This repository has been archived by the owner on Oct 26, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
bootkube.yaml
97 lines (92 loc) · 4.45 KB
/
bootkube.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#cloud-config
coreos:
units:
- name: etcd-member.service
command: start
drop-ins:
- name: 40-etcd-cluster.conf
content: |
[Service]
Environment="ETCD_IMAGE_TAG=v3.1.8"
Environment="ETCD_NAME=bootkube"
Environment="ETCD_ADVERTISE_CLIENT_URLS=https://master-1.coreos.local:2379"
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=https://master-1.coreos.local:2380"
Environment="ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
Environment="ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
Environment="ETCD_INITIAL_CLUSTER=bootkube=https://master-1.coreos.local:2380"
Environment="ETCD_STRICT_RECONFIG_CHECK=true"
Environment="ETCD_SSL_DIR=/etc/etcd/tls"
Environment="ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt"
Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt"
Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key"
Environment="ETCD_CLIENT_CERT_AUTH=true"
Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt"
Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt"
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
- name: kubelet.service
enable: true
command: start
content: |
[Service]
EnvironmentFile=/etc/environment
Environment=KUBELET_IMAGE_URL=quay.io/coreos/hyperkube
Environment=KUBELET_IMAGE_TAG=v1.10.0_coreos.0
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/run/kubelet-pod.uuid \
--volume etc-resolv,kind=host,source=/etc/resolv.conf \
--mount volume=etc-resolv,target=/etc/resolv.conf \
--volume var-lib-cni,kind=host,source=/var/lib/cni \
--mount volume=var-lib-cni,target=/var/lib/cni \
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet \
--mount volume=var-lib-kubelet,target=/var/lib/kubelet"
ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests
ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
ExecStartPre=/bin/mkdir -p /etc/kubernetes/checkpoint-secrets
ExecStartPre=/bin/mkdir -p /etc/kubernetes/inactive-manifests
ExecStartPre=/bin/mkdir -p /var/lib/kubelet/pki
ExecStartPre=/bin/mkdir -p /var/lib/cni
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid
ExecStart=/usr/lib/coreos/kubelet-wrapper \
--kubeconfig=/etc/kubernetes/kubeconfig \
--client-ca-file=/etc/kubernetes/ca.crt \
--anonymous-auth=false \
--cert-dir=/var/lib/kubelet/pki \
--cni-conf-dir=/etc/kubernetes/cni/net.d \
--network-plugin=cni \
--lock-file=/var/run/lock/kubelet.lock \
--exit-on-lock-contention \
--pod-manifest-path=/etc/kubernetes/manifests \
--allow-privileged \
--minimum-container-ttl-duration=3m0s \
--hostname-override=${COREOS_PUBLIC_IPV4} \
--node-labels=node-role.kubernetes.io/master \
--register-with-taints=node-role.kubernetes.io/master=:NoSchedule \
--cluster_dns=10.3.0.10 \
--cluster_domain=cluster.local \
--rotate-certificates
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
- name: bootkube.service
command: "start"
content: |
[Unit]
Description=Start bootkube to launch a self-hosted cluster
Requires=kubelet.service
After=kubelet.service
[Service]
Type=oneshot
EnvironmentFile=/etc/environment
ExecStart=/usr/bin/rkt run --volume home,kind=host,source=/home/core \
--mount volume=home,target=/core \
--volume etc-resolv,kind=host,source=/etc/resolv.conf \
--mount volume=etc-resolv,target=/etc/resolv.conf \
--volume manifests,kind=host,source=/etc/kubernetes \
--mount volume=manifests,target=/etc/kubernetes \
--volume ca-certs,kind=host,source=/etc/ssl/certs/ca-certificates.crt \
--mount volume=ca-certs,target=/etc/ssl/certs/ca-certificates.crt \
--trust-keys-from-https --net=host quay.io/coreos/bootkube:v0.12.0 \
--exec /bootkube -- start --asset-dir=/core/ASSETVAR
RemainAfterExit=yes