Merge pull request #686 from crystaldust/feature/support-kubernetes-1.9

Feature/support kubernetes 1.9
Huawei · Apr 17, 2018 · be74dd3 · be74dd3
2 parents dbc39b5 + 5859f03
commit be74dd3
Show file tree

Hide file tree

Showing 3 changed files with 193 additions and 2 deletions.
diff --git a/singular/module/infras/kubernetes.go b/singular/module/infras/kubernetes.go
@@ -836,6 +836,7 @@ func setKubeletClusterrolebinding(d *objects.Deployment, nodes []*objects.Node,
 	if err := utils.WaitForHostPort(masterIP, 6443, 3, 20); err != nil {
 		return err
 	}
+	time.Sleep(time.Second * 5)
 	for i, node := range nodes {
 		if i == 0 {
 			cmd := "/usr/local/bin/kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap"
@@ -856,7 +857,7 @@ func generateKubeletSystemdFile(d *objects.Deployment, nodes []*objects.Node, ve
 
 		cmd := "which iptables"
 		var buf bytes.Buffer
-		if err := utils.SSHCommand(node.User, d.Tools.SSH.Private, node.IP, tools.DefaultSSHPort, []string{cmd}, &buf, &buf); err != nil {
+		if err := utils.SSHCommand(node.User, d.Tools.SSH.Private, node.IP, tools.DefaultSSHPort, []string{cmd}, &buf, ioutil.Discard); err != nil {
 			return nil, err
 		}
 		iptablesAbsolutePath := strings.TrimSpace(buf.String())

diff --git a/singular/module/template/kubernetes.go b/singular/module/template/kubernetes.go
@@ -101,6 +101,34 @@ var kubernetesCATemplate = map[string]string{
         "OU": "System"
       }
     ]
+  }
+    `,
+	"kubernetes-1.9": `
+  {
+    "CN": "kubernetes",
+    "hosts": [
+      "127.0.0.1",
+      "{{.MasterIP}}",
+      "10.254.0.1",
+      "kubernetes",
+      "kubernetes.default",
+      "kubernetes.default.svc",
+      "kubernetes.default.svc.cluster",
+      "kubernetes.default.svc.cluster.local"
+    ],
+    "key": {
+      "algo": "rsa",
+      "size": 4096
+    },
+    "names": [
+      {
+        "C": "CN",
+        "ST": "BeiJing",
+        "L": "BeiJing",
+        "O": "k8s",
+        "OU": "System"
+      }
+    ]
   }
     `,
 }
@@ -235,6 +263,50 @@ var kubernetesAPIServerSystemdTemplate = map[string]string{
   Type=notify
   LimitNOFILE=65536
 
+  [Install]
+  WantedBy=multi-user.target
+  `,
+	"kubernetes-1.9": `
+  [Unit]
+  Description=Kubernetes API Server
+  Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+  After=network.target
+
+  [Service]
+  ExecStart=/usr/local/bin/kube-apiserver \
+    --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
+    --advertise-address={{.MasterIP}} \
+    --bind-address={{.MasterIP}} \
+    --insecure-bind-address={{.MasterIP}} \
+    --authorization-mode=Node,RBAC \
+    --runtime-config=rbac.authorization.k8s.io/v1alpha1 \
+    --kubelet-https=true \
+    --enable-bootstrap-token-auth \
+    --token-auth-file=/etc/kubernetes/token.csv \
+    --service-cluster-ip-range=10.254.0.0/16 \
+    --service-node-port-range=8400-9000 \
+    --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
+    --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
+    --client-ca-file=/etc/kubernetes/ssl/ca.pem \
+    --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem \
+    --etcd-cafile=/etc/kubernetes/ssl/ca.pem \
+    --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem \
+    --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem \
+    --etcd-servers={{.Nodes}} \
+    --enable-swagger-ui=true \
+    --allow-privileged=true \
+    --apiserver-count=3 \
+    --audit-log-maxage=30 \
+    --audit-log-maxbackup=3 \
+    --audit-log-maxsize=100 \
+    --audit-log-path=/var/lib/audit.log \
+    --event-ttl=1h \
+    --v=2
+  Restart=on-failure
+  RestartSec=5
+  Type=notify
+  LimitNOFILE=65536
+
   [Install]
   WantedBy=multi-user.target
   `,
@@ -313,6 +385,31 @@ ExecStart=/usr/local/bin/kube-controller-manager \
 Restart=on-failure
 RestartSec=5
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.9": `
+[Unit]
+Description=Kubernetes Controller Manager
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+
+[Service]
+ExecStart=/usr/local/bin/kube-controller-manager \
+  --address=127.0.0.1 \
+  --master=http://{{.MasterIP}}:8080 \
+  --allocate-node-cidrs=true \
+  --service-cluster-ip-range=10.254.0.0/16 \
+  --cluster-cidr=172.30.0.0/16 \
+  --cluster-name=kubernetes \
+  --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \
+  --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \
+  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \
+  --root-ca-file=/etc/kubernetes/ssl/ca.pem \
+  --leader-elect=true \
+  --v=2
+Restart=on-failure
+RestartSec=5
+
 [Install]
 WantedBy=multi-user.target
 `,
@@ -367,6 +464,23 @@ ExecStart=/usr/local/bin/kube-scheduler \
 Restart=on-failure
 RestartSec=5
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.9": `
+[Unit]
+Description=Kubernetes Scheduler
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+
+[Service]
+ExecStart=/usr/local/bin/kube-scheduler \
+  --address=127.0.0.1 \
+  --master=http://{{.MasterIP}}:8080 \
+  --leader-elect=true \
+  --v=2
+Restart=on-failure
+RestartSec=5
+
 [Install]
 WantedBy=multi-user.target
 `,
@@ -475,6 +589,41 @@ ExecStopPost={{.iptables}} -A INPUT -p tcp --dport 4194 -j DROP
 Restart=on-failure
 RestartSec=5
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.9": `
+[Unit]
+Description=Kubernetes Kubelet
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=docker.service
+Requires=docker.service
+
+[Service]
+WorkingDirectory=/var/lib/kubelet
+ExecStart=/usr/local/bin/kubelet \
+  --address={{.IP}} \
+  --hostname-override={{.IP}} \
+  --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest \
+  --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \
+  --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
+  --require-kubeconfig \
+  --cert-dir=/etc/kubernetes/ssl \
+  --cluster-dns=8.8.8.8 \
+  --cluster-domain=cluster.local. \
+  --hairpin-mode promiscuous-bridge \
+  --allow-privileged=true \
+  --serialize-image-pulls=false \
+  --logtostderr=true \
+  --fail-swap-on=false \
+  --v=2
+ExecStopPost={{.iptables}} -A INPUT -s 10.0.0.0/8 -p tcp --dport 4194 -j ACCEPT
+ExecStopPost={{.iptables}} -A INPUT -s 172.16.0.0/12 -p tcp --dport 4194 -j ACCEPT
+ExecStopPost={{.iptables}} -A INPUT -s 192.168.0.0/16 -p tcp --dport 4194 -j ACCEPT
+ExecStopPost={{.iptables}} -A INPUT -p tcp --dport 4194 -j DROP
+Restart=on-failure
+RestartSec=5
+
 [Install]
 WantedBy=multi-user.target
 `,
@@ -537,6 +686,25 @@ var kubeProxyCATemplate = map[string]string{
     }
   ]
 }
+`,
+	"kubernetes-1.9": `
+{
+  "CN": "system:kube-proxy",
+  "hosts": [],
+  "key": {
+    "algo": "rsa",
+    "size": 4096
+  },
+  "names": [
+    {
+      "C": "CN",
+      "ST": "BeiJing",
+      "L": "BeiJing",
+      "O": "k8s",
+      "OU": "System"
+    }
+  ]
+}
 `,
 }
 
@@ -604,6 +772,28 @@ Restart=on-failure
 RestartSec=5
 LimitNOFILE=65536
 
+[Install]
+WantedBy=multi-user.target
+`,
+	"kubernetes-1.9": `
+[Unit]
+Description=Kubernetes Kube-Proxy Server
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=network.target
+
+[Service]
+WorkingDirectory=/var/lib/kube-proxy
+ExecStart=/usr/local/bin/kube-proxy \
+  --bind-address={{.IP}} \
+  --hostname-override={{.IP}} \
+  --cluster-cidr=10.254.0.0/16 \
+  --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
+  --logtostderr=true \
+  --v=2
+Restart=on-failure
+RestartSec=5
+LimitNOFILE=65536
+
 [Install]
 WantedBy=multi-user.target
 `,

diff --git a/singular/module/tools/binary.go b/singular/module/tools/binary.go
@@ -43,7 +43,7 @@ func DownloadComponent(files []map[string]string, host, private, user string, st
 					return err
 				}
 			} else {
-				return fmt.Errorf("the file not exist")
+				return fmt.Errorf("the file not exist: %s", files[0]["src"])
 			}
 		} else {
 			if err = downloadBinary(files, host, private, user, stdout); err != nil {