porkadot 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/porkadot/assets/bootstrap.rb +2 -2
- data/lib/porkadot/assets/etcd.rb +3 -0
- data/lib/porkadot/assets/kubelet/install-deps.sh.erb +10 -3
- data/lib/porkadot/assets/kubelet.rb +3 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb +37 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb +0 -36
- data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.secrets.yaml.erb +16 -0
- data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.yaml.erb +0 -15
- data/lib/porkadot/assets/kubernetes.rb +5 -0
- data/lib/porkadot/assets.rb +15 -0
- data/lib/porkadot/config.rb +8 -0
- data/lib/porkadot/configs/bootstrap.rb +13 -1
- data/lib/porkadot/configs/etcd.rb +7 -3
- data/lib/porkadot/configs/kubelet.rb +9 -1
- data/lib/porkadot/configs/kubernetes.rb +8 -0
- data/lib/porkadot/install/bootstrap.rb +7 -0
- data/lib/porkadot/install/kubelet.rb +4 -0
- data/lib/porkadot/install/kubernetes.rb +4 -0
- data/lib/porkadot/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c4a540c5dd8b6b61feeb82c0237ec62c70740de25656cfa0b95ae0ef22bfffe5
|
|
4
|
+
data.tar.gz: aeddd88d774b653d1e5dc40cc28996090baa90ada864ccb1457340d2a4791582
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 711a19855866bb0d22ffcb47558a56b20c9b000d2b5c38a9f88b9553bde85d918b069cd0520e46817e62de57fb7f29ce16e98c48688fb1a3d744f29f3c9fb6cf
|
|
7
|
+
data.tar.gz: ffd3ff0472e4df3374086857fac3e239d638b59e97449e4e1e480673f2af64129fbe92b22979d364cf850dcb3fad6258d241e37a6557ac370a1fdbe2b72064f2
|
|
@@ -18,8 +18,8 @@ module Porkadot; module Assets
|
|
|
18
18
|
|
|
19
19
|
def render
|
|
20
20
|
logger.info "--> Rendering bootstrap manifests"
|
|
21
|
-
unless File.directory?(config.
|
|
22
|
-
FileUtils.mkdir_p(config.
|
|
21
|
+
unless File.directory?(config.bootstrap_path)
|
|
22
|
+
FileUtils.mkdir_p(config.bootstrap_path)
|
|
23
23
|
end
|
|
24
24
|
render_secrets
|
|
25
25
|
render_erb 'bootstrap/kubeconfig-bootstrap.yaml'
|
data/lib/porkadot/assets/etcd.rb
CHANGED
|
@@ -50,6 +50,9 @@ module Porkadot; module Assets
|
|
|
50
50
|
unless File.directory?(config.target_path)
|
|
51
51
|
FileUtils.mkdir_p(config.target_path)
|
|
52
52
|
end
|
|
53
|
+
unless File.directory?(config.target_secrets_path)
|
|
54
|
+
FileUtils.mkdir_p(config.target_secrets_path)
|
|
55
|
+
end
|
|
53
56
|
render_ca_crt
|
|
54
57
|
render_etcd_crt
|
|
55
58
|
render_erb 'etcd-server.yaml', etcd: global_config.etcd
|
|
@@ -1,20 +1,27 @@
|
|
|
1
1
|
#!/bin/bash
|
|
2
2
|
|
|
3
|
+
architecture="arm64"
|
|
4
|
+
case $(uname -m) in
|
|
5
|
+
x86_64) architecture="amd64" ;;
|
|
6
|
+
arm) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="arm" ;;
|
|
7
|
+
esac
|
|
8
|
+
echo $architecture
|
|
9
|
+
|
|
3
10
|
CNI_VERSION="<%= global_config.k8s.networking.cni_version %>"
|
|
4
11
|
mkdir -p /opt/cni/bin
|
|
5
|
-
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux
|
|
12
|
+
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${architecture}-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
|
|
6
13
|
|
|
7
14
|
RELEASE="<%= global_config.k8s.kubernetes_version %>"
|
|
8
15
|
|
|
9
16
|
mkdir -p /opt/bin
|
|
10
17
|
|
|
11
|
-
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/
|
|
18
|
+
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubectl \
|
|
12
19
|
-o /opt/bin/kubectl-${RELEASE}
|
|
13
20
|
chmod +x /opt/bin/kubectl-${RELEASE}
|
|
14
21
|
rm -f /opt/bin/kubectl
|
|
15
22
|
ln -s /opt/bin/kubectl-${RELEASE} /opt/bin/kubectl
|
|
16
23
|
|
|
17
|
-
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/
|
|
24
|
+
curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubelet \
|
|
18
25
|
-o /opt/bin/kubelet-${RELEASE}
|
|
19
26
|
chmod +x /opt/bin/kubelet-${RELEASE}
|
|
20
27
|
rm -f /opt/bin/kubelet
|
|
@@ -50,6 +50,9 @@ module Porkadot; module Assets
|
|
|
50
50
|
unless File.directory?(config.target_path)
|
|
51
51
|
FileUtils.mkdir_p(config.target_path)
|
|
52
52
|
end
|
|
53
|
+
unless File.directory?(config.target_secrets_path)
|
|
54
|
+
FileUtils.mkdir_p(config.target_secrets_path)
|
|
55
|
+
end
|
|
53
56
|
ca_data = certs.ca_cert.to_pem
|
|
54
57
|
ca_data = Base64.strict_encode64(ca_data)
|
|
55
58
|
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<% k8s = global_config.k8s -%>
|
|
2
|
+
---
|
|
3
|
+
apiVersion: v1
|
|
4
|
+
data:
|
|
5
|
+
apiserver.crt: <%= certs.kubernetes.to_base64(:apiserver_cert) %>
|
|
6
|
+
apiserver.key: <%= certs.kubernetes.to_base64(:apiserver_key) %>
|
|
7
|
+
ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
|
|
8
|
+
front-proxy-ca.crt: <%= certs.front_proxy.to_base64(:ca_cert) %>
|
|
9
|
+
front-proxy-client.crt: <%= certs.front_proxy.to_base64(:client_cert) %>
|
|
10
|
+
front-proxy-client.key: <%= certs.front_proxy.to_base64(:client_key) %>
|
|
11
|
+
kubelet-client.crt: <%= certs.kubernetes.to_base64(:kubelet_client_cert) %>
|
|
12
|
+
kubelet-client.key: <%= certs.kubernetes.to_base64(:kubelet_client_key) %>
|
|
13
|
+
sa.pub: <%= certs.kubernetes.to_base64(:sa_public_key) %>
|
|
14
|
+
kind: Secret
|
|
15
|
+
metadata:
|
|
16
|
+
name: kube-apiserver
|
|
17
|
+
namespace: kube-system
|
|
18
|
+
labels:
|
|
19
|
+
<%- k8s.apiserver.labels.each do |k, v| -%>
|
|
20
|
+
<%= k.to_s %>: <%= v %>
|
|
21
|
+
<%- end -%>
|
|
22
|
+
type: Opaque
|
|
23
|
+
---
|
|
24
|
+
apiVersion: v1
|
|
25
|
+
data:
|
|
26
|
+
ca.crt: <%= certs.etcd.to_base64(:ca_cert) %>
|
|
27
|
+
etcd-client.crt: <%= certs.etcd.to_base64(:client_cert) %>
|
|
28
|
+
etcd-client.key: <%= certs.etcd.to_base64(:client_key) %>
|
|
29
|
+
kind: Secret
|
|
30
|
+
metadata:
|
|
31
|
+
name: etcd-tls
|
|
32
|
+
namespace: kube-system
|
|
33
|
+
labels:
|
|
34
|
+
<%- k8s.apiserver.labels.each do |k, v| -%>
|
|
35
|
+
<%= k.to_s %>: <%= v %>
|
|
36
|
+
<%- end -%>
|
|
37
|
+
type: Opaque
|
|
@@ -1,41 +1,5 @@
|
|
|
1
1
|
<% k8s = global_config.k8s -%>
|
|
2
2
|
---
|
|
3
|
-
apiVersion: v1
|
|
4
|
-
data:
|
|
5
|
-
apiserver.crt: <%= certs.kubernetes.to_base64(:apiserver_cert) %>
|
|
6
|
-
apiserver.key: <%= certs.kubernetes.to_base64(:apiserver_key) %>
|
|
7
|
-
ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
|
|
8
|
-
front-proxy-ca.crt: <%= certs.front_proxy.to_base64(:ca_cert) %>
|
|
9
|
-
front-proxy-client.crt: <%= certs.front_proxy.to_base64(:client_cert) %>
|
|
10
|
-
front-proxy-client.key: <%= certs.front_proxy.to_base64(:client_key) %>
|
|
11
|
-
kubelet-client.crt: <%= certs.kubernetes.to_base64(:kubelet_client_cert) %>
|
|
12
|
-
kubelet-client.key: <%= certs.kubernetes.to_base64(:kubelet_client_key) %>
|
|
13
|
-
sa.pub: <%= certs.kubernetes.to_base64(:sa_public_key) %>
|
|
14
|
-
kind: Secret
|
|
15
|
-
metadata:
|
|
16
|
-
name: kube-apiserver
|
|
17
|
-
namespace: kube-system
|
|
18
|
-
labels:
|
|
19
|
-
<%- k8s.apiserver.labels.each do |k, v| -%>
|
|
20
|
-
<%= k.to_s %>: <%= v %>
|
|
21
|
-
<%- end -%>
|
|
22
|
-
type: Opaque
|
|
23
|
-
---
|
|
24
|
-
apiVersion: v1
|
|
25
|
-
data:
|
|
26
|
-
ca.crt: <%= certs.etcd.to_base64(:ca_cert) %>
|
|
27
|
-
etcd-client.crt: <%= certs.etcd.to_base64(:client_cert) %>
|
|
28
|
-
etcd-client.key: <%= certs.etcd.to_base64(:client_key) %>
|
|
29
|
-
kind: Secret
|
|
30
|
-
metadata:
|
|
31
|
-
name: etcd-tls
|
|
32
|
-
namespace: kube-system
|
|
33
|
-
labels:
|
|
34
|
-
<%- k8s.apiserver.labels.each do |k, v| -%>
|
|
35
|
-
<%= k.to_s %>: <%= v %>
|
|
36
|
-
<%- end -%>
|
|
37
|
-
type: Opaque
|
|
38
|
-
---
|
|
39
3
|
apiVersion: "apps/v1"
|
|
40
4
|
kind: DaemonSet
|
|
41
5
|
metadata:
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
<% k8s = global_config.k8s -%>
|
|
2
|
+
---
|
|
3
|
+
apiVersion: v1
|
|
4
|
+
data:
|
|
5
|
+
ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
|
|
6
|
+
ca.key: <%= certs.kubernetes.to_base64(:ca_key) %>
|
|
7
|
+
sa.key: <%= certs.kubernetes.to_base64(:sa_private_key) %>
|
|
8
|
+
kind: Secret
|
|
9
|
+
metadata:
|
|
10
|
+
name: kube-controller-manager
|
|
11
|
+
namespace: kube-system
|
|
12
|
+
labels:
|
|
13
|
+
<%- k8s.controller_manager.labels.each do |k, v| -%>
|
|
14
|
+
<%= k.to_s %>: <%= v %>
|
|
15
|
+
<%- end -%>
|
|
16
|
+
type: Opaque
|
|
@@ -44,21 +44,6 @@ metadata:
|
|
|
44
44
|
<%= k.to_s %>: <%= v %>
|
|
45
45
|
<%- end -%>
|
|
46
46
|
---
|
|
47
|
-
apiVersion: v1
|
|
48
|
-
data:
|
|
49
|
-
ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
|
|
50
|
-
ca.key: <%= certs.kubernetes.to_base64(:ca_key) %>
|
|
51
|
-
sa.key: <%= certs.kubernetes.to_base64(:sa_private_key) %>
|
|
52
|
-
kind: Secret
|
|
53
|
-
metadata:
|
|
54
|
-
name: kube-controller-manager
|
|
55
|
-
namespace: kube-system
|
|
56
|
-
labels:
|
|
57
|
-
<%- k8s.controller_manager.labels.each do |k, v| -%>
|
|
58
|
-
<%= k.to_s %>: <%= v %>
|
|
59
|
-
<%- end -%>
|
|
60
|
-
type: Opaque
|
|
61
|
-
---
|
|
62
47
|
apiVersion: apps/v1
|
|
63
48
|
kind: Deployment
|
|
64
49
|
metadata:
|
|
@@ -20,6 +20,9 @@ module Porkadot; module Assets
|
|
|
20
20
|
unless File.directory?(config.manifests_path)
|
|
21
21
|
FileUtils.mkdir_p(config.manifests_path)
|
|
22
22
|
end
|
|
23
|
+
unless File.directory?(config.manifests_secrets_path)
|
|
24
|
+
FileUtils.mkdir_p(config.manifests_secrets_path)
|
|
25
|
+
end
|
|
23
26
|
lb = global_config.lb
|
|
24
27
|
cni = global_config.cni
|
|
25
28
|
render_erb 'manifests/porkadot.yaml'
|
|
@@ -27,9 +30,11 @@ module Porkadot; module Assets
|
|
|
27
30
|
render_erb "manifests/#{lb.type}.yaml"
|
|
28
31
|
render_erb "manifests/#{cni.type}.yaml"
|
|
29
32
|
render_erb "manifests/kube-apiserver.yaml"
|
|
33
|
+
render_secrets_erb "manifests/kube-apiserver.secrets.yaml"
|
|
30
34
|
render_erb "manifests/kube-proxy.yaml"
|
|
31
35
|
render_erb "manifests/kube-scheduler.yaml"
|
|
32
36
|
render_erb "manifests/kube-controller-manager.yaml"
|
|
37
|
+
render_secrets_erb "manifests/kube-controller-manager.secrets.yaml"
|
|
33
38
|
render_erb "manifests/pod-checkpointer.yaml"
|
|
34
39
|
render_erb "manifests/kubelet-rubber-stamp.yaml"
|
|
35
40
|
render_erb 'install.sh'
|
data/lib/porkadot/assets.rb
CHANGED
|
@@ -21,4 +21,19 @@ module Porkadot::Assets
|
|
|
21
21
|
end
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
def render_secrets_erb file, opts={}
|
|
25
|
+
file = file.to_s
|
|
26
|
+
opts[:config] = self.config
|
|
27
|
+
opts[:global_config] = self.global_config
|
|
28
|
+
opts[:certs] = Porkadot::Assets::Certs.new(self.global_config)
|
|
29
|
+
opts[:u] = ErbUtils.new
|
|
30
|
+
|
|
31
|
+
logger.info "----> #{file}"
|
|
32
|
+
open(File.join(self.class::TEMPLATE_DIR, "#{file}.erb")) do |io|
|
|
33
|
+
open(config.secrets_path(file), 'w') do |out|
|
|
34
|
+
out.write ERB.new(io.read, trim_mode: '-').result_with_hash(opts)
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
24
39
|
end
|
data/lib/porkadot/config.rb
CHANGED
|
@@ -81,6 +81,10 @@ module Porkadot
|
|
|
81
81
|
File.expand_path(raw.local.assets_dir)
|
|
82
82
|
end
|
|
83
83
|
|
|
84
|
+
def secrets_root_dir
|
|
85
|
+
File.join(self.assets_dir, 'secrets')
|
|
86
|
+
end
|
|
87
|
+
|
|
84
88
|
end
|
|
85
89
|
|
|
86
90
|
module ConfigUtils
|
|
@@ -102,6 +106,10 @@ module Porkadot
|
|
|
102
106
|
end
|
|
103
107
|
alias path asset_path
|
|
104
108
|
|
|
109
|
+
def secrets_path file
|
|
110
|
+
File.join(self.target_secrets_path, file.to_s)
|
|
111
|
+
end
|
|
112
|
+
|
|
105
113
|
def method_missing name, *args
|
|
106
114
|
return nil if self.raw.nil?
|
|
107
115
|
self.raw[name]
|
|
@@ -16,6 +16,10 @@ module Porkadot; module Configs
|
|
|
16
16
|
def target_path
|
|
17
17
|
File.join(bootstrap_config.target_path, 'kubelet')
|
|
18
18
|
end
|
|
19
|
+
|
|
20
|
+
def target_secrets_path
|
|
21
|
+
File.join(bootstrap_config.target_secrets_path, 'kubelet')
|
|
22
|
+
end
|
|
19
23
|
end
|
|
20
24
|
|
|
21
25
|
include Porkadot::ConfigUtils
|
|
@@ -31,12 +35,20 @@ module Porkadot; module Configs
|
|
|
31
35
|
File.join(self.config.assets_dir, 'bootstrap')
|
|
32
36
|
end
|
|
33
37
|
|
|
38
|
+
def target_secrets_path
|
|
39
|
+
File.join(self.config.secrets_root_dir, 'bootstrap')
|
|
40
|
+
end
|
|
41
|
+
|
|
34
42
|
def bootstrap_path
|
|
35
43
|
File.join(self.target_path, 'bootstrap')
|
|
36
44
|
end
|
|
37
45
|
|
|
46
|
+
def bootstrap_secrets_path
|
|
47
|
+
File.join(self.target_secrets_path, 'bootstrap')
|
|
48
|
+
end
|
|
49
|
+
|
|
38
50
|
def secrets_path
|
|
39
|
-
File.join(self.
|
|
51
|
+
File.join(self.bootstrap_secrets_path, 'secrets')
|
|
40
52
|
end
|
|
41
53
|
|
|
42
54
|
def kubeconfig_path
|
|
@@ -79,16 +79,20 @@ module Porkadot; module Configs
|
|
|
79
79
|
File.join(self.kubelet.addon_path, 'etcd')
|
|
80
80
|
end
|
|
81
81
|
|
|
82
|
+
def target_secrets_path
|
|
83
|
+
File.join(self.kubelet.addon_secrets_path, 'etcd')
|
|
84
|
+
end
|
|
85
|
+
|
|
82
86
|
def ca_crt_path
|
|
83
|
-
File.join(self.
|
|
87
|
+
File.join(self.target_secrets_path, 'ca.crt')
|
|
84
88
|
end
|
|
85
89
|
|
|
86
90
|
def etcd_key_path
|
|
87
|
-
File.join(self.
|
|
91
|
+
File.join(self.target_secrets_path, 'etcd.key')
|
|
88
92
|
end
|
|
89
93
|
|
|
90
94
|
def etcd_crt_path
|
|
91
|
-
File.join(self.
|
|
95
|
+
File.join(self.target_secrets_path, 'etcd.crt')
|
|
92
96
|
end
|
|
93
97
|
|
|
94
98
|
end
|
|
@@ -41,16 +41,24 @@ module Porkadot; module Configs
|
|
|
41
41
|
File.join(self.config.assets_dir, 'kubelet', name)
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
+
def target_secrets_path
|
|
45
|
+
File.join(self.config.secrets_root_dir, 'kubelet', name)
|
|
46
|
+
end
|
|
47
|
+
|
|
44
48
|
def addon_path
|
|
45
49
|
File.join(self.target_path, 'addons')
|
|
46
50
|
end
|
|
47
51
|
|
|
52
|
+
def addon_secrets_path
|
|
53
|
+
File.join(self.target_secrets_path, 'addons')
|
|
54
|
+
end
|
|
55
|
+
|
|
48
56
|
def ca_crt_path
|
|
49
57
|
File.join(self.target_path, 'ca.crt')
|
|
50
58
|
end
|
|
51
59
|
|
|
52
60
|
def bootstrap_key_path
|
|
53
|
-
File.join(self.
|
|
61
|
+
File.join(self.target_secrets_path, 'bootstrap.key')
|
|
54
62
|
end
|
|
55
63
|
|
|
56
64
|
def bootstrap_cert_path
|
|
@@ -27,10 +27,18 @@ module Porkadot; module Configs
|
|
|
27
27
|
File.join(self.config.assets_dir, 'kubernetes')
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
+
def target_secrets_path
|
|
31
|
+
File.join(self.config.secrets_root_dir, 'kubernetes')
|
|
32
|
+
end
|
|
33
|
+
|
|
30
34
|
def manifests_path
|
|
31
35
|
File.join(self.target_path, 'manifests')
|
|
32
36
|
end
|
|
33
37
|
|
|
38
|
+
def manifests_secrets_path
|
|
39
|
+
File.join(self.target_secrets_path, 'manifests')
|
|
40
|
+
end
|
|
41
|
+
|
|
34
42
|
def control_plane_endpoint_host_and_port
|
|
35
43
|
endpoint = self.config.k8s.control_plane_endpoint
|
|
36
44
|
raise "kubernetes.control_plane_endpoint should not be nil" unless endpoint
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module Porkadot; module Install
|
|
2
2
|
class Bootstrap
|
|
3
3
|
KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'bootstrap')
|
|
4
|
+
KUBE_SECRETS_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.bootstrap')
|
|
4
5
|
include SSHKit::DSL
|
|
5
6
|
attr_reader :global_config
|
|
6
7
|
attr_reader :config
|
|
@@ -21,8 +22,11 @@ module Porkadot; module Install
|
|
|
21
22
|
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
|
22
23
|
if test("[ -d #{KUBE_TEMP} ]")
|
|
23
24
|
execute(:rm, '-rf', KUBE_TEMP)
|
|
25
|
+
execute(:rm, '-rf', KUBE_SECRETS_TEMP)
|
|
24
26
|
end
|
|
25
27
|
upload! config.target_path, KUBE_TEMP, recursive: true
|
|
28
|
+
upload! config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
|
|
29
|
+
execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
|
|
26
30
|
|
|
27
31
|
as user: 'root' do
|
|
28
32
|
execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
|
|
@@ -44,8 +48,11 @@ module Porkadot; module Install
|
|
|
44
48
|
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
|
45
49
|
if test("[ -d #{KUBE_TEMP} ]")
|
|
46
50
|
execute(:rm, '-rf', KUBE_TEMP)
|
|
51
|
+
execute(:rm, '-rf', KUBE_SECRETS_TEMP)
|
|
47
52
|
end
|
|
48
53
|
upload! config.target_path, KUBE_TEMP, recursive: true
|
|
54
|
+
upload! config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
|
|
55
|
+
execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
|
|
49
56
|
|
|
50
57
|
global_config.nodes.each do |k, node|
|
|
51
58
|
if node.apiserver?
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module Porkadot; module Install
|
|
2
2
|
class KubeletList
|
|
3
3
|
KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'kubelet')
|
|
4
|
+
KUBE_SECRETS_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.kubelet')
|
|
4
5
|
include SSHKit::DSL
|
|
5
6
|
attr_reader :global_config
|
|
6
7
|
attr_reader :logger
|
|
@@ -27,8 +28,11 @@ module Porkadot; module Install
|
|
|
27
28
|
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
|
28
29
|
if test("[ -d #{KUBE_TEMP} ]")
|
|
29
30
|
execute(:rm, '-rf', KUBE_TEMP)
|
|
31
|
+
execute(:rm, '-rf', KUBE_SECRETS_TEMP)
|
|
30
32
|
end
|
|
31
33
|
upload! host.config.target_path, KUBE_TEMP, recursive: true
|
|
34
|
+
upload! host.config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
|
|
35
|
+
execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
|
|
32
36
|
|
|
33
37
|
as user: 'root' do
|
|
34
38
|
unless test("[ -f /opt/bin/kubelet-#{host.global_config.k8s.kubernetes_version} ]") && !force
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module Porkadot; module Install
|
|
2
2
|
class Kubernetes
|
|
3
3
|
KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'kubernetes')
|
|
4
|
+
KUBE_SECRETS_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.kubernetes')
|
|
4
5
|
include SSHKit::DSL
|
|
5
6
|
attr_reader :global_config
|
|
6
7
|
attr_reader :config
|
|
@@ -19,8 +20,11 @@ module Porkadot; module Install
|
|
|
19
20
|
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
|
20
21
|
if test("[ -d #{KUBE_TEMP} ]")
|
|
21
22
|
execute(:rm, '-rf', KUBE_TEMP)
|
|
23
|
+
execute(:rm, '-rf', KUBE_SECRETS_TEMP)
|
|
22
24
|
end
|
|
23
25
|
upload! config.target_path, KUBE_TEMP, recursive: true
|
|
26
|
+
upload! config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
|
|
27
|
+
execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
|
|
24
28
|
|
|
25
29
|
as user: 'root' do
|
|
26
30
|
execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
|
data/lib/porkadot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: porkadot
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OTSUKA, Yuanying
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-04-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -141,7 +141,9 @@ files:
|
|
|
141
141
|
- lib/porkadot/assets/kubernetes.rb
|
|
142
142
|
- lib/porkadot/assets/kubernetes/install.sh.erb
|
|
143
143
|
- lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb
|
|
144
|
+
- lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb
|
|
144
145
|
- lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb
|
|
146
|
+
- lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.secrets.yaml.erb
|
|
145
147
|
- lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.yaml.erb
|
|
146
148
|
- lib/porkadot/assets/kubernetes/manifests/kube-proxy.yaml.erb
|
|
147
149
|
- lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb
|