porkadot 0.1.0 → 0.18.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/porkadot/assets.rb +24 -0
- data/lib/porkadot/assets/bootstrap.rb +2 -2
- data/lib/porkadot/assets/etcd.rb +4 -1
- data/lib/porkadot/assets/etcd/etcd-server.yaml.erb +2 -0
- data/lib/porkadot/assets/kubelet.rb +3 -0
- data/lib/porkadot/assets/kubelet/config.yaml.erb +2 -0
- data/lib/porkadot/assets/kubelet/install-deps.sh.erb +21 -3
- data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb +9 -1
- data/lib/porkadot/assets/kubernetes.rb +9 -0
- data/lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb +202 -0
- data/lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb +110 -0
- data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb +10 -10
- data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb +37 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb +0 -36
- data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.secrets.yaml.erb +16 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.yaml.erb +0 -15
- data/lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb +1 -1
- data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb +11 -2
- data/lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb +13 -0
- data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb +116 -26
- data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb +1 -1
- data/lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb +23 -1
- data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb +327 -0
- data/lib/porkadot/config.rb +8 -0
- data/lib/porkadot/configs/bootstrap.rb +13 -1
- data/lib/porkadot/configs/certs.rb +1 -1
- data/lib/porkadot/configs/certs/k8s.rb +6 -0
- data/lib/porkadot/configs/etcd.rb +7 -3
- data/lib/porkadot/configs/kubelet.rb +9 -1
- data/lib/porkadot/configs/kubernetes.rb +9 -0
- data/lib/porkadot/default.yaml +3 -2
- data/lib/porkadot/install/bootstrap.rb +7 -0
- data/lib/porkadot/install/kubelet.rb +4 -0
- data/lib/porkadot/install/kubernetes.rb +4 -0
- data/lib/porkadot/version.rb +1 -1
- metadata +8 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9ee36f6490d8e4d8cfa07f29fae9b79a4a2eda35fe977f052f60ec7aa43ce802
|
4
|
+
data.tar.gz: 675c0c3679ee246844abfaaf39f0230c5b63fa2b661bcb21bb111f1ff7a0e6d5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bef9c31a3f3371702948ad4c5b18df384387a42a2d363c0820a250227659b45db3c3a3260929c3821860f8eff9800c6fd983a52211bc5885b4b65af3962ece1f
|
7
|
+
data.tar.gz: 542e8cbeb5bd220ff9b6c12c109c55a88f1d1315cc3c17bf01ce2e8af9816293117bcf8002ab32330cf257b41285b35cfe43d30820f50ff7c2230f3027c49765
|
data/lib/porkadot/assets.rb
CHANGED
@@ -4,6 +4,15 @@ module Porkadot::Assets
|
|
4
4
|
space = space.times.map{' '}.join('')
|
5
5
|
text.lines.map{|line| "#{space}#{line}"}.join('')
|
6
6
|
end
|
7
|
+
|
8
|
+
def to_yaml(obj, space=0)
|
9
|
+
h = Hashie::Mash.new({obj: obj})
|
10
|
+
h = h.to_hash
|
11
|
+
if h['obj'].size == 0
|
12
|
+
return ''
|
13
|
+
end
|
14
|
+
return self.indent(h['obj'].to_yaml(canonical: false, header: false).gsub(/---\n/, ''), space)
|
15
|
+
end
|
7
16
|
end
|
8
17
|
|
9
18
|
def render_erb file, opts={}
|
@@ -21,4 +30,19 @@ module Porkadot::Assets
|
|
21
30
|
end
|
22
31
|
end
|
23
32
|
|
33
|
+
def render_secrets_erb file, opts={}
|
34
|
+
file = file.to_s
|
35
|
+
opts[:config] = self.config
|
36
|
+
opts[:global_config] = self.global_config
|
37
|
+
opts[:certs] = Porkadot::Assets::Certs.new(self.global_config)
|
38
|
+
opts[:u] = ErbUtils.new
|
39
|
+
|
40
|
+
logger.info "----> #{file}"
|
41
|
+
open(File.join(self.class::TEMPLATE_DIR, "#{file}.erb")) do |io|
|
42
|
+
open(config.secrets_path(file), 'w') do |out|
|
43
|
+
out.write ERB.new(io.read, trim_mode: '-').result_with_hash(opts)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
24
48
|
end
|
@@ -18,8 +18,8 @@ module Porkadot; module Assets
|
|
18
18
|
|
19
19
|
def render
|
20
20
|
logger.info "--> Rendering bootstrap manifests"
|
21
|
-
unless File.directory?(config.
|
22
|
-
FileUtils.mkdir_p(config.
|
21
|
+
unless File.directory?(config.bootstrap_path)
|
22
|
+
FileUtils.mkdir_p(config.bootstrap_path)
|
23
23
|
end
|
24
24
|
render_secrets
|
25
25
|
render_erb 'bootstrap/kubeconfig-bootstrap.yaml'
|
data/lib/porkadot/assets/etcd.rb
CHANGED
@@ -50,6 +50,9 @@ module Porkadot; module Assets
|
|
50
50
|
unless File.directory?(config.target_path)
|
51
51
|
FileUtils.mkdir_p(config.target_path)
|
52
52
|
end
|
53
|
+
unless File.directory?(config.target_secrets_path)
|
54
|
+
FileUtils.mkdir_p(config.target_secrets_path)
|
55
|
+
end
|
53
56
|
render_ca_crt
|
54
57
|
render_etcd_crt
|
55
58
|
render_erb 'etcd-server.yaml', etcd: global_config.etcd
|
@@ -83,7 +86,7 @@ module Porkadot; module Assets
|
|
83
86
|
ca_key = self.certs.ca_key
|
84
87
|
ca_cert = self.certs.ca_cert(false)
|
85
88
|
@etcd_cert = certs.unsigned_cert(
|
86
|
-
"/O=porkadot:etcd-servers/CN
|
89
|
+
"/O=porkadot:etcd-servers/CN=#{config.member_name}",
|
87
90
|
self.etcd_key, ca_cert,
|
88
91
|
1 * 365 * 24 * 60 * 60
|
89
92
|
)
|
@@ -50,6 +50,9 @@ module Porkadot; module Assets
|
|
50
50
|
unless File.directory?(config.target_path)
|
51
51
|
FileUtils.mkdir_p(config.target_path)
|
52
52
|
end
|
53
|
+
unless File.directory?(config.target_secrets_path)
|
54
|
+
FileUtils.mkdir_p(config.target_secrets_path)
|
55
|
+
end
|
53
56
|
ca_data = certs.ca_cert.to_pem
|
54
57
|
ca_data = Base64.strict_encode64(ca_data)
|
55
58
|
|
@@ -1,21 +1,39 @@
|
|
1
1
|
#!/bin/bash
|
2
2
|
|
3
|
+
architecture="arm64"
|
4
|
+
case $(uname -m) in
|
5
|
+
x86_64) architecture="amd64" ;;
|
6
|
+
arm) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="arm" ;;
|
7
|
+
esac
|
8
|
+
echo $architecture
|
9
|
+
|
3
10
|
CNI_VERSION="<%= global_config.k8s.networking.cni_version %>"
|
4
11
|
mkdir -p /opt/cni/bin
|
5
|
-
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux
|
12
|
+
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${architecture}-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
|
6
13
|
|
7
14
|
RELEASE="<%= global_config.k8s.kubernetes_version %>"
|
8
15
|
|
9
16
|
mkdir -p /opt/bin
|
10
17
|
|
11
|
-
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/
|
18
|
+
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubectl \
|
12
19
|
-o /opt/bin/kubectl-${RELEASE}
|
13
20
|
chmod +x /opt/bin/kubectl-${RELEASE}
|
14
21
|
rm -f /opt/bin/kubectl
|
15
22
|
ln -s /opt/bin/kubectl-${RELEASE} /opt/bin/kubectl
|
16
23
|
|
17
|
-
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/
|
24
|
+
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubelet \
|
18
25
|
-o /opt/bin/kubelet-${RELEASE}
|
19
26
|
chmod +x /opt/bin/kubelet-${RELEASE}
|
20
27
|
rm -f /opt/bin/kubelet
|
21
28
|
ln -s /opt/bin/kubelet-${RELEASE} /opt/bin/kubelet
|
29
|
+
|
30
|
+
ETCD_VER="<%= global_config.etcd.image_tag.gsub(/\-\w+$/, '') %>"
|
31
|
+
ETCD_URL=https://storage.googleapis.com/etcd/${ETCD_VER}/etcd-${ETCD_VER}-linux-${architecture}.tar.gz
|
32
|
+
ETCD_TMP=$(mktemp -d)
|
33
|
+
|
34
|
+
curl -L ${ETCD_URL} -o ${ETCD_TMP}/etcd.tar.gz
|
35
|
+
tar zxvf ${ETCD_TMP}/etcd.tar.gz -C ${ETCD_TMP}/ --strip-components=1
|
36
|
+
chmod +x ${ETCD_TMP}/etcdctl
|
37
|
+
rm -f /opt/bin/etcdctl
|
38
|
+
mv ${ETCD_TMP}/etcdctl /opt/bin/etcdctl-${ETCD_VER}
|
39
|
+
ln -s /opt/bin/etcdctl-${ETCD_VER} /opt/bin/etcdctl
|
@@ -4,6 +4,7 @@ export LC_ALL=C
|
|
4
4
|
ROOT=$(dirname "${BASH_SOURCE}")
|
5
5
|
|
6
6
|
if type apt-get > /dev/null 2>&1 ;then
|
7
|
+
export DEBIAN_FRONTEND=noninteractive
|
7
8
|
apt-get update
|
8
9
|
apt-get install -y \
|
9
10
|
ca-certificates \
|
@@ -22,7 +23,8 @@ if type apt-get > /dev/null 2>&1 ;then
|
|
22
23
|
nfs-common \
|
23
24
|
socat \
|
24
25
|
udev \
|
25
|
-
util-linux
|
26
|
+
util-linux \
|
27
|
+
open-iscsi
|
26
28
|
fi
|
27
29
|
|
28
30
|
cat <<EOF > /etc/sysctl.d/k8s.conf
|
@@ -30,4 +32,10 @@ net.bridge.bridge-nf-call-ip6tables = 1
|
|
30
32
|
net.bridge.bridge-nf-call-iptables = 1
|
31
33
|
EOF
|
32
34
|
|
35
|
+
cat <<EOF > /etc/iscsi/initiatorname.iscsi
|
36
|
+
InitiatorName=iqn.2020-04.cloud.unstable:<%= config.hostname %>
|
37
|
+
EOF
|
38
|
+
|
39
|
+
systemctl restart iscsid.service
|
40
|
+
|
33
41
|
sysctl --system
|
@@ -20,18 +20,27 @@ module Porkadot; module Assets
|
|
20
20
|
unless File.directory?(config.manifests_path)
|
21
21
|
FileUtils.mkdir_p(config.manifests_path)
|
22
22
|
end
|
23
|
+
unless File.directory?(config.manifests_secrets_path)
|
24
|
+
FileUtils.mkdir_p(config.manifests_secrets_path)
|
25
|
+
end
|
23
26
|
lb = global_config.lb
|
24
27
|
cni = global_config.cni
|
25
28
|
render_erb 'manifests/porkadot.yaml'
|
26
29
|
render_erb 'manifests/kubelet.yaml'
|
27
30
|
render_erb "manifests/#{lb.type}.yaml"
|
31
|
+
render_secrets_erb "manifests/#{lb.type}.secrets.yaml"
|
28
32
|
render_erb "manifests/#{cni.type}.yaml"
|
33
|
+
render_erb "manifests/coredns.yaml"
|
34
|
+
render_erb "manifests/dns-horizontal-autoscaler.yaml"
|
29
35
|
render_erb "manifests/kube-apiserver.yaml"
|
36
|
+
render_secrets_erb "manifests/kube-apiserver.secrets.yaml"
|
30
37
|
render_erb "manifests/kube-proxy.yaml"
|
31
38
|
render_erb "manifests/kube-scheduler.yaml"
|
32
39
|
render_erb "manifests/kube-controller-manager.yaml"
|
40
|
+
render_secrets_erb "manifests/kube-controller-manager.secrets.yaml"
|
33
41
|
render_erb "manifests/pod-checkpointer.yaml"
|
34
42
|
render_erb "manifests/kubelet-rubber-stamp.yaml"
|
43
|
+
render_erb "manifests/storage-version-migrator.yaml"
|
35
44
|
render_erb 'install.sh'
|
36
45
|
end
|
37
46
|
|
@@ -0,0 +1,202 @@
|
|
1
|
+
<% k8s = global_config.k8s -%>
|
2
|
+
# __MACHINE_GENERATED_WARNING__
|
3
|
+
|
4
|
+
apiVersion: v1
|
5
|
+
kind: ServiceAccount
|
6
|
+
metadata:
|
7
|
+
name: coredns
|
8
|
+
namespace: kube-system
|
9
|
+
labels:
|
10
|
+
kubernetes.io/cluster-service: "true"
|
11
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
12
|
+
---
|
13
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
14
|
+
kind: ClusterRole
|
15
|
+
metadata:
|
16
|
+
labels:
|
17
|
+
kubernetes.io/bootstrapping: rbac-defaults
|
18
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
19
|
+
name: system:coredns
|
20
|
+
rules:
|
21
|
+
- apiGroups:
|
22
|
+
- ""
|
23
|
+
resources:
|
24
|
+
- endpoints
|
25
|
+
- services
|
26
|
+
- pods
|
27
|
+
- namespaces
|
28
|
+
verbs:
|
29
|
+
- list
|
30
|
+
- watch
|
31
|
+
- apiGroups:
|
32
|
+
- ""
|
33
|
+
resources:
|
34
|
+
- nodes
|
35
|
+
verbs:
|
36
|
+
- get
|
37
|
+
---
|
38
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
39
|
+
kind: ClusterRoleBinding
|
40
|
+
metadata:
|
41
|
+
annotations:
|
42
|
+
rbac.authorization.kubernetes.io/autoupdate: "true"
|
43
|
+
labels:
|
44
|
+
kubernetes.io/bootstrapping: rbac-defaults
|
45
|
+
addonmanager.kubernetes.io/mode: EnsureExists
|
46
|
+
name: system:coredns
|
47
|
+
roleRef:
|
48
|
+
apiGroup: rbac.authorization.k8s.io
|
49
|
+
kind: ClusterRole
|
50
|
+
name: system:coredns
|
51
|
+
subjects:
|
52
|
+
- kind: ServiceAccount
|
53
|
+
name: coredns
|
54
|
+
namespace: kube-system
|
55
|
+
---
|
56
|
+
apiVersion: v1
|
57
|
+
kind: ConfigMap
|
58
|
+
metadata:
|
59
|
+
name: coredns
|
60
|
+
namespace: kube-system
|
61
|
+
labels:
|
62
|
+
addonmanager.kubernetes.io/mode: EnsureExists
|
63
|
+
data:
|
64
|
+
Corefile: |
|
65
|
+
.:53 {
|
66
|
+
errors
|
67
|
+
health {
|
68
|
+
lameduck 5s
|
69
|
+
}
|
70
|
+
ready
|
71
|
+
kubernetes <%= k8s.networking.dns_domain %> in-addr.arpa ip6.arpa {
|
72
|
+
pods insecure
|
73
|
+
fallthrough in-addr.arpa ip6.arpa
|
74
|
+
ttl 30
|
75
|
+
}
|
76
|
+
prometheus :9153
|
77
|
+
forward . /etc/resolv.conf
|
78
|
+
cache 30
|
79
|
+
loop
|
80
|
+
reload
|
81
|
+
loadbalance
|
82
|
+
}
|
83
|
+
---
|
84
|
+
apiVersion: apps/v1
|
85
|
+
kind: Deployment
|
86
|
+
metadata:
|
87
|
+
name: coredns
|
88
|
+
namespace: kube-system
|
89
|
+
labels:
|
90
|
+
k8s-app: kube-dns
|
91
|
+
kubernetes.io/cluster-service: "true"
|
92
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
93
|
+
kubernetes.io/name: "CoreDNS"
|
94
|
+
spec:
|
95
|
+
# replicas: not specified here:
|
96
|
+
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
|
97
|
+
# 2. Default is 1.
|
98
|
+
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
|
99
|
+
strategy:
|
100
|
+
type: RollingUpdate
|
101
|
+
rollingUpdate:
|
102
|
+
maxUnavailable: 1
|
103
|
+
selector:
|
104
|
+
matchLabels:
|
105
|
+
k8s-app: kube-dns
|
106
|
+
template:
|
107
|
+
metadata:
|
108
|
+
labels:
|
109
|
+
k8s-app: kube-dns
|
110
|
+
annotations:
|
111
|
+
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
|
112
|
+
spec:
|
113
|
+
priorityClassName: system-cluster-critical
|
114
|
+
serviceAccountName: coredns
|
115
|
+
tolerations:
|
116
|
+
- key: "CriticalAddonsOnly"
|
117
|
+
operator: "Exists"
|
118
|
+
nodeSelector:
|
119
|
+
kubernetes.io/os: linux
|
120
|
+
containers:
|
121
|
+
- name: coredns
|
122
|
+
image: k8s.gcr.io/coredns:1.6.7
|
123
|
+
imagePullPolicy: IfNotPresent
|
124
|
+
resources:
|
125
|
+
limits:
|
126
|
+
memory: 170Mi
|
127
|
+
requests:
|
128
|
+
cpu: 100m
|
129
|
+
memory: 70Mi
|
130
|
+
args: [ "-conf", "/etc/coredns/Corefile" ]
|
131
|
+
volumeMounts:
|
132
|
+
- name: config-volume
|
133
|
+
mountPath: /etc/coredns
|
134
|
+
readOnly: true
|
135
|
+
ports:
|
136
|
+
- containerPort: 53
|
137
|
+
name: dns
|
138
|
+
protocol: UDP
|
139
|
+
- containerPort: 53
|
140
|
+
name: dns-tcp
|
141
|
+
protocol: TCP
|
142
|
+
- containerPort: 9153
|
143
|
+
name: metrics
|
144
|
+
protocol: TCP
|
145
|
+
livenessProbe:
|
146
|
+
httpGet:
|
147
|
+
path: /health
|
148
|
+
port: 8080
|
149
|
+
scheme: HTTP
|
150
|
+
initialDelaySeconds: 60
|
151
|
+
timeoutSeconds: 5
|
152
|
+
successThreshold: 1
|
153
|
+
failureThreshold: 5
|
154
|
+
readinessProbe:
|
155
|
+
httpGet:
|
156
|
+
path: /ready
|
157
|
+
port: 8181
|
158
|
+
scheme: HTTP
|
159
|
+
securityContext:
|
160
|
+
allowPrivilegeEscalation: false
|
161
|
+
capabilities:
|
162
|
+
add:
|
163
|
+
- NET_BIND_SERVICE
|
164
|
+
drop:
|
165
|
+
- all
|
166
|
+
readOnlyRootFilesystem: true
|
167
|
+
dnsPolicy: Default
|
168
|
+
volumes:
|
169
|
+
- name: config-volume
|
170
|
+
configMap:
|
171
|
+
name: coredns
|
172
|
+
items:
|
173
|
+
- key: Corefile
|
174
|
+
path: Corefile
|
175
|
+
---
|
176
|
+
apiVersion: v1
|
177
|
+
kind: Service
|
178
|
+
metadata:
|
179
|
+
name: kube-dns
|
180
|
+
namespace: kube-system
|
181
|
+
annotations:
|
182
|
+
prometheus.io/port: "9153"
|
183
|
+
prometheus.io/scrape: "true"
|
184
|
+
labels:
|
185
|
+
k8s-app: kube-dns
|
186
|
+
kubernetes.io/cluster-service: "true"
|
187
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
188
|
+
kubernetes.io/name: "CoreDNS"
|
189
|
+
spec:
|
190
|
+
selector:
|
191
|
+
k8s-app: kube-dns
|
192
|
+
clusterIP: <%= k8s.networking.dns_ip %>
|
193
|
+
ports:
|
194
|
+
- name: dns
|
195
|
+
port: 53
|
196
|
+
protocol: UDP
|
197
|
+
- name: dns-tcp
|
198
|
+
port: 53
|
199
|
+
protocol: TCP
|
200
|
+
- name: metrics
|
201
|
+
port: 9153
|
202
|
+
protocol: TCP
|
@@ -0,0 +1,110 @@
|
|
1
|
+
# Copyright 2016 The Kubernetes Authors.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
kind: ServiceAccount
|
16
|
+
apiVersion: v1
|
17
|
+
metadata:
|
18
|
+
name: kube-dns-autoscaler
|
19
|
+
namespace: kube-system
|
20
|
+
labels:
|
21
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
22
|
+
---
|
23
|
+
kind: ClusterRole
|
24
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
25
|
+
metadata:
|
26
|
+
name: system:kube-dns-autoscaler
|
27
|
+
labels:
|
28
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
29
|
+
rules:
|
30
|
+
- apiGroups: [""]
|
31
|
+
resources: ["nodes"]
|
32
|
+
verbs: ["list", "watch"]
|
33
|
+
- apiGroups: [""]
|
34
|
+
resources: ["replicationcontrollers/scale"]
|
35
|
+
verbs: ["get", "update"]
|
36
|
+
- apiGroups: ["apps"]
|
37
|
+
resources: ["deployments/scale", "replicasets/scale"]
|
38
|
+
verbs: ["get", "update"]
|
39
|
+
# Remove the configmaps rule once below issue is fixed:
|
40
|
+
# kubernetes-incubator/cluster-proportional-autoscaler#16
|
41
|
+
- apiGroups: [""]
|
42
|
+
resources: ["configmaps"]
|
43
|
+
verbs: ["get", "create"]
|
44
|
+
---
|
45
|
+
kind: ClusterRoleBinding
|
46
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
47
|
+
metadata:
|
48
|
+
name: system:kube-dns-autoscaler
|
49
|
+
labels:
|
50
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
51
|
+
subjects:
|
52
|
+
- kind: ServiceAccount
|
53
|
+
name: kube-dns-autoscaler
|
54
|
+
namespace: kube-system
|
55
|
+
roleRef:
|
56
|
+
kind: ClusterRole
|
57
|
+
name: system:kube-dns-autoscaler
|
58
|
+
apiGroup: rbac.authorization.k8s.io
|
59
|
+
|
60
|
+
---
|
61
|
+
apiVersion: apps/v1
|
62
|
+
kind: Deployment
|
63
|
+
metadata:
|
64
|
+
name: kube-dns-autoscaler
|
65
|
+
namespace: kube-system
|
66
|
+
labels:
|
67
|
+
k8s-app: kube-dns-autoscaler
|
68
|
+
kubernetes.io/cluster-service: "true"
|
69
|
+
addonmanager.kubernetes.io/mode: Reconcile
|
70
|
+
spec:
|
71
|
+
selector:
|
72
|
+
matchLabels:
|
73
|
+
k8s-app: kube-dns-autoscaler
|
74
|
+
template:
|
75
|
+
metadata:
|
76
|
+
labels:
|
77
|
+
k8s-app: kube-dns-autoscaler
|
78
|
+
annotations:
|
79
|
+
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
|
80
|
+
spec:
|
81
|
+
priorityClassName: system-cluster-critical
|
82
|
+
securityContext:
|
83
|
+
supplementalGroups: [ 65534 ]
|
84
|
+
fsGroup: 65534
|
85
|
+
nodeSelector:
|
86
|
+
kubernetes.io/os: linux
|
87
|
+
containers:
|
88
|
+
- name: autoscaler
|
89
|
+
image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.7.1
|
90
|
+
resources:
|
91
|
+
requests:
|
92
|
+
cpu: "20m"
|
93
|
+
memory: "10Mi"
|
94
|
+
command:
|
95
|
+
- /cluster-proportional-autoscaler
|
96
|
+
- --namespace=kube-system
|
97
|
+
- --configmap=kube-dns-autoscaler
|
98
|
+
# Should keep target in sync with cluster/addons/dns/kube-dns.yaml.base
|
99
|
+
- --target=Deployment/coredns
|
100
|
+
# When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
|
101
|
+
# If using small nodes, "nodesPerReplica" should dominate.
|
102
|
+
- --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}}
|
103
|
+
- --logtostderr=true
|
104
|
+
- --v=2
|
105
|
+
tolerations:
|
106
|
+
- key: "CriticalAddonsOnly"
|
107
|
+
operator: "Exists"
|
108
|
+
nodeSelector:
|
109
|
+
kubernetes.io/os: linux
|
110
|
+
serviceAccountName: kube-dns-autoscaler
|