├── scripts
    ├── release
    ├── ci
    ├── entry
    ├── version
    └── package
├── .dockerignore
├── .gitignore
├── package
    ├── dns.sed
    ├── runc-1.10
    ├── utils.sh
    ├── Dockerfile
    ├── entry.sh
    └── addons-update.sh
├── Makefile
├── addon-templates
    ├── kubectl
    │   ├── dashboard
    │   │   ├── dashboard-svc.yaml
    │   │   └── dashboard-controller.yaml
    │   ├── helm
    │   │   ├── tiller-service.yaml
    │   │   └── tiller-deploy.yaml
    │   ├── heapster
    │   │   ├── heapster
    │   │   │   ├── heapster-service.yaml
    │   │   │   └── heapster-deployment.yaml
    │   │   ├── influxdb
    │   │   │   ├── influxdb-service.yaml
    │   │   │   └── influxdb-deployment.yaml
    │   │   └── grafana
    │   │   │   ├── grafana-service.yaml
    │   │   │   └── grafana-deployment.yaml
    │   └── dns
    │   │   ├── kubedns-svc.yaml.sed
    │   │   └── kubedns-controller.yaml.sed
    └── README.md
├── .drone.yml
├── README.md
├── Dockerfile.dapper
├── RELEASE.md
└── LICENSE


/scripts/release:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | exec $(dirname $0)/ci
4 | 


--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | ./bin
2 | ./.dapper
3 | ./dist
4 | ./.trash-cache
5 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /.dapper
2 | /bin
3 | /dist
4 | *.swp
5 | /.trash-cache
6 | 


--------------------------------------------------------------------------------
/scripts/ci:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | cd $(dirname $0)
5 | ./package
6 | 


--------------------------------------------------------------------------------
/package/dns.sed:
--------------------------------------------------------------------------------
1 | s/$DNS_SERVER_IP/\$DNS_CLUSTER_IP/g
2 | s/$DNS_DOMAIN/cluster.local/g
3 | /        - --dns-port=10053/a
4 | s/docker.io\//\$DOCKER_IO_REGISTRY\//g
5 | s/rancher\//\$BASE_IMAGE_NAMESPACE\//g
6 | 


--------------------------------------------------------------------------------
/scripts/entry:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | mkdir -p bin dist
 5 | if [ -e ./scripts/$1 ]; then
 6 |     ./scripts/"$@"
 7 | else
 8 |     exec "$@"
 9 | fi
10 | 
11 | chown -R $DAPPER_UID:$DAPPER_GID .
12 | 


--------------------------------------------------------------------------------
/package/runc-1.10:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | shift 1
 4 | 
 5 | while [ "$#" -gt 0 ]; do
 6 |     if [ "$1" = "-e" ]; then
 7 |         shift 2
 8 |     else
 9 |         break
10 |     fi
11 | done
12 | 
13 | export DOCKER_API_VERSION=1.22
14 | PID=$(docker inspect -f '{{.State.Pid}}' $1)
15 | 
16 | shift 1
17 | nsenter -m -u -i -n -p -t $PID "$@" 
18 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | TARGETS := $(shell ls scripts)
 2 | 
 3 | .dapper:
 4 | 	@echo Downloading dapper
 5 | 	@curl -sL https://releases.rancher.com/dapper/latest/dapper-`uname -s`-`uname -m` > .dapper.tmp
 6 | 	@@chmod +x .dapper.tmp
 7 | 	@./.dapper.tmp -v
 8 | 	@mv .dapper.tmp .dapper
 9 | 
10 | $(TARGETS): .dapper
11 | 	./.dapper $@
12 | 
13 | .DEFAULT_GOAL := ci
14 | 
15 | .PHONY: $(TARGETS)
16 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/dashboard/dashboard-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: kubernetes-dashboard
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: kubernetes-dashboard
 8 |     kubernetes.io/cluster-service: "true"
 9 | spec:
10 |   selector:
11 |     k8s-app: kubernetes-dashboard
12 |   ports:
13 |   - port: 80
14 |     targetPort: 9090
15 | 


--------------------------------------------------------------------------------
/.drone.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | kind: pipeline
 3 | name: default
 4 | 
 5 | platform:
 6 |   os: linux
 7 |   arch: amd64
 8 | 
 9 | steps:
10 | - name: build
11 |   pull: default
12 |   image: rancher/dapper:1.11.2
13 |   commands:
14 |   - dapper ci
15 |   privileged: true
16 |   volumes:
17 |   - name: socket
18 |     path: /var/run/docker.sock
19 | 
20 | volumes:
21 | - name: socket
22 |   host:
23 |     path: /var/run/docker.sock
24 | 


--------------------------------------------------------------------------------
/scripts/version:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
 4 |     DIRTY="-dirty"
 5 | fi
 6 | 
 7 | COMMIT=$(git rev-parse --short HEAD)
 8 | GIT_TAG=$(git tag -l --contains HEAD | head -n 1)
 9 | 
10 | if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then
11 |     VERSION=$GIT_TAG
12 | else
13 |     VERSION="${COMMIT}${DIRTY}"
14 | fi
15 | 
16 | if [ -z "$ARCH" ]; then
17 |     ARCH=amd64
18 | fi
19 | 


--------------------------------------------------------------------------------
/addon-templates/README.md:
--------------------------------------------------------------------------------
 1 | ### Addon Images
 2 | 
 3 | The following images are used by kubernetes addons:
 4 | - Kubernetes dashboard:
 5 |     - kubernetes-dashboard-amd64:v1.8.3
 6 | - Kube-dns:
 7 |     - k8s-dns-kube-dns-amd64:1.14.8
 8 |     - k8s-dns-dnsmasq-nanny-amd64:1.14.8
 9 |     - k8s-dns-sidecar-amd64:1.14.8
10 | - Heapster:
11 |     - heapster-grafana-amd64:v4.4.3
12 |     - heapster-amd64:v1.5.0
13 |     - heapster-influxdb-amd64:v1.3.3
14 | - Helm:
15 |     - tiller:v2.8.2
16 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/helm/tiller-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
 6 |     # If you are NOT using this as an addon, you should comment out this line.
 7 |     kubernetes.io/cluster-service: 'true'
 8 |     kubernetes.io/name: tiller-deploy
 9 |   name: tiller-deploy
10 |   namespace: kube-system
11 | spec:
12 |   ports:
13 |   - port: 44134
14 |     targetPort: 44134
15 |   selector:
16 |     app: helm
17 |     name: tiller


--------------------------------------------------------------------------------
/addon-templates/kubectl/heapster/heapster/heapster-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     task: monitoring
 6 |     # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
 7 |     # If you are NOT using this as an addon, you should comment out this line.
 8 |     kubernetes.io/cluster-service: 'true'
 9 |     kubernetes.io/name: Heapster
10 |   name: heapster
11 |   namespace: kube-system
12 | spec:
13 |   ports:
14 |   - port: 80
15 |     targetPort: 8082
16 |   selector:
17 |     k8s-app: heapster
18 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/heapster/influxdb/influxdb-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     task: monitoring
 6 |     # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
 7 |     # If you are NOT using this as an addon, you should comment out this line.
 8 |     kubernetes.io/cluster-service: 'true'
 9 |     kubernetes.io/name: monitoring-influxdb
10 |   name: monitoring-influxdb
11 |   namespace: kube-system
12 | spec:
13 |   ports:
14 |   - port: 8086
15 |     targetPort: 8086
16 |   selector:
17 |     k8s-app: influxdb
18 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/heapster/influxdb/influxdb-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: monitoring-influxdb
 5 |   namespace: kube-system
 6 | spec:
 7 |   replicas: 1
 8 |   template:
 9 |     metadata:
10 |       labels:
11 |         task: monitoring
12 |         k8s-app: influxdb
13 |     spec:
14 |       containers:
15 |       - name: influxdb
16 |         image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$INFLUXDB_IMAGE
17 |         volumeMounts:
18 |         - mountPath: /data
19 |           name: influxdb-storage
20 |       serviceAccountName: io-rancher-system
21 |       volumes:
22 |       - name: influxdb-storage
23 |         $INFLUXDB_VOLUME
24 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/heapster/grafana/grafana-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
 6 |     # If you are NOT using this as an addon, you should comment out this line.
 7 |     kubernetes.io/cluster-service: 'true'
 8 |     kubernetes.io/name: monitoring-grafana
 9 |   name: monitoring-grafana
10 |   namespace: kube-system
11 | spec:
12 |   # In a production setup, we recommend accessing Grafana through an external Loadbalancer
13 |   # or through a public IP.
14 |   # type: LoadBalancer
15 |   # You could also use NodePort to expose the service at a randomly-generated port
16 |   # type: NodePort
17 |   ports:
18 |   - port: 80
19 |     targetPort: 3000
20 |   selector:
21 |     k8s-app: grafana
22 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/heapster/heapster/heapster-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: heapster
 5 |   namespace: kube-system
 6 | spec:
 7 |   replicas: 1
 8 |   template:
 9 |     metadata:
10 |       labels:
11 |         task: monitoring
12 |         k8s-app: heapster
13 |     spec:
14 |       containers:
15 |       - name: heapster
16 |         image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$HEAPSTER_IMAGE
17 |         command:
18 |         - /heapster
19 |         - --source=kubernetes:https://$KUBERNETES_SERVICE_HOST:443?inClusterConfig=true&useServiceAccount=true
20 |         - --sink=influxdb:http://monitoring-influxdb.kube-system.svc.cluster.local:8086?retention=$INFLUXDB_RETENTION
21 |         - --v=$ADDONS_LOG_VERBOSITY_LEVEL
22 |       serviceAccountName: io-rancher-system
23 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | kubernetes-package
 2 | ========
 3 | 
 4 | Packaging of Kubernetes for Rancher
 5 | 
 6 | ## Building
 7 | 
 8 | Update `Dockerfile.dapper` with the URL of your k8s release then
 9 | 
10 | `make`
11 | 
12 | ## License
13 | Copyright (c) 2014-2016 [Rancher Labs, Inc.](http://rancher.com)
14 | 
15 | Licensed under the Apache License, Version 2.0 (the "License");
16 | you may not use this file except in compliance with the License.
17 | You may obtain a copy of the License at
18 | 
19 | [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0)
20 | 
21 | Unless required by applicable law or agreed to in writing, software
22 | distributed under the License is distributed on an "AS IS" BASIS,
23 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24 | See the License for the specific language governing permissions and
25 | limitations under the License.
26 | 


--------------------------------------------------------------------------------
/scripts/package:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | source $(dirname $0)/version
 5 | 
 6 | ARCH=${ARCH:-"amd64"}
 7 | SUFFIX=""
 8 | [ "${ARCH}" != "amd64" ] && SUFFIX="_${ARCH}"
 9 | 
10 | cd $(dirname $0)/../package
11 | 
12 | TAG=${TAG:-${VERSION}${SUFFIX}}
13 | REPO=${REPO:-rancher}
14 | 
15 | if echo $TAG | grep -q dirty; then
16 |     TAG=dev
17 | fi
18 | 
19 | tar xvzf $DOWNLOAD/k8s.tar.gz --strip-components=3 kubernetes/server/bin/{kubelet,kube-proxy,kube-apiserver,kube-controller-manager,kube-scheduler,kubectl}
20 | tar xvzf $DOWNLOAD/k8s.tar.gz kubernetes/kubernetes-src.tar.gz
21 | 
22 | mkdir -p kubernetes/cluster/addons
23 | 
24 | cp -r ../addon-templates/kubectl/* kubernetes/cluster/addons/
25 | 
26 | for t in kubernetes/cluster/addons/dns/*.yaml.sed; do
27 |     sed -f dns.sed <${t} >${t%.sed} && rm ${t}
28 |     echo ${t%.sed}
29 | done
30 | 
31 | IMAGE=${REPO}/k8s:${TAG}
32 | docker build -t ${IMAGE} .
33 | echo ${IMAGE} > ../dist/images
34 | echo Built ${IMAGE}
35 | 


--------------------------------------------------------------------------------
/Dockerfile.dapper:
--------------------------------------------------------------------------------
 1 | FROM ubuntu:16.04
 2 | # FROM arm=armhf/ubuntu:16.04
 3 | 
 4 | RUN apt-get update && \
 5 |     apt-get install -y ca-certificates wget git xz-utils && \
 6 |     rm -f /bin/sh && ln -s /bin/bash /bin/sh
 7 | 
 8 | ARG DAPPER_HOST_ARCH
 9 | ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH}
10 | 
11 | 
12 | 
13 | ENV DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 \
14 |     DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm \
15 |     DOCKER_URL=DOCKER_URL_${ARCH}
16 | RUN wget -O - ${!DOCKER_URL} > /usr/bin/docker && chmod +x /usr/bin/docker
17 | 
18 | 
19 | 
20 | ENV DOWNLOAD /usr/src
21 | 
22 | ENV KUBERNETES_DOWNLOAD https://github.com/rancher/kubernetes/releases/download/v1.10.11-rancher1/kubernetes-server-linux-amd64.tar.gz
23 | RUN wget -O - $KUBERNETES_DOWNLOAD > $DOWNLOAD/k8s.tar.gz
24 | 
25 | ENV DAPPER_ENV REPO TAG
26 | ENV DAPPER_SOURCE /source
27 | ENV DAPPER_OUTPUT ./dist
28 | ENV DAPPER_DOCKER_SOCKET true
29 | ENV TRASH_CACHE ${DAPPER_SOURCE}/.trash-cache
30 | WORKDIR ${DAPPER_SOURCE}
31 | 
32 | ENTRYPOINT ["./scripts/entry"]
33 | CMD ["ci"]
34 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/helm/tiller-deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: "extensions/v1beta1"
 2 | kind: "Deployment"
 3 | metadata:
 4 |   name: "tiller-deploy"
 5 |   namespace: "kube-system"
 6 |   labels:
 7 |     app: "helm"
 8 |     name: "tiller"
 9 | spec:
10 |   replicas: 1
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: "helm"
15 |         name: "tiller"
16 |     spec:
17 |       serviceAccountName: "io-rancher-system"
18 |       containers:
19 |           - name: "tiller"
20 |             image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$TILLER_IMAGE
21 |             imagePullPolicy: "Always"
22 |             command:
23 |             - /tiller
24 |             - --v=$ADDONS_LOG_VERBOSITY_LEVEL
25 |             ports:
26 |              - name: "tiller"
27 |                containerPort: 44134
28 |             livenessProbe:
29 |                 initialDelaySeconds: 1
30 |                 timeoutSeconds: 1
31 |                 httpGet:
32 |                     path: "/liveness"
33 |                     port: 44135
34 |             readinessProbe:
35 |                 initialDelaySeconds: 1
36 |                 timeoutSeconds: 1
37 |                 httpGet:
38 |                     path: "/readiness"
39 |                     port: 44135
40 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/dns/kubedns-svc.yaml.sed:
--------------------------------------------------------------------------------
 1 | # Copyright 2016 The Kubernetes Authors.
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #     http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | # Warning: This is a file generated from the base underscore template file: kubedns-svc.yaml.base
16 | 
17 | apiVersion: v1
18 | kind: Service
19 | metadata:
20 |   name: kube-dns
21 |   namespace: kube-system
22 |   labels:
23 |     k8s-app: kube-dns
24 |     kubernetes.io/cluster-service: "true"
25 |     addonmanager.kubernetes.io/mode: Reconcile
26 |     kubernetes.io/name: "KubeDNS"
27 | spec:
28 |   selector:
29 |     k8s-app: kube-dns
30 |   clusterIP: $DNS_SERVER_IP
31 |   ports:
32 |   - name: dns
33 |     port: 53
34 |     protocol: UDP
35 |   - name: dns-tcp
36 |     port: 53
37 |     protocol: TCP
38 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/dashboard/dashboard-controller.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: kubernetes-dashboard
 5 |   namespace: kube-system
 6 |   labels:
 7 |     k8s-app: kubernetes-dashboard
 8 |     kubernetes.io/cluster-service: "true"
 9 | spec:
10 |   selector:
11 |     matchLabels:
12 |       k8s-app: kubernetes-dashboard
13 |   template:
14 |     metadata:
15 |       labels:
16 |         k8s-app: kubernetes-dashboard
17 |       annotations:
18 |         scheduler.alpha.kubernetes.io/critical-pod: ''
19 |     spec:
20 |       serviceAccountName: "io-rancher-system"
21 |       containers:
22 |       - name: kubernetes-dashboard
23 |         image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$DASHBOARD_IMAGE
24 |         args:
25 |         - --v=$ADDONS_LOG_VERBOSITY_LEVEL
26 |         - --logtostderr
27 |         resources:
28 |           # keep request = limit to keep this container in guaranteed class
29 |           limits:
30 |             cpu: $DASHBOARD_CPU_LIMIT
31 |             memory: $DASHBOARD_MEMORY_LIMIT
32 |           requests:
33 |             cpu: $DASHBOARD_CPU_LIMIT
34 |             memory: $DASHBOARD_MEMORY_LIMIT
35 |         ports:
36 |         - containerPort: 9090
37 |         livenessProbe:
38 |           httpGet:
39 |             path: /
40 |             port: 9090
41 |           initialDelaySeconds: 30
42 |           timeoutSeconds: 30
43 |       tolerations:
44 |       - key: "CriticalAddonsOnly"
45 |         operator: "Exists"
46 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/heapster/grafana/grafana-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: monitoring-grafana
 5 |   namespace: kube-system
 6 | spec:
 7 |   replicas: 1
 8 |   template:
 9 |     metadata:
10 |       labels:
11 |         task: monitoring
12 |         k8s-app: grafana
13 |     spec:
14 |       containers:
15 |       - name: grafana
16 |         image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$GRAFANA_IMAGE
17 |         ports:
18 |           - containerPort: 3000
19 |             protocol: TCP
20 |         volumeMounts:
21 |         - mountPath: /var
22 |           name: grafana-storage
23 |         env:
24 |         - name: INFLUXDB_HOST
25 |           value: monitoring-influxdb
26 |         - name: INFLUXDB_SERVICE_URL
27 |           value: http://monitoring-influxdb:8086
28 |         - name: GRAFANA_PORT
29 |           value: "3000"
30 |           # The following env variables are required to make Grafana accessible via
31 |           # the kubernetes api-server proxy. On production clusters, we recommend
32 |           # removing these env variables, setup auth for grafana, and expose the grafana
33 |           # service using a LoadBalancer or a public IP.
34 |         - name: GF_AUTH_BASIC_ENABLED
35 |           value: "false"
36 |         - name: GF_AUTH_ANONYMOUS_ENABLED
37 |           value: "true"
38 |         - name: GF_AUTH_ANONYMOUS_ORG_ROLE
39 |           value: Admin
40 |         - name: GF_SERVER_ROOT_URL
41 |           # If you're only using the API Server proxy, set this value instead:
42 |           # value: /api/v1/proxy/namespaces/kube-system/services/monitoring-grafana/
43 |           value: /
44 |       serviceAccountName: io-rancher-system
45 |       volumes:
46 |       - name: grafana-storage
47 |         emptyDir: {}
48 | 


--------------------------------------------------------------------------------
/RELEASE.md:
--------------------------------------------------------------------------------
 1 | # Building and Releasing Kubernetes
 2 | 
 3 | ## Projects that build with dapper
 4 | 
 5 | 1) Kubernetes-agent: https://github.com/rancher/kubernetes-agent
 6 | 
 7 | results in rancher/kubernetes-agent:tag image
 8 | 
 9 | 2) Ingress controller: https://github.com/rancher/lb-controller
10 | 
11 | results in rancher/lb-service-rancher:tag image
12 | 
13 | 3) Kubectld: https://github.com/rancher/kubectld
14 | 
15 | results in rancher/kubectld:tag image
16 | 
17 | 
18 | ## Building kubernetes
19 | 
20 | Kubernetes image used for controller/k8s/kubelet/proxy/scheduler services. 
21 | Source: https://github.com/rancher/kubernetes
22 | Packaging: https://github.com/rancher/kubernetes-package
23 | 
24 | If only packaging changes are required:
25 | 
26 | 1) Make changes in kubernetes-package.
27 | 2) Create and push tag
28 | 3) Run make, it should generate the image with the new tag.
29 | 
30 | If kubernetes base got changed - either sync with upstream was performed, or some bug fix went in, do this:
31 | 
32 | ### https://github.com/rancher/kubernetes
33 | 
34 | 1) Build k8s binaries using  rancher-k8s-build/build.sh under .
35 | 2) Create and push tag
36 | 3) Upload binaries built on step 1 to the release
37 | 
38 | ### https://github.com/rancher/kubernetes-package
39 | 
40 | 1) Point dockerfile.dapper to a new binary:
41 | 
42 | https://github.com/rancher/kubernetes-package/blob/master/Dockerfile.dapper#L18
43 | 
44 | 2) Commit the changes, create and push tag
45 | 3) Run make to generate a new image.
46 | 
47 | ### Syncing rancher kubernetes with upstream
48 | 
49 | 1) Add remote git@github.com:kubernetes/kubernetes.git, lets call it upstream. Rancher is origin, git@github.com:rancher/kubernetes.git
50 | 2) Lets say you need to update kubernetes rancher v1.5.1-rancher with k8s upstream v1.5.2. For that:
51 | 
52 | git checkout -b v1.5.2-rancher v1.5.1-rancher
53 | git rebase -i v1.5.2
54 | git push origin v1.5.2-rancher
55 | 
56 | ### K8s template in rancher catalog
57 | 
58 | https://github.com/rancher/rancher-catalog/tree/master/infra-templates/k8s
59 | 
60 | Review recommended admission controllers and see if they have changed since the last release (https://github.com/kubernetes/kubernetes.github.io/blob/master/docs/admin/admission-controllers.md#is-there-a-recommended-set-of-plug-ins-to-use).
61 | 


--------------------------------------------------------------------------------
/package/utils.sh:
--------------------------------------------------------------------------------
 1 | 
 2 | AZURE_META_URL="http://169.254.169.254/metadata/instance/compute"
 3 | get_azure_config() {
 4 |   local az_resources_group=$(curl  -s -H Metadata:true "${AZURE_META_URL}/resourceGroupName?api-version=2017-08-01&format=text")
 5 |   local az_subscription_id=$(curl -s -H Metadata:true "${AZURE_META_URL}/subscriptionId?api-version=2017-08-01&format=text")
 6 |   local az_location=$(curl  -s -H Metadata:true "${AZURE_META_URL}/location?api-version=2017-08-01&format=text")
 7 |   local az_vm_name=$(curl -s -H Metadata:true "${AZURE_META_URL}/name?api-version=2017-08-01&format=text")
 8 | 
 9 |   # setting correct login cloud
10 |   if [ "${AZURE_CLOUD}" == "AzurePublicCloud" ]; then
11 |       LOGIN_CLOUD="AzureCloud"
12 |   elif [ "${AZURE_CLOUD}" == "AzureUSGovernmentCloud" ]; then
13 |       LOGIN_CLOUD="AzureUSGovernment"
14 |   else
15 |       LOGIN_CLOUD=${AZURE_CLOUD}
16 |   fi
17 |   az cloud set --name ${LOGIN_CLOUD}
18 | 
19 |   # login to Azure
20 |   az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID} 2>&1 > /dev/null
21 | 
22 |   local az_vm_nic=$(az vm nic list -g ${az_resources_group} --vm-name ${az_vm_name} | jq -r .[0].id | cut -d "/" -f 9)
23 |   local az_subnet_name=$(az vm nic show -g ${az_resources_group} --vm-name ${az_vm_name} --nic ${az_vm_nic}| jq -r .ipConfigurations[0].subnet.id| cut -d"/" -f 11)
24 |   local az_vnet_name=$(az vm nic show -g ${az_resources_group} --vm-name ${az_vm_name} --nic ${az_vm_nic}| jq -r .ipConfigurations[0].subnet.id| cut -d"/" -f 9)
25 |   local az_vnet_resource_group=$(az vm nic show -g ${az_resources_group} --vm-name ${az_vm_name} --nic ${az_vm_nic}| jq -r .ipConfigurations[0].subnet.id| cut -d"/" -f 5)
26 | 
27 |   az logout 2>&1 > /dev/null
28 | 
29 |   echo "aadClientId: ${AZURE_CLIENT_ID}"
30 |   echo "aadClientSecret: ${AZURE_CLIENT_SECRET}"
31 |   echo "tenantId: ${AZURE_TENANT_ID}"
32 |   echo "subscriptionId: ${az_subscription_id}"
33 |   echo "cloud: ${AZURE_CLOUD:-AzurePublicCloud}"
34 |   echo "location: ${az_location}"
35 |   echo "resourceGroup: ${az_resources_group}"
36 |   echo "vnetResourceGroup: ${az_vnet_resource_group}"
37 |   echo "subnetName: ${az_subnet_name}"
38 |   echo "vnetName: ${az_vnet_name}"
39 |   if [ "${AZURE_SEC_GROUP}" != "" ]; then
40 |     echo "securityGroupName: ${AZURE_SEC_GROUP}"
41 |   fi
42 | }
43 | 


--------------------------------------------------------------------------------
/package/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM rancher/agent-base:v0.3.0
 2 | 
 3 | RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
 4 |     && DEBIAN_FRONTEND=noninteractive apt-get -yy -q \
 5 |     install apt-transport-https \
 6 |     && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" > \
 7 |     /etc/apt/sources.list.d/azure-cli.list \
 8 |     && curl -L https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
 9 |     && DEBIAN_FRONTEND=noninteractive apt-get update -y \
10 |     && DEBIAN_FRONTEND=noninteractive apt-get -yy -q \
11 |     install \
12 |     iptables \
13 |     ca-certificates \
14 |     file \
15 |     util-linux \
16 |     socat \
17 |     curl \
18 |     ethtool \
19 |     nfs-common \
20 |     jq \
21 |     unzip \
22 |     git \
23 |     wget \
24 |     glusterfs-client \
25 |     ceph-fs-common \
26 |     ceph-common \
27 |     conntrack \
28 |     netcat-openbsd \
29 |     cifs-utils \
30 |     azure-cli \
31 |     open-iscsi \
32 |     && DEBIAN_FRONTEND=noninteractive apt-get autoremove -y \
33 |     && DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
34 | 
35 | RUN curl -sLf https://get.docker.com/builds/Linux/x86_64/docker-1.12.3.tgz | tar xvzf - -C /usr/bin --strip-components=1 docker/docker-runc docker/docker \
36 |     && mv /usr/bin/docker-runc /usr/bin/runc \
37 |     && curl -sLf https://get.docker.com/builds/Linux/x86_64/docker-1.11.2.tgz | tar xvzf - -C /usr/bin --strip-components=1 docker/docker-runc \
38 |     && mv /usr/bin/docker-runc /usr/bin/runc-1.11 \
39 |     && mkdir -p /mnt/sda1 \
40 |     && ln -s /var /mnt/sda1/var \
41 |     && curl -sLf https://storage.googleapis.com/kubernetes-helm/helm-v2.1.3-linux-amd64.tar.gz | tar xvzf - -C /usr/bin --strip-components=1 linux-amd64/helm
42 | 
43 | ENV CNI v0.3.0-rancher3
44 | RUN mkdir -p /opt/loopback/bin \
45 |     && curl -sfSL https://github.com/rancher/cni/releases/download/${CNI}/cni-${CNI}.tar.gz | \
46 |        tar xvzf - -C /tmp ./loopback \
47 |     && mv /tmp/loopback /opt/loopback/bin
48 | ENV SSL_SCRIPT_COMMIT 98660ada3d800f653fc1f105771b5173f9d1a019
49 | RUN wget -O /usr/bin/update-rancher-ssl https://raw.githubusercontent.com/rancher/rancher/${SSL_SCRIPT_COMMIT}/server/bin/update-rancher-ssl && \
50 |     chmod +x /usr/bin/update-rancher-ssl
51 | 
52 | COPY runc-1.10 utils.sh entry.sh addons-update.sh kubectl kubelet kube-proxy kube-apiserver kube-controller-manager kube-scheduler /usr/bin/
53 | COPY kubernetes/cluster/addons /etc/kubernetes/addons/
54 | 
55 | RUN curl -OL https://github.com/rancher/cli/releases/download/v0.6.1/rancher-linux-amd64-v0.6.1.tar.gz \
56 |     && tar xf rancher-linux-amd64-v0.6.1.tar.gz \
57 |     && mv rancher-v0.6.1/rancher /usr/bin/
58 | 
59 | ENTRYPOINT ["/usr/bin/entry.sh"]
60 | 


--------------------------------------------------------------------------------
/package/entry.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | set -e -x
  3 | 
  4 | if [ "$1" == "kubelet" ]; then
  5 |     if [ -d /var/run/nscd ]; then
  6 |         mount --bind $(mktemp -d) /var/run/nscd
  7 |     fi
  8 | fi
  9 | 
 10 | while ! curl -s -f http://rancher-metadata/2015-12-19/stacks/Kubernetes/services/kubernetes/uuid; do
 11 |     echo Waiting for metadata
 12 |     sleep 1
 13 | done
 14 | 
 15 | /usr/bin/update-rancher-ssl
 16 | 
 17 | # k8s service certificate
 18 | UUID=$(curl -s http://rancher-metadata/2015-12-19/stacks/Kubernetes/services/kubernetes/uuid)
 19 | ACTION=$(curl -s -u $CATTLE_ACCESS_KEY:$CATTLE_SECRET_KEY "$CATTLE_URL/services?uuid=$UUID" | jq -r '.data[0].actions.certificate')
 20 | KUBERNETES_URL=${KUBERNETES_URL:-https://kubernetes.kubernetes.rancher.internal:6443}
 21 | 
 22 | if [ -n "$ACTION" ]; then
 23 |     mkdir -p /etc/kubernetes/ssl
 24 |     cd /etc/kubernetes/ssl
 25 |     curl -s -u $CATTLE_ACCESS_KEY:$CATTLE_SECRET_KEY -X POST $ACTION > certs.zip
 26 |     unzip -o certs.zip
 27 |     cd $OLDPWD
 28 | 
 29 |     TOKEN=$(cat /etc/kubernetes/ssl/key.pem | sha256sum | awk '{print $1}')
 30 | 
 31 |     cat > /etc/kubernetes/ssl/kubeconfig << EOF
 32 | apiVersion: v1
 33 | kind: Config
 34 | clusters:
 35 | - cluster:
 36 |     api-version: v1
 37 |     certificate-authority: /etc/kubernetes/ssl/ca.pem
 38 |     server: "$KUBERNETES_URL"
 39 |   name: "Default"
 40 | contexts:
 41 | - context:
 42 |     cluster: "Default"
 43 |     user: "Default"
 44 |   name: "Default"
 45 | current-context: "Default"
 46 | users:
 47 | - name: "Default"
 48 |   user:
 49 |     token: "$TOKEN"
 50 | EOF
 51 | fi
 52 | # etcd service certificate
 53 | ETCD_UUID=$(curl -s http://rancher-metadata/2015-12-19/stacks/Kubernetes/services/etcd/uuid)
 54 | ETCD_ACTION=$(curl -s -u $CATTLE_ACCESS_KEY:$CATTLE_SECRET_KEY "$CATTLE_URL/services?uuid=$ETCD_UUID" | jq -r '.data[0].actions.certificate')
 55 | 
 56 | if [ -n "$ETCD_ACTION" ]; then
 57 |     mkdir -p /etc/kubernetes/etcd
 58 |     cd /etc/kubernetes/etcd
 59 |     curl -s -u $CATTLE_ACCESS_KEY:$CATTLE_SECRET_KEY -X POST $ETCD_ACTION > etcd_certs.zip
 60 |     unzip -o etcd_certs.zip
 61 |     cd $OLDPWD
 62 | 
 63 | fi
 64 | 
 65 | cat > /etc/kubernetes/authconfig << EOF
 66 | clusters:
 67 | - name: rancher-kubernetes-auth
 68 |   cluster:
 69 |     server: http://rancher-kubernetes-auth
 70 | 
 71 | users:
 72 | - name: rancher-kubernetes
 73 | 
 74 | current-context: webhook
 75 | contexts:
 76 | - context:
 77 |     cluster: rancher-kubernetes-auth
 78 |     user: rancher-kubernetes
 79 |   name: webhook
 80 | EOF
 81 | 
 82 | # generate Azure cloud provider config
 83 | if echo ${@} | grep -q "cloud-provider=azure"; then
 84 |   if [ "$1" == "kubelet" ] || [ "$1" == "kube-apiserver" ] || [ "$1" == "kube-controller-manager" ]; then
 85 |     source utils.sh
 86 |     get_azure_config  > /etc/kubernetes/cloud-provider-config
 87 |   fi
 88 | fi
 89 | 
 90 | if [ "$1" == "kubelet" ]; then
 91 |     for i in $(DOCKER_API_VERSION=1.22 ./docker info 2>&1  | grep -i 'docker root dir' | cut -f2 -d:) /var/lib/docker /run /var/run; do
 92 |         for m in $(tac /proc/mounts | awk '{print $2}' | grep ^${i}/); do
 93 |             if [ "$m" != "/var/run/nscd" ] && [ "$m" != "/run/nscd" ]; then
 94 |                 umount $m || true
 95 |             fi
 96 |         done
 97 |     done
 98 |     mount --rbind /host/dev /dev
 99 |     mount -o rw,remount /sys/fs/cgroup 2>/dev/null || true
100 |     for i in /sys/fs/cgroup/*; do
101 |         if [ -d $i ]; then
102 |              mkdir -p $i/kubepods
103 |         fi
104 |     done
105 |     if [ -d /sys/fs/cgroup/cpu,cpuacct/ ]
106 |     then
107 |         mkdir -p /sys/fs/cgroup/cpuacct,cpu/
108 |         mount --bind /sys/fs/cgroup/cpu,cpuacct/ /sys/fs/cgroup/cpuacct,cpu/
109 |         mkdir -p /sys/fs/cgroup/net_prio,net_cls/
110 |         mount --bind /sys/fs/cgroup/net_cls,net_prio/ /sys/fs/cgroup/net_prio,net_cls/
111 |     fi
112 | fi
113 | 
114 | 
115 | FQDN=$(hostname --fqdn || hostname)
116 | 
117 | if [ "$1" == "kubelet" ]; then
118 |     CGROUPDRIVER=$(docker info | grep -i 'cgroup driver' | awk '{print $3}')
119 |     # Azure API uses hostnames not FQDNs, if FQDN is used,
120 |     # kubelet wouldn't be able to get node information from the cloud provider.
121 |     if [ "${CLOUD_PROVIDER}" == "azure" ]; then
122 |       FQDN=$(hostname -s)
123 |     fi
124 |     exec "$@" --cgroup-driver=$CGROUPDRIVER --hostname-override ${FQDN}
125 | fi
126 | 
127 | if [ "$1" == "kube-proxy" ]; then
128 |     exec "$@" --hostname-override ${FQDN}
129 | fi
130 | 
131 | if [ "$1" == "kube-apiserver" ]; then
132 |     export RANCHER_URL=${CATTLE_URL}
133 |     export RANCHER_ACCESS_KEY=${CATTLE_ACCESS_KEY}
134 |     export RANCHER_SECRET_KEY=${CATTLE_SECRET_KEY}
135 | 
136 |     LABEL=$(rancher inspect --type=service rancher-kubernetes-agent | jq '.launchConfig.labels."io.rancher.k8s.agent"')
137 |     if [ "${LABEL}" = "null" ]; then
138 |         rancher rm --type=service rancher-kubernetes-agent
139 |     fi
140 | 
141 |     CONTAINERIP=$(curl -s http://rancher-metadata/2015-12-19/self/container/ips/0)
142 |     exec "$@" "--advertise-address=$CONTAINERIP"
143 | fi
144 | 
145 | exec "$@"
146 | 


--------------------------------------------------------------------------------
/package/addons-update.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | set -x
  3 | 
  4 | function semver_lt() { test "$(printf '%s\n' "$@" | sort -r -V | head -n 1)" != "$1"; }
  5 | 
  6 | if [ ${DISABLE_ADDONS} == "true" ]; then
  7 |     echo "addons have been disabled"
  8 |     sleep infinity
  9 | fi
 10 | 
 11 | export KUBECONFIG=/etc/kubernetes/ssl/kubeconfig
 12 | 
 13 | while ! kubectl --namespace=kube-system get ns kube-system >/dev/null 2>&1; do
 14 | #  echo "Waiting for kubernetes API to come up..."
 15 |   sleep 2
 16 | done
 17 | 
 18 | # Remove old influx
 19 | kubectl delete --namespace kube-system deployment influxdb-grafana 2>/dev/null || true
 20 | 
 21 | cat <<EOF | kubectl apply -f - || true
 22 | apiVersion: v1
 23 | kind: ServiceAccount
 24 | metadata:
 25 |   name: "io-rancher-system"
 26 |   namespace: "kube-system"
 27 | 
 28 | ---
 29 | 
 30 | apiVersion: rbac.authorization.k8s.io/v1beta1
 31 | kind: ClusterRoleBinding
 32 | metadata:
 33 |   name: addons-binding
 34 | subjects:
 35 | - kind: ServiceAccount
 36 |   name: io-rancher-system
 37 |   namespace: kube-system
 38 | roleRef:
 39 |   kind: ClusterRole
 40 |   name: cluster-admin
 41 |   apiGroup: rbac.authorization.k8s.io
 42 | EOF
 43 | 
 44 | cat <<EOF | kubectl apply -f - || true
 45 | apiVersion: v1
 46 | kind: ConfigMap
 47 | metadata:
 48 |   name: kube-dns
 49 |   namespace: kube-system
 50 |   labels:
 51 |     addonmanager.kubernetes.io/mode: EnsureExists
 52 | EOF
 53 | 
 54 | DOCKER_IO_REGISTRY=${REGISTRY:-docker.io}
 55 | INFLUXDB_RETENTION=${INFLUXDB_RETENTION:-0s}
 56 | DNS_REPLICAS=${DNS_REPLICAS:-1}
 57 | DNS_CLUSTER_IP=${DNS_CLUSTER_IP:-10.43.0.10}
 58 | BASE_IMAGE_NAMESPACE=${BASE_IMAGE_NAMESPACE:-rancher}
 59 | ADDONS_LOG_VERBOSITY_LEVEL=${ADDONS_LOG_VERBOSITY_LEVEL:-2}
 60 | DASHBOARD_CPU_LIMIT=${DASHBOARD_CPU_LIMIT:-100m}
 61 | DASHBOARD_MEMORY_LIMIT=${DASHBOARD_MEMORY_LIMIT:-300Mi}
 62 | 
 63 | INFLUXDB_HOST_PATH=${INFLUXDB_HOST_PATH:-}
 64 | if [ "$INFLUXDB_HOST_PATH" == "" ]; then
 65 |   INFLUXDB_VOLUME="emptyDir: {}"
 66 | else
 67 |   INFLUXDB_VOLUME="hostPath:\n          path: $INFLUXDB_HOST_PATH"
 68 | fi
 69 | 
 70 | # Addons Images
 71 | # If any of these versions are updated, please also update them in
 72 | # addon-templates/README.md
 73 | 
 74 | ADDONS_DIR=/etc/kubernetes/addons
 75 | 
 76 | DASHBOARD_IMAGE=kubernetes-dashboard-amd64:v1.8.3
 77 | KUBEDNS_IMAGE=k8s-dns-kube-dns-amd64:1.14.8
 78 | DNSMASQ_IMAGE=k8s-dns-dnsmasq-nanny-amd64:1.14.8
 79 | DNS_SIDECAR_IMAGE=k8s-dns-sidecar-amd64:1.14.8
 80 | GRAFANA_IMAGE=heapster-grafana-amd64:v4.4.3
 81 | HEAPSTER_IMAGE=heapster-amd64:v1.5.0
 82 | INFLUXDB_IMAGE=heapster-influxdb-amd64:v1.3.3
 83 | TILLER_IMAGE=tiller:v2.8.2
 84 | 
 85 | for f in $(find $ADDONS_DIR -name '*.yaml'); do
 86 |   sed -i "s|\$DOCKER_IO_REGISTRY|$DOCKER_IO_REGISTRY|g" ${f}
 87 |   sed -i "s|\$INFLUXDB_VOLUME|$INFLUXDB_VOLUME|g" ${f}
 88 |   sed -i "s|\$INFLUXDB_RETENTION|$INFLUXDB_RETENTION|g" ${f}
 89 |   sed -i "s|\$DNS_REPLICAS|$DNS_REPLICAS|g" ${f}
 90 |   sed -i "s|\$BASE_IMAGE_NAMESPACE|$BASE_IMAGE_NAMESPACE|g" ${f}
 91 |   sed -i "s|\$HELM_IMAGE_NAMESPACE|$HELM_IMAGE_NAMESPACE|g" ${f}
 92 |   sed -i "s|\$DNS_CLUSTER_IP|$DNS_CLUSTER_IP|g" ${f}
 93 |   sed -i "s|\$ADDONS_LOG_VERBOSITY_LEVEL|$ADDONS_LOG_VERBOSITY_LEVEL|g" ${f}
 94 |   sed -i "s|\$DASHBOARD_IMAGE|$DASHBOARD_IMAGE|g" ${f}
 95 |   sed -i "s|\$KUBEDNS_IMAGE|$KUBEDNS_IMAGE|g" ${f}
 96 |   sed -i "s|\$DNSMASQ_IMAGE|$DNSMASQ_IMAGE|g" ${f}
 97 |   sed -i "s|\$DNS_SIDECAR_IMAGE|$DNS_SIDECAR_IMAGE|g" ${f}
 98 |   sed -i "s|\$GRAFANA_IMAGE|$GRAFANA_IMAGE|g" ${f}
 99 |   sed -i "s|\$HEAPSTER_IMAGE|$HEAPSTER_IMAGE|g" ${f}
100 |   sed -i "s|\$INFLUXDB_IMAGE|$INFLUXDB_IMAGE|g" ${f}
101 |   sed -i "s|\$TILLER_IMAGE|$TILLER_IMAGE|g" ${f}
102 |   sed -i "s|\$DASHBOARD_CPU_LIMIT|$DASHBOARD_CPU_LIMIT|g" ${f}
103 |   sed -i "s|\$DASHBOARD_MEMORY_LIMIT|$DASHBOARD_MEMORY_LIMIT|g" ${f}
104 | done
105 | 
106 | addons_images=(
107 |     "k8s-app=kubernetes-dashboard,$DASHBOARD_IMAGE,$ADDONS_DIR/dashboard"
108 |     "k8s-app=kube-dns,$KUBEDNS_IMAGE,$ADDONS_DIR/dns"
109 |     "k8s-app=grafana,$GRAFANA_IMAGE,$ADDONS_DIR/heapster/grafana"
110 |     "k8s-app=heapster,$HEAPSTER_IMAGE,$ADDONS_DIR/heapster/heapster"
111 |     "k8s-app=influxdb,$INFLUXDB_IMAGE,$ADDONS_DIR/heapster/influxdb"
112 |     "app=helm,$TILLER_IMAGE,$ADDONS_DIR/helm"
113 |    )
114 | 
115 | # Check Addon version
116 | for i in "${addons_images[@]}"; do
117 |   current_version=$(kubectl get deployments -n kube-system -o=jsonpath="{..image}" -l "$(echo $i | cut -d"," -f1)" | cut -d" " -f1 | cut -d":" -f2)
118 |   desired_version=$(grep -r "$(echo $i | cut -d"," -f2)" $ADDONS_DIR | cut -d":" -f4)
119 |   set -e
120 |   if [ -z "${current_version}" ]; then
121 |     kubectl --namespace=kube-system replace --force -f $(echo $i | cut -d"," -f3)
122 |   elif [ "${current_version}" == "${desired_version}" ]; then
123 |     kubectl --namespace=kube-system replace --force -f $(echo $i | cut -d"," -f3)
124 |   elif semver_lt ${current_version} ${desired_version}; then
125 |     kubectl --namespace=kube-system replace --force -f $(echo $i | cut -d"," -f3)
126 |   fi
127 |   set +e
128 | done
129 | 
130 | # Remove orphaned heapster
131 | kubectl -n kube-system delete -l 'k8s-app=heapster' -l 'version=v6' replicaset 2>/dev/null || true
132 | 
133 | nc -k -l 10240 > /dev/null 2>&1
134 | 


--------------------------------------------------------------------------------
/addon-templates/kubectl/dns/kubedns-controller.yaml.sed:
--------------------------------------------------------------------------------
  1 | # Copyright 2016 The Kubernetes Authors.
  2 | #
  3 | # Licensed under the Apache License, Version 2.0 (the "License");
  4 | # you may not use this file except in compliance with the License.
  5 | # You may obtain a copy of the License at
  6 | #
  7 | #     http://www.apache.org/licenses/LICENSE-2.0
  8 | #
  9 | # Unless required by applicable law or agreed to in writing, software
 10 | # distributed under the License is distributed on an "AS IS" BASIS,
 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12 | # See the License for the specific language governing permissions and
 13 | # limitations under the License.
 14 | 
 15 | # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
 16 | # in sync with this file.
 17 | 
 18 | # Warning: This is a file generated from the base underscore template file: kubedns-controller.yaml.base
 19 | ---
 20 | apiVersion: extensions/v1beta1
 21 | kind: Deployment
 22 | metadata:
 23 |   name: kube-dns
 24 |   namespace: kube-system
 25 |   labels:
 26 |     k8s-app: kube-dns
 27 |     kubernetes.io/cluster-service: "true"
 28 |     addonmanager.kubernetes.io/mode: Reconcile
 29 | spec:
 30 |   replicas: $DNS_REPLICAS
 31 |   strategy:
 32 |     rollingUpdate:
 33 |       maxSurge: 10%
 34 |       maxUnavailable: 0
 35 |   selector:
 36 |     matchLabels:
 37 |       k8s-app: kube-dns
 38 |   template:
 39 |     metadata:
 40 |       labels:
 41 |         k8s-app: kube-dns
 42 |         rancher-app: kube-dns4
 43 |       annotations:
 44 |         scheduler.alpha.kubernetes.io/critical-pod: ''
 45 |     spec:
 46 |       tolerations:
 47 |       - key: "CriticalAddonsOnly"
 48 |         operator: "Exists"
 49 |       volumes:
 50 |       - name: kube-dns-config
 51 |         configMap:
 52 |           name: kube-dns
 53 |           optional: true
 54 |       affinity:
 55 |         podAntiAffinity:
 56 |           requiredDuringSchedulingIgnoredDuringExecution:
 57 |           - labelSelector:
 58 |               matchExpressions:
 59 |               - key: rancher-app
 60 |                 operator: In
 61 |                 values:
 62 |                 - kube-dns4
 63 |             topologyKey: kubernetes.io/hostname
 64 |       containers:
 65 |       - name: kubedns
 66 |         image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$KUBEDNS_IMAGE
 67 |         resources:
 68 |           # TODO: Set memory limits when we've profiled the container for large
 69 |           # clusters, then set request = limit to keep this container in
 70 |           # guaranteed class. Currently, this container falls into the
 71 |           # "burstable" category so the kubelet doesn't backoff from restarting it.
 72 |           limits:
 73 |             memory: 170Mi
 74 |           requests:
 75 |             cpu: 100m
 76 |             memory: 70Mi
 77 |         livenessProbe:
 78 |           httpGet:
 79 |             path: /healthcheck/kubedns
 80 |             port: 10054
 81 |             scheme: HTTP
 82 |           initialDelaySeconds: 60
 83 |           timeoutSeconds: 2
 84 |           successThreshold: 1
 85 |           failureThreshold: 3
 86 |           periodSeconds: 2
 87 |         readinessProbe:
 88 |           httpGet:
 89 |             path: /readiness
 90 |             port: 8081
 91 |             scheme: HTTP
 92 |           # we poll on pod startup for the Kubernetes master service and
 93 |           # only setup the /readiness HTTP server once that's available.
 94 |           initialDelaySeconds: 3
 95 |           timeoutSeconds: 2
 96 |           successThreshold: 1
 97 |           failureThreshold: 3
 98 |           periodSeconds: 2
 99 |         args:
100 |         - --domain=$DNS_DOMAIN.
101 |         - --dns-port=10053
102 |         - --config-dir=/kube-dns-config
103 |         - --v=$ADDONS_LOG_VERBOSITY_LEVEL
104 |         env:
105 |         - name: PROMETHEUS_PORT
106 |           value: "10055"
107 |         ports:
108 |         - containerPort: 10053
109 |           name: dns-local
110 |           protocol: UDP
111 |         - containerPort: 10053
112 |           name: dns-tcp-local
113 |           protocol: TCP
114 |         - containerPort: 10055
115 |           name: metrics
116 |           protocol: TCP
117 |         volumeMounts:
118 |         - name: kube-dns-config
119 |           mountPath: /kube-dns-config
120 |       - name: dnsmasq
121 |         image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$DNSMASQ_IMAGE
122 |         livenessProbe:
123 |           httpGet:
124 |             path: /healthcheck/dnsmasq
125 |             port: 10054
126 |             scheme: HTTP
127 |           initialDelaySeconds: 60
128 |           timeoutSeconds: 2
129 |           successThreshold: 1
130 |           failureThreshold: 3
131 |           periodSeconds: 2
132 |         args:
133 |         - --v=$ADDONS_LOG_VERBOSITY_LEVEL
134 |         - -logtostderr
135 |         - -configDir=/etc/k8s/dns/dnsmasq-nanny
136 |         - -restartDnsmasq=true
137 |         - --
138 |         - -k
139 |         - --cache-size=1000
140 |         - --log-facility=-
141 |         - --server=/$DNS_DOMAIN/127.0.0.1#10053
142 |         - --server=/in-addr.arpa/127.0.0.1#10053
143 |         - --server=/ip6.arpa/127.0.0.1#10053
144 |         ports:
145 |         - containerPort: 53
146 |           name: dns
147 |           protocol: UDP
148 |         - containerPort: 53
149 |           name: dns-tcp
150 |           protocol: TCP
151 |         # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
152 |         resources:
153 |           requests:
154 |             cpu: 150m
155 |             memory: 20Mi
156 |         volumeMounts:
157 |         - name: kube-dns-config
158 |           mountPath: /etc/k8s/dns/dnsmasq-nanny
159 |       - name: sidecar
160 |         image: $DOCKER_IO_REGISTRY/$BASE_IMAGE_NAMESPACE/$DNS_SIDECAR_IMAGE
161 |         livenessProbe:
162 |           httpGet:
163 |             path: /metrics
164 |             port: 10054
165 |             scheme: HTTP
166 |           initialDelaySeconds: 60
167 |           timeoutSeconds: 2
168 |           successThreshold: 1
169 |           failureThreshold: 3
170 |           periodSeconds: 2
171 |         args:
172 |         - --v=$ADDONS_LOG_VERBOSITY_LEVEL
173 |         - --logtostderr
174 |         - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.$DNS_DOMAIN,5,A
175 |         - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.$DNS_DOMAIN,5,A
176 |         ports:
177 |         - containerPort: 10054
178 |           name: metrics
179 |           protocol: TCP
180 |         resources:
181 |           requests:
182 |             memory: 20Mi
183 |             cpu: 10m
184 |       dnsPolicy: Default  # Don't use cluster DNS.
185 |       serviceAccountName: io-rancher-system
186 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | 
  2 |                                  Apache License
  3 |                            Version 2.0, January 2004
  4 |                         http://www.apache.org/licenses/
  5 | 
  6 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  7 | 
  8 |    1. Definitions.
  9 | 
 10 |       "License" shall mean the terms and conditions for use, reproduction,
 11 |       and distribution as defined by Sections 1 through 9 of this document.
 12 | 
 13 |       "Licensor" shall mean the copyright owner or entity authorized by
 14 |       the copyright owner that is granting the License.
 15 | 
 16 |       "Legal Entity" shall mean the union of the acting entity and all
 17 |       other entities that control, are controlled by, or are under common
 18 |       control with that entity. For the purposes of this definition,
 19 |       "control" means (i) the power, direct or indirect, to cause the
 20 |       direction or management of such entity, whether by contract or
 21 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 22 |       outstanding shares, or (iii) beneficial ownership of such entity.
 23 | 
 24 |       "You" (or "Your") shall mean an individual or Legal Entity
 25 |       exercising permissions granted by this License.
 26 | 
 27 |       "Source" form shall mean the preferred form for making modifications,
 28 |       including but not limited to software source code, documentation
 29 |       source, and configuration files.
 30 | 
 31 |       "Object" form shall mean any form resulting from mechanical
 32 |       transformation or translation of a Source form, including but
 33 |       not limited to compiled object code, generated documentation,
 34 |       and conversions to other media types.
 35 | 
 36 |       "Work" shall mean the work of authorship, whether in Source or
 37 |       Object form, made available under the License, as indicated by a
 38 |       copyright notice that is included in or attached to the work
 39 |       (an example is provided in the Appendix below).
 40 | 
 41 |       "Derivative Works" shall mean any work, whether in Source or Object
 42 |       form, that is based on (or derived from) the Work and for which the
 43 |       editorial revisions, annotations, elaborations, or other modifications
 44 |       represent, as a whole, an original work of authorship. For the purposes
 45 |       of this License, Derivative Works shall not include works that remain
 46 |       separable from, or merely link (or bind by name) to the interfaces of,
 47 |       the Work and Derivative Works thereof.
 48 | 
 49 |       "Contribution" shall mean any work of authorship, including
 50 |       the original version of the Work and any modifications or additions
 51 |       to that Work or Derivative Works thereof, that is intentionally
 52 |       submitted to Licensor for inclusion in the Work by the copyright owner
 53 |       or by an individual or Legal Entity authorized to submit on behalf of
 54 |       the copyright owner. For the purposes of this definition, "submitted"
 55 |       means any form of electronic, verbal, or written communication sent
 56 |       to the Licensor or its representatives, including but not limited to
 57 |       communication on electronic mailing lists, source code control systems,
 58 |       and issue tracking systems that are managed by, or on behalf of, the
 59 |       Licensor for the purpose of discussing and improving the Work, but
 60 |       excluding communication that is conspicuously marked or otherwise
 61 |       designated in writing by the copyright owner as "Not a Contribution."
 62 | 
 63 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 64 |       on behalf of whom a Contribution has been received by Licensor and
 65 |       subsequently incorporated within the Work.
 66 | 
 67 |    2. Grant of Copyright License. Subject to the terms and conditions of
 68 |       this License, each Contributor hereby grants to You a perpetual,
 69 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 70 |       copyright license to reproduce, prepare Derivative Works of,
 71 |       publicly display, publicly perform, sublicense, and distribute the
 72 |       Work and such Derivative Works in Source or Object form.
 73 | 
 74 |    3. Grant of Patent License. Subject to the terms and conditions of
 75 |       this License, each Contributor hereby grants to You a perpetual,
 76 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 77 |       (except as stated in this section) patent license to make, have made,
 78 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 79 |       where such license applies only to those patent claims licensable
 80 |       by such Contributor that are necessarily infringed by their
 81 |       Contribution(s) alone or by combination of their Contribution(s)
 82 |       with the Work to which such Contribution(s) was submitted. If You
 83 |       institute patent litigation against any entity (including a
 84 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 85 |       or a Contribution incorporated within the Work constitutes direct
 86 |       or contributory patent infringement, then any patent licenses
 87 |       granted to You under this License for that Work shall terminate
 88 |       as of the date such litigation is filed.
 89 | 
 90 |    4. Redistribution. You may reproduce and distribute copies of the
 91 |       Work or Derivative Works thereof in any medium, with or without
 92 |       modifications, and in Source or Object form, provided that You
 93 |       meet the following conditions:
 94 | 
 95 |       (a) You must give any other recipients of the Work or
 96 |           Derivative Works a copy of this License; and
 97 | 
 98 |       (b) You must cause any modified files to carry prominent notices
 99 |           stating that You changed the files; and
100 | 
101 |       (c) You must retain, in the Source form of any Derivative Works
102 |           that You distribute, all copyright, patent, trademark, and
103 |           attribution notices from the Source form of the Work,
104 |           excluding those notices that do not pertain to any part of
105 |           the Derivative Works; and
106 | 
107 |       (d) If the Work includes a "NOTICE" text file as part of its
108 |           distribution, then any Derivative Works that You distribute must
109 |           include a readable copy of the attribution notices contained
110 |           within such NOTICE file, excluding those notices that do not
111 |           pertain to any part of the Derivative Works, in at least one
112 |           of the following places: within a NOTICE text file distributed
113 |           as part of the Derivative Works; within the Source form or
114 |           documentation, if provided along with the Derivative Works; or,
115 |           within a display generated by the Derivative Works, if and
116 |           wherever such third-party notices normally appear. The contents
117 |           of the NOTICE file are for informational purposes only and
118 |           do not modify the License. You may add Your own attribution
119 |           notices within Derivative Works that You distribute, alongside
120 |           or as an addendum to the NOTICE text from the Work, provided
121 |           that such additional attribution notices cannot be construed
122 |           as modifying the License.
123 | 
124 |       You may add Your own copyright statement to Your modifications and
125 |       may provide additional or different license terms and conditions
126 |       for use, reproduction, or distribution of Your modifications, or
127 |       for any such Derivative Works as a whole, provided Your use,
128 |       reproduction, and distribution of the Work otherwise complies with
129 |       the conditions stated in this License.
130 | 
131 |    5. Submission of Contributions. Unless You explicitly state otherwise,
132 |       any Contribution intentionally submitted for inclusion in the Work
133 |       by You to the Licensor shall be under the terms and conditions of
134 |       this License, without any additional terms or conditions.
135 |       Notwithstanding the above, nothing herein shall supersede or modify
136 |       the terms of any separate license agreement you may have executed
137 |       with Licensor regarding such Contributions.
138 | 
139 |    6. Trademarks. This License does not grant permission to use the trade
140 |       names, trademarks, service marks, or product names of the Licensor,
141 |       except as required for reasonable and customary use in describing the
142 |       origin of the Work and reproducing the content of the NOTICE file.
143 | 
144 |    7. Disclaimer of Warranty. Unless required by applicable law or
145 |       agreed to in writing, Licensor provides the Work (and each
146 |       Contributor provides its Contributions) on an "AS IS" BASIS,
147 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 |       implied, including, without limitation, any warranties or conditions
149 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 |       PARTICULAR PURPOSE. You are solely responsible for determining the
151 |       appropriateness of using or redistributing the Work and assume any
152 |       risks associated with Your exercise of permissions under this License.
153 | 
154 |    8. Limitation of Liability. In no event and under no legal theory,
155 |       whether in tort (including negligence), contract, or otherwise,
156 |       unless required by applicable law (such as deliberate and grossly
157 |       negligent acts) or agreed to in writing, shall any Contributor be
158 |       liable to You for damages, including any direct, indirect, special,
159 |       incidental, or consequential damages of any character arising as a
160 |       result of this License or out of the use or inability to use the
161 |       Work (including but not limited to damages for loss of goodwill,
162 |       work stoppage, computer failure or malfunction, or any and all
163 |       other commercial damages or losses), even if such Contributor
164 |       has been advised of the possibility of such damages.
165 | 
166 |    9. Accepting Warranty or Additional Liability. While redistributing
167 |       the Work or Derivative Works thereof, You may choose to offer,
168 |       and charge a fee for, acceptance of support, warranty, indemnity,
169 |       or other liability obligations and/or rights consistent with this
170 |       License. However, in accepting such obligations, You may act only
171 |       on Your own behalf and on Your sole responsibility, not on behalf
172 |       of any other Contributor, and only if You agree to indemnify,
173 |       defend, and hold each Contributor harmless for any liability
174 |       incurred by, or claims asserted against, such Contributor by reason
175 |       of your accepting any such warranty or additional liability.
176 | 
177 |    END OF TERMS AND CONDITIONS
178 | 


--------------------------------------------------------------------------------