Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a docker image for hyperkube, and instructions on how to use. #6432

Merged
merged 2 commits into from
Apr 6, 2015
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions cluster/images/hyperkube/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
FROM google/debian:wheezy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We use backports for our container vm -- would it make sense to use that here as well (so that this is as closer to VMs on GCE)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we sadly don't have a backports wheezy docker image:

https://registry.hub.docker.com/u/google/debian/tags/manage/

We probably should...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you find a way to get busybox+iptable that could be a lot smaller.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

feel free to send a PR ;)


RUN apt-get update
RUN apt-get -yy -q install iptables
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

&& instead of a separate RUN? also consider --no-install-recommends

COPY hyperkube /hyperkube
RUN chmod a+rx /hyperkube
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe do the chmod in the Makefile instead (and save one layer).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No guarantees that this will work from OS X -> Linux afaik.


COPY master.json /etc/kubernetes/manifests/master.json

10 changes: 10 additions & 0 deletions cluster/images/hyperkube/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# build the hyperkube image.

VERSION=v0.14.1

all:
# cp ../../../_output/release-stage/server/linux-amd64/kubernetes/server/bin/hyperkube ./
docker build -t gcr.io/google_containers/hyperkube:${VERSION} .
gcloud preview docker push gcr.io/google_containers/hyperkube:${VERSION}

.PHONY: all
45 changes: 45 additions & 0 deletions cluster/images/hyperkube/master.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
"apiVersion": "v1beta3",
"kind": "Pod",
"metadata": {"name":"nginx"},
"spec":{
"hostNetwork": true,
"containers":[
{
"name": "controller-manager",
"image": "gcr.io/google_containers/hyperkube:v0.14.1",
"command": [
"/hyperkube",
"controller-manager",
"--master=127.0.0.1:8080",
"--machines=127.0.0.1",
"--sync_nodes=true",
"--v=2"
]
},
{
"name": "apiserver",
"image": "gcr.io/google_containers/hyperkube:v0.14.1",
"command": [
"/hyperkube",
"apiserver",
"--portal_net=10.0.0.1/24",
"--address=127.0.0.1",
"--etcd_servers=http://127.0.0.1:4001",
"--cluster_name=kubernetes",
"--v=2"
]
},
{
"name": "scheduler",
"image": "gcr.io/google_containers/hyperkube:v0.14.1",
"command": [
"/hyperkube",
"scheduler",
"--master=127.0.0.1:8080",
"--v=2"
]
}
]
}
}
3 changes: 3 additions & 0 deletions docs/getting-started-guides/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
If you are not sure what OSes and infrastructure is supported, the table below lists all the combinations which have
been tested recently.

For the easiest "kick the tires" experience, please try the [local docker](docker.md) guide.

If you are considering contributing a new guide, please read the
[guidelines](../../docs/devel/writing-a-getting-started-guide.md).

Expand All @@ -23,6 +25,7 @@ Vmware | CoreOS | CoreOS | flannel | [docs](../../docs/getting
Azure | Saltstack | Ubuntu | OpenVPN | [docs](../../docs/getting-started-guides/azure.md) | Community (@jeffmendoza) |
Bare-metal | custom | Ubuntu | _none_ | [docs](../../docs/getting-started-guides/ubuntu_single_node.md) | Community (@jainvipin) |
Bare-metal | custom | Ubuntu Cluster | flannel | [docs](../../docs/getting-started-guides/ubuntu_multinodes_cluster.md) | Community (@resouer @WIZARD-CXY) | use k8s version 0.12.0
Docker | custom | N/A | local | [docs](docker.md) | Project (@brendandburns) | Tested @ 0.14.1 |
Local | | | _none_ | [docs](../../docs/getting-started-guides/locally.md) | Community (@preillyme) |
Ovirt | | | | [docs](../../docs/getting-started-guides/ovirt.md) | Inactive |
Rackspace | CoreOS | CoreOS | Rackspace | [docs](../../docs/getting-started-guides/rackspace.md) | Inactive |
Expand Down
76 changes: 76 additions & 0 deletions docs/getting-started-guides/docker.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
## Running kubernetes locally via Docker
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you test this on your mac as well as on your linux box? It'd be nice to know it worked both with a local docker install and with boot2docker.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did test it on my mac, and it does work correctly! You need to boot2docker ssh -L8080:localhost:8080 to access it from outside of the VirtualBox VM, I updated instructions.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that's necessary if you use $(boot2docker ip) instead of local host.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed.


The following instructions show you how to set up a simple, single node kubernetes cluster using Docker.

### Step One: Run etcd
```sh
docker run --net=host -d kubernetes/etcd:2.0.5.1 /usr/local/bin/etcd --addr=127.0.0.1:4001 --bind-addr=0.0.0.0:4001 --data-dir=/var/etcd/data
```

### Step Two: Run the master
```sh
docker run --net=host -d -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v0.14.1 /hyperkube kubelet --api_servers=http://localhost:8080 --v=2 --address=0.0.0.0 --enable_server --hostname_override=127.0.0.1 --config=/etc/kubernetes/manifests
```

This actually runs the kubelet, which in turn runs a [pod](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/pods.md) that contains the other master components.

### Step Three: Run the service proxy
*Note, this could be combined with master above, but it requires --privileged for iptables manipulation*
```sh
docker run -d --net=host --privileged gcr.io/google_containers/hyperkube:v0.14.1 /hyperkube proxy --master=http://127.0.0.1:8080 --v=2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default I'd argue you should keep it simple and run everything as privileged, and reduce the instruction to a single docker run command (like #1716)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to do that the kubelet needs to be flag flipped to enable it to run privileged containers. Not sure if a user expects that (since now anyone with API access can run privileged contaieners)

Will see if we can restrict it only to file manifests.

```

### Test it out
At this point you should have a running kubernetes cluster. You can test this by downloading the kubectl
binary
([OS X](http://storage.googleapis.com/kubernetes-release/release/v0.14.1/bin/darwin/amd64/kubectl))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any way we can automatically point these at the latest release? Otherwise they are going to get stale quickly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't do that right now... We should definitely do something like that. (although fortunately, kubectl should be semi-resilient to staleness) but we're going to need to update this doc to point to a new version of the docker image anyway.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An alternative could be to have the kubectl read pod from stdin or a volume and launch it with docker run hyperkube kubectl ;)

([linux](http://storage.googleapis.com/kubernetes-release/release/v0.14.1/bin/linux/amd64/kubectl))

*Note:*
On OS/X you will need to set up port forwarding via ssh:
```sh
boot2docker ssh -L8080:localhost:8080
```

List the nodes in your cluster by running::

```sh
kubectl get nodes
```

This should print:
```
NAME LABELS STATUS
127.0.0.1 <none> Ready
```

If you are running different kubernetes clusters, you may need to specify ```-s http://localhost:8080``` to select the local cluster.

### Run an application
```sh
kubectl -s http://localhost:8080 run-container nginx --image=nginx --port=80
```

now run ```docker ps``` you should see nginx running. You may need to wait a few minutes for the image to get pulled.

### Expose it as a service:
```sh
kubectl expose rc nginx --port=80
```

This should print:
```
NAME LABELS SELECTOR IP PORT(S)
nginx <none> run-container=nginx <ip-addr> 80/TCP
```

Hit the webserver:
```sh
curl <insert-ip-from-above-here>
```

Note that you will need run this curl command on your boot2docker VM if you are running on OS X.

### A note on turning down your cluster
Many of these containers run under the management of the ```kubelet``` binary, which attempts to keep containers running, even if they fail. So, in order to turn down
the cluster, you need to first kill the kubelet container, and then any other containers.