K
Q

installing kubernetes on coreos with rkt and automated script

9/28/2016

I'm trying to install kuberentes with rkt on my real (not virtual) coreos servers at home using the scripts at https://github.com/coreos/coreos-kubernetes/tree/master/multi-node/generic and I have some questions.

  1. my etcd2 is using tls keys, I can't see anywhere in the script where I can define where the certificates are located.
  2. can I supply a domain instead of IP for ADVERTISE_IP and CONTROLLER_ENDPOINT ?
  3. when I tried to install kubernetes manually I needed start the rkt service api. it doesn't state in the documents that it needed here, does it mean that I don't need it if I use these scripts? or is it just something that's missing in the documents?

thanks!

update

Rob thank you so much for your response. I wasn't clear enough regarding etcd2. I already have etcd2 tls installed and properly configured on my coreos servers. so I configured my etcd servers in the controller-install.sh file:

export ETCD_ENDPOINTS="https://coreos-2.tux-in.com:2379,https://coreos-3.tux-in.com:2379"

but when I run the controller-install.sh script, it returns and repeat the following output:

Waiting for etcd...
Trying: https://coreos-2.tux-in.com:2379
Trying: https://coreos-3.tux-in.com:2379
Trying: https://coreos-2.tux-in.com:2379
Trying: https://coreos-3.tux-in.com:2379
...

so I was guessing it's because i didn't define etcd related tls certificates in the controller script and that is why it stuck in that faze.

on my macbook pro laptop I have the following alias configured:

alias myetcdctl="~/apps/etcd-v3.0.8-darwin-amd64/etcdctl --endpoint=https://coreos-2.tux-in.com:2379 --ca-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/ca.pem --cert-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/etcd1.pem --key-file=/Users/ufk/Projects/coreos/tux-in/etcd/certs/certs-names/etcd1-key.pem  --timeout=10s"

so when I run myetcdctl member list I get:

8832ce6a269a7dac: name=ccff826d5f564c67abf35467306f80a0 peerURLs=https://coreos-3.tux-in.com:2380 clientURLs=https://coreos-3.tux-in.com:2379 isLeader=true
a2c0ac9708ef90fc: name=dc38bc8f20e64940b260d3f7b260430d peerURLs=https://coreos-2.tux-in.com:2380 clientURLs=https://coreos-2.tux-in.com:2379 isLeader=false

so I'm guessing that I don't really have a problem there.

any ideas?

thanks!

-- ufk
coreos
kubernetes
rkt

Similar Questions

Kubernetes resource limitation for containers not working
Parse nginx ingress logs in fluentd
Setup Flannel for kubernetes in AWS
Docker stats for docker containers in kubernetes returning empty values

1 Answer

9/28/2016

my etcd2 is using tls keys, I can't see anywhere in the script where I can define where the certificates are located.

These scripts don't start an etcd server. You will need to set one up manually and will be able to use TLS and as many nodes as you would like. This isn't clear in the current form of the document, I will attempt a PR to fix.

can I supply a domain instead of IP for ADVERTISE_IP and CONTROLLER_ENDPOINT ?

Only CONTROLLER_ENDPOINT be a domain name.

when I tried to install kubernetes manually I needed start the rkt service api. it doesn't state in the documents that it needed here, does it mean that I don't need it if I use these scripts? or is it just something that's missing in the documents?

These scripts include/start the rkt API service. As you can see below, it also has a Restart parameter set (source):

[Unit]
Before=kubelet.service

[Service]
ExecStart=/usr/bin/rkt api-service
Restart=always
RestartSec=10

[Install]
RequiredBy=kubelet.service
-- Rob
Source: StackOverflow