Gcr image (#41)

* change default image to gcr based hyperkube

- requires conversion from docker

Author: george-angel

resources/kube-apiserver.yaml

@@ -12,8 +12,7 @@ spec:
   - name: kube-apiserver
     image: ${hyperkube_image_url}:${hyperkube_image_tag}
     command:
-    - /hyperkube
-    - apiserver
+    - kube-apiserver
     - --etcd-servers=${etcd_endpoints}
     - --etcd-cafile=/etc/kubernetes/ssl/ca.pem
     - --etcd-certfile=/etc/kubernetes/ssl/node.pem

resources/kube-controller-manager.yaml

@@ -10,8 +10,7 @@ spec:
   - name: kube-controller-manager
     image: ${hyperkube_image_url}:${hyperkube_image_tag}
     command:
-    - /hyperkube
-    - controller-manager
+    - kube-controller-manager
     - --master=http://127.0.0.1:8080
     - --leader-elect=true
     - --use-service-account-credentials

resources/kube-scheduler.yaml

@@ -11,8 +11,7 @@ spec:
   - name: kube-scheduler
     image: ${hyperkube_image_url}:${hyperkube_image_tag}
     command:
-    - /hyperkube
-    - scheduler
+    - kube-scheduler
     - --config=/etc/kubernetes/config/kube-scheduler-config.yaml
     - --v=0
     livenessProbe:

resources/master-kubelet.service

@@ -2,9 +2,10 @@
 Description=kubelet-on-rkt service
 After=systemd-resolved.service
 [Service]
-Environment=KUBELET_IMAGE_URL=${kubelet_image_url}
+Environment=KUBELET_IMAGE_URL=docker://${kubelet_image_url}
 Environment=KUBELET_IMAGE_TAG=${kubelet_image_tag}
 Environment="RKT_RUN_ARGS=\
+  --insecure-options=image \
   --uuid-file-save=/var/run/kubelet-pod.uuid \
   --volume var-log,kind=host,source=/var/log --mount volume=var-log,target=/var/log \
   --volume cni-bin,kind=host,source=/opt/cni/bin --mount volume=cni-bin,target=/opt/cni/bin \
@@ -20,6 +21,8 @@ ExecStartPre=/usr/bin/mkdir -p /var/lib/cni
 ExecStartPre=/usr/bin/mkdir -p /etc/cni/net.d
 ExecStartPre=/usr/bin/mkdir -p /var/run/calico
 ExecStartPre=/usr/bin/mkdir -p /var/lib/calico
+# This is a partial workaround to this upstream Kubernetes issue:
+#  https://github.com/kubernetes/kubernetes/issues/41916#issuecomment-312428731
 ExecStartPre=/sbin/sysctl -w net.ipv4.tcp_retries2=8
 ExecStartPre=/opt/bin/cfssl-sk-get
 ExecStartPre=/opt/bin/cfssl-new-cert

resources/worker-kubelet.service

@@ -2,9 +2,10 @@
 Description=kubelet-on-rkt service
 After=systemd-resolved.service
 [Service]
-Environment=KUBELET_IMAGE_URL=${kubelet_image_url}
+Environment=KUBELET_IMAGE_URL=docker://${kubelet_image_url}
 Environment=KUBELET_IMAGE_TAG=${kubelet_image_tag}
 Environment="RKT_RUN_ARGS=\
+  --insecure-options=image \
   --uuid-file-save=/var/run/kubelet-pod.uuid \
   --volume var-log,kind=host,source=/var/log --mount volume=var-log,target=/var/log \
   --volume cni-bin,kind=host,source=/opt/cni/bin --mount volume=cni-bin,target=/opt/cni/bin \

variables.tf

@@ -49,12 +49,12 @@ variable "node_exporter_image_tag" {
 
 variable "hyperkube_image_url" {
   description = "Where to get the hyperkube image from."
-  default     = "quay.io/coreos/hyperkube"
+  default     = "gcr.io/google-containers/hyperkube-amd64"
 }
 
 variable "hyperkube_image_tag" {
   description = "The version of the hyperkube image to use."
-  default     = "v1.10.0_coreos.0"
+  default     = "v1.10.4"
 }
 
 variable "cluster_dns" {