shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
							kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: proxy-and-dns
  namespace: kube-proxy-and-dns
  annotations:
    kubernetes.io/description: |
      This daemonset launches kube-proxy and DNS.
    image.openshift.io/triggers: |
      [
        {"from":{"kind":"ImageStreamTag","name":"node:v3.10"},"fieldPath":"spec.template.spec.containers[?(@.name==\"proxy-and-dns\")].image"}
      ]
spec:
  selector:
    matchLabels:
      app: proxy-and-dns
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: proxy-and-dns
        component: network
        type: infra
        openshift.io/component: network
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      # Requires fairly broad permissions - ability to read all services and network functions as well
      # as all pods.
      serviceAccountName: proxy
      hostNetwork: true
      hostPID: true
      containers:
      # The network container launches the kube-proxy and DNS.
      # It relies on an up to date node-config.yaml being present.
      - name: proxy-and-dns
        image: " "
        command: 
        - /bin/bash
        - -c
        - |
          #!/bin/bash
          set -euo pipefail

          # if the node config doesn't exist yet, wait until it does
          retries=0
          while true; do
            if [[ ! -f /etc/origin/node/node-config.yaml ]]; then
              echo "warning: Cannot find existing node-config.yaml, waiting 15s ..." 2>&1
              sleep 15 & wait
              (( retries += 1 ))
            else
              break
            fi
            if [[ "${retries}" -gt 40 ]]; then
              echo "error: No existing node-config.yaml, exiting" 2>&1
              exit 1
            fi
          done

          if [[ -f /etc/sysconfig/origin-node ]]; then
            set -o allexport
            source /etc/sysconfig/origin-node
          fi

          # use either the bootstrapped node kubeconfig or the static configuration
          file=/etc/origin/node/node.kubeconfig
          if [[ ! -f "${file}" ]]; then
            # use the static node config if it exists
            # TODO: remove when static node configuration is no longer supported
            for f in /etc/origin/node/system*.kubeconfig; do
              echo "info: Using ${f} for node configuration" 1>&2
              file="${f}"
              break
            done
          fi
          # Use the same config as the node, but with the service account token
          oc config "--config=${file}" view --flatten > /tmp/kubeconfig
          oc config --config=/tmp/kubeconfig set-credentials sa "--token=$( cat /var/run/secrets/kubernetes.io/serviceaccount/token )"
          oc config --config=/tmp/kubeconfig set-context "$( oc config --config=/tmp/kubeconfig current-context )" --user=sa
          # Launch the kube-proxy and DNS process
          exec openshift start network --disable=plugins --enable=proxy,dns --config=/etc/origin/node/node-config.yaml --kubeconfig=/tmp/kubeconfig --loglevel=${DEBUG_LOGLEVEL:-2}

        securityContext:
          runAsUser: 0
          # Permission could be reduced by selecting an appropriate SELinux policy
          privileged: true

        volumeMounts:
        # Directory which contains the host configuration.
        - mountPath: /etc/origin/node/
          name: host-config
          readOnly: true
        - mountPath: /etc/sysconfig/origin-node
          name: host-sysconfig-node
          readOnly: true
        # Mount the entire run directory for iptables lockfile access
        # TODO: remove
        - mountPath: /var/run
          name: host-var-run
        # Run directories where we need to be able to access sockets
        - mountPath: /var/run/dbus/
          name: host-var-run-dbus
          readOnly: true
        - mountPath: /var/run/kubernetes/
          name: host-var-run-kubernetes
          readOnly: true

        resources:
          requests:
            cpu: 100m
            memory: 200Mi
        env:
        - name: OPENSHIFT_DNS_DOMAIN
          value: cluster.local
        ports:
        - name: healthz
          containerPort: 10256
        # TODO: Temporarily disabled until we determine how to wait for clean default
        # config
        # livenessProbe:
        #   initialDelaySeconds: 10
        #   httpGet:
        #     path: /healthz
        #     port: 10256
        #     scheme: HTTP
        lifecycle:

      volumes:
      # In bootstrap mode, the host config contains information not easily available
      # from other locations.
      - name: host-config
        hostPath:
          path: /etc/origin/node
      - name: host-sysconfig-node
        hostPath:
          path: /etc/sysconfig/origin-node
      - name: host-modules
        hostPath:
          path: /lib/modules
      - name: host-var-run
        hostPath:
          path: /var/run
      - name: host-var-run-dbus
        hostPath:
          path: /var/run/dbus
      - name: host-var-run-kubernetes
        hostPath:
          path: /var/run/kubernetes