Add glide.yaml and vendor deps

vendor/k8s.io/kubernetes/cluster/aws/templates/configure-vm-aws.sh

@@ -0,0 +1,132 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Note: these functions override functions in the GCE configure-vm script
+# We include the GCE script first, and this one second.
+
+ensure-basic-networking() {
+  :
+}
+
+ensure-packages() {
+  apt-get-install curl
+  # For reading kube_env.yaml
+  apt-get-install python-yaml
+
+  # TODO: Where to get safe_format_and_mount?
+  mkdir -p /usr/share/google
+  cd /usr/share/google
+  download-or-bust "dc96f40fdc9a0815f099a51738587ef5a976f1da" https://raw.githubusercontent.com/GoogleCloudPlatform/compute-image-packages/82b75f314528b90485d5239ab5d5495cc22d775f/google-startup-scripts/usr/share/google/safe_format_and_mount
+  chmod +x safe_format_and_mount
+}
+
+set-kube-env() {
+  local kube_env_yaml="/etc/kubernetes/kube_env.yaml"
+
+  # kube-env has all the environment variables we care about, in a flat yaml format
+  eval "$(python -c '
+import pipes,sys,yaml
+
+for k,v in yaml.load(sys.stdin).iteritems():
+  print("""readonly {var}={value}""".format(var = k, value = pipes.quote(str(v))))
+  print("""export {var}""".format(var = k))
+  ' < """${kube_env_yaml}""")"
+}
+
+remove-docker-artifacts() {
+  :
+}
+
+# Finds the master PD device
+find-master-pd() {
+  if ( grep "/mnt/master-pd" /proc/mounts ); then
+    echo "Master PD already mounted; won't remount"
+    MASTER_PD_DEVICE=""
+    return
+  fi
+  echo "Waiting for master pd to be attached"
+  attempt=0
+  while true; do
+    echo Attempt "$(($attempt+1))" to check for /dev/xvdb
+    if [[ -e /dev/xvdb ]]; then
+      echo "Found /dev/xvdb"
+      MASTER_PD_DEVICE="/dev/xvdb"
+      break
+    fi
+    attempt=$(($attempt+1))
+    sleep 1
+  done
+
+  # Mount the master PD as early as possible
+  echo "/dev/xvdb /mnt/master-pd ext4 noatime 0 0" >> /etc/fstab
+}
+
+fix-apt-sources() {
+  :
+}
+
+salt-master-role() {
+  cat <<EOF >/etc/salt/minion.d/grains.conf
+grains:
+  roles:
+    - kubernetes-master
+  cloud: aws
+EOF
+
+  # If the kubelet on the master is enabled, give it the same CIDR range
+  # as a generic node.
+  if [[ ! -z "${KUBELET_APISERVER:-}" ]] && [[ ! -z "${KUBELET_CERT:-}" ]] && [[ ! -z "${KUBELET_KEY:-}" ]]; then
+    cat <<EOF >>/etc/salt/minion.d/grains.conf
+  kubelet_api_servers: '${KUBELET_APISERVER}'
+EOF
+  else
+    # If the kubelet is running disconnected from a master, give it a fixed
+    # CIDR range.
+    cat <<EOF >>/etc/salt/minion.d/grains.conf
+  cbr-cidr: ${MASTER_IP_RANGE}
+EOF
+  fi
+
+  env-to-grains "runtime_config"
+  env-to-grains "kube_user"
+}
+
+salt-node-role() {
+  cat <<EOF >/etc/salt/minion.d/grains.conf
+grains:
+  roles:
+    - kubernetes-pool
+  cloud: aws
+  api_servers: '${API_SERVERS}'
+EOF
+
+  # We set the hostname_override to the full EC2 private dns name
+  # we'd like to use EC2 instance-id, but currently the kubelet health-check assumes the name
+  # is resolvable, although that check should be going away entirely (#7092)
+  if [[ -z "${HOSTNAME_OVERRIDE:-}" ]]; then
+    HOSTNAME_OVERRIDE=`curl --silent curl http://169.254.169.254/2007-01-19/meta-data/local-hostname`
+  fi
+
+  env-to-grains "hostname_override"
+}
+
+function run-user-script() {
+  # TODO(justinsb): Support user scripts on AWS
+  # AWS doesn't have as rich a metadata service as GCE does
+  # Maybe specify an env var that is the path to a script?
+  :
+}
+

vendor/k8s.io/kubernetes/cluster/aws/templates/format-disks.sh

@@ -0,0 +1,226 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Discover all the ephemeral disks
+
+function ensure-local-disks() {
+
+# Skip if already mounted (a reboot)
+if ( grep "/mnt/ephemeral" /proc/mounts ); then
+  echo "Found /mnt/ephemeral in /proc/mounts; skipping local disk initialization"
+  return
+fi
+
+block_devices=()
+
+ephemeral_devices=$( (curl --silent http://169.254.169.254/2014-11-05/meta-data/block-device-mapping/ | grep ephemeral) || true )
+for ephemeral_device in $ephemeral_devices; do
+  echo "Checking ephemeral device: ${ephemeral_device}"
+  aws_device=$(curl --silent http://169.254.169.254/2014-11-05/meta-data/block-device-mapping/${ephemeral_device})
+
+  device_path=""
+  if [ -b /dev/$aws_device ]; then
+    device_path="/dev/$aws_device"
+  else
+    # Check for the xvd-style name
+    xvd_style=$(echo $aws_device | sed "s/sd/xvd/")
+    if [ -b /dev/$xvd_style ]; then
+      device_path="/dev/$xvd_style"
+    fi
+  fi
+
+  if [[ -z ${device_path} ]]; then
+    echo "  Could not find disk: ${ephemeral_device}@${aws_device}"
+  else
+    echo "  Detected ephemeral disk: ${ephemeral_device}@${device_path}"
+    block_devices+=(${device_path})
+  fi
+done
+
+# These are set if we should move where docker/kubelet store data
+# Note this gets set to the parent directory
+move_docker=""
+move_kubelet=""
+
+docker_storage=${DOCKER_STORAGE:-aufs}
+
+# Format the ephemeral disks
+if [[ ${#block_devices[@]} == 0 ]]; then
+  echo "No ephemeral block devices found; will use aufs on root"
+  docker_storage="aufs"
+else
+  echo "Block devices: ${block_devices[@]}"
+
+  # Remove any existing mounts
+  for block_device in ${block_devices}; do
+    echo "Unmounting ${block_device}"
+    /bin/umount ${block_device} || echo "Ignoring failure umounting ${block_device}"
+    sed -i -e "\|^${block_device}|d" /etc/fstab
+  done
+
+  # Remove any existing /mnt/ephemeral entry in /etc/fstab
+  sed -i -e "\|/mnt/ephemeral|d" /etc/fstab
+
+  # Mount the storage
+  if [[ ${docker_storage} == "btrfs" ]]; then
+    apt-get-install btrfs-tools
+
+    if [[ ${#block_devices[@]} == 1 ]]; then
+      echo "One ephemeral block device found; formatting with btrfs"
+      mkfs.btrfs -f ${block_devices[0]}
+    else
+      echo "Found multiple ephemeral block devices, formatting with btrfs as RAID-0"
+      mkfs.btrfs -f --data raid0 ${block_devices[@]}
+    fi
+    echo "${block_devices[0]}  /mnt/ephemeral  btrfs  noatime,nofail  0 0" >> /etc/fstab
+    mkdir -p /mnt/ephemeral
+    mount /mnt/ephemeral
+
+    mkdir -p /mnt/ephemeral/kubernetes
+
+    move_docker="/mnt/ephemeral"
+    move_kubelet="/mnt/ephemeral/kubernetes"
+  elif [[ ${docker_storage} == "aufs-nolvm" ]]; then
+    if [[ ${#block_devices[@]} != 1 ]]; then
+      echo "aufs-nolvm selected, but multiple ephemeral devices were found; only the first will be available"
+    fi
+
+    mkfs -t ext4 ${block_devices[0]}
+    echo "${block_devices[0]}  /mnt/ephemeral  ext4     noatime,nofail  0 0" >> /etc/fstab
+    mkdir -p /mnt/ephemeral
+    mount /mnt/ephemeral
+
+    mkdir -p /mnt/ephemeral/kubernetes
+
+    move_docker="/mnt/ephemeral"
+    move_kubelet="/mnt/ephemeral/kubernetes"
+  elif [[ ${docker_storage} == "devicemapper" || ${docker_storage} == "aufs" ]]; then
+    # We always use LVM, even with one device
+    # In devicemapper mode, Docker can use LVM directly
+    # Also, fewer code paths are good
+    echo "Using LVM2 and ext4"
+    apt-get-install lvm2
+
+    # Don't output spurious "File descriptor X leaked on vgcreate invocation."
+    # Known bug: e.g. Ubuntu #591823
+    export LVM_SUPPRESS_FD_WARNINGS=1
+
+    for block_device in ${block_devices}; do
+      pvcreate ${block_device}
+    done
+    vgcreate vg-ephemeral ${block_devices[@]}
+
+    if [[ ${docker_storage} == "devicemapper" ]]; then
+      # devicemapper thin provisioning, managed by docker
+      # This is the best option, but it is sadly broken on most distros
+      # Bug: https://github.com/docker/docker/issues/4036
+
+      # 80% goes to the docker thin-pool; we want to leave some space for host-volumes
+      lvcreate -l 80%VG --thinpool docker-thinpool vg-ephemeral
+
+      DOCKER_OPTS="${DOCKER_OPTS:-} --storage-opt dm.thinpooldev=/dev/mapper/vg--ephemeral-docker--thinpool"
+      # Note that we don't move docker; docker goes direct to the thinpool
+
+      # Remaining space (20%) is for kubernetes data
+      # TODO: Should this be a thin pool?  e.g. would we ever want to snapshot this data?
+      lvcreate -l 100%FREE -n kubernetes vg-ephemeral
+      mkfs -t ext4 /dev/vg-ephemeral/kubernetes
+      mkdir -p /mnt/ephemeral/kubernetes
+      echo "/dev/vg-ephemeral/kubernetes  /mnt/ephemeral/kubernetes  ext4  noatime,nofail  0 0" >> /etc/fstab
+      mount /mnt/ephemeral/kubernetes
+
+      move_kubelet="/mnt/ephemeral/kubernetes"
+     else
+      # aufs
+      # We used to split docker & kubernetes, but we no longer do that, because
+      # host volumes go into the kubernetes area, and it is otherwise very easy
+      # to fill up small volumes.
+      #
+      # No need for thin pool since we are not over-provisioning or doing snapshots
+      # (probably shouldn't be doing snapshots on ephemeral disk? Should be stateless-ish.)
+      # Tried to do it, but it cause problems (#16188)
+
+      lvcreate -l 100%VG -n ephemeral vg-ephemeral
+      mkfs -t ext4 /dev/vg-ephemeral/ephemeral
+      mkdir -p /mnt/ephemeral
+      echo "/dev/vg-ephemeral/ephemeral  /mnt/ephemeral  ext4  noatime,nofail 0 0" >> /etc/fstab
+      mount /mnt/ephemeral
+
+      mkdir -p /mnt/ephemeral/kubernetes
+
+      move_docker="/mnt/ephemeral"
+      move_kubelet="/mnt/ephemeral/kubernetes"
+     fi
+ else
+    echo "Ignoring unknown DOCKER_STORAGE: ${docker_storage}"
+  fi
+fi
+
+
+if [[ ${docker_storage} == "btrfs" ]]; then
+  DOCKER_OPTS="${DOCKER_OPTS:-} -s btrfs"
+elif [[ ${docker_storage} == "aufs-nolvm" || ${docker_storage} == "aufs" ]]; then
+  # Install aufs kernel module
+  # Fix issue #14162 with extra-virtual
+  if [[ `lsb_release -i -s` == 'Ubuntu' ]]; then
+    apt-get-install linux-image-extra-$(uname -r) linux-image-extra-virtual
+  fi
+
+  # Install aufs tools
+  apt-get-install aufs-tools
+
+  DOCKER_OPTS="${DOCKER_OPTS:-} -s aufs"
+elif [[ ${docker_storage} == "devicemapper" ]]; then
+  DOCKER_OPTS="${DOCKER_OPTS:-} -s devicemapper"
+else
+  echo "Ignoring unknown DOCKER_STORAGE: ${docker_storage}"
+fi
+
+if [[ -n "${move_docker}" ]]; then
+  # Stop docker if it is running, so we can move its files
+  systemctl stop docker || true
+
+  # Move docker to e.g. /mnt
+  # but only if it is a directory, not a symlink left over from a previous run
+  if [[ -d /var/lib/docker ]]; then
+    mv /var/lib/docker ${move_docker}/
+  fi
+  mkdir -p ${move_docker}/docker
+  # If /var/lib/docker doesn't exist (it will exist if it is already a symlink),
+  # then symlink it to the ephemeral docker area
+  if [[ ! -e /var/lib/docker ]]; then
+    ln -s ${move_docker}/docker /var/lib/docker
+  fi
+  DOCKER_ROOT="${move_docker}/docker"
+  DOCKER_OPTS="${DOCKER_OPTS:-} -g ${DOCKER_ROOT}"
+fi
+
+if [[ -n "${move_kubelet}" ]]; then
+  # Move /var/lib/kubelet to e.g. /mnt
+  # (the backing for empty-dir volumes can use a lot of space!)
+  # (As with /var/lib/docker, only if it is a directory; skip if symlink)
+  if [[ -d /var/lib/kubelet ]]; then
+    mv /var/lib/kubelet ${move_kubelet}/
+  fi
+  mkdir -p ${move_kubelet}/kubelet
+  # Create symlink for /var/lib/kubelet, unless it is already a symlink
+  if [[ ! -e /var/lib/kubelet ]]; then
+    ln -s ${move_kubelet}/kubelet /var/lib/kubelet
+  fi
+  KUBELET_ROOT="${move_kubelet}/kubelet"
+fi
+
+}

vendor/k8s.io/kubernetes/cluster/aws/templates/iam/kubernetes-master-policy.json

@@ -0,0 +1,27 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["ec2:*"],
+      "Resource": ["*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["elasticloadbalancing:*"],
+      "Resource": ["*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["route53:*"],
+      "Resource": ["*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "s3:*",
+      "Resource": [
+        "arn:aws:s3:::kubernetes-*"
+      ]
+    }
+  ]
+}

vendor/k8s.io/kubernetes/cluster/aws/templates/iam/kubernetes-master-role.json

@@ -0,0 +1,10 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": { "Service": "ec2.amazonaws.com"},
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}

vendor/k8s.io/kubernetes/cluster/aws/templates/iam/kubernetes-minion-policy.json

@@ -0,0 +1,45 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": "s3:*",
+      "Resource": [
+        "arn:aws:s3:::kubernetes-*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": "ec2:Describe*",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "ec2:AttachVolume",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "ec2:DetachVolume",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": ["route53:*"],
+      "Resource": ["*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ecr:GetAuthorizationToken",
+        "ecr:BatchCheckLayerAvailability",
+        "ecr:GetDownloadUrlForLayer",
+        "ecr:GetRepositoryPolicy",
+        "ecr:DescribeRepositories",
+        "ecr:ListImages",
+        "ecr:BatchGetImage"
+      ],
+      "Resource": "*"
+    }
+  ]
+}

vendor/k8s.io/kubernetes/cluster/aws/templates/iam/kubernetes-minion-role.json

@@ -0,0 +1,10 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": { "Service": "ec2.amazonaws.com"},
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}