| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 |
- apiVersion: v1
- kind: ReplicationController
- metadata:
- name: hollow-node
- labels:
- name: hollow-node
- {{kubemark_mig_config}}
- spec:
- replicas: {{numreplicas}}
- selector:
- name: hollow-node
- template:
- metadata:
- labels:
- name: hollow-node
- {{kubemark_mig_config}}
- spec:
- initContainers:
- - name: init-inotify-limit
- image: busybox
- command: ['sysctl', '-w', 'fs.inotify.max_user_instances=1000']
- securityContext:
- privileged: true
- volumes:
- - name: kubeconfig-volume
- secret:
- secretName: kubeconfig
- - name: kernelmonitorconfig-volume
- configMap:
- name: node-configmap
- - name: logs-volume
- hostPath:
- path: /var/log
- - name: no-serviceaccount-access-to-real-master
- emptyDir: {}
- containers:
- - name: hollow-kubelet
- image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}}
- ports:
- - containerPort: 4194
- - containerPort: 10250
- - containerPort: 10255
- env:
- - name: CONTENT_TYPE
- valueFrom:
- configMapKeyRef:
- name: node-configmap
- key: content.type
- - name: NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- command: [
- "/kubemark",
- "--morph=kubelet",
- "--name=$(NODE_NAME)",
- "--kubeconfig=/kubeconfig/kubelet.kubeconfig",
- "$(CONTENT_TYPE)",
- "--log-file=/var/log/kubelet-$(NODE_NAME).log",
- "--logtostderr=false",
- "--node-labels={{hollow_node_labels}}",
- {{hollow_kubelet_params}}
- ]
- volumeMounts:
- - name: kubeconfig-volume
- mountPath: /kubeconfig
- readOnly: true
- - name: logs-volume
- mountPath: /var/log
- resources:
- requests:
- cpu: {{hollow_kubelet_millicpu}}m
- memory: {{hollow_kubelet_mem_Ki}}Ki
- securityContext:
- privileged: true
- - name: hollow-proxy
- image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}}
- env:
- - name: CONTENT_TYPE
- valueFrom:
- configMapKeyRef:
- name: node-configmap
- key: content.type
- - name: NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- command: [
- "/kubemark",
- "--morph=proxy",
- "--name=$(NODE_NAME)",
- "--kubeconfig=/kubeconfig/kubeproxy.kubeconfig",
- "$(CONTENT_TYPE)",
- "--log-file=/var/log/kubeproxy-$(NODE_NAME).log",
- "--logtostderr=false",
- {{hollow_proxy_params}}
- ]
- volumeMounts:
- - name: kubeconfig-volume
- mountPath: /kubeconfig
- readOnly: true
- - name: logs-volume
- mountPath: /var/log
- resources:
- requests:
- cpu: {{hollow_proxy_millicpu}}m
- memory: {{hollow_proxy_mem_Ki}}Ki
- - name: hollow-node-problem-detector
- image: k8s.gcr.io/node-problem-detector:v0.8.0
- env:
- - name: NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- command:
- - /bin/sh
- - -c
- - /node-problem-detector --system-log-monitors=/config/kernel.monitor --apiserver-override="https://{{master_ip}}:443?inClusterConfig=false&auth=/kubeconfig/npd.kubeconfig" --alsologtostderr 1>>/var/log/npd-$(NODE_NAME).log 2>&1
- volumeMounts:
- - name: kubeconfig-volume
- mountPath: /kubeconfig
- readOnly: true
- - name: kernelmonitorconfig-volume
- mountPath: /config
- readOnly: true
- - name: no-serviceaccount-access-to-real-master
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
- readOnly: true
- - name: logs-volume
- mountPath: /var/log
- resources:
- requests:
- cpu: {{npd_millicpu}}m
- memory: {{npd_mem_Ki}}Ki
- securityContext:
- privileged: true
- # Keep the pod running on unreachable node for 15 minutes.
- # This time should be sufficient for a VM reboot and should
- # avoid recreating a new hollow node.
- # See https://github.com/kubernetes/kubernetes/issues/67120 for context.
- tolerations:
- - key: "node.kubernetes.io/unreachable"
- operator: "Exists"
- effect: "NoExecute"
- tolerationSeconds: 900
|
