Merge pull request #9 from mceloud/enable_insecure
enable insecure access for kube-proxy
diff --git a/kubernetes/files/calico/network-environment.pool b/kubernetes/files/calico/network-environment.pool
index f01980e..7746947 100644
--- a/kubernetes/files/calico/network-environment.pool
+++ b/kubernetes/files/calico/network-environment.pool
@@ -4,7 +4,7 @@
DEFAULT_IPV4={{ pool.address }}
# The Kubernetes master IP
-KUBERNETES_MASTER={{ pool.master.host }}
+KUBERNETES_MASTER={{ pool.apiserver.host }}
# IP and port of etcd instance used by Calico
ETCD_ENDPOINTS={% for member in pool.network.etcd.members %}http://{{ member.host }}:{{ member.port }}{% if not loop.last %},{% endif %}{% endfor %}
\ No newline at end of file
diff --git a/kubernetes/files/kube-proxy/proxy.kubeconfig b/kubernetes/files/kube-proxy/proxy.kubeconfig
index ef37d71..d9750fa 100644
--- a/kubernetes/files/kube-proxy/proxy.kubeconfig
+++ b/kubernetes/files/kube-proxy/proxy.kubeconfig
@@ -12,7 +12,7 @@
clusters:
- cluster:
certificate-authority: /etc/ssl/certs/ca-{{ pool.ca }}.crt
-# server: https://{{ pool.master.host }}:443
+# server: https://{{ pool.apiserver.host }}:443
name: cluster.local
users:
- name: kube_proxy
diff --git a/kubernetes/files/kubelet/default.pool b/kubernetes/files/kubelet/default.pool
index 44020fd..2670e39 100644
--- a/kubernetes/files/kubelet/default.pool
+++ b/kubernetes/files/kubelet/default.pool
@@ -1,4 +1,4 @@
{%- from "kubernetes/map.jinja" import pool with context %}
# test_args has to be kept at the end, so they'll overwrite any prior configuration
-DAEMON_ARGS="--api-servers={% for member in pool.master.apiserver.members %}https://{{ member.host }}{% if not loop.last %},{% endif %}{% endfor %} --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --config=/etc/kubernetes/manifests --allow-privileged={{ pool.kubelet.allow_privileged }} --cluster_dns={{ pool.cluster_dns }} --cluster_domain={{ pool.cluster_domain }} --v=2 {% if pool.network.engine == 'opencontrail' %}--network-plugin={{ pool.network.engine }}{% endif %} {% if pool.network.engine == 'calico' %}--network-plugin=cni --network-plugin-dir=/etc/cni/net.d{% endif %} --file-check-frequency={{ pool.kubelet.frequency }}"
\ No newline at end of file
+DAEMON_ARGS="--api-servers={% for member in pool.apiserver.members %}https://{{ member.host }}{% if not loop.last %},{% endif %}{% endfor %} --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --config=/etc/kubernetes/manifests --allow-privileged={{ pool.kubelet.allow_privileged }} --cluster_dns={{ pool.cluster_dns }} --cluster_domain={{ pool.cluster_domain }} --v=2 {% if pool.network.engine == 'opencontrail' %}--network-plugin={{ pool.network.engine }}{% endif %} {% if pool.network.engine == 'calico' %}--network-plugin=cni --network-plugin-dir=/etc/cni/net.d{% endif %} --file-check-frequency={{ pool.kubelet.frequency }}"
\ No newline at end of file
diff --git a/kubernetes/files/kubelet/kubelet.kubeconfig b/kubernetes/files/kubelet/kubelet.kubeconfig
index 15a64dd..79c74e0 100644
--- a/kubernetes/files/kubelet/kubelet.kubeconfig
+++ b/kubernetes/files/kubelet/kubelet.kubeconfig
@@ -7,7 +7,7 @@
clusters:
- cluster:
certificate-authority: /etc/ssl/certs/ca-{{ pool.ca }}.crt
-# server: https://{{ pool.master.host }}:443
+# server: https://{{ pool.apiserver.host }}:443
name: cluster.local
contexts:
- context:
diff --git a/kubernetes/files/manifest/kube-proxy.manifest.pool b/kubernetes/files/manifest/kube-proxy.manifest.pool
index 48f42d7..babd202 100644
--- a/kubernetes/files/manifest/kube-proxy.manifest.pool
+++ b/kubernetes/files/manifest/kube-proxy.manifest.pool
@@ -19,8 +19,8 @@
--logtostderr=true
--v=2
--kubeconfig=/etc/kubernetes/proxy.kubeconfig
- --master=https://{{ pool.master.host }}
- {%- if pool.network.engine == 'calico' %}--proxy-mode=iptables{% endif %}
+ --master={%- if pool.apiserver.insecure.enabled %}http://{{ pool.apiserver.host }}:8080{%- else %}https://{{ pool.apiserver.host }}{%- endif %}
+ {%- if pool.network.engine == 'calico' %} --proxy-mode=iptables{% endif %}
1>>/var/log/kube-proxy.log 2>&1
securityContext:
privileged: true
diff --git a/kubernetes/pool/kubelet.sls b/kubernetes/pool/kubelet.sls
index f79dfa5..7fb176b 100644
--- a/kubernetes/pool/kubelet.sls
+++ b/kubernetes/pool/kubelet.sls
@@ -32,7 +32,7 @@
- name: {{ name }}
- value: {{ label.value }}
- node: {{ pool.host.name }}
- - apiserver: http://{{ pool.master.host }}:8080
+ - apiserver: http://{{ pool.apiserver.host }}:8080
{%- else %}
@@ -40,7 +40,7 @@
k8s.label_absent:
- name: {{ name }}
- node: {{ pool.host.name }}
- - apiserver: http://{{ pool.master.host }}:8080
+ - apiserver: http://{{ pool.apiserver.host }}:8080
{%- endif %}
diff --git a/metadata/service/pool/cluster.yml b/metadata/service/pool/cluster.yml
index 415cf6e..81db6df 100644
--- a/metadata/service/pool/cluster.yml
+++ b/metadata/service/pool/cluster.yml
@@ -12,13 +12,14 @@
host: tcpcloud
host:
name: ${linux:system:name}
- master:
+ apiserver:
host: ${_param:cluster_vip_address}
- apiserver:
- members:
- - host: ${_param:cluster_node01_address}
- - host: ${_param:cluster_node02_address}
- - host: ${_param:cluster_node03_address}
+ insecure:
+ enabled: True
+ members:
+ - host: ${_param:cluster_node01_address}
+ - host: ${_param:cluster_node02_address}
+ - host: ${_param:cluster_node03_address}
address: ${_param:cluster_local_address}
cluster_dns: 10.254.0.10
cluster_domain: cluster.local
diff --git a/metadata/service/pool/single.yml b/metadata/service/pool/single.yml
index 1e4049b..8c3f04b 100644
--- a/metadata/service/pool/single.yml
+++ b/metadata/service/pool/single.yml
@@ -12,14 +12,12 @@
host: tcpcloud
host:
name: ${linux:system:name}
- master:
+ apiserver:
host: ${_param:master_address}
- apiserver:
- members:
- - host: ${_param:master_address}
- etcd:
- members:
- - host: ${_param:master_address}
+ insecure:
+ enabled: True
+ members:
+ - host: ${_param:master_address}
address: 0.0.0.0
cluster_dns: 10.254.0.10
allow_privileged: True