vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Vendor: Update k8s version

Browse source 
Signed-off-by: Michał Żyłowski <michal.zylowski@intel.com>
This commit is contained in:
Michał Żyłowski 2017-02-03 14:41:32 +01:00
parent dfa93414c5
commit 52baf68d50
3756 changed files with 113013 additions and 92675 deletions
Download patch file Download diff file Expand all files Collapse all files

27
vendor/k8s.io/kubernetes/cluster/BUILD generated vendored
View file

@ -1,5 +1,7 @@
package(default_visibility = ["//visibility:public"])
load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
licenses(["notice"])
filegroup(
@ -14,6 +16,31 @@ filegroup(
srcs = [
":package-srcs",
"//cluster/addons:all-srcs",
"//cluster/gce:all-srcs",
"//cluster/saltbase:all-srcs",
],
tags = ["automanaged"],
)
# All of the manifests that are expected to be in a "gci-trusty"
# subdir of the manifests tarball.
pkg_tar(
name = "_manifests-gci-trusty",
package_dir = "gci-trusty",
visibility = ["//visibility:private"],
deps = [
"//cluster/addons",
"//cluster/gce:gci-trusty-manifests",
"//cluster/saltbase:gci-trusty-salt-manifests",
],
)
pkg_tar(
name = "manifests",
mode = "0644",
package_dir = "kubernetes",
deps = [
":_manifests-gci-trusty",
"//cluster/saltbase:salt-manifests",
],
)

8
vendor/k8s.io/kubernetes/cluster/OWNERS generated vendored
View file

@ -1,4 +1,10 @@
assignees:
reviewers:
- eparis
- jbeda
- mikedanese
- roberthbailey
- zmerlynn
approvers:
- eparis
- jbeda
- mikedanese

24
vendor/k8s.io/kubernetes/cluster/addons/BUILD generated vendored
View file

@ -4,21 +4,14 @@ load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
filegroup(
name = "addon-srcs",
srcs = glob([
"calico-policy-controller/*",
"cluster-loadbalancing/*",
"cluster-monitoring/*",
"dashboard/*",
"dns/*",
"etcd-empty-dir-cleanup/*",
"fluentd-elasticsearch/*",
"fluentd-gcp/*",
"gci/*",
"node-problem-detector/*",
"podsecuritypolicies/*",
"python-image/*",
"registry/*",
]),
srcs = glob(
[
"**/*.json",
"**/*.yaml",
"**/*.yaml.in",
],
exclude = ["**/*demo*/**"],
),
)
pkg_tar(
@ -27,6 +20,7 @@ pkg_tar(
files = [
":addon-srcs",
],
mode = "0644",
strip_prefix = ".",
)

9
vendor/k8s.io/kubernetes/cluster/addons/cluster-monitoring/OWNERS generated vendored
View file

@ -1,3 +1,6 @@
assignees:
- DirectXMan12
- piosz
approvers:
- DirectXMan12
- piosz
reviewers:
- DirectXMan12
- piosz

5
vendor/k8s.io/kubernetes/cluster/addons/dns-horizontal-autoscaler/OWNERS generated vendored
View file

@ -1,3 +1,6 @@
assignees:
approvers:
- bowei
- mrhohn
reviewers:
- bowei
- mrhohn

5
vendor/k8s.io/kubernetes/cluster/addons/dns/OWNERS generated vendored
View file

@ -1,3 +1,6 @@
assignees:
approvers:
- bowei
- mrhohn
reviewers:
- bowei
- mrhohn

6
vendor/k8s.io/kubernetes/cluster/addons/dns/kubedns-controller.yaml.base generated vendored
View file

@ -47,7 +47,7 @@ spec:
spec:
containers:
- name: kubedns
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.11.0
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
@ -96,7 +96,7 @@ spec:
name: metrics
protocol: TCP
- name: dnsmasq
image: gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.11.0
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
@ -124,7 +124,7 @@ spec:
cpu: 150m
memory: 10Mi
- name: sidecar
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.11.0
livenessProbe:
httpGet:
path: /metrics

6
vendor/k8s.io/kubernetes/cluster/addons/dns/kubedns-controller.yaml.in generated vendored
View file

@ -47,7 +47,7 @@ spec:
spec:
containers:
- name: kubedns
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.11.0
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
@ -96,7 +96,7 @@ spec:
name: metrics
protocol: TCP
- name: dnsmasq
image: gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.11.0
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
@ -124,7 +124,7 @@ spec:
cpu: 150m
memory: 10Mi
- name: sidecar
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.11.0
livenessProbe:
httpGet:
path: /metrics

6
vendor/k8s.io/kubernetes/cluster/addons/dns/kubedns-controller.yaml.sed generated vendored
View file

@ -47,7 +47,7 @@ spec:
spec:
containers:
- name: kubedns
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.11.0
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
@ -95,7 +95,7 @@ spec:
name: metrics
protocol: TCP
- name: dnsmasq
image: gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.11.0
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
@ -123,7 +123,7 @@ spec:
cpu: 150m
memory: 10Mi
- name: sidecar
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.10.1
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.11.0
livenessProbe:
httpGet:
path: /metrics

19
vendor/k8s.io/kubernetes/cluster/addons/e2e-rbac-bindings/e2e-user-binding.yaml generated vendored
View file

@ -1,19 +0,0 @@
# This is the main user for the e2e tests. This is ok to leave long term
# since the first user in the test can reasonably be high power
# its kubecfg in gce
# TODO consider provisioning each test its namespace and giving it an
# admin user. This still has to exist, but e2e wouldn't normally use it
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
name: e2e-user-cluster-admin
labels:
kubernetes.io/cluster-service: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiVersion: rbac/v1alpha1
kind: User
name: kubecfg

9
vendor/k8s.io/kubernetes/cluster/addons/fluentd-elasticsearch/OWNERS generated vendored
View file

@ -1,3 +1,6 @@
assignees:
- Crassirostris
- piosz
approvers:
- Crassirostris
- piosz
reviewers:
- Crassirostris
- piosz

2
vendor/k8s.io/kubernetes/cluster/addons/fluentd-elasticsearch/es-controller.yaml generated vendored
View file

@ -20,7 +20,7 @@ spec:
kubernetes.io/cluster-service: "true"
spec:
containers:
- image: gcr.io/google_containers/elasticsearch:v2.4.1
- image: gcr.io/google_containers/elasticsearch:v2.4.1-1
name: elasticsearch-logging
resources:
# need more cpu upon initialization, therefore burstable class

2
vendor/k8s.io/kubernetes/cluster/addons/fluentd-elasticsearch/es-image/Makefile generated vendored
View file

@ -16,7 +16,7 @@
# The current value of the tag to be used for building and
# pushing an image to gcr.io
TAG = v2.4.1
TAG = v2.4.1-1
build: elasticsearch_logging_discovery
docker build --pull -t gcr.io/google_containers/elasticsearch:$(TAG) .

1
vendor/k8s.io/kubernetes/cluster/addons/fluentd-elasticsearch/es-image/config/elasticsearch.yml generated vendored
View file

@ -1,5 +1,6 @@
cluster.name: kubernetes-logging
node.name: ${NODE_NAME}
node.master: ${NODE_MASTER}
node.data: ${NODE_DATA}

11
vendor/k8s.io/kubernetes/cluster/addons/fluentd-elasticsearch/es-image/elasticsearch_logging_discovery.go generated vendored
View file

@ -24,9 +24,10 @@ import (
"time"
"github.com/golang/glog"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
restclient "k8s.io/client-go/rest"
"k8s.io/kubernetes/pkg/api"
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
"k8s.io/kubernetes/pkg/client/restclient"
)
func flattenSubsets(subsets []api.EndpointSubset) []string {
@ -52,10 +53,10 @@ func main() {
if err != nil {
glog.Fatalf("Failed to make client: %v", err)
}
namespace := api.NamespaceSystem
namespace := metav1.NamespaceSystem
envNamespace := os.Getenv("NAMESPACE")
if envNamespace != "" {
if _, err := client.Core().Namespaces().Get(envNamespace); err != nil {
if _, err := client.Core().Namespaces().Get(envNamespace, meta_v1.GetOptions{}); err != nil {
glog.Fatalf("%s namespace doesn't exist: %v", envNamespace, err)
}
namespace = envNamespace
@ -65,7 +66,7 @@ func main() {
// Look for endpoints associated with the Elasticsearch loggging service.
// First wait for the service to become available.
for t := time.Now(); time.Since(t) < 5*time.Minute; time.Sleep(10 * time.Second) {
elasticsearch, err = client.Core().Services(namespace).Get("elasticsearch-logging")
elasticsearch, err = client.Core().Services(namespace).Get("elasticsearch-logging", meta_v1.GetOptions{})
if err == nil {
break
}
@ -82,7 +83,7 @@ func main() {
// Wait for some endpoints.
count := 0
for t := time.Now(); time.Since(t) < 5*time.Minute; time.Sleep(10 * time.Second) {
endpoints, err = client.Core().Endpoints(namespace).Get("elasticsearch-logging")
endpoints, err = client.Core().Endpoints(namespace).Get("elasticsearch-logging", meta_v1.GetOptions{})
if err != nil {
continue
}

1
vendor/k8s.io/kubernetes/cluster/addons/fluentd-elasticsearch/es-image/run.sh generated vendored
View file

@ -14,6 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
export NODE_NAME=${NODE_NAME:-${HOSTNAME}}
export NODE_MASTER=${NODE_MASTER:-true}
export NODE_DATA=${NODE_DATA:-true}
export HTTP_PORT=${HTTP_PORT:-9200}

9
vendor/k8s.io/kubernetes/cluster/addons/fluentd-gcp/OWNERS generated vendored
View file

@ -1,3 +1,6 @@
assignees:
- Crassirostris
- piosz
approvers:
- Crassirostris
- piosz
reviewers:
- Crassirostris
- piosz

13
vendor/k8s.io/kubernetes/cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml generated vendored
View file

@ -2,23 +2,23 @@
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: fluentd-gcp-v1.31
name: fluentd-gcp-v1.34
namespace: kube-system
labels:
k8s-app: fluentd-gcp
kubernetes.io/cluster-service: "true"
version: v1.31
version: v1.34
spec:
template:
metadata:
labels:
k8s-app: fluentd-gcp
kubernetes.io/cluster-service: "true"
version: v1.31
version: v1.34
spec:
containers:
- name: fluentd-gcp
image: gcr.io/google_containers/fluentd-gcp:1.32
image: gcr.io/google_containers/fluentd-gcp:1.34
# If fluentd consumes its own logs, the following situation may happen:
# fluentd fails to send a chunk to the server => writes it to the log =>
# tries to send this message to the server => fails to send a chunk and so on.
@ -40,8 +40,6 @@ spec:
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: libsystemddir
mountPath: /host/lib
# Liveness probe is aimed to help in situarions where fluentd
# silently hangs for no apparent reasons until manual restart.
# The idea of this probe is that if fluentd is not queueing or
@ -84,6 +82,3 @@ spec:
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: libsystemddir
hostPath:
path: /usr/lib64

1
vendor/k8s.io/kubernetes/cluster/addons/fluentd-gcp/fluentd-gcp-image/Dockerfile generated vendored
View file

@ -36,6 +36,7 @@ RUN apt-get -qq update && \
td-agent-gem install --no-document fluent-plugin-record-reformer -v 0.8.2 && \
td-agent-gem install --no-document fluent-plugin-systemd -v 0.0.5 && \
td-agent-gem install --no-document fluent-plugin-google-cloud -v 0.5.2 && \
td-agent-gem install --no-document fluent-plugin-detect-exceptions -v 0.0.4 && \
# Remove build tools
apt-get remove -y -qq gcc make && \
apt-get autoremove -y -qq && \

2
vendor/k8s.io/kubernetes/cluster/addons/fluentd-gcp/fluentd-gcp-image/Makefile generated vendored
View file

@ -26,7 +26,7 @@
.PHONY: build push
PREFIX=gcr.io/google_containers
TAG = 1.32
TAG = 1.34
build:
docker build --pull -t $(PREFIX)/fluentd-gcp:$(TAG) .

13
vendor/k8s.io/kubernetes/cluster/addons/fluentd-gcp/fluentd-gcp-image/fluent.conf generated vendored
View file

@ -70,7 +70,18 @@
<match reform.**>
type record_reformer
enable_ruby true
tag kubernetes.${tag_suffix[4].split('-')[0..-2].join('-')}
tag raw.kubernetes.${tag_suffix[4].split('-')[0..-2].join('-')}
</match>
# Detect exceptions in the log output and forward them as one log entry.
<match raw.kubernetes.**>
type detect_exceptions
remove_tag_prefix raw
message log
stream stream
multiline_flush_interval 5
max_bytes 500000
max_lines 1000
</match>
# Example:

6
vendor/k8s.io/kubernetes/cluster/addons/fluentd-gcp/fluentd-gcp-image/run.sh generated vendored
View file

@ -17,12 +17,6 @@
# For systems without journald
mkdir -p /var/log/journal
if [ -e /host/lib/libsystemd* ]
then
rm /lib/x86_64-linux-gnu/libsystemd*
cp /host/lib/libsystemd* /lib/x86_64-linux-gnu/
fi
LD_PRELOAD=/opt/td-agent/embedded/lib/libjemalloc.so
RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=0.9

2
vendor/k8s.io/kubernetes/cluster/aws/config-default.sh generated vendored
View file

@ -151,7 +151,7 @@ NODE_OS_DISTRIBUTION="${KUBE_OS_DISTRIBUTION}"
KUBE_NODE_IMAGE="${KUBE_NODE_IMAGE:-}"
COREOS_CHANNEL="${COREOS_CHANNEL:-alpha}"
CONTAINER_RUNTIME="${KUBE_CONTAINER_RUNTIME:-docker}"
RKT_VERSION="${KUBE_RKT_VERSION:-1.14.0}"
RKT_VERSION="${KUBE_RKT_VERSION:-1.23.0}"
NETWORK_PROVIDER="${NETWORK_PROVIDER:-kubenet}" # kubenet, opencontrail, flannel

2
vendor/k8s.io/kubernetes/cluster/aws/config-test.sh generated vendored
View file

@ -137,7 +137,7 @@ NODE_OS_DISTRIBUTION="${KUBE_OS_DISTRIBUTION}"
KUBE_NODE_IMAGE="${KUBE_NODE_IMAGE:-}"
COREOS_CHANNEL="${COREOS_CHANNEL:-alpha}"
CONTAINER_RUNTIME="${KUBE_CONTAINER_RUNTIME:-docker}"
RKT_VERSION="${KUBE_RKT_VERSION:-1.14.0}"
RKT_VERSION="${KUBE_RKT_VERSION:-1.23.0}"
NETWORK_PROVIDER="${NETWORK_PROVIDER:-kubenet}" # kubenet, opencontrail, flannel

12
vendor/k8s.io/kubernetes/cluster/aws/util.sh generated vendored
View file

@ -570,18 +570,6 @@ function verify-prereqs {
fi
}
# Create a temp dir that'll be deleted at the end of this bash session.
#
# Vars set:
# KUBE_TEMP
function ensure-temp-dir {
if [[ -z ${KUBE_TEMP-} ]]; then
KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap 'rm -rf "${KUBE_TEMP}"' EXIT
fi
}
# Take the local tar files and upload them to S3. They will then be
# downloaded by the master as part of the start up script for the master.
#

11
vendor/k8s.io/kubernetes/cluster/azure-legacy/util.sh generated vendored
View file

@ -100,17 +100,6 @@ function verify-prereqs {
echo "==> CONTAINER: $CONTAINER"
}
# Create a temp dir that'll be deleted at the end of this bash session.
#
# Vars set:
# KUBE_TEMP
function ensure-temp-dir {
if [[ -z ${KUBE_TEMP-} ]]; then
KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap 'rm -rf "${KUBE_TEMP}"' EXIT
fi
}
# Take the local tar files and upload them to Azure Storage. They will then be
# downloaded by the master as part of the start up script for the master.
#

76
vendor/k8s.io/kubernetes/cluster/common.sh generated vendored
View file

@ -308,6 +308,17 @@ function load-or-gen-kube-bearertoken() {
fi
}
# Create a temp dir that'll be deleted at the end of this bash session.
#
# Vars set:
# KUBE_TEMP
function ensure-temp-dir {
if [[ -z ${KUBE_TEMP-} ]]; then
KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap 'rm -rf "${KUBE_TEMP}"' EXIT
fi
}
# Get the master IP for the current-context in kubeconfig if one exists.
#
# Assumed vars:
@ -412,6 +423,30 @@ function tars_from_version() {
fi
}
# Search for the specified tarball in the various known output locations,
# echoing the location if found.
#
# Assumed vars:
# KUBE_ROOT
#
# Args:
# $1 name of tarball to search for
function find-tar() {
local -r tarball=$1
locations=(
"${KUBE_ROOT}/server/${tarball}"
"${KUBE_ROOT}/_output/release-tars/${tarball}"
"${KUBE_ROOT}/bazel-bin/build/release-tars/${tarball}"
)
location=$( (ls -t "${locations[@]}" 2>/dev/null || true) | head -1 )
if [[ ! -f "${location}" ]]; then
echo "!!! Cannot find ${tarball}" >&2
exit 1
fi
echo "${location}"
}
# Verify and find the various tar files that we are going to use on the server.
#
# Assumed vars:
@ -421,36 +456,14 @@ function tars_from_version() {
# SALT_TAR
# KUBE_MANIFESTS_TAR
function find-release-tars() {
SERVER_BINARY_TAR="${KUBE_ROOT}/server/kubernetes-server-linux-amd64.tar.gz"
if [[ ! -f "${SERVER_BINARY_TAR}" ]]; then
SERVER_BINARY_TAR="${KUBE_ROOT}/_output/release-tars/kubernetes-server-linux-amd64.tar.gz"
fi
if [[ ! -f "${SERVER_BINARY_TAR}" ]]; then
echo "!!! Cannot find kubernetes-server-linux-amd64.tar.gz" >&2
exit 1
fi
SALT_TAR="${KUBE_ROOT}/server/kubernetes-salt.tar.gz"
if [[ ! -f "${SALT_TAR}" ]]; then
SALT_TAR="${KUBE_ROOT}/_output/release-tars/kubernetes-salt.tar.gz"
fi
if [[ ! -f "${SALT_TAR}" ]]; then
echo "!!! Cannot find kubernetes-salt.tar.gz" >&2
exit 1
fi
SERVER_BINARY_TAR=$(find-tar kubernetes-server-linux-amd64.tar.gz)
SALT_TAR=$(find-tar kubernetes-salt.tar.gz)
# This tarball is used by GCI, Ubuntu Trusty, and Container Linux.
KUBE_MANIFESTS_TAR=
if [[ "${MASTER_OS_DISTRIBUTION:-}" == "trusty" || "${MASTER_OS_DISTRIBUTION:-}" == "gci" || "${MASTER_OS_DISTRIBUTION:-}" == "container-linux" ]] || \
[[ "${NODE_OS_DISTRIBUTION:-}" == "trusty" || "${NODE_OS_DISTRIBUTION:-}" == "gci" || "${NODE_OS_DISTRIBUTION:-}" == "container-linux" ]] ; then
KUBE_MANIFESTS_TAR="${KUBE_ROOT}/server/kubernetes-manifests.tar.gz"
if [[ ! -f "${KUBE_MANIFESTS_TAR}" ]]; then
KUBE_MANIFESTS_TAR="${KUBE_ROOT}/_output/release-tars/kubernetes-manifests.tar.gz"
fi
if [[ ! -f "${KUBE_MANIFESTS_TAR}" ]]; then
echo "!!! Cannot find kubernetes-manifests.tar.gz" >&2
exit 1
fi
KUBE_MANIFESTS_TAR=$(find-tar kubernetes-manifests.tar.gz)
fi
}
@ -573,6 +586,7 @@ function build-kube-master-certs {
KUBEAPISERVER_CERT: $(yaml-quote ${KUBEAPISERVER_CERT_BASE64:-})
KUBEAPISERVER_KEY: $(yaml-quote ${KUBEAPISERVER_KEY_BASE64:-})
KUBELET_AUTH_CA_CERT: $(yaml-quote ${KUBELET_AUTH_CA_CERT_BASE64:-})
CA_KEY: $(yaml-quote ${CA_KEY_BASE64:-})
EOF
}
@ -719,7 +733,7 @@ ENABLE_MANIFEST_URL: $(yaml-quote ${ENABLE_MANIFEST_URL:-false})
MANIFEST_URL: $(yaml-quote ${MANIFEST_URL:-})
MANIFEST_URL_HEADER: $(yaml-quote ${MANIFEST_URL_HEADER:-})
NUM_NODES: $(yaml-quote ${NUM_NODES})
STORAGE_BACKEND: $(yaml-quote ${STORAGE_BACKEND:-etcd2})
STORAGE_BACKEND: $(yaml-quote ${STORAGE_BACKEND:-etcd3})
ENABLE_GARBAGE_COLLECTOR: $(yaml-quote ${ENABLE_GARBAGE_COLLECTOR:-})
MASTER_ADVERTISE_ADDRESS: $(yaml-quote ${MASTER_ADVERTISE_ADDRESS:-})
ETCD_CA_KEY: $(yaml-quote ${ETCD_CA_KEY_BASE64:-})
@ -948,6 +962,7 @@ function create-certs {
CERT_DIR="${KUBE_TEMP}/easy-rsa-master/easyrsa3"
# By default, linux wraps base64 output every 76 cols, so we use 'tr -d' to remove whitespaces.
# Note 'base64 -w0' doesn't work on Mac OS X, which has different flags.
CA_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/ca.key" | base64 | tr -d '\r\n')
CA_CERT_BASE64=$(cat "${CERT_DIR}/pki/ca.crt" | base64 | tr -d '\r\n')
MASTER_CERT_BASE64=$(cat "${CERT_DIR}/pki/issued/${MASTER_NAME}.crt" | base64 | tr -d '\r\n')
MASTER_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/${MASTER_NAME}.key" | base64 | tr -d '\r\n')
@ -995,7 +1010,12 @@ function generate-certs {
mv "kubelet.pem" "pki/issued/kubelet.crt"
rm -f "kubelet.csr"
./easyrsa build-client-full kubecfg nopass
# Make a superuser client cert with subject "O=system:masters, CN=kubecfg"
./easyrsa --dn-mode=org \
--req-cn=kubecfg --req-org=system:masters \
--req-c= --req-st= --req-city= --req-email= --req-ou= \
build-client-full kubecfg nopass
cd ../kubelet
./easyrsa init-pki
./easyrsa --batch "--req-cn=kubelet@$(date +%s)" build-ca nopass
@ -1049,7 +1069,7 @@ function update-or-verify-gcloud() {
${sudo_prefix} gcloud ${gcloud_prompt:-} components install beta
${sudo_prefix} gcloud ${gcloud_prompt:-} components update
else
local version=$(${sudo_prefix} gcloud version --format=json)
local version=$(gcloud version --format=json)
python -c'
import json,sys
from distutils import version

37
vendor/k8s.io/kubernetes/cluster/gce/BUILD generated vendored Normal file
View file

@ -0,0 +1,37 @@
package(default_visibility = ["//visibility:public"])
load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
pkg_tar(
name = "gci-trusty-manifests",
files = [
"container-linux/configure-helper.sh",
"gci/configure-helper.sh",
"gci/health-monitor.sh",
"gci/mounter/mounter",
"trusty/configure-helper.sh",
],
mode = "0755",
strip_prefix = ".",
# pkg_tar doesn't support renaming the files we add, so instead create symlinks.
symlinks = {
"container-linux-configure-helper.sh": "container-linux/configure-helper.sh",
"gci-configure-helper.sh": "gci/configure-helper.sh",
"health-monitor.sh": "gci/health-monitor.sh",
"gci-mounter": "gci/mounter/mounter",
"trusty-configure-helper.sh": "trusty/configure-helper.sh",
},
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

12
vendor/k8s.io/kubernetes/cluster/gce/config-default.sh generated vendored
View file

@ -46,18 +46,26 @@ if [[ "${NODE_OS_DISTRIBUTION}" == "coreos" ]]; then
NODE_OS_DISTRIBUTION="container-linux"
fi
if [[ "${MASTER_OS_DISTRIBUTION}" == "cos" ]]; then
MASTER_OS_DISTRIBUTION="gci"
fi
if [[ "${NODE_OS_DISTRIBUTION}" == "cos" ]]; then
NODE_OS_DISTRIBUTION="gci"
fi
# By default a cluster will be started with the master on GCI and nodes on
# containervm. If you are updating the containervm version, update this
# variable. Also please update corresponding image for node e2e at:
# https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/image-config.yaml
CVM_VERSION=container-vm-v20161208
CVM_VERSION=${CVM_VERSION:-container-vm-v20170117}
GCI_VERSION=${KUBE_GCI_VERSION:-gci-dev-56-8977-0-0}
MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-}
MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-google-containers}
NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${CVM_VERSION}}
NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-google-containers}
CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-docker}
RKT_VERSION=${KUBE_RKT_VERSION:-1.14.0}
RKT_VERSION=${KUBE_RKT_VERSION:-1.23.0}
RKT_STAGE1_IMAGE=${KUBE_RKT_STAGE1_IMAGE:-coreos.com/rkt/stage1-coreos}
NETWORK=${KUBE_GCE_NETWORK:-default}

12
vendor/k8s.io/kubernetes/cluster/gce/config-test.sh generated vendored
View file

@ -47,11 +47,19 @@ if [[ "${NODE_OS_DISTRIBUTION}" == "coreos" ]]; then
NODE_OS_DISTRIBUTION="container-linux"
fi
if [[ "${MASTER_OS_DISTRIBUTION}" == "cos" ]]; then
MASTER_OS_DISTRIBUTION="gci"
fi
if [[ "${NODE_OS_DISTRIBUTION}" == "cos" ]]; then
NODE_OS_DISTRIBUTION="gci"
fi
# By default a cluster will be started with the master on GCI and nodes on
# containervm. If you are updating the containervm version, update this
# variable. Also please update corresponding image for node e2e at:
# https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/image-config.yaml
CVM_VERSION=container-vm-v20161208
CVM_VERSION=${CVM_VERSION:-container-vm-v20170117}
GCI_VERSION=${KUBE_GCI_VERSION:-gci-dev-56-8977-0-0}
MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-}
MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-google-containers}
@ -59,7 +67,7 @@ NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${CVM_VERSION}}
NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-google-containers}
CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-docker}
GCI_DOCKER_VERSION=${KUBE_GCI_DOCKER_VERSION:-}
RKT_VERSION=${KUBE_RKT_VERSION:-1.14.0}
RKT_VERSION=${KUBE_RKT_VERSION:-1.23.0}
RKT_STAGE1_IMAGE=${KUBE_RKT_STAGE1_IMAGE:-coreos.com/rkt/stage1-coreos}
NETWORK=${KUBE_GCE_NETWORK:-e2e}

12
vendor/k8s.io/kubernetes/cluster/gce/container-linux/OWNERS generated vendored
View file

@ -1,4 +1,8 @@
assignees:
- euank
- yifan-gu
- ethernetdan
approvers:
- euank
- yifan-gu
- ethernetdan
reviewers:
- euank
- yifan-gu
- ethernetdan

9
vendor/k8s.io/kubernetes/cluster/gce/gci/configure-helper.sh generated vendored
View file

@ -68,7 +68,7 @@ function safe-format-and-mount() {
# Format only if the disk is not already formatted.
if ! tune2fs -l "${device}" ; then
echo "Formatting '${device}'"
mkfs.ext4 -F -E lazy_itable_init=0,lazy_journal_init=0,discard "${device}"
mkfs.ext4 -F "${device}"
fi
mkdir -p "${mountpoint}"
@ -215,6 +215,9 @@ function create-master-auth {
echo "${MASTER_CERT}" | base64 --decode > "${auth_dir}/server.cert"
echo "${MASTER_KEY}" | base64 --decode > "${auth_dir}/server.key"
fi
if [[ ! -z "${CA_KEY:-}" ]]; then
echo "${CA_KEY}" | base64 --decode > "${auth_dir}/ca.key"
fi
if [ ! -e "${auth_dir}/kubeapiserver.cert" ] && [[ ! -z "${KUBEAPISERVER_CERT:-}" ]] && [[ ! -z "${KUBEAPISERVER_KEY:-}" ]]; then
echo "${KUBEAPISERVER_CERT}" | base64 --decode > "${auth_dir}/kubeapiserver.cert"
echo "${KUBEAPISERVER_KEY}" | base64 --decode > "${auth_dir}/kubeapiserver.key"
@ -971,6 +974,10 @@ function start-kube-controller-manager {
if [[ -n "${CLUSTER_IP_RANGE:-}" ]]; then
params+=" --cluster-cidr=${CLUSTER_IP_RANGE}"
fi
if [[ -n "${CA_KEY:-}" ]]; then
params+=" --cluster-signing-cert-file=/etc/srv/kubernetes/ca.crt"
params+=" --cluster-signing-key-file=/etc/srv/kubernetes/ca.key"
fi
if [[ -n "${SERVICE_CLUSTER_IP_RANGE:-}" ]]; then
params+=" --service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE}"
fi

11
vendor/k8s.io/kubernetes/cluster/gce/util.sh generated vendored
View file

@ -116,17 +116,6 @@ function verify-prereqs() {
update-or-verify-gcloud
}
# Create a temp dir that'll be deleted at the end of this bash session.
#
# Vars set:
# KUBE_TEMP
function ensure-temp-dir() {
if [[ -z ${KUBE_TEMP-} ]]; then
KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap 'rm -rf "${KUBE_TEMP}"' EXIT
fi
}
# Use the gcloud defaults to find the project. If it is already set in the
# environment then go with that.
#

3
vendor/k8s.io/kubernetes/cluster/images/hyperkube/Makefile generated vendored
View file

@ -21,6 +21,7 @@ REGISTRY?=gcr.io/google_containers
ARCH?=amd64
TEMP_DIR:=$(shell mktemp -d -t hyperkubeXXXXXX)
CNI_RELEASE=07a8a28637e97b22eb8dfe710eeae1344f69d16e
CACHEBUST?=1
UNAME_S:=$(shell uname -s)
ifeq ($(UNAME_S),Darwin)
@ -78,7 +79,9 @@ endif
cd ${TEMP_DIR} && sed -i.back "s|ARCH|${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml static-pods/*.json
cd ${TEMP_DIR} && sed -i.back "s|ARCH|${QEMUARCH}|g" Dockerfile
cd ${TEMP_DIR} && sed -i.back "s|BASEIMAGE|${BASEIMAGE}|g" Dockerfile
ifeq ($(CACHEBUST),1)
cd ${TEMP_DIR} && sed -i.back "s|CACHEBUST|$(shell uuidgen)|g" Dockerfile
endif
cd ${TEMP_DIR} && sed -i.back "s|-amd64|-${ARCH}|g" addons/singlenode/*.yaml addons/multinode/*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__SERVER__|10.0.0.10|g" addons/singlenode/kubedns*.yaml addons/multinode/kubedns*.yaml
cd ${TEMP_DIR} && sed -i.back "s|__PILLAR__DNS__DOMAIN__|cluster.local|g;s|__PILLAR__FEDERATIONS__DOMAIN__MAP__||g;" addons/singlenode/kubedns*.yaml addons/multinode/kubedns*.yaml

4
vendor/k8s.io/kubernetes/cluster/juju/layers/kubernetes/templates/kubedns-controller.yaml generated vendored
View file

@ -46,7 +46,7 @@ spec:
spec:
containers:
- name: kubedns
image: gcr.io/google_containers/kubedns-{{ arch }}:1.9
image: gcr.io/google_containers/k8s-dns-kube-dns-{{ arch }}:1.11.0
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
@ -120,7 +120,7 @@ spec:
name: dns-tcp
protocol: TCP
- name: sidecar
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.10.0
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.11.0
livenessProbe:
httpGet:
path: /metrics

1
vendor/k8s.io/kubernetes/cluster/kubeadm.sh generated vendored
View file

@ -76,6 +76,7 @@ if [[ -z "${KUBEADM_PATH:-}" ]]; then
"${KUBE_ROOT}/_output/bin/kubeadm"
"${KUBE_ROOT}/_output/dockerized/bin/${host_os}/${host_arch}/kubeadm"
"${KUBE_ROOT}/_output/local/bin/${host_os}/${host_arch}/kubeadm"
"${KUBE_ROOT}/bazel-bin/cmd/kubectl/kubeadm"
"${KUBE_ROOT}/platforms/${host_os}/${host_arch}/kubeadm"
)
kubeadm=$( (ls -t "${locations[@]}" 2>/dev/null || true) | head -1 )

1
vendor/k8s.io/kubernetes/cluster/kubectl.sh generated vendored
View file

@ -88,6 +88,7 @@ if [[ -z "${KUBECTL_PATH:-}" ]]; then
"${KUBE_ROOT}/_output/bin/kubectl"
"${KUBE_ROOT}/_output/dockerized/bin/${host_os}/${host_arch}/kubectl"
"${KUBE_ROOT}/_output/local/bin/${host_os}/${host_arch}/kubectl"
"${KUBE_ROOT}/bazel-bin/cmd/kubectl/kubectl"
"${KUBE_ROOT}/platforms/${host_os}/${host_arch}/kubectl"
)
kubectl=$( (ls -t "${locations[@]}" 2>/dev/null || true) | head -1 )

2
vendor/k8s.io/kubernetes/cluster/openstack-heat/config-default.sh generated vendored
View file

@ -17,7 +17,7 @@
## Contains configuration values for the Openstack cluster
# Stack name
STACK_NAME=${STACK_NAME:-KubernetesStack}
STACK_NAME=${STACK_NAME:-kube-stack}
# Keypair for kubernetes stack
KUBERNETES_KEYPAIR_NAME=${KUBERNETES_KEYPAIR_NAME:-kubernetes_keypair}

1
vendor/k8s.io/kubernetes/cluster/openstack-heat/kubernetes-heat/kubeminion.yaml generated vendored
View file

@ -251,6 +251,7 @@ resources:
server_name_post_fix:
type: OS::Heat::RandomString
properties:
character_classes: [{'class': 'lowercase', 'min': 1}]
length: 8
kube_minion:

8
vendor/k8s.io/kubernetes/cluster/openstack-heat/util.sh generated vendored
View file

@ -186,7 +186,13 @@ function run-heat-script() {
# Automatically detect swift url if it wasn't specified
if [[ -z $SWIFT_SERVER_URL ]]; then
SWIFT_SERVER_URL=$(openstack catalog show object-store --format value | egrep -o "publicURL: (.+)$" | cut -d" " -f2)
local rgx=""
if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
rgx="public: (.+)$"
else
rgx="publicURL: (.+)$"
fi
SWIFT_SERVER_URL=$(openstack catalog show object-store --format value | egrep -o "$rgx" | cut -d" " -f2)
fi
local swift_repo_url="${SWIFT_SERVER_URL}/kubernetes"

12
vendor/k8s.io/kubernetes/cluster/photon-controller/util.sh generated vendored
View file

@ -1030,18 +1030,6 @@ function verify-cmd-in-path {
}
}
#
# Checks that KUBE_TEMP is set, or sets it
# If it sets it, it also creates the temporary directory
# and sets up a trap so that we delete it when we exit
#
function ensure-temp-dir {
if [[ -z ${KUBE_TEMP-} ]]; then
KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap-add "rm -rf '${KUBE_TEMP}'" EXIT
fi
}
#
# Repeatedly try a command over ssh until it succeeds or until five minutes have passed
# The timeout isn't exact, since we assume the command runs instantaneously, and

87
vendor/k8s.io/kubernetes/cluster/saltbase/BUILD generated vendored Normal file
View file

@ -0,0 +1,87 @@
package(default_visibility = ["//visibility:public"])
load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)
# TODO(#3579): This is a temporary hack. It gathers up the yaml,
# yaml.in, json files in cluster/addons (minus any demos) and overlays
# them into kube-addons, where we expect them.
# These files are expected in a salt/kube-addons subdirectory.
pkg_tar(
name = "_salt_kube-addons",
package_dir = "salt/kube-addons",
strip_prefix = "/cluster/addons",
visibility = ["//visibility:private"],
deps = [
"//cluster/addons",
],
)
pkg_tar(
name = "salt",
files = glob(
["**"],
exclude = ["BUILD"],
),
mode = "0644",
modes = {
"install.sh": "0755",
},
package_dir = "kubernetes/saltbase",
strip_prefix = ".",
deps = [
":_salt_kube-addons",
],
)
# The following are used in the kubernetes salt tarball.
pkg_tar(
name = "salt-manifests",
files = [
"salt/fluentd-gcp/fluentd-gcp.yaml",
"salt/kube-proxy/kube-proxy.manifest",
"salt/kube-registry-proxy/kube-registry-proxy.yaml",
],
mode = "0644",
)
pkg_tar(
name = "_kube-admission-controls",
files = glob(["salt/kube-admission-controls/limit-range/**"]),
mode = "0644",
# Maintain limit-range/ subdirectory in tarball
strip_prefix = "./salt/kube-admission-controls/",
visibility = ["//visibility:private"],
)
pkg_tar(
name = "gci-trusty-salt-manifests",
files = [
"salt/cluster-autoscaler/cluster-autoscaler.manifest",
"salt/e2e-image-puller/e2e-image-puller.manifest",
"salt/etcd/etcd.manifest",
"salt/kube-addons/kube-addon-manager.yaml",
"salt/kube-apiserver/abac-authz-policy.jsonl",
"salt/kube-apiserver/kube-apiserver.manifest",
"salt/kube-controller-manager/kube-controller-manager.manifest",
"salt/kube-scheduler/kube-scheduler.manifest",
"salt/l7-gcp/glbc.manifest",
"salt/rescheduler/rescheduler.manifest",
],
mode = "0644",
deps = [
"_kube-admission-controls",
],
)

9
vendor/k8s.io/kubernetes/cluster/saltbase/salt/fluentd-gcp/OWNERS generated vendored
View file

@ -1,3 +1,6 @@
assignees:
- Crassirostris
- piosz
approvers:
- Crassirostris
- piosz
reviewers:
- Crassirostris
- piosz

24
vendor/k8s.io/kubernetes/cluster/saltbase/salt/fluentd-gcp/fluentd-gcp.yaml generated vendored
View file

@ -10,7 +10,7 @@ spec:
dnsPolicy: Default
containers:
- name: fluentd-cloud-logging
image: gcr.io/google_containers/fluentd-gcp:1.32
image: gcr.io/google_containers/fluentd-gcp:1.34
# If fluentd consumes its own logs, the following situation may happen:
# fluentd fails to send a chunk to the server => writes it to the log =>
# tries to send this message to the server => fails to send a chunk and so on.
@ -34,8 +34,6 @@ spec:
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: libsystemddir
mountPath: /host/lib
# Liveness probe is aimed to help in situarions where fluentd
# silently hangs for no apparent reasons until manual restart.
# The idea of this probe is that if fluentd is not queueing or
@ -51,10 +49,23 @@ spec:
- '/bin/sh'
- '-c'
- >
LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-600};
LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
if [ ! -e /var/log/fluentd-buffers ];
then
exit 1;
fi;
LAST_MODIFIED_DATE=`stat /var/log/fluentd-buffers | grep Modify | sed -r "s/Modify: (.*)/\1/"`;
LAST_MODIFIED_TIMESTAMP=`date -d "$LAST_MODIFIED_DATE" +%s`;
if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $LIVENESS_THRESHOLD_SECONDS` ]; then exit 1; fi;
if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $STUCK_THRESHOLD_SECONDS` ];
then
rm -rf /var/log/fluentd-buffers;
exit 1;
fi;
if [ `date +%s` -gt `expr $LAST_MODIFIED_TIMESTAMP + $LIVENESS_THRESHOLD_SECONDS` ];
then
exit 1;
fi;
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
@ -63,6 +74,3 @@ spec:
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: libsystemddir
hostPath:
path: /usr/lib64

6
vendor/k8s.io/kubernetes/cluster/saltbase/salt/generate-cert/make-ca-cert.sh generated vendored
View file

@ -99,7 +99,11 @@ else
cp -p pki/issued/kubernetes-master.crt "${cert_dir}/server.cert" > /dev/null 2>&1
cp -p pki/private/kubernetes-master.key "${cert_dir}/server.key" > /dev/null 2>&1
fi
./easyrsa build-client-full kubecfg nopass > /dev/null 2>&1
# Make a superuser client cert with subject "O=system:masters, CN=kubecfg"
./easyrsa --dn-mode=org \
--req-cn=kubecfg --req-org=system:masters \
--req-c= --req-st= --req-city= --req-email= --req-ou= \
build-client-full kubecfg nopass > /dev/null 2>&1
cp -p pki/ca.crt "${cert_dir}/ca.crt"
cp -p pki/issued/kubecfg.crt "${cert_dir}/kubecfg.crt"
cp -p pki/private/kubecfg.key "${cert_dir}/kubecfg.key"

7
vendor/k8s.io/kubernetes/cluster/saltbase/salt/helpers/safe_format_and_mount generated vendored
View file

@ -22,12 +22,9 @@
FSCK=fsck.ext4
MOUNT_OPTIONS="discard,defaults"
MKFS="mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 -F"
MKFS="mkfs.ext4 -F"
if [ -e /etc/redhat-release ]; then
if grep -q '6\..' /etc/redhat-release; then
# lazy_journal_init is not recognized in redhat 6
MKFS="mkfs.ext4 -E lazy_itable_init=0 -F"
elif grep -q '7\..' /etc/redhat-release; then
if grep -q '7\..' /etc/redhat-release; then
FSCK=fsck.xfs
MKFS=mkfs.xfs
fi

11
vendor/k8s.io/kubernetes/cluster/vagrant/util.sh generated vendored
View file

@ -104,17 +104,6 @@ function verify-prereqs {
export USING_KUBE_SCRIPTS=true
}
# Create a temp dir that'll be deleted at the end of this bash session.
#
# Vars set:
# KUBE_TEMP
function ensure-temp-dir {
if [[ -z ${KUBE_TEMP-} ]]; then
export KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
trap 'rm -rf "${KUBE_TEMP}"' EXIT
fi
}
# Create a set of provision scripts for the master and each of the nodes
function create-provision-scripts {
ensure-temp-dir

91
vendor/k8s.io/kubernetes/cluster/windows/kube-startup.ps1 generated vendored Normal file
View file

@ -0,0 +1,91 @@
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# kube-startup.ps1 is used to run kubelet and kubeproxy as a process. It uses nssm (https://nssm.cc/) process manager to register kubelet and kube-proxy process,
# The processes can be viewed using TaskManager(Taskmgr.exe).
# Please note that this startup script does not start the API server. Kubernetes control plane currently runs on Linux
# and only Kubelet and Kube-Proxy can be run on Windows
param (
[Parameter(Mandatory=$true)][string]$ContainerNetwork,
[string]$InterfaceForServiceIP = "vEthernet (HNS Internal NIC)",
[string]$LogDirectory = "C:\temp",
[Parameter(Mandatory=$true)][string]$Hostname,
[Parameter(Mandatory=$true)][string]$APIServer,
[string]$InfraContainerImage = "apprenda/pause",
[string]$ClusterDNS = "10.0.0.10",
[string]$KubeletExePath = ".\kubelet.exe",
[string]$KubeProxyExePath = ".\kube-proxy.exe"
)
$kubeletDirectory = (Get-Item $KubeletExePath).Directory.FullName
$kubeproxyDirectory = (Get-Item $KubeProxyExePath).Directory.FullName
# Assemble the Kubelet executable arguments
$kubeletArgs = @("--hostname-override=$Hostname","--pod-infra-container-image=$InfraContainerImage","--resolv-conf=""""","--api-servers=$APIServer","--cluster-dns=$ClusterDNS")
# Assemble the kube-proxy executable arguments
$kubeproxyArgs = @("--hostname-override=$Hostname","--proxy-mode=userspace","--bind-address=$Hostname","--master=$APIServer")
# Setup kubelet service
nssm install kubelet "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
nssm set kubelet Application "$KubeletExePath"
nssm set kubelet AppDirectory "$kubeletDirectory"
nssm set kubelet AppParameters $kubeletArgs
nssm set kubelet DisplayName kubelet
nssm set kubelet Description kubelet
nssm set kubelet Start SERVICE_AUTO_START
nssm set kubelet ObjectName LocalSystem
nssm set kubelet Type SERVICE_WIN32_OWN_PROCESS
# Delay restart if application runs for less than 1500 ms
nssm set kubelet AppThrottle 1500
nssm set kubelet AppStdout "$LogDirectory\kubelet.log"
nssm set kubelet AppStderr "$LogDirectory\kubelet.err.log"
nssm set kubelet AppStdoutCreationDisposition 4
nssm set kubelet AppStderrCreationDisposition 4
nssm set kubelet AppRotateFiles 1
nssm set kubelet AppRotateOnline 1
# Rotate Logs Every 24 hours or 1 gb
nssm set kubelet AppRotateSeconds 86400
nssm set kubelet AppRotateBytes 1073741824
nssm set kubelet AppEnvironmentExtra CONTAINER_NETWORK=$ContainerNetwork
# Setup kube-proxy service
nssm install kube-proxy "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
nssm set kube-proxy Application "$KubeProxyExePath"
nssm set kube-proxy AppDirectory "$kubeproxyDirectory"
nssm set kube-proxy AppParameters $kubeproxyArgs
nssm set kube-proxy DisplayName kube-proxy
nssm set kube-proxy Description kube-proxy
nssm set kube-proxy Start SERVICE_AUTO_START
nssm set kube-proxy ObjectName LocalSystem
nssm set kube-proxy Type SERVICE_WIN32_OWN_PROCESS
# Delay restart if application runs for less than 1500 ms
nssm set kube-proxy AppThrottle 1500
nssm set kube-proxy AppStdout "$LogDirectory\kube-proxy.log"
nssm set kube-proxy AppStderr "$LogDirectory\kube-proxy.err.log"
nssm set kube-proxy AppStdoutCreationDisposition 4
nssm set kube-proxy AppStderrCreationDisposition 4
nssm set kube-proxy AppRotateFiles 1
nssm set kube-proxy AppRotateOnline 1
# Rotate Logs Every 24 hours or 1 gb
nssm set kube-proxy AppRotateSeconds 86400
nssm set kube-proxy AppRotateBytes 1073741824
nssm set kube-proxy AppEnvironmentExtra INTERFACE_TO_ADD_SERVICE_IP=$InterfaceForServiceIP
# Start kubelet and kube-proxy Services
echo "Starting kubelet"
Start-Service kubelet
echo "Starting kube-proxy"
Start-Service kube-proxy