| apiVersion: v1 |
| kind: ReplicationController |
| metadata: |
| name: hollow-node |
| labels: |
| name: hollow-node |
| {{kubemark_mig_config}} |
| spec: |
| replicas: {{numreplicas}} |
| selector: |
| name: hollow-node |
| template: |
| metadata: |
| labels: |
| name: hollow-node |
| {{kubemark_mig_config}} |
| spec: |
| initContainers: |
| - name: init-inotify-limit |
| image: busybox |
| command: ['sysctl', '-w', 'fs.inotify.max_user_instances=1000'] |
| securityContext: |
| privileged: true |
| volumes: |
| - name: kubeconfig-volume |
| secret: |
| secretName: kubeconfig |
| - name: kernelmonitorconfig-volume |
| configMap: |
| name: node-configmap |
| - name: logs-volume |
| hostPath: |
| path: /var/log |
| - name: no-serviceaccount-access-to-real-master |
| emptyDir: {} |
| containers: |
| - name: hollow-kubelet |
| image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}} |
| ports: |
| - containerPort: 4194 |
| - containerPort: 10250 |
| - containerPort: 10255 |
| env: |
| - name: CONTENT_TYPE |
| valueFrom: |
| configMapKeyRef: |
| name: node-configmap |
| key: content.type |
| - name: NODE_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| command: |
| - /bin/sh |
| - -c |
| - /kubemark --morph=kubelet --name=$(NODE_NAME) {{hollow_kubelet_params}} --kubeconfig=/kubeconfig/kubelet.kubeconfig $(CONTENT_TYPE) --alsologtostderr 1>>/var/log/kubelet-$(NODE_NAME).log 2>&1 |
| volumeMounts: |
| - name: kubeconfig-volume |
| mountPath: /kubeconfig |
| readOnly: true |
| - name: logs-volume |
| mountPath: /var/log |
| resources: |
| requests: |
| cpu: 40m |
| memory: 100M |
| securityContext: |
| privileged: true |
| - name: hollow-proxy |
| image: {{kubemark_image_registry}}/kubemark:{{kubemark_image_tag}} |
| env: |
| - name: CONTENT_TYPE |
| valueFrom: |
| configMapKeyRef: |
| name: node-configmap |
| key: content.type |
| - name: NODE_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| command: |
| - /bin/sh |
| - -c |
| - /kubemark --morph=proxy --name=$(NODE_NAME) {{hollow_proxy_params}} --kubeconfig=/kubeconfig/kubeproxy.kubeconfig $(CONTENT_TYPE) --alsologtostderr 1>>/var/log/kubeproxy-$(NODE_NAME).log 2>&1 |
| volumeMounts: |
| - name: kubeconfig-volume |
| mountPath: /kubeconfig |
| readOnly: true |
| - name: logs-volume |
| mountPath: /var/log |
| resources: |
| requests: |
| cpu: {{HOLLOW_PROXY_CPU}}m |
| memory: {{HOLLOW_PROXY_MEM}}Ki |
| - name: hollow-node-problem-detector |
| image: k8s.gcr.io/node-problem-detector:v0.4.1 |
| env: |
| - name: NODE_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| command: |
| - /bin/sh |
| - -c |
| - /node-problem-detector --system-log-monitors=/config/kernel.monitor --apiserver-override="https://{{master_ip}}:443?inClusterConfig=false&auth=/kubeconfig/npd.kubeconfig" --alsologtostderr 1>>/var/log/npd-$(NODE_NAME).log 2>&1 |
| volumeMounts: |
| - name: kubeconfig-volume |
| mountPath: /kubeconfig |
| readOnly: true |
| - name: kernelmonitorconfig-volume |
| mountPath: /config |
| readOnly: true |
| - name: no-serviceaccount-access-to-real-master |
| mountPath: /var/run/secrets/kubernetes.io/serviceaccount |
| readOnly: true |
| - name: logs-volume |
| mountPath: /var/log |
| resources: |
| requests: |
| cpu: 20m |
| memory: 20Mi |
| securityContext: |
| privileged: true |
| # Keep the pod running on unreachable node for 15 minutes. |
| # This time should be sufficient for a VM reboot and should |
| # avoid recreating a new hollow node. |
| # See https://github.com/kubernetes/kubernetes/issues/67120 for context. |
| tolerations: |
| - key: "node.kubernetes.io/unreachable" |
| operator: "Exists" |
| effect: "NoExecute" |
| tolerationSeconds: 900 |