diff --git a/package/certdownloader/Dockerfile b/package/certs-deployer/Dockerfile similarity index 100% rename from package/certdownloader/Dockerfile rename to package/certs-deployer/Dockerfile diff --git a/package/certs-deployer/build-and-push.sh b/package/certs-deployer/build-and-push.sh new file mode 100755 index 000000000..a39600040 --- /dev/null +++ b/package/certs-deployer/build-and-push.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ACCT=${ACCT:-rancher} + +docker build -t $ACCT/rke-cert-deployer:0.1.0 . +docker push $ACCT/rke-cert-deployer:0.1.0 diff --git a/package/certdownloader/entrypoint.sh b/package/certs-deployer/entrypoint.sh similarity index 100% rename from package/certdownloader/entrypoint.sh rename to package/certs-deployer/entrypoint.sh diff --git a/package/kubectl/Dockerfile b/package/kubectl/Dockerfile deleted file mode 100644 index f48f4c379..000000000 --- a/package/kubectl/Dockerfile +++ /dev/null @@ -1,10 +0,0 @@ -FROM alpine:3.4 - -RUN apk update && apk add bash curl -RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.7.5/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/local/bin/ - -RUN mkdir -p /network /addons /root/.kube/ -COPY network/*.yaml /network/ -COPY addons/*.yaml /addons/ -COPY entrypoint.sh /tmp/entrypoint.sh -ENTRYPOINT ["/tmp/entrypoint.sh"] diff --git a/package/kubectl/addons/kubedns.yaml b/package/kubectl/addons/kubedns.yaml deleted file mode 100644 index cc9f6f216..000000000 --- a/package/kubectl/addons/kubedns.yaml +++ /dev/null @@ -1,202 +0,0 @@ -# Copyright 2016 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml -# in sync with this file. - -# Warning: This is a file generated from the base underscore template file: kubedns-controller.yaml.base ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-dns - namespace: kube-system - labels: - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: kube-dns - namespace: kube-system - labels: - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile -spec: - # replicas: not specified here: - # 1. In order to make Addon Manager do not reconcile this replicas parameter. - # 2. Default is 1. - # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 0 - selector: - matchLabels: - k8s-app: kube-dns - template: - metadata: - labels: - k8s-app: kube-dns - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" - volumes: - - name: kube-dns-config - configMap: - name: kube-dns - optional: true - containers: - - name: kubedns - image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 - resources: - # TODO: Set memory limits when we've profiled the container for large - # clusters, then set request = limit to keep this container in - # guaranteed class. Currently, this container falls into the - # "burstable" category so the kubelet doesn't backoff from restarting it. - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - livenessProbe: - httpGet: - path: /healthcheck/kubedns - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: 8081 - scheme: HTTP - # we poll on pod startup for the Kubernetes master service and - # only setup the /readiness HTTP server once that's available. - initialDelaySeconds: 3 - timeoutSeconds: 5 - args: - - --domain=RKE_CLUSTER_DOMAIN. - - --dns-port=10053 - - --config-dir=/kube-dns-config - - --v=2 - env: - - name: PROMETHEUS_PORT - value: "10055" - ports: - - containerPort: 10053 - name: dns-local - protocol: UDP - - containerPort: 10053 - name: dns-tcp-local - protocol: TCP - - containerPort: 10055 - name: metrics - protocol: TCP - volumeMounts: - - name: kube-dns-config - mountPath: /kube-dns-config - - name: dnsmasq - image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 - livenessProbe: - httpGet: - path: /healthcheck/dnsmasq - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - args: - - -v=2 - - -logtostderr - - -configDir=/etc/k8s/dns/dnsmasq-nanny - - -restartDnsmasq=true - - -- - - -k - - --cache-size=1000 - - --log-facility=- - - --server=/RKE_CLUSTER_DOMAIN/127.0.0.1#10053 - - --server=/in-addr.arpa/127.0.0.1#10053 - - --server=/ip6.arpa/127.0.0.1#10053 - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - # see: https://github.com/kubernetes/kubernetes/issues/29055 for details - resources: - requests: - cpu: 150m - memory: 20Mi - volumeMounts: - - name: kube-dns-config - mountPath: /etc/k8s/dns/dnsmasq-nanny - - name: sidecar - image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 - livenessProbe: - httpGet: - path: /metrics - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - args: - - --v=2 - - --logtostderr - - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.RKE_CLUSTER_DOMAIN,5,A - - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.RKE_CLUSTER_DOMAIN,5,A - ports: - - containerPort: 10054 - name: metrics - protocol: TCP - resources: - requests: - memory: 20Mi - cpu: 10m - dnsPolicy: Default # Don't use cluster DNS. - serviceAccountName: kube-dns ---- -apiVersion: v1 -kind: Service -metadata: - name: kube-dns - namespace: kube-system - labels: - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/name: "KubeDNS" -spec: - selector: - k8s-app: kube-dns - clusterIP: RKE_DNS_SERVER - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/package/kubectl/entrypoint.sh b/package/kubectl/entrypoint.sh deleted file mode 100755 index 9948cc715..000000000 --- a/package/kubectl/entrypoint.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -x - -# Set template configration -for i in $(env | grep -o RKE_.*=); do - key=$(echo "$i" | cut -f1 -d"=") - value=$(echo "${!key}") - for f in /network/*.yaml /addons/*.yaml; do - sed -i "s|${key}|${value}|g" ${f} - done -done - - -for i in $(env | grep -o KUBECFG_.*=); do - name="$(echo "$i" | cut -f1 -d"=" | tr '[:upper:]' '[:lower:]' | tr '_' '-').yaml" - env=$(echo "$i" | cut -f1 -d"=") - value=$(echo "${!env}") - if [ ! -f $SSL_CRTS_DIR/$name ]; then - echo "$value" > /root/.kube/config - fi -done - -kubectl ${@} diff --git a/package/kubectl/network/flannel.yaml b/package/kubectl/network/flannel.yaml deleted file mode 100644 index 740aebf09..000000000 --- a/package/kubectl/network/flannel.yaml +++ /dev/null @@ -1,122 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: kube-flannel-cfg - namespace: "kube-system" - labels: - tier: node - app: flannel -data: - cni-conf.json: | - { - "name":"cbr0", - "cniVersion":"0.3.1", - "plugins":[ - { - "type":"flannel", - "delegate":{ - "forceAddress":true, - "isDefaultGateway":true - } - }, - { - "type":"portmap", - "capabilities":{ - "portMappings":true - } - } - ] - } - net-conf.json: | - { - "Network": "RKE_CLUSTER_CIDR", - "Backend": { - "Type": "vxlan" - } - } ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-flannel - namespace: "kube-system" - labels: - tier: node - k8s-app: flannel -spec: - template: - metadata: - labels: - tier: node - k8s-app: flannel - spec: - containers: - - name: kube-flannel - image: quay.io/coreos/flannel:v0.8.0 - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 300m - memory: 500M - requests: - cpu: 150m - memory: 64M - command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - - name: install-cni - image: quay.io/coreos/flannel-cni:v0.2.0 - command: ["/install-cni.sh"] - env: - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: kube-flannel-cfg - key: cni-conf.json - - name: CNI_CONF_NAME - value: "10-flannel.conflist" - volumeMounts: - - name: cni - mountPath: /host/etc/cni/net.d - - name: host-cni-bin - mountPath: /host/opt/cni/bin/ - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - volumes: - - name: run - hostPath: - path: /run - - name: cni - hostPath: - path: /etc/cni/net.d - - name: flannel-cfg - configMap: - name: kube-flannel-cfg - - name: host-cni-bin - hostPath: - path: /opt/cni/bin - updateStrategy: - rollingUpdate: - maxUnavailable: 20% - type: RollingUpdate diff --git a/package/nginx-proxy/build-and-push.sh b/package/nginx-proxy/build-and-push.sh new file mode 100755 index 000000000..0d45694dc --- /dev/null +++ b/package/nginx-proxy/build-and-push.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +ACCT=${ACCT:-rancher} + +docker build -t $ACCT/rke-nginx-proxy:0.1.0 . +docker push $ACCT/rke-nginx-proxy:0.1.0 diff --git a/pki/constants.go b/pki/constants.go index 525408d3f..d1d016707 100644 --- a/pki/constants.go +++ b/pki/constants.go @@ -1,7 +1,7 @@ package pki const ( - CrtDownloaderImage = "husseingalal/crt-downloader:latest" + CrtDownloaderImage = "rancher/rke-cert-deployer:0.1.0" CrtDownloaderContainer = "cert-deployer" CertificatesSecretName = "k8s-certs" diff --git a/services/proxy.go b/services/proxy.go index 9d966e1c6..47fc9cb86 100644 --- a/services/proxy.go +++ b/services/proxy.go @@ -9,7 +9,7 @@ import ( ) const ( - NginxProxyImage = "husseingalal/nginx-nodeporxy:dev" + NginxProxyImage = "rancher/rke-nginx-proxy:0.1.0" NginxProxyEnvName = "CP_HOSTS" )