Created
September 22, 2016 17:24
-
-
Save shahidhk/ed6d1121b212659e126638169d928e45 to your computer and use it in GitHub Desktop.
foo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| function init_ssl { | |
| mkdir -p /etc/kubernetes/ssl | |
| local TEMPLATE=/etc/kubernetes/ssl/ca.pem | |
| [ -f $TEMPLATE ] || { | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| -----BEGIN CERTIFICATE----- | |
| MIIC9zCCAd+gAwIBAgIJAKDn9d9+6tKxMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV | |
| BAMMB2t1YmUtY2EwHhcNMTYwOTIxMDg0MzMxWhcNNDQwMjA3MDg0MzMxWjASMRAw | |
| DgYDVQQDDAdrdWJlLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA | |
| zvkPtSJbJsMwuUf2l/lnuLnXE+D4UfQT8yhQ02jHEutcEj52KQI1F2ndVBXOQNSb | |
| fTYJlqyFJX0L7xYbZuQY14xaoRQBkTWxpKMrXRFoCsvI4tdbUchwX2ez2p99ws4n | |
| a3SP9UT/iXWrwmAxveHgT7KbUkZHGYPd0k2FFZ904qm0fpeEfqyALGqN6xsLmvce | |
| U6Rejr2kxEzFxWrlVcKNqQ72EcEqrJky0qYcPK9P62foEBtc/EglUV/0sPwCLxom | |
| EEGmyXcsR/dHD3OXzzhsDnjC6CylSZpAcuzOi6NuF0Tw1pO6ASLSM0ADN8YHlaI0 | |
| xHOTSE4v/3RBZaLhftQ67QIDAQABo1AwTjAdBgNVHQ4EFgQUsG47QGjIIwSpofk/ | |
| UIVPaHKCdg0wHwYDVR0jBBgwFoAUsG47QGjIIwSpofk/UIVPaHKCdg0wDAYDVR0T | |
| BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAyycm405Nfel/uuJFy6VJfbS+d79Q | |
| 0dMnZcPNipYz3tlHNKBTa6Hcm5oNT2sijmxg8JHZYGYoZnMimjltsHweWVhgFX0C | |
| w0tgLNz/FdegHtOdNkqCEsmo20mTlW60lQptgkxeGr4Glqx7YFYWJP1SjMJMGzb9 | |
| BcWL69Bg047wBXLpz+k8CDctRi0qEokC4XSOokoKEfnxTgcAljhufwdLPBv+nx6l | |
| lhVKJPLrv8OqtPQJYOYBmqWCZ2KNaSVo5qXPcdVVlqot2oYTXVpo3/YfwDI3HFU7 | |
| 3vYJeN+OnJ/OeJKodpMYZ79RgnUjb7niSZ58JvyyUTbPwlsKSKQwys//mA== | |
| -----END CERTIFICATE----- | |
| EOF | |
| } | |
| local TEMPLATE=/etc/kubernetes/ssl/apiserver.pem | |
| [ -f $TEMPLATE ] || { | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| -----BEGIN CERTIFICATE----- | |
| MIIDOTCCAiGgAwIBAgIJALAvBIdmLXGHMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV | |
| BAMMB2t1YmUtY2EwHhcNMTYwOTIxMDg0MzMxWhcNMTcwOTIxMDg0MzMxWjAZMRcw | |
| FQYDVQQDDA5rdWJlLWFwaXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC | |
| AQoCggEBAO1fKaDZS5AjNcWSEahfW3j6Gr20znIrDWWNfsa2OVxAjdd1ZJnRE4jp | |
| lBM41xdhkpOxEHHGTO1s4Bpq7KPwDzEdRYTxw08iWMYoPjUC958+wfcsM5a2Qspq | |
| BEzknfbTuzMQ+KcQFnBMQAsZVaHoaTqfsW+0RZLYu+lbJ+vICX3YMRY6Pl2GZ9ez | |
| Sw5LJgLWARBz9jD7BEUExlM4JrWkooxJB5idrOCVqPsi3nILkuOJGdfhe8s1gyR3 | |
| VJurG7FYvOHBMNWLrmTPPzc7UmVRiX+plUhGGxfdS3U/Q0Nc43XOZFRlUS7cc/02 | |
| 4f6VfsWLTKb2tnaWkDMd6vlvqK/QIMUCAwEAAaOBijCBhzAJBgNVHRMEAjAAMAsG | |
| A1UdDwQEAwIF4DBtBgNVHREEZjBkggprdWJlcm5ldGVzghJrdWJlcm5ldGVzLmRl | |
| ZmF1bHSHBH8AAAGHBAoDAAGHBArwAAKHBArwAAOCFms4cy50ZXN0Lmhhc3VyYS1h | |
| cHAuaW+CEnRlc3QuaGFzdXJhLWFwcC5pbzANBgkqhkiG9w0BAQsFAAOCAQEAfqfc | |
| /5SCickaoFWHHEXRpV7E2VOUdP7BlJrUgZVRxc5yc20xWymgsfL52Ld2yKGtkmd/ | |
| miTB5t4nU5yqik7mBrELTM9kp24GvD/NWMbb54SN8R8IqxCEFEfKJZwVWe436xa/ | |
| pIYSHoFrkZyaQfrfTozx7WcqB49NBGpmqUP73YvibMTfA8WtQCv5jPO/LBujH1aW | |
| 9csGD0icf4r6E08CMNB7upEDKiJmnS8G+rOKq4WvLf9KY+4qVQvtzS3GX5NcFJrY | |
| fLEZPEh60PBMtAsKMIj8ExaHZHx1cvrreX3lloJYCWCPQvOMcaVNVsDKS+7ImztQ | |
| wrgOjCyT0+FIjf6oew== | |
| -----END CERTIFICATE----- | |
| EOF | |
| } | |
| local TEMPLATE=/etc/kubernetes/ssl/apiserver-key.pem | |
| [ -f $TEMPLATE ] || { | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| -----BEGIN RSA PRIVATE KEY----- | |
| MIIEpAIBAAKCAQEA7V8poNlLkCM1xZIRqF9bePoavbTOcisNZY1+xrY5XECN13Vk | |
| mdETiOmUEzjXF2GSk7EQccZM7WzgGmrso/APMR1FhPHDTyJYxig+NQL3nz7B9ywz | |
| lrZCymoETOSd9tO7MxD4pxAWcExACxlVoehpOp+xb7RFkti76Vsn68gJfdgxFjo+ | |
| XYZn17NLDksmAtYBEHP2MPsERQTGUzgmtaSijEkHmJ2s4JWo+yLecguS44kZ1+F7 | |
| yzWDJHdUm6sbsVi84cEw1YuuZM8/NztSZVGJf6mVSEYbF91LdT9DQ1zjdc5kVGVR | |
| Ltxz/Tbh/pV+xYtMpva2dpaQMx3q+W+or9AgxQIDAQABAoIBAQCDXU/faYIM8b93 | |
| aIAHK0anK9qStDYwLq1KT0Ui2YPjDwKwg5I6Id/qvEGrZaB7mw8QV0RfgrveBYv8 | |
| csIlc9wkdSudCGLrL3nrqCfNFKhPY97aWIbwWEucU5GvsDHPgJuwBitl4VxZp4kl | |
| 205tvP5HaEs9I4oBW5qa6UytitXd4y9ltXJ1CG+EiZoceF60V5hnOVdJFybt5BAd | |
| g8r1vT0zELZp0WtD0Hdg/25xHomK3ROvPIuKVlRJU0051RbXLoIJv8LGO6JxZEln | |
| 7HKsbvU4h1j6+a+883iyDKtm+wJCCnRrR0zDTtjrmnhDLlqzAX+a2e7Gp4WJfzcQ | |
| GJw+T4qBAoGBAPd6eJ6YEeFBHrp3qMucEqUCyXC3AM3bzzSBbd5ku6iP7Ka29hpT | |
| MgpBUsERxH8s91WLgAVCvTx4sxcSZBe1Tt3cT/JQEEFB+E1DLOulXWmglGH0Sjtp | |
| RQB3uowxeUFqNN+F3tGJD9gH1H7dDlaqJXtzCzOpXOQAn1fYYY/jVuAhAoGBAPWL | |
| mdBQvR3/WpqcXLiY7pDPFNLq+MPzwECdrcqjVhefKarw8baG9CyPfDkRuaadvaF0 | |
| vvPj+4WkIBDc5Ut0pkaqH2J2ceZZarapW8rLxZy+oaiQt2jbXyhtyUizXFC36u1A | |
| ViYEJOhlwgPU0f9V2MBaHbZzXsGHCpShXxioejwlAoGADz6PEY3ihBKj1u6qCijK | |
| CTobuIK9XPDuWZijcPCZkq+S704T6Nk5GuKdO2Fhzkex0KYwM6LBz2jL917dpYw4 | |
| mHgKwK1n4u0yY2gA618bWvdWTJZkwDYi1v2JEzu08W+eZCp16EheHnuU/l+Vk4cV | |
| mf4jMYJ8Q1s6dYnRsLBbWKECgYEA3qRWM60BzdFcNhTRfhAtQOCD4TttlT/PcseG | |
| bdbsmT6YaYdPpFF51W3FFXoc/BbLezqAamSuC99ls+SXhHOg0TIwgvcjD9rECBxI | |
| PvnFlPrFWjLeGxXOkrn5aRI5AnfBbJ6Jfq8DSDX8Vb0DLKKKht8vUeAKazAnR92K | |
| fLFHJIECgYA5ts6XfZnNjywD9e4SjudGNURBYEE2ZP54CwOdJoWXwsbfwS0JrAwg | |
| QHSuQzNCga2meni1+3TgAOm3/OUIDuZOvRoTa9T72g/e8U7ZI+Nt50xS0+FrLJel | |
| w9lGqPY5ruNHR3yiSQEoAhnBM7Ui6ausTSlfJnW3zoJ3mMrkviPULQ== | |
| -----END RSA PRIVATE KEY----- | |
| EOF | |
| } | |
| local TEMPLATE=/etc/kubernetes/ssl/worker.pem | |
| [ -f $TEMPLATE ] || { | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| -----BEGIN CERTIFICATE----- | |
| MIICpDCCAYwCCQCwLwSHZi1xiDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdr | |
| dWJlLWNhMB4XDTE2MDkyMTA4NDMzMVoXDTE3MDkyMTA4NDMzMVowFjEUMBIGA1UE | |
| AwwLa3ViZS13b3JrZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf | |
| p1/iog0WTZTGj5y8CDl1WrpRQpSYdWSmktp/+0b44fTwFCMcrklpgZikBgaXhT3A | |
| 5iOiLkEUkoZl5zTqmmsOJdaPrq1IYyIDaJlJoJHyVC6d0SfjDkWFwrnu3H9tdEGF | |
| IoevfCtxNk/HHFI7W9zJ/6JUsKDMTv1ruVV9vmvoUV7AaRp9IgFW3QX1z4IGu1ag | |
| cQplwvqmNhAoe0iyHK+PHxMOck2S/IEjGbMVB8T7InBtNmgUqNF88q8BI6nElic3 | |
| 6+A8eRVUhH8fyWVX0gRlzwq9gLb4p77gtZFGrtxSp+CUOKthxlp2qDpXBekOUMux | |
| M4CKzG5S1Myfuk7OE2alAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADjZrdM0DHgh | |
| LNIEE6jZUnJNmt9cYjxrdrcPpsUUdaQ/LRnuzZIgAoJweusCHieegmUsxJquHJNv | |
| XBmDtNXkYnE2ZGDTgMHI2leNHCoWi6FsgdkRb9nyQJBCHNC1p5wbOUqPzECOIV4+ | |
| u+3c3pZwW0E20FSBuB4kzYOzIlwA9f9ltYo1QmnX1cnYEREwGQLu4nrR4Govx8pk | |
| 5giAMl054cgi51xpOb7lVadUq1StKaubSH744so7IZaT116H+A5lOPowkBzDWriw | |
| mgezDc9av9wesp0fh6t7vlBGYJ3UElcBSPUOnHcdmzD58SDV9ktyUgXjB54Mpxqk | |
| oK1DIOSJiS4= | |
| -----END CERTIFICATE----- | |
| EOF | |
| } | |
| local TEMPLATE=/etc/kubernetes/ssl/worker-key.pem | |
| [ -f $TEMPLATE ] || { | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| -----BEGIN RSA PRIVATE KEY----- | |
| MIIEpAIBAAKCAQEA36df4qINFk2Uxo+cvAg5dVq6UUKUmHVkppLaf/tG+OH08BQj | |
| HK5JaYGYpAYGl4U9wOYjoi5BFJKGZec06pprDiXWj66tSGMiA2iZSaCR8lQundEn | |
| 4w5FhcK57tx/bXRBhSKHr3wrcTZPxxxSO1vcyf+iVLCgzE79a7lVfb5r6FFewGka | |
| fSIBVt0F9c+CBrtWoHEKZcL6pjYQKHtIshyvjx8TDnJNkvyBIxmzFQfE+yJwbTZo | |
| FKjRfPKvASOpxJYnN+vgPHkVVIR/H8llV9IEZc8KvYC2+Ke+4LWRRq7cUqfglDir | |
| YcZadqg6VwXpDlDLsTOAisxuUtTMn7pOzhNmpQIDAQABAoIBAQDDkV0kFOXyubY9 | |
| hrjcJyjvOH2xrtG3Gvf/PGy5+qTN3u/KuyEU5EYnbv5ldytudUFRmyxPlbis34+M | |
| Lge0mYDBZ07eZzT5Fk5Ywq8/lZvpVblJoOoK/qDGXUcu2jrHICBm5ZHWXnKyVXaf | |
| OmGhrCs9qz5sZeLFpNCu0OozwT4kbtg8I2LP7GRTwTW2pQLLDmctPc6NDKWw4y5e | |
| wsvGVEyktE5tVunzC/hWA+Scqxbm9RvD4alJki+Gbc9gwWHXxsM9B2XDgn0uMzKn | |
| HLEy4suPs/aBZ9/X/q8Fyjy/e0PmjlqhPrqElVvrar70y0+IRPeURixxPEnNnEpA | |
| bqzgy8HhAoGBAPC9qqtyu5OZJCJzvmd+0rU2CAPG908Uv0xo/brCYDRo6ky5s4/D | |
| 5eackI13byBri/3kfwu71jDteaM8tXI+q6HMzRHigBmBbDoQgWIkpXSwsbQmcbpG | |
| xpJZ94HM+Wt9WJI/udndH50MPNAcefsP6EjvrXfN+1w4Nlo33wKokAj5AoGBAO3U | |
| cqYB+6mIkuyzwHuSJYai9vUopaRw0YS63JmYYECEhGkMmUq4sdqW2UtHv2AFWwfk | |
| 081sYL7IVXvUAjT/moAvELse5vAOE92ks7pZ6K5FBacCxzP7KT9EubdJLWjIwYNE | |
| jg+8STaI97NCkGCkHHQUib4+5t2o7djSO88peQINAoGAIx/pON6ik6Ryazxr+Xm9 | |
| kIbzoGl1R+qFBscCzi7yDnOIS+2ET2OLtZv+U0WrxxUp9b9S8glT9QuRBcojxylx | |
| rUfOW9+qRQ5nFgm2dvVV1rK5GsnJKh6Ndmj9/chEU/ST6bK2kRz8MdPJQ6wD+CeY | |
| ApxFuQcqt4fUFlG0jhS9/zECgYAxWZccqWauLB/IrBfxzEarJF+4SWHtuFdRgnDK | |
| EltOp/DN14Zrgd2t7QVT4KRuaU4VWj807hs5G1rZogl/M9a8aIfBPE1RXKp0oHuG | |
| 3KcymjHtEN+DAsfxT/J1fOLGTnoRIgWUcE6E2XEEqnhJBWS+FZDrgCPptOb9ycoN | |
| V567dQKBgQDv+ewaJNBD81T/hPSsOmuQcbdNTa4Yxidmz/j4Y+9hO6UQJjybvMf+ | |
| NmuwoUz/FOsk1OJWYAbvJIZio25ieBs5YKNT5zyqfH3rVX7vxybD3h3eMHvn/RKr | |
| N6KGJX/3lOtPm++05GQgXnfRUrGFK3uV30OURKb3jSkQk5EpeLzU9w== | |
| -----END RSA PRIVATE KEY----- | |
| EOF | |
| } | |
| } | |
| function basic_auth { | |
| local TEMPLATE=/etc/kubernetes/ssl/passwd.csv | |
| [ -f $TEMPLATE ] || { | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| hydride-kindling-armed,admin,1 | |
| EOF | |
| } | |
| } | |
| function token_auth { | |
| local TEMPLATE=/etc/kubernetes/ssl/token.csv | |
| [ -f $TEMPLATE ] || { | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| G9Jzcrvo6TZvJmndl2r84sia12QhraIM,admin,1 | |
| EOF | |
| } | |
| } | |
| init_ssl | |
| basic_auth | |
| token_auth | |
| echo "Generated required creds.." | |
| #wget https://hasura.blob.core.windows.net/cloudconfig/coreos-singlenode-v1.3.4_coreos.0.sh | |
| #chmod +x coreos-singlenode-v1.3.4_coreos.0.sh | |
| #/bin/bash $PWD/coreos-singlenode-v1.3.4_coreos.0.sh | |
| #!/bin/bash | |
| set -e | |
| export ETCD_ENDPOINTS="http://127.0.0.1:2379" | |
| export G_K8S_VER=v1.3.4 | |
| export K8S_VER=v1.3.4_coreos.0 | |
| export HYPERKUBE_IMAGE_REPO=quay.io/coreos/hyperkube | |
| export POD_NETWORK=10.2.0.0/16 | |
| export SERVICE_IP_RANGE=10.3.0.0/24 | |
| export K8S_SERVICE_IP=10.3.0.1 | |
| export DNS_SERVICE_IP=10.3.0.10 | |
| export USE_CALICO=false | |
| export CONTAINER_RUNTIME=docker | |
| function init_kube_binaries { | |
| [ ! -x /opt/bin/kubectl ] || return 0 | |
| mkdir -p /opt/bin | |
| rm -f /opt/bin/kubectl | |
| curl -o /opt/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$G_K8S_VER/bin/linux/amd64/kubectl | |
| chmod +x /opt/bin/kubectl | |
| } | |
| function init_config { | |
| local REQUIRED=('ADVERTISE_IP' 'POD_NETWORK' 'ETCD_ENDPOINTS' 'SERVICE_IP_RANGE' 'K8S_SERVICE_IP' 'DNS_SERVICE_IP' 'K8S_VER' 'USE_CALICO') | |
| if [ -z $ADVERTISE_IP ]; then | |
| export ADVERTISE_IP=$(awk -F= '/COREOS_PRIVATE_IPV4/ {print $2}' /etc/environment) | |
| fi | |
| for REQ in "${REQUIRED[@]}"; do | |
| if [ -z "$(eval echo \$$REQ)" ]; then | |
| echo "Missing required config value: ${REQ}" | |
| exit 1 | |
| fi | |
| done | |
| } | |
| function init_flannel { | |
| echo "Waiting for etcd..." | |
| while true | |
| do | |
| IFS=',' read -ra ES <<< "$ETCD_ENDPOINTS" | |
| for ETCD in "${ES[@]}"; do | |
| echo "Trying: $ETCD" | |
| if [ -n "$(curl --silent "$ETCD/v2/machines")" ]; then | |
| local ACTIVE_ETCD=$ETCD | |
| break | |
| fi | |
| sleep 1 | |
| done | |
| if [ -n "$ACTIVE_ETCD" ]; then | |
| break | |
| fi | |
| done | |
| RES=$(curl --silent -X PUT -d "value={\"Network\":\"$POD_NETWORK\",\"Backend\":{\"Type\":\"vxlan\"}}" "$ACTIVE_ETCD/v2/keys/coreos.com/network/config?prevExist=false") | |
| if [ -z "$(echo $RES | grep '"action":"create"')" ] && [ -z "$(echo $RES | grep 'Key already exists')" ]; then | |
| echo "Unexpected error configuring flannel pod network: $RES" | |
| fi | |
| } | |
| function init_templates { | |
| local TEMPLATE=/etc/systemd/system/kubelet.service | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| [Service] | |
| ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests | |
| Environment=KUBELET_VERSION=${K8S_VER} | |
| Environment=KUBELET_ACI=${HYPERKUBE_IMAGE_REPO} | |
| Environment="RKT_OPTS=--volume dns,kind=host,source=/etc/resolv.conf \ | |
| --mount volume=dns,target=/etc/resolv.conf \ | |
| --volume=rkt,kind=host,source=/opt/bin/host-rkt \ | |
| --mount volume=rkt,target=/usr/bin/rkt \ | |
| --volume var-lib-rkt,kind=host,source=/var/lib/rkt \ | |
| --mount volume=var-lib-rkt,target=/var/lib/rkt \ | |
| --volume=stage,kind=host,source=/tmp \ | |
| --mount volume=stage,target=/tmp" | |
| ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests | |
| ExecStart=/usr/lib/coreos/kubelet-wrapper \ | |
| --api-servers=http://127.0.0.1:8080 \ | |
| --network-plugin-dir=/etc/kubernetes/cni/net.d \ | |
| --network-plugin=cni \ | |
| --container-runtime=${CONTAINER_RUNTIME} \ | |
| --rkt-path=/usr/bin/rkt \ | |
| --rkt-stage1-image=coreos.com/rkt/stage1-coreos \ | |
| --register-node=true \ | |
| --allow-privileged=true \ | |
| --node-labels="app=postgres" \ | |
| --config=/etc/kubernetes/manifests \ | |
| --hostname-override=$(hostname -s) \ | |
| --cluster_dns=${DNS_SERVICE_IP} \ | |
| --cluster_domain=cluster.local | |
| Restart=always | |
| RestartSec=10 | |
| KillMode=process | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| fi | |
| local TEMPLATE=/opt/bin/host-rkt | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| exec nsenter -m -u -i -n -p -t 1 -- /usr/bin/rkt "\$@" | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/systemd/system/load-rkt-stage1.service | |
| if [ ${CONTAINER_RUNTIME} = "rkt" ] && [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| [Unit] | |
| Requires=network-online.target | |
| After=network-online.target | |
| Before=rkt-api.service | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=yes | |
| ExecStart=/usr/bin/rkt fetch /usr/lib/rkt/stage1-images/stage1-coreos.aci /usr/lib/rkt/stage1-images/stage1-fly.aci --insecure-options=image | |
| [Install] | |
| RequiredBy=rkt-api.service | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/systemd/system/rkt-api.service | |
| if [ ${CONTAINER_RUNTIME} = "rkt" ] && [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| [Unit] | |
| Before=kubelet.service | |
| [Service] | |
| ExecStart=/usr/bin/rkt api-service | |
| Restart=always | |
| RestartSec=10 | |
| [Install] | |
| RequiredBy=kubelet.service | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/systemd/system/calico-node.service | |
| if [ "${USE_CALICO}" = "true" ] && [ ! -f "${TEMPLATE}" ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| [Unit] | |
| Description=Calico per-host agent | |
| Requires=network-online.target | |
| After=network-online.target | |
| [Service] | |
| Slice=machine.slice | |
| Environment=CALICO_DISABLE_FILE_LOGGING=true | |
| Environment=HOSTNAME=${ADVERTISE_IP} | |
| Environment=IP=${ADVERTISE_IP} | |
| Environment=FELIX_FELIXHOSTNAME=${ADVERTISE_IP} | |
| Environment=CALICO_NETWORKING=false | |
| Environment=NO_DEFAULT_POOLS=true | |
| Environment=ETCD_ENDPOINTS=${ETCD_ENDPOINTS} | |
| ExecStart=/usr/bin/rkt run --inherit-env --stage1-from-dir=stage1-fly.aci \ | |
| --volume=modules,kind=host,source=/lib/modules,readOnly=false \ | |
| --mount=volume=modules,target=/lib/modules \ | |
| --trust-keys-from-https quay.io/calico/node:v0.19.0 | |
| KillMode=mixed | |
| Restart=always | |
| TimeoutStartSec=0 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/kubernetes/manifests/kube-proxy.yaml | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: kube-proxy | |
| namespace: kube-system | |
| annotations: | |
| rkt.alpha.kubernetes.io/stage1-name-override: coreos.com/rkt/stage1-fly | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| - name: kube-proxy | |
| image: ${HYPERKUBE_IMAGE_REPO}:$K8S_VER | |
| command: | |
| - /hyperkube | |
| - proxy | |
| - --master=http://127.0.0.1:8080 | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - mountPath: /etc/ssl/certs | |
| name: ssl-certs-host | |
| readOnly: true | |
| - mountPath: /var/run/dbus | |
| name: dbus | |
| readOnly: false | |
| volumes: | |
| - hostPath: | |
| path: /usr/share/ca-certificates | |
| name: ssl-certs-host | |
| - hostPath: | |
| path: /var/run/dbus | |
| name: dbus | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/kubernetes/manifests/kube-apiserver.yaml | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: kube-apiserver | |
| namespace: kube-system | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| - name: kube-apiserver | |
| image: ${HYPERKUBE_IMAGE_REPO}:$K8S_VER | |
| command: | |
| - /hyperkube | |
| - apiserver | |
| - --bind-address=0.0.0.0 | |
| - --etcd-servers=${ETCD_ENDPOINTS} | |
| - --allow-privileged=true | |
| - --service-cluster-ip-range=${SERVICE_IP_RANGE} | |
| - --secure-port=3443 | |
| - --advertise-address=${ADVERTISE_IP} | |
| - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota | |
| - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem | |
| - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem | |
| - --client-ca-file=/etc/kubernetes/ssl/ca.pem | |
| - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem | |
| - --basic-auth-file=/etc/kubernetes/ssl/passwd.csv | |
| - --token-auth-file=/etc/kubernetes/ssl/token.csv | |
| - --runtime-config=extensions/v1beta1/networkpolicies=true,extensions/v1beta1=true,extensions/v1beta1/thirdpartyresources=true | |
| livenessProbe: | |
| httpGet: | |
| host: 127.0.0.1 | |
| port: 8080 | |
| path: /healthz | |
| initialDelaySeconds: 15 | |
| timeoutSeconds: 15 | |
| ports: | |
| - containerPort: 3443 | |
| hostPort: 3443 | |
| name: https | |
| - containerPort: 8080 | |
| hostPort: 8080 | |
| name: local | |
| volumeMounts: | |
| - mountPath: /etc/kubernetes/ssl | |
| name: ssl-certs-kubernetes | |
| readOnly: true | |
| - mountPath: /etc/ssl/certs | |
| name: ssl-certs-host | |
| readOnly: true | |
| volumes: | |
| - hostPath: | |
| path: /etc/kubernetes/ssl | |
| name: ssl-certs-kubernetes | |
| - hostPath: | |
| path: /usr/share/ca-certificates | |
| name: ssl-certs-host | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/kubernetes/manifests/kube-controller-manager.yaml | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: kube-controller-manager | |
| namespace: kube-system | |
| spec: | |
| containers: | |
| - name: kube-controller-manager | |
| image: ${HYPERKUBE_IMAGE_REPO}:$K8S_VER | |
| command: | |
| - /hyperkube | |
| - controller-manager | |
| - --master=http://127.0.0.1:8080 | |
| - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem | |
| - --root-ca-file=/etc/kubernetes/ssl/ca.pem | |
| - --cloud-provider=aws | |
| resources: | |
| requests: | |
| cpu: 200m | |
| livenessProbe: | |
| httpGet: | |
| host: 127.0.0.1 | |
| path: /healthz | |
| port: 10252 | |
| initialDelaySeconds: 15 | |
| timeoutSeconds: 15 | |
| volumeMounts: | |
| - mountPath: /etc/kubernetes/ssl | |
| name: ssl-certs-kubernetes | |
| readOnly: true | |
| - mountPath: /etc/ssl/certs | |
| name: ssl-certs-host | |
| readOnly: true | |
| hostNetwork: true | |
| volumes: | |
| - hostPath: | |
| path: /etc/kubernetes/ssl | |
| name: ssl-certs-kubernetes | |
| - hostPath: | |
| path: /usr/share/ca-certificates | |
| name: ssl-certs-host | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/kubernetes/manifests/kube-scheduler.yaml | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: kube-scheduler | |
| namespace: kube-system | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| - name: kube-scheduler | |
| image: ${HYPERKUBE_IMAGE_REPO}:$K8S_VER | |
| command: | |
| - /hyperkube | |
| - scheduler | |
| - --master=http://127.0.0.1:8080 | |
| resources: | |
| requests: | |
| cpu: 100m | |
| livenessProbe: | |
| httpGet: | |
| host: 127.0.0.1 | |
| path: /healthz | |
| port: 10251 | |
| initialDelaySeconds: 15 | |
| timeoutSeconds: 15 | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/kubernetes/manifests/calico-policy-controller.yaml | |
| if [ "${USE_CALICO}" = "true" ] && [ ! -f "${TEMPLATE}" ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: calico-policy-controller | |
| namespace: calico-system | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| # The Calico policy controller. | |
| - name: kube-policy-controller | |
| image: calico/kube-policy-controller:v0.2.0 | |
| env: | |
| - name: ETCD_ENDPOINTS | |
| value: "${ETCD_ENDPOINTS}" | |
| - name: K8S_API | |
| value: "http://127.0.0.1:8080" | |
| - name: LEADER_ELECTION | |
| value: "true" | |
| # Leader election container used by the policy controller. | |
| - name: leader-elector | |
| image: quay.io/calico/leader-elector:v0.1.0 | |
| imagePullPolicy: IfNotPresent | |
| args: | |
| - "--election=calico-policy-election" | |
| - "--election-namespace=calico-system" | |
| - "--http=127.0.0.1:4040" | |
| EOF | |
| fi | |
| local TEMPLATE=/srv/kubernetes/manifests/calico-system.json | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "apiVersion": "v1", | |
| "kind": "Namespace", | |
| "metadata": { | |
| "name": "calico-system" | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/srv/kubernetes/manifests/kube-dns-rc.json | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "apiVersion": "v1", | |
| "kind": "ReplicationController", | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "kube-dns", | |
| "kubernetes.io/cluster-service": "true", | |
| "version": "v15" | |
| }, | |
| "name": "kube-dns-v15", | |
| "namespace": "kube-system" | |
| }, | |
| "spec": { | |
| "replicas": 1, | |
| "selector": { | |
| "k8s-app": "kube-dns", | |
| "version": "v15" | |
| }, | |
| "template": { | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "kube-dns", | |
| "kubernetes.io/cluster-service": "true", | |
| "version": "v15" | |
| } | |
| }, | |
| "spec": { | |
| "containers": [ | |
| { | |
| "args": [ | |
| "--domain=cluster.local.", | |
| "--dns-port=10053" | |
| ], | |
| "image": "gcr.io/google_containers/kubedns-amd64:1.3", | |
| "livenessProbe": { | |
| "failureThreshold": 5, | |
| "httpGet": { | |
| "path": "/healthz", | |
| "port": 8080, | |
| "scheme": "HTTP" | |
| }, | |
| "initialDelaySeconds": 60, | |
| "successThreshold": 1, | |
| "timeoutSeconds": 5 | |
| }, | |
| "name": "kubedns", | |
| "ports": [ | |
| { | |
| "containerPort": 10053, | |
| "name": "dns-local", | |
| "protocol": "UDP" | |
| }, | |
| { | |
| "containerPort": 10053, | |
| "name": "dns-tcp-local", | |
| "protocol": "TCP" | |
| } | |
| ], | |
| "readinessProbe": { | |
| "httpGet": { | |
| "path": "/readiness", | |
| "port": 8081, | |
| "scheme": "HTTP" | |
| }, | |
| "initialDelaySeconds": 30, | |
| "timeoutSeconds": 5 | |
| }, | |
| "resources": { | |
| "limits": { | |
| "cpu": "100m", | |
| "memory": "200Mi" | |
| }, | |
| "requests": { | |
| "cpu": "100m", | |
| "memory": "50Mi" | |
| } | |
| } | |
| }, | |
| { | |
| "args": [ | |
| "--cache-size=1000", | |
| "--no-resolv", | |
| "--server=127.0.0.1#10053" | |
| ], | |
| "image": "gcr.io/google_containers/kube-dnsmasq-amd64:1.3", | |
| "name": "dnsmasq", | |
| "ports": [ | |
| { | |
| "containerPort": 53, | |
| "name": "dns", | |
| "protocol": "UDP" | |
| }, | |
| { | |
| "containerPort": 53, | |
| "name": "dns-tcp", | |
| "protocol": "TCP" | |
| } | |
| ] | |
| }, | |
| { | |
| "args": [ | |
| "-cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null", | |
| "-port=8080", | |
| "-quiet" | |
| ], | |
| "image": "gcr.io/google_containers/exechealthz-amd64:1.0", | |
| "name": "healthz", | |
| "ports": [ | |
| { | |
| "containerPort": 8080, | |
| "protocol": "TCP" | |
| } | |
| ], | |
| "resources": { | |
| "limits": { | |
| "cpu": "10m", | |
| "memory": "20Mi" | |
| }, | |
| "requests": { | |
| "cpu": "10m", | |
| "memory": "20Mi" | |
| } | |
| } | |
| } | |
| ], | |
| "dnsPolicy": "Default" | |
| } | |
| } | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/srv/kubernetes/manifests/kube-dns-svc.json | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "apiVersion": "v1", | |
| "kind": "Service", | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "kube-dns", | |
| "kubernetes.io/cluster-service": "true", | |
| "kubernetes.io/name": "KubeDNS" | |
| }, | |
| "name": "kube-dns", | |
| "namespace": "kube-system" | |
| }, | |
| "spec": { | |
| "clusterIP": "$DNS_SERVICE_IP", | |
| "ports": [ | |
| { | |
| "name": "dns", | |
| "port": 53, | |
| "protocol": "UDP" | |
| }, | |
| { | |
| "name": "dns-tcp", | |
| "port": 53, | |
| "protocol": "TCP" | |
| } | |
| ], | |
| "selector": { | |
| "k8s-app": "kube-dns" | |
| } | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/srv/kubernetes/manifests/heapster-de.json | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "apiVersion": "extensions/v1beta1", | |
| "kind": "Deployment", | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "heapster", | |
| "kubernetes.io/cluster-service": "true", | |
| "version": "v1.1.0" | |
| }, | |
| "name": "heapster-v1.1.0", | |
| "namespace": "kube-system" | |
| }, | |
| "spec": { | |
| "replicas": 1, | |
| "selector": { | |
| "matchLabels": { | |
| "k8s-app": "heapster", | |
| "version": "v1.1.0" | |
| } | |
| }, | |
| "template": { | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "heapster", | |
| "version": "v1.1.0" | |
| } | |
| }, | |
| "spec": { | |
| "containers": [ | |
| { | |
| "command": [ | |
| "/heapster", | |
| "--source=kubernetes.summary_api:''" | |
| ], | |
| "image": "gcr.io/google_containers/heapster:v1.1.0", | |
| "name": "heapster", | |
| "resources": { | |
| "limits": { | |
| "cpu": "100m", | |
| "memory": "200Mi" | |
| }, | |
| "requests": { | |
| "cpu": "100m", | |
| "memory": "200Mi" | |
| } | |
| } | |
| }, | |
| { | |
| "command": [ | |
| "/pod_nanny", | |
| "--cpu=100m", | |
| "--extra-cpu=0.5m", | |
| "--memory=200Mi", | |
| "--extra-memory=4Mi", | |
| "--threshold=5", | |
| "--deployment=heapster-v1.1.0", | |
| "--container=heapster", | |
| "--poll-period=300000", | |
| "--estimator=exponential" | |
| ], | |
| "env": [ | |
| { | |
| "name": "MY_POD_NAME", | |
| "valueFrom": { | |
| "fieldRef": { | |
| "fieldPath": "metadata.name" | |
| } | |
| } | |
| }, | |
| { | |
| "name": "MY_POD_NAMESPACE", | |
| "valueFrom": { | |
| "fieldRef": { | |
| "fieldPath": "metadata.namespace" | |
| } | |
| } | |
| } | |
| ], | |
| "image": "gcr.io/google_containers/addon-resizer:1.3", | |
| "name": "heapster-nanny", | |
| "resources": { | |
| "limits": { | |
| "cpu": "50m", | |
| "memory": "100Mi" | |
| }, | |
| "requests": { | |
| "cpu": "50m", | |
| "memory": "100Mi" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/srv/kubernetes/manifests/heapster-svc.json | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "apiVersion": "v1", | |
| "kind": "Service", | |
| "metadata": { | |
| "labels": { | |
| "kubernetes.io/cluster-service": "true", | |
| "kubernetes.io/name": "Heapster" | |
| }, | |
| "name": "heapster", | |
| "namespace": "kube-system" | |
| }, | |
| "spec": { | |
| "ports": [ | |
| { | |
| "port": 80, | |
| "targetPort": 8082 | |
| } | |
| ], | |
| "selector": { | |
| "k8s-app": "heapster" | |
| } | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/srv/kubernetes/manifests/kube-dashboard-rc.json | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "apiVersion": "v1", | |
| "kind": "ReplicationController", | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "kubernetes-dashboard", | |
| "kubernetes.io/cluster-service": "true", | |
| "version": "v1.1.0" | |
| }, | |
| "name": "kubernetes-dashboard-v1.1.0", | |
| "namespace": "kube-system" | |
| }, | |
| "spec": { | |
| "replicas": 1, | |
| "selector": { | |
| "k8s-app": "kubernetes-dashboard" | |
| }, | |
| "template": { | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "kubernetes-dashboard", | |
| "kubernetes.io/cluster-service": "true", | |
| "version": "v1.1.0" | |
| } | |
| }, | |
| "spec": { | |
| "containers": [ | |
| { | |
| "image": "gcr.io/google_containers/kubernetes-dashboard-amd64:v1.1.0", | |
| "livenessProbe": { | |
| "httpGet": { | |
| "path": "/", | |
| "port": 9090 | |
| }, | |
| "initialDelaySeconds": 30, | |
| "timeoutSeconds": 30 | |
| }, | |
| "name": "kubernetes-dashboard", | |
| "ports": [ | |
| { | |
| "containerPort": 9090 | |
| } | |
| ], | |
| "resources": { | |
| "limits": { | |
| "cpu": "100m", | |
| "memory": "50Mi" | |
| }, | |
| "requests": { | |
| "cpu": "100m", | |
| "memory": "50Mi" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/srv/kubernetes/manifests/kube-dashboard-svc.json | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "apiVersion": "v1", | |
| "kind": "Service", | |
| "metadata": { | |
| "labels": { | |
| "k8s-app": "kubernetes-dashboard", | |
| "kubernetes.io/cluster-service": "true" | |
| }, | |
| "name": "kubernetes-dashboard", | |
| "namespace": "kube-system" | |
| }, | |
| "spec": { | |
| "ports": [ | |
| { | |
| "port": 80, | |
| "targetPort": 9090 | |
| } | |
| ], | |
| "selector": { | |
| "k8s-app": "kubernetes-dashboard" | |
| } | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/flannel/options.env | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| FLANNELD_IFACE=$ADVERTISE_IP | |
| FLANNELD_ETCD_ENDPOINTS=$ETCD_ENDPOINTS | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf.conf | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| [Service] | |
| ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/systemd/system/docker.service.d/40-flannel.conf | |
| if [ ! -f $TEMPLATE ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| [Unit] | |
| Requires=flanneld.service | |
| After=flanneld.service | |
| [Service] | |
| ExecStart= | |
| ExecStart=/usr/lib/coreos/dockerd daemon --host=fd:// \$DOCKER_OPTS \$DOCKER_CGROUPS \$DOCKER_OPT_MTU | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/kubernetes/cni/net.d/10-calico.conf | |
| if [ "${USE_CALICO}" = "true" ] && [ ! -f "${TEMPLATE}" ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "name": "calico", | |
| "type": "flannel", | |
| "delegate": { | |
| "type": "calico", | |
| "etcd_endpoints": "$ETCD_ENDPOINTS", | |
| "log_level": "none", | |
| "log_level_stderr": "info", | |
| "hostname": "${ADVERTISE_IP}", | |
| "policy": { | |
| "type": "k8s", | |
| "k8s_api_root": "http://127.0.0.1:8080/api/v1/" | |
| } | |
| } | |
| } | |
| EOF | |
| fi | |
| local TEMPLATE=/etc/kubernetes/cni/net.d/10-flannel.conf | |
| if [ "${USE_CALICO}" = "false" ] && [ ! -f "${TEMPLATE}" ]; then | |
| echo "TEMPLATE: $TEMPLATE" | |
| mkdir -p $(dirname $TEMPLATE) | |
| cat << EOF > $TEMPLATE | |
| { | |
| "name": "podnet", | |
| "type": "flannel", | |
| "delegate": { | |
| "isDefaultGateway": true | |
| } | |
| } | |
| EOF | |
| fi | |
| } | |
| function start_addons { | |
| echo "Waiting for Kubernetes API..." | |
| until curl --silent "http://127.0.0.1:8080/version" | |
| do | |
| sleep 5 | |
| done | |
| echo | |
| echo "K8S: DNS addon" | |
| curl --silent -H "Content-Type: application/json" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-rc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/replicationcontrollers" > /dev/null | |
| curl --silent -H "Content-Type: application/json" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-svc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" > /dev/null | |
| echo "K8S: Heapster addon" | |
| curl --silent -H "Content-Type: application/json" -XPOST -d"$(cat /srv/kubernetes/manifests/heapster-de.json)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments" > /dev/null | |
| curl --silent -H "Content-Type: application/json" -XPOST -d"$(cat /srv/kubernetes/manifests/heapster-svc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" > /dev/null | |
| echo "K8S: Dashboard addon" | |
| curl --silent -H "Content-Type: application/json" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dashboard-rc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/replicationcontrollers" > /dev/null | |
| curl --silent -H "Content-Type: application/json" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dashboard-svc.json)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" > /dev/null | |
| } | |
| function enable_calico_policy { | |
| echo "Waiting for Kubernetes API..." | |
| until curl --silent "http://127.0.0.1:8080/version" | |
| do | |
| sleep 5 | |
| done | |
| echo | |
| echo "K8S: Calico Policy" | |
| curl --silent -H "Content-Type: application/json" -XPOST -d"$(cat /srv/kubernetes/manifests/calico-system.json)" "http://127.0.0.1:8080/api/v1/namespaces/" > /dev/null | |
| } | |
| init_kube_binaries | |
| init_config | |
| init_templates | |
| systemctl enable etcd2; systemctl start etcd2 | |
| chmod +x /opt/bin/host-rkt | |
| init_flannel | |
| systemctl stop update-engine; systemctl mask update-engine | |
| systemctl daemon-reload | |
| if [ $CONTAINER_RUNTIME = "rkt" ]; then | |
| systemctl enable load-rkt-stage1 | |
| systemctl enable rkt-api | |
| fi | |
| systemctl enable flanneld; systemctl start flanneld | |
| systemctl enable kubelet; systemctl start kubelet | |
| if [ $USE_CALICO = "true" ]; then | |
| systemctl enable calico-node; systemctl start calico-node | |
| enable_calico_policy | |
| fi | |
| start_addons | |
| echo "DONE" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment