Итак, это мой облачный конфиг
#cloud-config
coreos:
etcd2:
discovery: "https://discovery.etcd.io/tocken"
advertise-client-urls: "http://$private_ipv4:2379"
initial-advertise-peer-urls: "http://$private_ipv4:2380"
listen-client-urls: "http://0.0.0.0:2379,http://0.0.0.0:4001"
listen-peer-urls: "http://$private_ipv4:2380,http://$private_ipv4:7001"
flannel:
interface: $private_ipv4
units:
- name: etcd2.service
command: start
- name: flanneld.service
drop-ins:
- name: 50-network-config.conf
content: |
[Service]
ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{ "Network": "10.1.0.0/16" }'
command: start
- name: sshd.socket
command: restart
runtime: true
content: |
[Unit]
Description=OpenSSH server daemon
Conflicts=sshd.service
[Socket]
ListenStream=65321
FreeBind=true
Accept=yes
[Install]
WantedBy=sockets.target
- name: kubelet.service
command: restart
runtime: true
content: |
[Service]
Environment=KUBELET_VERSION=v1.6.1_coreos.0
ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
ExecStart=/usr/lib/coreos/kubelet-wrapper \
--api-servers=http://127.0.0.1:8080 \
--allow-privileged=true \
--config=/etc/kubernetes/manifests \
--hostname-override=$private_ipv4 \
--cluster-dns=10.13.0.10 \
--cluster-domain=cluster.local
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
users:
- name: admin
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuCXgeT7kQfSikcU1BWRyMFi8izN+1WHPNopaaXQV2xune6nKOHN8yhGVRKaE9iQHY+6jSjxWd5SY9CEyWlIST5dxfffRkWZiuJISHAxl6+E+fI0kNsUG2AXTXuJnXBQllqkgsggfBJ+5BxNf35IyfILTqkDu99ZNBNbeTNSPJmbYgMs71fWB2TiGx8ugsZrIOzqbcEfu9KNTD+RszrLaCRAZNl1sANEk7N7ZIUaIIlBBxmaPWW1voXor4AP/SAnHMEouX25ZlruL7nCEH9BybVYT8xFVEBl0fJIoj/c1TYkk/80P7JLJg0pIAxMCWqy0NzBwEcXbef1yIlO6meDuZ Kirill@NOUTKIR
groups:
- "sudo"
shell: /bin/bash
write_files:
- path: "/etc/ssh/sshd_config"
permissions: 0600
owner: root:root
content: |
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
AllowUsers admin
PasswordAuthentication no
- path: "/etc/kubernetes/manifests/kube-apiserver.yaml
# permissions: ??
# owner: ??
content: |
apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-apiserver
image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
command:
- /hyperkube
- apiserver
- --bind-address=0.0.0.0
- --etcd-servers=http://<master private IP>:2379,http://<node1 private IP>:2379,http://<node2 private IP>:2379
- --allow-privileged=true
- --service-cluster-ip-range=10.13.0.0/24
- --secure-port=443
- --advertise-address=<master private IP>
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota
# - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
# - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
# - --client-ca-file=/etc/kubernetes/ssl/ca.pem
- --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
- --runtime-config=extensions/v1beta1=true,extensions/v1beta1/networkpolicies=true
ports:
- containerPort: 443
hostPort: 443
name: https
- containerPort: 8080
hostPort: 8080
name: local
# volumeMounts:
# - mountPath: /etc/kubernetes/ssl
# name: ssl-certs-kubernetes
# readOnly: true
# - mountPath: /etc/ssl/certs
# name: ssl-certs-host
# readOnly: true
# volumes:
# - hostPath:
# path: /etc/kubernetes/ssl
# name: ssl-certs-kubernetes
# - hostPath:
# path: /usr/share/ca-certificates
# name: ssl-certs-host
- path: /etc/kubernetes/manifests/kube-proxy.yaml
# permissions: ??
# owner: ??
content: |
apiVersion: v1
kind: Pod
metadata:
name: kube-proxy
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-proxy
image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
command:
- /hyperkube
- proxy
- --master=http://127.0.0.1:8080
- --proxy-mode=iptables
securityContext:
privileged: true
# volumeMounts:
# - mountPath: /etc/ssl/certs
# name: ssl-certs-host
# readOnly: true
# volumes:
# - hostPath:
# path: /usr/share/ca-certificates
# name: ssl-certs-host
- path: /etc/kubernetes/manifests/kube-controller-manager.yaml
# permissions: ??
# owner: ??
content: |
apiVersion: v1
kind: Pod
metadata:
name: kube-controller-manager
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-controller-manager
image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
command:
- /hyperkube
- controller-manager
- --master=http://127.0.0.1:8080
- --leader-elect=true
# - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
# - --root-ca-file=/etc/kubernetes/ssl/ca.pem
livenessProbe:
httpGet:
host: 127.0.0.1
path: /healthz
port: 10252
initialDelaySeconds: 15
timeoutSeconds: 1
# volumeMounts:
# - mountPath: /etc/kubernetes/ssl
# name: ssl-certs-kubernetes
# readOnly: true
# - mountPath: /etc/ssl/certs
# name: ssl-certs-host
# readOnly: true
# volumes:
# - hostPath:
# path: /etc/kubernetes/ssl
# name: ssl-certs-kubernetes
# - hostPath:
# path: /usr/share/ca-certificates
# name: ssl-certs-host
- path: /etc/kubernetes/manifests/kube-scheduler.yaml
# permissions: ??
# owner: ??
content: |
apiVersion: v1
kind: Pod
metadata:
name: kube-scheduler
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-scheduler
image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
command:
- /hyperkube
- scheduler
- --master=http://127.0.0.1:8080
- --leader-elect=true
livenessProbe:
httpGet:
host: 127.0.0.1
path: /healthz
port: 10251
initialDelaySeconds: 15
timeoutSeconds: 1
Кто-нибудь сталкивался с этим раньше? Я уже потерял 4 часа в поиске дерьма
P.S: Ошибка на предпоследней строке
Строка 99:
- path: "/etc/kubernetes/manifests/kube-apiserver.yaml
... отсутствует цитата.
К вашему сведению, я нашел это примерно за 5 секунд с помощью YAMLlint.