#cloud-config write_files: - path: /etc/cloud.conf permissions: 0600 content: | [Global] auth-url = OS_AUTH_URL username = OS_USERNAME api-key = OS_PASSWORD tenant-id = OS_TENANT_NAME region = OS_REGION_NAME [LoadBalancer] subnet-id = 11111111-1111-1111-1111-111111111111 - path: /opt/bin/git-kubernetes-nginx.sh permissions: 0755 content: | #!/bin/bash git clone https://github.com/thommay/kubernetes_nginx /opt/kubernetes_nginx /usr/bin/cp /opt/.kubernetes_auth /opt/kubernetes_nginx/.kubernetes_auth /opt/kubernetes_nginx/git-kubernetes-nginx.sh - path: /opt/bin/download-release.sh permissions: 0755 content: | #!/bin/bash # This temp URL is only good for the length of time specified at cluster creation time. # Afterward, it will result in a 403. OBJECT_URL="CLOUD_FILES_URL" if [ ! -s /opt/kubernetes.tar.gz ] then echo "Downloading release ($OBJECT_URL)" wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz echo "Unpacking release" rm -rf /opt/kubernetes || false tar xzf /opt/kubernetes.tar.gz -C /opt/ else echo "kubernetes release found. Skipping download." fi - path: /opt/.kubernetes_auth permissions: 0600 content: | KUBE_USER:KUBE_PASSWORD coreos: etcd2: discovery: https://discovery.etcd.io/DISCOVERY_ID advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001 initial-advertise-peer-urls: http://$private_ipv4:2380 listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 flannel: ip_masq: true interface: eth2 fleet: public-ip: $private_ipv4 metadata: kubernetes_role=master update: reboot-strategy: off units: - name: etcd2.service command: start - name: fleet.service command: start - name: flanneld.service drop-ins: - name: 50-flannel.conf content: | [Unit] Requires=etcd2.service After=etcd2.service [Service] ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network":"KUBE_NETWORK", "Backend": {"Type": "host-gw"}}' command: start - name: generate-serviceaccount-key.service command: start content: | [Unit] Description=Generate service-account key file [Service] ExecStartPre=-/usr/bin/mkdir -p /var/run/kubernetes/ ExecStart=/bin/openssl genrsa -out /var/run/kubernetes/kube-serviceaccount.key 2048 2>/dev/null RemainAfterExit=yes Type=oneshot - name: docker.service command: start drop-ins: - name: 51-docker-mirror.conf content: | [Unit] # making sure that flanneld finished startup, otherwise containers # won't land in flannel's network... Requires=flanneld.service After=flanneld.service Restart=Always - name: download-release.service command: start content: | [Unit] Description=Downloads Kubernetes Release After=network-online.target Requires=network-online.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/bash /opt/bin/download-release.sh - name: kube-apiserver.service command: start content: | [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes After=network-online.target Requires=network-online.target After=download-release.service Requires=download-release.service Requires=generate-serviceaccount-key.service After=generate-serviceaccount-key.service [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-apiserver /opt/bin/kube-apiserver ExecStartPre=/usr/bin/mkdir -p /var/lib/kube-apiserver ExecStart=/opt/bin/kube-apiserver \ --address=127.0.0.1 \ --cloud-provider=rackspace \ --cloud-config=/etc/cloud.conf \ --etcd-servers=http://127.0.0.1:4001 \ --logtostderr=true \ --port=8080 \ --service-cluster-ip-range=SERVICE_CLUSTER_IP_RANGE \ --token-auth-file=/var/lib/kube-apiserver/known_tokens.csv \ --v=2 \ --service-account-key-file=/var/run/kubernetes/kube-serviceaccount.key \ --service-account-lookup=false \ --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota Restart=always RestartSec=5 - name: apiserver-advertiser.service command: start content: | [Unit] Description=Kubernetes Apiserver Advertiser After=etcd2.service Requires=etcd2.service After=master-apiserver.service [Service] ExecStart=/bin/sh -c 'etcdctl set /corekube/apiservers/$public_ipv4 $public_ipv4' Restart=always RestartSec=120 - name: kube-controller-manager.service command: start content: | [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes After=network-online.target Requires=network-online.target After=kube-apiserver.service Requires=kube-apiserver.service [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-controller-manager /opt/bin/kube-controller-manager ExecStart=/opt/bin/kube-controller-manager \ --cloud-provider=rackspace \ --cloud-config=/etc/cloud.conf \ --logtostderr=true \ --master=127.0.0.1:8080 \ --v=2 \ --service-account-private-key-file=/var/run/kubernetes/kube-serviceaccount.key \ --root-ca-file=/run/kubernetes/apiserver.crt Restart=always RestartSec=5 - name: kube-scheduler.service command: start content: | [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes After=network-online.target Requires=network-online.target After=kube-apiserver.service Requires=kube-apiserver.service [Service] ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-scheduler /opt/bin/kube-scheduler ExecStart=/opt/bin/kube-scheduler \ --logtostderr=true \ --master=127.0.0.1:8080 Restart=always RestartSec=5 #Running nginx service with --net="host" is a necessary evil until running all k8s services in docker. - name: kubernetes-nginx.service command: start content: | [Unit] Description=Kubernetes Nginx Service After=network-online.target Requires=network-online.target After=docker.service Requires=docker.service [Service] ExecStartPre=/opt/bin/git-kubernetes-nginx.sh ExecStartPre=-/usr/bin/docker rm kubernetes_nginx ExecStart=/usr/bin/docker run --rm --net="host" -p "443:443" -t --name "kubernetes_nginx" kubernetes_nginx ExecStop=/usr/bin/docker stop kubernetes_nginx Restart=always RestartSec=15