зеркало из https://github.com/Azure/acs-engine.git
imagePullPolicy: IfNotPresent for all versioned containers (#4212)
This commit is contained in:
Родитель
19927b724b
Коммит
1022387742
|
@ -387,8 +387,8 @@ Below is a list of apiserver options that acs-engine will configure by default:
|
|||
|
||||
| apiserver option | default value |
|
||||
| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| "--admission-control" | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,AlwaysPullImages" (Kubernetes versions prior to 1.9.0 |
|
||||
| "--enable-admission-plugins"`*` | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,AlwaysPullImages" (Kubernetes versions 1.9.0 and later |
|
||||
| "--admission-control" | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota" (Kubernetes versions prior to 1.9.0) |
|
||||
| "--enable-admission-plugins"`*` | "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,ExtendedResourceToleration" (Kubernetes versions 1.9.0 and later) |
|
||||
| "--authorization-mode" | "Node", "RBAC" (_the latter if enabledRbac is true_) |
|
||||
| "--audit-log-maxage" | "30" |
|
||||
| "--audit-log-maxbackup" | "10" |
|
||||
|
|
|
@ -136,6 +136,16 @@ for KUBE_SVC_REDIRECT_VERSION in ${KUBE_SVC_REDIRECT_VERSIONS}; do
|
|||
pullContainerImage "docker" "docker.io/deis/kube-svc-redirect:v${KUBE_SVC_REDIRECT_VERSION}"
|
||||
done
|
||||
|
||||
KV_FLEXVOLUME_VERSIONS="0.0.5"
|
||||
for KV_FLEXVOLUME_VERSION in ${KV_FLEXVOLUME_VERSIONS}; do
|
||||
pullContainerImage "docker" "mcr.microsoft.com/k8s/flexvolume/keyvault-flexvolume:v${KV_FLEXVOLUME_VERSION}"
|
||||
done
|
||||
|
||||
IP_MASQ_AGENT_VERSIONS="2.0.0"
|
||||
for IP_MASQ_AGENT_VERSION in ${IP_MASQ_AGENT_VERSIONS}; do
|
||||
pullContainerImage "docker" "gcr.io/google-containers/ip-masq-agent-amd64:v${IP_MASQ_AGENT_VERSION}"
|
||||
done
|
||||
|
||||
NGINX_VERSIONS="1.13.12-alpine"
|
||||
for NGINX_VERSION in ${NGINX_VERSIONS}; do
|
||||
pullContainerImage "docker" "nginx:${NGINX_VERSION}"
|
||||
|
|
|
@ -94,6 +94,7 @@ spec:
|
|||
containers:
|
||||
- name: kubedns
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
# TODO: Set memory limits when we've profiled the container for large
|
||||
# clusters, then set request = limit to keep this container in
|
||||
|
@ -143,6 +144,7 @@ spec:
|
|||
mountPath: /kube-dns-config
|
||||
- name: dnsmasq
|
||||
image: <imgMasq>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthcheck/dnsmasq
|
||||
|
@ -181,6 +183,7 @@ spec:
|
|||
mountPath: /etc/k8s/dns/dnsmasq-nanny
|
||||
- name: sidecar
|
||||
image: <imgSidecar>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
|
|
|
@ -96,6 +96,7 @@ spec:
|
|||
serviceAccountName: heapster
|
||||
containers:
|
||||
- image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- "/heapster"
|
||||
- "--source=kubernetes.summary_api:\"\""
|
||||
|
@ -108,6 +109,7 @@ spec:
|
|||
cpu: 80m
|
||||
memory: 140Mi
|
||||
- image: <imgNanny>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- "/pod_nanny"
|
||||
- "--cpu=80m"
|
||||
|
|
|
@ -64,7 +64,7 @@ spec:
|
|||
- args:
|
||||
- --heapster-host=http://heapster.kube-system:80
|
||||
image: <img>
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: "/"
|
||||
|
|
|
@ -96,6 +96,7 @@ spec:
|
|||
serviceAccountName: heapster
|
||||
containers:
|
||||
- image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- "/heapster"
|
||||
- "--source=kubernetes.summary_api:\"\""
|
||||
|
@ -108,6 +109,7 @@ spec:
|
|||
cpu: 80m
|
||||
memory: 140Mi
|
||||
- image: <imgNanny>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- "/pod_nanny"
|
||||
- "--cpu=80m"
|
||||
|
|
|
@ -84,6 +84,7 @@ spec:
|
|||
- name: PROMETHEUS_PORT
|
||||
value: "10055"
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
|
@ -134,6 +135,7 @@ spec:
|
|||
- "--server=/ip6.arpa/127.0.0.1#10053"
|
||||
- "--log-facility=-"
|
||||
image: <imgMasq>
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: dnsmasq
|
||||
ports:
|
||||
- containerPort: 53
|
||||
|
@ -156,6 +158,7 @@ spec:
|
|||
- name: PROBE_DOMAINS
|
||||
value: bing.com kubernetes.default.svc.<domain>
|
||||
image: <imgHealthz>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
|
|
|
@ -64,7 +64,7 @@ spec:
|
|||
- args:
|
||||
- --heapster-host=http://heapster.kube-system:80
|
||||
image: <img>
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: "/"
|
||||
|
|
|
@ -96,6 +96,7 @@ spec:
|
|||
serviceAccountName: heapster
|
||||
containers:
|
||||
- image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- "/heapster"
|
||||
- "--source=kubernetes.summary_api:\"\""
|
||||
|
@ -108,6 +109,7 @@ spec:
|
|||
cpu: 80m
|
||||
memory: 140Mi
|
||||
- image: <imgNanny>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- "/pod_nanny"
|
||||
- "--cpu=80m"
|
||||
|
|
|
@ -84,6 +84,7 @@ spec:
|
|||
- name: PROMETHEUS_PORT
|
||||
value: "10055"
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
|
@ -134,6 +135,7 @@ spec:
|
|||
- "--server=/ip6.arpa/127.0.0.1#10053"
|
||||
- "--log-facility=-"
|
||||
image: <imgMasq>
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: dnsmasq
|
||||
ports:
|
||||
- containerPort: 53
|
||||
|
@ -156,6 +158,7 @@ spec:
|
|||
- name: PROBE_DOMAINS
|
||||
value: bing.com kubernetes.default.svc.<domain>
|
||||
image: <imgHealthz>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
|
|
|
@ -64,7 +64,7 @@ spec:
|
|||
- args:
|
||||
- --heapster-host=http://heapster.kube-system:80
|
||||
image: <img>
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: "/"
|
||||
|
|
|
@ -93,6 +93,7 @@ spec:
|
|||
containers:
|
||||
- name: kubedns
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
# TODO: Set memory limits when we've profiled the container for large
|
||||
# clusters, then set request = limit to keep this container in
|
||||
|
@ -142,6 +143,7 @@ spec:
|
|||
mountPath: /kube-dns-config
|
||||
- name: dnsmasq
|
||||
image: <imgMasq>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthcheck/dnsmasq
|
||||
|
@ -180,6 +182,7 @@ spec:
|
|||
mountPath: /etc/k8s/dns/dnsmasq-nanny
|
||||
- name: sidecar
|
||||
image: <imgSidecar>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
|
|
|
@ -29,6 +29,7 @@ spec:
|
|||
containers:
|
||||
- name: azure-cnms
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
|
|
|
@ -28,6 +28,7 @@ spec:
|
|||
containers:
|
||||
- name: azure-ip-masq-agent
|
||||
image: gcr.io/google-containers/ip-masq-agent-amd64:v2.0.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
|
|
|
@ -105,7 +105,7 @@ spec:
|
|||
containers:
|
||||
- name: nmi
|
||||
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.2"
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
|
@ -203,7 +203,7 @@ spec:
|
|||
containers:
|
||||
- name: mic
|
||||
image: mcr.microsoft.com/k8s/aad-pod-identity/mic:1.2
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
|
|
|
@ -154,7 +154,7 @@ spec:
|
|||
beta.kubernetes.io/os: linux
|
||||
containers:
|
||||
- image: <img>
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: cluster-autoscaler
|
||||
resources:
|
||||
limits:
|
||||
|
|
|
@ -107,6 +107,7 @@ spec:
|
|||
priorityClassName: system-cluster-critical
|
||||
containers:
|
||||
- image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: heapster
|
||||
resources:
|
||||
limits:
|
||||
|
@ -126,6 +127,7 @@ spec:
|
|||
- /heapster
|
||||
- --source=kubernetes.summary_api:''
|
||||
- image: <imgNanny>
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: heapster-nanny
|
||||
resources:
|
||||
limits:
|
||||
|
|
|
@ -27,7 +27,7 @@ spec:
|
|||
containers:
|
||||
- name: keyvault-flexvolume
|
||||
image: mcr.microsoft.com/k8s/flexvolume/keyvault-flexvolume:v0.0.5
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
requests:
|
||||
cpu: <cpuReq>
|
||||
|
|
|
@ -95,6 +95,7 @@ spec:
|
|||
containers:
|
||||
- name: kubedns
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
# TODO: Set memory limits when we've profiled the container for large
|
||||
# clusters, then set request = limit to keep this container in
|
||||
|
@ -144,6 +145,7 @@ spec:
|
|||
mountPath: /kube-dns-config
|
||||
- name: dnsmasq
|
||||
image: <imgMasq>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthcheck/dnsmasq
|
||||
|
@ -182,6 +184,7 @@ spec:
|
|||
mountPath: /etc/k8s/dns/dnsmasq-nanny
|
||||
- name: sidecar
|
||||
image: <imgSidecar>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
|
|
|
@ -27,6 +27,7 @@ spec:
|
|||
- --cluster-cidr=<CIDR>
|
||||
- --feature-gates=ExperimentalCriticalPodAnnotation=true
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: kube-proxy
|
||||
resources:
|
||||
requests:
|
||||
|
|
|
@ -23,6 +23,7 @@ spec:
|
|||
beta.kubernetes.io/os: linux
|
||||
containers:
|
||||
- image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: rescheduler
|
||||
resources:
|
||||
requests:
|
||||
|
|
|
@ -99,7 +99,7 @@ spec:
|
|||
- --auto-generate-certificates
|
||||
- --heapster-host=http://heapster.kube-system:80
|
||||
image: <img>
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: "/"
|
||||
|
|
|
@ -123,7 +123,7 @@ spec:
|
|||
containers:
|
||||
- name: metrics-server
|
||||
image: <img>
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /metrics-server
|
||||
- --source=kubernetes.summary_api:''
|
||||
|
|
|
@ -68,6 +68,7 @@ spec:
|
|||
- name: TILLER_HISTORY_MAX
|
||||
value: "<maxHist>"
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /liveness
|
||||
|
|
|
@ -11,6 +11,7 @@ spec:
|
|||
containers:
|
||||
- name: cloud-controller-manager
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["cloud-controller-manager"]
|
||||
args: [<config>]
|
||||
volumeMounts:
|
||||
|
|
|
@ -9,6 +9,7 @@ spec:
|
|||
containers:
|
||||
- name: kube-addon-manager
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
requests:
|
||||
cpu: 5m
|
||||
|
|
|
@ -11,6 +11,7 @@ spec:
|
|||
containers:
|
||||
- name: kube-apiserver
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/hyperkube", "apiserver"]
|
||||
args: [<args>]
|
||||
volumeMounts:
|
||||
|
|
|
@ -11,6 +11,7 @@ spec:
|
|||
containers:
|
||||
- name: kube-controller-manager
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/hyperkube", "controller-manager"]
|
||||
args: [<args>]
|
||||
volumeMounts:
|
||||
|
|
|
@ -11,6 +11,7 @@ spec:
|
|||
containers:
|
||||
- name: kube-scheduler
|
||||
image: <img>
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/hyperkube", "scheduler"]
|
||||
args: [<args>]
|
||||
volumeMounts:
|
||||
|
|
|
@ -143,9 +143,9 @@ func getDefaultAdmissionControls(cs *ContainerService) (string, string) {
|
|||
// Add new version case when applying admission controllers only available in that version or later
|
||||
switch {
|
||||
case common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.9.0"):
|
||||
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,AlwaysPullImages,ExtendedResourceToleration"
|
||||
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,ExtendedResourceToleration"
|
||||
default:
|
||||
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,AlwaysPullImages"
|
||||
admissionControlValues = "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
|
||||
}
|
||||
|
||||
// Pod Security Policy configuration
|
||||
|
|
Загрузка…
Ссылка в новой задаче