porkadot 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d234a54eadea75f593857f0d1a697af8be3cb74c5a4b48bb42b19ec966a905ae
4
- data.tar.gz: a62e0011627d9d7f5b93e34fadd8c76df6dc88496c7ff39b561d808880ac1570
3
+ metadata.gz: c4a540c5dd8b6b61feeb82c0237ec62c70740de25656cfa0b95ae0ef22bfffe5
4
+ data.tar.gz: aeddd88d774b653d1e5dc40cc28996090baa90ada864ccb1457340d2a4791582
5
5
  SHA512:
6
- metadata.gz: e359ab5f970e9ed84d82c1210a4c74215bec8fb878a42b736add72a2c27771ab1c8fe3d36125387694b3ea84c626f5b5bbdcbc9bbcb25e0f47dfa6c54484c651
7
- data.tar.gz: 1dda5458027c308e37832c74cd66b67422935c88968960b2ea017aa30aad2a6d39aa3ca2d3eaeb0d334431e4a2e50f4eb2e35bd43cca8b216eccab9c93a38c6b
6
+ metadata.gz: 711a19855866bb0d22ffcb47558a56b20c9b000d2b5c38a9f88b9553bde85d918b069cd0520e46817e62de57fb7f29ce16e98c48688fb1a3d744f29f3c9fb6cf
7
+ data.tar.gz: ffd3ff0472e4df3374086857fac3e239d638b59e97449e4e1e480673f2af64129fbe92b22979d364cf850dcb3fad6258d241e37a6557ac370a1fdbe2b72064f2
@@ -18,8 +18,8 @@ module Porkadot; module Assets
18
18
 
19
19
  def render
20
20
  logger.info "--> Rendering bootstrap manifests"
21
- unless File.directory?(config.target_path)
22
- FileUtils.mkdir_p(config.target_path)
21
+ unless File.directory?(config.bootstrap_path)
22
+ FileUtils.mkdir_p(config.bootstrap_path)
23
23
  end
24
24
  render_secrets
25
25
  render_erb 'bootstrap/kubeconfig-bootstrap.yaml'
@@ -50,6 +50,9 @@ module Porkadot; module Assets
50
50
  unless File.directory?(config.target_path)
51
51
  FileUtils.mkdir_p(config.target_path)
52
52
  end
53
+ unless File.directory?(config.target_secrets_path)
54
+ FileUtils.mkdir_p(config.target_secrets_path)
55
+ end
53
56
  render_ca_crt
54
57
  render_etcd_crt
55
58
  render_erb 'etcd-server.yaml', etcd: global_config.etcd
@@ -1,20 +1,27 @@
1
1
  #!/bin/bash
2
2
 
3
+ architecture="arm64"
4
+ case $(uname -m) in
5
+ x86_64) architecture="amd64" ;;
6
+ arm) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="arm" ;;
7
+ esac
8
+ echo $architecture
9
+
3
10
  CNI_VERSION="<%= global_config.k8s.networking.cni_version %>"
4
11
  mkdir -p /opt/cni/bin
5
- curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
12
+ curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${architecture}-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
6
13
 
7
14
  RELEASE="<%= global_config.k8s.kubernetes_version %>"
8
15
 
9
16
  mkdir -p /opt/bin
10
17
 
11
- curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/kubectl \
18
+ curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubectl \
12
19
  -o /opt/bin/kubectl-${RELEASE}
13
20
  chmod +x /opt/bin/kubectl-${RELEASE}
14
21
  rm -f /opt/bin/kubectl
15
22
  ln -s /opt/bin/kubectl-${RELEASE} /opt/bin/kubectl
16
23
 
17
- curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/kubelet \
24
+ curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${architecture}/kubelet \
18
25
  -o /opt/bin/kubelet-${RELEASE}
19
26
  chmod +x /opt/bin/kubelet-${RELEASE}
20
27
  rm -f /opt/bin/kubelet
@@ -50,6 +50,9 @@ module Porkadot; module Assets
50
50
  unless File.directory?(config.target_path)
51
51
  FileUtils.mkdir_p(config.target_path)
52
52
  end
53
+ unless File.directory?(config.target_secrets_path)
54
+ FileUtils.mkdir_p(config.target_secrets_path)
55
+ end
53
56
  ca_data = certs.ca_cert.to_pem
54
57
  ca_data = Base64.strict_encode64(ca_data)
55
58
 
@@ -0,0 +1,37 @@
1
+ <% k8s = global_config.k8s -%>
2
+ ---
3
+ apiVersion: v1
4
+ data:
5
+ apiserver.crt: <%= certs.kubernetes.to_base64(:apiserver_cert) %>
6
+ apiserver.key: <%= certs.kubernetes.to_base64(:apiserver_key) %>
7
+ ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
8
+ front-proxy-ca.crt: <%= certs.front_proxy.to_base64(:ca_cert) %>
9
+ front-proxy-client.crt: <%= certs.front_proxy.to_base64(:client_cert) %>
10
+ front-proxy-client.key: <%= certs.front_proxy.to_base64(:client_key) %>
11
+ kubelet-client.crt: <%= certs.kubernetes.to_base64(:kubelet_client_cert) %>
12
+ kubelet-client.key: <%= certs.kubernetes.to_base64(:kubelet_client_key) %>
13
+ sa.pub: <%= certs.kubernetes.to_base64(:sa_public_key) %>
14
+ kind: Secret
15
+ metadata:
16
+ name: kube-apiserver
17
+ namespace: kube-system
18
+ labels:
19
+ <%- k8s.apiserver.labels.each do |k, v| -%>
20
+ <%= k.to_s %>: <%= v %>
21
+ <%- end -%>
22
+ type: Opaque
23
+ ---
24
+ apiVersion: v1
25
+ data:
26
+ ca.crt: <%= certs.etcd.to_base64(:ca_cert) %>
27
+ etcd-client.crt: <%= certs.etcd.to_base64(:client_cert) %>
28
+ etcd-client.key: <%= certs.etcd.to_base64(:client_key) %>
29
+ kind: Secret
30
+ metadata:
31
+ name: etcd-tls
32
+ namespace: kube-system
33
+ labels:
34
+ <%- k8s.apiserver.labels.each do |k, v| -%>
35
+ <%= k.to_s %>: <%= v %>
36
+ <%- end -%>
37
+ type: Opaque
@@ -1,41 +1,5 @@
1
1
  <% k8s = global_config.k8s -%>
2
2
  ---
3
- apiVersion: v1
4
- data:
5
- apiserver.crt: <%= certs.kubernetes.to_base64(:apiserver_cert) %>
6
- apiserver.key: <%= certs.kubernetes.to_base64(:apiserver_key) %>
7
- ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
8
- front-proxy-ca.crt: <%= certs.front_proxy.to_base64(:ca_cert) %>
9
- front-proxy-client.crt: <%= certs.front_proxy.to_base64(:client_cert) %>
10
- front-proxy-client.key: <%= certs.front_proxy.to_base64(:client_key) %>
11
- kubelet-client.crt: <%= certs.kubernetes.to_base64(:kubelet_client_cert) %>
12
- kubelet-client.key: <%= certs.kubernetes.to_base64(:kubelet_client_key) %>
13
- sa.pub: <%= certs.kubernetes.to_base64(:sa_public_key) %>
14
- kind: Secret
15
- metadata:
16
- name: kube-apiserver
17
- namespace: kube-system
18
- labels:
19
- <%- k8s.apiserver.labels.each do |k, v| -%>
20
- <%= k.to_s %>: <%= v %>
21
- <%- end -%>
22
- type: Opaque
23
- ---
24
- apiVersion: v1
25
- data:
26
- ca.crt: <%= certs.etcd.to_base64(:ca_cert) %>
27
- etcd-client.crt: <%= certs.etcd.to_base64(:client_cert) %>
28
- etcd-client.key: <%= certs.etcd.to_base64(:client_key) %>
29
- kind: Secret
30
- metadata:
31
- name: etcd-tls
32
- namespace: kube-system
33
- labels:
34
- <%- k8s.apiserver.labels.each do |k, v| -%>
35
- <%= k.to_s %>: <%= v %>
36
- <%- end -%>
37
- type: Opaque
38
- ---
39
3
  apiVersion: "apps/v1"
40
4
  kind: DaemonSet
41
5
  metadata:
@@ -0,0 +1,16 @@
1
+ <% k8s = global_config.k8s -%>
2
+ ---
3
+ apiVersion: v1
4
+ data:
5
+ ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
6
+ ca.key: <%= certs.kubernetes.to_base64(:ca_key) %>
7
+ sa.key: <%= certs.kubernetes.to_base64(:sa_private_key) %>
8
+ kind: Secret
9
+ metadata:
10
+ name: kube-controller-manager
11
+ namespace: kube-system
12
+ labels:
13
+ <%- k8s.controller_manager.labels.each do |k, v| -%>
14
+ <%= k.to_s %>: <%= v %>
15
+ <%- end -%>
16
+ type: Opaque
@@ -44,21 +44,6 @@ metadata:
44
44
  <%= k.to_s %>: <%= v %>
45
45
  <%- end -%>
46
46
  ---
47
- apiVersion: v1
48
- data:
49
- ca.crt: <%= certs.kubernetes.to_base64(:ca_cert) %>
50
- ca.key: <%= certs.kubernetes.to_base64(:ca_key) %>
51
- sa.key: <%= certs.kubernetes.to_base64(:sa_private_key) %>
52
- kind: Secret
53
- metadata:
54
- name: kube-controller-manager
55
- namespace: kube-system
56
- labels:
57
- <%- k8s.controller_manager.labels.each do |k, v| -%>
58
- <%= k.to_s %>: <%= v %>
59
- <%- end -%>
60
- type: Opaque
61
- ---
62
47
  apiVersion: apps/v1
63
48
  kind: Deployment
64
49
  metadata:
@@ -20,6 +20,9 @@ module Porkadot; module Assets
20
20
  unless File.directory?(config.manifests_path)
21
21
  FileUtils.mkdir_p(config.manifests_path)
22
22
  end
23
+ unless File.directory?(config.manifests_secrets_path)
24
+ FileUtils.mkdir_p(config.manifests_secrets_path)
25
+ end
23
26
  lb = global_config.lb
24
27
  cni = global_config.cni
25
28
  render_erb 'manifests/porkadot.yaml'
@@ -27,9 +30,11 @@ module Porkadot; module Assets
27
30
  render_erb "manifests/#{lb.type}.yaml"
28
31
  render_erb "manifests/#{cni.type}.yaml"
29
32
  render_erb "manifests/kube-apiserver.yaml"
33
+ render_secrets_erb "manifests/kube-apiserver.secrets.yaml"
30
34
  render_erb "manifests/kube-proxy.yaml"
31
35
  render_erb "manifests/kube-scheduler.yaml"
32
36
  render_erb "manifests/kube-controller-manager.yaml"
37
+ render_secrets_erb "manifests/kube-controller-manager.secrets.yaml"
33
38
  render_erb "manifests/pod-checkpointer.yaml"
34
39
  render_erb "manifests/kubelet-rubber-stamp.yaml"
35
40
  render_erb 'install.sh'
@@ -21,4 +21,19 @@ module Porkadot::Assets
21
21
  end
22
22
  end
23
23
 
24
+ def render_secrets_erb file, opts={}
25
+ file = file.to_s
26
+ opts[:config] = self.config
27
+ opts[:global_config] = self.global_config
28
+ opts[:certs] = Porkadot::Assets::Certs.new(self.global_config)
29
+ opts[:u] = ErbUtils.new
30
+
31
+ logger.info "----> #{file}"
32
+ open(File.join(self.class::TEMPLATE_DIR, "#{file}.erb")) do |io|
33
+ open(config.secrets_path(file), 'w') do |out|
34
+ out.write ERB.new(io.read, trim_mode: '-').result_with_hash(opts)
35
+ end
36
+ end
37
+ end
38
+
24
39
  end
@@ -81,6 +81,10 @@ module Porkadot
81
81
  File.expand_path(raw.local.assets_dir)
82
82
  end
83
83
 
84
+ def secrets_root_dir
85
+ File.join(self.assets_dir, 'secrets')
86
+ end
87
+
84
88
  end
85
89
 
86
90
  module ConfigUtils
@@ -102,6 +106,10 @@ module Porkadot
102
106
  end
103
107
  alias path asset_path
104
108
 
109
+ def secrets_path file
110
+ File.join(self.target_secrets_path, file.to_s)
111
+ end
112
+
105
113
  def method_missing name, *args
106
114
  return nil if self.raw.nil?
107
115
  self.raw[name]
@@ -16,6 +16,10 @@ module Porkadot; module Configs
16
16
  def target_path
17
17
  File.join(bootstrap_config.target_path, 'kubelet')
18
18
  end
19
+
20
+ def target_secrets_path
21
+ File.join(bootstrap_config.target_secrets_path, 'kubelet')
22
+ end
19
23
  end
20
24
 
21
25
  include Porkadot::ConfigUtils
@@ -31,12 +35,20 @@ module Porkadot; module Configs
31
35
  File.join(self.config.assets_dir, 'bootstrap')
32
36
  end
33
37
 
38
+ def target_secrets_path
39
+ File.join(self.config.secrets_root_dir, 'bootstrap')
40
+ end
41
+
34
42
  def bootstrap_path
35
43
  File.join(self.target_path, 'bootstrap')
36
44
  end
37
45
 
46
+ def bootstrap_secrets_path
47
+ File.join(self.target_secrets_path, 'bootstrap')
48
+ end
49
+
38
50
  def secrets_path
39
- File.join(self.bootstrap_path, 'secrets')
51
+ File.join(self.bootstrap_secrets_path, 'secrets')
40
52
  end
41
53
 
42
54
  def kubeconfig_path
@@ -79,16 +79,20 @@ module Porkadot; module Configs
79
79
  File.join(self.kubelet.addon_path, 'etcd')
80
80
  end
81
81
 
82
+ def target_secrets_path
83
+ File.join(self.kubelet.addon_secrets_path, 'etcd')
84
+ end
85
+
82
86
  def ca_crt_path
83
- File.join(self.target_path, 'ca.crt')
87
+ File.join(self.target_secrets_path, 'ca.crt')
84
88
  end
85
89
 
86
90
  def etcd_key_path
87
- File.join(self.target_path, 'etcd.key')
91
+ File.join(self.target_secrets_path, 'etcd.key')
88
92
  end
89
93
 
90
94
  def etcd_crt_path
91
- File.join(self.target_path, 'etcd.crt')
95
+ File.join(self.target_secrets_path, 'etcd.crt')
92
96
  end
93
97
 
94
98
  end
@@ -41,16 +41,24 @@ module Porkadot; module Configs
41
41
  File.join(self.config.assets_dir, 'kubelet', name)
42
42
  end
43
43
 
44
+ def target_secrets_path
45
+ File.join(self.config.secrets_root_dir, 'kubelet', name)
46
+ end
47
+
44
48
  def addon_path
45
49
  File.join(self.target_path, 'addons')
46
50
  end
47
51
 
52
+ def addon_secrets_path
53
+ File.join(self.target_secrets_path, 'addons')
54
+ end
55
+
48
56
  def ca_crt_path
49
57
  File.join(self.target_path, 'ca.crt')
50
58
  end
51
59
 
52
60
  def bootstrap_key_path
53
- File.join(self.target_path, 'bootstrap.key')
61
+ File.join(self.target_secrets_path, 'bootstrap.key')
54
62
  end
55
63
 
56
64
  def bootstrap_cert_path
@@ -27,10 +27,18 @@ module Porkadot; module Configs
27
27
  File.join(self.config.assets_dir, 'kubernetes')
28
28
  end
29
29
 
30
+ def target_secrets_path
31
+ File.join(self.config.secrets_root_dir, 'kubernetes')
32
+ end
33
+
30
34
  def manifests_path
31
35
  File.join(self.target_path, 'manifests')
32
36
  end
33
37
 
38
+ def manifests_secrets_path
39
+ File.join(self.target_secrets_path, 'manifests')
40
+ end
41
+
34
42
  def control_plane_endpoint_host_and_port
35
43
  endpoint = self.config.k8s.control_plane_endpoint
36
44
  raise "kubernetes.control_plane_endpoint should not be nil" unless endpoint
@@ -1,6 +1,7 @@
1
1
  module Porkadot; module Install
2
2
  class Bootstrap
3
3
  KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'bootstrap')
4
+ KUBE_SECRETS_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.bootstrap')
4
5
  include SSHKit::DSL
5
6
  attr_reader :global_config
6
7
  attr_reader :config
@@ -21,8 +22,11 @@ module Porkadot; module Install
21
22
  execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
22
23
  if test("[ -d #{KUBE_TEMP} ]")
23
24
  execute(:rm, '-rf', KUBE_TEMP)
25
+ execute(:rm, '-rf', KUBE_SECRETS_TEMP)
24
26
  end
25
27
  upload! config.target_path, KUBE_TEMP, recursive: true
28
+ upload! config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
29
+ execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
26
30
 
27
31
  as user: 'root' do
28
32
  execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
@@ -44,8 +48,11 @@ module Porkadot; module Install
44
48
  execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
45
49
  if test("[ -d #{KUBE_TEMP} ]")
46
50
  execute(:rm, '-rf', KUBE_TEMP)
51
+ execute(:rm, '-rf', KUBE_SECRETS_TEMP)
47
52
  end
48
53
  upload! config.target_path, KUBE_TEMP, recursive: true
54
+ upload! config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
55
+ execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
49
56
 
50
57
  global_config.nodes.each do |k, node|
51
58
  if node.apiserver?
@@ -1,6 +1,7 @@
1
1
  module Porkadot; module Install
2
2
  class KubeletList
3
3
  KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'kubelet')
4
+ KUBE_SECRETS_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.kubelet')
4
5
  include SSHKit::DSL
5
6
  attr_reader :global_config
6
7
  attr_reader :logger
@@ -27,8 +28,11 @@ module Porkadot; module Install
27
28
  execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
28
29
  if test("[ -d #{KUBE_TEMP} ]")
29
30
  execute(:rm, '-rf', KUBE_TEMP)
31
+ execute(:rm, '-rf', KUBE_SECRETS_TEMP)
30
32
  end
31
33
  upload! host.config.target_path, KUBE_TEMP, recursive: true
34
+ upload! host.config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
35
+ execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
32
36
 
33
37
  as user: 'root' do
34
38
  unless test("[ -f /opt/bin/kubelet-#{host.global_config.k8s.kubernetes_version} ]") && !force
@@ -1,6 +1,7 @@
1
1
  module Porkadot; module Install
2
2
  class Kubernetes
3
3
  KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'kubernetes')
4
+ KUBE_SECRETS_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.kubernetes')
4
5
  include SSHKit::DSL
5
6
  attr_reader :global_config
6
7
  attr_reader :config
@@ -19,8 +20,11 @@ module Porkadot; module Install
19
20
  execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
20
21
  if test("[ -d #{KUBE_TEMP} ]")
21
22
  execute(:rm, '-rf', KUBE_TEMP)
23
+ execute(:rm, '-rf', KUBE_SECRETS_TEMP)
22
24
  end
23
25
  upload! config.target_path, KUBE_TEMP, recursive: true
26
+ upload! config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
27
+ execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
24
28
 
25
29
  as user: 'root' do
26
30
  execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
@@ -1,3 +1,3 @@
1
1
  module Porkadot
2
- VERSION = "0.1.0"
2
+ VERSION = "0.2.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: porkadot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - OTSUKA, Yuanying
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-03-27 00:00:00.000000000 Z
11
+ date: 2020-04-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -141,7 +141,9 @@ files:
141
141
  - lib/porkadot/assets/kubernetes.rb
142
142
  - lib/porkadot/assets/kubernetes/install.sh.erb
143
143
  - lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb
144
+ - lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb
144
145
  - lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb
146
+ - lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.secrets.yaml.erb
145
147
  - lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.yaml.erb
146
148
  - lib/porkadot/assets/kubernetes/manifests/kube-proxy.yaml.erb
147
149
  - lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb