From 26aa32d32b01c8ab833bcaeef40d7c80d904200d Mon Sep 17 00:00:00 2001 From: Paulo Pires Date: Mon, 19 Sep 2016 16:11:05 +0100 Subject: [PATCH] Reviewed help text, fix typos, go {fmt,vet,lint}. --- cmd/kubeadm/README.md | 49 ++++++++++++++++++++-------- cmd/kubeadm/app/api/types.go | 23 +++++-------- cmd/kubeadm/app/cmd/cmd.go | 9 +++-- cmd/kubeadm/app/cmd/init.go | 28 ++++++++-------- cmd/kubeadm/app/cmd/join.go | 15 +++++---- cmd/kubeadm/app/images/images.go | 14 ++++---- cmd/kubeadm/app/kubeadm.go | 3 -- cmd/kubeadm/app/master/addons.go | 11 ++++--- cmd/kubeadm/app/master/discovery.go | 2 +- cmd/kubeadm/app/master/kubeconfig.go | 2 +- cmd/kubeadm/app/master/manifests.go | 34 ++++++++++--------- cmd/kubeadm/app/master/pki.go | 8 ++--- cmd/kubeadm/app/node/csr.go | 17 +++------- cmd/kubeadm/app/node/discovery.go | 2 +- cmd/kubeadm/app/util/kubeconfig.go | 2 +- 15 files changed, 115 insertions(+), 104 deletions(-) diff --git a/cmd/kubeadm/README.md b/cmd/kubeadm/README.md index a43cde6a89..1b0d43c831 100644 --- a/cmd/kubeadm/README.md +++ b/cmd/kubeadm/README.md @@ -5,42 +5,63 @@ ### `kubeadm init` It's usually enough to run `kubeadm init`, but in some case you might like to override the -default behaviour. +default behaviour. The flags used for said purpose are described below. -- `--token=` +- `--token=` -By default, a token is generated, but if you are to automate cluster deployment, you want to +By default, a token is generated, but if you are to automate cluster deployment, you will want to set the token ahead of time. Read the docs for more information on the token format. -- `--api-advertise-addr=` (multiple values allowed) -- `--api-external-dns-name=` (multiple values allowed) +- `--api-advertise-addresses=` (multiple values are allowed by having multiple flag declarations or multiple values separated by comma) +- `--api-external-dns-names=` (multiple values are allowed by having multiple flag declarations or multiple values separated by comma) -By default, `kubeadm` will auto detect IP address and use that to generate API server certificates. -If you would like to access the API via any external IPs and/or DNS, which it might not be able -to detect, you can use `--api-advertise-addr` and `--api-external-dns-name` to add multiple -different IP addresses and DNS names. +By default, `kubeadm` will auto detect IP addresses and use that to generate API server certificates. +If you would like to access the API via any external IPs and/or hostnames, which it might not be able +to detect, you can use `--api-advertise-addresses` and `--api-external-dns-names` to add multiple +different IP addresses and hostnames (DNS). + +- `--service-cidr=` (default: "100.64.0.0/12") + +By default, `kubeadm` sets `100.64.0.0/12` as the subnet for services. This means when a service is created, its cluster IP, if not manually specified, +will be automatically assigned from the services subnet. If you would like to set a different one, use `--service-cidr`. -- `--service-cidr=` (default: "100.64/12") - `--service-dns-domain=` (default: "cluster.local") -- `--use-hyperkube=` (default: "false") +By default, `kubeadm` sets `cluster.local` as the cluster DNS domain. If you would like to set a different one, use `--service-dns-domain`. + +- `--schedule-workload=` (default: "false") + +By default, `kubeadm` sets the master node kubelet as non-schedulable for workloads. This means the master node won't run your pods. If you want to change that, +use `--schedule-workload=true`. + +- `--cloud-provider=` + +By default, `kubeadm` doesn't perform auto-detection of the current cloud provider. If you want to specify it, use `--cloud-provider`. Possible values are +the ones supported by controller-manager, namely `"aws"`, `"azure"`, `"cloudstack"`, `"gce"`, `"mesos"`, `"openstack"`, `"ovirt"`, `"rackspace"`, `"vsphere"`. ***TODO(phase1+)*** -- `--api-bind-addr=` +- `--api-bind-address=` - `--api-bind-port=` ***TODO(phase2)*** - `--api-bind-loopback-unsecure=` -***TODO(pahse2)*** - - `--prefer-private-network=` - `--prefer-public-network=` ### `kubeadm join` +`kubeadm join` has one mandatory flag, the token used to secure cluster bootstrap, and one mandatory argument, the master IP address. +Here's an example on how to use it: + +`kubeadm join --token=the_secret_token 192.168.1.1` + +- `--token=` + +By default, when `kubeadm init` runs, a token is generated and revealed in the output. That's the token you should use here. + # User Experience Considerations > ***TODO*** _Move this into the design document diff --git a/cmd/kubeadm/app/api/types.go b/cmd/kubeadm/app/api/types.go index c6229a78d9..5ff3638d81 100644 --- a/cmd/kubeadm/app/api/types.go +++ b/cmd/kubeadm/app/api/types.go @@ -20,10 +20,10 @@ import ( "net" ) +// KubeadmConfig TODO add description type KubeadmConfig struct { InitFlags JoinFlags - ManualFlags Secrets struct { GivenToken string // dot-separated `.` set by the user TokenID string // optional on master side, will be generated if not specified @@ -33,19 +33,20 @@ type KubeadmConfig struct { EnvParams map[string]string // TODO(phase2) this is likely to be come componentconfig } -// TODO(phase2) should we add validatin funcs on these structs? +// TODO(phase2) should we add validation functions for these structs? +// InitFlags holds values for "kubeadm init" command flags. type InitFlags struct { API struct { - AdvertiseAddrs []net.IP - ExternalDNSName []string + AdvertiseAddrs []net.IP + ExternalDNSNames []string } Services struct { CIDR net.IPNet DNSDomain string } CloudProvider string - Schedulable bool + Schedulable bool } const ( @@ -77,20 +78,14 @@ func init() { } } +// JoinFlags holds values for "kubeadm join" command flags. type JoinFlags struct { MasterAddrs []net.IP } -// TODO(phase1?) we haven't decided whether manual sub commands should get merged into main commands... -type ManualFlags struct { - ApiServerURLs string // comma separated - CaCertFile string - BearerToken string // set based on Token - ListenIP net.IP // optional IP for master to listen on, rather than autodetect -} - +// ClusterInfo TODO add description type ClusterInfo struct { - // TODO(pahse1?) this may become simply `api.Config` + // TODO(phase1?) this may become simply `api.Config` CertificateAuthorities []string `json:"certificateAuthorities"` Endpoints []string `json:"endpoints"` } diff --git a/cmd/kubeadm/app/cmd/cmd.go b/cmd/kubeadm/app/cmd/cmd.go index 83fbca97ce..1fb97bc023 100644 --- a/cmd/kubeadm/app/cmd/cmd.go +++ b/cmd/kubeadm/app/cmd/cmd.go @@ -31,9 +31,9 @@ import ( func NewKubeadmCommand(f *cmdutil.Factory, in io.Reader, out, err io.Writer, envParams map[string]string) *cobra.Command { cmds := &cobra.Command{ Use: "kubeadm", - Short: "kubeadm: bootstrap a secure kubernetes cluster easily.", + Short: "kubeadm: easily bootstrap a secure Kubernetes cluster.", Long: dedent.Dedent(` - kubeadm: bootstrap a secure kubernetes cluster easily. + kubeadm: easily bootstrap a secure Kubernetes cluster. ┌──────────────────────────────────────────────────────────┐ │ KUBEADM IS ALPHA, DO NOT USE IT FOR PRODUCTION CLUSTERS! │ @@ -51,14 +51,13 @@ func NewKubeadmCommand(f *cmdutil.Factory, in io.Reader, out, err io.Writer, env ┌──────────────────────────────────────────────────────────┐ │ On the first machine │ ├──────────────────────────────────────────────────────────┤ - │ master# kubeadm init master │ - │ Your token is: │ + │ master# kubeadm init │ └──────────────────────────────────────────────────────────┘ ┌──────────────────────────────────────────────────────────┐ │ On the second machine │ ├──────────────────────────────────────────────────────────┤ - │ node# kubeadm join node --token= │ + │ node# kubeadm join --token= │ └──────────────────────────────────────────────────────────┘ You can then repeat the second step on as many other machines as you like. diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go index ce3e95f20d..72775ee6e9 100644 --- a/cmd/kubeadm/app/cmd/init.go +++ b/cmd/kubeadm/app/cmd/init.go @@ -32,20 +32,21 @@ import ( ) var ( - init_done_msgf = dedent.Dedent(` + initDoneMsgf = dedent.Dedent(` Kubernetes master initialised successfully! - You can connect any number of nodes by running: + You can now join any number of machines by running the following on each node: kubeadm join --token %s %s `) ) +// NewCmdInit returns "kubeadm init" command. func NewCmdInit(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command { advertiseAddrs := &[]string{} cmd := &cobra.Command{ Use: "init", - Short: "Run this on the first server you deploy onto.", + Short: "Run this on the first machine.", Run: func(cmd *cobra.Command, args []string) { err := RunInit(out, cmd, args, s, advertiseAddrs) cmdutil.CheckErr(err) // TODO(phase1+) append alpha warning with bugs URL etc @@ -54,28 +55,28 @@ func NewCmdInit(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command { cmd.PersistentFlags().StringVar( &s.Secrets.GivenToken, "token", "", - `(optional) Shared secret used to secure bootstrap. Will be generated and displayed if not provided.`, + `(optional) Shared secret used to secure cluster bootstrap. If none is provided, one will be generated for you.`, ) cmd.PersistentFlags().StringSliceVar( - advertiseAddrs, "api-advertise-addr", []string{}, - `(optional) IP address to advertise, in case autodetection fails.`, + advertiseAddrs, "api-advertise-addresses", []string{}, + `(optional) The IP addresses to advertise, in case autodetection fails.`, ) cmd.PersistentFlags().StringSliceVar( - &s.InitFlags.API.ExternalDNSName, "api-external-dns-name", []string{}, - `(optional) DNS name to advertise, in case you have configured one yourself.`, + &s.InitFlags.API.ExternalDNSNames, "api-external-dns-names", []string{}, + `(optional) The DNS names to advertise, in case you have configured them yourself.`, ) cmd.PersistentFlags().IPNetVar( &s.InitFlags.Services.CIDR, "service-cidr", *kubeadmapi.DefaultServicesCIDR, - `(optional) use alterantive range of IP address for service VIPs, e.g. "10.16.0.0/12"`, + `(optional) use alternative range of IP address for service VIPs, e.g. "10.16.0.0/12"`, ) cmd.PersistentFlags().StringVar( &s.InitFlags.Services.DNSDomain, "service-dns-domain", kubeadmapi.DefaultServiceDNSDomain, - `(optional) use alterantive domain name for services, e.g. "myorg.internal"`, + `(optional) use alternative domain for services, e.g. "myorg.internal"`, ) cmd.PersistentFlags().StringVar( &s.InitFlags.CloudProvider, "cloud-provider", "", - `(optional) enable cloud proiver features (external load-balancers, storage, etc)`, + `(optional) enable a specific cloud provider features (external load-balancers, storage, etc), e.g. "gce"`, ) cmd.PersistentFlags().BoolVar( &s.InitFlags.Schedulable, "schedule-workload", false, @@ -85,6 +86,7 @@ func NewCmdInit(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command { return cmd } +// RunInit executes master node provisioning, including certificates, needed static pod manifests, etc. func RunInit(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.KubeadmConfig, advertiseAddrs *[]string) error { // Auto-detect the IP if len(*advertiseAddrs) == 0 { @@ -98,7 +100,7 @@ func RunInit(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub for _, i := range *advertiseAddrs { addr := net.ParseIP(i) if addr == nil { - return fmt.Errorf(" failed to parse flag (%q) as an IP address", "--api-advertise-addr="+i) + return fmt.Errorf(" failed to parse flag (%q) as an IP address", "--api-advertise-addresses="+i) } s.InitFlags.API.AdvertiseAddrs = append(s.InitFlags.API.AdvertiseAddrs, addr) } @@ -152,7 +154,7 @@ func RunInit(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub } // TODO(phase1+) use templates to reference struct fields directly as order of args is fragile - fmt.Fprintf(out, init_done_msgf, + fmt.Fprintf(out, initDoneMsgf, s.Secrets.GivenToken, s.InitFlags.API.AdvertiseAddrs[0].String(), ) diff --git a/cmd/kubeadm/app/cmd/join.go b/cmd/kubeadm/app/cmd/join.go index b8f60a1766..ecf7bde5d0 100644 --- a/cmd/kubeadm/app/cmd/join.go +++ b/cmd/kubeadm/app/cmd/join.go @@ -31,35 +31,36 @@ import ( ) var ( - join_done_msgf = dedent.Dedent(` + joinDoneMsgf = dedent.Dedent(` Node join complete: * Certificate signing request sent to master and response received. * Kubelet informed of new secure connection details. - Run 'kubectl get nodes' on the master to see this node join. + Run 'kubectl get nodes' on the master to see this machine join. `) ) +// NewCmdJoin returns "kubeadm join" command. func NewCmdJoin(out io.Writer, s *kubeadmapi.KubeadmConfig) *cobra.Command { cmd := &cobra.Command{ Use: "join", - Short: "Run this on other servers to join an existing cluster.", + Short: "Run this on any machine you wish to join an existing cluster.", Run: func(cmd *cobra.Command, args []string) { err := RunJoin(out, cmd, args, s) cmdutil.CheckErr(err) }, } - // TODO this should become `kubeadm join --token=<...> ` cmd.PersistentFlags().StringVarP( &s.Secrets.GivenToken, "token", "", "", - `Shared secret used to secure bootstrap. Must match output of 'init-master'.`, + `Shared secret used to secure bootstrap. Must match the output of 'kubeadm init'.`, ) return cmd } +// RunJoin executes worked node provisioning and tries to join an existing cluster. func RunJoin(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.KubeadmConfig) error { // TODO this we are missing args from the help text, there should be a way to tell cobra about it if len(args) == 0 { @@ -68,7 +69,7 @@ func RunJoin(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub for _, i := range args { addr := net.ParseIP(i) // TODO(phase1+) should allow resolvable names too if addr == nil { - return fmt.Errorf(" failed parse argument (%q) as an IP address", i) + return fmt.Errorf(" failed to parse argument (%q) as an IP address", i) } s.JoinFlags.MasterAddrs = append(s.JoinFlags.MasterAddrs, addr) } @@ -91,6 +92,6 @@ func RunJoin(out io.Writer, cmd *cobra.Command, args []string, s *kubeadmapi.Kub return err } - fmt.Fprintf(out, join_done_msgf) + fmt.Fprintf(out, joinDoneMsgf) return nil } diff --git a/cmd/kubeadm/app/images/images.go b/cmd/kubeadm/app/images/images.go index f699b382b1..438d462d7b 100644 --- a/cmd/kubeadm/app/images/images.go +++ b/cmd/kubeadm/app/images/images.go @@ -24,19 +24,19 @@ import ( const ( KubeEtcdImage = "etcd" - KubeApiServerImage = "apiserver" + KubeAPIServerImage = "apiserver" KubeControllerManagerImage = "controller-manager" KubeSchedulerImage = "scheduler" KubeProxyImage = "proxy" - KubeDnsImage = "kube-dns" - KubeDnsmasqImage = "dnsmasq" + KubeDNSImage = "kube-dns" + KubeDNSmasqImage = "dnsmasq" KubeExechealthzImage = "exechealthz" gcrPrefix = "gcr.io/google_containers" etcdVersion = "2.2.5" - kubeDnsVersion = "1.7" + kubeDNSVersion = "1.7" dnsmasqVersion = "1.3" exechealthzVersion = "1.1" ) @@ -51,7 +51,7 @@ func GetCoreImage(image string, overrideImage string) string { return map[string]string{ KubeEtcdImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "etcd", runtime.GOARCH, etcdVersion), - KubeApiServerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-apiserver", runtime.GOARCH, DefaultKubeVersion), + KubeAPIServerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-apiserver", runtime.GOARCH, DefaultKubeVersion), KubeControllerManagerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-controller-manager", runtime.GOARCH, DefaultKubeVersion), KubeSchedulerImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-scheduler", runtime.GOARCH, DefaultKubeVersion), KubeProxyImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-proxy", runtime.GOARCH, DefaultKubeVersion), @@ -60,8 +60,8 @@ func GetCoreImage(image string, overrideImage string) string { func GetAddonImage(image string) string { return map[string]string{ - KubeDnsImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kubedns", runtime.GOARCH, kubeDnsVersion), - KubeDnsmasqImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-dnsmasq", runtime.GOARCH, dnsmasqVersion), + KubeDNSImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kubedns", runtime.GOARCH, kubeDNSVersion), + KubeDNSmasqImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "kube-dnsmasq", runtime.GOARCH, dnsmasqVersion), KubeExechealthzImage: fmt.Sprintf("%s/%s-%s:%s", gcrPrefix, "exechealthz", runtime.GOARCH, exechealthzVersion), }[image] } diff --git a/cmd/kubeadm/app/kubeadm.go b/cmd/kubeadm/app/kubeadm.go index a6580e3c59..6a6b92feb6 100644 --- a/cmd/kubeadm/app/kubeadm.go +++ b/cmd/kubeadm/app/kubeadm.go @@ -28,8 +28,6 @@ import ( "k8s.io/kubernetes/pkg/util/logs" ) -var CommandLine *pflag.FlagSet - // TODO(phase2) use componentconfig // we need some params for testing etc, let's keep these hidden for now func getEnvParams() map[string]string { @@ -56,7 +54,6 @@ func getEnvParams() map[string]string { } func Run() error { - CommandLine = pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError) logs.InitLogs() defer logs.FlushLogs() diff --git a/cmd/kubeadm/app/master/addons.go b/cmd/kubeadm/app/master/addons.go index 5e395052c7..be2d6abed0 100644 --- a/cmd/kubeadm/app/master/addons.go +++ b/cmd/kubeadm/app/master/addons.go @@ -21,14 +21,15 @@ import ( "path" "runtime" + kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" + "k8s.io/kubernetes/cmd/kubeadm/app/images" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/resource" clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" - "k8s.io/kubernetes/cmd/kubeadm/app/images" ipallocator "k8s.io/kubernetes/pkg/registry/service/ipallocator" "k8s.io/kubernetes/pkg/util/intstr" ) + // TODO(phase1+): kube-proxy should be a daemonset, three different daemonsets should not be here func createKubeProxyPodSpec(s *kubeadmapi.KubeadmConfig, architecture string) api.PodSpec { privilegedTrue := true @@ -112,7 +113,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.KubeadmConfig) api.PodSpec { // DNS server { Name: "kube-dns", - Image: images.GetAddonImage(images.KubeDnsImage), + Image: images.GetAddonImage(images.KubeDNSImage), Resources: api.ResourceRequirements{ Limits: dnsPodResources, Requests: dnsPodResources, @@ -164,7 +165,7 @@ func createKubeDNSPodSpec(s *kubeadmapi.KubeadmConfig) api.PodSpec { // dnsmasq { Name: "dnsmasq", - Image: images.GetAddonImage(images.KubeDnsmasqImage), + Image: images.GetAddonImage(images.KubeDNSmasqImage), Resources: api.ResourceRequirements{ Limits: dnsPodResources, Requests: dnsPodResources, @@ -233,7 +234,7 @@ func CreateEssentialAddons(s *kubeadmapi.KubeadmConfig, client *clientset.Client arches := [3]string{"amd64", "arm", "arm64"} for _, arch := range arches { - kubeProxyDaemonSet := NewDaemonSet(kubeProxy + "-" + arch, createKubeProxyPodSpec(s, arch)) + kubeProxyDaemonSet := NewDaemonSet(kubeProxy+"-"+arch, createKubeProxyPodSpec(s, arch)) SetMasterTaintTolerations(&kubeProxyDaemonSet.Spec.Template.ObjectMeta) if _, err := client.Extensions().DaemonSets(api.NamespaceSystem).Create(kubeProxyDaemonSet); err != nil { diff --git a/cmd/kubeadm/app/master/discovery.go b/cmd/kubeadm/app/master/discovery.go index 39ddb6e60b..25ffd827bc 100644 --- a/cmd/kubeadm/app/master/discovery.go +++ b/cmd/kubeadm/app/master/discovery.go @@ -22,10 +22,10 @@ import ( "encoding/json" "fmt" + kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/extensions" clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" certutil "k8s.io/kubernetes/pkg/util/cert" ) diff --git a/cmd/kubeadm/app/master/kubeconfig.go b/cmd/kubeadm/app/master/kubeconfig.go index d9efe35147..3ad4c3be55 100644 --- a/cmd/kubeadm/app/master/kubeconfig.go +++ b/cmd/kubeadm/app/master/kubeconfig.go @@ -22,9 +22,9 @@ import ( "fmt" // TODO: "k8s.io/client-go/client/tools/clientcmd/api" - clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" + clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" certutil "k8s.io/kubernetes/pkg/util/cert" ) diff --git a/cmd/kubeadm/app/master/manifests.go b/cmd/kubeadm/app/master/manifests.go index b08adda1e8..8c77af88cb 100644 --- a/cmd/kubeadm/app/master/manifests.go +++ b/cmd/kubeadm/app/master/manifests.go @@ -23,11 +23,11 @@ import ( "os" "path" + kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" + "k8s.io/kubernetes/cmd/kubeadm/app/images" "k8s.io/kubernetes/pkg/api/resource" "k8s.io/kubernetes/pkg/api/unversioned" api "k8s.io/kubernetes/pkg/api/v1" - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" - "k8s.io/kubernetes/cmd/kubeadm/app/images" cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" "k8s.io/kubernetes/pkg/util/intstr" ) @@ -36,7 +36,7 @@ import ( // init master` and `kubeadm manual bootstrap master` can get going. const ( - DefaultClusterName = "kubernetes" + DefaultClusterName = "kubernetes" DefaultCloudConfigPath = "/etc/kubernetes/cloud-config.json" etcd = "etcd" @@ -54,6 +54,8 @@ const ( // //E0817 17:53:22.242658 1 event.go:258] Could not construct reference to: '&api.Endpoints{TypeMeta:unversioned.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"kube-scheduler", GenerateName:"", Namespace:"kube-system", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:unversioned.Time{Time:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*unversioned.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]api.OwnerReference(nil), Finalizers:[]string(nil)}, Subsets:[]api.EndpointSubset(nil)}' due to: 'selfLink was empty, can't make reference'. Will not report event: 'Normal' '%v became leader' 'moby' +// WriteStaticPodManifests builds manifest objects based on user provided configuration and then dumps it to disk +// where kubelet will pick and schedule them. func WriteStaticPodManifests(s *kubeadmapi.KubeadmConfig) error { staticPodSpecs := map[string]api.Pod{ // TODO this needs a volume @@ -73,7 +75,7 @@ func WriteStaticPodManifests(s *kubeadmapi.KubeadmConfig) error { // TODO bind-mount certs in kubeAPIServer: componentPod(api.Container{ Name: kubeAPIServer, - Image: images.GetCoreImage(images.KubeApiServerImage, s.EnvParams["hyperkube_image"]), + Image: images.GetCoreImage(images.KubeAPIServerImage, s.EnvParams["hyperkube_image"]), Command: getComponentCommand(apiServer, s), VolumeMounts: []api.VolumeMount{k8sVolumeMount()}, LivenessProbe: componentProbe(8080, "/healthz"), @@ -113,6 +115,8 @@ func WriteStaticPodManifests(s *kubeadmapi.KubeadmConfig) error { return nil } +// etcdVolume returns an host-path volume for storing etcd data. +// By using a host-path, the data will survive pod restart. func etcdVolume(s *kubeadmapi.KubeadmConfig) api.Volume { return api.Volume{ Name: "etcd", @@ -189,7 +193,7 @@ func componentPod(container api.Container, volumes ...api.Volume) api.Pod { func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command []string) { // TODO: make a global constant of this - pki_dir := "/etc/kubernetes/pki" + pkiDir := "/etc/kubernetes/pki" baseFlags := map[string][]string{ apiServer: []string{ @@ -197,11 +201,11 @@ func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command "--etcd-servers=http://127.0.0.1:2379", "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", "--service-cluster-ip-range=" + s.InitFlags.Services.CIDR.String(), - "--service-account-key-file=" + pki_dir + "/apiserver-key.pem", - "--client-ca-file=" + pki_dir + "/ca.pem", - "--tls-cert-file=" + pki_dir + "/apiserver.pem", - "--tls-private-key-file=" + pki_dir + "/apiserver-key.pem", - "--token-auth-file=" + pki_dir + "/tokens.csv", + "--service-account-key-file=" + pkiDir + "/apiserver-key.pem", + "--client-ca-file=" + pkiDir + "/ca.pem", + "--tls-cert-file=" + pkiDir + "/apiserver.pem", + "--tls-private-key-file=" + pkiDir + "/apiserver-key.pem", + "--token-auth-file=" + pkiDir + "/tokens.csv", "--secure-port=443", "--allow-privileged", }, @@ -210,10 +214,10 @@ func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command "--leader-elect", "--master=127.0.0.1:8080", "--cluster-name=" + DefaultClusterName, - "--root-ca-file=" + pki_dir + "/ca.pem", - "--service-account-private-key-file=" + pki_dir + "/apiserver-key.pem", - "--cluster-signing-cert-file=" + pki_dir + "/ca.pem", - "--cluster-signing-key-file=" + pki_dir + "/ca-key.pem", + "--root-ca-file=" + pkiDir + "/ca.pem", + "--service-account-private-key-file=" + pkiDir + "/apiserver-key.pem", + "--cluster-signing-cert-file=" + pkiDir + "/ca.pem", + "--cluster-signing-key-file=" + pkiDir + "/ca-key.pem", "--insecure-experimental-approve-all-kubelet-csrs-for-group=system:kubelet-bootstrap", "--cluster-cidr=" + s.InitFlags.Services.CIDR.String(), }, @@ -239,7 +243,7 @@ func getComponentCommand(component string, s *kubeadmapi.KubeadmConfig) (command // Only append the --cloud-config option if there's a such file if _, err := os.Stat(DefaultCloudConfigPath); err == nil { - command = append(command, "--cloud-config=" + DefaultCloudConfigPath) + command = append(command, "--cloud-config="+DefaultCloudConfigPath) } } diff --git a/cmd/kubeadm/app/master/pki.go b/cmd/kubeadm/app/master/pki.go index e904d41673..584ea9d1d2 100644 --- a/cmd/kubeadm/app/master/pki.go +++ b/cmd/kubeadm/app/master/pki.go @@ -60,7 +60,7 @@ func newServerKeyAndCert(s *kubeadmapi.KubeadmConfig, caCert *x509.Certificate, internalAPIServerVirtualIP, err := ipallocator.GetIndexedIP(&s.InitFlags.Services.CIDR, 1) if err != nil { - return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%s]") + return nil, nil, fmt.Errorf("unable to allocate IP address for the API server from the given CIDR (%q) [%s]", &s.InitFlags.Services.CIDR, err) } altNames.IPs = append(altNames.IPs, internalAPIServerVirtualIP) @@ -117,7 +117,7 @@ func writeKeysAndCert(pkiPath string, name string, key *rsa.PrivateKey, cert *x5 if cert != nil { if err := certutil.WriteCert(certificatePath, certutil.EncodeCertPEM(cert)); err != nil { - return fmt.Errorf("unable to write certificate file (%q) [%s]", err) + return fmt.Errorf("unable to write certificate file (%q) [%s]", certificatePath, err) } } @@ -142,8 +142,8 @@ func CreatePKIAssets(s *kubeadmapi.KubeadmConfig) (*rsa.PrivateKey, *x509.Certif altNames.IPs = append(altNames.IPs, s.InitFlags.API.AdvertiseAddrs...) } - if len(s.InitFlags.API.ExternalDNSName) > 0 { - altNames.DNSNames = append(altNames.DNSNames, s.InitFlags.API.ExternalDNSName...) + if len(s.InitFlags.API.ExternalDNSNames) > 0 { + altNames.DNSNames = append(altNames.DNSNames, s.InitFlags.API.ExternalDNSNames...) } pkiPath := path.Join(s.EnvParams["host_pki_path"]) diff --git a/cmd/kubeadm/app/node/csr.go b/cmd/kubeadm/app/node/csr.go index 012bd573d0..06a9453dfa 100644 --- a/cmd/kubeadm/app/node/csr.go +++ b/cmd/kubeadm/app/node/csr.go @@ -19,31 +19,22 @@ package node import ( "fmt" "io/ioutil" - "strings" "os" + "strings" + kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" + kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" "k8s.io/kubernetes/pkg/apis/certificates" unversionedcertificates "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/certificates/unversioned" "k8s.io/kubernetes/pkg/client/restclient" "k8s.io/kubernetes/pkg/client/typed/discovery" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" - kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" "k8s.io/kubernetes/pkg/kubelet/util/csr" certutil "k8s.io/kubernetes/pkg/util/cert" ) -func PerformTLSBootstrapFromConfig(s *kubeadmapi.KubeadmConfig) (*clientcmdapi.Config, error) { - caCert, err := ioutil.ReadFile(s.ManualFlags.CaCertFile) - if err != nil { - return nil, fmt.Errorf(" failed to load CA certificate [%s]", err) - } - - return PerformTLSBootstrap(s, strings.Split(s.ManualFlags.ApiServerURLs, ",")[0], caCert) -} - -// Create a restful client for doing the certificate signing request. +// PerformTLSBootstrap creates a RESTful client in order to execute certificate signing request. func PerformTLSBootstrap(s *kubeadmapi.KubeadmConfig, apiEndpoint string, caCert []byte) (*clientcmdapi.Config, error) { // TODO try all the api servers until we find one that works bareClientConfig := kubeadmutil.CreateBasicClientConfig("kubernetes", apiEndpoint, caCert) diff --git a/cmd/kubeadm/app/node/discovery.go b/cmd/kubeadm/app/node/discovery.go index 1f837fb231..42a1794a84 100644 --- a/cmd/kubeadm/app/node/discovery.go +++ b/cmd/kubeadm/app/node/discovery.go @@ -24,8 +24,8 @@ import ( "net/http" jose "github.com/square/go-jose" - clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" + clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" ) func RetrieveTrustedClusterInfo(s *kubeadmapi.KubeadmConfig) (*clientcmdapi.Config, error) { diff --git a/cmd/kubeadm/app/util/kubeconfig.go b/cmd/kubeadm/app/util/kubeconfig.go index e419a3a833..3ca4d08721 100644 --- a/cmd/kubeadm/app/util/kubeconfig.go +++ b/cmd/kubeadm/app/util/kubeconfig.go @@ -22,9 +22,9 @@ import ( "path" // TODO: "k8s.io/client-go/client/tools/clientcmd/api" + kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" "k8s.io/kubernetes/pkg/client/unversioned/clientcmd" clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api" - kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/api" ) func CreateBasicClientConfig(clusterName string, serverURL string, caCert []byte) *clientcmdapi.Config {