github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

kube-apiserver in a pod.

pull/6/head
Abhishek Shah 2015-04-09 14:35:07 -07:00
parent a0fa592b80
commit c9d7010461
5 changed files with 191 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
cluster/saltbase/salt/kube-apiserver/default
View File

@ -1,63 +0,0 @@
{% set daemon_args = "$DAEMON_ARGS" -%}
{% if grains['os_family'] == 'RedHat' -%}
{% set daemon_args = "" -%}
{% endif -%}
{% set cloud_provider = "" -%}
{% set cloud_config = "" -%}
{% if grains.cloud is defined -%}
{% set cloud_provider = "--cloud_provider=" + grains.cloud -%}
{% if grains.cloud == 'gce' -%}
{% if grains.cloud_config is defined -%}
{% set cloud_config = "--cloud_config=" + grains.cloud_config -%}
{% endif -%}
{% elif grains.cloud == 'aws' -%}
{% set cloud_config = "--cloud_config=/etc/aws.conf" -%}
{% endif -%}
{% endif -%} # grains.cloud is defined
{% set address = "--address=127.0.0.1" -%}
{% if pillar['instance_prefix'] is defined -%}
{% set cluster_name = "--cluster_name=" + pillar['instance_prefix'] -%}
{% endif -%}
{% set publicAddressOverride = "" -%}
{% if grains.publicAddressOverride is defined -%}
{% set publicAddressOverride = "--public_address_override=" + grains.publicAddressOverride -%}
{% endif -%}
{% set etcd_servers = "--etcd_servers=http://127.0.0.1:4001" -%}
{% if pillar['portal_net'] is defined -%}
{% set portal_net = "--portal_net=" + pillar['portal_net'] -%}
{% endif -%}
{% set cert_file = "--tls_cert_file=/srv/kubernetes/server.cert" -%}
{% set key_file = "--tls_private_key_file=/srv/kubernetes/server.key" -%}
{% set secure_port = "--secure_port=6443" -%}
{% set token_auth_file = "--token_auth_file=/dev/null" -%}
{% if grains.cloud is defined -%}
{% if grains.cloud in [ 'aws', 'gce', 'vagrant' ] -%}
# TODO: generate and distribute tokens for other cloud providers.
{% set token_auth_file = "--token_auth_file=/srv/kubernetes/known_tokens.csv" -%}
{% endif -%}
{% endif -%}
{% set admission_control = "" -%}
{% if pillar['admission_control'] is defined -%}
{% set admission_control = "--admission_control=" + pillar['admission_control'] -%}
{% endif -%}
{% set runtime_config = "" -%}
{% if grains.runtime_config is defined -%}
{% set runtime_config = "--runtime_config=" + grains.runtime_config -%}
{% endif -%}
DAEMON_ARGS="{{daemon_args}} {{address}} {{etcd_servers}} {{ cloud_provider }} {{ cloud_config }} {{ runtime_config }} {{admission_control}} --allow_privileged={{pillar['allow_privileged']}} {{portal_net}} {{cluster_name}} {{cert_file}} {{key_file}} {{secure_port}} {{token_auth_file}} {{publicAddressOverride}} {{pillar['log_level']}}"

85
cluster/saltbase/salt/kube-apiserver/init.sls
View File

@ -1,16 +1,13 @@
{% if grains['os_family'] == 'RedHat' %}
{% set environment_file = '/etc/sysconfig/kube-apiserver' %}
{% else %}
{% set environment_file = '/etc/default/kube-apiserver' %}
{% endif %}
{{ environment_file }}:
{% if grains.cloud is defined %}
{% if grains.cloud in ['aws', 'gce', 'vagrant'] %}
# TODO: generate and distribute tokens on other cloud providers.
/srv/kubernetes/known_tokens.csv:
file.managed:
- source: salt://kube-apiserver/default
- template: jinja
- user: root
- group: root
- mode: 644
- source: salt://kube-apiserver/known_tokens.csv
# - watch_in:
# - service: kube-apiserver
{% endif %}
{% endif %}
/usr/local/bin/kube-apiserver:
file.managed:
@ -19,59 +16,19 @@
- group: root
- mode: 755
{% if grains['os_family'] == 'RedHat' %}
/usr/lib/systemd/system/kube-apiserver.service:
# Copy kube-apiserver manifest to manifests folder for kubelet.
/etc/kubernetes/manifests/kube-apiserver.manifest:
file.managed:
- source: salt://kube-apiserver/kube-apiserver.service
- source: salt://kube-apiserver/kube-apiserver.manifest
- template: jinja
- user: root
- group: root
- mode: 644
- makedirs: true
- dir_mode: 755
{% else %}
/etc/init.d/kube-apiserver:
file.managed:
- source: salt://kube-apiserver/initd
- user: root
- group: root
- mode: 755
{% endif %}
{% if grains.cloud is defined %}
{% if grains.cloud in ['aws', 'gce', 'vagrant'] %}
# TODO: generate and distribute tokens on other cloud providers.
/srv/kubernetes/known_tokens.csv:
file.managed:
- source: salt://kube-apiserver/known_tokens.csv
- user: kube-apiserver
- group: kube-apiserver
- mode: 400
- watch:
- user: kube-apiserver
- group: kube-apiserver
- watch_in:
- service: kube-apiserver
{% endif %}
{% endif %}
kube-apiserver:
group.present:
- system: True
user.present:
- system: True
- gid_from_name: True
- groups:
- kube-cert
- shell: /sbin/nologin
- home: /var/kube-apiserver
- require:
- group: kube-apiserver
service.running:
- enable: True
- watch:
- file: {{ environment_file }}
- file: /usr/local/bin/kube-apiserver
{% if grains['os_family'] != 'RedHat' %}
- file: /etc/init.d/kube-apiserver
{% endif %}
#stop legacy kube-apiserver service
stop_kube-apiserver:
service.dead:
- name: kube-apiserver
- enable: None

121
cluster/saltbase/salt/kube-apiserver/initd
View File

@ -1,121 +0,0 @@
#!/bin/bash
#
### BEGIN INIT INFO
# Provides: kube-apiserver
# Required-Start: $local_fs $network $syslog
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: The Kubernetes API server
# Description:
# The Kubernetes API server maintains docker state against a state file.
### END INIT INFO
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="The Kubernetes API server"
NAME=kube-apiserver
DAEMON=/usr/local/bin/kube-apiserver
DAEMON_LOG_FILE=/var/log/$NAME.log
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
DAEMON_USER=kube-apiserver
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Raise the file descriptor limit - we expect to open a lot of sockets!
ulimit -n 65536
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --background --no-close \
--make-pidfile --pidfile $PIDFILE \
--exec $DAEMON -c $DAEMON_USER --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --background --no-close \
--make-pidfile --pidfile $PIDFILE \
--exec $DAEMON -c $DAEMON_USER -- \
$DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) log_end_msg 0 || exit 0 ;;
2) log_end_msg 1 || exit 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) log_end_msg 0 ;;
2) exit 1 ;;
esac
;;
status)
status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart|force-reload)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac

170
cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest Normal file
View File

@ -0,0 +1,170 @@
{% set daemon_args = "$DAEMON_ARGS" -%}
{% if grains['os_family'] == 'RedHat' -%}
{% set daemon_args = "" -%}
{% endif -%}
{% set cloud_provider = "" -%}
{% set cloud_config = "" -%}
{% if grains.cloud is defined -%}
{% set cloud_provider = "--cloud_provider=" + grains.cloud -%}
{% if grains.cloud == 'gce' -%}
{% if grains.cloud_config is defined -%}
{% set cloud_config = "--cloud_config=" + grains.cloud_config -%}
{% endif -%}
{% elif grains.cloud == 'aws' -%}
{% set cloud_config = "--cloud_config=/etc/aws.conf" -%}
{% endif -%}
{% endif -%}
{% set address = "--address=127.0.0.1" -%}
{% if pillar['instance_prefix'] is defined -%}
{% set cluster_name = "--cluster_name=" + pillar['instance_prefix'] -%}
{% endif -%}
{% set publicAddressOverride = "" -%}
{% if grains.publicAddressOverride is defined -%}
{% set publicAddressOverride = "--public_address_override=" + grains.publicAddressOverride -%}
{% endif -%}
{% set etcd_servers = "--etcd_servers=http://127.0.0.1:4001" -%}
{% if pillar['portal_net'] is defined -%}
{% set portal_net = "--portal_net=" + pillar['portal_net'] -%}
{% endif -%}
{% set cert_file = "--tls_cert_file=/srv/kubernetes/server.cert" -%}
{% set key_file = "--tls_private_key_file=/srv/kubernetes/server.key" -%}
{% set secure_port = "--secure_port=6443" -%}
{% set token_auth_file = "--token_auth_file=/dev/null" -%}
{% if grains.cloud is defined -%}
{% if grains.cloud in [ 'aws', 'gce', 'vagrant' ] -%}
{% set token_auth_file = "--token_auth_file=/srv/kubernetes/known_tokens.csv" -%}
{% endif -%}
{% endif -%}
{% set admission_control = "" -%}
{% if pillar['admission_control'] is defined -%}
{% set admission_control = "--admission_control=" + pillar['admission_control'] -%}
{% endif -%}
{% set runtime_config = "" -%}
{% if grains.runtime_config is defined -%}
{% set runtime_config = "--runtime_config=" + grains.runtime_config -%}
{% endif -%}
{
"apiVersion": "v1beta3",
"kind": "Pod",
"metadata": {"name":"kube-apiserver"},
"spec":{
"hostNetwork": true,
"containers":[
{
"name": "kube-apiserver",
"image": "gcr.io/google_containers/kube-apiserver:{{pillar['kube-apiserver_docker_tag']}}",
"command": [
"/kube-apiserver",
"{{address}}",
"{{etcd_servers}}",
"{{ cloud_provider }}",
"{{ cloud_config }}",
"{{ runtime_config }}",
"{{admission_control}}",
"--allow_privileged={{pillar['allow_privileged']}}",
"{{portal_net}}",
"{{cluster_name}}",
"{{cert_file}}",
"{{key_file}}",
"{{secure_port}}",
"{{token_auth_file}}",
"{{publicAddressOverride}}",
"{{pillar['log_level']}}"
],
"ports":[
{ "name": "https",
"containerPort": 6443,
"hostPort": 6443},{
"name": "http",
"containerPort": 7080,
"hostPort": 7080},{
"name": "local",
"containerPort": 8080,
"hostPort": 8080}
],
"volumeMounts": [
{ "name": "srvkube",
"mountPath": "/srv/kubernetes",
"readOnly": true},
{ "name": "etcssl",
"mountPath": "/etc/ssl",
"readOnly": true},
{ "name": "usrsharessl",
"mountPath": "/usr/share/ssl",
"readOnly": true},
{ "name": "varssl",
"mountPath": "/var/ssl",
"readOnly": true},
{ "name": "usrssl",
"mountPath": "/usr/ssl",
"readOnly": true},
{ "name": "usrlibssl",
"mountPath": "/usr/lib/ssl",
"readOnly": true},
{ "name": "usrlocalopenssl",
"mountPath": "/usr/local/openssl",
"readOnly": true},
{ "name": "etcopenssl",
"mountPath": "/etc/openssl",
"readOnly": true},
{ "name": "etcpkitls",
"mountPath": "/etc/pki/tls",
"readOnly": true}
]
}
],
"volumes":[
{ "name": "srvkube",
"hostPath": {
"path": "/srv/kubernetes"}
},
{ "name": "etcssl",
"hostPath": {
"path": "/etc/ssl"}
},
{ "name": "usrsharessl",
"hostPath": {
"path": "/usr/share/ssl"}
},
{ "name": "varssl",
"hostPath": {
"path": "/var/ssl"}
},
{ "name": "usrssl",
"hostPath": {
"path": "/usr/ssl"}
},
{ "name": "usrlibssl",
"hostPath": {
"path": "/usr/lib/ssl"}
},
{ "name": "usrlocalopenssl",
"hostPath": {
"path": "/usr/local/openssl"}
},
{ "name": "etcopenssl",
"hostPath": {
"path": "/etc/openssl"}
},
{ "name": "etcpkitls",
"hostPath": {
"path": "/etc/pki/tls"}
}
]
}}

11
cluster/saltbase/salt/kube-apiserver/kube-apiserver.service
View File

@ -1,11 +0,0 @@
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
EnvironmentFile=/etc/sysconfig/kube-apiserver
ExecStart=/usr/local/bin/kube-apiserver "$DAEMON_ARGS"
Restart=on-failure
[Install]
WantedBy=multi-user.target