1apiVersion: v1
2kind: ReplicationController
3metadata:
4 name: hollow-node
5 labels:
6 name: hollow-node
7 {{kubemark_mig_config}}
8spec:
9 replicas: {{numreplicas}}
10 selector:
11 name: hollow-node
12 template:
13 metadata:
14 labels:
15 name: hollow-node
16 {{kubemark_mig_config}}
17 spec:
18 initContainers:
19 - name: init-inotify-limit
20 image: busybox:1.32
21 command: ['sysctl', '-w', 'fs.inotify.max_user_instances=1000']
22 securityContext:
23 privileged: true
24 volumes:
25 - name: kubeconfig-volume
26 secret:
27 secretName: kubeconfig
28 - name: kernelmonitorconfig-volume
29 configMap:
30 name: node-configmap
31 - name: logs-volume
32 hostPath:
33 path: /var/log
34 - name: containerd
35 hostPath:
36 path: /run/containerd
37 - name: no-serviceaccount-access-to-real-master
38 emptyDir: {}
39 containers:
40 - name: hollow-kubelet
41 image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}}
42 ports:
43 - containerPort: 4194
44 - containerPort: 10250
45 - containerPort: 10255
46 env:
47 - name: NODE_NAME
48 valueFrom:
49 fieldRef:
50 fieldPath: metadata.name
51 command: [
52 "/go-runner",
53 "-log-file=/var/log/kubelet-$(NODE_NAME).log",
54 "/kubemark",
55 "--morph=kubelet",
56 "--name=$(NODE_NAME)",
57 "--kubeconfig=/kubeconfig/kubelet.kubeconfig",
58 "--node-labels={{hollow_node_labels}}",
59 {{hollow_kubelet_params}}
60 ]
61 volumeMounts:
62 - name: kubeconfig-volume
63 mountPath: /kubeconfig
64 readOnly: true
65 - name: logs-volume
66 mountPath: /var/log
67 - name: containerd
68 mountPath: /run/containerd
69 resources:
70 requests:
71 cpu: {{hollow_kubelet_millicpu}}m
72 memory: {{hollow_kubelet_mem_Ki}}Ki
73 securityContext:
74 privileged: true
75 - name: hollow-proxy
76 image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}}
77 env:
78 - name: NODE_NAME
79 valueFrom:
80 fieldRef:
81 fieldPath: metadata.name
82 command: [
83 "/go-runner",
84 "-log-file=/var/log/kubeproxy-$(NODE_NAME).log",
85 "/kubemark",
86 "--morph=proxy",
87 "--name=$(NODE_NAME)",
88 "--kubeconfig=/kubeconfig/kubeproxy.kubeconfig",
89 {{hollow_proxy_params}}
90 ]
91 volumeMounts:
92 - name: kubeconfig-volume
93 mountPath: /kubeconfig
94 readOnly: true
95 - name: logs-volume
96 mountPath: /var/log
97 resources:
98 requests:
99 cpu: {{hollow_proxy_millicpu}}m
100 memory: {{hollow_proxy_mem_Ki}}Ki
101 - name: hollow-node-problem-detector
102 image: registry.k8s.io/node-problem-detector/node-problem-detector:v0.8.16
103 env:
104 - name: NODE_NAME
105 valueFrom:
106 fieldRef:
107 fieldPath: metadata.name
108 command:
109 - /bin/sh
110 - -c
111 - /node-problem-detector --system-log-monitors=/config/kernel.monitor --apiserver-override="https://{{master_ip}}:443?inClusterConfig=false&auth=/kubeconfig/npd.kubeconfig" --alsologtostderr 1>>/var/log/npd-$(NODE_NAME).log 2>&1
112 volumeMounts:
113 - name: kubeconfig-volume
114 mountPath: /kubeconfig
115 readOnly: true
116 - name: kernelmonitorconfig-volume
117 mountPath: /config
118 readOnly: true
119 - name: no-serviceaccount-access-to-real-master
120 mountPath: /var/run/secrets/kubernetes.io/serviceaccount
121 readOnly: true
122 - name: logs-volume
123 mountPath: /var/log
124 resources:
125 requests:
126 cpu: {{npd_millicpu}}m
127 memory: {{npd_mem_Ki}}Ki
128 securityContext:
129 privileged: true
130 # Keep the pod running on unreachable node for 15 minutes.
131 # This time should be sufficient for a VM reboot and should
132 # avoid recreating a new hollow node.
133 # See https://github.com/kubernetes/kubernetes/issues/67120 for context.
134 tolerations:
135 - key: "node.kubernetes.io/unreachable"
136 operator: "Exists"
137 effect: "NoExecute"
138 tolerationSeconds: 900
View as plain text