Coreos

發現流雲配置的意外結束

  • April 4, 2017

所以這是我的雲配置

#cloud-config
coreos:
 etcd2:
   discovery: "https://discovery.etcd.io/tocken"
   advertise-client-urls: "http://$private_ipv4:2379"
   initial-advertise-peer-urls: "http://$private_ipv4:2380"
   listen-client-urls: "http://0.0.0.0:2379,http://0.0.0.0:4001"
   listen-peer-urls: "http://$private_ipv4:2380,http://$private_ipv4:7001"

 flannel:
   interface: $private_ipv4

 units:
   - name: etcd2.service
     command: start
   - name: flanneld.service
     drop-ins:
       - name: 50-network-config.conf
         content: |
           [Service]
           ExecStartPre=/usr/bin/etcdctl set /coreos.com/network/config '{ "Network": "10.1.0.0/16" }'
     command: start
   - name: sshd.socket
     command: restart
     runtime: true
     content: |
       [Unit]
       Description=OpenSSH server daemon
       Conflicts=sshd.service

       [Socket]
       ListenStream=65321
       FreeBind=true
       Accept=yes

       [Install]
       WantedBy=sockets.target
   - name: kubelet.service
     command: restart
     runtime: true
     content: |
       [Service]
       Environment=KUBELET_VERSION=v1.6.1_coreos.0
       ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
       ExecStart=/usr/lib/coreos/kubelet-wrapper \
         --api-servers=http://127.0.0.1:8080 \
         --allow-privileged=true \
         --config=/etc/kubernetes/manifests \
         --hostname-override=$private_ipv4 \
         --cluster-dns=10.13.0.10 \
         --cluster-domain=cluster.local
       Restart=always
       RestartSec=10

       [Install]
       WantedBy=multi-user.target

users:
 - name: admin
   ssh-authorized-keys:
     - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuCXgeT7kQfSikcU1BWRyMFi8izN+1WHPNopaaXQV2xune6nKOHN8yhGVRKaE9iQHY+6jSjxWd5SY9CEyWlIST5dxfffRkWZiuJISHAxl6+E+fI0kNsUG2AXTXuJnXBQllqkgsggfBJ+5BxNf35IyfILTqkDu99ZNBNbeTNSPJmbYgMs71fWB2TiGx8ugsZrIOzqbcEfu9KNTD+RszrLaCRAZNl1sANEk7N7ZIUaIIlBBxmaPWW1voXor4AP/SAnHMEouX25ZlruL7nCEH9BybVYT8xFVEBl0fJIoj/c1TYkk/80P7JLJg0pIAxMCWqy0NzBwEcXbef1yIlO6meDuZ Kirill@NOUTKIR
   groups:
    - "sudo"
   shell: /bin/bash
write_files:
 - path: "/etc/ssh/sshd_config"
   permissions: 0600
   owner: root:root
   content: |
        HostKey /etc/ssh/ssh_host_rsa_key
        HostKey /etc/ssh/ssh_host_dsa_key
        HostKey /etc/ssh/ssh_host_ecdsa_key
        HostKey /etc/ssh/ssh_host_ed25519_key
        UsePrivilegeSeparation yes
        KeyRegenerationInterval 3600
        ServerKeyBits 1024
        SyslogFacility AUTH
        LogLevel INFO
        LoginGraceTime 120
        PermitRootLogin no
        StrictModes yes
        RSAAuthentication yes
        PubkeyAuthentication yes
        IgnoreRhosts yes
        RhostsRSAAuthentication no
        HostbasedAuthentication no
        PermitEmptyPasswords no
        ChallengeResponseAuthentication no
        X11Forwarding yes
        X11DisplayOffset 10
        PrintMotd no
        PrintLastLog yes
        TCPKeepAlive yes
        AcceptEnv LANG LC_*
        Subsystem sftp /usr/lib/openssh/sftp-server
        UsePAM yes
        AllowUsers admin
        PasswordAuthentication no
 - path: "/etc/kubernetes/manifests/kube-apiserver.yaml
#    permissions: ??
#    owner: ??
   content: |
        apiVersion: v1
        kind: Pod
        metadata:
          name: kube-apiserver
          namespace: kube-system
        spec:
          hostNetwork: true
          containers:
          - name: kube-apiserver
            image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
            command:
            - /hyperkube
            - apiserver
            - --bind-address=0.0.0.0
            - --etcd-servers=http://<master private IP>:2379,http://<node1 private IP>:2379,http://<node2 private IP>:2379
            - --allow-privileged=true
            - --service-cluster-ip-range=10.13.0.0/24
            - --secure-port=443
            - --advertise-address=<master private IP>
            - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota
#    - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
#    - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
#    - --client-ca-file=/etc/kubernetes/ssl/ca.pem
            - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
            - --runtime-config=extensions/v1beta1=true,extensions/v1beta1/networkpolicies=true
            ports:
            - containerPort: 443
              hostPort: 443
              name: https
            - containerPort: 8080
              hostPort: 8080
              name: local
#    volumeMounts:
#    - mountPath: /etc/kubernetes/ssl
#      name: ssl-certs-kubernetes
#      readOnly: true
#    - mountPath: /etc/ssl/certs
#      name: ssl-certs-host
#      readOnly: true
#  volumes:
#  - hostPath:
#      path: /etc/kubernetes/ssl
#    name: ssl-certs-kubernetes
#  - hostPath:
#      path: /usr/share/ca-certificates
#    name: ssl-certs-host
 - path: /etc/kubernetes/manifests/kube-proxy.yaml
#    permissions: ??
#    owner: ??
   content: |
        apiVersion: v1
        kind: Pod
        metadata:
          name: kube-proxy
          namespace: kube-system
        spec:
          hostNetwork: true
          containers:
          - name: kube-proxy
            image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
            command:
            - /hyperkube
            - proxy
            - --master=http://127.0.0.1:8080
            - --proxy-mode=iptables
            securityContext:
              privileged: true
#             volumeMounts:
#             - mountPath: /etc/ssl/certs
#               name: ssl-certs-host
#               readOnly: true
#           volumes:
#           - hostPath:
#               path: /usr/share/ca-certificates
#             name: ssl-certs-host
 - path: /etc/kubernetes/manifests/kube-controller-manager.yaml
#    permissions: ??
#    owner: ??
   content: |
        apiVersion: v1
        kind: Pod
        metadata:
          name: kube-controller-manager
          namespace: kube-system
        spec:
          hostNetwork: true
          containers:
          - name: kube-controller-manager
            image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
            command:
            - /hyperkube
            - controller-manager
            - --master=http://127.0.0.1:8080
            - --leader-elect=true
#             - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
#             - --root-ca-file=/etc/kubernetes/ssl/ca.pem
            livenessProbe:
              httpGet:
                host: 127.0.0.1
                path: /healthz
                port: 10252
              initialDelaySeconds: 15
              timeoutSeconds: 1
#             volumeMounts:
#             - mountPath: /etc/kubernetes/ssl
#               name: ssl-certs-kubernetes
#               readOnly: true
#             - mountPath: /etc/ssl/certs
#               name: ssl-certs-host
#               readOnly: true
#           volumes:
#           - hostPath:
#               path: /etc/kubernetes/ssl
#             name: ssl-certs-kubernetes
#           - hostPath:
#               path: /usr/share/ca-certificates
#             name: ssl-certs-host
 - path: /etc/kubernetes/manifests/kube-scheduler.yaml
#    permissions: ??
#    owner: ??
   content: |
        apiVersion: v1
        kind: Pod
        metadata:
          name: kube-scheduler
          namespace: kube-system
        spec:
          hostNetwork: true
          containers:
          - name: kube-scheduler
            image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
            command:
            - /hyperkube
            - scheduler
            - --master=http://127.0.0.1:8080
            - --leader-elect=true
            livenessProbe:
              httpGet:
                host: 127.0.0.1
                path: /healthz
                port: 10251
              initialDelaySeconds: 15
              timeoutSeconds: 1

有人遇到過這種情況嗎?我已經失去了 4 個小時的Google搜尋和嘗試狗屎

PS:前行錯誤

第 99 行:

 - path: "/etc/kubernetes/manifests/kube-apiserver.yaml

…缺少報價。

僅供參考,我在YAMLlint的幫助下在大約 5 秒內找到了這個。

引用自:https://serverfault.com/questions/842549