meta ETCD=${DISCOVERY_ID} \ --user-data ${KUBE_TEMP}/master-cloud-config.yaml \ ---file /var/lib/kubernetes/apiserver/known_tokens.csv=${KUBE_TEMP}/known_tokens.csv \ +--file /var/lib/kube-apiserver/known_tokens.csv=${KUBE_TEMP}/known_tokens.csv \ --config-drive true \ --nic net-id=${NETWORK_UUID} \ ${MASTER_NAME}" @@ -208,6 +208,7 @@ rax-boot-minions() { -e "s|ENABLE_NODE_LOGGING|${ENABLE_NODE_LOGGING:-false}|" \ -e "s|INDEX|$((i + 1))|g" \ -e "s|KUBE_BEARER_TOKEN|${KUBE_BEARER_TOKEN}|" \ + -e "s|KUBE_NETWORK|${KUBE_NETWORK}|" \ -e "s|KUBE_PROXY_TOKEN|${KUBE_PROXY_TOKEN}|" \ -e "s|LOGGING_DESTINATION|${LOGGING_DESTINATION:-}|" \ $(dirname $0)/rackspace/cloud-config/minion-cloud-config.yaml > $KUBE_TEMP/minion-cloud-config-$(($i + 1)).yaml From 0205c27c5043ca828ca2313e0be5aa83894ed7c8 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Fri, 8 May 2015 16:59:32 -0500 Subject: [PATCH 8/9] update rackspace README --- docs/getting-started-guides/README.md | 1 + docs/getting-started-guides/rackspace.md | 39 +++++++++++++----------- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/docs/getting-started-guides/README.md b/docs/getting-started-guides/README.md index 0ac71567876..fccc08db0e0 100644 --- a/docs/getting-started-guides/README.md +++ b/docs/getting-started-guides/README.md @@ -39,6 +39,7 @@ Docker Multi Node | Flannel| N/A | local | [docs](docker-multino Local | | | _none_ | [docs](../../docs/getting-started-guides/locally.md) | Community (@preillyme) | libvirt/KVM | CoreOS | CoreOS | libvirt/KVM | [docs](../../docs/getting-started-guides/libvirt-coreos.md) | Community (@lhuard1A) | oVirt | | | | [docs](../../docs/getting-started-guides/ovirt.md) | Community (@simon3z) | +Rackspace | CoreOS | CoreOS | flannel | [docs](../../docs/getting-started-guides/rackspace.md) | Community (@doublerr) | use k8s version 0.16.2 *Note*: The above table is ordered by version test/used in notes followed by support level. diff --git a/docs/getting-started-guides/rackspace.md b/docs/getting-started-guides/rackspace.md index aaefb8b2c73..31e59cb3f4b 100644 --- a/docs/getting-started-guides/rackspace.md +++ b/docs/getting-started-guides/rackspace.md @@ -1,25 +1,27 @@ -# Status: Out Of Date - -** Rackspace support is out of date. Please check back later ** - # Rackspace -In general, the dev-build-and-up.sh workflow for Rackspace is the similar to GCE. The specific implementation is different due to the use of CoreOS, Rackspace Cloud Files and network design. + +* Supported Version: v0.16.2 + * `git checkout v0.16.2` + +In general, the dev-build-and-up.sh workflow for Rackspace is the similar to GCE. The specific implementation is different due to the use of CoreOS, Rackspace Cloud Files and the overall network design. These scripts should be used to deploy development environments for Kubernetes. If your account leverages RackConnect or non-standard networking, these scripts will most likely not work without modification. -NOTE: The rackspace scripts do NOT rely on `saltstack`. +NOTE: The rackspace scripts do NOT rely on `saltstack` and instead rely on cloud-init for configuration. The current cluster design is inspired by: - [corekube](https://github.com/metral/corekube/) - [Angus Lees](https://github.com/anguslees/kube-openstack/) ## Prerequisites -1. You need to have both `nova` and `swiftly` installed. It's recommended to use a python virtualenv to install these packages into. -2. Make sure you have the appropriate environment variables set to interact with the OpenStack APIs. See [Rackspace Documentation](http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/section_gs_install_nova.html) for more details. +1. Python2.7 +2. You need to have both `nova` and `swiftly` installed. It's recommended to use a python virtualenv to install these packages into. +3. Make sure you have the appropriate environment variables set to interact with the OpenStack APIs. See [Rackspace Documentation](http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/section_gs_install_nova.html) for more details. -## Provider: Rackspace -- To use Rackspace as the provider, set the KUBERNETES_PROVIDER ENV variable: - `export KUBERNETES_PROVIDER=rackspace` and run the `bash hack/dev-build-and-up.sh` script. +##Provider: Rackspace + +- To install the latest released version of kubernetes use `export KUBERNETES_PROVIDER=rackspace; wget -q -O - https://get.k8s.io | bash` +- To build your own released version from source use `export KUBERNETES_PROVIDER=rackspace` and run the `bash hack/dev-build-and-up.sh` ## Build 1. The kubernetes binaries will be built via the common build scripts in `build/`. @@ -28,18 +30,21 @@ The current cluster design is inspired by: 3. The built `kubernetes-server-linux-amd64.tar.gz` will be uploaded to this container and the URL will be passed to master/minions nodes when booted. ## Cluster -1. There is a specific `cluster/rackspace` directory with the scripts for the following steps: -2. A cloud network will be created and all instances will be attached to this network. We will connect the master API and minion kubelet service via this network. -3. A SSH key will be created and uploaded if needed. This key must be used to ssh into the machines since we won't capture the password. -4. A master and minions will be created via the `nova` CLI. A `cloud-config.yaml` is generated and provided as user-data with the entire configuration for the systems. -5. We then boot as many minions as defined via `$RAX_NUM_MINIONS`. +There is a specific `cluster/rackspace` directory with the scripts for the following steps: +1. A cloud network will be created and all instances will be attached to this network. + - flanneld uses this network for next hop routing. These routes allow the containers running on each node to communicate with one another on this private network. +2. A SSH key will be created and uploaded if needed. This key must be used to ssh into the machines since we won't capture the password. +3. The master server and additional nodes will be created via the `nova` CLI. A `cloud-config.yaml` is generated and provided as user-data with the entire configuration for the systems. +4. We then boot as many nodes as defined via `$RAX_NUM_MINIONS`. ## Some notes: - The scripts expect `eth2` to be the cloud network that the containers will communicate across. - A number of the items in `config-default.sh` are overridable via environment variables. - For older versions please either: + * Sync back to `v0.9` with `git checkout v0.9` + * Download a [snapshot of `v0.9`](https://github.com/GoogleCloudPlatform/kubernetes/archive/v0.9.tar.gz) * Sync back to `v0.3` with `git checkout v0.3` - * Download a [snapshot of `v0.3`](https://github.com/GoogleCloudPlatform/kubernetes/archive/v0.3.tar.gz) + * Download a [snapshot of `v0.3`](https://github.com/GoogleCloudPlatform/kubernetes/archive/v0.3.tar.gz) ## Network Design - eth0 - Public Interface used for servers/containers to reach the internet From 4e2f350bc9877eb3ffbacbf9db56bdcdfc817a90 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Wed, 13 May 2015 21:38:29 -0500 Subject: [PATCH 9/9] rackspace: kube_bearer_token -> kubelet_token --- cluster/rackspace/cloud-config/minion-cloud-config.yaml | 2 +- cluster/rackspace/util.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/rackspace/cloud-config/minion-cloud-config.yaml b/cluster/rackspace/cloud-config/minion-cloud-config.yaml index dce60807b20..badbec83be4 100644 --- a/cluster/rackspace/cloud-config/minion-cloud-config.yaml +++ b/cluster/rackspace/cloud-config/minion-cloud-config.yaml @@ -32,7 +32,7 @@ write_files: #!/bin/bash -e set -x /usr/bin/mkdir -p /var/lib/kubelet - /bin/echo "{\"BearerToken\": \"KUBE_BEARER_TOKEN\", \"Insecure\": true }" > /var/lib/kubelet/kubernetes_auth + /bin/echo "{\"BearerToken\": \"KUBELET_TOKEN\", \"Insecure\": true }" > /var/lib/kubelet/kubernetes_auth - path: /run/config-kube-proxy.sh permissions: 0755 content: | diff --git a/cluster/rackspace/util.sh b/cluster/rackspace/util.sh index a1490ee2234..5ed7a2a4d2c 100644 --- a/cluster/rackspace/util.sh +++ b/cluster/rackspace/util.sh @@ -207,7 +207,7 @@ rax-boot-minions() { -e "s|ENABLE_NODE_MONITORING|${ENABLE_NODE_MONITORING:-false}|" \ -e "s|ENABLE_NODE_LOGGING|${ENABLE_NODE_LOGGING:-false}|" \ -e "s|INDEX|$((i + 1))|g" \ - -e "s|KUBE_BEARER_TOKEN|${KUBE_BEARER_TOKEN}|" \ + -e "s|KUBELET_TOKEN|${KUBELET_TOKEN}|" \ -e "s|KUBE_NETWORK|${KUBE_NETWORK}|" \ -e "s|KUBE_PROXY_TOKEN|${KUBE_PROXY_TOKEN}|" \ -e "s|LOGGING_DESTINATION|${LOGGING_DESTINATION:-}|" \