Last active
October 13, 2015 21:17
-
-
Save binarybana/7c3b735563e7fc53c246 to your computer and use it in GitHub Desktop.
Cloudformation script to spin up K8S without many permissions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Kubernetes 1.0.4 on EC2 powered by CoreOS 766.3.0 (stable)", | |
"Mappings": { | |
"RegionMap": { | |
"eu-central-1" : { | |
"AMI" : "ami-bececaa3" | |
}, | |
"ap-northeast-1" : { | |
"AMI" : "ami-f2338ff2" | |
}, | |
"us-gov-west-1" : { | |
"AMI" : "ami-c75033e4" | |
}, | |
"sa-east-1" : { | |
"AMI" : "ami-11e9600c" | |
}, | |
"ap-southeast-2" : { | |
"AMI" : "ami-8f88c8b5" | |
}, | |
"ap-southeast-1" : { | |
"AMI" : "ami-b6d8d4e4" | |
}, | |
"us-east-1" : { | |
"AMI" : "ami-3d73d356" | |
}, | |
"us-west-2" : { | |
"AMI" : "ami-99bfada9" | |
}, | |
"us-west-1" : { | |
"AMI" : "ami-1db04f59" | |
}, | |
"eu-west-1" : { | |
"AMI" : "ami-0e104179" | |
} | |
} | |
}, | |
"Parameters": { | |
"DataVolumeSize": { | |
"Description": "Size in Gibibytes (GiB) for the data directory of the worker machines.", | |
"Type": "Number", | |
"Default": "50", | |
"MinValue": "1", | |
"MaxValue": "16000" | |
}, | |
"WorkerSpotPrice": { | |
"Description": "Spot price for worker nodes", | |
"Type": "Number", | |
"MinValue": "0.0", | |
"MaxValue": "3.0" | |
}, | |
"MasterInstanceType": { | |
"Description": "EC2 HVM instance type (m3.medium, etc).", | |
"Type": "String", | |
"Default": "m3.medium", | |
"AllowedValues": [ | |
"m3.medium", | |
"m3.large", | |
"m3.xlarge", | |
"m3.2xlarge", | |
"c3.large", | |
"c3.xlarge", | |
"c3.2xlarge", | |
"c3.4xlarge", | |
"c3.8xlarge", | |
"cc2.8xlarge", | |
"cr1.8xlarge", | |
"hi1.4xlarge", | |
"hs1.8xlarge", | |
"i2.xlarge", | |
"i2.2xlarge", | |
"i2.4xlarge", | |
"i2.8xlarge", | |
"r3.large", | |
"r3.xlarge", | |
"r3.2xlarge", | |
"r3.4xlarge", | |
"r3.8xlarge", | |
"t2.micro", | |
"t2.small", | |
"t2.medium" | |
], | |
"ConstraintDescription": "Must be a valid EC2 HVM instance type." | |
}, | |
"WorkerInstanceType": { | |
"Description": "EC2 HVM instance type (m3.medium, etc).", | |
"Type": "String", | |
"Default": "m3.medium", | |
"AllowedValues": [ | |
"m3.medium", | |
"m3.large", | |
"m3.xlarge", | |
"m3.2xlarge", | |
"c3.large", | |
"c3.xlarge", | |
"c3.2xlarge", | |
"c3.4xlarge", | |
"c3.8xlarge", | |
"cc2.8xlarge", | |
"cr1.8xlarge", | |
"hi1.4xlarge", | |
"hs1.8xlarge", | |
"i2.xlarge", | |
"i2.2xlarge", | |
"i2.4xlarge", | |
"i2.8xlarge", | |
"r3.large", | |
"r3.xlarge", | |
"r3.2xlarge", | |
"r3.4xlarge", | |
"r3.8xlarge", | |
"t2.micro", | |
"t2.small", | |
"t2.medium" | |
], | |
"ConstraintDescription": "Must be a valid EC2 HVM instance type." | |
}, | |
"ClusterSize": { | |
"Description": "Number of nodes in cluster (2-12).", | |
"Default": "2", | |
"MinValue": "2", | |
"MaxValue": "12", | |
"Type": "Number" | |
}, | |
"AllowSSHFrom": { | |
"Description": "The net block (CIDR) that SSH is available to.", | |
"Default": "0.0.0.0/0", | |
"Type": "String" | |
}, | |
"KeyPair": { | |
"Description": "The name of an EC2 Key Pair to allow SSH access to the instance.", | |
"Type": "AWS::EC2::KeyPair::KeyName" | |
}, | |
"VpcId": { | |
"Description": "The ID of the VPC to launch into.", | |
"Type": "AWS::EC2::VPC::Id" | |
}, | |
"SubnetId": { | |
"Description": "The ID of the subnet to launch into (that must be within the supplied VPC)", | |
"Type": "AWS::EC2::Subnet::Id" | |
}, | |
"KubernetesSecurityGroup": { | |
"Description": "The ID of the security group to launch into (that must be within the supplied VPC)", | |
"Type": "AWS::EC2::SecurityGroup::Id", | |
"Default": "sg-aoeuaoeu" | |
}, | |
"SubnetAZ": { | |
"Description": "The availability zone of the subnet supplied (for example eu-west-1a)", | |
"Type": "String" | |
} | |
}, | |
"Resources": { | |
"KubernetesMasterInstance": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"IamInstanceProfile" : "kubernetes-ec2", | |
"NetworkInterfaces" : [{ | |
"GroupSet": [{"Ref": "KubernetesSecurityGroup"}], | |
"AssociatePublicIpAddress" : "true", | |
"DeviceIndex" : "0", | |
"DeleteOnTermination" : "true", | |
"SubnetId" : {"Ref": "SubnetId"} | |
}], | |
"ImageId": {"Fn::FindInMap" : ["RegionMap", {"Ref": "AWS::Region" }, "AMI"]}, | |
"InstanceType": {"Ref": "MasterInstanceType"}, | |
"KeyName": {"Ref": "KeyPair"}, | |
"Tags" : [ | |
{"Key" : "Name", "Value" : {"Fn::Join" : [ "-", [ {"Ref" : "AWS::StackName"}, "k8s-master" ] ]}}, | |
{"Key" : "KubernetesRole", "Value" : "node"}, | |
{"Key" : "KubernetesCluster", "Value" : {"Ref" : "AWS::StackName"}} | |
], | |
"UserData": { "Fn::Base64": {"Fn::Join" : ["", [ | |
"#cloud-config\n\n", | |
"write_files:\n", | |
"- path: /opt/bin/waiter.sh\n", | |
" owner: root\n", | |
" content: |\n", | |
" #! /usr/bin/bash\n", | |
" until curl http://127.0.0.1:2379/v2/machines; do sleep 2; done\n", | |
"coreos:\n", | |
" etcd2:\n", | |
" name: master\n", | |
" initial-cluster-token: k8s_etcd\n", | |
" initial-cluster: master=http://$private_ipv4:2380\n", | |
" listen-peer-urls: http://$private_ipv4:2380,http://localhost:2380\n", | |
" initial-advertise-peer-urls: http://$private_ipv4:2380\n", | |
" listen-client-urls: http://$private_ipv4:2379,http://localhost:2379\n", | |
" advertise-client-urls: http://$private_ipv4:2379\n", | |
" fleet:\n", | |
" etcd_servers: http://localhost:2379\n", | |
" metadata: k8srole=master\n", | |
" flannel:\n", | |
" etcd_endpoints: http://localhost:2379\n", | |
" locksmithd:\n", | |
" endpoint: http://localhost:2379\n", | |
" units:\n", | |
" - name: etcd2.service\n", | |
" command: start\n", | |
" - name: fleet.service\n", | |
" command: start\n", | |
" - name: etcd2-waiter.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=etcd waiter\n", | |
" Wants=network-online.target\n", | |
" Wants=etcd2.service\n", | |
" After=etcd2.service\n", | |
" After=network-online.target\n", | |
" Before=flanneld.service fleet.service locksmithd.service\n\n", | |
" [Service]\n", | |
" ExecStart=/usr/bin/bash /opt/bin/waiter.sh\n", | |
" RemainAfterExit=true\n", | |
" Type=oneshot\n", | |
" - name: docker.service\n", | |
" command: start\n", | |
" drop-ins:\n", | |
" - name: 80-hli-docker.conf\n", | |
" content: |\n", | |
" [Service]\n", | |
" Environment=DOCKER_OPTS='--insecure-registry=172.30.16.108:5000'\n", | |
" - name: flanneld.service\n", | |
" command: start\n", | |
" enable: true\n", | |
" drop-ins:\n", | |
" - name: 50-network-config.conf\n", | |
" content: |\n", | |
" [Service]\n", | |
" ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{\"Network\": \"10.244.0.0/16\", \"Backend\": {\"Type\": \"vxlan\"}}'\n", | |
" - name: docker-cache.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Docker cache proxy\n", | |
" Requires=early-docker.service\n", | |
" After=early-docker.service\n", | |
" Before=early-docker.target\n\n", | |
" [Service]\n", | |
" Restart=always\n", | |
" TimeoutStartSec=0\n", | |
" RestartSec=5\n", | |
" Environment=TMPDIR=/var/tmp/\n", | |
" Environment=DOCKER_HOST=unix:///var/run/early-docker.sock\n", | |
" ExecStartPre=-/usr/bin/docker kill docker-registry\n", | |
" ExecStartPre=-/usr/bin/docker rm docker-registry\n", | |
" ExecStartPre=/usr/bin/docker pull quay.io/devops/docker-registry:latest\n", | |
" # GUNICORN_OPTS is an workaround for\n", | |
" # https://github.com/docker/docker-registry/issues/892\n", | |
" ExecStart=/usr/bin/docker run --rm --net host --name docker-registry \\\n", | |
" -e STANDALONE=false \\\n", | |
" -e GUNICORN_OPTS=[--preload] \\\n", | |
" -e MIRROR_SOURCE=https://registry-1.docker.io \\\n", | |
" -e MIRROR_SOURCE_INDEX=https://index.docker.io \\\n", | |
" -e MIRROR_TAGS_CACHE_TTL=1800 \\\n", | |
" quay.io/devops/docker-registry:latest\n", | |
" - name: get-kubectl.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Get kubectl client tool\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=network-online.target\n", | |
" After=network-online.target\n\n", | |
" [Service]\n", | |
" ExecStart=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v1.0.4/bin/linux/amd64/kubectl\n", | |
" ExecStart=/usr/bin/chmod +x /opt/bin/kubectl\n", | |
" Type=oneshot\n", | |
" RemainAfterExit=true\n", | |
" - name: kube-apiserver.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes API Server\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=generate-k8s-certs.service etcd2-waiter.service\n", | |
" After=generate-k8s-certs.service etcd2-waiter.service\n\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v1.0.4/bin/linux/amd64/kube-apiserver\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-apiserver\n", | |
" ExecStart=/opt/bin/kube-apiserver \\\n", | |
" --insecure-bind-address=0.0.0.0 \\\n", | |
" --client-ca-file=/srv/kubernetes/ca.crt \\\n", | |
" --tls-cert-file=/srv/kubernetes/server.cert \\\n", | |
" --tls-private-key-file=/srv/kubernetes/server.key \\\n", | |
" --service-account-key-file=/srv/kubernetes/server.key \\\n", | |
" --service-cluster-ip-range=10.100.0.0/16 \\\n", | |
" --admission_control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \\\n", | |
" --etcd-servers=http://localhost:2379 \\\n", | |
" --allow_privileged=true \\\n", | |
" --cloud-provider=aws\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: kube-controller-manager.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Controller Manager\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=generate-k8s-certs.service kube-apiserver.service\n", | |
" After=generate-k8s-certs.service kube-apiserver.service\n\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v1.0.4/bin/linux/amd64/kube-controller-manager\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager\n", | |
" ExecStart=/opt/bin/kube-controller-manager \\\n", | |
" --master=127.0.0.1:8080 \\\n", | |
" --root-ca-file=/srv/kubernetes/ca.crt \\\n", | |
" --service-account-private-key-file=/srv/kubernetes/server.key \\\n", | |
" --cloud-provider=aws\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: generate-k8s-certs.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Generate Kubernetes API Server certificates\n", | |
" ConditionPathExists=!/srv/kubernetes/.certs.lock\n", | |
" Requires=network-online.target\n", | |
" After=network-online.target\n\n", | |
" [Service]\n", | |
" ExecStartPre=-/usr/sbin/groupadd -r kube-cert\n", | |
" ExecStartPre=/usr/bin/wget -q -N -P /opt/bin https://raw.githubusercontent.com/GoogleCloudPlatform/kubernetes/v0.21.1/cluster/saltbase/salt/generate-cert/make-ca-cert.sh\n", | |
" ExecStartPre=/usr/bin/chmod u=rwx,go= /opt/bin/make-ca-cert.sh\n", | |
" ExecStart=/opt/bin/make-ca-cert.sh _use_aws_external_ip_ IP:10.100.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local\n", | |
" Type=oneshot\n", | |
" RemainAfterExit=true\n", | |
" - name: kube-scheduler.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Scheduler\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=kube-apiserver.service\n", | |
" After=kube-apiserver.service\n\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v1.0.4/bin/linux/amd64/kube-scheduler\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-scheduler\n", | |
" ExecStart=/opt/bin/kube-scheduler \\\n", | |
" --master=127.0.0.1:8080\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: kube-register.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Registration Service\n", | |
" Documentation=https://github.com/kelseyhightower/kube-register\n", | |
" Requires=kube-apiserver.service fleet.service\n", | |
" After=kube-apiserver.service fleet.service\n\n", | |
" [Service]\n", | |
" ExecStartPre=-/usr/bin/wget -nc -O /opt/bin/kube-register https://github.com/kelseyhightower/kube-register/releases/download/v0.0.4/kube-register-0.0.4-linux-amd64\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-register\n", | |
" ExecStart=/opt/bin/kube-register \\\n", | |
" --metadata=k8srole=node \\\n", | |
" --fleet-endpoint=unix:///var/run/fleet.sock \\\n", | |
" --api-endpoint=http://127.0.0.1:8080\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: kube-proxy.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Proxy\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=kube-apiserver.service network-online.target\n", | |
" After=kube-apiserver.service network-online.target\n\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v1.0.4/bin/linux/amd64/kube-proxy\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy\n", | |
" ExecStart=/opt/bin/kube-proxy \\\n", | |
" --master=http://localhost:8080\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" update:\n", | |
" group: stable\n", | |
" reboot-strategy: off\n" | |
]]} | |
} | |
} | |
}, | |
"KubernetesNodeLaunchConfig": { | |
"Type": "AWS::AutoScaling::LaunchConfiguration", | |
"Properties": { | |
"IamInstanceProfile" : "kubernetes-ec2", | |
"ImageId": {"Fn::FindInMap" : ["RegionMap", {"Ref": "AWS::Region" }, "AMI" ]}, | |
"InstanceType": {"Ref": "WorkerInstanceType"}, | |
"KeyName": {"Ref": "KeyPair"}, | |
"AssociatePublicIpAddress" : "true", | |
"SecurityGroups": [{"Ref": "KubernetesSecurityGroup"}], | |
"BlockDeviceMappings" : [ { | |
"DeviceName" : "/dev/xvda", | |
"Ebs" : {"VolumeSize" : "25"} | |
}, { | |
"DeviceName" : "/dev/xvdb", | |
"NoDevice": "true" | |
}, { | |
"DeviceName" : "/dev/xvdc", | |
"Ebs" : {"VolumeSize" : {"Ref": "DataVolumeSize"}, "VolumeType": "gp2"} | |
} | |
], | |
"SpotPrice": {"Ref": "WorkerSpotPrice"}, | |
"UserData": { "Fn::Base64": {"Fn::Join" : ["", [ | |
"#cloud-config\n\n", | |
"coreos:\n", | |
" etcd2:\n", | |
" listen-client-urls: http://localhost:2379\n", | |
" initial-cluster: master=http://", {"Fn::GetAtt" :["KubernetesMasterInstance" , "PrivateIp"]}, ":2380\n", | |
" proxy: on\n", | |
" fleet:\n", | |
" etcd_servers: http://localhost:2379\n", | |
" metadata: k8srole=node\n", | |
" flannel:\n", | |
" etcd_endpoints: http://localhost:2379\n", | |
" locksmithd:\n", | |
" endpoint: http://localhost:2379\n", | |
" units:\n", | |
" - name: mnt.mount\n", | |
" command: start\n", | |
" content: |\n", | |
" [Mount]\n", | |
" What=/dev/xvdc1\n", | |
" Where=/mnt\n", | |
" Type=ext4\n", | |
" - name: format_drives.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Does early startup tasks\n", | |
" Before=mnt.mount\n", | |
" [Service]\n", | |
" Type=oneshot\n", | |
" RemainAfterExit=yes\n", | |
" ExecStart=/usr/sbin/parted -s /dev/xvdc mklabel gpt \n", | |
" ExecStart=/usr/sbin/parted -s /dev/xvdc -- mkpart primary 4MiB -4MiB\n", | |
" ExecStart=/usr/sbin/mkfs.ext4 /dev/xvdc1\n", | |
" - name: etcd2.service\n", | |
" command: start\n", | |
" - name: fleet.service\n", | |
" command: start\n", | |
" - name: flanneld.service\n", | |
" command: start\n", | |
" - name: docker.service\n", | |
" command: start\n", | |
" drop-ins:\n", | |
" - name: 80-hli-docker.conf\n", | |
" content: |\n", | |
" [Service]\n", | |
" Environment=DOCKER_OPTS='--insecure-registry=172.30.16.108:5000'\n", | |
" - name: 50-docker-mirror.conf\n", | |
" content: |\n", | |
" [Service]\n", | |
" Environment=DOCKER_OPTS='--registry-mirror=http://", {"Fn::GetAtt" :["KubernetesMasterInstance" , "PrivateIp"]}, ":5000'\n", | |
" - name: hostname-override.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubelet Hostname Override\n", | |
" Requires=network-online.target\n", | |
" After=network-online.target\n\n", | |
" [Service]\n", | |
" Type=oneshot\n", | |
" RemainAfterExit=yes\n", | |
" EnvironmentFile=/etc/kube-env\n", | |
" ExecStart=/run/setup-hostname-override.sh\n", | |
" - name: kubelet.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Kubelet\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=hostname-override.service\n", | |
" After=hostname-override.service\n\n", | |
" [Service]\n", | |
" EnvironmentFile=/etc/hostname-override\n", | |
" ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v1.0.4/bin/linux/amd64/kubelet\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kubelet\n", | |
" ExecStart=/opt/bin/kubelet \\\n", | |
" --cluster-dns=10.100.0.10 \\\n", | |
" --cluster-domain=cluster.local \\\n", | |
" --register-node=true \\\n", | |
" --cloud-provider=aws \\\n", | |
" --allow-privileged=true \\\n", | |
" --config=/etc/kubernetes/manifests \\\n", | |
" --api-servers=", {"Fn::GetAtt" :["KubernetesMasterInstance" , "PrivateIp"]}, ":8080 \\\n", | |
" --hostname-override=${HOSTNAME_OVERRIDE}\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" - name: kube-proxy.service\n", | |
" command: start\n", | |
" content: |\n", | |
" [Unit]\n", | |
" Description=Kubernetes Proxy\n", | |
" Documentation=https://github.com/GoogleCloudPlatform/kubernetes\n", | |
" Requires=network-online.target\n", | |
" After=network-online.target\n\n", | |
" [Service]\n", | |
" ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v1.0.4/bin/linux/amd64/kube-proxy\n", | |
" ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy\n", | |
" ExecStart=/opt/bin/kube-proxy \\\n", | |
" --master=http://", {"Fn::GetAtt" :["KubernetesMasterInstance" , "PrivateIp"]}, ":8080\n", | |
" Restart=always\n", | |
" RestartSec=10\n", | |
" update:\n", | |
" group: alpha\n", | |
" reboot-strategy: off\n", | |
"write_files:\n", | |
" - path: /run/setup-hostname-override.sh\n", | |
" permissions: \"0755\"\n", | |
" content: |\n", | |
" #!/bin/bash\n", | |
" set -x\n", | |
" source /etc/kube-env\n", | |
" if [[ -z \"${HOSTNAME_OVERRIDE}\" ]]; then\n", | |
" HOSTNAME_OVERRIDE=`curl --silent http://169.254.169.254/2007-01-19/meta-data/local-hostname`\n", | |
" fi\n", | |
" if [[ -z \"${HOSTNAME_OVERRIDE}\" ]]; then\n", | |
" HOSTNAME_OVERRIDE=`hostname -f`\n", | |
" fi\n", | |
" echo \"HOSTNAME_OVERRIDE=${HOSTNAME_OVERRIDE}\" > /etc/hostname-override\n", | |
" - path: /etc/kube-env\n", | |
" permissions: 0644\n", | |
" owner: root\n", | |
" content: |\n", | |
" - path: /etc/kubernetes/manifests/fluentd.yaml\n", | |
" permissions: 0644\n", | |
" owner: root\n", | |
" content: |\n", | |
" apiVersion: v1\n", | |
" kind: Pod\n", | |
" metadata:\n", | |
" name: fluentd\n", | |
" namespace: kube-system\n", | |
" spec:\n", | |
" containers:\n", | |
" - image: gcr.io/google_containers/fluentd-elasticsearch:1.11\n", | |
" imagePullPolicy: IfNotPresent\n", | |
" name: fluentd\n", | |
" volumeMounts:\n", | |
" - mountPath: /var/lib/docker/containers\n", | |
" name: dockermount\n", | |
" - mountPath: /var/log\n", | |
" name: logmount\n", | |
" volumes:\n", | |
" - name: logmount\n", | |
" hostPath:\n", | |
" path: /var/log\n", | |
" - name: dockermount\n", | |
" hostPath:\n", | |
" path: /var/lib/docker/containers\n", | |
" restartPolicy: Always\n" | |
]]} | |
} | |
} | |
}, | |
"KubernetesAutoScalingGroup": { | |
"Type": "AWS::AutoScaling::AutoScalingGroup", | |
"Properties": { | |
"AvailabilityZones": [{"Ref": "SubnetAZ"}], | |
"VPCZoneIdentifier": [{"Ref": "SubnetId"}], | |
"LaunchConfigurationName": {"Ref": "KubernetesNodeLaunchConfig"}, | |
"MinSize": "2", | |
"MaxSize": "12", | |
"DesiredCapacity": {"Ref": "ClusterSize"}, | |
"Tags" : [ | |
{"Key" : "Name", "Value" : {"Fn::Join" : [ "-", [ {"Ref" : "AWS::StackName"}, "k8s-node" ] ]}, "PropagateAtLaunch" : true}, | |
{"Key" : "KubernetesRole", "Value" : "node", "PropagateAtLaunch" : true}, | |
{"Key" : "KubernetesCluster", "Value" : {"Ref" : "AWS::StackName"}, "PropagateAtLaunch" : true} | |
] | |
} | |
} | |
}, | |
"Outputs": { | |
"KubernetesMasterPrivateIp": { | |
"Description": "Private IP of the newly created Kubernetes Master instance", | |
"Value": {"Fn::GetAtt": ["KubernetesMasterInstance" , "PrivateIp"]} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ReplicationController | |
metadata: | |
name: kube-dns-v9 | |
namespace: kube-system | |
labels: | |
k8s-app: kube-dns | |
version: v9 | |
kubernetes.io/cluster-service: "true" | |
spec: | |
replicas: 1 | |
selector: | |
k8s-app: kube-dns | |
version: v9 | |
template: | |
metadata: | |
labels: | |
k8s-app: kube-dns | |
version: v9 | |
kubernetes.io/cluster-service: "true" | |
spec: | |
containers: | |
- name: etcd | |
image: gcr.io/google_containers/etcd:2.0.9 | |
resources: | |
limits: | |
cpu: 100m | |
memory: 50Mi | |
command: | |
- /usr/local/bin/etcd | |
- -data-dir | |
- /var/etcd/data | |
- -listen-client-urls | |
- http://127.0.0.1:2379,http://127.0.0.1:4001 | |
- -advertise-client-urls | |
- http://127.0.0.1:2379,http://127.0.0.1:4001 | |
- -initial-cluster-token | |
- skydns-etcd | |
volumeMounts: | |
- name: etcd-storage | |
mountPath: /var/etcd/data | |
- name: kube2sky | |
image: gcr.io/google_containers/kube2sky:1.11 | |
resources: | |
limits: | |
cpu: 100m | |
memory: 50Mi | |
args: | |
- -domain=cluster.local | |
- name: skydns | |
image: gcr.io/google_containers/skydns:2015-03-11-001 | |
resources: | |
limits: | |
cpu: 100m | |
memory: 50Mi | |
args: | |
# command = "/skydns" | |
- -machines=http://localhost:4001 | |
- -addr=0.0.0.0:53 | |
- -domain=cluster.local. | |
ports: | |
- containerPort: 53 | |
name: dns | |
protocol: UDP | |
- containerPort: 53 | |
name: dns-tcp | |
protocol: TCP | |
livenessProbe: | |
httpGet: | |
path: /healthz | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 30 | |
timeoutSeconds: 5 | |
readinessProbe: | |
httpGet: | |
path: /healthz | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 1 | |
timeoutSeconds: 5 | |
- name: healthz | |
image: gcr.io/google_containers/exechealthz:1.0 | |
resources: | |
limits: | |
cpu: 10m | |
memory: 20Mi | |
args: | |
- -cmd=nslookup kubernetes.default.svc.cluster.local localhost >/dev/null | |
- -port=8080 | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
volumes: | |
- name: etcd-storage | |
emptyDir: {} | |
dnsPolicy: Default # Don't use cluster DNS. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment