├── Makefile ├── README.md ├── docs ├── cluster-configs │ ├── node0.yaml │ ├── node1.yaml │ ├── node2.yaml │ ├── node3.yaml │ ├── node4.yaml │ └── node5.yaml └── cluster.md ├── etcd └── Dockerfile ├── kube-apiserver └── Dockerfile ├── kube-controller-manager └── Dockerfile ├── kube-controller-pod.yaml ├── kube-proxy-pod.yaml ├── kube-proxy └── Dockerfile ├── kube-scheduler └── Dockerfile └── kubelet └── Dockerfile /Makefile: -------------------------------------------------------------------------------- 1 | BINARIES=kube-apiserver/kube-apiserver \ 2 | kube-controller-manager/kube-controller-manager \ 3 | kube-proxy/kube-proxy \ 4 | kube-scheduler/kube-scheduler \ 5 | etcd/etcd \ 6 | etcd/etcdctl 7 | 8 | download: fetch-etcd-release fetch-kubernetes-release 9 | 10 | fetch-kubernetes-release: 11 | curl -o kubernetes.tar.gz \ 12 | -L https://github.com/GoogleCloudPlatform/kubernetes/releases/download/v1.1.2/kubernetes.tar.gz 13 | tar -xvzf kubernetes.tar.gz kubernetes/server/kubernetes-server-linux-amd64.tar.gz 14 | tar -xvzf kubernetes/server/kubernetes-server-linux-amd64.tar.gz 15 | 16 | fetch-etcd-release: 17 | curl -o etcd-v2.2.2-linux-amd64.tar.gz \ 18 | -L https://github.com/coreos/etcd/releases/download/v2.2.2/etcd-v2.2.2-linux-amd64.tar.gz 19 | tar -xvf etcd-v2.2.2-linux-amd64.tar.gz 20 | 21 | docker: 22 | docker build -t b.gcr.io/kuar/etcd:2.2.2 etcd/ 23 | docker build -t b.gcr.io/kuar/kube-apiserver:1.1.2 kube-apiserver/ 24 | docker build -t b.gcr.io/kuar/kube-controller-manager:1.1.2 kube-controller-manager/ 25 | docker build -t b.gcr.io/kuar/kube-proxy:1.1.2 kube-proxy/ 26 | docker build -t b.gcr.io/kuar/kube-scheduler:1.1.2 kube-scheduler/ 27 | docker build -t b.gcr.io/kuar/kubelet:1.1.2 kube-scheduler/ 28 | 29 | docker-push: 30 | gcloud docker push b.gcr.io/kuar/etcd:2.2.2 31 | gcloud docker push b.gcr.io/kuar/kube-apiserver:1.1.2 32 | gcloud docker push b.gcr.io/kuar/kube-controller-manager:1.1.2 33 | gcloud docker push b.gcr.io/kuar/kube-proxy:1.1.2 34 | gcloud docker push b.gcr.io/kuar/kube-scheduler:1.1.2 35 | 36 | .PHONY: kubernetes 37 | kubernetes: 38 | cp kubernetes/server/bin/kube-apiserver kube-apiserver/ 39 | cp kubernetes/server/bin/kube-controller-manager kube-controller-manager/ 40 | cp kubernetes/server/bin/kube-proxy kube-proxy/ 41 | cp kubernetes/server/bin/kube-scheduler kube-scheduler/ 42 | chmod 755 kube-apiserver/kube-apiserver 43 | chmod 755 kube-controller-manager/kube-controller-manager 44 | chmod 755 kube-proxy/kube-proxy 45 | chmod 755 kube-scheduler/kube-scheduler 46 | 47 | .PHONY: etcd 48 | etcd: 49 | cp etcd-v2.2.2-linux-amd64/etcd etcd/etcd 50 | cp etcd-v2.2.2-linux-amd64/etcdctl etcd/etcdctl 51 | chmod 755 etcd/etcd 52 | chmod 755 etcd/etcdctl 53 | 54 | .PHONY: clean 55 | clean: 56 | rm -f $(BINARIES) 57 | rm -rf etcd-*-linux-amd64* 58 | rm -f kubernetes.tar.gz 59 | rm -rf kubernetes 60 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Docker Files 2 | -------------------------------------------------------------------------------- /docs/cluster-configs/node0.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | coreos: 4 | units: 5 | - name: etcd.service 6 | mask: true 7 | - name: fleet.service 8 | mask: true 9 | - name: docker.service 10 | command: start 11 | enable: true 12 | content: | 13 | [Unit] 14 | Description=Docker Application Container Engine 15 | Documentation=http://docs.docker.io 16 | 17 | [Service] 18 | ExecStart=/usr/bin/docker --daemon \ 19 | --bip=10.200.0.1/24 \ 20 | --host=tcp://0.0.0.0:2376 \ 21 | --host=unix:///var/run/docker.sock \ 22 | --tlsverify \ 23 | --tlscacert=/etc/docker/ssl/ca.pem \ 24 | --tlscert=/etc/docker/ssl/server.pem \ 25 | --tlskey=/etc/docker/ssl/server-key.pem \ 26 | --storage-driver=overlay 27 | Restart=on-failure 28 | RestartSec=5 29 | 30 | [Install] 31 | WantedBy=multi-user.target 32 | update: 33 | group: alpha 34 | reboot-strategy: off 35 | write_files: 36 | - path: /etc/docker/ssl/server-key.pem 37 | permissions: 0400 38 | owner: root 39 | content: | 40 | -----BEGIN RSA PRIVATE KEY----- 41 | REDACTED 42 | -----END RSA PRIVATE KEY----- 43 | - path: /etc/docker/ssl/server.pem 44 | permissions: 0444 45 | owner: root 46 | content: | 47 | -----BEGIN CERTIFICATE----- 48 | REDACTED 49 | -----END CERTIFICATE----- 50 | - path: /etc/docker/ssl/ca.pem 51 | permissions: 0444 52 | owner: root 53 | content: | 54 | -----BEGIN CERTIFICATE----- 55 | REDACTED 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /docs/cluster-configs/node1.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | coreos: 4 | units: 5 | - name: etcd.service 6 | mask: true 7 | - name: fleet.service 8 | mask: true 9 | - name: docker.service 10 | command: start 11 | enable: true 12 | content: | 13 | [Unit] 14 | Description=Docker Application Container Engine 15 | Documentation=http://docs.docker.io 16 | 17 | [Service] 18 | ExecStart=/usr/bin/docker --daemon \ 19 | --bip=10.200.1.1/24 \ 20 | --host=tcp://0.0.0.0:2376 \ 21 | --host=unix:///var/run/docker.sock \ 22 | --tlsverify \ 23 | --tlscacert=/etc/docker/ssl/ca.pem \ 24 | --tlscert=/etc/docker/ssl/server.pem \ 25 | --tlskey=/etc/docker/ssl/server-key.pem \ 26 | --storage-driver=overlay 27 | Restart=on-failure 28 | RestartSec=5 29 | 30 | [Install] 31 | WantedBy=multi-user.target 32 | update: 33 | group: alpha 34 | reboot-strategy: off 35 | write_files: 36 | - path: /etc/docker/ssl/server-key.pem 37 | permissions: 0400 38 | owner: root 39 | content: | 40 | -----BEGIN RSA PRIVATE KEY----- 41 | REDACTED 42 | -----END RSA PRIVATE KEY----- 43 | - path: /etc/docker/ssl/server.pem 44 | permissions: 0444 45 | owner: root 46 | content: | 47 | -----BEGIN CERTIFICATE----- 48 | REDACTED 49 | -----END CERTIFICATE----- 50 | - path: /etc/docker/ssl/ca.pem 51 | permissions: 0444 52 | owner: root 53 | content: | 54 | -----BEGIN CERTIFICATE----- 55 | REDACTED 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /docs/cluster-configs/node2.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | coreos: 4 | units: 5 | - name: etcd.service 6 | mask: true 7 | - name: fleet.service 8 | mask: true 9 | - name: docker.service 10 | command: start 11 | enable: true 12 | content: | 13 | [Unit] 14 | Description=Docker Application Container Engine 15 | Documentation=http://docs.docker.io 16 | 17 | [Service] 18 | ExecStart=/usr/bin/docker --daemon \ 19 | --bip=10.200.2.1/24 \ 20 | --host=tcp://0.0.0.0:2376 \ 21 | --host=unix:///var/run/docker.sock \ 22 | --tlsverify \ 23 | --tlscacert=/etc/docker/ssl/ca.pem \ 24 | --tlscert=/etc/docker/ssl/server.pem \ 25 | --tlskey=/etc/docker/ssl/server-key.pem \ 26 | --storage-driver=overlay 27 | Restart=on-failure 28 | RestartSec=5 29 | 30 | [Install] 31 | WantedBy=multi-user.target 32 | update: 33 | group: alpha 34 | reboot-strategy: off 35 | write_files: 36 | - path: /etc/docker/ssl/server-key.pem 37 | permissions: 0400 38 | owner: root 39 | content: | 40 | -----BEGIN RSA PRIVATE KEY----- 41 | REDACTED 42 | -----END RSA PRIVATE KEY----- 43 | - path: /etc/docker/ssl/server.pem 44 | permissions: 0444 45 | owner: root 46 | content: | 47 | -----BEGIN CERTIFICATE----- 48 | REDACTED 49 | -----END CERTIFICATE----- 50 | - path: /etc/docker/ssl/ca.pem 51 | permissions: 0444 52 | owner: root 53 | content: | 54 | -----BEGIN CERTIFICATE----- 55 | REDACTED 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /docs/cluster-configs/node3.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | coreos: 4 | units: 5 | - name: etcd.service 6 | mask: true 7 | - name: fleet.service 8 | mask: true 9 | - name: docker.service 10 | command: start 11 | enable: true 12 | content: | 13 | [Unit] 14 | Description=Docker Application Container Engine 15 | Documentation=http://docs.docker.io 16 | 17 | [Service] 18 | ExecStart=/usr/bin/docker --daemon \ 19 | --bip=10.200.3.1/24 \ 20 | --host=tcp://0.0.0.0:2376 \ 21 | --host=unix:///var/run/docker.sock \ 22 | --tlsverify \ 23 | --tlscacert=/etc/docker/ssl/ca.pem \ 24 | --tlscert=/etc/docker/ssl/server.pem \ 25 | --tlskey=/etc/docker/ssl/server-key.pem \ 26 | --storage-driver=overlay 27 | Restart=on-failure 28 | RestartSec=5 29 | 30 | [Install] 31 | WantedBy=multi-user.target 32 | update: 33 | group: alpha 34 | reboot-strategy: off 35 | write_files: 36 | - path: /etc/docker/ssl/server-key.pem 37 | permissions: 0400 38 | owner: root 39 | content: | 40 | -----BEGIN RSA PRIVATE KEY----- 41 | REDACTED 42 | -----END RSA PRIVATE KEY----- 43 | - path: /etc/docker/ssl/server.pem 44 | permissions: 0444 45 | owner: root 46 | content: | 47 | -----BEGIN CERTIFICATE----- 48 | REDACTED 49 | -----END CERTIFICATE----- 50 | - path: /etc/docker/ssl/ca.pem 51 | permissions: 0444 52 | owner: root 53 | content: | 54 | -----BEGIN CERTIFICATE----- 55 | REDACTED 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /docs/cluster-configs/node4.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | coreos: 4 | units: 5 | - name: etcd.service 6 | mask: true 7 | - name: fleet.service 8 | mask: true 9 | - name: docker.service 10 | command: start 11 | enable: true 12 | content: | 13 | [Unit] 14 | Description=Docker Application Container Engine 15 | Documentation=http://docs.docker.io 16 | 17 | [Service] 18 | ExecStart=/usr/bin/docker --daemon \ 19 | --bip=10.200.4.1/24 \ 20 | --host=tcp://0.0.0.0:2376 \ 21 | --host=unix:///var/run/docker.sock \ 22 | --tlsverify \ 23 | --tlscacert=/etc/docker/ssl/ca.pem \ 24 | --tlscert=/etc/docker/ssl/server.pem \ 25 | --tlskey=/etc/docker/ssl/server-key.pem \ 26 | --storage-driver=overlay 27 | Restart=on-failure 28 | RestartSec=5 29 | 30 | [Install] 31 | WantedBy=multi-user.target 32 | update: 33 | group: alpha 34 | reboot-strategy: off 35 | write_files: 36 | - path: /etc/docker/ssl/server-key.pem 37 | permissions: 0400 38 | owner: root 39 | content: | 40 | -----BEGIN RSA PRIVATE KEY----- 41 | REDACTED 42 | -----END RSA PRIVATE KEY----- 43 | - path: /etc/docker/ssl/server.pem 44 | permissions: 0444 45 | owner: root 46 | content: | 47 | -----BEGIN CERTIFICATE----- 48 | REDACTED 49 | -----END CERTIFICATE----- 50 | - path: /etc/docker/ssl/ca.pem 51 | permissions: 0444 52 | owner: root 53 | content: | 54 | -----BEGIN CERTIFICATE----- 55 | REDACTED 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /docs/cluster-configs/node5.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | coreos: 4 | units: 5 | - name: etcd.service 6 | mask: true 7 | - name: fleet.service 8 | mask: true 9 | - name: docker.service 10 | command: start 11 | enable: true 12 | content: | 13 | [Unit] 14 | Description=Docker Application Container Engine 15 | Documentation=http://docs.docker.io 16 | 17 | [Service] 18 | ExecStart=/usr/bin/docker --daemon \ 19 | --bip=10.200.5.1/24 \ 20 | --host=tcp://0.0.0.0:2376 \ 21 | --host=unix:///var/run/docker.sock \ 22 | --tlsverify \ 23 | --tlscacert=/etc/docker/ssl/ca.pem \ 24 | --tlscert=/etc/docker/ssl/server.pem \ 25 | --tlskey=/etc/docker/ssl/server-key.pem \ 26 | --storage-driver=overlay 27 | Restart=on-failure 28 | RestartSec=5 29 | 30 | [Install] 31 | WantedBy=multi-user.target 32 | update: 33 | group: alpha 34 | reboot-strategy: off 35 | write_files: 36 | - path: /etc/docker/ssl/server-key.pem 37 | permissions: 0400 38 | owner: root 39 | content: | 40 | -----BEGIN RSA PRIVATE KEY----- 41 | REDACTED 42 | -----END RSA PRIVATE KEY----- 43 | - path: /etc/docker/ssl/server.pem 44 | permissions: 0444 45 | owner: root 46 | content: | 47 | -----BEGIN CERTIFICATE----- 48 | REDACTED 49 | -----END CERTIFICATE----- 50 | - path: /etc/docker/ssl/ca.pem 51 | permissions: 0444 52 | owner: root 53 | content: | 54 | -----BEGIN CERTIFICATE----- 55 | REDACTED 56 | -----END CERTIFICATE----- 57 | -------------------------------------------------------------------------------- /docs/cluster.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Cluster with Docker 2 | 3 | ## Status: Work In Progress 4 | 5 | The following guide will bootstrap a 6 node Kubernetes cluster using Docker and Docker Compose on GCE. 6 | 7 | ## Provision 6 GCE Nodes 8 | 9 | ``` 10 | for i in {0..5}; do 11 | gcloud compute instances create node${i} \ 12 | --image-project coreos-cloud \ 13 | --image coreos-alpha-723-0-0-v20150625 \ 14 | --boot-disk-size 200GB \ 15 | --machine-type n1-standard-1 \ 16 | --can-ip-forward \ 17 | --scopes compute-rw \ 18 | --metadata-from-file user-data=node${i}.yaml 19 | done 20 | ``` 21 | 22 | ``` 23 | gcloud compute instances list 24 | ``` 25 | 26 | ``` 27 | gcloud compute routes create default-route-10-200-0-0-24 --destination-range 10.200.0.0/24 --next-hop-instance node0 28 | gcloud compute routes create default-route-10-200-1-0-24 --destination-range 10.200.1.0/24 --next-hop-instance node1 29 | gcloud compute routes create default-route-10-200-2-0-24 --destination-range 10.200.2.0/24 --next-hop-instance node2 30 | gcloud compute routes create default-route-10-200-3-0-24 --destination-range 10.200.3.0/24 --next-hop-instance node3 31 | gcloud compute routes create default-route-10-200-4-0-24 --destination-range 10.200.4.0/24 --next-hop-instance node4 32 | gcloud compute routes create default-route-10-200-5-0-24 --destination-range 10.200.5.0/24 --next-hop-instance node5 33 | ``` 34 | 35 | ``` 36 | gcloud compute routes list 37 | ``` 38 | -------------------------------------------------------------------------------- /etcd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | MAINTAINER Kelsey Hightower 3 | COPY etcd /etcd 4 | COPY etcdctl /etcdctl 5 | ENTRYPOINT ["/etcd"] 6 | -------------------------------------------------------------------------------- /kube-apiserver/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | MAINTAINER Kelsey Hightower 3 | COPY kube-apiserver /kube-apiserver 4 | ENTRYPOINT ["/kube-apiserver"] 5 | -------------------------------------------------------------------------------- /kube-controller-manager/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | MAINTAINER Kelsey Hightower 3 | COPY kube-controller-manager /kube-controller-manager 4 | ENTRYPOINT ["/kube-controller-manager"] 5 | -------------------------------------------------------------------------------- /kube-controller-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kube-controller 5 | spec: 6 | hostNetwork: true 7 | volumes: 8 | - name: "etc-kubernetes" 9 | hostPath: 10 | path: "/etc/kubernetes" 11 | - name: "ssl-certs" 12 | hostPath: 13 | path: "/usr/share/ca-certificates" 14 | - name: "var-run-kubernetes" 15 | hostPath: 16 | path: "/var/run/kubernetes" 17 | - name: "var-lib-kubernetes" 18 | hostPath: 19 | path: "/var/lib/kubernetes" 20 | - name: "etcd-datadir" 21 | hostPath: 22 | path: "/var/lib/etcd" 23 | containers: 24 | - name: "etcd" 25 | image: "b.gcr.io/kuar/etcd:2.2.2" 26 | args: 27 | - "--data-dir=/var/lib/etcd" 28 | - "--advertise-client-urls=http://127.0.0.1:2379" 29 | - "--listen-client-urls=http://127.0.0.1:2379" 30 | - "--listen-peer-urls=http://127.0.0.1:2380" 31 | - "--name=etcd" 32 | volumeMounts: 33 | - mountPath: /var/lib/etcd 34 | name: "etcd-datadir" 35 | - name: "kube-apiserver" 36 | image: "b.gcr.io/kuar/kube-apiserver:1.1.2" 37 | args: 38 | - "--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" 39 | - "--allow-privileged=true" 40 | - "--etcd-servers=http://127.0.0.1:2379" 41 | - "--insecure-bind-address=0.0.0.0" 42 | - "--service-cluster-ip-range=10.200.100.0/24" 43 | - "--service-node-port-range=30000-37000" 44 | - "--v=2" 45 | volumeMounts: 46 | - mountPath: /etc/kubernetes 47 | name: "etc-kubernetes" 48 | - mountPath: /var/run/kubernetes 49 | name: "var-run-kubernetes" 50 | - mountPath: /var/lib/kubernetes 51 | name: "var-lib-kubernetes" 52 | - name: "kube-controller-manager" 53 | image: "b.gcr.io/kuar/kube-controller-manager:1.1.2" 54 | args: 55 | - "--master=http://127.0.0.1:8080" 56 | - "--v=2" 57 | volumeMounts: 58 | - mountPath: /var/run/kubernetes 59 | name: "var-run-kubernetes" 60 | - mountPath: /var/lib/kubernetes 61 | name: "var-lib-kubernetes" 62 | - name: "kube-scheduler" 63 | image: "b.gcr.io/kuar/kube-scheduler:1.1.2" 64 | args: 65 | - "--master=http://127.0.0.1:8080" 66 | - "--v=2" 67 | -------------------------------------------------------------------------------- /kube-proxy-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kube-proxy 5 | version: 1.1.2 6 | spec: 7 | hostNetwork: true 8 | volumes: 9 | - name: "etc-kubernetes" 10 | hostPath: 11 | path: "/etc/kubernetes" 12 | - name: "ssl-certs" 13 | hostPath: 14 | path: "/usr/share/ca-certificates" 15 | - name: "usr" 16 | hostPath: 17 | path: "/usr" 18 | - name: "lib64" 19 | hostPath: 20 | path: "/lib64" 21 | containers: 22 | - name: "kube-proxy" 23 | image: "b.gcr.io/kuar/kube-proxy:1.1.2" 24 | args: 25 | - "--master=http://127.0.0.1:8080" 26 | - "--v=2" 27 | securityContext: 28 | privileged: true 29 | volumeMounts: 30 | - mountPath: /etc/kubernetes 31 | name: "etc-kubernetes" 32 | - mountPath: /etc/ssl/certs 33 | name: "ssl-certs" 34 | - mountPath: /usr 35 | name: "usr" 36 | - mountPath: /lib64 37 | name: "lib64" 38 | -------------------------------------------------------------------------------- /kube-proxy/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | MAINTAINER Kelsey Hightower 3 | COPY kube-proxy /kube-proxy 4 | ENTRYPOINT ["/kube-proxy"] 5 | -------------------------------------------------------------------------------- /kube-scheduler/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | MAINTAINER Kelsey Hightower 3 | COPY kube-scheduler /kube-scheduler 4 | ENTRYPOINT ["/kube-scheduler"] 5 | -------------------------------------------------------------------------------- /kubelet/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:jessie 2 | MAINTAINER Kelsey Hightower 3 | RUN apt-get update && apt-get install -y --no-install-recommends \ 4 | ca-certificates \ 5 | curl \ 6 | iptables \ 7 | util-linux 8 | # Make nsenter available at / for the kubelet in a container hack. 9 | RUN ln -s /usr/bin/nsenter /nsenter 10 | 11 | COPY kubelet /kubelet 12 | ENTRYPOINT ["/kubelet"] 13 | --------------------------------------------------------------------------------