Skip to content

Commit

Permalink
Merge pull request kubernetes#17262 from brendandburns/hyperkube
Browse files Browse the repository at this point in the history
Auto commit by PR queue bot
  • Loading branch information
k8s-merge-robot committed Nov 23, 2015
2 parents 32a74f0 + ce90b83 commit fb09627
Show file tree
Hide file tree
Showing 9 changed files with 185 additions and 7 deletions.
7 changes: 7 additions & 0 deletions cluster/images/hyperkube/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
file \
util-linux \
socat \
curl \
&& DEBIAN_FRONTEND=noninteractive apt-get autoremove -y \
&& DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

Expand All @@ -21,3 +22,9 @@ COPY master.json /etc/kubernetes/manifests/master.json

COPY safe_format_and_mount /usr/share/google/safe_format_and_mount
RUN chmod a+rx /usr/share/google/safe_format_and_mount

COPY setup-files.sh /setup-files.sh
RUN chmod a+rx /setup-files.sh

COPY make-ca-cert.sh /make-ca-cert.sh
RUN chmod a+x /make-ca-cert.sh
3 changes: 2 additions & 1 deletion cluster/images/hyperkube/Makefile
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# build the hyperkube image.

VERSION=v1.0.1
VERSION=v1.1.1

all:
cp ../../saltbase/salt/helpers/safe_format_and_mount .
cp ../../saltbase/salt/generate-cert/make-ca-cert.sh .
curl -O https://storage.googleapis.com/kubernetes-release/release/${VERSION}/bin/linux/amd64/hyperkube
sed -i "s/VERSION/${VERSION}/g" master-multi.json master.json
docker build -t gcr.io/google_containers/hyperkube:${VERSION} .
Expand Down
3 changes: 3 additions & 0 deletions cluster/images/hyperkube/master-multi.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--terminated-pod-gc-threshold=100",
"--min-resync-period=3m",
"--v=2"
]
},
Expand All @@ -25,6 +27,7 @@
"--address=0.0.0.0",
"--etcd-servers=http://127.0.0.1:4001",
"--cluster-name=kubernetes",
"--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",
"--v=2"
]
},
Expand Down
48 changes: 45 additions & 3 deletions cluster/images/hyperkube/master.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,17 @@
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--min-resync-period=3m",
"--service-account-private-key-file=/srv/kubernetes/server.key",
"--root-ca-file=/srv/kubernetes/ca.crt",
"--v=2"
]
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/srv/kubernetes"
}
]
},
{
"name": "apiserver",
Expand All @@ -25,8 +34,22 @@
"--address=127.0.0.1",
"--etcd-servers=http://127.0.0.1:4001",
"--cluster-name=kubernetes",
"--v=2"
]
"--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=True",
"--v=4"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/srv/kubernetes"
}
]
},
{
"name": "scheduler",
Expand All @@ -37,6 +60,25 @@
"--master=127.0.0.1:8080",
"--v=2"
]
},
{
"name": "setup",
"image": "gcr.io/google_containers/hyperkube:VERSION",
"command": [
"/setup-files.sh"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/data"
}
]
}
],
"volumes": [
{
"name": "data",
"emptyDir": {}
}
]
}
Expand Down
43 changes: 43 additions & 0 deletions cluster/images/hyperkube/setup-files.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#!/bin/bash

# Copyright 2015 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This script is intended to set up the files necessary to run a master.
# It currently creates:
# * The basic auth file for access to the kubernetes api server
# * Service tokens for accessing the kubernetes api server
# * The CA cert and keys for HTTPS access to the kubernetes api server
set -o errexit
set -o nounset
set -o pipefail

create_token() {
echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null)
}

# Create basic token authorization
echo "admin,admin,admin" > /data/basic_auth.csv

# Create HTTPS certificates
CERT_DIR=/data /make-ca-cert.sh $(hostname -i)

# Create known tokens for service accounts
echo "$(create_token),admin,admin" >> /data/known_tokens.csv
echo "$(create_token),kubelet,kubelet" >> /data/known_tokens.csv
echo "$(create_token),kube_proxy,kube_proxy" >> /data/known_tokens.csv

while true; do
sleep 3600
done
31 changes: 31 additions & 0 deletions cluster/images/hyperkube/teardown.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/bin/bash

# Copyright 2015 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Tears down an existing cluster. Warning destroys _all_ docker containers on the machine

set -o errexit
set -o nounset
set -o pipefail

echo "Warning, this will delete all Docker containers on this machine."
echo "Proceed? [Y/n]"

read resp
if [[ $resp == "n" || $resp == "N" ]]; then
exit 0
fi

docker ps -aq | xargs docker rm -f
50 changes: 50 additions & 0 deletions cluster/images/hyperkube/turnup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
#!/bin/bash

# Copyright 2015 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Useful for testing images and changes, turns up a fresh single node cluster

set -o errexit
set -o nounset
set -o pipefail

docker run --net=host -d gcr.io/google_containers/etcd:2.2.1 \
/usr/local/bin/etcd \
--addr=127.0.0.1:4001 \
--bind-addr=0.0.0.0:4001 \
--data-dir=/var/etcd/data

docker run --pid=host \
--volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \
--volume=/dev:/dev \
--volume=/var/lib/docker/:/var/lib/docker:rw \
--volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
--volume=/var/run:/var/run:rw \
--net=host \
--pid=host \
--privileged=true \
-d gcr.io/google_containers/hyperkube:v${K8S_VERSION} \
/hyperkube kubelet \
--containerized \
--hostname-override="127.0.0.1" \
--address="0.0.0.0" \
--api-servers=http://localhost:8080 \
--config=/etc/kubernetes/manifests --v=10

docker run -d --net=host --privileged \
gcr.io/google_containers/hyperkube:v${K8S_VERSION} \
/hyperkube proxy \
--master=http://127.0.0.1:8080 --v=2
6 changes: 3 additions & 3 deletions docs/getting-started-guides/docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ parameters as follows:
```

4. Decide what Kubernetes version to use. Set the `${K8S_VERSION}` variable to
a value such as "1.0.7".
a value such as "1.1.1".

### Step One: Run etcd

Expand Down Expand Up @@ -124,8 +124,8 @@ At this point you should have a running Kubernetes cluster. You can test this
by downloading the kubectl binary for `${K8S_VERSION}` (look at the URL in the
following links) and make it available by editing your PATH environment
variable.
([OS X](http://storage.googleapis.com/kubernetes-release/release/v1.0.7/bin/darwin/amd64/kubectl))
([linux](http://storage.googleapis.com/kubernetes-release/release/v1.0.7/bin/linux/amd64/kubectl))
([OS X](http://storage.googleapis.com/kubernetes-release/release/v1.1.1/bin/darwin/amd64/kubectl))
([linux](http://storage.googleapis.com/kubernetes-release/release/v1.1.1/bin/linux/amd64/kubectl))

For example, OS X:

Expand Down
1 change: 1 addition & 0 deletions pkg/util/mount/nsenter_mount.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ func (n *NsenterMounter) IsLikelyNotMountPoint(file string) (bool, error) {
exec := exec.New()
out, err := exec.Command(nsenterPath, args...).CombinedOutput()
if err != nil {
glog.Errorf("Failed to nsenter mount, return file doesn't exist: %v", err)
// If the command itself is correct, then if we encountered error
// then most likely this means that the directory does not exist.
return true, os.ErrNotExist
Expand Down

0 comments on commit fb09627

Please sign in to comment.