cri-o/vendor/k8s.io/kubernetes/cluster/rackspace/cloud-config/master-cloud-config.yaml

#cloud-config

write_files:
  - path: /etc/cloud.conf
    permissions: 0600
    content: |
      [Global]
      auth-url = OS_AUTH_URL
      username = OS_USERNAME
      api-key = OS_PASSWORD
      tenant-id = OS_TENANT_NAME
      region = OS_REGION_NAME
      [LoadBalancer]
      subnet-id = 11111111-1111-1111-1111-111111111111
  - path: /opt/bin/git-kubernetes-nginx.sh
    permissions: 0755
    content: |
      #!/bin/bash
      git clone https://github.com/thommay/kubernetes_nginx /opt/kubernetes_nginx
      /usr/bin/cp /opt/.kubernetes_auth /opt/kubernetes_nginx/.kubernetes_auth
      /opt/kubernetes_nginx/git-kubernetes-nginx.sh
  - path: /opt/bin/download-release.sh
    permissions: 0755
    content: |
      #!/bin/bash
      # This temp URL is only good for the length of time specified at cluster creation time.
      # Afterward, it will result in a 403.
      OBJECT_URL="CLOUD_FILES_URL"
      if [ ! -s /opt/kubernetes.tar.gz ]
      then
        echo "Downloading release ($OBJECT_URL)"
        wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz
        echo "Unpacking release"
        rm -rf /opt/kubernetes || false
        tar xzf /opt/kubernetes.tar.gz -C /opt/
      else
        echo "kubernetes release found. Skipping download."
      fi
  - path: /opt/.kubernetes_auth
    permissions: 0600
    content: |
      KUBE_USER:KUBE_PASSWORD

coreos:
  etcd2:
    discovery: https://discovery.etcd.io/DISCOVERY_ID
    advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001
    initial-advertise-peer-urls: http://$private_ipv4:2380
    listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
    listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001

  flannel:
    ip_masq: true
    interface: eth2

  fleet:
    public-ip: $private_ipv4
    metadata: kubernetes_role=master

  update:
    reboot-strategy: off

  units:
    - name: etcd2.service
      command: start
    - name: fleet.service
      command: start
    - name: flanneld.service
      drop-ins:
        - name: 50-flannel.conf
          content: |
            [Unit]
            Requires=etcd2.service
            After=etcd2.service

            [Service]
            ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network":"KUBE_NETWORK", "Backend": {"Type": "host-gw"}}'
      command: start
    - name: generate-serviceaccount-key.service
      command: start
      content: |
        [Unit]
        Description=Generate service-account key file

        [Service]
        ExecStartPre=-/usr/bin/mkdir -p /var/run/kubernetes/
        ExecStart=/bin/openssl genrsa -out /var/run/kubernetes/kube-serviceaccount.key 2048 2>/dev/null
        RemainAfterExit=yes
        Type=oneshot
    - name: docker.service
      command: start
      drop-ins:
        - name: 51-docker-mirror.conf
          content: |
            [Unit]
            # making sure that flanneld finished startup, otherwise containers
            # won't land in flannel's network...
            Requires=flanneld.service
            After=flanneld.service
            Restart=Always
    - name: download-release.service
      command: start
      content: |
        [Unit]
        Description=Downloads Kubernetes Release
        After=network-online.target
        Requires=network-online.target
        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/bash /opt/bin/download-release.sh
    - name: kube-apiserver.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes API Server
        Documentation=https://github.com/kubernetes/kubernetes
        After=network-online.target
        Requires=network-online.target
        After=download-release.service
        Requires=download-release.service
        Requires=generate-serviceaccount-key.service
        After=generate-serviceaccount-key.service
        [Service]
        ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-apiserver /opt/bin/kube-apiserver
        ExecStartPre=/usr/bin/mkdir -p /var/lib/kube-apiserver
        ExecStart=/opt/bin/kube-apiserver \
        --address=127.0.0.1 \
        --cloud-provider=rackspace \
        --cloud-config=/etc/cloud.conf \
        --etcd-servers=http://127.0.0.1:4001 \
        --logtostderr=true \
        --port=8080 \
        --service-cluster-ip-range=SERVICE_CLUSTER_IP_RANGE \
        --token-auth-file=/var/lib/kube-apiserver/known_tokens.csv \
        --v=2 \
        --service-account-key-file=/var/run/kubernetes/kube-serviceaccount.key \
        --service-account-lookup=false \
        --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
        Restart=always
        RestartSec=5
    - name: apiserver-advertiser.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Apiserver Advertiser
        After=etcd2.service
        Requires=etcd2.service
        After=master-apiserver.service
        [Service]
        ExecStart=/bin/sh -c 'etcdctl set /corekube/apiservers/$public_ipv4 $public_ipv4'
        Restart=always
        RestartSec=120
    - name: kube-controller-manager.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Controller Manager
        Documentation=https://github.com/kubernetes/kubernetes
        After=network-online.target
        Requires=network-online.target
        After=kube-apiserver.service
        Requires=kube-apiserver.service
        [Service]
        ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-controller-manager /opt/bin/kube-controller-manager
        ExecStart=/opt/bin/kube-controller-manager \
        --cloud-provider=rackspace \
        --cloud-config=/etc/cloud.conf \
        --logtostderr=true \
        --master=127.0.0.1:8080 \
        --v=2 \
        --service-account-private-key-file=/var/run/kubernetes/kube-serviceaccount.key \
        --root-ca-file=/run/kubernetes/apiserver.crt
        Restart=always
        RestartSec=5
    - name: kube-scheduler.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Scheduler
        Documentation=https://github.com/kubernetes/kubernetes
        After=network-online.target
        Requires=network-online.target
        After=kube-apiserver.service
        Requires=kube-apiserver.service
        [Service]
        ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-scheduler /opt/bin/kube-scheduler
        ExecStart=/opt/bin/kube-scheduler \
        --logtostderr=true \
        --master=127.0.0.1:8080
        Restart=always
        RestartSec=5
    #Running nginx service with --net="host" is a necessary evil until running all k8s services in docker.
    - name: kubernetes-nginx.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Nginx Service
        After=network-online.target
        Requires=network-online.target
        After=docker.service
        Requires=docker.service
        [Service]
        ExecStartPre=/opt/bin/git-kubernetes-nginx.sh
        ExecStartPre=-/usr/bin/docker rm kubernetes_nginx
        ExecStart=/usr/bin/docker run --rm --net="host" -p "443:443" -t --name "kubernetes_nginx" kubernetes_nginx
        ExecStop=/usr/bin/docker stop kubernetes_nginx
        Restart=always
        RestartSec=15
Switch to github.com/golang/dep for vendoring Signed-off-by: Mrunal Patel <mrunalp@gmail.com> 2017-02-01 00:45:59 +00:00			`#cloud-config`

			`write_files:`
			`- path: /etc/cloud.conf`
			`permissions: 0600`
			`content: \|`
			`[Global]`
			`auth-url = OS_AUTH_URL`
			`username = OS_USERNAME`
			`api-key = OS_PASSWORD`
			`tenant-id = OS_TENANT_NAME`
			`region = OS_REGION_NAME`
			`[LoadBalancer]`
			`subnet-id = 11111111-1111-1111-1111-111111111111`
			`- path: /opt/bin/git-kubernetes-nginx.sh`
			`permissions: 0755`
			`content: \|`
			`#!/bin/bash`
			`git clone https://github.com/thommay/kubernetes_nginx /opt/kubernetes_nginx`
			`/usr/bin/cp /opt/.kubernetes_auth /opt/kubernetes_nginx/.kubernetes_auth`
			`/opt/kubernetes_nginx/git-kubernetes-nginx.sh`
			`- path: /opt/bin/download-release.sh`
			`permissions: 0755`
			`content: \|`
			`#!/bin/bash`
			`# This temp URL is only good for the length of time specified at cluster creation time.`
			`# Afterward, it will result in a 403.`
			`OBJECT_URL="CLOUD_FILES_URL"`
			`if [ ! -s /opt/kubernetes.tar.gz ]`
			`then`
			`echo "Downloading release ($OBJECT_URL)"`
			`wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz`
			`echo "Unpacking release"`
			`rm -rf /opt/kubernetes \|\| false`
			`tar xzf /opt/kubernetes.tar.gz -C /opt/`
			`else`
			`echo "kubernetes release found. Skipping download."`
			`fi`
			`- path: /opt/.kubernetes_auth`
			`permissions: 0600`
			`content: \|`
			`KUBE_USER:KUBE_PASSWORD`

			`coreos:`
			`etcd2:`
			`discovery: https://discovery.etcd.io/DISCOVERY_ID`
			`advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001`
			`initial-advertise-peer-urls: http://$private_ipv4:2380`
			`listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001`
			`listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001`

			`flannel:`
			`ip_masq: true`
			`interface: eth2`

			`fleet:`
			`public-ip: $private_ipv4`
			`metadata: kubernetes_role=master`

			`update:`
			`reboot-strategy: off`

			`units:`
			`- name: etcd2.service`
			`command: start`
			`- name: fleet.service`
			`command: start`
			`- name: flanneld.service`
			`drop-ins:`
			`- name: 50-flannel.conf`
			`content: \|`
			`[Unit]`
			`Requires=etcd2.service`
			`After=etcd2.service`

			`[Service]`
			`ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network":"KUBE_NETWORK", "Backend": {"Type": "host-gw"}}'`
			`command: start`
			`- name: generate-serviceaccount-key.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Generate service-account key file`

			`[Service]`
			`ExecStartPre=-/usr/bin/mkdir -p /var/run/kubernetes/`
			`ExecStart=/bin/openssl genrsa -out /var/run/kubernetes/kube-serviceaccount.key 2048 2>/dev/null`
			`RemainAfterExit=yes`
			`Type=oneshot`
			`- name: docker.service`
			`command: start`
			`drop-ins:`
			`- name: 51-docker-mirror.conf`
			`content: \|`
			`[Unit]`
			`# making sure that flanneld finished startup, otherwise containers`
			`# won't land in flannel's network...`
			`Requires=flanneld.service`
			`After=flanneld.service`
			`Restart=Always`
			`- name: download-release.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Downloads Kubernetes Release`
			`After=network-online.target`
			`Requires=network-online.target`
			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=yes`
			`ExecStart=/usr/bin/bash /opt/bin/download-release.sh`
			`- name: kube-apiserver.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Kubernetes API Server`
			`Documentation=https://github.com/kubernetes/kubernetes`
			`After=network-online.target`
			`Requires=network-online.target`
			`After=download-release.service`
			`Requires=download-release.service`
			`Requires=generate-serviceaccount-key.service`
			`After=generate-serviceaccount-key.service`
			`[Service]`
			`ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-apiserver /opt/bin/kube-apiserver`
			`ExecStartPre=/usr/bin/mkdir -p /var/lib/kube-apiserver`
			`ExecStart=/opt/bin/kube-apiserver \`
			`--address=127.0.0.1 \`
			`--cloud-provider=rackspace \`
			`--cloud-config=/etc/cloud.conf \`
			`--etcd-servers=http://127.0.0.1:4001 \`
			`--logtostderr=true \`
			`--port=8080 \`
			`--service-cluster-ip-range=SERVICE_CLUSTER_IP_RANGE \`
			`--token-auth-file=/var/lib/kube-apiserver/known_tokens.csv \`
			`--v=2 \`
			`--service-account-key-file=/var/run/kubernetes/kube-serviceaccount.key \`
			`--service-account-lookup=false \`
			`--admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota`
			`Restart=always`
			`RestartSec=5`
			`- name: apiserver-advertiser.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Kubernetes Apiserver Advertiser`
			`After=etcd2.service`
			`Requires=etcd2.service`
			`After=master-apiserver.service`
			`[Service]`
			`ExecStart=/bin/sh -c 'etcdctl set /corekube/apiservers/$public_ipv4 $public_ipv4'`
			`Restart=always`
			`RestartSec=120`
			`- name: kube-controller-manager.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Kubernetes Controller Manager`
			`Documentation=https://github.com/kubernetes/kubernetes`
			`After=network-online.target`
			`Requires=network-online.target`
			`After=kube-apiserver.service`
			`Requires=kube-apiserver.service`
			`[Service]`
			`ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-controller-manager /opt/bin/kube-controller-manager`
			`ExecStart=/opt/bin/kube-controller-manager \`
			`--cloud-provider=rackspace \`
			`--cloud-config=/etc/cloud.conf \`
			`--logtostderr=true \`
			`--master=127.0.0.1:8080 \`
			`--v=2 \`
			`--service-account-private-key-file=/var/run/kubernetes/kube-serviceaccount.key \`
			`--root-ca-file=/run/kubernetes/apiserver.crt`
			`Restart=always`
			`RestartSec=5`
			`- name: kube-scheduler.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Kubernetes Scheduler`
			`Documentation=https://github.com/kubernetes/kubernetes`
			`After=network-online.target`
			`Requires=network-online.target`
			`After=kube-apiserver.service`
			`Requires=kube-apiserver.service`
			`[Service]`
			`ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-scheduler /opt/bin/kube-scheduler`
			`ExecStart=/opt/bin/kube-scheduler \`
			`--logtostderr=true \`
			`--master=127.0.0.1:8080`
			`Restart=always`
			`RestartSec=5`
			`#Running nginx service with --net="host" is a necessary evil until running all k8s services in docker.`
			`- name: kubernetes-nginx.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Kubernetes Nginx Service`
			`After=network-online.target`
			`Requires=network-online.target`
			`After=docker.service`
			`Requires=docker.service`
			`[Service]`
			`ExecStartPre=/opt/bin/git-kubernetes-nginx.sh`
			`ExecStartPre=-/usr/bin/docker rm kubernetes_nginx`
			`ExecStart=/usr/bin/docker run --rm --net="host" -p "443:443" -t --name "kubernetes_nginx" kubernetes_nginx`
			`ExecStop=/usr/bin/docker stop kubernetes_nginx`
			`Restart=always`
			`RestartSec=15`