The kubelet allows you to set `--pod-infra-container-image`
(also called `PodSandboxImage` in the kubelet config),
which can be a custom location to the "pause" image in the case
of Docker. Other CRIs are not supported.
Set the CLI flag for the Docker case in flags.go using
WriteKubeletDynamicEnvFile().
Up until now UnifiedControlPlaneImage existed as a string value as part of the
ClusterConfiguration. This provided an override for the Kubernetes core
component images with a single custom image. It is mostly used to override the
control plane images with the hyperkube image. This saves both bandwith and
disk space on the control plane nodes.
Unfortunately, this specified an entire image string (complete with its prefix,
image name and tag). This disables upgrades of setups that use hyperkube.
Therefore, to enable upgrades on hyperkube setups and to make configuration
more convenient, the UnifiedControlPlaneImage option is replaced with a boolean
option, called UseHyperKubeImage. If set to true, this option replaces the
image name of any Kubernetes core components with hyperkube, thus allowing for
upgrades and respecting the image repository and version, specified in the
ClusterConfiguration.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
As kube-dns transitioned to fat manifests, it's no longer required to use arch
suffixed images. This change makes use of fat manifests for kube-dns and
removes the last few calls to the GetGenericArchImage function, thus removing
GetGenericArchImage too.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
This change removes arch suffixes from control plane images (etcd,
kube-apiserver, kube-scheduler, kube-proxy, etc.). These are not needed, as
almost all control plane images have a fat manifest now.
We have arch suffixes only for kube-dns images now.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Replace the unnecessary use of InitConfiguration in images.go with
ClusterConfiguration. This changes the interfaces of the following functions:
- GetKubeControlPlaneImage
- GetEtcdImage
- GetAllImages
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
Until now, kube-proxy image was handled in two separate places:
- In images.go along with the pre-pull code and without having the image
override capabilities (via UnifiedControlPlaneImage)
- In the kube-proxy manifest, where image override was possible.
This duplicates the kube-proxy image logic and makes it prone to errors.
Therefore, this change aims to deduplicate it and make it more straightforward.
This is achieved in the following ways:
- GetKubeControlPlaneImage is used for kube-proxy image fetching, thus allowing
for the image to be overriden by UnifiedControlPlaneImage.
- Remove duplicated logic from the manifest and use GetKubeControlPlaneImage to
generate the image for the manifest.
Additionally, GetKubeControlPlaneImageNoOverride is removed as the only use case
for the function is now invalid.
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
It appears that sidecar and dnsmasq-nanny images are now required for
kube-dns deployment to work correctly. Thus the following default kube-dns
images are used now:
- k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.10
- k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.10
- k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
GetCoreImage is a too generic function, that takes too many arguments. This
makes it prone to errors that may be difficult to trace. The solution is to
split it into the following couple of functions with a more targeted interface:
- GetKubeControlPlaneImage used to fetch Kubernetes control plane images or the
unified control plane image (if one is specified).
- GetEtcdImage is used to fetch the etcd image.
In addition to these, a couple of new utility functions are also created:
- GetKubeControlPlaneImageNoOverride used like GetKubeControlPlaneImage but
does not return the unified control plane image (even if it is set).
- GetGenericArchImage returns image path in the form of "prefix/image-goarch:tag"
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
CI defines its own custom repository. The function responsible
for listing all images now takes this into account.
Closeskubernetes/kubeadm#901
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
This is the 2nd attempt. The previous was reverted while we figured out
the regional mirrors (oops).
New plan: k8s.gcr.io is a read-only facade that auto-detects your source
region (us, eu, or asia for now) and pulls from the closest. To publish
an image, push k8s-staging.gcr.io and it will be synced to the regionals
automatically (similar to today). For now the staging is an alias to
gcr.io/google_containers (the legacy URL).
When we move off of google-owned projects (working on it), then we just
do a one-time sync, and change the google-internal config, and nobody
outside should notice.
We can, in parallel, change the auto-sync into a manual sync - send a PR
to "promote" something from staging, and a bot activates it. Nice and
visible, easy to keep track of.
Lubomir I. Ivanov