only set the etcd servers in the apiserver config
set the --master= in the global config
still need --api_servers= different in kubelet because, ummmm, we do
comment out the apiserver config in controller and scheduler, not needed
point the proxy to api, not to etcd
It's just easier to package if we keep all the tmpfiles in one place
(even though there is only one)
All of the kube code uses /var/run/ not /run. Even though /var/run is
a link to /run on all systemd systems, it makes sense to me to keep our
codebase consistent.
Works:
--api_servers=127.0.0.1:8080
--api_servers=http://127.0.0.1:8080
--api_servers=http://localhost:8080
Fails:
--api_servers=localhost:8080
Include the http:// in the example, so users aren't likely to hit the
problem
requirement for the parameter. Sans parameter the kubelet will fail
silently trying to obtain service setting that are placed into the
ENV of the PODS.
From the systemd man page:
Use "${FOO}" as part of a word, or as a word of its own, on the command
line, in which case it will be
replaced by the value of the environment variable including
all whitespace it contains, resulting in a single argument.
Use "$FOO" as a separate word on the
command line, in which case it will be replaced
by the value of the environment variable split at
whitespace, resulting in zero or more arguments.
Since we want people to be able to use these for multiple arguments we
need to make sure we don't use {} around the env vars...
Some image based OS do not allow writing to /. Since the kubelet looks
for .dockercfg files in the working dir and uses / as the working dir,
this means one can never set a .dockercfg on those distros. This moves
the kubelet working dir to /var/lib/kubelet, where the kubelet naturally
does its work.
Some distros, include RHEL and Fedora, are doing away with the docker
socket by default in systemd units, for security reasons. Instead rely
on the docker.service being started instead of socket activation.
Now that that the apiserver can auto-generate self-signed
certificates, and drop them in /var/run/kubernetes (which is really
/run/kubernetes), we need to ensure it's created on boot.
(I'm not sure why the default isnt' *persistent* self-signed
certificates, but that's a different patch)
apiserver becomes kube-apiserver
controller-manager -> kube-controller-manager
scheduler and proxy similarly.
Only thing I promise is that right now hack/build-go.sh and
build/release.sh exit with 0. That's it. Who knows if any of this
actually works....
The example systemd services files, environment files, and the fedora
manual config doc all used numerous references to minion_. Many of
these are better named kubelet_. Convert them.
Tim Hockin