-
Notifications
You must be signed in to change notification settings - Fork 0
/
02-worker.yaml
119 lines (116 loc) · 4.25 KB
/
02-worker.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#cloud-config
write_files:
- path: "/etc/flannel/options.env"
permissions: "0755"
content: |
FLANNELD_IFACE=$private_ipv4
FLANNELD_ETCD_ENDPOINTS=https://${ETCD_IP}:2379
FLANNELD_ETCD_CAFILE=/etc/ssl/etcd/ca.pem
FLANNELD_ETCD_CERTFILE=/etc/ssl/etcd/worker.pem
FLANNELD_ETCD_KEYFILE=/etc/ssl/etcd/worker-key.pem
- path: "/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf"
permissions: "0755"
content: |
[Service]
ExecStartPre=/usr/bin/ln -sf /etc/flannel/options.env /run/flannel/options.env
- path: "/etc/systemd/system/docker.service.d/40-flannel.conf"
permissions: "0755"
content: |
[Unit]
Requires=flanneld.service
After=flanneld.service
- path: "/etc/systemd/system/kubelet.service"
permissions: "0755"
content: |
[Service]
Environment=KUBELET_IMAGE_TAG=${HYPERKUBE_VERSION}
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \
--volume dns,kind=host,source=/etc/resolv.conf \
--mount volume=dns,target=/etc/resolv.conf \
--volume var-log,kind=host,source=/var/log \
--mount volume=var-log,target=/var/log"
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
ExecStartPre=/usr/bin/mkdir -p /var/log/containers
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid
ExecStart=/usr/lib/coreos/kubelet-wrapper \
--anonymous-auth=false \
--client-ca-file=/etc/kubernetes/ssl/ca.pem \
--require-kubeconfig \
--network-plugin-dir=/etc/kubernetes/cni/net.d \
--container-runtime=docker \
--register-node=true \
--allow-privileged=true \
--cloud-provider=external \
--pod-manifest-path=/etc/kubernetes/manifests \
--cluster-dns=${DNS_SERVICE_IP} \
--cluster-domain=cluster.local \
--kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml \
--tls-cert-file=/etc/kubernetes/ssl/worker.pem \
--tls-private-key-file=/etc/kubernetes/ssl/worker-key.pem \
--node-labels=kubernetes.io/role=node
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
- path: "/etc/kubernetes/manifests/kube-proxy.yaml"
permissions: "0755"
content: |
apiVersion: v1
kind: Pod
metadata:
name: kube-proxy
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-proxy
image: quay.io/coreos/hyperkube:${HYPERKUBE_VERSION}
command:
- /hyperkube
- proxy
- --master=https://${MASTER_HOST}
- --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
- --proxy-mode=iptables
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/ssl/certs
name: "ssl-certs"
- mountPath: /etc/kubernetes/worker-kubeconfig.yaml
name: "kubeconfig"
readOnly: true
- mountPath: /etc/kubernetes/ssl
name: "etc-kube-ssl"
readOnly: true
volumes:
- name: "ssl-certs"
hostPath:
path: "/usr/share/ca-certificates"
- name: "kubeconfig"
hostPath:
path: "/etc/kubernetes/worker-kubeconfig.yaml"
- name: "etc-kube-ssl"
hostPath:
path: "/etc/kubernetes/ssl"
- path: "/etc/kubernetes/worker-kubeconfig.yaml"
permissions: "0755"
content: |
apiVersion: v1
kind: Config
clusters:
- name: local
cluster:
server: https://${MASTER_HOST}
certificate-authority: /etc/kubernetes/ssl/ca.pem
users:
- name: kubelet
user:
client-certificate: /etc/kubernetes/ssl/worker.pem
client-key: /etc/kubernetes/ssl/worker-key.pem
contexts:
- context:
cluster: local
user: kubelet
name: kubelet-context
current-context: kubelet-context