Bumping k8s dependencies to 1.13

This commit is contained in:
Cheng Xing
2018-11-16 14:08:25 -08:00
parent 305407125c
commit b4c0b68ec7
8002 changed files with 884099 additions and 276228 deletions

View File

@@ -84,9 +84,6 @@ ENABLE_POD_PRIORITY_PREEMPTION=${ENABLE_POD_PRIORITY_PREEMPTION:-""}
# enable kubernetes dashboard
ENABLE_CLUSTER_DASHBOARD=${KUBE_ENABLE_CLUSTER_DASHBOARD:-false}
# enable audit log
ENABLE_APISERVER_BASIC_AUDIT=${ENABLE_APISERVER_BASIC_AUDIT:-false}
# RBAC Mode options
AUTHORIZATION_MODE=${AUTHORIZATION_MODE:-"Node,RBAC"}
KUBECONFIG_TOKEN=${KUBECONFIG_TOKEN:-""}
@@ -126,16 +123,6 @@ if [ "${CLOUD_PROVIDER}" == "openstack" ]; then
fi
fi
# load required kernel modules if proxy mode is set to "ipvs".
if [ "${KUBE_PROXY_MODE}" == "ipvs" ]; then
# If required kernel modules are not available, fall back to iptables.
sudo modprobe -a ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh nf_conntrack_ipv4
if [[ $? -ne 0 ]]; then
echo "Required kernel modules for ipvs not found. Falling back to iptables mode."
KUBE_PROXY_MODE=iptables
fi
fi
# set feature gates if enable Pod priority and preemption
if [ "${ENABLE_POD_PRIORITY_PREEMPTION}" == true ]; then
FEATURE_GATES="$FEATURE_GATES,PodPriority=true"
@@ -237,7 +224,6 @@ CPU_CFS_QUOTA=${CPU_CFS_QUOTA:-true}
ENABLE_HOSTPATH_PROVISIONER=${ENABLE_HOSTPATH_PROVISIONER:-"false"}
CLAIM_BINDER_SYNC_PERIOD=${CLAIM_BINDER_SYNC_PERIOD:-"15s"} # current k8s default
ENABLE_CONTROLLER_ATTACH_DETACH=${ENABLE_CONTROLLER_ATTACH_DETACH:-"true"} # current default
KEEP_TERMINATED_POD_VOLUMES=${KEEP_TERMINATED_POD_VOLUMES:-"true"}
# This is the default dir and filename where the apiserver will generate a self-signed cert
# which should be able to be used as the CA to verify itself
CERT_DIR=${CERT_DIR:-"/var/run/kubernetes"}
@@ -254,6 +240,9 @@ if [[ ${CONTAINER_RUNTIME} == "docker" ]]; then
CGROUP_DRIVER=$(docker info | grep "Cgroup Driver:" | cut -f3- -d' ')
echo "Kubelet cgroup driver defaulted to use: ${CGROUP_DRIVER}"
fi
if [[ -f /var/log/docker.log && ! -f ${LOG_DIR}/docker.log ]]; then
ln -s /var/log/docker.log ${LOG_DIR}/docker.log
fi
fi
@@ -398,12 +387,12 @@ cleanup()
# a process dies unexpectedly.
function healthcheck {
if [[ -n "${APISERVER_PID-}" ]] && ! sudo kill -0 ${APISERVER_PID} 2>/dev/null; then
warning "API server terminated unexpectedly, see ${APISERVER_LOG}"
warning_log "API server terminated unexpectedly, see ${APISERVER_LOG}"
APISERVER_PID=
fi
if [[ -n "${CTLRMGR_PID-}" ]] && ! sudo kill -0 ${CTLRMGR_PID} 2>/dev/null; then
warning "kube-controller-manager terminated unexpectedly, see ${CTLRMGR_LOG}"
warning_log "kube-controller-manager terminated unexpectedly, see ${CTLRMGR_LOG}"
CTLRMGR_PID=
fi
@@ -411,36 +400,42 @@ function healthcheck {
# TODO (https://github.com/kubernetes/kubernetes/issues/62474): check health also in this case
:
elif [[ -n "${KUBELET_PID-}" ]] && ! sudo kill -0 ${KUBELET_PID} 2>/dev/null; then
warning "kubelet terminated unexpectedly, see ${KUBELET_LOG}"
warning_log "kubelet terminated unexpectedly, see ${KUBELET_LOG}"
KUBELET_PID=
fi
if [[ -n "${PROXY_PID-}" ]] && ! sudo kill -0 ${PROXY_PID} 2>/dev/null; then
warning "kube-proxy terminated unexpectedly, see ${PROXY_LOG}"
warning_log "kube-proxy terminated unexpectedly, see ${PROXY_LOG}"
PROXY_PID=
fi
if [[ -n "${SCHEDULER_PID-}" ]] && ! sudo kill -0 ${SCHEDULER_PID} 2>/dev/null; then
warning "scheduler terminated unexpectedly, see ${SCHEDULER_LOG}"
warning_log "scheduler terminated unexpectedly, see ${SCHEDULER_LOG}"
SCHEDULER_PID=
fi
if [[ -n "${ETCD_PID-}" ]] && ! sudo kill -0 ${ETCD_PID} 2>/dev/null; then
warning "etcd terminated unexpectedly"
warning_log "etcd terminated unexpectedly"
ETCD_PID=
fi
}
function warning {
function print_color {
message=$1
prefix=${2:+$2: } # add colon only if defined
color=${3:-1} # default is red
echo -n $(tput bold)$(tput setaf ${color})
echo "${prefix}${message}"
echo -n $(tput sgr0)
}
echo $(tput bold)$(tput setaf 1)
echo "WARNING: ${message}"
echo $(tput sgr0)
function warning_log {
print_color "$1" "W$(date "+%m%d %H:%M:%S")]" 1
}
function start_etcd {
echo "Starting etcd"
ETCD_LOGFILE=${LOG_DIR}/etcd.log
kube::etcd::start
}
@@ -477,25 +472,7 @@ function start_apiserver {
# Admission Controllers to invoke prior to persisting objects in cluster
#
# The order defined here dose not matter.
ENABLE_ADMISSION_PLUGINS=Initializers,LimitRanger,ServiceAccount${security_admission},DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,StorageObjectInUseProtection
audit_arg=""
APISERVER_BASIC_AUDIT_LOG=""
if [[ "${ENABLE_APISERVER_BASIC_AUDIT:-}" = true ]]; then
# We currently only support enabling with a fixed path and with built-in log
# rotation "disabled" (large value) so it behaves like kube-apiserver.log.
# External log rotation should be set up the same as for kube-apiserver.log.
APISERVER_BASIC_AUDIT_LOG=/tmp/kube-apiserver-audit.log
audit_arg=" --audit-log-path=${APISERVER_BASIC_AUDIT_LOG}"
audit_arg+=" --audit-log-maxage=0"
audit_arg+=" --audit-log-maxbackup=0"
# Lumberjack doesn't offer any way to disable size-based rotation. It also
# has an in-memory counter that doesn't notice if you truncate the file.
# 2000000000 (in MiB) is a large number that fits in 31 bits. If the log
# grows at 10MiB/s (~30K QPS), it will rotate after ~6 years if apiserver
# never restarts. Please manually restart apiserver before this time.
audit_arg+=" --audit-log-maxsize=2000000000"
fi
ENABLE_ADMISSION_PLUGINS=LimitRanger,ServiceAccount${security_admission},DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,StorageObjectInUseProtection
swagger_arg=""
if [[ "${ENABLE_SWAGGER_UI}" = true ]]; then
@@ -574,7 +551,7 @@ function start_apiserver {
fi
APISERVER_LOG=${LOG_DIR}/kube-apiserver.log
${CONTROLPLANE_SUDO} "${GO_OUT}/hyperkube" apiserver ${swagger_arg} ${audit_arg} ${authorizer_arg} ${priv_arg} ${runtime_config} \
${CONTROLPLANE_SUDO} "${GO_OUT}/hyperkube" apiserver ${swagger_arg} ${authorizer_arg} ${priv_arg} ${runtime_config} \
${cloud_config_arg} \
${advertise_address} \
${node_port_range} \
@@ -661,6 +638,7 @@ function start_controller_manager {
--kubeconfig "$CERT_DIR"/controller.kubeconfig \
--use-service-account-credentials \
--controllers="${KUBE_CONTROLLERS}" \
--leader-elect=false \
--master="https://${API_HOST}:${API_SECURE_PORT}" >"${CTLRMGR_LOG}" 2>&1 &
CTLRMGR_PID=$!
}
@@ -690,6 +668,7 @@ function start_cloud_controller_manager {
--cloud-config=${CLOUD_CONFIG} \
--kubeconfig "$CERT_DIR"/controller.kubeconfig \
--use-service-account-credentials \
--leader-elect=false \
--master="https://${API_HOST}:${API_SECURE_PORT}" >"${CLOUD_CTLRMGR_LOG}" 2>&1 &
CLOUD_CTLRMGR_PID=$!
}
@@ -770,7 +749,6 @@ function start_kubelet {
--enable-controller-attach-detach="${ENABLE_CONTROLLER_ATTACH_DETACH}"
--cgroups-per-qos="${CGROUPS_PER_QOS}"
--cgroup-driver="${CGROUP_DRIVER}"
--keep-terminated-pod-volumes="${KEEP_TERMINATED_POD_VOLUMES}"
--eviction-hard="${EVICTION_HARD}"
--eviction-soft="${EVICTION_SOFT}"
--eviction-pressure-transition-period="${EVICTION_PRESSURE_TRANSITION_PERIOD}"
@@ -823,6 +801,7 @@ function start_kubelet {
--volume=/:/rootfs:ro,rslave \
--volume=/var/run:/var/run:rw \
--volume=/sys:/sys:ro \
--volume=/usr/libexec/kubernetes/kubelet-plugins/volume/exec:/usr/libexec/kubernetes/kubelet-plugins/volume/exec:rw \
--volume=/var/lib/docker/:/var/lib/docker:rslave \
--volume=/var/lib/kubelet/:/var/lib/kubelet:rslave \
--volume=/dev:/dev \
@@ -895,6 +874,7 @@ EOF
SCHEDULER_LOG=${LOG_DIR}/kube-scheduler.log
${CONTROLPLANE_SUDO} "${GO_OUT}/hyperkube" scheduler \
--v=${LOG_LEVEL} \
--leader-elect=false \
--kubeconfig "$CERT_DIR"/scheduler.kubeconfig \
--feature-gates="${FEATURE_GATES}" \
--master="https://${API_HOST}:${API_SECURE_PORT}" >"${SCHEDULER_LOG}" 2>&1 &
@@ -968,10 +948,6 @@ Logs:
EOF
fi
if [[ "${ENABLE_APISERVER_BASIC_AUDIT:-}" = true ]]; then
echo " ${APISERVER_BASIC_AUDIT_LOG}"
fi
if [[ "${START_MODE}" == "all" ]]; then
echo " ${KUBELET_LOG}"
elif [[ "${START_MODE}" == "nokubelet" ]]; then
@@ -1075,14 +1051,14 @@ if [[ "${START_MODE}" != "nokubelet" ]]; then
# Detect the OS name/arch and display appropriate error.
case "$(uname -s)" in
Darwin)
warning "kubelet is not currently supported in darwin, kubelet aborted."
print_color "kubelet is not currently supported in darwin, kubelet aborted."
KUBELET_LOG=""
;;
Linux)
start_kubelet
;;
*)
warning "Unsupported host OS. Must be Linux or Mac OS X, kubelet aborted."
print_color "Unsupported host OS. Must be Linux or Mac OS X, kubelet aborted."
;;
esac
fi