diff --git a/parts/k8s/addons/kubernetesmasteraddons-kube-dns-deployment.yaml b/parts/k8s/addons/kubernetesmasteraddons-kube-dns-deployment.yaml index 4d05fc38ac..fa5ca691a5 100644 --- a/parts/k8s/addons/kubernetesmasteraddons-kube-dns-deployment.yaml +++ b/parts/k8s/addons/kubernetesmasteraddons-kube-dns-deployment.yaml @@ -43,6 +43,11 @@ spec: matchLabels: k8s-app: kube-dns version: v20 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate template: metadata: annotations: @@ -168,3 +173,4 @@ spec: serviceAccountName: kube-dns nodeSelector: beta.kubernetes.io/os: linux + agentpool: system diff --git a/parts/k8s/addons/kubernetesmasteraddons-kube-proxy-daemonset.yaml b/parts/k8s/addons/kubernetesmasteraddons-kube-proxy-daemonset.yaml index 1a2adfc837..b2cfc9ffb7 100644 --- a/parts/k8s/addons/kubernetesmasteraddons-kube-proxy-daemonset.yaml +++ b/parts/k8s/addons/kubernetesmasteraddons-kube-proxy-daemonset.yaml @@ -28,9 +28,6 @@ spec: - "--feature-gates=ExperimentalCriticalPodAnnotation=true" image: "" name: kube-proxy - resources: - requests: - cpu: 100m securityContext: privileged: true volumeMounts: diff --git a/parts/k8s/kubernetesagentresourcesvmas.t b/parts/k8s/kubernetesagentresourcesvmas.t index 74d39a79df..b46e657bf7 100644 --- a/parts/k8s/kubernetesagentresourcesvmas.t +++ b/parts/k8s/kubernetesagentresourcesvmas.t @@ -27,7 +27,15 @@ {{if eq $seq 1}} "primary": true, {{end}} + {{if eq $.Name "system"}} + "privateIPAddress": "[concat(variables('masterFirstAddrPrefix'), copyIndex(add(50, int(variables('masterFirstAddrOctet4')))))]", + "privateIPAllocationMethod": "Static", + {{else if eq $.Name "agentpool1"}} + "privateIPAddress": "[concat(variables('masterFirstAddrPrefix'), copyIndex(add(100, int(variables('masterFirstAddrOctet4')))))]", + "privateIPAllocationMethod": "Static", + {{else}} "privateIPAllocationMethod": "Dynamic", + {{end}} "subnet": { "id": "[variables('{{$.Name}}VnetSubnetID')]" } @@ -69,10 +77,25 @@ "[concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))]" ], {{end}} + "kind": "Storage", "location": "[variables('location')]", "name": "[concat(variables('storageAccountPrefixes')[mod(add(copyIndex(),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('storageAccountPrefixes')[div(add(copyIndex(),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('{{.Name}}AccountName'))]", "properties": { - "accountType": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" + "encryption": { + "keySource": "Microsoft.Storage", + "services": { + "blob": { + "enabled": true + }, + "file": { + "enabled": true + } + } + }, + "supportsHttpsTrafficOnly": true + }, + "sku": { + "name": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" }, "type": "Microsoft.Storage/storageAccounts" }, @@ -88,10 +111,25 @@ "[concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))]" ], {{end}} + "kind": "Storage", "location": "[variables('location')]", "name": "[concat(variables('storageAccountPrefixes')[mod(add(copyIndex(variables('dataStorageAccountPrefixSeed')),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('storageAccountPrefixes')[div(add(copyIndex(variables('dataStorageAccountPrefixSeed')),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('{{.Name}}DataAccountName'))]", "properties": { - "accountType": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" + "encryption": { + "keySource": "Microsoft.Storage", + "services": { + "blob": { + "enabled": true + }, + "file": { + "enabled": true + } + } + }, + "supportsHttpsTrafficOnly": true + }, + "sku": { + "name": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" }, "type": "Microsoft.Storage/storageAccounts" }, diff --git a/parts/k8s/kubernetesmastercustomscript.sh b/parts/k8s/kubernetesmastercustomscript.sh index 4b49cbef1b..e779d04a04 100644 --- a/parts/k8s/kubernetesmastercustomscript.sh +++ b/parts/k8s/kubernetesmastercustomscript.sh @@ -61,11 +61,7 @@ echo `date`,`hostname`, startscript>>/opt/m # A delay to start the kubernetes processes is necessary # if a reboot is required. Otherwise, the agents will encounter issue: # https://github.com/kubernetes/kubernetes/issues/41185 -if [ -f /var/run/reboot-required ]; then - REBOOTREQUIRED=true -else - REBOOTREQUIRED=false -fi +REBOOTREQUIRED=false # If APISERVER_PRIVATE_KEY is empty, then we are not on the master if [[ ! -z "${APISERVER_PRIVATE_KEY}" ]]; then @@ -146,11 +142,15 @@ chmod 0644 "${APISERVER_PUBLIC_KEY_PATH}" chown root:root "${APISERVER_PUBLIC_KEY_PATH}" echo "${APISERVER_PUBLIC_KEY}" | base64 --decode > "${APISERVER_PUBLIC_KEY_PATH}" -AZURE_JSON_PATH="/etc/kubernetes/azure.json" -touch "${AZURE_JSON_PATH}" -chmod 0600 "${AZURE_JSON_PATH}" -chown root:root "${AZURE_JSON_PATH}" -cat << EOF > "${AZURE_JSON_PATH}" +# If APISERVER_PRIVATE_KEY is empty, then we are not on the master +if [[ ! -z "${APISERVER_PRIVATE_KEY}" ]]; then + echo "APISERVER_PRIVATE_KEY is non-empty, assuming master node, configure azure json." + + AZURE_JSON_PATH="/etc/kubernetes/azure.json" + touch "${AZURE_JSON_PATH}" + chmod 0600 "${AZURE_JSON_PATH}" + chown root:root "${AZURE_JSON_PATH}" + cat << EOF > "${AZURE_JSON_PATH}" { "cloud":"${TARGET_ENVIRONMENT}", "tenantId": "${TENANT_ID}", @@ -177,6 +177,9 @@ cat << EOF > "${AZURE_JSON_PATH}" "useInstanceMetadata": ${USE_INSTANCE_METADATA} } EOF +else + echo "APISERVER_PRIVATE_KEY is empty, assuming worker node, skip azure json." +fi ########################################################### # END OF SECRET DATA @@ -485,6 +488,8 @@ if [[ ! -z "${APISERVER_PRIVATE_KEY}" ]]; then ensureEtcdDataDir ensureEtcd ensureApiserver + + /usr/local/bin/kubectl create clusterrolebinding superuser --clusterrole=cluster-admin --user=client fi if [[ $OS == $UBUNTU_OS_NAME ]]; then @@ -498,6 +503,12 @@ fi echo "Install complete successfully" +if [ -f /var/run/reboot-required ]; then + REBOOTREQUIRED=true +else + REBOOTREQUIRED=false +fi + if $REBOOTREQUIRED; then # wait 1 minute to restart node, so that the custom script extension can complete echo 'reboot required, rebooting node in 1 minute' diff --git a/parts/k8s/kubernetesmasterresources.t b/parts/k8s/kubernetesmasterresources.t index 9f66ebdb0c..0e16efb790 100644 --- a/parts/k8s/kubernetesmasterresources.t +++ b/parts/k8s/kubernetesmasterresources.t @@ -5,8 +5,8 @@ "name": "[variables('masterAvailabilitySet')]", "properties": { - "platformFaultDomainCount": "2", - "platformUpdateDomainCount": "3", + "platformFaultDomainCount": "1", + "platformUpdateDomainCount": "1", "managed" : "true" }, "type": "Microsoft.Compute/availabilitySets" @@ -24,10 +24,25 @@ "dependsOn": [ "[concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))]" ], + "kind": "Storage", "location": "[variables('location')]", "name": "[variables('masterStorageAccountName')]", "properties": { - "accountType": "[variables('vmSizesMap')[variables('masterVMSize')].storageAccountType]" + "encryption": { + "keySource": "Microsoft.Storage", + "services": { + "blob": { + "enabled": true + }, + "file": { + "enabled": true + } + } + }, + "supportsHttpsTrafficOnly": true + }, + "sku": { + "name": "[variables('vmSizesMap')[variables('masterVMSize')].storageAccountType]" }, "type": "Microsoft.Storage/storageAccounts" }, @@ -77,36 +92,6 @@ "name": "[variables('nsgName')]", "properties": { "securityRules": [ -{{if .HasWindows}} - { - "name": "allow_rdp", - "properties": { - "access": "Allow", - "description": "Allow RDP traffic to master", - "destinationAddressPrefix": "*", - "destinationPortRange": "3389-3389", - "direction": "Inbound", - "priority": 102, - "protocol": "Tcp", - "sourceAddressPrefix": "*", - "sourcePortRange": "*" - } - }, -{{end}} - { - "name": "allow_ssh", - "properties": { - "access": "Allow", - "description": "Allow SSH traffic to master", - "destinationAddressPrefix": "*", - "destinationPortRange": "22-22", - "direction": "Inbound", - "priority": 101, - "protocol": "Tcp", - "sourceAddressPrefix": "*", - "sourcePortRange": "*" - } - }, { "name": "allow_kube_tls", "properties": { diff --git a/parts/k8s/kubernetesmastervars.t b/parts/k8s/kubernetesmastervars.t index ebcccef184..07a12f451b 100644 --- a/parts/k8s/kubernetesmastervars.t +++ b/parts/k8s/kubernetesmastervars.t @@ -148,7 +148,7 @@ "sshKeyPath": "[concat('/home/',variables('username'),'/.ssh/authorized_keys')]", {{if .HasStorageAccountDisks}} - "apiVersionStorage": "2015-06-15", + "apiVersionStorage": "2016-12-01", "maxVMsPerStorageAccount": 20, "maxStorageAccountsPerAgent": "[div(variables('maxVMsPerPool'),variables('maxVMsPerStorageAccount'))]", "dataStorageAccountPrefixSeed": 97, @@ -171,10 +171,10 @@ {{end}} "provisionScript": "{{GetKubernetesB64Provision}}", "mountetcdScript": "{{GetKubernetesB64Mountetcd}}", - "provisionScriptParametersCommon": "[concat('TENANT_ID=',variables('tenantID'),' APISERVER_PUBLIC_KEY=',variables('apiserverCertificate'),' SUBSCRIPTION_ID=',variables('subscriptionId'),' RESOURCE_GROUP=',variables('resourceGroup'),' LOCATION=',variables('location'),' SUBNET=',variables('subnetName'),' NETWORK_SECURITY_GROUP=',variables('nsgName'),' VIRTUAL_NETWORK=',variables('virtualNetworkName'),' VIRTUAL_NETWORK_RESOURCE_GROUP=',variables('virtualNetworkResourceGroupName'),' ROUTE_TABLE=',variables('routeTableName'),' PRIMARY_AVAILABILITY_SET=',variables('primaryAvailabilitySetName'),' SERVICE_PRINCIPAL_CLIENT_ID=',variables('servicePrincipalClientId'),' SERVICE_PRINCIPAL_CLIENT_SECRET=',variables('servicePrincipalClientSecret'),' KUBELET_PRIVATE_KEY=',variables('clientPrivateKey'),' TARGET_ENVIRONMENT=',variables('targetEnvironment'),' NETWORK_POLICY=',variables('networkPolicy'),' FQDNSuffix=',variables('fqdnEndpointSuffix'),' VNET_CNI_PLUGINS_URL=',variables('vnetCniLinuxPluginsURL'),' CNI_PLUGINS_URL=',variables('cniPluginsURL'),' MAX_PODS=',variables('maxPods'),' CLOUDPROVIDER_BACKOFF=',variables('cloudProviderBackoff'),' CLOUDPROVIDER_BACKOFF_RETRIES=',variables('cloudProviderBackoffRetries'),' CLOUDPROVIDER_BACKOFF_EXPONENT=',variables('cloudProviderBackoffExponent'),' CLOUDPROVIDER_BACKOFF_DURATION=',variables('cloudProviderBackoffDuration'),' CLOUDPROVIDER_BACKOFF_JITTER=',variables('cloudProviderBackoffJitter'),' CLOUDPROVIDER_RATELIMIT=',variables('cloudProviderRatelimit'),' CLOUDPROVIDER_RATELIMIT_QPS=',variables('cloudProviderRatelimitQPS'),' CLOUDPROVIDER_RATELIMIT_BUCKET=',variables('cloudProviderRatelimitBucket'),' USE_MANAGED_IDENTITY_EXTENSION=',variables('useManagedIdentityExtension'),' USE_INSTANCE_METADATA=',variables('useInstanceMetadata'))]", + "provisionScriptParametersCommon": "[concat('KUBELET_PRIVATE_KEY=',variables('clientPrivateKey'),' NETWORK_POLICY=',variables('networkPolicy'),' APISERVER_PUBLIC_KEY=',variables('apiserverCertificate'),' MAX_PODS=',variables('maxPods'))]", {{if not IsHostedMaster}} - "provisionScriptParametersMaster": "[concat('APISERVER_PRIVATE_KEY=',variables('apiServerPrivateKey'),' CA_CERTIFICATE=',variables('caCertificate'),' CA_PRIVATE_KEY=',variables('caPrivateKey'),' MASTER_FQDN=',variables('masterFqdnPrefix'),' KUBECONFIG_CERTIFICATE=',variables('kubeConfigCertificate'),' KUBECONFIG_KEY=',variables('kubeConfigPrivateKey'),' ETCD_SERVER_CERTIFICATE=',variables('etcdServerCertificate'),' ETCD_CLIENT_CERTIFICATE=',variables('etcdClientCertificate'),' ETCD_SERVER_PRIVATE_KEY=',variables('etcdServerPrivateKey'),' ETCD_CLIENT_PRIVATE_KEY=',variables('etcdClientPrivateKey'),' ETCD_PEER_CERTIFICATES=',string(variables('etcdPeerCertificates')),' ETCD_PEER_PRIVATE_KEYS=',string(variables('etcdPeerPrivateKeys')),' ADMINUSER=',variables('username'))]", + "provisionScriptParametersMaster": "[concat('TENANT_ID=',variables('tenantID'),' SUBSCRIPTION_ID=',variables('subscriptionId'),' RESOURCE_GROUP=',variables('resourceGroup'),' LOCATION=',variables('location'),' SUBNET=',variables('subnetName'),' NETWORK_SECURITY_GROUP=',variables('nsgName'),' VIRTUAL_NETWORK=',variables('virtualNetworkName'),' VIRTUAL_NETWORK_RESOURCE_GROUP=',variables('virtualNetworkResourceGroupName'),' ROUTE_TABLE=',variables('routeTableName'),' PRIMARY_AVAILABILITY_SET=',variables('primaryAvailabilitySetName'),' SERVICE_PRINCIPAL_CLIENT_ID=',variables('servicePrincipalClientId'),' SERVICE_PRINCIPAL_CLIENT_SECRET=',variables('servicePrincipalClientSecret'),' TARGET_ENVIRONMENT=',variables('targetEnvironment'),' FQDNSuffix=',variables('fqdnEndpointSuffix'),' VNET_CNI_PLUGINS_URL=',variables('vnetCniLinuxPluginsURL'),' CNI_PLUGINS_URL=',variables('cniPluginsURL'),' CLOUDPROVIDER_BACKOFF=',variables('cloudProviderBackoff'),' CLOUDPROVIDER_BACKOFF_RETRIES=',variables('cloudProviderBackoffRetries'),' CLOUDPROVIDER_BACKOFF_EXPONENT=',variables('cloudProviderBackoffExponent'),' CLOUDPROVIDER_BACKOFF_DURATION=',variables('cloudProviderBackoffDuration'),' CLOUDPROVIDER_BACKOFF_JITTER=',variables('cloudProviderBackoffJitter'),' CLOUDPROVIDER_RATELIMIT=',variables('cloudProviderRatelimit'),' CLOUDPROVIDER_RATELIMIT_QPS=',variables('cloudProviderRatelimitQPS'),' CLOUDPROVIDER_RATELIMIT_BUCKET=',variables('cloudProviderRatelimitBucket'),' USE_MANAGED_IDENTITY_EXTENSION=',variables('useManagedIdentityExtension'),' USE_INSTANCE_METADATA=',variables('useInstanceMetadata'),' APISERVER_PRIVATE_KEY=',variables('apiServerPrivateKey'),' CA_CERTIFICATE=',variables('caCertificate'),' CA_PRIVATE_KEY=',variables('caPrivateKey'),' MASTER_FQDN=',variables('masterFqdnPrefix'),' KUBECONFIG_CERTIFICATE=',variables('kubeConfigCertificate'),' KUBECONFIG_KEY=',variables('kubeConfigPrivateKey'),' ETCD_SERVER_CERTIFICATE=',variables('etcdServerCertificate'),' ETCD_CLIENT_CERTIFICATE=',variables('etcdClientCertificate'),' ETCD_SERVER_PRIVATE_KEY=',variables('etcdServerPrivateKey'),' ETCD_CLIENT_PRIVATE_KEY=',variables('etcdClientPrivateKey'),' ETCD_PEER_CERTIFICATES=',string(variables('etcdPeerCertificates')),' ETCD_PEER_PRIVATE_KEYS=',string(variables('etcdPeerPrivateKeys')),' ADMINUSER=',variables('username'))]", {{end}} "generateProxyCertsScript": "{{GetKubernetesB64GenerateProxyCerts}}", "orchestratorNameVersionTag": "{{.OrchestratorProfile.OrchestratorType}}:{{.OrchestratorProfile.OrchestratorVersion}}", @@ -229,7 +229,7 @@ "nsgName": "[concat(variables('agentNamePrefix'), 'nsg')]", {{end}} "nsgID": "[resourceId('Microsoft.Network/networkSecurityGroups',variables('nsgName'))]", - "primaryAvailabilitySetName": "[concat('{{ (index .AgentPoolProfiles 0).Name }}-availabilitySet-',variables('nameSuffix'))]", + "primaryAvailabilitySetName": "[concat('{{ (index .AgentPoolProfiles 1).Name }}-availabilitySet-',variables('nameSuffix'))]", {{if not IsHostedMaster }} "masterPublicIPAddressName": "[concat(variables('orchestratorName'), '-master-ip-', variables('masterFqdnPrefix'), '-', variables('nameSuffix'))]", "masterLbID": "[resourceId('Microsoft.Network/loadBalancers',variables('masterLbName'))]", diff --git a/parts/k8s/kuberneteswinagentresourcesvmas.t b/parts/k8s/kuberneteswinagentresourcesvmas.t index 7f65df9e56..d7e72dfd0c 100644 --- a/parts/k8s/kuberneteswinagentresourcesvmas.t +++ b/parts/k8s/kuberneteswinagentresourcesvmas.t @@ -69,10 +69,25 @@ "[concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))]" ], {{end}} + "kind": "Storage", "location": "[variables('location')]", "name": "[concat(variables('storageAccountPrefixes')[mod(add(copyIndex(),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('storageAccountPrefixes')[div(add(copyIndex(),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('{{.Name}}AccountName'))]", "properties": { - "accountType": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" + "encryption": { + "keySource": "Microsoft.Storage", + "services": { + "blob": { + "enabled": true + }, + "file": { + "enabled": true + } + } + }, + "supportsHttpsTrafficOnly": true + }, + "sku": { + "name": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" }, "type": "Microsoft.Storage/storageAccounts" }, @@ -88,10 +103,25 @@ "[concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))]" ], {{end}} + "kind": "Storage", "location": "[variables('location')]", "name": "[concat(variables('storageAccountPrefixes')[mod(add(copyIndex(variables('dataStorageAccountPrefixSeed')),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('storageAccountPrefixes')[div(add(copyIndex(variables('dataStorageAccountPrefixSeed')),variables('{{.Name}}StorageAccountOffset')),variables('storageAccountPrefixesCount'))],variables('{{.Name}}DataAccountName'))]", "properties": { - "accountType": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" + "encryption": { + "keySource": "Microsoft.Storage", + "services": { + "blob": { + "enabled": true + }, + "file": { + "enabled": true + } + } + }, + "supportsHttpsTrafficOnly": true + }, + "sku": { + "name": "[variables('vmSizesMap')[variables('{{.Name}}VMSize')].storageAccountType]" }, "type": "Microsoft.Storage/storageAccounts" }, @@ -156,7 +186,10 @@ "computername": "[concat(variables('{{.Name}}VMNamePrefix'), copyIndex(variables('{{.Name}}Offset')))]", {{GetKubernetesWindowsAgentCustomData .}} "adminUsername": "[variables('windowsAdminUsername')]", - "adminPassword": "[variables('windowsAdminPassword')]" + "adminPassword": "[variables('windowsAdminPassword')]", + "windowsConfiguration": { + "enableAutomaticUpdates": false + } }, "storageProfile": { {{GetDataDisks .}} @@ -245,7 +278,7 @@ "autoUpgradeMinorVersion": true, "settings": {}, "protectedSettings": { - "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -command \"', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',variables('kubeDnsServiceIp'),' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -AgentKey ',variables('clientPrivateKey'),' -AzureHostname ',variables('{{.Name}}VMNamePrefix'),copyIndex(variables('{{.Name}}Offset')),' -AADClientId ',variables('servicePrincipalClientId'),' -AADClientSecret ',variables('servicePrincipalClientSecret'),variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '\" > %SYSTEMDRIVE%\\AzureData\\CustomDataSetupScript.log 2>&1')]" + "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -command \"', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',variables('kubeDnsServiceIp'),' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -AgentKey ',variables('clientPrivateKey'),' -AzureHostname ',variables('{{.Name}}VMNamePrefix'),copyIndex(variables('{{.Name}}Offset')),variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '\" > %SYSTEMDRIVE%\\AzureData\\CustomDataSetupScript.log 2>&1')]" } } } \ No newline at end of file diff --git a/parts/k8s/kuberneteswindowssetup.ps1 b/parts/k8s/kuberneteswindowssetup.ps1 index 6069fd3030..ead4c44ada 100644 --- a/parts/k8s/kuberneteswindowssetup.ps1 +++ b/parts/k8s/kuberneteswindowssetup.ps1 @@ -29,15 +29,7 @@ param( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] - $AzureHostname, - - [parameter(Mandatory=$true)] - [ValidateNotNullOrEmpty()] - $AADClientId, - - [parameter(Mandatory=$true)] - [ValidateNotNullOrEmpty()] - $AADClientSecret + $AzureHostname ) $global:CACertificate = "{{WrapAsVariable "caCertificate"}}" @@ -86,6 +78,17 @@ function Set-TelemetrySetting() Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "CommercialId" -Value $global:WindowsTelemetryGUID -Force } +function Resize-OSDrive() +{ + $osDrive = ((Get-WmiObject Win32_OperatingSystem).SystemDrive).TrimEnd(":") + $size = (Get-Partition -DriveLetter $osDrive).Size + $maxSize = (Get-PartitionSupportedSize -DriveLetter $osDrive).SizeMax + if ($size -lt $maxSize) + { + Resize-Partition -DriveLetter $osDrive -Size $maxSize + } +} + function Get-KubeBinaries() { @@ -94,32 +97,6 @@ Get-KubeBinaries() Expand-Archive -path $zipfile -DestinationPath C:\ } -function -Write-AzureConfig() -{ - $azureConfigFile = $global:KubeDir + "\azure.json" - - $azureConfig = @" -{ - "tenantId": "$global:TenantId", - "subscriptionId": "$global:SubscriptionId", - "aadClientId": "$AADClientId", - "aadClientSecret": "$AADClientSecret", - "resourceGroup": "$global:ResourceGroup", - "location": "$Location", - "subnetName": "$global:SubnetName", - "securityGroupName": "$global:SecurityGroupName", - "vnetName": "$global:VNetName", - "routeTableName": "$global:RouteTableName", - "primaryAvailabilitySetName": "$global:PrimaryAvailabilitySetName", - "useManagedIdentityExtension": $global:UseManagedIdentityExtension, - "useInstanceMetadata": $global:UseInstanceMetadata -} -"@ - - $azureConfig | Out-File -encoding ASCII -filepath "$azureConfigFile" -} - function Write-KubeConfig() { @@ -161,9 +138,9 @@ function Write-KubernetesStartFiles($podCIDR) { mkdir $global:VolumePluginDir - $KubeletArgList = @("--hostname-override=`$global:AzureHostname","--pod-infra-container-image=kubletwin/pause","--resolv-conf=""""""""","--kubeconfig=c:\k\config","--cloud-provider=azure","--cloud-config=c:\k\azure.json") + $KubeletArgList = @("--hostname-override=`$global:AzureHostname","--pod-infra-container-image=kubletwin/pause","--resolv-conf=""""""""","--kubeconfig=c:\k\config") $KubeletCommandLine = @" -c:\k\kubelet.exe --hostname-override=`$global:AzureHostname --pod-infra-container-image=kubletwin/pause --resolv-conf="" --allow-privileged=true --enable-debugging-handlers --cluster-dns=`$global:KubeDnsServiceIp --cluster-domain=cluster.local --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge --v=2 --azure-container-registry-config=c:\k\azure.json --runtime-request-timeout=10m --cloud-provider=azure --cloud-config=c:\k\azure.json +c:\k\kubelet.exe --hostname-override=`$global:AzureHostname --pod-infra-container-image=kubletwin/pause --resolv-conf="" --allow-privileged=true --enable-debugging-handlers --cluster-dns=`$global:KubeDnsServiceIp --cluster-domain=cluster.local --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge --v=2 --runtime-request-timeout=10m "@ if ($global:KubeBinariesVersion -lt "1.8.0") @@ -399,17 +376,21 @@ try # to the windows machine, and run the script manually to watch # the output. if ($true) { + Write-Log "Disable automatic Windows update" + reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f + Write-Log "Provisioning $global:DockerServiceName... with IP $MasterIP" + net start Docker Write-Log "apply telemetry data setting" Set-TelemetrySetting + Write-Log "resize os drive if possible" + Resize-OSDrive + Write-Log "download kubelet binaries and unzip" Get-KubeBinaries - Write-Log "Write azure config" - Write-AzureConfig - Write-Log "Write kube config" Write-KubeConfig @@ -430,7 +411,7 @@ try else { # keep for debugging purposes - Write-Log ".\CustomDataSetupScript.ps1 -MasterIP $MasterIP -KubeDnsServiceIp $KubeDnsServiceIp -MasterFQDNPrefix $MasterFQDNPrefix -Location $Location -AgentKey $AgentKey -AzureHostname $AzureHostname -AADClientId $AADClientId -AADClientSecret $AADClientSecret" + Write-Log ".\CustomDataSetupScript.ps1 -MasterIP $MasterIP -KubeDnsServiceIp $KubeDnsServiceIp -MasterFQDNPrefix $MasterFQDNPrefix -Location $Location -AgentKey $AgentKey -AzureHostname $AzureHostname" } } catch diff --git a/pkg/acsengine/addons.go b/pkg/acsengine/addons.go index bcd3538562..4a7cdf168e 100644 --- a/pkg/acsengine/addons.go +++ b/pkg/acsengine/addons.go @@ -15,11 +15,6 @@ type kubernetesFeatureSetting struct { func kubernetesAddonSettingsInit(profile *api.Properties) []kubernetesFeatureSetting { return []kubernetesFeatureSetting{ - { - "kubernetesmasteraddons-heapster-deployment.yaml", - "kube-heapster-deployment.yaml", - true, - }, { "kubernetesmasteraddons-kube-dns-deployment.yaml", "kube-dns-deployment.yaml",