diff --git a/doc/source/dev/dev-tls.rst b/doc/source/dev/dev-tls.rst index 901aa926db..562f34c2d3 100644 --- a/doc/source/dev/dev-tls.rst +++ b/doc/source/dev/dev-tls.rst @@ -240,6 +240,20 @@ Now you can use kubectl commands without extra flags:: NAME READY STATUS RESTARTS AGE redis-master 2/2 Running 0 1m +Access to Kubernetes User Interface:: + + curl -L ${KUBERNETES_URL}/ui --cacert ca.crt --key client.key \ + --cert client.crt + + You may also set up kubectl proxy which will use your client certificate to allow you to + browse to a local address to use the UI without installing a certificate in your browser. + + kubectl proxy --api-prefix=/ --certificate-authority=ca.crt --client-key=client.key \ + --client-certificate=client.crt -s $KUBERNETES_URL + + Open http://localhost:8001/ui in your browser + + Once you have all of these pieces, you can configure your native client. Below is an example for Docker. diff --git a/magnum/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/templates/kubernetes/fragments/configure-kubernetes-minion.sh index ff03d72d47..00f9392c40 100644 --- a/magnum/templates/kubernetes/fragments/configure-kubernetes-minion.sh +++ b/magnum/templates/kubernetes/fragments/configure-kubernetes-minion.sh @@ -20,11 +20,12 @@ sed -i ' /^KUBE_MASTER=/ s|=.*|="--master='"$KUBE_MASTER_URI"'"| ' /etc/kubernetes/config +KUBELET_ARGS="--cadvisor-port=4194 $KUBE_CONFIG" sed -i ' /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/ /^KUBELET_HOSTNAME=/ s/=.*/=""/ /^KUBELET_API_SERVER=/ s|=.*|="--api_servers='"$KUBE_MASTER_URI"'"| - /^KUBELET_ARGS=/ s|=.*|='"$KUBE_CONFIG"'| + /^KUBELET_ARGS=/ s|=.*|='"$KUBELET_ARGS"'| ' /etc/kubernetes/kubelet sed -i ' diff --git a/magnum/templates/kubernetes/fragments/kube-ui-service.sh b/magnum/templates/kubernetes/fragments/kube-ui-service.sh new file mode 100644 index 0000000000..c8a314899f --- /dev/null +++ b/magnum/templates/kubernetes/fragments/kube-ui-service.sh @@ -0,0 +1,114 @@ +#!/bin/sh + +# this service is required because docker will start only after cloud init was finished +# due to the service dependencies in Fedora Atomic (docker <- docker-storage-setup <- cloud-final) + + +. /etc/sysconfig/heat-params + +KUBE_UI_RC=/srv/kubernetes/manifests/kube-ui-rc.yaml +[ -f ${KUBE_UI_RC} ] || { + echo "Writing File: $KUBE_UI_RC" + mkdir -p $(dirname ${KUBE_UI_RC}) + cat << EOF > ${KUBE_UI_RC} +apiVersion: v1 +kind: ReplicationController +metadata: + name: kube-ui-v1 + namespace: kube-system + labels: + k8s-app: kube-ui + version: v1 + kubernetes.io/cluster-service: "true" +spec: + replicas: 1 + selector: + k8s-app: kube-ui + version: v1 + template: + metadata: + labels: + k8s-app: kube-ui + version: v1 + kubernetes.io/cluster-service: "true" + spec: + containers: + - name: kube-ui + image: gcr.io/google_containers/kube-ui:v1.1 + resources: + limits: + cpu: 100m + memory: 50Mi + ports: + - containerPort: 8080 +EOF +} + +KUBE_UI_SVC=/srv/kubernetes/manifests/kube-ui-svc.yaml +[ -f ${KUBE_UI_SVC} ] || { + echo "Writing File: $KUBE_UI_SVC" + mkdir -p $(dirname ${KUBE_UI_SVC}) + cat << EOF > ${KUBE_UI_SVC} +apiVersion: v1 +kind: Service +metadata: + name: kube-ui + namespace: kube-system + labels: + k8s-app: kube-ui + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "KubeUI" +spec: + selector: + k8s-app: kube-ui + ports: + - port: 80 + targetPort: 8080 +EOF +} + +KUBE_UI_BIN=/usr/local/bin/kube-ui +[ -f ${KUBE_UI_BIN} ] || { + echo "Writing File: $KUBE_UI_BIN" + mkdir -p $(dirname ${KUBE_UI_BIN}) + cat << EOF > ${KUBE_UI_BIN} +#!/bin/sh +until curl -sf "http://127.0.0.1:8080/healthz" +do + echo "Waiting for Kubernetes API..." + sleep 5 +done + +/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-rc.yaml --namespace=kube-system +/usr/bin/kubectl create -f /srv/kubernetes/manifests/kube-ui-svc.yaml --namespace=kube-system +EOF +} + +KUBE_UI_SERVICE=/etc/systemd/system/kube-ui.service +[ -f ${KUBE_UI_SERVICE} ] || { + echo "Writing File: $KUBE_UI_SERVICE" + mkdir -p $(dirname ${KUBE_UI_SERVICE}) + cat << EOF > ${KUBE_UI_SERVICE} +[Unit] +After=kube-system-namespace +Requires=kubelet.service +Requires=kube-system-namespace.service + +[Service] +Type=oneshot +EnvironmentFile=-/etc/kubernetes/config +ExecStart=${KUBE_UI_BIN} + +[Install] +WantedBy=multi-user.target +EOF +} + +chown root:root ${KUBE_UI_BIN} +chmod 0755 ${KUBE_UI_BIN} + +chown root:root ${KUBE_UI_SERVICE} +chmod 0644 ${KUBE_UI_SERVICE} + +systemctl enable kube-ui +systemctl start --no-block kube-ui diff --git a/magnum/templates/kubernetes/kubemaster.yaml b/magnum/templates/kubernetes/kubemaster.yaml index d614788e16..a3f10222fa 100644 --- a/magnum/templates/kubernetes/kubemaster.yaml +++ b/magnum/templates/kubernetes/kubemaster.yaml @@ -269,6 +269,12 @@ resources: group: ungrouped config: {get_file: fragments/kube-system-namespace-service.sh} + kube_ui_service: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: {get_file: fragments/kube-ui-service.sh} + master_wc_notify: type: OS::Heat::SoftwareConfig properties: @@ -311,6 +317,7 @@ resources: - config: {get_resource: network_service} - config: {get_resource: kube_system_namespace_service} - config: {get_resource: enable_kube_podmaster} + - config: {get_resource: kube_ui_service} - config: {get_resource: kube_examples} - config: {get_resource: master_wc_notify}