Add the template files for kubernetes 1.8

The difference is the template for kube-apiserver, since the auth mode has changed since kubernetes 1.8, the Node permission is no longer auto bound under RBAC mode, it should be specified explicitly. Reference: https://kubernetes.io/docs/admin/authorization/node/
Huawei · Feb 12, 2018 · 01a5b85 · 01a5b85
1 parent 7539a7e
commit 01a5b85
Showing 1 changed file with 190 additions and 0 deletions.
diff --git a/singular/module/template/kubernetes.go b/singular/module/template/kubernetes.go
@@ -73,6 +73,34 @@ var kubernetesCATemplate = map[string]string{
         "OU": "System"
       }
     ]
+  }
+    `,
+	"kubernetes-1.8": `
+  {
+    "CN": "kubernetes",
+    "hosts": [
+      "127.0.0.1",
+      "{{.MasterIP}}",
+      "10.254.0.1",
+      "kubernetes",
+      "kubernetes.default",
+      "kubernetes.default.svc",
+      "kubernetes.default.svc.cluster",
+      "kubernetes.default.svc.cluster.local"
+    ],
+    "key": {
+      "algo": "rsa",
+      "size": 4096
+    },
+    "names": [
+      {
+        "C": "CN",
+        "ST": "BeiJing",
+        "L": "BeiJing",
+        "O": "k8s",
+        "OU": "System"
+      }
+    ]
   }
     `,
 }
@@ -163,6 +191,50 @@ var kubernetesAPIServerSystemdTemplate = map[string]string{
   Type=notify
   LimitNOFILE=65536
 
+  [Install]
+  WantedBy=multi-user.target
+  `,
+	"kubernetes-1.8": `
+  [Unit]
+  Description=Kubernetes API Server
+  Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+  After=network.target
+
+  [Service]
+  ExecStart=/usr/local/bin/kube-apiserver \
+    --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
+    --advertise-address={{.MasterIP}} \
+    --bind-address={{.MasterIP}} \
+    --insecure-bind-address={{.MasterIP}} \
+    --authorization-mode=Node,RBAC \
+    --runtime-config=rbac.authorization.k8s.io/v1alpha1 \
+    --kubelet-https=true \
+    --experimental-bootstrap-token-auth \
+    --token-auth-file=/etc/kubernetes/token.csv \
+    --service-cluster-ip-range=10.254.0.0/16 \
+    --service-node-port-range=8400-9000 \
+    --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
+    --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
+    --client-ca-file=/etc/kubernetes/ssl/ca.pem \
+    --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem \
+    --etcd-cafile=/etc/kubernetes/ssl/ca.pem \
+    --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem \
+    --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem \
+    --etcd-servers={{.Nodes}} \
+    --enable-swagger-ui=true \
+    --allow-privileged=true \
+    --apiserver-count=3 \
+    --audit-log-maxage=30 \
+    --audit-log-maxbackup=3 \
+    --audit-log-maxsize=100 \
+    --audit-log-path=/var/lib/audit.log \
+    --event-ttl=1h \
+    --v=2
+  Restart=on-failure
+  RestartSec=5
+  Type=notify
+  LimitNOFILE=65536
+
   [Install]
   WantedBy=multi-user.target
   `,
@@ -216,6 +288,31 @@ ExecStart=/usr/local/bin/kube-controller-manager \
 Restart=on-failure
 RestartSec=5
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.8": `
+[Unit]
+Description=Kubernetes Controller Manager
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+
+[Service]
+ExecStart=/usr/local/bin/kube-controller-manager \
+  --address=127.0.0.1 \
+  --master=http://{{.MasterIP}}:8080 \
+  --allocate-node-cidrs=true \
+  --service-cluster-ip-range=10.254.0.0/16 \
+  --cluster-cidr=172.30.0.0/16 \
+  --cluster-name=kubernetes \
+  --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \
+  --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \
+  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \
+  --root-ca-file=/etc/kubernetes/ssl/ca.pem \
+  --leader-elect=true \
+  --v=2
+Restart=on-failure
+RestartSec=5
+
 [Install]
 WantedBy=multi-user.target
 `,
@@ -253,6 +350,23 @@ ExecStart=/usr/local/bin/kube-scheduler \
 Restart=on-failure
 RestartSec=5
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.8": `
+[Unit]
+Description=Kubernetes Scheduler
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+
+[Service]
+ExecStart=/usr/local/bin/kube-scheduler \
+  --address=127.0.0.1 \
+  --master=http://{{.MasterIP}}:8080 \
+  --leader-elect=true \
+  --v=2
+Restart=on-failure
+RestartSec=5
+
 [Install]
 WantedBy=multi-user.target
 `,
@@ -326,6 +440,41 @@ ExecStopPost={{.iptables}} -A INPUT -p tcp --dport 4194 -j DROP
 Restart=on-failure
 RestartSec=5
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.8": `
+[Unit]
+Description=Kubernetes Kubelet
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=docker.service
+Requires=docker.service
+
+[Service]
+WorkingDirectory=/var/lib/kubelet
+ExecStart=/usr/local/bin/kubelet \
+  --address={{.IP}} \
+  --hostname-override={{.IP}} \
+  --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest \
+  --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \
+  --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
+  --require-kubeconfig \
+  --cert-dir=/etc/kubernetes/ssl \
+  --cluster-dns=8.8.8.8 \
+  --cluster-domain=cluster.local. \
+  --hairpin-mode promiscuous-bridge \
+  --allow-privileged=true \
+  --serialize-image-pulls=false \
+  --logtostderr=true \
+  --fail-swap-on=false \
+  --v=2
+ExecStopPost={{.iptables}} -A INPUT -s 10.0.0.0/8 -p tcp --dport 4194 -j ACCEPT
+ExecStopPost={{.iptables}} -A INPUT -s 172.16.0.0/12 -p tcp --dport 4194 -j ACCEPT
+ExecStopPost={{.iptables}} -A INPUT -s 192.168.0.0/16 -p tcp --dport 4194 -j ACCEPT
+ExecStopPost={{.iptables}} -A INPUT -p tcp --dport 4194 -j DROP
+Restart=on-failure
+RestartSec=5
+
 [Install]
 WantedBy=multi-user.target
 `,
@@ -369,6 +518,25 @@ var kubeProxyCATemplate = map[string]string{
     }
   ]
 }
+`,
+	"kubernetes-1.8": `
+{
+  "CN": "system:kube-proxy",
+  "hosts": [],
+  "key": {
+    "algo": "rsa",
+    "size": 4096
+  },
+  "names": [
+    {
+      "C": "CN",
+      "ST": "BeiJing",
+      "L": "BeiJing",
+      "O": "k8s",
+      "OU": "System"
+    }
+  ]
+}
 `,
 }
 
@@ -414,6 +582,28 @@ Restart=on-failure
 RestartSec=5
 LimitNOFILE=65536
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.8": `
+[Unit]
+Description=Kubernetes Kube-Proxy Server
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=network.target
+
+[Service]
+WorkingDirectory=/var/lib/kube-proxy
+ExecStart=/usr/local/bin/kube-proxy \
+  --bind-address={{.IP}} \
+  --hostname-override={{.IP}} \
+  --cluster-cidr=10.254.0.0/16 \
+  --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
+  --logtostderr=true \
+  --v=2
+Restart=on-failure
+RestartSec=5
+LimitNOFILE=65536
+
 [Install]
 WantedBy=multi-user.target
 `,