Bug 1394967

Summary:	[DOCS] need changes to 'apiserver-pod.json' in Get Started Orchestrating Containers with Kubernetes
Product:	Red Hat Enterprise Linux 7	Reporter:	Micah Abbott <miabbott>
Component:	doc-RHEL-Atomic	Assignee:	Chris Negus <cnegus>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Micah Abbott <miabbott>
Severity:	medium	Docs Contact:	Vikram Goyal <vigoyal>
Priority:	high
Version:	7.3	CC:	cnegus, mnguyen, vigoyal, yruseva, zdover
Target Milestone:	rc	Keywords:	Documentation, Extras
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-11-18 01:20:04 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Micah Abbott 2016-11-14 22:20:22 UTC

URGENT! - the current content of 'apiserver-pod.json' is incorrect and customers will be unable to start kubernetes cluster using the instructions here:

https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/7/paged/getting-started-with-kubernetes/chapter-1-get-started-orchestrating-containers-with-kubernetes


The content for the 'apiserver-pod.json' need to be updated to reflect the following (full version at end of comment):

# diff docs-apiserver-pod.json fixed-apiserver-pod.json 
12a13,20
>         "command": [
>           "/usr/bin/kube-apiserver",
>           "--v=0",
>           "--address=0.0.0.0",
>           "--etcd_servers=http://127.0.0.1:2379",
>           "--service-cluster-ip-range=10.254.0.0/16",
>           "--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
>         ],


These options need to be passed in as part of the JSON file because the '/etc/kubernetes/apiserver' file is no longer present in RHELAH 7.3.  Previously, that file would have provided these options to the 'apiserver' container.





Full version of 'apiserver-pod.json'
-------------------------------------
{
  "kind": "Pod",
  "apiVersion": "v1",
  "metadata": {
    "name": "kube-apiserver"
  },
  "spec": {
    "hostNetwork": true,
    "containers": [
      {
        "name": "kube-apiserver",
        "image": "rhel7/kubernetes-apiserver",
        "command": [
          "/usr/bin/kube-apiserver",
          "--v=0",
          "--address=0.0.0.0",
          "--etcd_servers=http://{{ ansible_default_ipv4.address }}:2379",
          "--service-cluster-ip-range=10.254.0.0/16",
          "--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
        ],
        "ports": [
          {
            "name": "https",
            "hostPort": 443,
            "containerPort": 443
          },
          {
            "name": "local",
            "hostPort": 8080,
            "containerPort": 8080
          }
        ],
        "volumeMounts": [
          {
            "name": "etcssl",
            "mountPath": "/etc/ssl",
            "readOnly": true
          },
          {
            "name": "config",
            "mountPath": "/etc/kubernetes",
            "readOnly": true
          }
        ],
        "livenessProbe": {
          "httpGet": {
            "path": "/healthz",
            "port": 8080
          },
          "initialDelaySeconds": 15,
          "timeoutSeconds": 15
        }
      }
    ],
    "volumes": [
      {
        "name": "etcssl",
        "hostPath": {
          "path": "/etc/ssl"
        }
      },
      {
        "name": "config",
        "hostPath": {
          "path": "/etc/kubernetes"
        }
      }
    ]
  }
}

Comment 1 Chris Negus 2016-11-15 11:26:52 UTC

I fixed the apiserver-pod.json file and pushed it to master. It is ready to publish. It should publish later today. We will note when it is published.

Comment 3 Micah Abbott 2016-11-15 14:38:41 UTC

There is a small error from the copy/paste I did.

This line:

"--etcd_servers=http://{{ ansible_default_ipv4.address }}:2379",

Should read:

"--etcd_servers=http://127.0.0.1:2379",



Probably a good thing to check before the publish happens today.

Comment 4 Vikram Goyal 2016-11-15 20:51:47 UTC

Thanks Chris and Micah.

This is now live. Moving this to CLOSED-->CURRENT_RELEASE.

Comment 5 Micah Abbott 2016-11-15 20:54:57 UTC

Vikram/Chris, my comments in #3 were not addressed.

The live version is missing a value for '--etcd_servers':

"containers": [
      {
        "name": "kube-apiserver",
        "image": "rhel7/kubernetes-apiserver",
        "command": [
          "/usr/bin/kube-apiserver",
          "--v=0",
          "--address=0.0.0.0",
          "--etcd_servers=http://:2379",            <----- NOTE HERE NO IP ADDR
          "--service-cluster-ip-range=10.254.0.0/16",
          "--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
        ],

Comment 6 Chris Negus 2016-11-17 14:13:25 UTC

Okay. I corrected the etcd_servers line to read as follows:
  "--etcd_servers=http://127.0.0.1:2379",
It is ready to publish.

Comment 7 Vikram Goyal 2016-11-18 01:19:47 UTC

Thanks Chris. Republished here[1]. Moving this bug to CLOSED --> CURRENT_RELEASE.

[1] https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/7/paged/getting-started-with-kubernetes/chapter-1-get-started-orchestrating-containers-with-kubernetes