diff --git a/contrib/dnsmasq/99-origin-dns.sh b/contrib/dnsmasq/99-origin-dns.sh deleted file mode 100755 index bc7c2963646a..000000000000 --- a/contrib/dnsmasq/99-origin-dns.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -x - -# This NetworkManager dispatcher script replicates the functionality of -# NetworkManager's dns=dnsmasq however, rather than hardcoding the listening -# address and /etc/resolv.conf to 127.0.0.1 it pulls the IP address from the -# interface that owns the default route. This enables us to then configure pods -# to use this IP address as their only resolver, where as using 127.0.0.1 inside -# a pod would fail. -# -# To use this, -# Drop this script in /etc/NetworkManager/dispatcher.d/ -# systemctl restart NetworkManager -# Configure node-config.yaml to set dnsIP: to the ip address of this -# node -# -# Test it: -# host kubernetes.default.svc.cluster.local -# host google.com -# -# TODO: I think this would be easy to add as a config option in NetworkManager -# natively, look at hacking that up - -cd /etc/sysconfig/network-scripts -. ./network-functions - -[ -f ../network ] && . ../network - -if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then - # couldn't find an existing method to determine if the interface owns the - # default route - def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') - def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') - def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}') - if [[ ${DEVICE_IFACE} == ${def_route_int} && \ - -n "${IP4_NAMESERVERS}" ]]; then - if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then - cat << EOF > /etc/dnsmasq.d/origin-dns.conf -strict-order -no-resolv -domain-needed -server=/cluster.local/172.30.0.1 -server=/30.172.in-addr.arpa/172.30.0.1 -EOF - fi - # zero out our upstream servers list and feed it into dnsmasq - echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf - for ns in ${IP4_NAMESERVERS}; do - echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf - done - systemctl restart dnsmasq - - sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf - echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf - fi -fi diff --git a/contrib/kubernetes/default-node-config.yaml b/contrib/kubernetes/default-node-config.yaml deleted file mode 100644 index 63b3e9a488f4..000000000000 --- a/contrib/kubernetes/default-node-config.yaml +++ /dev/null @@ -1,51 +0,0 @@ -allowDisabledDocker: false -apiVersion: v1 -authConfig: - authenticationCacheSize: 1000 - authenticationCacheTTL: 5m - authorizationCacheSize: 1000 - authorizationCacheTTL: 5m -dnsDomain: cluster.local -dnsIP: 0.0.0.0 -dnsBindAddress: 0.0.0.0:53 -dnsRecursiveResolvConf: "" -dockerConfig: - dockerShimRootDirectory: /var/lib/dockershim - dockerShimSocket: /var/run/kubernetes/dockershim.sock - execHandlerName: native -enableUnidling: true -imageConfig: - format: openshift/origin-${component}:${version} - latest: false -iptablesSyncPeriod: 30s -kind: NodeConfig -kubeletArguments: - cert-dir: - - ./certificates - feature-gates: - - RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true -masterClientConnectionOverrides: - acceptContentTypes: application/vnd.kubernetes.protobuf,application/json - burst: 40 - contentType: application/vnd.kubernetes.protobuf - qps: 20 -masterKubeConfig: node.kubeconfig -networkConfig: - mtu: 1450 - networkPluginName: redhat/openshift-ovs-multitenant -nodeIP: "" -proxyArguments: - healthz-bind-address: - - 0.0.0.0 - healthz-port: - - "10256" - metrics-bind-address: - - 0.0.0.0:10257 -servingInfo: - bindAddress: 0.0.0.0:10250 - bindNetwork: tcp4 - namedCertificates: null -volumeConfig: - localQuota: - perFSGroup: null -volumeDirectory: /var/lib/origin/volumes diff --git a/contrib/kubernetes/pod.json b/contrib/kubernetes/pod.json deleted file mode 100644 index 60c649daa1d3..000000000000 --- a/contrib/kubernetes/pod.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "kind": "Pod", - "apiVersion": "v1", - "metadata": { - "name": "openshift" - }, - "spec": { - "containers": [ - { - "name": "origin", - "image": "openshift/origin", - "args": [ "start", "master" ], - "ports": [ - { - "containerPort": 8443, - "protocol": "TCP" - } - ] - } - ] - } -} \ No newline at end of file diff --git a/contrib/kubernetes/static/controllers-pod.yaml b/contrib/kubernetes/static/controllers-pod.yaml deleted file mode 100644 index f8998f1dca45..000000000000 --- a/contrib/kubernetes/static/controllers-pod.yaml +++ /dev/null @@ -1,25 +0,0 @@ -kind: Pod -apiVersion: v1 -metadata: - name: openshift-master-controller -spec: - containers: - - name: controllers - image: openshift/origin:v3.6.0 - command: ["/usr/bin/openshift", "start", "master", "controllers"] - args: - - "--config=/etc/origin/master/master-config.yaml" - securityContext: - privileged: true - volumeMounts: - - mountPath: /etc/origin/master/ - name: master-config - - mountPath: /etc/origin/cloudprovider/ - name: master-cloud-provider - volumes: - - name: master-config - hostPath: - path: /etc/origin/master/ - - name: master-cloud-provider - hostPath: - path: /etc/origin/cloudprovider \ No newline at end of file diff --git a/contrib/kubernetes/static/network-daemonset.yaml b/contrib/kubernetes/static/network-daemonset.yaml deleted file mode 100644 index 829dbf12fccf..000000000000 --- a/contrib/kubernetes/static/network-daemonset.yaml +++ /dev/null @@ -1,157 +0,0 @@ -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: sdn - annotations: - kubernetes.io/description: | - This daemon set launches the OpenShift networking components (kube-proxy, DNS, and openshift-sdn). - It expects that OVS is running on the node. -spec: - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - component: network - type: infra - openshift.io/role: network - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - # Requires fairly broad permissions - ability to read all services and network functions as well - # as all pods. - serviceAccountName: sdn - hostNetwork: true - hostPID: true - containers: - - name: network - image: openshift/node:v3.7.0-alpha.1 - command: - - /bin/bash - - -c - - | - #!/bin/sh - set -o errexit - # Take over network functions on the node - rm -Rf /etc/cni/net.d/* - rm -Rf /host/opt/cni/bin/* - cp -Rf /opt/cni/bin/* /host/opt/cni/bin/ - # Use whichever node-config exists - cfg=/etc/openshift/node - if [[ ! -f "${cfg}/node-config.yaml" ]]; then - cfg=/etc/origin/node - fi - # Use the same config as the node, but with the service account token - openshift cli config "--config=${cfg}/node.kubeconfig" view --flatten > /tmp/kubeconfig - openshift cli config --config=/tmp/kubeconfig set-credentials sa "--token=$( cat /var/run/secrets/kubernetes.io/serviceaccount/token )" - openshift cli config --config=/tmp/kubeconfig set-context "$( openshift cli config current-context)" --user=sa - # Launch the network process - exec openshift start network "--config=${cfg}/node-config.yaml" --kubeconfig=/tmp/kubeconfig --loglevel=5 - - securityContext: - runAsUser: 0 - # Permission could be reduced by selecting an appropriate SELinux policy - privileged: true - # TODO: debugging only - imagePullPolicy: Never - volumeMounts: - # Directory which contains the host configuration. We look at both locations - # to simplify setup. - - mountPath: /etc/origin/node/ - name: host-config - readOnly: true - - mountPath: /etc/openshift/node/ - name: host-config-alt - readOnly: true - # Run directories where we need to be able to access sockets - - mountPath: /var/run/dbus/ - name: host-var-run-dbus - readOnly: true - - mountPath: /var/run/openvswitch/ - name: host-var-run-ovs - readOnly: true - - mountPath: /var/run/kubernetes/ - name: host-var-run-kubernetes - readOnly: true - # We mount our socket here - - mountPath: /var/run/openshift-sdn - name: host-var-run-openshift-sdn - # CNI related mounts which we take over - - mountPath: /host/opt/cni/bin - name: host-opt-cni-bin - - mountPath: /etc/cni/net.d - name: host-etc-cni-netd - - mountPath: /var/lib/cni/networks/openshift-sdn - name: host-var-lib-cni-networks-openshift-sdn - - resources: - requests: - cpu: 100m - memory: 200Mi - env: - - name: OPENSHIFT_DNS_DOMAIN - value: cluster.local - ports: - - name: healthz - containerPort: 10256 - livenessProbe: - initialDelaySeconds: 10 - httpGet: - path: /healthz - port: 10256 - scheme: HTTP - lifecycle: - # postStart: - # exec: - # command: - # - /usr/bin/dbus-send - # - --system - # - --dest=uk.org.thekelleys.dnsmasq - # - /uk/org/thekelleys/dnsmasq - # - uk.org.thekelleys.SetDomainServers - # - array:string:/in-addr.arpa/127.0.0.1,/$(OPENSHIFT_DNS_DOMAIN)/127.0.0.1 - # preStop: - # exec: - # command: - # - /usr/bin/dbus-send - # - --system - # - --dest=uk.org.thekelleys.dnsmasq - # - /uk/org/thekelleys/dnsmasq - # - uk.org.thekelleys.SetDomainServers - # - "array:string:" - - volumes: - # In bootstrap mode, the host config contains information not easily available - # from other locations. - - name: host-config - hostPath: - path: /etc/origin/node - - name: host-config-alt - hostPath: - path: /etc/openshift/node - - name: host-modules - hostPath: - path: /lib/modules - - - name: host-var-run-ovs - hostPath: - path: /var/run/openvswitch - - name: host-var-run-kubernetes - hostPath: - path: /var/run/kubernetes - - name: host-var-run-dbus - hostPath: - path: /var/run/dbus - - name: host-var-run-openshift-sdn - hostPath: - path: /var/run/openshift-sdn - - - name: host-opt-cni-bin - hostPath: - path: /opt/cni/bin - - name: host-etc-cni-netd - hostPath: - path: /etc/cni/net.d - - name: host-var-lib-cni-networks-openshift-sdn - hostPath: - path: /var/lib/cni/networks/openshift-sdn diff --git a/contrib/kubernetes/static/network-ovs.yaml b/contrib/kubernetes/static/network-ovs.yaml deleted file mode 100644 index 741851ccf5b4..000000000000 --- a/contrib/kubernetes/static/network-ovs.yaml +++ /dev/null @@ -1,61 +0,0 @@ -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: ovs - annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. -spec: - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - component: network - type: infra - openshift.io/role: network - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - # Requires fairly broad permissions - ability to read all services and network functions as well - # as all pods. - serviceAccountName: sdn - hostNetwork: true - containers: - - name: openvswitch - image: openshift/openvswitch:v3.7.0-alpha.1 - securityContext: - runAsUser: 0 - privileged: true - volumeMounts: - - mountPath: /lib/modules - name: host-modules - readOnly: true - - mountPath: /run/openvswitch - name: host-run-ovs - - mountPath: /sys - name: host-sys - readOnly: true - - mountPath: /etc/openvswitch - name: host-config-openvswitch - resources: - requests: - cpu: 100m - memory: 200Mi - limits: - cpu: 200m - memory: 300Mi - - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-sys - hostPath: - path: /sys - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch diff --git a/contrib/kubernetes/static/network-policy.yaml b/contrib/kubernetes/static/network-policy.yaml deleted file mode 100644 index 7304dea1f8ac..000000000000 --- a/contrib/kubernetes/static/network-policy.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: List -apiVersion: v1 -items: -- kind: ServiceAccount - apiVersion: v1 - metadata: - name: sdn - namespace: openshift-node -- apiVersion: authorization.openshift.io/v1 - kind: ClusterRoleBinding - metadata: - name: sdn-cluster-reader - roleRef: - name: cluster-reader - subjects: - - kind: ServiceAccount - name: sdn - namespace: openshift-node -- apiVersion: authorization.openshift.io/v1 - kind: ClusterRoleBinding - metadata: - name: sdn-reader - roleRef: - name: system:sdn-reader - subjects: - - kind: ServiceAccount - name: sdn - namespace: openshift-node -# TODO: PSP binding \ No newline at end of file diff --git a/contrib/kubernetes/static/sign.sh b/contrib/kubernetes/static/sign.sh deleted file mode 100755 index cb61f8bca937..000000000000 --- a/contrib/kubernetes/static/sign.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# -# This script is expected to be run with: -# -# $ oc observe csr -a '{.status.conditions[*].type}' -a '{.status.certificate}' -- PATH_TO_SCRIPT -# -# It will approve any CSR that is not approved yet, and delete any CSR that expired more than 60 seconds -# ago. -# - -set -o errexit -set -o nounset -set -o pipefail - -name=${1} -condition=${2} -certificate=${3} - -# auto approve -if [[ -z "${condition}" ]]; then - oc adm certificate approve "${name}" - exit 0 -fi - -# check certificate age -if [[ -n "${certificate}" ]]; then - text="$( echo "${certificate}" | base64 -D - )" - if ! echo "${text}" | openssl x509 -checkend -60 > /dev/null; then - echo "Certificate is expired, deleting" - oc delete csr "${name}" - fi - exit 0 -fi diff --git a/contrib/migration/fix-3.4-paths.sh b/contrib/migration/fix-3.4-paths.sh deleted file mode 100755 index c83d7905f22a..000000000000 --- a/contrib/migration/fix-3.4-paths.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash -# -# https://bugzilla.redhat.com/show_bug.cgi?id=1415570 -# -# In the initial release of OCP 3.4, paths for two objects, -# User and EgressNetworkPolicy, inadvertantly changed. -# This script migrates any of these resources created in -# version of OCP 3.4 without the fix to the proper location -# in etcd. Namely: -# -# identities -> useridentities -# egressnetworkpolicies -> registry/egressnetworkpolicy - -USAGE="${0} [-a] [-c os-master-config-dir] [-p os-etcd-prefix] [-b backup-dir] etcd-endpoints" -usage() { - echo "${USAGE}" - exit 1 -} - -# default values -APPLY=false -OS_MASTER_CONFIG_DIR="/etc/origin/master" -OS_ETCD_PREFIX="/openshift.io" -BACKUP_DIR="$HOME/openshift-3.4-migration-backup" - -while getopts ":ac:p:b:" opt; do - case $opt in - a) - APPLY=true - ;; - c) - OS_MASTER_CONFIG_DIR="${OPTARG}" - ;; - p) - OS_ETCD_PREFIX="${OPTARG}" - ;; - b) - BACKUP_DIR="${OPTARG}" - ;; - \?) - usage - ;; - :) - echo "Option -$OPTARG requires an argument" - usage - ;; - esac -done -shift $((OPTIND-1)) - -export ETCDCTL_ENDPOINT=${1:-""} -export ETCDCTL_CA_FILE=${ETCDCTL_CA_FILE:-"${OS_MASTER_CONFIG_DIR}/master.etcd-ca.crt"} -export ETCDCTL_CERT_FILE=${ETCDCTL_CERT_FILE:-"${OS_MASTER_CONFIG_DIR}/master.etcd-client.crt"} -export ETCDCTL_KEY_FILE=${ETCDCTL_KEY_FILE:-"${OS_MASTER_CONFIG_DIR}/master.etcd-client.key"} - -if [[ ! -e "${ETCDCTL_CA_FILE}" ]]; then - ETCDCTL_CA_FILE="${OS_MASTER_CONFIG_DIR}/ca.crt" - if [[ ! -e "${ETCDCTL_CA_FILE}" ]]; then - echo "Default CA files not found. Please specify correct ETCDCTL_CA_FILE." - exit 1 - fi -fi - -if [[ ! -e "${ETCDCTL_CERT_FILE}" ]]; then - echo "Default client cert file not found. Please specify correct ETCDCTL_CERT_FILE." - exit 1 -fi - -if [[ ! -e "${ETCDCTL_KEY_FILE}" ]]; then - echo "Default client key file not found. Please specify correct ETCDCTL_KEY_FILE." - exit 1 -fi - -if [[ -z "${ETCDCTL_ENDPOINT}" ]]; then - echo "etcd-endpoints required" - usage -fi - -if [[ "$APPLY" != "true" ]]; then - echo "Running in dry-run mode. Use -a option to apply changes." -else - if ! mkdir -p "${BACKUP_DIR}"; then - echo "Unable to create backup directory ${BACKUP_DIR}" - exit 1 - fi -fi - -if ! command -v etcdctl &>/dev/null; then - echo "This utility requires etcdctl to be installed" - exit 1 -fi - -echo_mode() { - if [[ "$APPLY" != "true" ]]; then - echo "dry-run:" "$@" - else - echo "$@" - fi -} - -backup_key() { - key="${1}" - value="${2}" - - backupfile="${BACKUP_DIR}/${key}" - mkdir -p "$(dirname "${backupfile}")" - echo "$value" > "${backupfile}" -} - -copy_key() { - echo_mode "copying ${1} to ${2}" - if ! value="$(etcdctl get "${1}")"; then - echo_mode "failed to get key ${1}" - exit 1 - fi - if existing=$(etcdctl get "${2}" 2>/dev/null); then - echo_mode "overwriting existing key ${2}" - fi - if [[ "$APPLY" = "true" ]]; then - backup_key "${1}" "${value}" - if [[ -n "${existing}" ]]; then - backup_key "${2}" "${existing}" - fi - if ! etcdctl set "${2}" "$value" >/dev/null; then - echo "failed to set key ${2}" - exit 1 - fi - if ! etcdctl rm "${1}" >/dev/null; then - echo "failed to remove old key ${1}" - exit 1 - fi - fi - return 0 -} - -copy_keys() { - output="$(etcdctl ls "${1}")" - if [[ $? -ne 0 || -z "$output" ]]; then - echo_mode "No keys found to migrate" - return - fi - for key in $output; do - newkey="${2}/$(basename "${key}")" - copy_key "${key}" "${newkey}" - done -} - -IFS=$'\n' - -echo_mode "Migrating Users" -copy_keys "${OS_ETCD_PREFIX}/identities" "${OS_ETCD_PREFIX}/useridentities" - -echo_mode "Migrating Egress Policies" -output="$(etcdctl ls "${OS_ETCD_PREFIX}/egressnetworkpolicies")" -if [[ $? -ne 0 || -z "$output" ]]; then - echo_mode "No keys found to migrate" -else - for project in $output; do - projectname="$(basename "${project}")" - echo_mode "Project $projectname" - copy_keys "${OS_ETCD_PREFIX}/egressnetworkpolicies/${projectname}" "${OS_ETCD_PREFIX}/registry/egressnetworkpolicy/${projectname}" - done -fi diff --git a/contrib/node/install-sdn.sh b/contrib/node/install-sdn.sh deleted file mode 100755 index 21392da75247..000000000000 --- a/contrib/node/install-sdn.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -os::provision::install-sdn() { - local deployed_root=$1 - local binaries_path=$2 - local target=${3:-} - local target_usrdir="${target}/usr" - local target_bindir="${target_usrdir}/bin" - local target_confdir="${target}/etc/cni/net.d" - local target_cnidir="${target}/opt/cni/bin" - - mkdir -p -m u+rwx,g+rwx,o+rx "${target_usrdir}" - mkdir -p -m u+rwx,g+rwx,o+rx "${target_bindir}" - mkdir -p -m u+rwx,g+rwx,o+rx "${target_confdir}" - mkdir -p -m u+rwx,g+rwx,o+rx "${target_cnidir}" - - install -m u+rwx,g+rwx,o+rx "${binaries_path}/sdn-cni-plugin" "${target_cnidir}/openshift-sdn" - install -m u+rwx,g+rwx,o+rx "${binaries_path}/host-local" "${target_cnidir}" - install -m u+rwx,g+rwx,o+rx "${binaries_path}/loopback" "${target_cnidir}" - - # Assume an empty/default target is an indication of deploying in an - # environment where openvswitch should be started by us - if [[ -z "${target}" ]]; then - systemctl enable openvswitch - systemctl start openvswitch - fi -} diff --git a/contrib/systemd/atomic-openshift-master.service b/contrib/systemd/atomic-openshift-master.service deleted file mode 100644 index 02af4dd1670c..000000000000 --- a/contrib/systemd/atomic-openshift-master.service +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Atomic OpenShift Master -Documentation=https://github.com/openshift/origin -After=network-online.target -After=etcd.service -Before=atomic-openshift-node.service -Requires=network-online.target - -[Service] -Type=notify -EnvironmentFile=/etc/sysconfig/atomic-openshift-master -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/openshift start master --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ -SyslogIdentifier=atomic-openshift-master -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target -WantedBy=atomic-openshift-node.service diff --git a/contrib/systemd/containerized/README.md b/contrib/systemd/containerized/README.md deleted file mode 100644 index c669765bf5dd..000000000000 --- a/contrib/systemd/containerized/README.md +++ /dev/null @@ -1 +0,0 @@ -Example systemd units for running openshift in a container diff --git a/contrib/systemd/containerized/openvswitch.service b/contrib/systemd/containerized/openvswitch.service deleted file mode 100644 index 8a210b41cfb5..000000000000 --- a/contrib/systemd/containerized/openvswitch.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -After=docker.service -Requires=docker.service -PartOf=docker.service - -[Service] -ExecStartPre=-/usr/bin/docker rm -f openvswitch -ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch openshift/openvswitch -ExecStop=/usr/bin/docker stop openvswitch -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target diff --git a/contrib/systemd/containerized/origin-master.service b/contrib/systemd/containerized/origin-master.service deleted file mode 100644 index 288ca40bd8a9..000000000000 --- a/contrib/systemd/containerized/origin-master.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -After=docker.service -Before=origin-node.service -PartOf=docker.service -Requires=docker.service -After=etcd.service - - -[Service] -EnvironmentFile=-/etc/sysconfig/origin-master -ExecStartPre=-/usr/bin/docker rm -f origin-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name origin-master --env-file=/etc/sysconfig/origin-master -v /var/lib/origin:/var/lib/origin -v /var/run/docker.sock:/var/run/docker.sock -v /etc/origin:/etc/origin --entrypoint /usr/bin/openshift openshift/origin start master --config=${CONFIG_FILE} ${OPTIONS} -ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop origin-master -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target -WantedBy=origin-node.service diff --git a/contrib/systemd/containerized/origin-node.service b/contrib/systemd/containerized/origin-node.service deleted file mode 100644 index dc665f9840b0..000000000000 --- a/contrib/systemd/containerized/origin-node.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Requires=docker.service -Wants=openvswitch.service -After=docker.service -After=openvswitch.service -PartOf=docker.service - -[Service] -EnvironmentFile=/etc/sysconfig/origin-node -ExecStartPre=-/usr/bin/docker rm -f origin-node -ExecStart=/usr/bin/docker run --name origin-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/origin-node -v /:/rootfs:ro,rslave -v /etc/systemd/system:/host-etc/systemd/system -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:rw -v /var/lib/docker:/var/lib/docker -v /etc/origin/node:/etc/origin/node -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/cni/net.d:/etc/cni/net.d -v /var/lib/origin:/var/lib/origin:rslave -v /var/log:/var/log -v /dev:/dev -e HOST=/rootfs -e HOST_ETC=/host-etc openshift/node -ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop origin-node -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target diff --git a/contrib/systemd/openshift-sdn-ovs.conf b/contrib/systemd/openshift-sdn-ovs.conf deleted file mode 100644 index 9677a7deda05..000000000000 --- a/contrib/systemd/openshift-sdn-ovs.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Unit] -Requires=openvswitch.service -After=ovsdb-server.service -After=ovs-vswitchd.service -After=openvswitch.service diff --git a/contrib/systemd/origin-master.service b/contrib/systemd/origin-master.service deleted file mode 100644 index cf79dda0261d..000000000000 --- a/contrib/systemd/origin-master.service +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Origin Master Service -Documentation=https://github.com/openshift/origin -After=network-online.target -After=etcd.service -Before=origin-node.service -Requires=network-online.target - -[Service] -Type=notify -EnvironmentFile=/etc/sysconfig/origin-master -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/openshift start master --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ -SyslogIdentifier=origin-master -Restart=always -RestartSec=5s - -[Install] -WantedBy=multi-user.target -WantedBy=origin-node.service diff --git a/contrib/systemd/origin-master.sysconfig b/contrib/systemd/origin-master.sysconfig deleted file mode 100644 index e1d5a7b0be34..000000000000 --- a/contrib/systemd/origin-master.sysconfig +++ /dev/null @@ -1,9 +0,0 @@ -OPTIONS="--loglevel=0" -CONFIG_FILE=/etc/origin/master/master-config.yaml - -# Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/contrib/systemd/origin-node-bootstrap.sysconfig b/contrib/systemd/origin-node-bootstrap.sysconfig deleted file mode 100644 index 1e334fcb0617..000000000000 --- a/contrib/systemd/origin-node-bootstrap.sysconfig +++ /dev/null @@ -1,14 +0,0 @@ -OPTIONS="--loglevel=0 --bootstrap --kubeconfig=/etc/origin/node/node-bootstrap.kubeconfig" -# /etc/origin/node/ should contain a node-bootstrap.kubeconfig file that can request -# bootstrap certificates. -# -# If if your node is running on a separate host you can rsync the contents -# rsync -a root@atomic-openshift-master:/var/lib/origin/origin.local.certificates/node-`hostname`/ /etc/origin/node -CONFIG_FILE=/etc/origin/node/node-config.yaml - -# Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/contrib/vagrant/provision-util.sh b/contrib/vagrant/provision-util.sh index 0f768e9a62a2..da6554aaeb0e 100755 --- a/contrib/vagrant/provision-util.sh +++ b/contrib/vagrant/provision-util.sh @@ -1,5 +1,4 @@ #!/bin/bash -source "${OS_ROOT}/contrib/node/install-sdn.sh" os::provision::join() { local IFS="$1" @@ -49,7 +48,6 @@ os::provision::base-install() { echo "Installing openshift" os::provision::install-cmds "${origin_root}" - os::provision::install-sdn "${origin_root}" "$(os::build::get-bin-output-path "${OS_ROOT}")" os::provision::set-os-env "${origin_root}" "${config_root}" } diff --git a/docs/cli.md b/docs/cli.md index 928d6126ec56..0eaa056e1c9f 100755 --- a/docs/cli.md +++ b/docs/cli.md @@ -360,7 +360,7 @@ $ oc tag [--source=] [ ...] For example: ```bash -$ oc tag --source=docker openshift/origin:latest myproject/ruby:tip +$ oc tag --source=docker openshift/origin-control-plane:latest myproject/ruby:tip ``` ## Application Modification Commands diff --git a/examples/README.md b/examples/README.md index 3155947743fe..a2e97218f06c 100644 --- a/examples/README.md +++ b/examples/README.md @@ -4,15 +4,10 @@ OpenShift Examples This directory contains examples of using OpenShift and explaining the new concepts available on top of Kubernetes and Docker. -* [Hello OpenShift](./hello-openshift) is a simple Hello World style application that can be used to start a simple pod * [OpenShift Sample](./sample-app) is an end-to-end application demonstrating the full OpenShift v3 concept chain - images, builds, deployments, and templates. * [Jenkins Example](./jenkins) demonstrates how to enhance the [sample-app](./sample-app) by deploying a Jenkins pod on OpenShift and thereby enable continuous integration for incoming changes to the codebase and trigger deployments when integration succeeds. * [Node.js echo Sample](https://github.com/openshift/nodejs-ex) highlights the simple workflow from creating project, new app from GitHub, building, deploying, running and updating. -* [Project Quotas and Resource Limits](./project-quota) demonstrates how quota and resource limits can be applied to resources in an OpenShift project. -* [Replicated Zookeper Template](./zookeeper) provides a template for an OpenShift service that exposes a simple set of primitives that distributed applications can build upon to implement higher level services for synchronization, configuration maintenance, and groups and naming. -* [Storage Examples](./storage-examples) provides a high level tutorial and templates for local and persistent storage on OpenShift using simple nginx applications. -* [Clustered Etcd Template](./etcd) provides a template for setting up a clustered instance of the [Etcd](https://github.com/coreos/etcd) key-value store as a service on OpenShift. * [Configurable Git Server](./gitserver) sets up a service capable of automatic mirroring of Git repositories, intended for use within a container or Kubernetes pod. * [QuickStarts](./quickstarts) provides templates for very basic applications using various frameworks and databases. * [Database Templates](./db-templates) provides templates for ephemeral and persistent storage on OpenShift using MongoDB, MySQL, and PostgreSQL. diff --git a/examples/atomic-registry/allinone/Dockerfile b/examples/atomic-registry/allinone/Dockerfile index 1fb031cc6b9a..64c4945356b9 100644 --- a/examples/atomic-registry/allinone/Dockerfile +++ b/examples/atomic-registry/allinone/Dockerfile @@ -1,4 +1,4 @@ -FROM openshift/origin +FROM openshift/origin-control-plane MAINTAINER Aaron Weitekamp ADD install.sh run.sh uninstall.sh /container/bin/ diff --git a/examples/atomic-registry/systemd/Dockerfile b/examples/atomic-registry/systemd/Dockerfile index 4cc2fc0d4f8f..6acc1c3cc84c 100644 --- a/examples/atomic-registry/systemd/Dockerfile +++ b/examples/atomic-registry/systemd/Dockerfile @@ -1,5 +1,5 @@ #FROM registry.access.redhat.com/openshift3/ose -FROM openshift/origin +FROM openshift/origin-control-plane LABEL name="projectatomic/atomic-registry-install" \ vendor="Project Atomic" \ diff --git a/examples/dockergc/dockergc-ds.yaml b/examples/dockergc/dockergc-ds.yaml index c8274284dc92..1d95d1198801 100644 --- a/examples/dockergc/dockergc-ds.yaml +++ b/examples/dockergc/dockergc-ds.yaml @@ -22,7 +22,7 @@ items: spec: serviceAccountName: dockergc containers: - - image: openshift/origin:latest + - image: openshift/origin-node:latest command: - "/usr/bin/oc" args: diff --git a/examples/etcd/Dockerfile b/examples/etcd/Dockerfile deleted file mode 100644 index 5652e97a4b67..000000000000 --- a/examples/etcd/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM centos:centos7 -MAINTAINER http://openshift.io - -RUN yum install -y tar bind-utils && yum clean all - -ENV ETCD_RELEASE v2.0.10 - -LABEL k8s.io/description="A highly-available key-value store for shared configuration and service discovery" \ - k8s.io/display-name="etcd v2.0.10" \ - openshift.io/expose-services="2379:http,2380:etcd" \ - openshift.io/tags="database,etcd,etcd20" - -RUN ETCD_URL=https://github.com/coreos/etcd/releases/download/${ETCD_RELEASE}/etcd-${ETCD_RELEASE}-linux-amd64.tar.gz && \ - mkdir -p /tmp/etcd && cd /tmp/etcd && \ - curl -L ${ETCD_URL} | tar -xzf - --strip-components=1 && \ - mv {etcd,etcdctl} /usr/local/bin/ && \ - mkdir -p /var/lib/etcd && \ - rm -rf /tmp/etcd - -EXPOSE 2379 2380 - -# Make the datadir world writeable -RUN mkdir -p /var/lib/etcd && chmod go+rwx /var/lib/etcd - -VOLUME ["/var/lib/etcd"] - -COPY etcd*.sh /usr/local/bin/ - -CMD ["/usr/local/bin/etcd.sh"] diff --git a/examples/etcd/Makefile b/examples/etcd/Makefile deleted file mode 100644 index eb7f461f5925..000000000000 --- a/examples/etcd/Makefile +++ /dev/null @@ -1,2 +0,0 @@ -all: - docker build -t openshift/etcd-20-centos7 . diff --git a/examples/etcd/OWNERS b/examples/etcd/OWNERS deleted file mode 100644 index c3868c4bb882..000000000000 --- a/examples/etcd/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -reviewers: - - mfojtik - - smarterclayton -approvers: - - mfojtik - - smarterclayton diff --git a/examples/etcd/README.md b/examples/etcd/README.md deleted file mode 100644 index 928a771b2589..000000000000 --- a/examples/etcd/README.md +++ /dev/null @@ -1,71 +0,0 @@ -Clustered etcd Template -======================== - -etcd is a distributed, consistent key value store for shared configuration and -service discovery. For more details about etcd, visit: - -https://github.com/coreos/etcd - -### Requirements - -You can 'pre-pull' the Docker image used by this template by: - -``` -$ docker pull openshift/etcd-20-centos7 -``` - -You can also build this Docker image yourself, by using provided Makefile: - -``` -$ make -``` - -### How to use this template - -You can import this template to OpenShift using: - -``` -$ oc create -f examples/etcd/template.json -``` - -Then you can navigate to OpenShift UI and click the 'Create' button on top right -and choose 'Browse templates...'. Choose the 'etcd' and hit create. - -Another way, is to use the CLI only: - -``` -$ oc process -f examples/etcd/template.json | oc create -f - -``` - -### How does it work - -This template creates two Services. The first service is used for initial -discovery and stores information about running members. This service is used -only internally by the cluster members and you should not need to access it. -You can however obtain information about the current state/size of the cluster. - -The second service 'etcd' is the main entrypoint for accessing the 'etcd' -cluster. This service is exposing two ports. The port 2380 is used for internal -server-to-server communication and the port 2379 is used for the client -connections. - -The 'etcd-discovery' pod created by this template will create an instance of -etcd server, that is used as cluster discovery service. This pod can be stopped -or deleted when desired size of the cluster is reached. If you want to add more -members you will have to start this pod again manually. - -The 'etcd' replication controller manage creation of the etcd cluster members. -By default this template will start 3 members. The members then register -themselves using the discovery service and elect the leader. You can adjust the -number of replicas as long as the 'etcd-discovery' service is running. - -### Cleaning up - -If you're done playing, you can remove all the created resources by executing -following command: - -``` -$ ./examples/etcd/teardown.sh -``` - -Note: This will also remove all data you have stored in the etcd. diff --git a/examples/etcd/etcd-discovery.sh b/examples/etcd/etcd-discovery.sh deleted file mode 100755 index 282d6787ddf1..000000000000 --- a/examples/etcd/etcd-discovery.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -e -# -# This is a wrapper for the etcd that serves as 'discovery' server and manager -# for the cluster configuration - -address=$(getent ahosts ${HOSTNAME} | grep RAW | cut -d ' ' -f 1) - -exec /usr/local/bin/etcd \ - --advertise-client-urls http://${address}:2379 \ - --listen-client-urls http://${address}:2379 \ - --data-dir /var/lib/etcd \ - --name discovery diff --git a/examples/etcd/etcd.sh b/examples/etcd/etcd.sh deleted file mode 100755 index 015a1c76ccff..000000000000 --- a/examples/etcd/etcd.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# -# This is a wrapper script for the etcd command. -# This wrapper detects the presence of ETCD_DISCOVERY environment variable and -# if this variable is set then it will use DNS lookup to collect the IP -# addresses of the other members of the cluster. This wrapper then adjust the -# size of the cluster in the discovery service and register itself. - -# If we are not running in cluster, then just execute the etcd binary -if [[ -z "${ETCD_DISCOVERY_TOKEN-}" ]]; then - exec /usr/local/bin/etcd "$@" -fi - -# This variable is used by etcd server -export ETCD_DISCOVERY="${ETCD_DISCOVERY_URL}/v2/keys/discovery/${ETCD_DISCOVERY_TOKEN}" - -# Set the size of this cluster to pre-defined number -# Will retry several times till the etcd-discovery service is not ready -for i in {1..5}; do - echo "Attempt #${i} to update the cluster size in ${ETCD_DISCOVERY_URL} ..." - etcdctl --peers "${ETCD_DISCOVERY_URL}" set discovery/${ETCD_DISCOVERY_TOKEN}/_config/size ${ETCD_NUM_MEMBERS} && break || sleep 2 -done - -# The IP address of this container -address=$(getent ahosts ${HOSTNAME} | grep RAW | cut -d ' ' -f 1) - -# In case of failure when this container will be restarted, we have to remove -# this member from the list of members in discovery service. The new container -# will be added automatically and the data will be replicated. -ETCDCTL_PEERS="${ETCD_DISCOVERY_URL}" -initial_cluster="" -new_member=0 - -for member_url in $(etcdctl ls discovery/${ETCD_DISCOVERY_TOKEN}/); do - out=$(etcdctl get ${member_url}) - if ! echo $out | grep -q "${address}"; then - initial_cluster+="${out}," - continue - fi - etcdctl rm ${member_url} - member_id=$(echo "${member_url}" | cut -d '/' -f 4) - new_member=1 - etcdctl --peers http://etcd:2379 member remove ${member_id} - echo "Waiting for ${member_id} removal to propagate ..." - sleep 3 -done - -# If this member already exists in the cluster, perform recovery using -# 'existing' cluster state. -if [ $new_member != 0 ]; then - out=$(etcdctl --peers http://etcd:2379 member add ${HOSTNAME} http://${address}:2380 | grep ETCD_INITIAL_CLUSTER) - echo "Waiting for ${HOSTNAME} to be added into cluster ..." && sleep 5 - eval "export ${out}" - export ETCD_INITIAL_CLUSTER_STATE="existing" - unset ETCD_DISCOVERY -fi - -echo "Starting etcd member ${HOSTNAME} on ${address} ..." -exec /usr/local/bin/etcd \ - --initial-advertise-peer-urls http://${address}:2380 \ - --listen-peer-urls http://${address}:2380 \ - --advertise-client-urls http://${address}:2379 \ - --listen-client-urls http://127.0.0.1:2379,http://${address}:2379 \ - --data-dir /var/lib/etcd \ - --name ${HOSTNAME} diff --git a/examples/etcd/template.json b/examples/etcd/template.json deleted file mode 100644 index a91ff8fd3a15..000000000000 --- a/examples/etcd/template.json +++ /dev/null @@ -1,313 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "etcd", - "creationTimestamp": null, - "annotations": { - "openshift.io/display-name": "etcd", - "description": "An example of a clustered etcd key value store. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/origin/blob/master/examples/etcd/README.md.", - "iconClass": "icon-database", - "tags": "database,etcd" - } - }, - "message": "The following service(s) have been created in your project: etcd, etcd-discovery.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/origin/blob/master/examples/etcd/README.md.", - "labels": { - "template": "etcd" - }, - "objects": [ - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "etcd", - "creationTimestamp": null - }, - "spec": { - "dockerImageRepository": "${ETCD_IMAGE}", - "tags": [ - { - "name": "latest", - "annotations": { - "description": "Provides etcd v2.0.10", - "iconClass": "icon-database", - "tags": "database,etcd", - "version": "2.0.10" - } - } - ] - }, - "status": { - "dockerImageRepository": "" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "etcd-discovery", - "creationTimestamp": null, - "labels": { - "name": "etcd-discovery" - } - }, - "spec": { - "ports": [ - { - "protocol": "TCP", - "port": 2379, - "targetPort": 2379, - "nodePort": 0 - } - ], - "selector": { - "name": "etcd-discovery" - }, - "clusterIP": "None", - "type": "ClusterIP", - "sessionAffinity": "None" - }, - "status": { - "loadBalancer": {} - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "etcd", - "creationTimestamp": null, - "labels": { - "name": "etcd" - } - }, - "spec": { - "ports": [ - { - "name": "client", - "protocol": "TCP", - "port": 2379, - "targetPort": 2379, - "nodePort": 0 - }, - { - "name": "server", - "protocol": "TCP", - "port": 2380, - "targetPort": 2380, - "nodePort": 0 - } - ], - "selector": { - "name": "etcd" - }, - "clusterIP": "None", - "type": "ClusterIP", - "sessionAffinity": "None" - }, - "status": { - "loadBalancer": {} - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "etcd-discovery", - "creationTimestamp": null - }, - "spec": { - "strategy": { - "type": "Recreate", - "resources": {} - }, - "triggers": [ - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "etcd-discovery" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "etcd-discovery" - } - }, - "spec": { - "volumes": [ - { - "name": "data", - "emptyDir": { - "medium": "" - } - } - ], - "containers": [ - { - "name": "discovery", - "image": "${ETCD_IMAGE}", - "args": [ - "etcd-discovery.sh" - ], - "ports": [ - { - "containerPort": 2379, - "protocol": "TCP" - } - ], - "volumeMounts": [ - { - "name": "data", - "mountPath": "/var/lib/etcd" - } - ], - "resources": {}, - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - }, - "status": {} - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "etcd", - "creationTimestamp": null - }, - "spec": { - "strategy": { - "type": "Recreate", - "resources": {} - }, - "triggers": [ - { - "type": "ConfigChange" - } - ], - "replicas": 3, - "selector": { - "name": "etcd" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "etcd" - } - }, - "spec": { - "volumes": [ - { - "name": "data", - "emptyDir": { - "medium": "" - } - } - ], - "containers": [ - { - "name": "member", - "image": "${ETCD_IMAGE}", - "ports": [ - { - "containerPort": 2379, - "protocol": "TCP" - }, - { - "containerPort": 2380, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "ETCD_NUM_MEMBERS", - "value": "${ETCD_NUM_MEMBERS}" - }, - { - "name": "ETCD_INITIAL_CLUSTER_STATE", - "value": "new" - }, - { - "name": "ETCD_INITIAL_CLUSTER_TOKEN", - "value": "${ETCD_CLUSTER_TOKEN}" - }, - { - "name": "ETCD_DISCOVERY_TOKEN", - "value": "${ETCD_DISCOVERY_TOKEN}" - }, - { - "name": "ETCD_DISCOVERY_URL", - "value": "${ETCD_DISCOVERY_URL}" - }, - { - "name": "ETCDCTL_PEERS", - "value": "http://etcd:2379" - } - ], - "volumeMounts": [ - { - "name": "data", - "mountPath": "/var/lib/etcd" - } - ], - "resources": {}, - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - }, - "status": {} - } - ], - "parameters": [ - { - "name": "ETCD_IMAGE", - "description": "The name of etcd Docker image to use", - "value": "openshift/etcd-20-centos7" - }, - { - "name": "ETCD_NUM_MEMBERS", - "description": "Maximum number of members to launch (have to match with # of replicas)", - "value": "3" - }, - { - "name": "ETCD_DISCOVERY_URL", - "description": "Discovery URL connects etcd instances together by storing a list of peer addresses, metadata and the initial size of the cluster under a unique address", - "value": "http://etcd-discovery:2379" - }, - { - "name": "ETCD_DISCOVERY_TOKEN", - "description": "A unique token used by the discovery service", - "generate": "expression", - "from": "[a-z0-9]{40}" - }, - { - "name": "ETCD_CLUSTER_TOKEN", - "description": "A token etcd use to generate unique cluster ID and member ID", - "generate": "expression", - "from": "etcd-cluster-[a-z0-9]{5}" - } - ] -} \ No newline at end of file diff --git a/examples/examples_test.go b/examples/examples_test.go index db379ddaa272..2923ea976882 100644 --- a/examples/examples_test.go +++ b/examples/examples_test.go @@ -23,7 +23,6 @@ import ( buildapi "github.com/openshift/origin/pkg/build/apis/build" imageapi "github.com/openshift/origin/pkg/image/apis/image" networkapi "github.com/openshift/origin/pkg/network/apis/network" - projectapi "github.com/openshift/origin/pkg/project/apis/project" routeapi "github.com/openshift/origin/pkg/route/apis/route" templateapi "github.com/openshift/origin/pkg/template/apis/template" @@ -77,13 +76,6 @@ func TestExampleObjectSchemas(t *testing.T) { // TODO: make this configurable and not the default https://github.com/openshift/origin/issues/662 capabilities.Setup(true, capabilities.PrivilegedSources{}, 0) cases := map[string]map[string]runtime.Object{ - "../examples/wordpress/template": { - "wordpress-mysql": &templateapi.Template{}, - }, - "../examples/hello-openshift": { - "hello-pod": &kapi.Pod{}, - "hello-project": &projectapi.Project{}, - }, "../examples/sample-app": { "github-webhook-example": nil, // Skip. "application-template-stibuild": &templateapi.Template{}, diff --git a/examples/gitserver/Dockerfile b/examples/gitserver/Dockerfile index 3febf8ab8093..33a28edabe7e 100644 --- a/examples/gitserver/Dockerfile +++ b/examples/gitserver/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-gitserver # -FROM openshift/origin +FROM openshift/origin-control-plane COPY bin/gitserver /usr/bin/gitserver COPY hooks/ /var/lib/git-hooks/ diff --git a/examples/glusterfs-image-storage/OWNERS b/examples/glusterfs-image-storage/OWNERS deleted file mode 100644 index 2563b9f76687..000000000000 --- a/examples/glusterfs-image-storage/OWNERS +++ /dev/null @@ -1,2 +0,0 @@ -reviewers: -approvers: diff --git a/examples/glusterfs-image-storage/README.md b/examples/glusterfs-image-storage/README.md deleted file mode 100644 index 379c765d695a..000000000000 --- a/examples/glusterfs-image-storage/README.md +++ /dev/null @@ -1,83 +0,0 @@ -# Docker-Registry Images On GlusterFS - -### Assumptions - - * OSE 3.x - * GlusterFS volume Created and Started - * glusterfs-client installed on all Nodes - -### DNS Configuration - -Before we can initiate the docker-registry, the dnsmasq.service and the openshift DNS collision on port 53 must be corrected. - -##### Edit /etc/dnsmasq.conf - -On the master, edit /etc/dnsmasq.conf, adding: -```bash -# Reverse DNS record for master -host-record=, -# Wildcard DNS for OpenShift Applications - Points to Router -address=/apps./ -# Forward .local queries to SkyDNS -server=/local/127.0.0.1#8053 -# Forward reverse queries for service network to SkyDNS. -# This is for default OpenShift SDN - change as needed. -server=/17.30.172.in-addr.arpa/127.0.0.1#8053 -``` -And uncommenting: -```bash -# Do not read /etc/resolv.conf and forward requests -# to nameservers listed there: -no-resolv -# Never forward plain names (without a dot or domain part) -domain-needed -# Never forward addresses in the non-routed address spaces. -bogus-priv -``` - -##### Edit /etc/origin/master/master-config.yaml - -Change -``` -dnsConfig: - bindAddress: 0.0.0.0:53 -``` -to -``` -dnsConfig: - bindAddress: 127.0.0.1:8053 -``` - -On all nodes, edit /etc/resolv.conf -``` - nameserver - nameserver 192.168.1.1 #where this is router IP of the subnet -``` - -**Restart the Relavent Services on all nodes** - -```bash -systemctl restart atomic-openshift-master -systemctl restart atomic-openshift-node -systemctl restart dnsmasq -``` - -### Run the Example - -* `glusterfs-endpoints.yaml` - change `ip:` to that of each gluster node -* `gluster-pv.yaml` - change `path:` to the volume name - -##### Create the persistent volume claim - -```bash -oc create -f glusterfs-endpoints.yaml -oc create -f gluster-pv.yaml -oc create -f gluster-pvc.yaml -``` - -- Confirm the persistent volume claim is running: `oc get pvc` - -##### Start the Docker Registry - -Refer to the latest [Origin Docs](https://docs.openshift.org/latest/install_config/install/docker_registry.html "Deploying A Docker Registry") for deployment instructions. See the [Production Use](https://docs.openshift.org/latest/install_config/install/docker_registry.html#production-use "Production-Use") section to implement the registry using the persistent volume claim. - diff --git a/examples/glusterfs-image-storage/gluster-endpoints.yaml b/examples/glusterfs-image-storage/gluster-endpoints.yaml deleted file mode 100644 index 15325c331b57..000000000000 --- a/examples/glusterfs-image-storage/gluster-endpoints.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: Endpoints -apiVersion: v1 -metadata: - labels: - name: gluster-image-storage - name: gluster-image-storage -subsets: - - addresses: - - ip: 192.168.234.147 - ports: - - port: 1 - - addresses: - - ip: 192.168.234.144 - ports: - - port: 1 diff --git a/examples/glusterfs-image-storage/gluster-pv.yaml b/examples/glusterfs-image-storage/gluster-pv.yaml deleted file mode 100644 index 847ffd61d86f..000000000000 --- a/examples/glusterfs-image-storage/gluster-pv.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: gluster-default-volume -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - glusterfs: - endpoints: gluster-image-storage - path: gv0 - readOnly: false - persistentVolumeReclaimPolicy: Recycle diff --git a/examples/glusterfs-image-storage/gluster-pvc.yaml b/examples/glusterfs-image-storage/gluster-pvc.yaml deleted file mode 100644 index 0fee9e0ef5cb..000000000000 --- a/examples/glusterfs-image-storage/gluster-pvc.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: "glusterfs-claim" -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/examples/ha/OWNERS b/examples/ha/OWNERS deleted file mode 100644 index b0633cb94c86..000000000000 --- a/examples/ha/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - smarterclayton -approvers: - - smarterclayton diff --git a/examples/ha/README.md b/examples/ha/README.md deleted file mode 100644 index eede19d3b42a..000000000000 --- a/examples/ha/README.md +++ /dev/null @@ -1,17 +0,0 @@ -Generate a config with: - - $ openshift start master --write-config=./cluster-config - -Update the config: - - # edit ./cluster-config/master-config.yaml - # set masterIPEnvVarName to "POD_IP" - # set the etcd client URL to http://etcd:2379 - # TODO: setup client certs - # clear the etcd config section - -Create a secret for the master config and start the config - - $ oc secrets new master-config ./cluster-config - $ oc secrets add sa/default secrets/master-config - $ oc create -f examples/ha/openshift-ha.yaml \ No newline at end of file diff --git a/examples/ha/openshift-ha.yaml b/examples/ha/openshift-ha.yaml deleted file mode 100644 index bd8b97b9798b..000000000000 --- a/examples/ha/openshift-ha.yaml +++ /dev/null @@ -1,150 +0,0 @@ -apiVersion: v1 -kind: List -items: -- apiVersion: v1 - kind: ImageStream - metadata: - name: origin - spec: - dockerImageRepository: openshift/origin -- apiVersion: v1 - kind: ImageStream - metadata: - name: etcd - spec: - dockerImageRepository: quay.io/coreos/etcd - -- apiVersion: v1 - kind: DeploymentConfig - metadata: - name: master - spec: - replicas: 1 - selector: - deploymentconfig: master - template: - metadata: - labels: - deploymentconfig: master - - spec: - volumes: - - name: master-config - secret: - secretName: master-config # has to be added to the service account - - containers: - - name: api - image: openshift/origin - args: ["start", "master", "api", "--config=/var/run/openshift/master-config.yaml", "--master-ip=$(POD_IP)"] - env: - - name: POD_IP # requires master config to be set to use POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - mountPath: /var/run/openshift - name: master-config - - - name: controllers - image: openshift/origin - args: ["start", "master", "controllers", "--config=/var/run/openshift/master-config.yaml"] # uses loopback client - volumeMounts: - - mountPath: /var/run/openshift - name: master-config - - triggers: - - type: ConfigChange - - imageChangeParams: - automatic: true - containerNames: - - origin - from: - kind: ImageStreamTag - name: origin:latest - type: ImageChange - -- apiVersion: v1 - kind: DeploymentConfig - metadata: - name: etcd - spec: - replicas: 1 - selector: - deploymentconfig: etcd - template: - metadata: - labels: - deploymentconfig: etcd - spec: - volumes: - - name: etcd-dir - emptyDir: {} - containers: - - image: coreos/etcd - name: etcd - workingDir: /var/lib/etcd - args: [ - "--listen-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001", - "--listen-peer-urls=http://0.0.0.0:2380,http://0.0.0.0:7001", - "--advertise-client-urls=http://$(POD_IP):2379,http://$(POD_IP):4001" - ] - env: - - name: POD_IP # requires master config to be set to use POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - mountPath: /var/lib/etcd - name: etcd-dir - ports: - - containerPort: 2379 - - containerPort: 2380 - - containerPort: 4001 - - containerPort: 7001 - triggers: - - type: ConfigChange - - imageChangeParams: - automatic: true - containerNames: - - etcd - from: - kind: ImageStreamTag - name: etcd:v2.0.13 - type: ImageChange - -- apiVersion: v1 - kind: Service - metadata: - name: master - spec: - ports: - - name: api - port: 8443 - targetPort: 8443 - - name: dns - port: 53 - targetPort: 53 - selector: - deploymentconfig: master - -- apiVersion: v1 - kind: Service - metadata: - name: etcd - spec: - ports: - - name: etcd-tcp-2379 - port: 2379 - targetPort: 2379 - - name: etcd-tcp-2380 - port: 2380 - targetPort: 2380 - - name: etcd-tcp-4001 - port: 4001 - targetPort: 4001 - - name: etcd-tcp-7001 - port: 7001 - targetPort: 7001 - selector: - deploymentconfig: etcd diff --git a/examples/privileged-pod-pvc/OWNERS b/examples/privileged-pod-pvc/OWNERS deleted file mode 100644 index 2563b9f76687..000000000000 --- a/examples/privileged-pod-pvc/OWNERS +++ /dev/null @@ -1,2 +0,0 @@ -reviewers: -approvers: diff --git a/examples/privileged-pod-pvc/README.md b/examples/privileged-pod-pvc/README.md deleted file mode 100644 index bbbe6be439df..000000000000 --- a/examples/privileged-pod-pvc/README.md +++ /dev/null @@ -1,118 +0,0 @@ -# Mount Volumes on Privileged Pods - -**This guide will demo GlusterFS as its example use-case but this method will work for any compatible volume provider.** - -##Purpose - -This example gives a basic template for attaching a persistent storage volume to a pod. It provides an end to end setup that begins with the _cluster-admin_ making the persistent volume available and a _basic-user_ requesting storage from a **privileged** pod. - -_If the pod is not run as privileged, skip the **Edit Privileged scc** section_ - -###Assumptions: - -* OSE 3.x -* NFS, GlusterFS, Ceph, or other compatible volume provider -* A cluster-admin user. For this guide, that user is called `admin` - -##Create a basic-user and User Project - -_**Note:**_ This section assumes there are not yet basic users. If you have a basic user and that user has a project, skip this section. - -`$ oc login -u tom -p tom` - - Where "tom" is an arbitrary user name and password. - - Next, create the project as tom: - -```bash -$ oc new-project \ ---description="" \ ---display-name="" -``` - - _At a minimum, only `` is required._ - - Basic-users are bound to the project-admin role at project creation so there is no need to manually bind them. - -##Edit Privileged scc - -The user must be added to the privileged scc (or to a group given access to that scc) before they can run privileged pods. - -_**As admin**_ - -```bash -$ oc edit scc privileged -``` -Under `users:` add the basic-user: - -```yaml -users: -- tom -``` - -##Make the Volume Available to Projects - -_**As admin:**_ - -```bash -$ oc create -f gluster-endpoints.yaml -$ oc create -f gluster-endpoints-service.yaml -$ oc create -f gluster-pv.yaml -``` -###Make the volume available within the user project -_**As basic-user**_ - -Create the PersistentVolumeClaim - -`$ oc create -f gluster-pvc.yaml` - -Create the privileged pod - -`$ oc create -f gluster-nginx-priv-pod.yaml` - - -##Confirm the Setup was Successful - -###Verify the Pod is Bound to the Correct scc - -Get the pod name - -`$ oc get pods` - -Export the configuration of the pod. - -`$ oc export pod ` - -Examine the output. Check that `openshift.io/scc` has the value `privileged`. - -```yaml -... -metadata: - annotations: - openshift.io/scc: privileged -... -``` - -###Check the Volume is Mounted - -Access the pod - -```bash -$ oc rsh -[root@gluster-nginx-pvc /]# mount -``` - -Examine the output for the gluster volume. - - 192.168.59.102:gv0 on /mnt/gluster type fuse.gluster (rw,relatime,user_id=0,group_id=0,default_permissions,allow_other,max_read=131072) - - -**That's it!** - -##Relevant Origin Docs - -For more info on: - -* Setting pv/pvc's for other volume providers see [Configuring Persistent Storage](https://docs.openshift.org/latest/install_config/persistent_storage/index.html) -* SCC's, see [Managing Security Context Contraints](https://docs.openshift.org/latest/admin_guide/manage_scc.html) - diff --git a/examples/privileged-pod-pvc/gluster-endpoints-service.yaml b/examples/privileged-pod-pvc/gluster-endpoints-service.yaml deleted file mode 100644 index 9a2469f3ba30..000000000000 --- a/examples/privileged-pod-pvc/gluster-endpoints-service.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gluster-cluster -spec: - ports: - - port: 1 diff --git a/examples/privileged-pod-pvc/gluster-endpoints.yaml b/examples/privileged-pod-pvc/gluster-endpoints.yaml deleted file mode 100644 index d5ebba49f63a..000000000000 --- a/examples/privileged-pod-pvc/gluster-endpoints.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Endpoints -metadata: - name: gluster-cluster -subsets: - - addresses: - - ip: 192.168.59.102 - ports: - - port: 1 # all endpoint ports are ignored by openshift - - addresses: - - ip: 192.168.59.103 - ports: - - port: 1 # ignored diff --git a/examples/privileged-pod-pvc/gluster-nginx-priv-pod.yaml b/examples/privileged-pod-pvc/gluster-nginx-priv-pod.yaml deleted file mode 100644 index 08903670393d..000000000000 --- a/examples/privileged-pod-pvc/gluster-nginx-priv-pod.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -id: gluster-nginx-pvc -kind: Pod -metadata: - name: gluster-nginx-priv -spec: - containers: - - name: gluster-nginx-priv - image: fedora/nginx - volumeMounts: - - mountPath: /mnt/gluster - name: gluster-volume-claim - securityContext: - privileged: true - volumes: - - name: gluster-volume-claim - persistentVolumeClaim: - claimName: gluster-claim diff --git a/examples/privileged-pod-pvc/gluster-pv.yaml b/examples/privileged-pod-pvc/gluster-pv.yaml deleted file mode 100644 index 54d922c13e34..000000000000 --- a/examples/privileged-pod-pvc/gluster-pv.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: gluster-default-volume -spec: - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - glusterfs: - endpoints: gluster-cluster - path: gv0 - readOnly: false - persistentVolumeReclaimPolicy: Recycle diff --git a/examples/privileged-pod-pvc/gluster-pvc.yaml b/examples/privileged-pod-pvc/gluster-pvc.yaml deleted file mode 100644 index 1709e67ff694..000000000000 --- a/examples/privileged-pod-pvc/gluster-pvc.yaml +++ /dev/null @@ -1,10 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: gluster-claim -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/examples/project-quota/OWNERS b/examples/project-quota/OWNERS deleted file mode 100644 index 330128fa46ff..000000000000 --- a/examples/project-quota/OWNERS +++ /dev/null @@ -1,11 +0,0 @@ -reviewers: - - smarterclayton - - mfojtik - - derekwaynecarr - - soltysh - - jim-minter -approvers: - - smarterclayton - - mfojtik - - derekwaynecarr - - soltysh diff --git a/examples/project-quota/README.md b/examples/project-quota/README.md deleted file mode 100644 index ba9ca144ae7d..000000000000 --- a/examples/project-quota/README.md +++ /dev/null @@ -1,432 +0,0 @@ -OpenShift 3: Project Quota and Resource Limits -======================================== -This example will demonstrate how quota and resource limits can be applied to resources in a project. - -This example assumes you have completed the sample-app example, and have a functional OpenShift setup. - -Resources ------------------------------------------ -By default, a pod in your project runs with unbounded CPU and memory constraints. This means that -any pod in the system will be able to consume as much CPU and memory on the node that runs the pod. - -An author of a pod may set explicit resource limits per container in the pod in order to control -memory usage dedicated to its containers on a node. - -The following is an example of a pod that has a single container. This container sets its resource -limit for cpu to 100m and memory as 6Mi. This means that the container will get 100 millicores of -a core on the Node. In effect, if the node had a single core, this pod could be scheduled 10 times -at most to a single host. - -```shell -$ cat pod-with-resources.yaml -apiVersion: v1 -kind: Pod -metadata: - name: pod-with-resources -spec: - containers: - - capabilities: {} - image: gcr.io/google_containers/serve_hostname - imagePullPolicy: IfNotPresent - name: kubernetes-serve-hostname - resources: - limits: - cpu: 100m - memory: 6Mi - securityContext: - capabilities: {} - privileged: false - dnsPolicy: ClusterFirst - restartPolicy: Always -``` - -Applying a Project Quota ------------------------------------------ -Administrators may want to restrict how much of the cluster resources a given project may consume across -all of its pods. To do this, an administrator applies a quota to a project. A quota lets the -administrator set hard limits on the total amount of node resources (cpu, memory) and -API resources (pods, services, etc.) that a project may require. - -Let's create a simple project that applies a basic quota where the total cpu usage across all pods cannot exceed 1 core and may not consume more than 750Mi of memory. - -```shell -$ oc adm new-project quota-demo --admin=test-admin -$ oc project quota-demo -$ oc create quota quota --hard=cpu=1,memory=750Mi,pods=10,replicationcontrollers=10,resourcequotas=1,services=1 -``` - -A few moments after the quota is created, the current usage in the project is calculated. - -You can view the current usage by doing the following: - -``` -$ oc describe project quota-demo -Name: quota-demo -Created: 4 hours ago -Labels: -Annotations: openshift.io/description= - openshift.io/display-name= - openshift.io/sa.scc.mcs=s0:c6,c5 - openshift.io/sa.scc.supplemental-groups=1000040000/10000 - openshift.io/sa.scc.uid-range=1000040000/10000 -Display Name: -Description: -Status: Active -Node Selector: -Quota: - Name: quota - Resource Used Hard - -------- ---- ---- - cpu 0 1 - memory 0 750Mi - pods 0 10 - replicationcontrollers 0 10 - resourcequotas 1 1 - services 0 10 -Resource limits: -``` - -Applying default resource limits ------------------------------------------ -Pod authors rarely specify resource limits for their pods. As noted earlier, this is problematic because -it means a pod can consume as much resource on a node as is available. - -Since we applied a quota to our project, let's see what happens when an end-user creates a pod that has unbounded -cpu and memory. - -```shell -$ cat pod-without-resources.yaml -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - name: pod-without-resources -spec: - containers: - - capabilities: {} - image: gcr.io/google_containers/serve_hostname - imagePullPolicy: IfNotPresent - name: kubernetes-serve-hostname - resources: {} - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - dnsPolicy: ClusterFirst - restartPolicy: Always -status: {} -$ oc create -f pod-without-resources.yaml -Error from server: error when creating "pod-without-resources.yaml": pods "pod-without-resources" is forbidden: Failed quota: quota: must specify cpu,memory -``` - -The administrator is happy because end-users need to specify resource limits. - -The end-user is miserable because they now need to set explicit resource values, and this is more work. - -To make things better, the administrator can set some project wide defaults for resource constraints. - -In addition, the administrator can set some limits to the basic shape of a pod and its container to ensure -pods can best fit the available node profile. For example, while a project may be allowed to request 750Mi of -memory across all containers, the administrator may want to limit the amount of memory a single pod can consume -to 500Mi. This type of flexibility allows administrators to set min/max limits for cpu and memory constraints -at a pod or container level to fit the nodes that are in the cluster. After all, if a user can use 20 cpus, -but the largest node in your cluster is 4 cpus, you don't really want user's to build pods that request 8 cpus. - -It's best to reject those types of pods up front. - -So let's set some default limits for this project: - -```shell -$ cat limits.yaml -apiVersion: v1 -kind: LimitRange -metadata: - creationTimestamp: null - name: limits -spec: - limits: - - max: - cpu: 500m - memory: 750Mi - min: - cpu: 10m - memory: 5Mi - type: Pod - - default: - cpu: 100m - memory: 100Mi - max: - cpu: 500m - memory: 750Mi - min: - cpu: 10m - memory: 5Mi - type: Container -$ oc create -f limits.yaml -$ oc describe project quota-demo -Name: quota-demo -Created: 4 hours ago -Labels: -Annotations: openshift.io/description= - openshift.io/display-name= - openshift.io/sa.scc.mcs=s0:c6,c5 - openshift.io/sa.scc.supplemental-groups=1000040000/10000 - openshift.io/sa.scc.uid-range=1000040000/10000 -Display Name: -Description: -Status: Active -Node Selector: -Quota: - Name: quota - Resource Used Hard - -------- ---- ---- - cpu 0 1 - memory 0 750Mi - pods 0 10 - replicationcontrollers 0 10 - resourcequotas 1 1 - services 0 10 -Resource limits: - Name: limits - Type Resource Min Max Default - ---- -------- --- --- --- - Pod cpu 10m 500m - - Pod memory 5Mi 750Mi - - Container cpu 10m 500m 100m - Container memory 5Mi 750Mi 100Mi -``` - -You can now see that the project has set min/max limits at the pod and container scopes. - -If a pod is created that has no cpu resource limit set, the default (100m) will be set as an explicit limit. Similarly, if a pod is created that has no memory resource limit set, the default (100Mi) will be set as an explicit limit. - -To demonstrate this, let's try to create the pod that failed previously: - -```shell -$ oc create -f pod-without-resources.yaml -$ oc describe project quota-demo -Name: quota-demo -Created: 4 hours ago -Labels: -Annotations: openshift.io/description= - openshift.io/display-name= - openshift.io/sa.scc.mcs=s0:c6,c5 - openshift.io/sa.scc.supplemental-groups=1000040000/10000 - openshift.io/sa.scc.uid-range=1000040000/10000 -Display Name: -Description: -Status: Active -Node Selector: -Quota: - Name: quota - Resource Used Hard - -------- ---- ---- - cpu 100m 1 - memory 100Mi 750Mi - pods 1 10 - replicationcontrollers 0 10 - resourcequotas 1 1 - services 0 10 -Resource limits: - Name: limits - Type Resource Min Max Default - ---- -------- --- --- --- - Pod cpu 10m 500m - - Pod memory 5Mi 750Mi - - Container cpu 10m 500m 100m - Container memory 5Mi 750Mi 100Mi -``` - -As you can see, we now have a single pod in our project, and that pod is consuming the default amount of resources. - -Templates: Parameterized resources ------------------------------------------ -Templates allow project editors to quickly add content to the project from pre-defined content. - -Pods that are created from template content will use any of the specified resource defaults that we had -previously defined in our project, but as a template author, it is possible to actually expose memory -and cpu consumption as parameters in your template. - -To demonstrate this, let's provision a custom template that enumerates resources: - -```shell -$ oc create -f application-template-with-resources.json -$ oc describe template ruby-helloworld-sample-with-resources -Name: ruby-helloworld-sample-with-resources -Created: 12 minutes ago -Labels: -Description: This example shows how to create a simple ruby application in openshift origin v3 -Annotations: iconClass=icon-ruby - tags=instant-app,ruby,mysql - -Parameters: - Name: ADMIN_USERNAME - Description: administrator username - Required: false - Generated: expression - From: admin[A-Z0-9]{3} - - Name: ADMIN_PASSWORD - Description: administrator password - Required: false - Generated: expression - From: [a-zA-Z0-9]{8} - - Name: MYSQL_USER - Description: database username - Required: false - Generated: expression - From: user[A-Z0-9]{3} - - Name: MYSQL_PASSWORD - Description: database password - Required: false - Generated: expression - From: [a-zA-Z0-9]{8} - - Name: MYSQL_DATABASE - Description: database name - Required: false - Value: root - Name: MYSQL_RESOURCES_LIMITS_MEMORY - Description: database memory limit - Required: false - Value: 200Mi - Name: MYSQL_RESOURCES_LIMITS_CPU - Description: database cpu limit - Required: false - Value: 400m - Name: DEPLOY_MYSQL_RESOURCES_LIMITS_MEMORY - Description: deploy database memory limit - Required: false - Value: 50Mi - Name: DEPLOY_MYSQL_RESOURCES_LIMITS_CPU - Description: deploy database cpu limit - Required: false - Value: 20m - Name: FRONTEND_RESOURCES_LIMITS_MEMORY - Description: frontend memory limit - Required: false - Value: 100Mi - Name: FRONTEND_RESOURCES_LIMITS_CPU - Description: frontend cpu limit - Required: false - Value: 200m - Name: DEPLOY_FRONTEND_RESOURCES_LIMITS_MEMORY - Description: deploy frontend memory limit - Required: false - Value: 50Mi - Name: DEPLOY_FRONTEND_RESOURCES_LIMITS_CPU - Description: deploy frontend cpu limit - Required: false - Value: 20m - Name: BUILD_RUBY_RESOURCES_LIMITS_MEMORY - Description: build ruby memory limit - Required: false - Value: 50Mi - Name: BUILD_RUBY_RESOURCES_LIMITS_CPU - Description: build ruby cpu limit - Required: false - Value: 20m - -Object Labels: template=application-template-stibuild - -Objects: - Service frontend - Route route-edge - ImageStream origin-ruby-sample - ImageStream ruby-20-centos7 - - - Service database -``` - -Notice that the template exposes parameters to limit the amount of memory and cpu used by the pods in your project. - -* MYSQL_RESOURCES_LIMITS_CPU - the amount of cpu for your mysql containers -* MYSQL_RESOURCES_LIMITS_MEMORY - the amount of memory for your mysql containers -* FRONTEND_RESOURCES_LIMITS_CPU - the amount of cpu for your frontend containers -* FRONTEND_RESOURCES_LIMITS_MEMORY - the amount of memory for your frontend containers - -When you build your source code, OpenShift will create pods to execute the build in your project. Those pods consume -node resources, so they are subject to quota. It is possible to customize the amount of cpu and memory used by -a build. Notice that the template exposes the following parameters to tailor the amount of resources per build. - -* BUILD_RUBY_RESOURCES_LIMITS_MEMORY - the amount of memory used when running builds of your ruby code -* BUILD_RUBY_RESOURCES_LIMITS_CPU - the amount of cpu used when running builds of your ruby code - -Finally, when you deploy new versions of your code, OpenShift will create pods to execute the deployment. Those -pods consume node resources, so they are subject to quota. Like builds, you can customize the amount of resources -you give to a deployment task: - -* DEPLOY_FRONTEND_RESOURCES_LIMITS_MEMORY - the amount of memory used when deploying new versions of your frontend -* DEPLOY_FRONTEND_RESOURCES_LIMITS_CPU - the amount of cpu used when deploying new versions of your frontend -* DEPLOY_MYSQL_RESOURCES_LIMITS_MEMORY - the amount of memory used when deploying new versions of your database -* DEPLOY_MYSQL_RESOURCES_LIMITS_CPU - the amount of cpu used when deploying new versions of your database - -Putting it all together ---------------------------------------- -Now that we have created our template, let's create the content within it. - -```shell -$ oc process ruby-helloworld-sample-with-resources | oc create -f - -service "frontend" created -route "route-edge" created -imagestream "origin-ruby-sample" created -imagestream "ruby-20-centos7" created -buildconfig "ruby-sample-build" created -deploymentconfig "frontend" created -service "database" created -deploymentconfig "database" created -``` - -Every action in the project that consumes node level cpu or memory resources has defined limits. - -If you kick off builds, or execute deployments, you will see that those pods have defined resource limits that are derived from their associated configuration. All of these actions are therefore -tracked in the project quota. - -To demonstrate this, let's show what happens when you run at the limit of quota. - -Let's kick off a number of builds to see what happens when we exceed quota. - -```shell -$ oc start-build ruby-sample-build -$ ... [repeat until exceeded quota] ... -``` - -Let's assume our 5th build exceeded quota: - -``` -$ oc describe builds ruby-sample-build-5 -Name: ruby-sample-build-5 -Created: 2 minutes ago -Labels: buildconfig=ruby-sample-build,name=ruby-sample-build,template=application-template-stibuild -BuildConfig: ruby-sample-build -Status: New -Duration: waiting for 2m13s -Build Pod: ruby-sample-build-5 -Strategy: Source -Image Reference: DockerImage openshift/ruby-20-centos7:latest -Incremental Build: yes -Source Type: Git -URL: git://github.com/openshift/ruby-hello-world.git -Output to: origin-ruby-sample:latest -Output Spec: -Events: - FirstSeen LastSeen Count From SubobjectPath Reason Message - Tue, 19 May 2015 20:55:47 +0000 Tue, 19 May 2015 20:56:01 +0000 2 {build-controller } failedCreate Error creating: Pod "ruby-sample-build-5" is forbidden: Limited to 750Mi memory -``` - -Note the event that was published from the build controller to denote that there is no more quota -available in the project to execute the build. - -Once the other builds complete, and build pods complete, quota will be released, and eventually your -build will schedule a pod and complete. - -Summary ----------------------------- -Actions that consume node resources for cpu and memory can be subject to hard quota limits defined -by the administrator. - -Any action that consumes those resources can be tweaked, or can pick up project level defaults to -meet your end goal. diff --git a/examples/project-quota/application-template-with-resources.json b/examples/project-quota/application-template-with-resources.json deleted file mode 100644 index 4c941540cbfd..000000000000 --- a/examples/project-quota/application-template-with-resources.json +++ /dev/null @@ -1,506 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "ruby-helloworld-sample-with-resources", - "creationTimestamp": null, - "annotations": { - "description": "This example shows how to create a simple ruby application in openshift origin v3", - "iconClass": "icon-ruby", - "tags": "instant-app,ruby,mysql" - } - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "frontend", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 5432, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "frontend" - }, - "type": "ClusterIP", - "sessionAffinity": "None" - }, - "status": { - "loadBalancer": {} - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "route-edge", - "creationTimestamp": null - }, - "spec": { - "host": "www.example.com", - "to": { - "kind": "Service", - "name": "frontend" - }, - "tls": { - "termination": "edge" - } - }, - "status": {} - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "origin-ruby-sample", - "creationTimestamp": null - }, - "spec": {}, - "status": { - "dockerImageRepository": "" - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "ruby-20-centos7", - "creationTimestamp": null - }, - "spec": { - "dockerImageRepository": "openshift/ruby-20-centos7" - }, - "status": { - "dockerImageRepository": "" - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "ruby-sample-build", - "namespace": "quota-demo", - "selfLink": "/osapi/v1/namespaces/quota-demo/buildconfigs/ruby-sample-build", - "uid": "bf2174b3-fe5e-11e4-8f83-080027893417", - "creationTimestamp": "2015-05-19T19:39:21Z", - "labels": { - "name": "ruby-sample-build", - "template": "application-template-stibuild" - } - }, - "spec": { - "triggers": [ - { - "type": "github", - "github": { - "secret": "secret101" - } - }, - { - "type": "generic", - "generic": { - "secret": "secret101" - } - }, - { - "type": "imageChange", - "imageChange": { - "lastTriggeredImageID": "openshift/ruby-20-centos7:latest" - } - } - ], - "source": { - "type": "Git", - "git": { - "uri": "git://github.com/openshift/ruby-hello-world.git" - } - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "name": "ruby-20-centos7:latest" - }, - "incremental": true - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "origin-ruby-sample:latest" - } - }, - "resources": { - "limits": { - "cpu": "${BUILD_RUBY_RESOURCES_LIMITS_CPU}", - "memory": "${BUILD_RUBY_RESOURCES_LIMITS_MEMORY}" - } - } - }, - "status": { - "lastVersion": 1 - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "frontend", - "namespace": "test", - "creationTimestamp": "2015-05-01T20:22:22Z", - "labels": { - "template": "application-template-stibuild" - } - }, - "spec": { - "strategy": { - "type": "Recreate", - "recreateParams": { - "pre": { - "failurePolicy": "Abort", - "execNewPod": { - "command": [ - "/bin/true" - ], - "env": [ - { - "name": "CUSTOM_VAR1", - "value": "custom_value1" - } - ], - "containerName": "ruby-helloworld" - } - }, - "post": { - "failurePolicy": "Ignore", - "execNewPod": { - "command": [ - "/bin/false" - ], - "env": [ - { - "name": "CUSTOM_VAR2", - "value": "custom_value2" - } - ], - "containerName": "ruby-helloworld" - } - } - }, - "resources": { - "limits": { - "cpu": "${DEPLOY_FRONTEND_RESOURCES_LIMITS_CPU}", - "memory": "${DEPLOY_FRONTEND_RESOURCES_LIMITS_MEMORY}" - } - } - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "ruby-helloworld" - ], - "from": { - "kind": "ImageStreamTag", - "name": "origin-ruby-sample:latest" - }, - "lastTriggeredImage": "" - } - } - ], - "replicas": 1, - "selector": { - "name": "frontend" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "frontend" - } - }, - "spec": { - "containers": [ - { - "name": "ruby-helloworld", - "image": "origin-ruby-sample", - "ports": [ - { - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "ADMIN_USERNAME", - "value": "${ADMIN_USERNAME}" - }, - { - "name": "ADMIN_PASSWORD", - "value": "${ADMIN_PASSWORD}" - }, - { - "name": "MYSQL_USER", - "value": "${MYSQL_USER}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${MYSQL_DATABASE}" - } - ], - "resources": { - "limits": { - "cpu": "${FRONTEND_RESOURCES_LIMITS_CPU}", - "memory": "${FRONTEND_RESOURCES_LIMITS_MEMORY}" - } - }, - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - }, - "status": {} - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "database", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "db", - "protocol": "TCP", - "port": 5434, - "targetPort": 3306, - "nodePort": 0 - } - ], - "selector": { - "name": "database" - }, - "type": "ClusterIP", - "sessionAffinity": "None" - }, - "status": { - "loadBalancer": {} - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "database", - "namespace": "test", - "creationTimestamp": "2015-05-01T20:22:22Z", - "labels": { - "template": "application-template-stibuild" - } - }, - "spec": { - "strategy": { - "type": "Recreate", - "resources": { - "limits": { - "cpu": "${DEPLOY_MYSQL_RESOURCES_LIMITS_CPU}", - "memory": "${DEPLOY_MYSQL_RESOURCES_LIMITS_MEMORY}" - } - } - }, - "triggers": [ - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "database" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "database" - } - }, - "spec": { - "volumes": [ - { - "name": "data", - "emptyDir": {} - } - ], - "containers": [ - { - "name": "ruby-helloworld-database", - "image": "openshift/mysql-55-centos7", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${MYSQL_USER}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${MYSQL_DATABASE}" - } - ], - "volumeMounts": [ - { - "name": "data", - "mountPath": "/var/lib/mysql/data" - } - ], - "resources": { - "limits": { - "cpu": "${MYSQL_RESOURCES_LIMITS_CPU}", - "memory": "${MYSQL_RESOURCES_LIMITS_MEMORY}" - } - }, - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - }, - "status": { - "latestVersion": 1, - "details": { - "causes": [ - { - "type": "ConfigChange" - } - ] - } - } - } - ], - "parameters": [ - { - "name": "ADMIN_USERNAME", - "description": "administrator username", - "generate": "expression", - "from": "admin[A-Z0-9]{3}" - }, - { - "name": "ADMIN_PASSWORD", - "description": "administrator password", - "generate": "expression", - "from": "[a-zA-Z0-9]{8}" - }, - { - "name": "MYSQL_USER", - "description": "database username", - "generate": "expression", - "from": "user[A-Z0-9]{3}" - }, - { - "name": "MYSQL_PASSWORD", - "description": "database password", - "generate": "expression", - "from": "[a-zA-Z0-9]{8}" - }, - { - "name": "MYSQL_DATABASE", - "description": "database name", - "value": "root" - }, - { - "name": "MYSQL_RESOURCES_LIMITS_MEMORY", - "description": "database memory limit", - "value": "200Mi" - }, - { - "name": "MYSQL_RESOURCES_LIMITS_CPU", - "description": "database cpu limit", - "value": "400m" - }, - { - "name": "DEPLOY_MYSQL_RESOURCES_LIMITS_MEMORY", - "description": "deploy database memory limit", - "value": "50Mi" - }, - { - "name": "DEPLOY_MYSQL_RESOURCES_LIMITS_CPU", - "description": "deploy database cpu limit", - "value": "20m" - }, - { - "name": "FRONTEND_RESOURCES_LIMITS_MEMORY", - "description": "frontend memory limit", - "value": "100Mi" - }, - { - "name": "FRONTEND_RESOURCES_LIMITS_CPU", - "description": "frontend cpu limit", - "value": "200m" - }, - { - "name": "DEPLOY_FRONTEND_RESOURCES_LIMITS_MEMORY", - "description": "deploy frontend memory limit", - "value": "50Mi" - }, - { - "name": "DEPLOY_FRONTEND_RESOURCES_LIMITS_CPU", - "description": "deploy frontend cpu limit", - "value": "20m" - }, - { - "name": "BUILD_RUBY_RESOURCES_LIMITS_MEMORY", - "description": "build ruby memory limit", - "value": "50Mi" - }, - { - "name": "BUILD_RUBY_RESOURCES_LIMITS_CPU", - "description": "build ruby cpu limit", - "value": "20m" - } - ], - "labels": { - "template": "application-template-stibuild" - } -} diff --git a/examples/project-quota/limits.yaml b/examples/project-quota/limits.yaml deleted file mode 100644 index 6e81bd6f1bc1..000000000000 --- a/examples/project-quota/limits.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: LimitRange -metadata: - creationTimestamp: null - name: limits -spec: - limits: - - max: - cpu: 500m - memory: 750Mi - min: - cpu: 10m - memory: 5Mi - type: Pod - - default: - cpu: 100m - memory: 100Mi - max: - cpu: 500m - memory: 750Mi - min: - cpu: 10m - memory: 5Mi - type: Container diff --git a/examples/project-quota/pod-with-resources.yaml b/examples/project-quota/pod-with-resources.yaml deleted file mode 100644 index 334460e7c9a7..000000000000 --- a/examples/project-quota/pod-with-resources.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - name: pod-with-resources -spec: - containers: - - capabilities: {} - image: gcr.io/google_containers/serve_hostname - imagePullPolicy: IfNotPresent - name: kubernetes-serve-hostname - resources: - limits: - cpu: 100m - memory: 6Mi - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - dnsPolicy: ClusterFirst - restartPolicy: Always -status: {} diff --git a/examples/project-quota/pod-without-resources.yaml b/examples/project-quota/pod-without-resources.yaml deleted file mode 100644 index 0a95797b67c6..000000000000 --- a/examples/project-quota/pod-without-resources.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - name: pod-without-resources -spec: - containers: - - capabilities: {} - image: gcr.io/google_containers/serve_hostname - imagePullPolicy: IfNotPresent - name: kubernetes-serve-hostname - resources: {} - securityContext: - capabilities: {} - privileged: false - terminationMessagePath: /dev/termination-log - dnsPolicy: ClusterFirst - restartPolicy: Always -status: {} diff --git a/examples/project-quota/quota.yaml b/examples/project-quota/quota.yaml deleted file mode 100644 index c10441dff99f..000000000000 --- a/examples/project-quota/quota.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ResourceQuota -metadata: - creationTimestamp: null - name: quota -spec: - hard: - cpu: "1" - memory: 750Mi - pods: "10" - replicationcontrollers: "10" - resourcequotas: "1" - services: "10" -status: {} diff --git a/examples/project-spawner/OWNERS b/examples/project-spawner/OWNERS deleted file mode 100644 index 9b1eb8b063cf..000000000000 --- a/examples/project-spawner/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - derekwaynecarr -approvers: - - derekwaynecarr diff --git a/examples/project-spawner/project-spawner.sh b/examples/project-spawner/project-spawner.sh deleted file mode 100755 index acdaad9786a2..000000000000 --- a/examples/project-spawner/project-spawner.sh +++ /dev/null @@ -1,11 +0,0 @@ -# Generates 500 projects - -set -o errexit -set -o nounset -set -o pipefail - -#!/bin/bash -for i in {1..500} -do - oc new-project projects-${i} -done \ No newline at end of file diff --git a/examples/pruner/cronjob.yaml b/examples/pruner/cronjob.yaml index e497c2bc55ef..72d42835fb6e 100644 --- a/examples/pruner/cronjob.yaml +++ b/examples/pruner/cronjob.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: prune-images - image: openshift/origin:latest + image: openshift/origin-control-plane:latest args: [ "admin", "prune", "images", "--confirm"] restartPolicy: OnFailure serviceAccountName: image-pruner diff --git a/examples/statefulsets/OWNERS b/examples/statefulsets/OWNERS deleted file mode 100644 index 4ab2f77b0627..000000000000 --- a/examples/statefulsets/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - soltysh -approvers: - - soltysh diff --git a/examples/statefulsets/README.md b/examples/statefulsets/README.md deleted file mode 100644 index 7ce05bf5d09a..000000000000 --- a/examples/statefulsets/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# StatefulSet examples - -These examples are tracked from the [Kubernetes contrib project @d6e4be](https://github.com/kubernetes/contrib/tree/d6e4be066cc076fbb91ff69691819e117711b30b/pets) - -Note that some of these examples require the ability to run root containers which may not be possible for all users in all environments. To grant -access to run containers as root to a service account in your project, run: - - oc adm policy add-scc-to-user anyuid -z default - -which allows the `default` service account to run root containers. diff --git a/examples/statefulsets/peer-finder/Dockerfile b/examples/statefulsets/peer-finder/Dockerfile deleted file mode 100644 index 137d2b42c797..000000000000 --- a/examples/statefulsets/peer-finder/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/google_containers/ubuntu-slim:0.2 -MAINTAINER Prashanth.B - -RUN apt-get update && apt-get install -y wget bash dnsutils -ADD peer-finder /peer-finder -ADD peer-finder.go /peer-finder.go - -EXPOSE 9376 -ENTRYPOINT ["/peer-finder"] diff --git a/examples/statefulsets/peer-finder/Makefile b/examples/statefulsets/peer-finder/Makefile deleted file mode 100644 index 5cc743c21475..000000000000 --- a/examples/statefulsets/peer-finder/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -all: push - -TAG = 0.1 -PREFIX = gcr.io/google_containers/peer-finder - -server: peer-finder.go - CGO_ENABLED=0 go build -a -installsuffix cgo --ldflags '-w' ./peer-finder.go - -release: server - gsutil cp peer-finder gs://kubernetes-release/pets/peer-finder - -container: server - docker build -t $(PREFIX):$(TAG) . - -push: container - gcloud docker push $(PREFIX):$(TAG) - -clean: - rm -f peer-finder diff --git a/examples/statefulsets/peer-finder/README.md b/examples/statefulsets/peer-finder/README.md deleted file mode 100644 index a3092e0fbf19..000000000000 --- a/examples/statefulsets/peer-finder/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# Peer finder - -This is a simple peer finder daemon that runs as pid 1 in a statefulset. -It is expected to be a temporary solution till the main Kubernetes repo supports: -1. Init containers to replace on-start scripts -2. A notification delivery mechanism that allows external controllers to - declaratively execute on-change scripts in containers. - -Though we don't expect this container to always run as pid1, it will be -necessary in some form. All it does is resolve DNS. Even when we get (2) -the most natural way to update the input for the on-change script is through -a sidecar that runs the peer-finder. diff --git a/examples/statefulsets/peer-finder/peer-finder.go b/examples/statefulsets/peer-finder/peer-finder.go deleted file mode 100644 index 9cbf0d0bd482..000000000000 --- a/examples/statefulsets/peer-finder/peer-finder.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// A small utility program to lookup hostnames of endpoints in a service. -package main - -import ( - "flag" - "fmt" - "log" - "net" - "os" - "os/exec" - "sort" - "strings" - "time" - - "k8s.io/apimachinery/pkg/util/sets" -) - -const ( - svcLocalSuffix = "svc.cluster.local" - pollPeriod = 1 * time.Second -) - -var ( - onChange = flag.String("on-change", "", "Script to run on change, must accept a new line separated list of peers via stdin.") - onStart = flag.String("on-start", "", "Script to run on start, must accept a new line separated list of peers via stdin.") - svc = flag.String("service", "", "Governing service responsible for the DNS records of the domain this pod is in.") - namespace = flag.String("ns", "", "The namespace this pod is running in. If unspecified, the POD_NAMESPACE env var is used.") -) - -func lookup(svcName string) (sets.String, error) { - endpoints := sets.NewString() - _, srvRecords, err := net.LookupSRV("", "", svcName) - if err != nil { - return endpoints, err - } - for _, srvRecord := range srvRecords { - // The SRV records ends in a "." for the root domain - ep := fmt.Sprintf("%v", srvRecord.Target[:len(srvRecord.Target)-1]) - endpoints.Insert(ep) - } - return endpoints, nil -} - -func shellOut(sendStdin, script string) { - log.Printf("execing: %v with stdin: %v", script, sendStdin) - // TODO: Switch to sending stdin from go - out, err := exec.Command("bash", "-c", fmt.Sprintf("echo -e '%v' | %v", sendStdin, script)).CombinedOutput() - if err != nil { - log.Fatalf("Failed to execute %v: %v, err: %v", script, string(out), err) - } - log.Print(string(out)) -} - -func main() { - flag.Parse() - - ns := *namespace - if ns == "" { - ns = os.Getenv("POD_NAMESPACE") - } - if *svc == "" || ns == "" || (*onChange == "" && *onStart == "") { - log.Fatalf("Incomplete args, require -on-change and/or -on-start, -service and -ns or an env var for POD_NAMESPACE.") - } - - hostname, err := os.Hostname() - if err != nil { - log.Fatalf("Failed to get hostname: %s", err) - } - - myName := strings.Join([]string{hostname, *svc, ns, svcLocalSuffix}, ".") - script := *onStart - if script == "" { - script = *onChange - log.Printf("No on-start supplied, on-change %v will be applied on start.", script) - } - for newPeers, peers := sets.NewString(), sets.NewString(); script != ""; time.Sleep(pollPeriod) { - newPeers, err = lookup(*svc) - if err != nil { - log.Printf("%v", err) - continue - } - if newPeers.Equal(peers) || !newPeers.Has(myName) { - continue - } - peerList := newPeers.List() - sort.Strings(peerList) - log.Printf("Peer list updated\nwas %v\nnow %v", peers.List(), newPeers.List()) - shellOut(strings.Join(peerList, "\n"), script) - peers = newPeers - script = *onChange - } - // TODO: Exit if there's no on-change? - log.Printf("Peer finder exiting") -} diff --git a/examples/statefulsets/redis/README.md b/examples/statefulsets/redis/README.md deleted file mode 100644 index 4b0d07fc72fe..000000000000 --- a/examples/statefulsets/redis/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# Redis - -This example runs redis through a statefulset. - -## Master/slave - -### Bootstrap - -Create the yaml in this directory -``` -$ kubectl create -f redis.yaml -``` - -can run the "test.sh" script in this directory. - -## TODO - -Expect cleaner solutions for the following as statefulset matures. - -* Scaling Up/down -* Image Upgrade -* Periodic maintenance -* Sentinel failover diff --git a/examples/statefulsets/redis/init/Dockerfile b/examples/statefulsets/redis/init/Dockerfile deleted file mode 100644 index 62b975631b4c..000000000000 --- a/examples/statefulsets/redis/init/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# TODO: get rid of bash dependency and switch to plain busybox. -# The tar in busybox also doesn't seem to understand compression. -FROM debian:jessie -MAINTAINER Prashanth.B - -# TODO: just use standard redis when there is one for 3.2.0. -RUN apt-get update && apt-get install -y wget make gcc - -ADD on-start.sh / -# See contrib/pets/peer-finder for details -RUN wget -qO /peer-finder https://storage.googleapis.com/kubernetes-release/pets/peer-finder - -ADD install.sh / -RUN chmod -c 755 /install.sh /on-start.sh /peer-finder -Entrypoint ["/install.sh"] diff --git a/examples/statefulsets/redis/init/Makefile b/examples/statefulsets/redis/init/Makefile deleted file mode 100644 index ff217dd12bb8..000000000000 --- a/examples/statefulsets/redis/init/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -all: push - -TAG = 0.1 -PREFIX = gcr.io/google_containers/redis-install - -container: - docker build -t $(PREFIX):$(TAG) . - -push: container - gcloud docker push $(PREFIX):$(TAG) - -clean: - docker rmi $(PREFIX):$(TAG) diff --git a/examples/statefulsets/redis/init/install.sh b/examples/statefulsets/redis/init/install.sh deleted file mode 100755 index 81eaba58cc52..000000000000 --- a/examples/statefulsets/redis/init/install.sh +++ /dev/null @@ -1,63 +0,0 @@ -#! /bin/bash - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This volume is assumed to exist and is shared with parent of the init -# container. It contains the redis installation. -INSTALL_VOLUME="/opt" - -# This volume is assumed to exist and is shared with the peer-finder -# init container. It contains on-start/change configuration scripts. -WORK_DIR="/work-dir" - -TEMP_DIR="/tmp" - -VERSION="3.2.0" - -for i in "$@" -do -case $i in - -v=*|--version=*) - VERSION="${i#*=}" - shift - ;; - -i=*|--install-into=*) - INSTALL_VOLUME="${i#*=}" - shift - ;; - -w=*|--work-dir=*) - WORK_DIR="${i#*=}" - shift - ;; - *) - # unknown option - ;; -esac -done - -echo installing config scripts into "${WORK_DIR}" -mkdir -p "${WORK_DIR}" -cp /on-start.sh "${WORK_DIR}"/ -cp /peer-finder "${WORK_DIR}"/ - -echo installing redis-"${VERSION}" into "${INSTALL_VOLUME}" -mkdir -p "${TEMP_DIR}" "${INSTALL_VOLUME}"/redis -wget -q -O - http://download.redis.io/releases/redis-"${VERSION}".tar.gz | tar -xzf - -C "${TEMP_DIR}" - -cd "${TEMP_DIR}"/redis-"${VERSION}"/ -# Clean out existing deps, see https://github.com/antirez/redis/issues/722 -make distclean -make install INSTALL_BIN="${INSTALL_VOLUME}"/redis -cp "${TEMP_DIR}"/redis-"${VERSION}"/redis.conf ${INSTALL_VOLUME}/redis/redis.conf diff --git a/examples/statefulsets/redis/init/on-start.sh b/examples/statefulsets/redis/init/on-start.sh deleted file mode 100755 index 0776a461d9f2..000000000000 --- a/examples/statefulsets/redis/init/on-start.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -CFG=/opt/redis/redis.conf -HOSTNAME=$(hostname) -DATADIR="/data" -# Port on which redis listens for connections. -PORT=6379 - -# Ping everyone but ourself to see if there's a master. Only one pet starts at -# a time, so if we don't see a master we can assume the position is ours. -while read -ra LINE; do - if [[ "${LINE}" == *"${HOSTNAME}"* ]]; then - sed -i -e "s|^bind.*$|bind ${LINE}|" ${CFG} - elif [ "$(/opt/redis/redis-cli -h $LINE info | grep role | sed 's,\r$,,')" = "role:master" ]; then - # TODO: More restrictive regex? - sed -i -e "s|^.*slaveof.*$|slaveof ${LINE} ${PORT}|" ${CFG} - fi -done - -# Set the data directory for append only log and snapshot files. This should -# be a persistent volume for consistency. -sed -i -e "s|^.*dir .*$|dir ${DATADIR}|" ${CFG} - -# The append only log is written for every SET operation. Without this setting, -# redis just snapshots periodically which is only safe for a cache. This will -# produce an appendonly.aof file in the configured data dir. -sed -i -e "s|^appendonly .*$|appendonly yes|" ${CFG} - -# Every write triggers an fsync. Recommended default is "everysec", which -# is only safe for AP applications. -sed -i -e "s|^appendfsync .*$|appendfsync always|" ${CFG} diff --git a/examples/statefulsets/redis/redis.yaml b/examples/statefulsets/redis/redis.yaml deleted file mode 100644 index 09c21916a474..000000000000 --- a/examples/statefulsets/redis/redis.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# A headless service to create DNS records -apiVersion: v1 -kind: Service -metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: redis - labels: - app: redis -spec: - ports: - - port: 6379 - name: peer - # *.redis.default.svc.cluster.local - clusterIP: None - selector: - app: redis ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: rd -spec: - serviceName: "redis" - replicas: 3 - template: - metadata: - labels: - app: redis - annotations: - pod.alpha.kubernetes.io/initialized: "true" - pod.alpha.kubernetes.io/init-containers: '[ - { - "name": "install", - "image": "gcr.io/google_containers/redis-install:0.1", - "imagePullPolicy": "Always", - "args": ["--version=3.2.0", "--install-into=/opt", "--work-dir=/work-dir"], - "volumeMounts": [ - { - "name": "opt", - "mountPath": "/opt" - }, - { - "name": "workdir", - "mountPath": "/work-dir" - } - ] - }, - { - "name": "bootstrap", - "image": "debian:jessie", - "command": ["/work-dir/peer-finder"], - "args": ["-on-start=\"/work-dir/on-start.sh\"", "-service=redis"], - "env": [ - { - "name": "POD_NAMESPACE", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "metadata.namespace" - } - } - } - ], - "volumeMounts": [ - { - "name": "opt", - "mountPath": "/opt" - }, - { - "name": "workdir", - "mountPath": "/work-dir" - } - ] - } - ]' - spec: - containers: - - name: redis - image: debian:jessie - ports: - - containerPort: 6379 - name: peer - command: - - /opt/redis/redis-server - args: - - /opt/redis/redis.conf - readinessProbe: - exec: - command: - - sh - - -c - - "/opt/redis/redis-cli -h $(hostname) ping" - initialDelaySeconds: 15 - timeoutSeconds: 5 - volumeMounts: - - name: datadir - mountPath: /data - - name: opt - mountPath: /opt - volumes: - - name: opt - emptyDir: {} - - name: workdir - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: datadir - annotations: - volume.alpha.kubernetes.io/storage-class: anything - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: 20Gi diff --git a/examples/statefulsets/redis/test.sh b/examples/statefulsets/redis/test.sh deleted file mode 100755 index bdce07351fa5..000000000000 --- a/examples/statefulsets/redis/test.sh +++ /dev/null @@ -1,18 +0,0 @@ -#! /bin/bash - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kubectl exec rd-0 -- /opt/redis/redis-cli -h rd-0.redis SET replicated:test true -kubectl exec rd-2 -- /opt/redis/redis-cli -h rd-2.redis GET replicated:test diff --git a/examples/statefulsets/zookeeper/README.md b/examples/statefulsets/zookeeper/README.md deleted file mode 100644 index 2839f953882c..000000000000 --- a/examples/statefulsets/zookeeper/README.md +++ /dev/null @@ -1,84 +0,0 @@ -# Zookeeper - -This example runs zookeeper through a statefulset. - -## Bootstrap - -Create the statefulset in this directory -``` -$ kubetl create -f zookeeper.yaml -``` - -Once you have all 3 nodes in Running, you can run the "test.sh" script in this directory. - -## Failover - -You can test failover by killing the leader. Insert a key: -```console -$ kubectl exec zoo-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar; -$ kubectl exec zoo-2 -- /opt/zookeeper/bin/zkCli.sh get /foo; - -Watch existing members: -```console -$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zoo-$i $(echo stats | nc zoo-$i.zk:2181 | grep Mode); sleep 1; done; done'; -zoo-2 Mode: follower -zoo-0 Mode: follower -zoo-1 Mode: leader -zoo-2 Mode: follower -``` - -Delete pets and wait for the statefulset controller to bring the back up: -```console -$ kubectl delete po -l app=zk -$ kubectl get po --watch-only -NAME READY STATUS RESTARTS AGE -zoo-0 0/1 Init:0/2 0 16s -zoo-0 0/1 Init:0/2 0 21s -zoo-0 0/1 PodInitializing 0 23s -zoo-0 1/1 Running 0 41s -zoo-1 0/1 Pending 0 0s -zoo-1 0/1 Init:0/2 0 0s -zoo-1 0/1 Init:0/2 0 14s -zoo-1 0/1 PodInitializing 0 17s -zoo-1 0/1 Running 0 18s -zoo-2 0/1 Pending 0 0s -zoo-2 0/1 Init:0/2 0 0s -zoo-2 0/1 Init:0/2 0 12s -zoo-2 0/1 Init:0/2 0 28s -zoo-2 0/1 PodInitializing 0 31s -zoo-2 0/1 Running 0 32s -... - -zoo-0 Mode: follower -zoo-1 Mode: leader -zoo-2 Mode: follower -``` - -Check the previously inserted key: -```console -$ kubectl exec zoo-1 -- /opt/zookeeper/bin/zkCli.sh get /foo -ionid = 0x354887858e80035, negotiated timeout = 30000 - -WATCHER:: - -WatchedEvent state:SyncConnected type:None path:null -bar -``` - -## Scaling - -You can scale up by modifying the number of replicas on the StatefulSet. - -## Image Upgrade - -TODO: Add details - -## Maintenance - -TODO: Add details - -## Limitations -* Both statefulset and init containers are in alpha -* Look through the on-start and on-change scripts for TODOs -* Doesn't support the addition of observers through the statefulset -* Only supports storage options that have backends for persistent volume claims diff --git a/examples/statefulsets/zookeeper/init/Dockerfile b/examples/statefulsets/zookeeper/init/Dockerfile deleted file mode 100644 index d3e8aaeef645..000000000000 --- a/examples/statefulsets/zookeeper/init/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# TODO: get rid of bash dependency and switch to plain busybox. -# The tar in busybox also doesn't seem to understand compression. -FROM debian:jessie -MAINTAINER Prashanth.B - -RUN apt-get update && apt-get install -y wget netcat - -ADD on-start.sh / -ADD on-change.sh / -# See contrib/pets/peer-finder for details -RUN wget -qO /peer-finder https://storage.googleapis.com/kubernetes-release/pets/peer-finder - -ADD install.sh / -RUN chmod -c 755 /install.sh /on-start.sh /on-change.sh /peer-finder -Entrypoint ["/install.sh"] diff --git a/examples/statefulsets/zookeeper/init/Makefile b/examples/statefulsets/zookeeper/init/Makefile deleted file mode 100644 index bfb697899e7f..000000000000 --- a/examples/statefulsets/zookeeper/init/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -all: push - -TAG = 0.1 -PREFIX = gcr.io/google_containers/zookeeper-install - -container: - docker build -t $(PREFIX):$(TAG) . - -push: container - gcloud docker push $(PREFIX):$(TAG) - -clean: - docker rmi $(PREFIX):$(TAG) diff --git a/examples/statefulsets/zookeeper/init/install.sh b/examples/statefulsets/zookeeper/init/install.sh deleted file mode 100755 index 6ed72696be0c..000000000000 --- a/examples/statefulsets/zookeeper/init/install.sh +++ /dev/null @@ -1,76 +0,0 @@ -#! /bin/bash - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This volume is assumed to exist and is shared with parent of the init -# container. It contains the zookeeper installation. -INSTALL_VOLUME="/opt" - -# This volume is assumed to exist and is shared with the peer-finder -# init container. It contains on-start/change configuration scripts. -WORKDIR_VOLUME="/work-dir" - -# As of April-2016 is 3.4.8 is the latest stable, but versions 3.5.0 onward -# allow dynamic reconfiguration. -VERSION="3.5.0-alpha" - -for i in "$@" -do -case $i in - -v=*|--version=*) - VERSION="${i#*=}" - shift - ;; - -i=*|--install-into=*) - INSTALL_VOLUME="${i#*=}" - shift - ;; - -w=*|--work-dir=*) - WORKDIR_VOLUME="${i#*=}" - shift - ;; - *) - # unknown option - ;; -esac -done - -echo installing config scripts into "${WORKDIR_VOLUME}" -mkdir -p "${WORKDIR_VOLUME}" -cp /on-start.sh "${WORKDIR_VOLUME}"/ -cp /on-change.sh "${WORKDIR_VOLUME}"/ -cp /peer-finder "${WORKDIR_VOLUME}"/ - -echo installing zookeeper-"${VERSION}" into "${INSTALL_VOLUME}" -mkdir -p "${INSTALL_VOLUME}" -wget -q -O - http://apache.mirrors.pair.com/zookeeper/zookeeper-"${VERSION}"/zookeeper-"${VERSION}".tar.gz | tar -xzf - -C "${INSTALL_VOLUME}" -mv "${INSTALL_VOLUME}"/zookeeper-"${VERSION}" "${INSTALL_VOLUME}"/zookeeper -cp "${INSTALL_VOLUME}"/zookeeper/conf/zoo_sample.cfg "${INSTALL_VOLUME}"/zookeeper/conf/zoo.cfg - -# TODO: Should dynamic config be tied to the version? -IFS="." read -ra RELEASE <<< "${VERSION}" -if [ $(expr "${RELEASE[1]}") -gt 4 ]; then - echo zookeeper-"${VERSION}" supports dynamic reconfiguration, enabling it - echo "standaloneEnabled=false" >> "${INSTALL_VOLUME}"/zookeeper/conf/zoo.cfg - echo "dynamicConfigFile="${INSTALL_VOLUME}"/zookeeper/conf/zoo.cfg.dynamic" >> "${INSTALL_VOLUME}"/zookeeper/conf/zoo.cfg -fi - -# TODO: This is a hack, netcat is convenient to have in the zookeeper container -# I want to avoid using a custom zookeeper image just for this. So copy it. -NC=$(which nc) -if [ "${NC}" != "" ]; then - echo copying nc into "${INSTALL_VOLUME}" - cp "${NC}" "${INSTALL_VOLUME}" -fi diff --git a/examples/statefulsets/zookeeper/init/on-change.sh b/examples/statefulsets/zookeeper/init/on-change.sh deleted file mode 100755 index bb9a5049e401..000000000000 --- a/examples/statefulsets/zookeeper/init/on-change.sh +++ /dev/null @@ -1,49 +0,0 @@ -#! /bin/bash - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script configures zookeeper cluster member ship for version of zookeeper -# < 3.5.0. It should not be used with the on-start.sh script in this example. -# As of April-2016 is 3.4.8 is the latest stable. - -CFG=/opt/zookeeper/conf/zoo.cfg -CFG_BAK=/opt/zookeeper/conf/zoo.cfg.bak -MY_ID=/tmp/zookeeper/myid - -# write myid -IFS='-' read -ra ADDR <<< "$(hostname)" -echo $(expr "1" + "${ADDR[1]}") > "${MY_ID}" - -# TODO: This is a dumb way to reconfigure zookeeper because it allows dynamic -# reconfig, but it's simple. -i=0 -echo " -tickTime=2000 -initLimit=10 -syncLimit=5 -dataDir=/tmp/zookeeper -clientPort=2181 -" > "${CFG_BAK}" - -while read -ra LINE; do - let i=i+1 - echo "server.${i}=${LINE}:2888:3888" >> "${CFG_BAK}" -done -cp ${CFG_BAK} ${CFG} - -# TODO: Typically one needs to first add a new member as an "observer" then -# promote it to "participant", but that requirement is relaxed if we never -# start > 1 at a time. -/opt/zookeeper/bin/zkServer.sh restart diff --git a/examples/statefulsets/zookeeper/init/on-start.sh b/examples/statefulsets/zookeeper/init/on-start.sh deleted file mode 100755 index 392b82aa9dad..000000000000 --- a/examples/statefulsets/zookeeper/init/on-start.sh +++ /dev/null @@ -1,73 +0,0 @@ -#! /bin/bash - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script configures zookeeper cluster member ship for version of zookeeper -# >= 3.5.0. It should not be used with the on-change.sh script in this example. -# As of April-2016 is 3.4.8 is the latest stable. - -# Both /opt and /tmp/zookeeper are assumed to be volumes shared with the parent. -CFG=/opt/zookeeper/conf/zoo.cfg.dynamic -CFG_BAK=/opt/zookeeper/conf/zoo.cfg.bak -MY_ID_FILE=/tmp/zookeeper/myid -HOSTNAME=$(hostname) - -while read -ra LINE; do - PEERS=("${PEERS[@]}" $LINE) -done - -# Don't add the first member as an observer -if [ ${#PEERS[@]} -eq 1 ]; then - # We need to write our index in this list of servers into MY_ID_FILE. - # Note that this may not always coincide with the hostname id. - echo 1 > "${MY_ID_FILE}" - echo "server.1=${PEERS[0]}:2888:3888;2181" > "${CFG}" - # TODO: zkServer-initialize is the safe way to handle changes to datadir - # because simply starting will create a new datadir, BUT if the user changed - # pod template they might end up with 2 datadirs and brief split brain. - exit -fi - -# Every subsequent member is added as an observer and promoted to a participant -echo "" > "${CFG_BAK}" -i=0 -for peer in "${PEERS[@]}"; do - let i=i+1 - if [[ "${peer}" == *"${HOSTNAME}"* ]]; then - MY_ID=$i - MY_NAME=${peer} - echo $i > "${MY_ID_FILE}" - echo "server.${i}=${peer}:2888:3888:observer;2181" >> "${CFG_BAK}" - else - echo "server.${i}=${peer}:2888:3888:participant;2181" >> "${CFG_BAK}" - fi -done - -# Once the dynamic config file is written it shouldn't be modified, so the final -# reconfigure needs to happen through the "reconfig" command. -cp ${CFG_BAK} ${CFG} - -# TODO: zkServer-initialize is the safe way to handle changes to datadir -# because simply starting will create a new datadir, BUT if the user changed -# pod template they might end up with 2 datadirs and brief split brain. -/opt/zookeeper/bin/zkServer.sh start - -# TODO: We shouldn't need to specify the address of the master as long as -# there's quorum. According to the docs the new server is just not allowed to -# vote, it's still allowed to propose config changes, and it knows the -# existing members of the ensemble from *its* config. This works as expected, -# but we should correlate with more satisfying empirical evidence. -/opt/zookeeper/bin/zkCli.sh reconfig -add "server.$MY_ID=$MY_NAME:2888:3888:participant;2181" -/opt/zookeeper/bin/zkServer.sh stop diff --git a/examples/statefulsets/zookeeper/test.sh b/examples/statefulsets/zookeeper/test.sh deleted file mode 100755 index 1436f6939252..000000000000 --- a/examples/statefulsets/zookeeper/test.sh +++ /dev/null @@ -1,18 +0,0 @@ -#! /bin/bash - -# Copyright 2016 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kubectl exec zoo-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar; -kubectl exec zoo-2 -- /opt/zookeeper/bin/zkCli.sh get /foo; diff --git a/examples/statefulsets/zookeeper/zookeeper.yaml b/examples/statefulsets/zookeeper/zookeeper.yaml deleted file mode 100644 index 8c1ac037ed64..000000000000 --- a/examples/statefulsets/zookeeper/zookeeper.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# A headless service to create DNS records -apiVersion: v1 -kind: Service -metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: zk - labels: - app: zk -spec: - ports: - - port: 2888 - name: peer - - port: 3888 - name: leader-election - # *.zk.default.svc.cluster.local - clusterIP: None - selector: - app: zk ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: zoo -spec: - serviceName: "zk" - replicas: 3 - template: - metadata: - labels: - app: zk - annotations: - pod.alpha.kubernetes.io/initialized: "true" - pod.alpha.kubernetes.io/init-containers: '[ - { - "name": "install", - "image": "gcr.io/google_containers/zookeeper-install:0.1", - "imagePullPolicy": "Always", - "args": ["--version=3.5.0-alpha", "--install-into=/opt", "--work-dir=/work-dir"], - "volumeMounts": [ - { - "name": "opt", - "mountPath": "/opt/" - }, - { - "name": "workdir", - "mountPath": "/work-dir" - } - ] - }, - { - "name": "bootstrap", - "image": "java:openjdk-8-jre", - "command": ["/work-dir/peer-finder"], - "args": ["-on-start=\"/work-dir/on-start.sh\"", "-service=zk"], - "env": [ - { - "name": "POD_NAMESPACE", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "metadata.namespace" - } - } - } - ], - "volumeMounts": [ - { - "name": "opt", - "mountPath": "/opt/" - }, - { - "name": "workdir", - "mountPath": "/work-dir" - }, - { - "name": "datadir", - "mountPath": "/tmp/zookeeper" - } - ] - } - ]' - spec: - containers: - - name: zk - image: java:openjdk-8-jre - ports: - - containerPort: 2888 - name: peer - - containerPort: 3888 - name: leader-election - command: - - /opt/zookeeper/bin/zkServer.sh - args: - - start-foreground - readinessProbe: - exec: - command: - - sh - - -c - - "/opt/zookeeper/bin/zkCli.sh ls /" - initialDelaySeconds: 15 - timeoutSeconds: 5 - volumeMounts: - - name: datadir - mountPath: /tmp/zookeeper - - name: opt - mountPath: /opt/ - volumes: - - name: opt - emptyDir: {} - - name: workdir - emptyDir: {} - volumeClaimTemplates: - - metadata: - name: datadir - annotations: - volume.alpha.kubernetes.io/storage-class: anything - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: 20Gi diff --git a/examples/wordpress/OWNERS b/examples/wordpress/OWNERS deleted file mode 100644 index 033f01045a12..000000000000 --- a/examples/wordpress/OWNERS +++ /dev/null @@ -1,12 +0,0 @@ -reviewers: - - markturansky - - jsafrane - - pweil- - - jim-minter - - rootfs - - coreydaley - - bparees -approvers: - - jsafrane - - pweil- - - bparees diff --git a/examples/wordpress/README.md b/examples/wordpress/README.md deleted file mode 100644 index 8d7db67bc113..000000000000 --- a/examples/wordpress/README.md +++ /dev/null @@ -1,95 +0,0 @@ -# How To Use Persistent Volumes - -The purpose of this guide is to help you understand storage provisioning by creating a WordPress blog and MySQL database. -In this example, both the blog and database require persistent storage. - -This guide assumes knowledge of OpenShift fundamentals and that you have a cluster up and running. Please review steps 1 - 10 in the -[sample-app](https://github.com/openshift/origin/blob/master/examples/sample-app/README.md) to run an OpenShift cluster. - -## Root access - -The Wordpress Dockerhub image binds Apache to port 80 in the container, which requires root access. We can allow that -in this example, but those wishing to run a more secure cluster will want to ensure their images don't require root access (e.g, bind to high number ports, don't chown or chmod dirs, etc) - -Allow Wordpress to bind to port 80 by editing the restricted security context restraint. Change "runAsUser" from ```MustRunAsRange``` to ```RunAsAny```. - - -```console -$ oc patch scc restricted -p '{"runAsUser":{"type":"RunAsAny"}}' -``` - -Changing the restricted security context as shown above allows the Wordpress container to bind to port 80. - -## Storage Provisioning - -OpenShift expects that storage volumes are provisioned by system administrator outside of OpenShift. As subsequent step, the system admin then tells OpenShift about these volumes by creating Persistent Volumes objects. Wearing your "system admin" hat, follow these guides to create Persistent Volumes named `pv001` and `pv002`. - -* [NFS](nfs/README.md) -* [OpenStack Cinder](cinder/README.md) -- [Fibre Channel](fc/README.md) - -## Persistent Volumes Claims -Now that the "system admin" has deployed some Persistent Volumes, you can continue as an application developer and actually use these volumes to store some MySQL and Wordpress data. From now on, the guide does not depend on the underlying storage technology! - -``` -# Create claims for storage. -# The claims in this example carefully match the volumes created above. -$ oc create -f examples/wordpress/pvc-wp.yaml -$ oc create -f examples/wordpress/pvc-mysql.yaml -$ oc get pvc - -NAME LABELS STATUS VOLUME -claim-mysql map[] Bound pv0002 -claim-wp map[] Bound pv0001 -``` - -## MySQL - -Launch the MySQL pod. - -``` -oc create -f examples/wordpress/pod-mysql.yaml -``` - -After a few moments, MySQL will be running and accessible via the pod's IP address. We don't know what the IP address -will be and we wouldn't want to hard-code that value in any pod that wants access to MySQL. - -Create a service in front of MySQL that allows other pods to connect to it by name. - -``` -# This allows the pod to access MySQL via a service name instead of hard-coded host address -oc create -f examples/wordpress/service-mysql.yaml -``` - -## WordPress - -We use the MySQL service defined above in our Wordpress pod. The variable WORDPRESS_DB_HOST is set to the name - of our MySQL service. - -Because the Wordpress pod and MySQL service are running in the same namespace, we can reference the service by name. We -can also access a service in another namespace by using the name and namespace: ```mysql.another_namespace```. The fully qualified -name of the service would also work: ```mysql..svc.cluster.local``` - -``` -- name: WORDPRESS_DB_HOST - # this is the name of the mysql service fronting the mysql pod in the same namespace - # expands to mysql..svc.cluster.local - where is the current namespace - value: mysql -``` - -Launch the Wordpress pod and its corresponding service. - -``` -oc create -f examples/wordpress/pod-wordpress.yaml -oc create -f examples/wordpress/service-wp.yaml - -oc get svc -NAME LABELS SELECTOR IP(S) PORT(S) -mysql name=mysql name=mysql 172.30.115.137 3306/TCP -wpfrontend name=wpfrontend name=wordpress 172.30.170.55 5055/TCP -``` - - -## Start Blogging - -In your browser, visit 172.30.170.55:5055 (your IP address will vary). The Wordpress install process will lead you through setting up the blog. diff --git a/examples/wordpress/cinder/README.md b/examples/wordpress/cinder/README.md deleted file mode 100644 index 735102d6a1b7..000000000000 --- a/examples/wordpress/cinder/README.md +++ /dev/null @@ -1,143 +0,0 @@ -# How To Use OpenStack Cinder Persistent Volumes - -The purpose of this guide is to create Persistent Volumes using [OpenStack Cinder](https://wiki.openstack.org/wiki/Cinder). It is part of [OpenShift persistent storage guide](../README.md), which explains how to use these Persistent Volumes as data storage for applications. - -This guide assumes knowledge of OpenShift fundamentals and that you have a cluster up and running on OpenStack. - -## Cinder Provisioning - -We'll be creating Cinder volumes in our OpenStack installation and pre-formatting them with ext3 filesystem. This requires Cinder and Nova client tools installed on a OpenStack virtual machine (=instance in OpenStack terminology) and configured OpenStack environment variables there. Consult your OpenStack site admins for values of these environment variables. -```console -[root@vm1 ~] $ yum install python-cinderclient python-keystoneclient python-novaclient -[root@vm1 ~] $ export OS_AUTH_URL= -[root@vm1 ~] $ export OS_TENANT_ID= -[root@vm1 ~] $ export OS_USERNAME= -[root@vm1 ~] $ export OS_PASSWORD= -[root@vm1 ~] $ export OS_REGION_NAME= -``` - -Create 1GB and 5GB Cinder volumes and remember their IDs. -```console -[root@vm1 ~] $ cinder create --display-name test1 1 -+---------------------+--------------------------------------+ -| Property | Value | -+---------------------+--------------------------------------+ -| attachments | [] | -| availability_zone | nova | -| bootable | false | -| created_at | 2015-08-27T12:53:54.016972 | -| display_description | None | -| display_name | test1 | -| encrypted | False | -| id | f37a03aa-6212-4c62-a805-9ce139fab180 | -| metadata | {} | -| size | 1 | -| snapshot_id | None | -| source_volid | None | -| status | creating | -| volume_type | None | -+---------------------+--------------------------------------+ - -[root@vm1 ~] $ cinder create --display-name test2 5 -+---------------------+--------------------------------------+ -| Property | Value | -+---------------------+--------------------------------------+ -| attachments | [] | -| availability_zone | nova | -| bootable | false | -| created_at | 2015-08-27T12:53:57.415840 | -| display_description | None | -| display_name | test2 | -| encrypted | False | -| id | 51a3b34d-6f33-4e79-95f6-ebc804c96a1e | -| metadata | {} | -| size | 5 | -| snapshot_id | None | -| source_volid | None | -| status | creating | -| volume_type | None | -+---------------------+--------------------------------------+ -``` - -Temporarily attach the volumes, format them with ext3 filesystem and change permissions of their root directory to allow anyone to write there. Both MySQL and WordPress will use non-root users to write to the volumes. Of course, use real VM instance ID instead of `` and real IDs of your volumes. - -```console -[root@vm1 ~] $ nova volume-attach f37a03aa-6212-4c62-a805-9ce139fab180 -+----------+--------------------------------------+ -| Property | Value | -+----------+--------------------------------------+ -| device | /dev/vdd | -| id | f37a03aa-6212-4c62-a805-9ce139fab180 | -| serverId | 338db252-2bc6-4de2-8941-b22faca3f3dd | -| volumeId | f37a03aa-6212-4c62-a805-9ce139fab180 | -+----------+--------------------------------------+ - -[root@vm1 ~] $ mkfs.ext3 /dev/vdd -mke2fs 1.42.11 (09-Jul-2014) -Creating filesystem with 262144 4k blocks and 65536 inodes -Filesystem UUID: 76a0669a-36e3-40e3-a4f7-ac5e207620c5 -Superblock backups stored on blocks: - 32768, 98304, 163840, 229376 - -Allocating group tables: done -Writing inode tables: done -Creating journal (8192 blocks): done -Writing superblocks and filesystem accounting information: done - -[root@vm1 ~] $ mount /dev/vdd /mnt -[root@vm1 ~] $ chmod 777 /mnt -[root@vm1 ~] $ umount /mnt -[root@vm1 ~] $ nova volume-detach f37a03aa-6212-4c62-a805-9ce139fab180 - -[root@vm1 ~] $ nova volume-attach 51a3b34d-6f33-4e79-95f6-ebc804c96a1e -+----------+--------------------------------------+ -| Property | Value | -+----------+--------------------------------------+ -| device | /dev/vde | -| id | 51a3b34d-6f33-4e79-95f6-ebc804c96a1e | -| serverId | 338db252-2bc6-4de2-8941-b22faca3f3dd | -| volumeId | 51a3b34d-6f33-4e79-95f6-ebc804c96a1e | -+----------+--------------------------------------+ - -[root@vm1 ~] $ mkfs.ext3 /dev/vde -mke2fs 1.42.11 (09-Jul-2014) -Creating filesystem with 1310720 4k blocks and 327680 inodes -Filesystem UUID: 47d983e7-17a6-4189-8a08-2edbad057555 -Superblock backups stored on blocks: - 32768, 98304, 163840, 229376, 294912, 819200, 884736 - -Allocating group tables: done -Writing inode tables: done -Creating journal (32768 blocks): done -Writing superblocks and filesystem accounting information: ^[[A^[[Adone - -[root@vm1 ~] $ mount /dev/vde /mnt -[root@vm1 ~] $ chmod 777 /mnt -[root@vm1 ~] $ umount /mnt -[root@vm1 ~] $ nova volume-detach 51a3b34d-6f33-4e79-95f6-ebc804c96a1e -``` - -These steps can be easily automated. Scripting is left as an exercise for the reader. - - -## Cinder Persistent Volumes - -Each Cinder volume becomes its own Persistent Volume in the cluster. - -```console -# Edit Cinder persistent volume definitions and substitute with real ID of the volumes -[root@vm1 ~] $ vi examples/volumes//cinder/pv-cinder-1.yaml - volumeID: f37a03aa-6212-4c62-a805-9ce139fab180 -[root@vm1 ~] $ vi examples/volumes//cinder/pv-cinder-2.yaml - volumeID: 51a3b34d-6f33-4e79-95f6-ebc804c96a1e - -[root@vm1 ~] $ oc create -f examples/volumes/cinder/pv-1.yaml -[root@vm1 ~] $ oc create -f examples/volumes/cinder/pv-2.yaml -[root@vm1 ~] $ oc get pv - -NAME LABELS CAPACITY ACCESSMODES STATUS CLAIM REASON -pv0001 1073741824 RWO,RWX Available -pv0002 5368709120 RWO Available -``` - -Now the volumes are ready to be used by applications in the cluster. diff --git a/examples/wordpress/cinder/pv-1.yaml b/examples/wordpress/cinder/pv-1.yaml deleted file mode 100644 index d19d616f9c8c..000000000000 --- a/examples/wordpress/cinder/pv-1.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv0001 -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - - ReadWriteMany - cinder: - fsType: ext3 - volumeID: diff --git a/examples/wordpress/cinder/pv-2.yaml b/examples/wordpress/cinder/pv-2.yaml deleted file mode 100644 index d748d530274e..000000000000 --- a/examples/wordpress/cinder/pv-2.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv0002 -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - cinder: - fsType: ext3 - volumeID: diff --git a/examples/wordpress/fc/README.md b/examples/wordpress/fc/README.md deleted file mode 100644 index a18758c7129a..000000000000 --- a/examples/wordpress/fc/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# How To Use Fibre Channel Persistent Volumes - -The purpose of this guide is to create Persistent Volumes with Fibre Channel. It is part of [OpenShift persistent storage guide](../README.md), which explains how to use these Persistent Volumes as data storage for applications. - -## Setting up Fibre Channel Target - -On your FC SAN Zone manager, allocate and mask LUNs so Kubernetes hosts can access them. - -## Creating the PV with Fibre Channel persistent storage - -In the *fc* volume, you need to provide *targetWWNs* (array of Fibre Channel target's World Wide Names), *lun*, *fsType* that designates the filesystem type that has been created on the lun, and *readOnly* boolean. - -## Fibre Channel Persistent Volumes - -Each Fibre Channel Volume becomes its own Persistent Volume in the cluster. - -``` -# Create the persistent volumes for Fibre Channel. -$ oc create -f examples/wordpress/fc/pv-1.yaml -$ oc create -f examples/wordpress/fc/pv-2.yaml -$ oc get pv - -NAME LABELS CAPACITY ACCESSMODES STATUS CLAIM REASON AGE -pv0001 1Gi RWO Available 2m -pv0002 1Gi ROX Available 5s - -``` - -Now the volumes are ready to be used by applications in the cluster. diff --git a/examples/wordpress/fc/pv-1.yaml b/examples/wordpress/fc/pv-1.yaml deleted file mode 100644 index 35297ef7745a..000000000000 --- a/examples/wordpress/fc/pv-1.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv0001 -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - fc: - targetWWNs: ['500a0981891b8dc5', '500a0981991b8dc5'] - lun: 6 - fsType: ext4 diff --git a/examples/wordpress/fc/pv-2.yaml b/examples/wordpress/fc/pv-2.yaml deleted file mode 100644 index 1b93c31be0f5..000000000000 --- a/examples/wordpress/fc/pv-2.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv0002 -spec: - capacity: - storage: 1Gi - accessModes: - - ReadOnlyMany - fc: - targetWWNs: ['500a0981891b8dc5', '500a0981991b8dc5'] - lun: 2 - fsType: ext4 diff --git a/examples/wordpress/nfs/README.md b/examples/wordpress/nfs/README.md deleted file mode 100644 index 54365a7f067e..000000000000 --- a/examples/wordpress/nfs/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# How To Use NFS Persistent Volumes - -The purpose of this guide is to create Persistent Volumes with NFS. It is part of [OpenShift persistent storage guide](../README.md), which explains how to use these Persistent Volumes as data storage for applications. - -## NFS Provisioning - -We'll be creating NFS exports on the local machine. The instructions below are for Fedora. The provisioning process may be slightly different based on linux distribution or the type of NFS server being used. - -Create two NFS exports, each of which will become a Persistent Volume in the cluster. - -``` -# the directories in this example can grow unbounded -# use disk partitions of specific sizes to enforce storage quotas -mkdir -p /home/data/pv0001 -mkdir -p /home/data/pv0002 - -# security needs to be permissive currently, but the export will soon be restricted -# to the same UID/GID that wrote the data -chmod -R 777 /home/data/ - -# Add to /etc/exports -/home/data/pv0001 *(rw,sync) -/home/data/pv0002 *(rw,sync) - -# Enable the new exports without bouncing the NFS service -exportfs -a - -``` - -## Security - -### SELinux - -By default, SELinux does not allow writing from a pod to a remote NFS server. The NFS volume mounts correctly, but is read-only. - -To enable writing in SELinux on each node: - -``` -# -P makes the bool persistent between reboots. -$ setsebool -P virt_use_nfs 1 -``` - -## NFS Persistent Volumes - -Each NFS export becomes its own Persistent Volume in the cluster. - -``` -# Create the persistent volumes for NFS. -$ oc create -f examples/wordpress/nfs/pv-1.yaml -$ oc create -f examples/wordpress/nfs/pv-2.yaml -$ oc get pv - -NAME LABELS CAPACITY ACCESSMODES STATUS CLAIM REASON -pv0001 1073741824 RWO,RWX Available -pv0002 5368709120 RWO Available - -``` - -Now the volumes are ready to be used by applications in the cluster. diff --git a/examples/wordpress/nfs/pv-1.yaml b/examples/wordpress/nfs/pv-1.yaml deleted file mode 100644 index 60d59a28cbec..000000000000 --- a/examples/wordpress/nfs/pv-1.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv0001 -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - - ReadWriteMany - persistentVolumeReclaimPolicy: Recycle - nfs: - server: localhost - path: /home/data/pv0001 diff --git a/examples/wordpress/nfs/pv-2.yaml b/examples/wordpress/nfs/pv-2.yaml deleted file mode 100644 index da1349f49b69..000000000000 --- a/examples/wordpress/nfs/pv-2.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv0002 -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Recycle - nfs: - server: localhost - path: /home/data/pv0002 diff --git a/examples/wordpress/pod-mysql.yaml b/examples/wordpress/pod-mysql.yaml deleted file mode 100644 index 91507d02fbf3..000000000000 --- a/examples/wordpress/pod-mysql.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: mysql - labels: - name: mysql -spec: - containers: - - resources: - limits : - cpu: 0.5 - image: openshift/mysql-55-centos7 - name: mysql - env: - - name: MYSQL_ROOT_PASSWORD - value: yourpassword - - name: MYSQL_USER - value: wp_user - - name: MYSQL_PASSWORD - value: wp_pass - - name: MYSQL_DATABASE - value: wp_db - ports: - - containerPort: 3306 - name: mysql - volumeMounts: - - name: mysql-persistent-storage - mountPath: /var/lib/mysql/data - volumes: - - name: mysql-persistent-storage - persistentVolumeClaim: - claimName: claim-mysql diff --git a/examples/wordpress/pod-wordpress.yaml b/examples/wordpress/pod-wordpress.yaml deleted file mode 100644 index b1210cc3cd44..000000000000 --- a/examples/wordpress/pod-wordpress.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: wordpress - labels: - name: wordpress -spec: - containers: - - image: wordpress - name: wordpress - env: - - name: WORDPRESS_DB_USER - value: wp_user - - name: WORDPRESS_DB_PASSWORD - value: wp_pass - - name: WORDPRESS_DB_NAME - value: wp_db - - name: WORDPRESS_DB_HOST - # this is the name of the mysql service fronting the mysql pod in the same namespace - # expands to mysql..svc.cluster.local - where is the current namespace - value: mysql - ports: - - containerPort: 80 - name: wordpress - volumeMounts: - - name: wordpress-persistent-storage - mountPath: /var/www/html - volumes: - - name: wordpress-persistent-storage - persistentVolumeClaim: - claimName: claim-wp diff --git a/examples/wordpress/pvc-mysql.yaml b/examples/wordpress/pvc-mysql.yaml deleted file mode 100644 index c88ae950fc49..000000000000 --- a/examples/wordpress/pvc-mysql.yaml +++ /dev/null @@ -1,10 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: claim-mysql -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 3Gi diff --git a/examples/wordpress/pvc-wp.yaml b/examples/wordpress/pvc-wp.yaml deleted file mode 100644 index 100b016b49de..000000000000 --- a/examples/wordpress/pvc-wp.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: claim-wp -spec: - accessModes: - - ReadWriteOnce - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/examples/wordpress/service-mysql.yaml b/examples/wordpress/service-mysql.yaml deleted file mode 100644 index aaa553533ac3..000000000000 --- a/examples/wordpress/service-mysql.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - name: mysql - name: mysql -spec: - ports: - # the port that this service should serve on - - port: 3306 - # label keys and values that must match in order to receive traffic for this service - selector: - name: mysql diff --git a/examples/wordpress/service-wp.yaml b/examples/wordpress/service-wp.yaml deleted file mode 100644 index 055871ea2e37..000000000000 --- a/examples/wordpress/service-wp.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - name: wpfrontend - name: wpfrontend -spec: - ports: - # the port that this service should serve on - - port: 5055 - targetPort: wordpress - # label keys and values that must match in order to receive traffic for this service - selector: - name: wordpress - type: LoadBalancer diff --git a/examples/wordpress/template/README.md b/examples/wordpress/template/README.md deleted file mode 100644 index a2c67ab737e0..000000000000 --- a/examples/wordpress/template/README.md +++ /dev/null @@ -1,41 +0,0 @@ -This example depends on the existence of a "php" imagestream in the "openshift" namespace. If you do not have one defined, you can create it by using one of the imagestream definition files found here: -https://github.com/openshift/origin/tree/master/examples/image-streams - - oc create -f image-streams-centos7.json -n openshift - -(you will need to be a cluster admin to create imagestreams in the openshift namespace) - -To use this example, instantiate it with - - oc new-app -f wordpress-mysql.json - -Take note of the `DATABASE_PASSWORD` that is displayed. - -Wait for the build of the new wordpress image to complete. You can monitor the build by running - - oc get builds --watch - -Once the wordpress build completes, determine the wordpress and -mysql service IPs by running: - - oc get svc - -Navigate to `:8080` in your browser. You will -be prompted to setup wordpress. - -For the database hostname, provide the mysql service ip. - -For the database username, enter "wordpress" - -For the database password, provide the password generated when you -instantiated the template. - -You should not need to change any other values. - - -Note: this template uses an EmptyDir volume type for database storage. This type of storage is not persisted. If you want to ensure the database content is not lost, modify the template to user a persistent volume claim type instead. - - - - - diff --git a/examples/wordpress/template/wordpress-mysql.json b/examples/wordpress/template/wordpress-mysql.json deleted file mode 100644 index 51b9f76037cb..000000000000 --- a/examples/wordpress/template/wordpress-mysql.json +++ /dev/null @@ -1,350 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "wordpress-mysql-example", - "annotations": { - "openshift.io/display-name": "WordPress + MySQL (Ephemeral)", - "description": "An example WordPress application with a MySQL database.For more information about using this template, including OpenShift considerations, see https://github.com/openshift/origin/blob/master/examples/wordpress/template/README.md.\n\nNOTE: The MySQL service created by this template uses non-persistent storage. To setup persisted storage, change this template to use a persistent volume claim instead of emptydir.", - "tags": "instant-app,php,wordpress", - "iconClass": "icon-php" - } - }, - "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/origin/blob/master/examples/wordpress/template/README.md.", - "labels": { - "template": "wordpress-mysql-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "wordpress-mysql-example", - "annotations": { - "description": "Exposes and load balances the application pods", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "wordpress-mysql-example" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "wordpress-mysql-example", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "wordpress-mysql-example" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "wordpress-mysql-example", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "wordpress-mysql-example", - "annotations": { - "description": "Defines how to build the application", - "template.alpha.openshift.io/wait-for-ready": "true" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "openshift", - "name": "php:5.5" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "wordpress-mysql-example:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "wordpress-mysql-example", - "annotations": { - "description": "Defines how to deploy the application server", - "template.alpha.openshift.io/wait-for-ready": "true" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "wordpress-mysql-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "wordpress-mysql-example:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "wordpress-mysql-example" - }, - "template": { - "metadata": { - "name": "wordpress-mysql-example", - "labels": { - "name": "wordpress-mysql-example" - } - }, - "spec": { - "containers": [ - { - "name": "wordpress-mysql-example", - "image": "wordpress-mysql-example", - "ports": [ - { - "containerPort": 8080 - } - ], - "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "DATABASE_ENGINE", - "value": "${DATABASE_ENGINE}" - }, - { - "name": "DATABASE_NAME", - "value": "${DATABASE_NAME}" - }, - { - "name": "DATABASE_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" - } - ], - "volumeMounts": [ - { - "name": "${DATABASE_SERVICE_NAME}-data", - "mountPath": "/var/lib/mysql/data" - } - ] - } - ], - "volumes": [ - { - "name": "${DATABASE_SERVICE_NAME}-data", - "emptyDir": { - "medium": "" - } - } - ] - } - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "annotations": { - "description": "Exposes the database server" - } - }, - "spec": { - "ports": [ - { - "name": "mysql", - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "name": "${DATABASE_SERVICE_NAME}" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "annotations": { - "description": "Defines how to deploy the database", - "template.alpha.openshift.io/wait-for-ready": "true" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${DATABASE_SERVICE_NAME}" - }, - "template": { - "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "labels": { - "name": "${DATABASE_SERVICE_NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "mysql", - "image": "${MYSQL_IMAGE}", - "ports": [ - { - "containerPort": 3306 - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DATABASE_NAME}" - } - ] - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", - "value": "https://github.com/wordpress/wordpress.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" - }, - { - "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" - }, - { - "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the wordpress service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", - "value": "mysql" - }, - { - "name": "DATABASE_NAME", - "description": "Database name", - "value": "wordpress" - }, - { - "name": "DATABASE_USER", - "description": "Database user name", - "value": "wordpress" - }, - { - "name": "DATABASE_PASSWORD", - "description": "Database user password", - "generate": "expression", - "from": "[a-zA-Z0-9]{16}" - }, - { - "name": "MYSQL_IMAGE", - "description": "Image to use for mysql", - "value": "openshift/mysql-55-centos7" - } - ] -} - diff --git a/hack/build-local-images.py b/hack/build-local-images.py index ede7caad3385..b358c0d8a75e 100755 --- a/hack/build-local-images.py +++ b/hack/build-local-images.py @@ -135,13 +135,6 @@ }, "files": {} }, - "openvswitch": { - "directory": "openvswitch", - "binaries": { - "openshift": "/usr/bin/openshift" - }, - "files": {} - }, "template-service-broker": { "directory": "template-service-broker", "binaries": { diff --git a/hack/lib/constants.sh b/hack/lib/constants.sh index a140222bf634..6d1f834644e0 100755 --- a/hack/lib/constants.sh +++ b/hack/lib/constants.sh @@ -37,7 +37,6 @@ readonly OS_IMAGE_COMPILE_TARGETS_LINUX=( ) readonly OS_SCRATCH_IMAGE_COMPILE_TARGETS_LINUX=( images/pod - examples/hello-openshift ) readonly OS_IMAGE_COMPILE_BINARIES=("${OS_SCRATCH_IMAGE_COMPILE_TARGETS_LINUX[@]##*/}" "${OS_IMAGE_COMPILE_TARGETS_LINUX[@]##*/}") @@ -106,8 +105,6 @@ readonly OS_BINARY_RELEASE_CLIENT_EXTRA=( function os::build::get_product_vars() { export OS_BUILD_LDFLAGS_IMAGE_PREFIX="${OS_IMAGE_PREFIX:-"openshift/origin"}" export OS_BUILD_LDFLAGS_DEFAULT_IMAGE_STREAMS="${OS_BUILD_LDFLAGS_DEFAULT_IMAGE_STREAMS:-"centos7"}" - export OS_BUILD_LDFLAGS_FEDERATION_SERVER_IMAGE_NAME="${OS_BUILD_LDFLAGS_FEDERATION_SERVER_IMAGE_NAME:-"${OS_BUILD_LDFLAGS_IMAGE_PREFIX}-federation"}" - export OS_BUILD_LDFLAGS_FEDERATION_ETCD_IMAGE="${OS_BUILD_LDFLAGS_FEDERATION_ETCD_IMAGE:-"quay.io/coreos/etcd:v3.1.7"}" } # os::build::ldflags calculates the -ldflags argument for building OpenShift @@ -311,9 +308,10 @@ readonly -f os::build::clean_windows_versioninfo # OS_ALL_IMAGES is the list of images built by os::build::images. readonly OS_ALL_IMAGES=( - origin - origin-base origin-pod + origin-base + origin-control-plane + origin-node origin-deployer origin-docker-builder origin-keepalived-ipfailover @@ -325,9 +323,6 @@ readonly OS_ALL_IMAGES=( origin-egress-dns-proxy origin-recycler origin-template-service-broker - hello-openshift - openvswitch - node ) # os::build::images builds all images in this repo. @@ -343,9 +338,6 @@ function os::build::images() { fi } - # Link or copy image binaries to the appropriate locations. - ln_or_cp "${OS_OUTPUT_BINPATH}/linux/amd64/hello-openshift" examples/hello-openshift/bin - # determine the correct tag prefix tag_prefix="${OS_IMAGE_PREFIX:-"openshift/origin"}" @@ -354,15 +346,14 @@ function os::build::images() { ( os::build::image "${tag_prefix}-template-service-broker" images/template-service-broker ) & # images that depend on "${tag_prefix}-base" - ( os::build::image "${tag_prefix}" images/origin ) & - ( os::build::image "${tag_prefix}-egress-router" images/egress/router ) & - ( os::build::image "${tag_prefix}-egress-http-proxy" images/egress/http-proxy ) & - ( os::build::image "${tag_prefix}-egress-dns-proxy" images/egress/dns-proxy ) & - ( os::build::image "${tag_prefix}-federation" images/federation ) & + ( os::build::image "${tag_prefix}-control-plane" images/origin ) & + ( os::build::image "${tag_prefix}-egress-router" images/egress/router ) & + ( os::build::image "${tag_prefix}-egress-http-proxy" images/egress/http-proxy ) & + ( os::build::image "${tag_prefix}-egress-dns-proxy" images/egress/dns-proxy ) & for i in `jobs -p`; do wait $i; done - # images that depend on "${tag_prefix} + # images that depend on "${tag_prefix}-control-plane ( os::build::image "${tag_prefix}-haproxy-router" images/router/haproxy ) & ( os::build::image "${tag_prefix}-keepalived-ipfailover" images/ipfailover/keepalived ) & ( os::build::image "${tag_prefix}-deployer" images/deployer ) & @@ -370,15 +361,10 @@ function os::build::images() { ( os::build::image "${tag_prefix}-docker-builder" images/builder/docker/docker-builder ) & ( os::build::image "${tag_prefix}-sti-builder" images/builder/docker/sti-builder ) & ( os::build::image "${tag_prefix}-f5-router" images/router/f5 ) & - ( os::build::image "openshift/node" images/node ) & - - for i in `jobs -p`; do wait $i; done - - # images that depend on "openshift/node" - ( os::build::image "openshift/openvswitch" images/openvswitch ) & - - # extra images (not part of infrastructure) - ( os::build::image "openshift/hello-openshift" examples/hello-openshift ) & + ( os::build::image "${tag_prefix}-node" images/node ) & + # These images are deprecated and will be removed once ansible is updated to stop using them + ( os::build::image "openshift/origin" images/origin ) & + ( os::build::image "openshift/node" images/node ) & for i in `jobs -p`; do wait $i; done } diff --git a/hack/push-release.sh b/hack/push-release.sh index 2a492fb2272f..f86f9f92cf48 100755 --- a/hack/push-release.sh +++ b/hack/push-release.sh @@ -70,6 +70,11 @@ if [[ "${OS_PUSH_BASE_REGISTRY-}" != "" || "${tag}" != "" ]]; then docker tag "openshift/${image}:${source_tag}" "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}${image}${tag}" done done + # TODO: remove in 3.11 + for tag in "${tags[@]}"; do + docker tag "openshift/origin-control-plane:${source_tag}" "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}origin${tag}" + docker tag "openshift/origin-node:${source_tag}" "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}node${tag}" + done fi for image in "${images[@]}"; do @@ -78,5 +83,14 @@ for image in "${images[@]}"; do docker push ${PUSH_OPTS} "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}${image}${tag}" done done +# TODO: remove in 3.11 +for tag in "${tags[@]}"; do + os::log::info "Pushing ${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}origin${tag}..." + docker push ${PUSH_OPTS} "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}origin${tag}" +done +for tag in "${tags[@]}"; do + os::log::info "Pushing ${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}node${tag}..." + docker push ${PUSH_OPTS} "${OS_PUSH_BASE_REGISTRY-}${OS_PUSH_BASE_REPO}node${tag}" +done ret=$?; ENDTIME=$(date +%s); echo "$0 took $(($ENDTIME - $STARTTIME)) seconds"; exit "$ret" diff --git a/images/builder/docker/docker-builder/Dockerfile b/images/builder/docker/docker-builder/Dockerfile index eeaad7a1e5da..de2341849320 100644 --- a/images/builder/docker/docker-builder/Dockerfile +++ b/images/builder/docker/docker-builder/Dockerfile @@ -10,7 +10,7 @@ # # The standard name for this image is openshift/origin-docker-builder # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin Docker Builder" \ io.k8s.description="This is a component of OpenShift Origin and is responsible for executing Docker image builds." \ diff --git a/images/builder/docker/sti-builder/Dockerfile b/images/builder/docker/sti-builder/Dockerfile index b235eaf2e3b7..beb149c1fc31 100644 --- a/images/builder/docker/sti-builder/Dockerfile +++ b/images/builder/docker/sti-builder/Dockerfile @@ -10,7 +10,7 @@ # # The standard name for this image is openshift/origin-sti-builder # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin S2I Builder" \ io.k8s.description="This is a component of OpenShift Origin and is responsible for executing source-to-image (s2i) image builds." \ diff --git a/images/deployer/Dockerfile b/images/deployer/Dockerfile index 1217f083ffd8..dd17ed36c63e 100644 --- a/images/deployer/Dockerfile +++ b/images/deployer/Dockerfile @@ -10,7 +10,7 @@ # # The standard name for this image is openshift/origin-deployer # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin Deployer" \ io.k8s.description="This is a component of OpenShift Origin and executes the user deployment process to roll out new containers. It may be used as a base image for building your own custom deployer image." \ diff --git a/images/federation/Dockerfile b/images/federation/Dockerfile deleted file mode 100644 index 82b70bf087de..000000000000 --- a/images/federation/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -# -# This is the OpenShift Origin Federation image, used for running the -# federation apiserver and controller manager components. -# -# The standard name for this image is openshift/origin-federation -# -FROM openshift/origin-base - -RUN INSTALL_PKGS="origin-federation-services" && \ - yum --enablerepo=origin-local-release install -y ${INSTALL_PKGS} && \ - rpm -V ${INSTALL_PKGS} && \ - yum clean all && \ - ln -s /usr/bin/hyperkube /hyperkube - -LABEL io.k8s.display-name="OpenShift Origin Federation" \ - io.k8s.description="This is a component of OpenShift Origin and contains the software for running federation servers." diff --git a/images/federation/OWNERS b/images/federation/OWNERS deleted file mode 100644 index e61178191bb2..000000000000 --- a/images/federation/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - kargakis -approvers: - - kargakis diff --git a/images/ipfailover/keepalived/Dockerfile b/images/ipfailover/keepalived/Dockerfile index 46e447420956..c6ddb55ea698 100644 --- a/images/ipfailover/keepalived/Dockerfile +++ b/images/ipfailover/keepalived/Dockerfile @@ -3,7 +3,7 @@ # # ImageName: openshift/origin-keepalived-ipfailover # -FROM openshift/origin +FROM openshift/origin-control-plane RUN INSTALL_PKGS="kmod keepalived iproute psmisc nmap-ncat net-tools" && \ yum install -y $INSTALL_PKGS && \ diff --git a/images/node/Dockerfile b/images/node/Dockerfile index 1493e1268839..df26538247be 100644 --- a/images/node/Dockerfile +++ b/images/node/Dockerfile @@ -1,36 +1,30 @@ # -# This is an OpenShift Origin node image with integrated OpenvSwitch SDN -# If you do not require OVS SDN use the openshift/origin image instead. +# This is an OpenShift Origin node image with integrated OpenvSwitch SDN. # # This image expects to have a volume mounted at /etc/origin/node that contains # a KUBECONFIG file giving the node permission to talk to the master and a # node configuration file. # -# The standard name for this image is openshift/node +# The standard name for this image is openshift/origin-node # -FROM openshift/origin +FROM openshift/origin-control-plane COPY scripts/* /usr/local/bin/ COPY system-container/system-container-wrapper.sh /usr/local/bin/ COPY system-container/manifest.json system-container/config.json.template system-container/service.template system-container/tmpfiles.template /exports/ -RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools openvswitch \ +RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools \ libnfnetlink iptables iproute bridge-utils procps-ng ethtool socat openssl \ binutils xz kmod-libs kmod sysvinit-tools device-mapper-libs dbus \ iscsi-initiator-utils bind-utils" && \ yum --enablerepo=origin-local-release install -y $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ - yum clean all && \ - mkdir -p /usr/lib/systemd/system/origin-node.service.d /usr/lib/systemd/system/docker.service.d - -# Copy the cni plugins to the host file system when they are present, so that they can be shared with cri-o -RUN if test -e /opt/cni/bin; then mkdir -p /exports/hostfs/opt/cni/bin/ && cp -r /opt/cni/bin/* /exports/hostfs/opt/cni/bin/; fi + yum clean all LABEL io.k8s.display-name="OpenShift Origin Node" \ io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN." \ io.openshift.tags="openshift,node" -VOLUME /etc/origin/node ENV KUBECONFIG=/etc/origin/node/node.kubeconfig ENTRYPOINT [ "/usr/local/bin/origin-node-run.sh" ] diff --git a/images/node/Dockerfile.centos7 b/images/node/Dockerfile.centos7 index 1493e1268839..5f21df6573e6 100644 --- a/images/node/Dockerfile.centos7 +++ b/images/node/Dockerfile.centos7 @@ -1,36 +1,26 @@ # # This is an OpenShift Origin node image with integrated OpenvSwitch SDN -# If you do not require OVS SDN use the openshift/origin image instead. # -# This image expects to have a volume mounted at /etc/origin/node that contains -# a KUBECONFIG file giving the node permission to talk to the master and a -# node configuration file. +# The standard name for this image is openshift/origin-node # -# The standard name for this image is openshift/node -# -FROM openshift/origin +FROM openshift/origin-control-plane COPY scripts/* /usr/local/bin/ COPY system-container/system-container-wrapper.sh /usr/local/bin/ COPY system-container/manifest.json system-container/config.json.template system-container/service.template system-container/tmpfiles.template /exports/ -RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools openvswitch \ +RUN INSTALL_PKGS="origin-sdn-ovs libmnl libnetfilter_conntrack conntrack-tools \ libnfnetlink iptables iproute bridge-utils procps-ng ethtool socat openssl \ binutils xz kmod-libs kmod sysvinit-tools device-mapper-libs dbus \ iscsi-initiator-utils bind-utils" && \ yum --enablerepo=origin-local-release install -y $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ - yum clean all && \ - mkdir -p /usr/lib/systemd/system/origin-node.service.d /usr/lib/systemd/system/docker.service.d - -# Copy the cni plugins to the host file system when they are present, so that they can be shared with cri-o -RUN if test -e /opt/cni/bin; then mkdir -p /exports/hostfs/opt/cni/bin/ && cp -r /opt/cni/bin/* /exports/hostfs/opt/cni/bin/; fi + yum clean all LABEL io.k8s.display-name="OpenShift Origin Node" \ io.k8s.description="This is a component of OpenShift Origin and contains the software for individual nodes when using SDN." \ io.openshift.tags="openshift,node" -VOLUME /etc/origin/node ENV KUBECONFIG=/etc/origin/node/node.kubeconfig ENTRYPOINT [ "/usr/local/bin/origin-node-run.sh" ] diff --git a/images/observe/Dockerfile b/images/observe/Dockerfile deleted file mode 100644 index 94d64389e26d..000000000000 --- a/images/observe/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -# -# This is the observer image for OpenShift Origin that makes it easy to script a reaction -# to changes on the cluster. It uses the `oc observe` command and expects to be run inside -# of a Kubernetes pod or have security information set via KUBECONFIG and a bind mounted -# kubeconfig file. -# -# The standard name for this image is openshift/observe -# -FROM openshift/origin - -LABEL io.k8s.display-name="OpenShift Observer" \ - io.k8s.description="This image runs the oc observe command to watch and react to changes on your cluster." -# The observer doesn't require a root user. -USER 1001 -ENTRYPOINT ["/usr/bin/oc", "observe"] diff --git a/images/observe/OWNERS b/images/observe/OWNERS deleted file mode 100644 index b0633cb94c86..000000000000 --- a/images/observe/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - smarterclayton -approvers: - - smarterclayton diff --git a/images/openvswitch/.cccp.yml b/images/openvswitch/.cccp.yml deleted file mode 100644 index 51427641bc92..000000000000 --- a/images/openvswitch/.cccp.yml +++ /dev/null @@ -1 +0,0 @@ -job-id: openvswitch diff --git a/images/openvswitch/Dockerfile b/images/openvswitch/Dockerfile deleted file mode 100644 index 8d37732700cc..000000000000 --- a/images/openvswitch/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# -# This is an openvswitch image meant to enable OpenShift OVS based SDN -# -# The standard name for this image is openshift/openvswitch -# -FROM openshift/node - -COPY scripts/* /usr/local/bin/ -RUN INSTALL_PKGS="openvswitch" && \ - yum install -y ${INSTALL_PKGS} && \ - rpm -V ${INSTALL_PKGS} && \ - yum clean all - -LABEL io.openshift.tags="openshift,openvswitch" \ - io.k8s.display-name="OpenShift Origin OpenVSwitch Daemon" \ - io.k8s.description="This is a component of OpenShift Origin and runs an OpenVSwitch daemon process." - -VOLUME /etc/openswitch -ENV HOME /root - -# files required to run as a system container -COPY system-container/system-container-wrapper.sh /usr/local/bin/ -COPY system-container/config.json.template system-container/service.template system-container/tmpfiles.template system-container/manifest.json /exports/ - -ENTRYPOINT ["/usr/local/bin/ovs-run.sh"] diff --git a/images/openvswitch/OWNERS b/images/openvswitch/OWNERS deleted file mode 100644 index 1a4f09298bcb..000000000000 --- a/images/openvswitch/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -reviewers: - - giuseppe - - sdodson - - smarterclayton - - stevekuznetsov -approvers: - - sdodson - - smarterclayton - - stevekuznetsov diff --git a/images/openvswitch/scripts/ovs-run.sh b/images/openvswitch/scripts/ovs-run.sh deleted file mode 100755 index a1a422b600eb..000000000000 --- a/images/openvswitch/scripts/ovs-run.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -eu - -function quit { - /usr/share/openvswitch/scripts/ovs-ctl stop - exit 0 -} - -trap quit SIGTERM - -/usr/share/openvswitch/scripts/ovs-ctl start --system-id=random - -while true; do sleep 5; done - diff --git a/images/openvswitch/system-container/config.json.template b/images/openvswitch/system-container/config.json.template deleted file mode 100644 index c29477dd8335..000000000000 --- a/images/openvswitch/system-container/config.json.template +++ /dev/null @@ -1,321 +0,0 @@ -{ - "ociVersion": "1.0.0", - "platform": { - "os": "linux", - "arch": "amd64" - }, - "process": { - "terminal": false, - "user": {}, - "args": [ - "/usr/local/bin/system-container-wrapper.sh" - ], - "env": [ - "container=docker", - "PKGM=yum", - "NAME=$NAME", - "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin", - "TERM=xterm" - ], - "cwd": "/", - "capabilities": { - "bounding" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "permitted" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "inheritable" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "effective" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ], - "ambient" : [ - "CAP_FOWNER", - "CAP_FSETID", - "CAP_KILL", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETPCAP", - "CAP_LINUX_IMMUTABLE", - "CAP_NET_BIND_SERVICE", - "CAP_NET_BROADCAST", - "CAP_NET_ADMIN", - "CAP_NET_RAW", - "CAP_IPC_LOCK", - "CAP_IPC_OWNER", - "CAP_SYS_MODULE", - "CAP_SYS_RAWIO", - "CAP_SYS_CHROOT", - "CAP_SYS_PTRACE", - "CAP_SYS_PACCT", - "CAP_SYS_ADMIN", - "CAP_SYS_BOOT", - "CAP_SYS_NICE", - "CAP_SYS_RESOURCE", - "CAP_SYS_TIME", - "CAP_SYS_TTY_CONFIG", - "CAP_MKNOD", - "CAP_LEASE", - "CAP_AUDIT_WRITE", - "CAP_AUDIT_CONTROL", - "CAP_SETFCAP", - "CAP_MAC_OVERRIDE", - "CAP_MAC_ADMIN", - "CAP_SYSLOG", - "CAP_WAKE_ALARM", - "CAP_BLOCK_SUSPEND" - ] - }, - "rlimits": [ - { - "type": "RLIMIT_NOFILE", - "hard": 1024, - "soft": 1024 - } - ], - "noNewPrivileges": true - }, - "root": { - "path": "rootfs", - "readonly": true - }, - "mounts": [ - { - "destination": "/tmp", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "destination": "/proc", - "type": "proc", - "source": "proc" - }, - { - "type": "bind", - "source": "/run", - "destination": "/run", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/lib/modules", - "destination": "/lib/modules", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "$ORIGIN_CONFIG_DIR/openvswitch", - "destination": "/etc/openvswitch", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/etc/resolv.conf", - "destination": "/etc/resolv.conf", - "options": [ - "bind", - "ro" - ] - }, - { - "type": "bind", - "source": "/dev", - "destination": "/dev", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/sys", - "destination": "/sys", - "options": [ - "rbind", - "ro" - ] - } - ], - "hooks": {}, - "linux": { - "resources": { - "devices": [ - { - "allow": true, - "access": "rwm" - } - ] - }, - "namespaces": [ - { - "type": "mount" - } - ], - "maskedPaths": [ - "/proc/kcore", - "/proc/latency_stats", - "/proc/timer_stats", - "/proc/sched_debug" - ], - "readonlyPaths": [ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sysrq-trigger" - ] - } -} diff --git a/images/openvswitch/system-container/manifest.json b/images/openvswitch/system-container/manifest.json deleted file mode 100644 index c369586c5a83..000000000000 --- a/images/openvswitch/system-container/manifest.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "version": "1.0", - "defaultValues": { - "ORIGIN_CONFIG_DIR": "/etc/origin", - "DOCKER_SERVICE": "docker.service" - } -} diff --git a/images/openvswitch/system-container/service.template b/images/openvswitch/system-container/service.template deleted file mode 100644 index bd2439c5ede7..000000000000 --- a/images/openvswitch/system-container/service.template +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -After=${DOCKER_SERVICE} -Requires=${DOCKER_SERVICE} -PartOf=${DOCKER_SERVICE} - -[Service] -EnvironmentFile=/etc/sysconfig/$NAME -ExecStartPre=/bin/bash -c 'export -p > /run/$NAME-env' -ExecStart=$EXEC_START -ExecStop=$EXEC_STOP -SyslogIdentifier=$NAME -Restart=always -Type=notify -NotifyAccess=all -WorkingDirectory=$DESTDIR -RuntimeDirectory=${NAME} - -[Install] -WantedBy=${DOCKER_SERVICE}.service diff --git a/images/openvswitch/system-container/system-container-wrapper.sh b/images/openvswitch/system-container/system-container-wrapper.sh deleted file mode 100755 index 6266dd720c1e..000000000000 --- a/images/openvswitch/system-container/system-container-wrapper.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -source /run/$NAME-env - -MAINPID=`sed -n -e "/^PPid/ s|PPid:\t||p" /proc/$$/status` - -# openvswitch 2.4 has no systemd-notify support, so add it here. -# Workaround for a bug in systemd-notify 219. Whenever used with --pid, systemd-notify 219 -# sends an incorrect packet to $NOTIFY_SOCKET and the process hangs. -# Newer versions of systemd-notify don't have this issue, and also this change in runc, -# even if addressing another issue: https://github.com/opencontainers/runc/pull/1308 -# will ensure once it gets in a release that the notify events are properly propagated. -if test -n ${NOTIFY_SOCKET-}; then - /usr/share/openvswitch/scripts/ovs-ctl status - while /usr/share/openvswitch/scripts/ovs-ctl status | grep -q "not running"; do - sleep 1 - done - ps aux | grep $MAINPID - python - << EOF -import socket -import os -s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) -e = os.getenv('NOTIFY_SOCKET') -s.connect(e) -s.sendall('MAINPID=%i\nREADY=1\n' % $MAINPID) -s.close() -EOF -fi & - -exec /usr/local/bin/ovs-run.sh diff --git a/images/openvswitch/system-container/tmpfiles.template b/images/openvswitch/system-container/tmpfiles.template deleted file mode 100644 index 426dcc6b590a..000000000000 --- a/images/openvswitch/system-container/tmpfiles.template +++ /dev/null @@ -1 +0,0 @@ -d /etc/origin/openvswitch - - - - - diff --git a/images/origin/Dockerfile b/images/origin/Dockerfile index 264a963577b8..8070bf2a7d62 100644 --- a/images/origin/Dockerfile +++ b/images/origin/Dockerfile @@ -2,16 +2,10 @@ # This is the official OpenShift Origin image. It has as its entrypoint the OpenShift # all-in-one binary. # -# While this image can be used for a simple node it does not support OVS based -# SDN or storage plugins required for EBS, GCE, Gluster, Ceph, or iSCSI volume -# management. For those features please use 'openshift/node' -# -# The standard name for this image is openshift/origin +# The standard name for this image is openshift/origin-control-plane # FROM openshift/origin-base -COPY system-container/system-container-wrapper.sh /usr/local/bin/ -COPY system-container/config.json.template system-container/manifest.json system-container/service.template system-container/tmpfiles.template /exports/ RUN INSTALL_PKGS="origin" && \ yum --enablerepo=origin-local-release install -y ${INSTALL_PKGS} && \ rpm -V ${INSTALL_PKGS} && \ diff --git a/images/origin/Dockerfile.centos7 b/images/origin/Dockerfile.centos7 index 264a963577b8..8070bf2a7d62 100644 --- a/images/origin/Dockerfile.centos7 +++ b/images/origin/Dockerfile.centos7 @@ -2,16 +2,10 @@ # This is the official OpenShift Origin image. It has as its entrypoint the OpenShift # all-in-one binary. # -# While this image can be used for a simple node it does not support OVS based -# SDN or storage plugins required for EBS, GCE, Gluster, Ceph, or iSCSI volume -# management. For those features please use 'openshift/node' -# -# The standard name for this image is openshift/origin +# The standard name for this image is openshift/origin-control-plane # FROM openshift/origin-base -COPY system-container/system-container-wrapper.sh /usr/local/bin/ -COPY system-container/config.json.template system-container/manifest.json system-container/service.template system-container/tmpfiles.template /exports/ RUN INSTALL_PKGS="origin" && \ yum --enablerepo=origin-local-release install -y ${INSTALL_PKGS} && \ rpm -V ${INSTALL_PKGS} && \ diff --git a/images/origin/system-container/config.json.template b/images/origin/system-container/config.json.template deleted file mode 100644 index 88074456b125..000000000000 --- a/images/origin/system-container/config.json.template +++ /dev/null @@ -1,290 +0,0 @@ -{ - "ociVersion": "1.0.0", - "platform": { - "os": "linux", - "arch": "amd64" - }, - "process": { - "terminal": false, - "user": {}, - "args": [ - "/usr/local/bin/system-container-wrapper.sh" - ], - "env": [ - "container=docker", - "PKGM=yum", - "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin", - "HOME=/root", - "NAME=$NAME", - "COMMAND=$COMMAND", - "OPENSHIFT_CONTAINERIZED=true", - "KUBECONFIG=/var/lib/origin/openshift.local.config/master/admin.kubeconfig", - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM=xterm" - ], - "cwd": "/var/lib/origin", - "capabilities": { - "bounding" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "permitted" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "inheritable" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "effective" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ], - "ambient" : [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE" - ] - }, - "rlimits": [ - { - "type": "RLIMIT_NOFILE", - "hard": 1024, - "soft": 1024 - } - ], - "noNewPrivileges": true - }, - "root": { - "path": "rootfs", - "readonly": true - }, - "mounts": [ - { - "destination": "/proc", - "type": "proc", - "source": "proc" - }, - { - "destination": "/dev", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "destination": "/dev/pts", - "type": "devpts", - "source": "devpts", - "options": [ - "nosuid", - "noexec", - "newinstance", - "ptmxmode=0666", - "mode=0620", - "gid=5" - ] - }, - { - "destination": "/dev/shm", - "type": "tmpfs", - "source": "shm", - "options": [ - "nosuid", - "noexec", - "nodev", - "mode=1777", - "size=65536k" - ] - }, - { - "destination": "/dev/mqueue", - "type": "mqueue", - "source": "mqueue", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - }, - { - "destination": "/sys", - "type": "sysfs", - "source": "sysfs", - "options": [ - "nosuid", - "noexec", - "nodev", - "ro" - ] - }, - { - "destination": "/sys/fs/cgroup", - "type": "cgroup", - "source": "cgroup", - "options": [ - "nosuid", - "noexec", - "nodev", - "relatime", - "ro" - ] - }, - { - "type": "bind", - "source": "/etc/resolv.conf", - "destination": "/etc/resolv.conf", - "options": [ - "rbind", - "ro" - ] - }, - { - "type": "bind", - "source": "$ORIGIN_CONFIG_DIR", - "destination": "/etc/origin", - "options": [ - "bind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/etc/pki", - "destination": "/etc/pki", - "options": [ - "bind", - "ro" - ] - }, - { - "type": "bind", - "source": "$ORIGIN_DATA_DIR", - "destination": "/var/lib/origin", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "destination": "/tmp", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "type": "bind", - "source": "/var/log", - "destination": "/var/log", - "options": [ - "rbind", - "rw", - "mode=755" - ] - }, - { - "type": "bind", - "source": "/var/run", - "destination": "/var/run", - "options": [ - "rbind", - "rw", - "mode=755" - ] - } - ], - "hooks": {}, - "linux": { - "resources": { - "devices": [ - { - "allow": false, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 5, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 3, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 9, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 1, - "minor": 8, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 5, - "minor": 0, - "access": "rwm" - }, - { - "allow": true, - "type": "c", - "major": 5, - "minor": 1, - "access": "rwm" - }, - { - "allow": false, - "type": "c", - "major": 10, - "minor": 229, - "access": "rwm" - } - ] - }, - "namespaces": [ - { - "type": "mount" - } - ], - "maskedPaths": [ - "/proc/kcore", - "/proc/latency_stats", - "/proc/timer_stats", - "/proc/sched_debug" - ], - "readonlyPaths": [ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger" - ] - } -} diff --git a/images/origin/system-container/manifest.json b/images/origin/system-container/manifest.json deleted file mode 100644 index 7b87e0c0913f..000000000000 --- a/images/origin/system-container/manifest.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "version": "1.0", - "defaultValues": { - "COMMAND": "", - "ORIGIN_CONFIG_DIR": "/etc/origin", - "ORIGIN_DATA_DIR": "/var/lib/origin", - "ETCD_SERVICE": "etcd.service", - "NODE_SERVICE": "atomic-openshift-node.service", - "DOCKER_SERVICE": "docker.service" - } -} diff --git a/images/origin/system-container/service.template b/images/origin/system-container/service.template deleted file mode 100644 index f2d5271d0728..000000000000 --- a/images/origin/system-container/service.template +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -After=network-online.target -After=${ETCD_SERVICE} -Before=${NODE_SERVICE} - -[Service] -EnvironmentFile=-/etc/sysconfig/$NAME -ExecStartPre=/bin/bash -c 'export -p > /run/$NAME-env' -ExecStart=$EXEC_START -ExecStop=$EXEC_STOP -SyslogIdentifier=$NAME -Restart=always -RestartSec=5s -WorkingDirectory=$DESTDIR -RuntimeDirectory=${NAME} - -[Install] -WantedBy=${DOCKER_SERVICE} diff --git a/images/origin/system-container/system-container-wrapper.sh b/images/origin/system-container/system-container-wrapper.sh deleted file mode 100755 index 0e1d2ee6ccb7..000000000000 --- a/images/origin/system-container/system-container-wrapper.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -source /run/$NAME-env - -exec /usr/bin/openshift start master $COMMAND --config=${CONFIG_FILE} $OPTIONS diff --git a/images/origin/system-container/tmpfiles.template b/images/origin/system-container/tmpfiles.template deleted file mode 100644 index 7e4c301b0ae5..000000000000 --- a/images/origin/system-container/tmpfiles.template +++ /dev/null @@ -1,2 +0,0 @@ -d $ORIGIN_CONFIG_DIR - - - - - -d $ORIGIN_DATA_DIR - - - - - diff --git a/images/recycler/Dockerfile b/images/recycler/Dockerfile index f05098fe2250..b6dde511d21c 100644 --- a/images/recycler/Dockerfile +++ b/images/recycler/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-recycler # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin Volume Recycler" \ io.k8s.description="This is a component of OpenShift Origin and is used to prepare persistent volumes for reuse after they are deleted." \ diff --git a/images/router/f5/Dockerfile b/images/router/f5/Dockerfile index 0d402bf76971..c6fedc756d82 100644 --- a/images/router/f5/Dockerfile +++ b/images/router/f5/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-f5-router # -FROM openshift/origin +FROM openshift/origin-control-plane LABEL io.k8s.display-name="OpenShift Origin F5 Router" \ io.k8s.description="This is a component of OpenShift Origin and programs a BigIP F5 router to expose services within the cluster." \ diff --git a/images/router/haproxy/Dockerfile b/images/router/haproxy/Dockerfile index f4cf037e1bc7..e56ac0a75ea1 100644 --- a/images/router/haproxy/Dockerfile +++ b/images/router/haproxy/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-haproxy-router # -FROM openshift/origin +FROM openshift/origin-control-plane RUN INSTALL_PKGS="haproxy18" && \ yum install -y $INSTALL_PKGS && \ diff --git a/images/router/nginx/Dockerfile b/images/router/nginx/Dockerfile index 5aebfb560ce5..8f27f0ba5756 100644 --- a/images/router/nginx/Dockerfile +++ b/images/router/nginx/Dockerfile @@ -3,7 +3,7 @@ # # The standard name for this image is openshift/origin-nginx-router # -FROM openshift/origin +FROM openshift/origin-control-plane RUN INSTALL_PKGS="nginx" && \ yum install -y "epel-release" && \ diff --git a/images/simple-authenticated-registry/Dockerfile b/images/simple-authenticated-registry/Dockerfile deleted file mode 100644 index a581444d60f4..000000000000 --- a/images/simple-authenticated-registry/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM registry:2 -COPY config.yml htpasswd /etc/docker/registry/ diff --git a/images/simple-authenticated-registry/OWNERS b/images/simple-authenticated-registry/OWNERS deleted file mode 100644 index b0633cb94c86..000000000000 --- a/images/simple-authenticated-registry/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -reviewers: - - smarterclayton -approvers: - - smarterclayton diff --git a/images/simple-authenticated-registry/README.md b/images/simple-authenticated-registry/README.md deleted file mode 100644 index 37b21f5ac394..000000000000 --- a/images/simple-authenticated-registry/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Simple authenticated registry image - -This directory will build a Docker registry image that is configured for -BASIC authentication with user `user` and password `password` on port -5000. Intended for testing authenticated registry support. - -Build with - - docker build . diff --git a/images/simple-authenticated-registry/config.yml b/images/simple-authenticated-registry/config.yml deleted file mode 100644 index 39a7b288cbc3..000000000000 --- a/images/simple-authenticated-registry/config.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: 0.1 -log: - level: debug -http: - addr: :5000 -storage: - cache: - layerinfo: inmemory - filesystem: - rootdirectory: /var/lib/registry -auth: - htpasswd: - realm: test - path: /etc/docker/registry/htpasswd diff --git a/images/simple-authenticated-registry/htpasswd b/images/simple-authenticated-registry/htpasswd deleted file mode 100644 index 816cb35409a6..000000000000 --- a/images/simple-authenticated-registry/htpasswd +++ /dev/null @@ -1 +0,0 @@ -user:$2y$05$O0dGHfbGPK.8x5IWCYown.W1.8mOa5XrJUYZstk6fGOvYicbQbgCu diff --git a/install/etcd/etcd.yaml b/install/etcd/etcd.yaml index db6af55f5569..33f8f65dad7a 100644 --- a/install/etcd/etcd.yaml +++ b/install/etcd/etcd.yaml @@ -11,7 +11,7 @@ spec: hostNetwork: true containers: - name: etcd - image: openshift/origin:latest + image: openshift/origin-control-plane:latest workingDir: /var/lib/etcd command: ["/bin/bash", "-c"] args: diff --git a/install/kube-apiserver/apiserver.yaml b/install/kube-apiserver/apiserver.yaml index b5d283b25235..190ca2bc16ae 100644 --- a/install/kube-apiserver/apiserver.yaml +++ b/install/kube-apiserver/apiserver.yaml @@ -11,7 +11,7 @@ spec: hostNetwork: true containers: - name: api - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["/bin/bash", "-c"] args: - | diff --git a/install/kube-controller-manager/kube-controller-manager.yaml b/install/kube-controller-manager/kube-controller-manager.yaml index 67f43c07f744..ab5ac370118d 100644 --- a/install/kube-controller-manager/kube-controller-manager.yaml +++ b/install/kube-controller-manager/kube-controller-manager.yaml @@ -11,7 +11,7 @@ spec: hostNetwork: true containers: - name: controllers - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["hyperkube", "kube-controller-manager"] args: - "--enable-dynamic-provisioning=true" diff --git a/install/kube-dns/install.yaml b/install/kube-dns/install.yaml index e8683a3e1673..328478b8a13e 100644 --- a/install/kube-dns/install.yaml +++ b/install/kube-dns/install.yaml @@ -6,7 +6,7 @@ parameters: - name: NAMESPACE value: kube-dns - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: LOGLEVEL value: "0" - name: KUBEDNS_CONFIG_HOST_PATH diff --git a/install/kube-proxy/install.yaml b/install/kube-proxy/install.yaml index bd75e04027e4..6ced56f1ffb0 100644 --- a/install/kube-proxy/install.yaml +++ b/install/kube-proxy/install.yaml @@ -4,7 +4,7 @@ metadata: name: kube-proxy parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: kube-proxy - name: LOGLEVEL diff --git a/install/kube-scheduler/kube-scheduler.yaml b/install/kube-scheduler/kube-scheduler.yaml index 87046530b37e..5d606c196969 100644 --- a/install/kube-scheduler/kube-scheduler.yaml +++ b/install/kube-scheduler/kube-scheduler.yaml @@ -11,7 +11,7 @@ spec: hostNetwork: true containers: - name: scheduler - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["hyperkube", "kube-scheduler"] args: - "--leader-elect=true" diff --git a/install/openshift-apiserver/install.yaml b/install/openshift-apiserver/install.yaml index f3e571de825b..416de4e29d96 100644 --- a/install/openshift-apiserver/install.yaml +++ b/install/openshift-apiserver/install.yaml @@ -4,7 +4,7 @@ metadata: name: openshift-apiserver parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: openshift-apiserver - name: LOGLEVEL diff --git a/install/openshift-controller-manager/install.yaml b/install/openshift-controller-manager/install.yaml index 79b2a836dd9a..d8706474c123 100644 --- a/install/openshift-controller-manager/install.yaml +++ b/install/openshift-controller-manager/install.yaml @@ -4,7 +4,7 @@ metadata: name: openshift-controller-manager parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: openshift-controller-manager - name: LOGLEVEL diff --git a/origin.spec b/origin.spec index 759194bb0160..609f497e5d72 100644 --- a/origin.spec +++ b/origin.spec @@ -5,8 +5,6 @@ %global gopath %{_datadir}/gocode %global import_path github.com/openshift/origin -# The following should only be used for cleanup of sdn-ovs upgrades -%global kube_plugin_path /usr/libexec/kubernetes/kubelet-plugins/net/exec/redhat~openshift-ovs-subnet # docker_version is the version of docker requires by packages %global docker_version 1.13 @@ -186,11 +184,6 @@ Obsoletes: openshift-sdn-ovs < %{package_refector_version} %description sdn-ovs %{summary} -%package federation-services -Summary: %{produce_name} Federation Services - -%description federation-services - %package template-service-broker Summary: Template Service Broker %description template-service-broker @@ -260,7 +253,7 @@ PLATFORM="$(go env GOHOSTOS)/$(go env GOHOSTARCH)" install -d %{buildroot}%{_bindir} # Install linux components -for bin in oc oadm openshift hypershift template-service-broker +for bin in oc oadm openshift hypershift hyperkube template-service-broker do echo "+++ INSTALLING ${bin}" install -p -m 755 _output/local/bin/${PLATFORM}/${bin} %{buildroot}%{_bindir}/${bin} @@ -283,9 +276,6 @@ install -p -m 755 _output/local/bin/darwin/amd64/oadm %{buildroot}/%{_datadir}/% install -p -m 755 _output/local/bin/windows/amd64/oadm.exe %{buildroot}/%{_datadir}/%{name}/windows/oadm.exe %endif -# Install federation services -install -p -m 755 _output/local/bin/${PLATFORM}/hyperkube %{buildroot}%{_bindir}/ - # Install pod install -p -m 755 _output/local/bin/${PLATFORM}/pod %{buildroot}%{_bindir}/ @@ -302,8 +292,7 @@ for cmd in \ openshift-extract-image-content \ openshift-f5-router \ openshift-recycle \ - openshift-router \ - origin + openshift-router do ln -s openshift %{buildroot}%{_bindir}/$cmd done @@ -313,10 +302,8 @@ ln -s oc %{buildroot}%{_bindir}/kubectl install -d -m 0755 %{buildroot}%{_sysconfdir}/origin/{master,node} # different service for origin vs aos -install -m 0644 contrib/systemd/%{name}-master.service %{buildroot}%{_unitdir}/%{name}-master.service -install -m 0644 contrib/systemd/%{name}-node.service %{buildroot}%{_unitdir}/%{name}-node.service +# install -m 0644 contrib/systemd/%{name}-node.service %{buildroot}%{_unitdir}/%{name}-node.service # same sysconfig files for origin vs aos -install -m 0644 contrib/systemd/origin-master.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/%{name}-master install -m 0644 contrib/systemd/origin-node.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/%{name}-node # Install man1 man pages @@ -333,7 +320,6 @@ install -p -m 0755 _output/local/bin/${PLATFORM}/host-local %{buildroot}/opt/cni install -p -m 0755 _output/local/bin/${PLATFORM}/loopback %{buildroot}/opt/cni/bin install -d -m 0755 %{buildroot}%{_unitdir}/%{name}-node.service.d -install -p -m 0644 contrib/systemd/openshift-sdn-ovs.conf %{buildroot}%{_unitdir}/%{name}-node.service.d/openshift-sdn-ovs.conf # Install bash completions install -d -m 755 %{buildroot}%{_sysconfdir}/bash_completion.d/ @@ -366,10 +352,6 @@ sed "s|@@CONF_FILE-VARIABLE@@|${OS_CONF_FILE}|" contrib/excluder/excluder-templa sed -i "s|@@PACKAGE_LIST-VARIABLE@@|docker*1.14* docker*1.15* docker*1.16* docker*1.17* docker*1.18* docker*1.19* docker*1.20*|" $RPM_BUILD_ROOT/usr/sbin/%{name}-docker-excluder chmod 0744 $RPM_BUILD_ROOT/usr/sbin/%{name}-docker-excluder -# Install migration scripts -install -d %{buildroot}%{_datadir}/%{name}/migration -install -p -m 755 contrib/migration/* %{buildroot}%{_datadir}/%{name}/migration/ - %files %doc README.md %license LICENSE @@ -385,7 +367,6 @@ install -p -m 755 contrib/migration/* %{buildroot}%{_datadir}/%{name}/migration/ %{_bindir}/openshift-git-clone %{_bindir}/openshift-extract-image-content %{_bindir}/openshift-manage-dockerfile -%{_bindir}/origin %{_sharedstatedir}/origin %{_sysconfdir}/bash_completion.d/openshift %defattr(-,root,root,0700) @@ -394,95 +375,19 @@ install -p -m 755 contrib/migration/* %{buildroot}%{_datadir}/%{name}/migration/ %ghost %config(noreplace) %{_sysconfdir}/origin/.config_managed %{_mandir}/man1/openshift* -%pre -# If /etc/openshift exists and /etc/origin doesn't, symlink it to /etc/origin -if [ -d "%{_sysconfdir}/openshift" ]; then - if ! [ -d "%{_sysconfdir}/origin" ]; then - ln -s %{_sysconfdir}/openshift %{_sysconfdir}/origin - fi -fi -if [ -d "%{_sharedstatedir}/openshift" ]; then - if ! [ -d "%{_sharedstatedir}/origin" ]; then - ln -s %{_sharedstatedir}/openshift %{_sharedstatedir}/origin - fi -fi - %files tests %{_libexecdir}/%{name} %{_libexecdir}/%{name}/extended.test %files master -%{_unitdir}/%{name}-master.service -%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-master -%dir %{_datadir}/%{name}/migration/ -%{_datadir}/%{name}/migration/* %defattr(-,root,root,0700) %config(noreplace) %{_sysconfdir}/origin/master -%ghost %config(noreplace) %{_sysconfdir}/origin/master/admin.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/admin.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/admin.kubeconfig -%ghost %config(noreplace) %{_sysconfdir}/origin/master/ca.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/ca.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/ca.serial.txt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/etcd.server.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/etcd.server.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/master-config.yaml -%ghost %config(noreplace) %{_sysconfdir}/origin/master/master.etcd-client.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/master.etcd-client.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/master.kubelet-client.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/master.kubelet-client.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/master.server.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/master.server.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-master.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-master.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-master.kubeconfig -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-registry.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-registry.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-registry.kubeconfig -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-router.crt -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-router.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/openshift-router.kubeconfig -%ghost %config(noreplace) %{_sysconfdir}/origin/master/policy.json -%ghost %config(noreplace) %{_sysconfdir}/origin/master/serviceaccounts.private.key -%ghost %config(noreplace) %{_sysconfdir}/origin/master/serviceaccounts.public.key -%ghost %config(noreplace) %{_sysconfdir}/origin/.config_managed - -%post master -%systemd_post %{name}-master.service -# Create master config and certs if both do not exist -if [[ ! -e %{_sysconfdir}/origin/master/master-config.yaml && - ! -e %{_sysconfdir}/origin/master/ca.crt ]]; then - %{_bindir}/openshift start master --write-config=%{_sysconfdir}/origin/master - # Create node configs if they do not already exist - if ! find %{_sysconfdir}/origin/ -type f -name "node-config.yaml" | grep -E "node-config.yaml"; then - %{_bindir}/oc adm create-node-config --node-dir=%{_sysconfdir}/origin/node/ --node=localhost --hostnames=localhost,127.0.0.1 --node-client-certificate-authority=%{_sysconfdir}/origin/master/ca.crt --signer-cert=%{_sysconfdir}/origin/master/ca.crt --signer-key=%{_sysconfdir}/origin/master/ca.key --signer-serial=%{_sysconfdir}/origin/master/ca.serial.txt --certificate-authority=%{_sysconfdir}/origin/master/ca.crt - fi - # Generate a marker file that indicates config and certs were RPM generated - echo "# Config generated by RPM at "`date -u` > %{_sysconfdir}/origin/.config_managed -fi - - -%preun master -%systemd_preun %{name}-master.service - -%postun master -%systemd_postun %files node -%{_unitdir}/%{name}-node.service %{_sysconfdir}/systemd/system.conf.d/origin-accounting.conf %config(noreplace) %{_sysconfdir}/sysconfig/%{name}-node %defattr(-,root,root,0700) %config(noreplace) %{_sysconfdir}/origin/node -%ghost %config(noreplace) %{_sysconfdir}/origin/node/node-config.yaml -%ghost %config(noreplace) %{_sysconfdir}/origin/.config_managed - -%post node -%systemd_post %{name}-node.service -# If accounting is not currently enabled systemd reexec -if [[ `systemctl show docker %{name}-node | grep -q -e CPUAccounting=no -e MemoryAccounting=no; echo $?` == 0 ]]; then - systemctl daemon-reexec -fi %preun node %systemd_preun %{name}-node.service @@ -491,20 +396,10 @@ fi %systemd_postun %files sdn-ovs -%dir %{_unitdir}/%{name}-node.service.d/ %dir %{_sysconfdir}/cni/net.d %dir /opt/cni/bin -%{_unitdir}/%{name}-node.service.d/openshift-sdn-ovs.conf /opt/cni/bin/* -%posttrans sdn-ovs -# This path was installed by older packages but the directory wasn't owned by -# RPM so we need to clean it up otherwise kubelet throws an error trying to -# load the directory as a plugin -if [ -d %{kube_plugin_path} ]; then - rmdir %{kube_plugin_path} -fi - %files clients %license LICENSE %{_bindir}/oc @@ -572,74 +467,4 @@ if [ "$1" -eq 0 ] ; then /usr/sbin/%{name}-docker-excluder unexclude fi -%files federation-services -%{_bindir}/hyperkube - %changelog -* Tue Jan 23 2018 Huamin Chen 0.2-11 -- Add cifs-utils BZ#1536362. - -* Wed Jul 12 2017 Steve Milner 0.2-10 -- Master config files moved to /etc/origin/master/ BZ#1469034. - -* Fri Sep 18 2015 Scott Dodson 0.2-9 -- Rename from openshift -> origin -- Symlink /var/lib/origin to /var/lib/openshift if /var/lib/openshift exists - -* Wed Aug 12 2015 Steve Milner 0.2-8 -- Master configs will be generated if none are found when the master is installed. -- Node configs will be generated if none are found when the master is installed. -- Additional notice file added if config is generated by the RPM. -- All-In-One services removed. - -* Wed Aug 12 2015 Steve Milner 0.2-7 -- Added new ovs script(s) to file lists. - -* Wed Aug 5 2015 Steve Milner 0.2-6 -- Using _unitdir instead of _prefix for unit data - -* Fri Jul 31 2015 Steve Milner 0.2-5 -- Configuration location now /etc/origin -- Default configs created upon installation - -* Tue Jul 28 2015 Steve Milner 0.2-4 -- Added AEP packages - -* Mon Jan 26 2015 Scott Dodson 0.2-3 -- Update to 21fb40637c4e3507cca1fcab6c4d56b06950a149 -- Split packaging of openshift-master and openshift-node - -* Mon Jan 19 2015 Scott Dodson 0.2-2 -- new package built with tito - -* Fri Jan 09 2015 Adam Miller - 0.2-2 -- Add symlink for osc command line tooling (merged in from jhonce@redhat.com) - -* Wed Jan 07 2015 Adam Miller - 0.2-1 -- Update to latest upstream release -- Restructured some of the golang deps build setup for restructuring done - upstream - -* Thu Oct 23 2014 Adam Miller - 0-0.0.9.git562842e -- Add new patches from jhonce for systemd units - -* Mon Oct 20 2014 Adam Miller - 0-0.0.8.git562842e -- Update to latest master snapshot - -* Wed Oct 15 2014 Adam Miller - 0-0.0.7.git7872f0f -- Update to latest master snapshot - -* Fri Oct 03 2014 Adam Miller - 0-0.0.6.gite4d4ecf -- Update to latest Alpha nightly build tag 20141003 - -* Wed Oct 01 2014 Adam Miller - 0-0.0.5.git6d9f1a9 -- Switch to consistent naming, patch by jhonce - -* Tue Sep 30 2014 Adam Miller - 0-0.0.4.git6d9f1a9 -- Add systemd and sysconfig entries from jhonce - -* Tue Sep 23 2014 Adam Miller - 0-0.0.3.git6d9f1a9 -- Update to latest upstream. - -* Mon Sep 15 2014 Adam Miller - 0-0.0.2.git2647df5 -- Update to latest upstream. diff --git a/pkg/oc/bootstrap/bindata.go b/pkg/oc/bootstrap/bindata.go index 8293b30931be..0fe9155e8b61 100644 --- a/pkg/oc/bootstrap/bindata.go +++ b/pkg/oc/bootstrap/bindata.go @@ -16268,7 +16268,7 @@ spec: hostNetwork: true containers: - name: etcd - image: openshift/origin:latest + image: openshift/origin-control-plane:latest workingDir: /var/lib/etcd command: ["/bin/bash", "-c"] args: @@ -16320,7 +16320,7 @@ spec: hostNetwork: true containers: - name: api - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["/bin/bash", "-c"] args: - | @@ -16384,7 +16384,7 @@ spec: hostNetwork: true containers: - name: controllers - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["hyperkube", "kube-controller-manager"] args: - "--enable-dynamic-provisioning=true" @@ -16448,7 +16448,7 @@ parameters: - name: NAMESPACE value: kube-dns - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: LOGLEVEL value: "0" - name: KUBEDNS_CONFIG_HOST_PATH @@ -16545,7 +16545,7 @@ metadata: name: kube-proxy parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: kube-proxy - name: LOGLEVEL @@ -16641,7 +16641,7 @@ spec: hostNetwork: true containers: - name: scheduler - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["hyperkube", "kube-scheduler"] args: - "--leader-elect=true" @@ -16690,7 +16690,7 @@ metadata: name: openshift-apiserver parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: openshift-apiserver - name: LOGLEVEL @@ -16971,7 +16971,7 @@ metadata: name: openshift-controller-manager parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: openshift-controller-manager - name: LOGLEVEL diff --git a/pkg/oc/bootstrap/clusteradd/cmd.go b/pkg/oc/bootstrap/clusteradd/cmd.go index b4629d50ea8a..8741f12ccc20 100644 --- a/pkg/oc/bootstrap/clusteradd/cmd.go +++ b/pkg/oc/bootstrap/clusteradd/cmd.go @@ -79,8 +79,9 @@ var availableComponents = map[string]func(ctx componentinstall.Context) componen func NewCmdAdd(name, fullName string, out, errout io.Writer) *cobra.Command { config := &ClusterAddConfig{ - Out: out, - ErrOut: errout, + Out: out, + ErrOut: errout, + ImageTemplate: variable.NewDefaultImageTemplate(), } cmd := &cobra.Command{ Use: name, @@ -125,9 +126,10 @@ func (c *ClusterAddConfig) Run() error { } type ClusterAddConfig struct { + ImageTemplate variable.ImageTemplate + ImageTag string + BaseDir string - ImageTag string - Image string ServerLogLevel int ComponentsToInstall []string @@ -147,9 +149,16 @@ func (c *ClusterAddConfig) Complete(cmd *cobra.Command) error { } // do some defaulting - if len(c.ImageTag) == 0 { - c.ImageTag = strings.TrimRight("v"+version.Get().Major+"."+version.Get().Minor, "+") - } + c.ImageTemplate.Format = variable.Expand(c.ImageTemplate.Format, func(s string) (string, bool) { + if s == "version" { + if len(c.ImageTag) == 0 { + return strings.TrimRight("v"+version.Get().Major+"."+version.Get().Minor, "+"), true + } + return c.ImageTag, true + } + return "", false + }, variable.Identity) + if len(c.BaseDir) == 0 { c.BaseDir = "openshift.local.clusterup" } @@ -192,13 +201,13 @@ func (c *ClusterAddConfig) Check() error { func (c *ClusterAddConfig) Bind(flags *pflag.FlagSet) { flags.StringVar(&c.ImageTag, "tag", "", "Specify the tag for OpenShift images") flags.MarkHidden("tag") - flags.StringVar(&c.Image, "image", variable.DefaultImagePrefix, "Specify the images to use for OpenShift") + flags.StringVar(&c.ImageTemplate.Format, "image", c.ImageTemplate.Format, "Specify the images to use for OpenShift") flags.StringVar(&c.BaseDir, "base-dir", c.BaseDir, "Directory on Docker host for cluster up configuration") flags.IntVar(&c.ServerLogLevel, "server-loglevel", 0, "Log level for OpenShift server") } func (c *ClusterAddConfig) openshiftImage() string { - return fmt.Sprintf("%s:%s", c.Image, c.ImageTag) + return c.ImageTemplate.ExpandOrDie("control-plane") } func (c *ClusterAddConfig) GetLogDir() string { @@ -206,5 +215,5 @@ func (c *ClusterAddConfig) GetLogDir() string { } func (c *ClusterAddConfig) imageFormat() string { - return fmt.Sprintf("%s-${component}:%s", c.Image, c.ImageTag) + return c.ImageTemplate.Format } diff --git a/pkg/oc/bootstrap/docker/run_self_hosted.go b/pkg/oc/bootstrap/docker/run_self_hosted.go index a40dc6d9cda3..62cc4f4ac2e4 100644 --- a/pkg/oc/bootstrap/docker/run_self_hosted.go +++ b/pkg/oc/bootstrap/docker/run_self_hosted.go @@ -115,6 +115,7 @@ func (c *ClusterUpConfig) StartSelfHosted(out io.Writer) error { "NODE_CONFIG_HOST_PATH": configDirs.nodeConfigDir, "KUBEDNS_CONFIG_HOST_PATH": configDirs.kubeDNSConfigDir, "LOGLEVEL": fmt.Sprintf("%d", c.ServerLogLevel), + "IMAGE": c.openshiftImage(), } clientConfigBuilder, err := kclientcmd.LoadFromFile(filepath.Join(c.LocalDirFor(kubeapiserver.KubeAPIServerDirName), "admin.kubeconfig")) @@ -311,6 +312,7 @@ func (c *ClusterUpConfig) BuildConfig() (*configDirs, error) { "/path/to/master/config-dir": configs.masterConfigDir, "/path/to/openshift-apiserver/config-dir": configs.openshiftAPIServerConfigDir, "ETCD_VOLUME": "emptyDir:\n", + "openshift/origin-control-plane:latest": c.openshiftImage(), } if len(c.HostDataDir) > 0 { substitutions["ETCD_VOLUME"] = `hostPath: diff --git a/pkg/oc/bootstrap/docker/up.go b/pkg/oc/bootstrap/docker/up.go index c0c729744e11..197c61969cd4 100644 --- a/pkg/oc/bootstrap/docker/up.go +++ b/pkg/oc/bootstrap/docker/up.go @@ -98,6 +98,8 @@ func NewCmdUp(name, fullName string, out, errout io.Writer, clusterAdd *cobra.Co PortForwarding: defaultPortForwarding(), DNSPort: openshift.DefaultDNSPort, + ImageTemplate: variable.NewDefaultImageTemplate(), + // We pass cluster add as a command to prevent anyone from ever cheating with their wiring. You either work from flags or // or you don't work. You cannot add glue of any sort. ClusterAdd: clusterAdd, @@ -122,8 +124,9 @@ func NewCmdUp(name, fullName string, out, errout io.Writer, clusterAdd *cobra.Co } type ClusterUpConfig struct { - Image string - ImageTag string + ImageTemplate variable.ImageTemplate + ImageTag string + DockerMachine string SkipRegistryCheck bool PortForwarding bool @@ -174,9 +177,9 @@ type ClusterUpConfig struct { } func (c *ClusterUpConfig) Bind(flags *pflag.FlagSet) { - flags.StringVar(&c.ImageTag, "tag", "", "Specify the tag for OpenShift images") + flags.StringVar(&c.ImageTag, "tag", "", "Specify an explicit version for OpenShift images") flags.MarkHidden("tag") - flags.StringVar(&c.Image, "image", variable.DefaultImagePrefix, "Specify the images to use for OpenShift") + flags.StringVar(&c.ImageTemplate.Format, "image", c.ImageTemplate.Format, "Specify the images to use for OpenShift") flags.BoolVar(&c.SkipRegistryCheck, "skip-registry-check", false, "Skip Docker daemon registry check") flags.StringVar(&c.PublicHostname, "public-hostname", "", "Public hostname for OpenShift cluster") flags.StringVar(&c.RoutingSuffix, "routing-suffix", "", "Default suffix for server routes") @@ -240,10 +243,16 @@ func (c *ClusterUpConfig) Complete(cmd *cobra.Command, out io.Writer) error { c.isRemoteDocker = len(os.Getenv("DOCKER_HOST")) > 0 - // do some defaulting - if len(c.ImageTag) == 0 { - c.ImageTag = strings.TrimRight("v"+version.Get().Major+"."+version.Get().Minor, "+") - } + c.ImageTemplate.Format = variable.Expand(c.ImageTemplate.Format, func(s string) (string, bool) { + if s == "version" { + if len(c.ImageTag) == 0 { + return strings.TrimRight("v"+version.Get().Major+"."+version.Get().Minor, "+"), true + } + return c.ImageTag, true + } + return "", false + }, variable.Identity) + if len(c.BaseDir) == 0 { c.SpecifiedBaseDir = false c.BaseDir = "openshift.local.clusterup" @@ -504,8 +513,7 @@ func (c *ClusterUpConfig) Start(out io.Writer) error { taskPrinter.Success() if len(c.ComponentsToEnable) > 0 { - args := append([]string{}, "--image="+c.Image) - args = append(args, "--tag="+c.ImageTag) + args := append([]string{}, "--image="+c.ImageTemplate.Format) args = append(args, "--base-dir="+c.BaseDir) args = append(args, c.ComponentsToEnable...) @@ -834,7 +842,7 @@ func (c *ClusterUpConfig) PostClusterStartupMutations(out io.Writer) error { } func (c *ClusterUpConfig) imageFormat() string { - return fmt.Sprintf("%s-${component}:%s", c.Image, c.ImageTag) + return c.ImageTemplate.Format } // Login logs into the new server and sets up a default user and project @@ -943,7 +951,7 @@ func (c *ClusterUpConfig) DockerHelper() *dockerhelper.Helper { } func (c *ClusterUpConfig) openshiftImage() string { - return fmt.Sprintf("%s:%s", c.Image, c.ImageTag) + return c.ImageTemplate.ExpandOrDie("control-plane") } func (c *ClusterUpConfig) determineAdditionalIPs(ip string) ([]string, error) { diff --git a/pkg/oc/cli/cmd/tag.go b/pkg/oc/cli/cmd/tag.go index 44e6cac9fa5f..f15bb13303a0 100644 --- a/pkg/oc/cli/cmd/tag.go +++ b/pkg/oc/cli/cmd/tag.go @@ -69,13 +69,13 @@ var ( %[1]s tag openshift/ruby@sha256:6b646fa6bf5e5e4c7fa41056c27910e679c03ebe7f93e361e6515a9da7e258cc yourproject/ruby:tip # Tag an external Docker image. - %[1]s tag --source=docker openshift/origin:latest yourproject/ruby:tip + %[1]s tag --source=docker openshift/origin-control-plane:latest yourproject/ruby:tip # Tag an external Docker image and request pullthrough for it. - %[1]s tag --source=docker openshift/origin:latest yourproject/ruby:tip --reference-policy=local + %[1]s tag --source=docker openshift/origin-control-plane:latest yourproject/ruby:tip --reference-policy=local # Remove the specified spec tag from an image stream. - %[1]s tag openshift/origin:latest -d`) + %[1]s tag openshift/origin-control-plane:latest -d`) ) const ( diff --git a/test/cmd/basicresources.sh b/test/cmd/basicresources.sh index bb5dfc9e6731..45358d5e7147 100755 --- a/test/cmd/basicresources.sh +++ b/test/cmd/basicresources.sh @@ -152,11 +152,10 @@ echo "create subcommands: ok" os::test::junit::declare_suite_end os::test::junit::declare_suite_start "cmd/basicresources/statefulsets" -os::cmd::expect_success 'oc create -f examples/statefulsets/zookeeper/zookeeper.yaml' -os::cmd::try_until_success 'oc get pods zoo-0' -os::cmd::expect_success 'oc get pvc datadir-zoo-0' -os::cmd::expect_success_and_text 'oc describe statefulset zoo' 'app=zk' -os::cmd::expect_success 'oc delete -f examples/statefulsets/zookeeper/zookeeper.yaml' +os::cmd::expect_success 'oc create -f test/testdata/statefulset.yaml' +os::cmd::try_until_success 'oc get pods testapp-0' +os::cmd::expect_success_and_text 'oc describe statefulset testapp' 'app=testapp' +os::cmd::expect_success 'oc delete -f test/testdata/statefulset.yaml' echo "statefulsets: ok" os::test::junit::declare_suite_end diff --git a/test/cmd/registry.sh b/test/cmd/registry.sh index 221d8c90b6de..bc9e6229ae19 100755 --- a/test/cmd/registry.sh +++ b/test/cmd/registry.sh @@ -17,7 +17,7 @@ os::cmd::expect_success_and_text "oc registry login -z 'default' --registry=loca os::test::junit::declare_suite_end os::test::junit::declare_suite_start "cmd/registry/info" -os::cmd::expect_success 'oc tag --source=docker openshift/origin:latest newrepo:latest' +os::cmd::expect_success 'oc tag --source=docker openshift/origin-control-plane:latest newrepo:latest' os::cmd::expect_success "oc registry info" os::cmd::expect_failure_and_text "oc registry info --internal --public" "only one of --internal or --public" os::test::junit::declare_suite_end diff --git a/test/extended/networking/util.go b/test/extended/networking/util.go index 2c7b5f380747..6265fca858e1 100644 --- a/test/extended/networking/util.go +++ b/test/extended/networking/util.go @@ -312,6 +312,9 @@ func makeNamespaceScheduleToAllNodes(f *e2e.Framework) { for { ns, err := f.ClientSet.CoreV1().Namespaces().Get(f.Namespace.Name, metav1.GetOptions{}) expectNoError(err) + if ns.Annotations == nil { + ns.Annotations = make(map[string]string) + } ns.Annotations["openshift.io/node-selector"] = "" _, err = f.ClientSet.CoreV1().Namespaces().Update(ns) if err == nil { diff --git a/test/extended/testdata/bindata.go b/test/extended/testdata/bindata.go index 19a19f52dcd5..bd85f16946d6 100644 --- a/test/extended/testdata/bindata.go +++ b/test/extended/testdata/bindata.go @@ -10628,7 +10628,7 @@ items: - type: ConfigChange source: dockerfile: | - FROM openshift/origin:latest + FROM openshift/origin-control-plane:latest RUN yum-config-manager --disable origin-local-release ||: RUN yum install -y skopeo && \ yum clean all && mkdir -p gnupg && chmod -R 0777 /var/lib/origin @@ -10649,7 +10649,7 @@ items: dockerStrategy: from: kind: DockerImage - name: openshift/origin:latest + name: openshift/origin-control-plane:latest output: to: kind: ImageStreamTag @@ -31189,7 +31189,7 @@ spec: hostNetwork: true containers: - name: etcd - image: openshift/origin:latest + image: openshift/origin-control-plane:latest workingDir: /var/lib/etcd command: ["/bin/bash", "-c"] args: @@ -31241,7 +31241,7 @@ spec: hostNetwork: true containers: - name: api - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["/bin/bash", "-c"] args: - | @@ -31305,7 +31305,7 @@ spec: hostNetwork: true containers: - name: controllers - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["hyperkube", "kube-controller-manager"] args: - "--enable-dynamic-provisioning=true" @@ -31369,7 +31369,7 @@ parameters: - name: NAMESPACE value: kube-dns - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: LOGLEVEL value: "0" - name: KUBEDNS_CONFIG_HOST_PATH @@ -31466,7 +31466,7 @@ metadata: name: kube-proxy parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: kube-proxy - name: LOGLEVEL @@ -31562,7 +31562,7 @@ spec: hostNetwork: true containers: - name: scheduler - image: openshift/origin:latest + image: openshift/origin-control-plane:latest command: ["hyperkube", "kube-scheduler"] args: - "--leader-elect=true" @@ -31611,7 +31611,7 @@ metadata: name: openshift-apiserver parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: openshift-apiserver - name: LOGLEVEL @@ -31892,7 +31892,7 @@ metadata: name: openshift-controller-manager parameters: - name: IMAGE - value: openshift/origin:latest + value: openshift/origin-control-plane:latest - name: NAMESPACE value: openshift-controller-manager - name: LOGLEVEL diff --git a/test/extended/testdata/signer-buildconfig.yaml b/test/extended/testdata/signer-buildconfig.yaml index 91a22e13508c..d8ed033bf4cb 100644 --- a/test/extended/testdata/signer-buildconfig.yaml +++ b/test/extended/testdata/signer-buildconfig.yaml @@ -16,7 +16,7 @@ items: - type: ConfigChange source: dockerfile: | - FROM openshift/origin:latest + FROM openshift/origin-control-plane:latest RUN yum-config-manager --disable origin-local-release ||: RUN yum install -y skopeo && \ yum clean all && mkdir -p gnupg && chmod -R 0777 /var/lib/origin @@ -37,7 +37,7 @@ items: dockerStrategy: from: kind: DockerImage - name: openshift/origin:latest + name: openshift/origin-control-plane:latest output: to: kind: ImageStreamTag