apiVersion: v1 kind: ReplicationController metadata: name: hollow-node labels: name: hollow-node {{kubemark_mig_config}} spec: replicas: {{numreplicas}} selector: name: hollow-node template: metadata: labels: name: hollow-node {{kubemark_mig_config}} spec: initContainers: - name: init-inotify-limit image: busybox:1.32 command: ['sysctl', '-w', 'fs.inotify.max_user_instances=1000'] securityContext: privileged: true volumes: - name: kubeconfig-volume secret: secretName: kubeconfig - name: kernelmonitorconfig-volume configMap: name: node-configmap - name: logs-volume hostPath: path: /var/log - name: containerd hostPath: path: /run/containerd - name: no-serviceaccount-access-to-real-master emptyDir: {} containers: - name: hollow-kubelet image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}} ports: - containerPort: 4194 - containerPort: 10250 - containerPort: 10255 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: metadata.name command: [ "/go-runner", "-log-file=/var/log/kubelet-$(NODE_NAME).log", "/kubemark", "--morph=kubelet", "--name=$(NODE_NAME)", "--kubeconfig=/kubeconfig/kubelet.kubeconfig", "--node-labels={{hollow_node_labels}}", {{hollow_kubelet_params}} ] volumeMounts: - name: kubeconfig-volume mountPath: /kubeconfig readOnly: true - name: logs-volume mountPath: /var/log - name: containerd mountPath: /run/containerd resources: requests: cpu: {{hollow_kubelet_millicpu}}m memory: {{hollow_kubelet_mem_Ki}}Ki securityContext: privileged: true - name: hollow-proxy image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}} env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: metadata.name command: [ "/go-runner", "-log-file=/var/log/kubeproxy-$(NODE_NAME).log", "/kubemark", "--morph=proxy", "--name=$(NODE_NAME)", "--kubeconfig=/kubeconfig/kubeproxy.kubeconfig", {{hollow_proxy_params}} ] volumeMounts: - name: kubeconfig-volume mountPath: /kubeconfig readOnly: true - name: logs-volume mountPath: /var/log resources: requests: cpu: {{hollow_proxy_millicpu}}m memory: {{hollow_proxy_mem_Ki}}Ki - name: hollow-node-problem-detector image: registry.k8s.io/node-problem-detector/node-problem-detector:v0.8.16 env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: metadata.name command: - /bin/sh - -c - /node-problem-detector --system-log-monitors=/config/kernel.monitor --apiserver-override="https://{{master_ip}}:443?inClusterConfig=false&auth=/kubeconfig/npd.kubeconfig" --alsologtostderr 1>>/var/log/npd-$(NODE_NAME).log 2>&1 volumeMounts: - name: kubeconfig-volume mountPath: /kubeconfig readOnly: true - name: kernelmonitorconfig-volume mountPath: /config readOnly: true - name: no-serviceaccount-access-to-real-master mountPath: /var/run/secrets/kubernetes.io/serviceaccount readOnly: true - name: logs-volume mountPath: /var/log resources: requests: cpu: {{npd_millicpu}}m memory: {{npd_mem_Ki}}Ki securityContext: privileged: true # Keep the pod running on unreachable node for 15 minutes. # This time should be sufficient for a VM reboot and should # avoid recreating a new hollow node. # See https://github.com/kubernetes/kubernetes/issues/67120 for context. tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationSeconds: 900