porkadot 0.18.0 → 0.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/hack/gen-storage-version-migrator.sh +7 -0
- data/hack/storage-version-migrator/kustomization.yaml +77 -0
- data/lib/porkadot/assets/bootstrap/manifests/kube-apiserver.bootstrap.yaml.erb +4 -30
- data/lib/porkadot/assets/bootstrap/manifests/kube-controller-manager.bootstrap.yaml.erb +13 -16
- data/lib/porkadot/assets/bootstrap/manifests/kube-proxy.bootstrap.yaml.erb +3 -2
- data/lib/porkadot/assets/bootstrap/manifests/kube-scheduler.bootstrap.yaml.erb +3 -5
- data/lib/porkadot/assets/kubelet.rb +1 -0
- data/lib/porkadot/assets/kubelet/config.yaml.erb +1 -0
- data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb +11 -1
- data/lib/porkadot/assets/kubelet/kubelet.service.erb +3 -1
- data/lib/porkadot/assets/kubelet/setup-containerd.sh.erb +10 -0
- data/lib/porkadot/assets/kubernetes.rb +2 -1
- data/lib/porkadot/assets/kubernetes/kubeconfig.yaml.erb +19 -0
- data/lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb +8 -1
- data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb +52 -431
- data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb +1 -0
- data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb +1 -1
- data/lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb +13 -0
- data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb +116 -26
- data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb +258 -228
- data/lib/porkadot/cmd/cli.rb +16 -0
- data/lib/porkadot/cmd/render/certs.rb +1 -1
- data/lib/porkadot/configs/kubernetes.rb +31 -1
- data/lib/porkadot/default.yaml +3 -3
- data/lib/porkadot/install/kubelet.rb +24 -0
- data/lib/porkadot/install/kubernetes.rb +2 -1
- data/lib/porkadot/version.rb +1 -1
- metadata +7 -3
- data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb +0 -130
@@ -11,6 +11,7 @@ data:
|
|
11
11
|
kubelet-client.crt: <%= certs.kubernetes.to_base64(:kubelet_client_cert) %>
|
12
12
|
kubelet-client.key: <%= certs.kubernetes.to_base64(:kubelet_client_key) %>
|
13
13
|
sa.pub: <%= certs.kubernetes.to_base64(:sa_public_key) %>
|
14
|
+
sa.key: <%= certs.kubernetes.to_base64(:sa_private_key) %>
|
14
15
|
kind: Secret
|
15
16
|
metadata:
|
16
17
|
name: kube-apiserver
|
@@ -0,0 +1,13 @@
|
|
1
|
+
<% require 'securerandom' -%>
|
2
|
+
<% k8s = global_config.k8s -%>
|
3
|
+
---
|
4
|
+
apiVersion: v1
|
5
|
+
stringData:
|
6
|
+
secretkey: <%= SecureRandom.base64(128) %>
|
7
|
+
kind: Secret
|
8
|
+
metadata:
|
9
|
+
name: memberlist
|
10
|
+
namespace: metallb-system
|
11
|
+
labels:
|
12
|
+
app: metallb
|
13
|
+
type: Opaque
|
@@ -8,6 +8,48 @@ metadata:
|
|
8
8
|
---
|
9
9
|
apiVersion: policy/v1beta1
|
10
10
|
kind: PodSecurityPolicy
|
11
|
+
metadata:
|
12
|
+
labels:
|
13
|
+
app: metallb
|
14
|
+
name: controller
|
15
|
+
namespace: metallb-system
|
16
|
+
spec:
|
17
|
+
allowPrivilegeEscalation: false
|
18
|
+
allowedCapabilities: []
|
19
|
+
allowedHostPaths: []
|
20
|
+
defaultAddCapabilities: []
|
21
|
+
defaultAllowPrivilegeEscalation: false
|
22
|
+
fsGroup:
|
23
|
+
ranges:
|
24
|
+
- max: 65535
|
25
|
+
min: 1
|
26
|
+
rule: MustRunAs
|
27
|
+
hostIPC: false
|
28
|
+
hostNetwork: false
|
29
|
+
hostPID: false
|
30
|
+
privileged: false
|
31
|
+
readOnlyRootFilesystem: true
|
32
|
+
requiredDropCapabilities:
|
33
|
+
- ALL
|
34
|
+
runAsUser:
|
35
|
+
ranges:
|
36
|
+
- max: 65535
|
37
|
+
min: 1
|
38
|
+
rule: MustRunAs
|
39
|
+
seLinux:
|
40
|
+
rule: RunAsAny
|
41
|
+
supplementalGroups:
|
42
|
+
ranges:
|
43
|
+
- max: 65535
|
44
|
+
min: 1
|
45
|
+
rule: MustRunAs
|
46
|
+
volumes:
|
47
|
+
- configMap
|
48
|
+
- secret
|
49
|
+
- emptyDir
|
50
|
+
---
|
51
|
+
apiVersion: policy/v1beta1
|
52
|
+
kind: PodSecurityPolicy
|
11
53
|
metadata:
|
12
54
|
labels:
|
13
55
|
app: metallb
|
@@ -19,13 +61,21 @@ spec:
|
|
19
61
|
- NET_ADMIN
|
20
62
|
- NET_RAW
|
21
63
|
- SYS_ADMIN
|
64
|
+
allowedHostPaths: []
|
65
|
+
defaultAddCapabilities: []
|
66
|
+
defaultAllowPrivilegeEscalation: false
|
22
67
|
fsGroup:
|
23
68
|
rule: RunAsAny
|
69
|
+
hostIPC: false
|
24
70
|
hostNetwork: true
|
71
|
+
hostPID: false
|
25
72
|
hostPorts:
|
26
73
|
- max: 7472
|
27
74
|
min: 7472
|
28
75
|
privileged: true
|
76
|
+
readOnlyRootFilesystem: true
|
77
|
+
requiredDropCapabilities:
|
78
|
+
- ALL
|
29
79
|
runAsUser:
|
30
80
|
rule: RunAsAny
|
31
81
|
seLinux:
|
@@ -33,7 +83,9 @@ spec:
|
|
33
83
|
supplementalGroups:
|
34
84
|
rule: RunAsAny
|
35
85
|
volumes:
|
36
|
-
-
|
86
|
+
- configMap
|
87
|
+
- secret
|
88
|
+
- emptyDir
|
37
89
|
---
|
38
90
|
apiVersion: v1
|
39
91
|
kind: ServiceAccount
|
@@ -80,6 +132,14 @@ rules:
|
|
80
132
|
verbs:
|
81
133
|
- create
|
82
134
|
- patch
|
135
|
+
- apiGroups:
|
136
|
+
- policy
|
137
|
+
resourceNames:
|
138
|
+
- controller
|
139
|
+
resources:
|
140
|
+
- podsecuritypolicies
|
141
|
+
verbs:
|
142
|
+
- use
|
83
143
|
---
|
84
144
|
apiVersion: rbac.authorization.k8s.io/v1
|
85
145
|
kind: ClusterRole
|
@@ -106,7 +166,7 @@ rules:
|
|
106
166
|
- create
|
107
167
|
- patch
|
108
168
|
- apiGroups:
|
109
|
-
-
|
169
|
+
- policy
|
110
170
|
resourceNames:
|
111
171
|
- speaker
|
112
172
|
resources:
|
@@ -132,6 +192,21 @@ rules:
|
|
132
192
|
- watch
|
133
193
|
---
|
134
194
|
apiVersion: rbac.authorization.k8s.io/v1
|
195
|
+
kind: Role
|
196
|
+
metadata:
|
197
|
+
labels:
|
198
|
+
app: metallb
|
199
|
+
name: pod-lister
|
200
|
+
namespace: metallb-system
|
201
|
+
rules:
|
202
|
+
- apiGroups:
|
203
|
+
- ''
|
204
|
+
resources:
|
205
|
+
- pods
|
206
|
+
verbs:
|
207
|
+
- list
|
208
|
+
---
|
209
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
135
210
|
kind: ClusterRoleBinding
|
136
211
|
metadata:
|
137
212
|
labels:
|
@@ -178,6 +253,21 @@ subjects:
|
|
178
253
|
- kind: ServiceAccount
|
179
254
|
name: speaker
|
180
255
|
---
|
256
|
+
apiVersion: rbac.authorization.k8s.io/v1
|
257
|
+
kind: RoleBinding
|
258
|
+
metadata:
|
259
|
+
labels:
|
260
|
+
app: metallb
|
261
|
+
name: pod-lister
|
262
|
+
namespace: metallb-system
|
263
|
+
roleRef:
|
264
|
+
apiGroup: rbac.authorization.k8s.io
|
265
|
+
kind: Role
|
266
|
+
name: pod-lister
|
267
|
+
subjects:
|
268
|
+
- kind: ServiceAccount
|
269
|
+
name: speaker
|
270
|
+
---
|
181
271
|
apiVersion: apps/v1
|
182
272
|
kind: DaemonSet
|
183
273
|
metadata:
|
@@ -200,24 +290,6 @@ spec:
|
|
200
290
|
app: metallb
|
201
291
|
component: speaker
|
202
292
|
spec:
|
203
|
-
initContainers:
|
204
|
-
- command:
|
205
|
-
- "iptables"
|
206
|
-
- "-P"
|
207
|
-
- "FORWARD"
|
208
|
-
- "ACCEPT"
|
209
|
-
image: <%= k8s.image_repository %>/kube-proxy:<%= k8s.kubernetes_version %>
|
210
|
-
imagePullPolicy: IfNotPresent
|
211
|
-
name: default-iptables
|
212
|
-
securityContext:
|
213
|
-
allowPrivilegeEscalation: false
|
214
|
-
capabilities:
|
215
|
-
add:
|
216
|
-
- NET_ADMIN
|
217
|
-
- NET_RAW
|
218
|
-
drop:
|
219
|
-
- ALL
|
220
|
-
readOnlyRootFilesystem: true
|
221
293
|
containers:
|
222
294
|
- args:
|
223
295
|
- --port=7472
|
@@ -231,8 +303,26 @@ spec:
|
|
231
303
|
valueFrom:
|
232
304
|
fieldRef:
|
233
305
|
fieldPath: status.hostIP
|
234
|
-
|
235
|
-
|
306
|
+
- name: METALLB_ML_BIND_ADDR
|
307
|
+
valueFrom:
|
308
|
+
fieldRef:
|
309
|
+
fieldPath: status.podIP
|
310
|
+
# needed when another software is also using memberlist / port 7946
|
311
|
+
#- name: METALLB_ML_BIND_PORT
|
312
|
+
# value: "7946"
|
313
|
+
- name: METALLB_ML_LABELS
|
314
|
+
value: "app=metallb,component=speaker"
|
315
|
+
- name: METALLB_ML_NAMESPACE
|
316
|
+
valueFrom:
|
317
|
+
fieldRef:
|
318
|
+
fieldPath: metadata.namespace
|
319
|
+
- name: METALLB_ML_SECRET_KEY
|
320
|
+
valueFrom:
|
321
|
+
secretKeyRef:
|
322
|
+
name: memberlist
|
323
|
+
key: secretkey
|
324
|
+
image: metallb/speaker:v0.9.4
|
325
|
+
imagePullPolicy: Always
|
236
326
|
name: speaker
|
237
327
|
ports:
|
238
328
|
- containerPort: 7472
|
@@ -253,9 +343,9 @@ spec:
|
|
253
343
|
readOnlyRootFilesystem: true
|
254
344
|
hostNetwork: true
|
255
345
|
nodeSelector:
|
256
|
-
kubernetes.io/os: linux
|
346
|
+
beta.kubernetes.io/os: linux
|
257
347
|
serviceAccountName: speaker
|
258
|
-
terminationGracePeriodSeconds:
|
348
|
+
terminationGracePeriodSeconds: 2
|
259
349
|
tolerations:
|
260
350
|
- effect: NoSchedule
|
261
351
|
key: node-role.kubernetes.io/master
|
@@ -287,8 +377,8 @@ spec:
|
|
287
377
|
- args:
|
288
378
|
- --port=7472
|
289
379
|
- --config=config
|
290
|
-
image: metallb/controller:v0.
|
291
|
-
imagePullPolicy:
|
380
|
+
image: metallb/controller:v0.9.5
|
381
|
+
imagePullPolicy: Always
|
292
382
|
name: controller
|
293
383
|
ports:
|
294
384
|
- containerPort: 7472
|
@@ -1,327 +1,357 @@
|
|
1
|
-
apiVersion:
|
1
|
+
apiVersion: v1
|
2
|
+
kind: Namespace
|
3
|
+
metadata:
|
4
|
+
name: kube-system
|
5
|
+
---
|
6
|
+
apiVersion: apiextensions.k8s.io/v1
|
2
7
|
kind: CustomResourceDefinition
|
3
8
|
metadata:
|
4
|
-
|
9
|
+
annotations:
|
10
|
+
api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/747
|
11
|
+
name: storagestates.migration.k8s.io
|
5
12
|
spec:
|
6
13
|
group: migration.k8s.io
|
7
14
|
names:
|
8
|
-
kind:
|
9
|
-
listKind:
|
10
|
-
plural:
|
11
|
-
singular:
|
15
|
+
kind: StorageState
|
16
|
+
listKind: StorageStateList
|
17
|
+
plural: storagestates
|
18
|
+
singular: storagestate
|
19
|
+
preserveUnknownFields: false
|
12
20
|
scope: Cluster
|
13
|
-
subresources:
|
14
|
-
status: {}
|
15
|
-
version: v1alpha1
|
16
21
|
versions:
|
17
22
|
- name: v1alpha1
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
properties:
|
44
|
-
continueToken:
|
45
|
-
description: The token used in the list options to get the next chunk
|
46
|
-
of objects to migrate. When the .status.conditions indicates the migration
|
47
|
-
is "Running", users can use this token to check the progress of the
|
48
|
-
migration.
|
49
|
-
type: string
|
50
|
-
resource:
|
51
|
-
description: The resource that is being migrated. The migrator sends
|
52
|
-
requests to the endpoint serving the resource. Immutable.
|
53
|
-
type: object
|
54
|
-
properties:
|
55
|
-
group:
|
56
|
-
description: The name of the group.
|
57
|
-
type: string
|
58
|
-
resource:
|
59
|
-
description: The name of the resource.
|
60
|
-
type: string
|
61
|
-
version:
|
62
|
-
description: The name of the version.
|
63
|
-
type: string
|
64
|
-
status:
|
65
|
-
description: Status of the migration.
|
66
|
-
type: object
|
67
|
-
properties:
|
68
|
-
conditions:
|
69
|
-
description: The latest available observations of the migration's current
|
70
|
-
state.
|
71
|
-
type: array
|
72
|
-
items:
|
73
|
-
description: Describes the state of a migration at a certain point.
|
74
|
-
type: object
|
75
|
-
required:
|
76
|
-
- status
|
77
|
-
- type
|
23
|
+
schema:
|
24
|
+
openAPIV3Schema:
|
25
|
+
description: The state of the storage of a specific resource.
|
26
|
+
properties:
|
27
|
+
apiVersion:
|
28
|
+
description: 'APIVersion defines the versioned schema of this representation
|
29
|
+
of an object. Servers should convert recognized schemas to the latest
|
30
|
+
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
31
|
+
type: string
|
32
|
+
kind:
|
33
|
+
description: 'Kind is a string value representing the REST resource this
|
34
|
+
object represents. Servers may infer this from the endpoint the client
|
35
|
+
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
36
|
+
type: string
|
37
|
+
metadata:
|
38
|
+
properties:
|
39
|
+
name:
|
40
|
+
description: name must be "<.spec.resource.resouce>.<.spec.resource.group>".
|
41
|
+
type: string
|
42
|
+
type: object
|
43
|
+
spec:
|
44
|
+
description: Specification of the storage state.
|
45
|
+
properties:
|
46
|
+
resource:
|
47
|
+
description: The resource this storageState is about.
|
78
48
|
properties:
|
79
|
-
|
80
|
-
description: The
|
49
|
+
group:
|
50
|
+
description: The name of the group.
|
81
51
|
type: string
|
82
|
-
|
83
|
-
|
84
|
-
description: A human readable message indicating details about
|
85
|
-
the transition.
|
86
|
-
type: string
|
87
|
-
reason:
|
88
|
-
description: The reason for the condition's last transition.
|
89
|
-
type: string
|
90
|
-
status:
|
91
|
-
description: Status of the condition, one of True, False, Unknown.
|
92
|
-
type: string
|
93
|
-
type:
|
94
|
-
description: Type of the condition.
|
52
|
+
resource:
|
53
|
+
description: The name of the resource.
|
95
54
|
type: string
|
55
|
+
type: object
|
56
|
+
type: object
|
57
|
+
status:
|
58
|
+
description: Status of the storage state.
|
59
|
+
properties:
|
60
|
+
currentStorageVersionHash:
|
61
|
+
description: The hash value of the current storage version, as shown
|
62
|
+
in the discovery document served by the API server. Storage Version
|
63
|
+
is the version to which objects are converted to before persisted.
|
64
|
+
type: string
|
65
|
+
lastHeartbeatTime:
|
66
|
+
description: LastHeartbeatTime is the last time the storage migration
|
67
|
+
triggering controller checks the storage version hash of this resource
|
68
|
+
in the discovery document and updates this field.
|
69
|
+
format: date-time
|
70
|
+
type: string
|
71
|
+
persistedStorageVersionHashes:
|
72
|
+
description: The hash values of storage versions that persisted instances
|
73
|
+
of spec.resource might still be encoded in. "Unknown" is a valid
|
74
|
+
value in the list, and is the default value. It is not safe to upgrade
|
75
|
+
or downgrade to an apiserver binary that does not support all versions
|
76
|
+
listed in this field, or if "Unknown" is listed. Once the storage
|
77
|
+
version migration for this resource has completed, the value of
|
78
|
+
this field is refined to only contain the currentStorageVersionHash.
|
79
|
+
Once the apiserver has changed the storage version, the new storage
|
80
|
+
version is appended to the list.
|
81
|
+
items:
|
82
|
+
type: string
|
83
|
+
type: array
|
84
|
+
type: object
|
85
|
+
type: object
|
86
|
+
served: true
|
87
|
+
storage: true
|
88
|
+
subresources:
|
89
|
+
status: {}
|
96
90
|
---
|
97
|
-
apiVersion: apiextensions.k8s.io/
|
91
|
+
apiVersion: apiextensions.k8s.io/v1
|
98
92
|
kind: CustomResourceDefinition
|
99
93
|
metadata:
|
100
|
-
|
94
|
+
annotations:
|
95
|
+
api-approved.kubernetes.io: https://github.com/kubernetes/community/pull/2524
|
96
|
+
name: storageversionmigrations.migration.k8s.io
|
101
97
|
spec:
|
102
98
|
group: migration.k8s.io
|
103
99
|
names:
|
104
|
-
kind:
|
105
|
-
listKind:
|
106
|
-
plural:
|
107
|
-
singular:
|
100
|
+
kind: StorageVersionMigration
|
101
|
+
listKind: StorageVersionMigrationList
|
102
|
+
plural: storageversionmigrations
|
103
|
+
singular: storageversionmigration
|
104
|
+
preserveUnknownFields: false
|
108
105
|
scope: Cluster
|
109
|
-
subresources:
|
110
|
-
status: {}
|
111
|
-
version: v1alpha1
|
112
106
|
versions:
|
113
107
|
- name: v1alpha1
|
108
|
+
schema:
|
109
|
+
openAPIV3Schema:
|
110
|
+
description: StorageVersionMigration represents a migration of stored data
|
111
|
+
to the latest storage version.
|
112
|
+
properties:
|
113
|
+
apiVersion:
|
114
|
+
description: 'APIVersion defines the versioned schema of this representation
|
115
|
+
of an object. Servers should convert recognized schemas to the latest
|
116
|
+
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
117
|
+
type: string
|
118
|
+
kind:
|
119
|
+
description: 'Kind is a string value representing the REST resource this
|
120
|
+
object represents. Servers may infer this from the endpoint the client
|
121
|
+
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
122
|
+
type: string
|
123
|
+
metadata:
|
124
|
+
type: object
|
125
|
+
spec:
|
126
|
+
description: Specification of the migration.
|
127
|
+
properties:
|
128
|
+
continueToken:
|
129
|
+
description: The token used in the list options to get the next chunk
|
130
|
+
of objects to migrate. When the .status.conditions indicates the
|
131
|
+
migration is "Running", users can use this token to check the progress
|
132
|
+
of the migration.
|
133
|
+
type: string
|
134
|
+
resource:
|
135
|
+
description: The resource that is being migrated. The migrator sends
|
136
|
+
requests to the endpoint serving the resource. Immutable.
|
137
|
+
properties:
|
138
|
+
group:
|
139
|
+
description: The name of the group.
|
140
|
+
type: string
|
141
|
+
resource:
|
142
|
+
description: The name of the resource.
|
143
|
+
type: string
|
144
|
+
version:
|
145
|
+
description: The name of the version.
|
146
|
+
type: string
|
147
|
+
type: object
|
148
|
+
required:
|
149
|
+
- resource
|
150
|
+
type: object
|
151
|
+
status:
|
152
|
+
description: Status of the migration.
|
153
|
+
properties:
|
154
|
+
conditions:
|
155
|
+
description: The latest available observations of the migration's
|
156
|
+
current state.
|
157
|
+
items:
|
158
|
+
description: Describes the state of a migration at a certain point.
|
159
|
+
properties:
|
160
|
+
lastUpdateTime:
|
161
|
+
description: The last time this condition was updated.
|
162
|
+
format: date-time
|
163
|
+
type: string
|
164
|
+
message:
|
165
|
+
description: A human readable message indicating details about
|
166
|
+
the transition.
|
167
|
+
type: string
|
168
|
+
reason:
|
169
|
+
description: The reason for the condition's last transition.
|
170
|
+
type: string
|
171
|
+
status:
|
172
|
+
description: Status of the condition, one of True, False, Unknown.
|
173
|
+
type: string
|
174
|
+
type:
|
175
|
+
description: Type of the condition.
|
176
|
+
type: string
|
177
|
+
required:
|
178
|
+
- status
|
179
|
+
- type
|
180
|
+
type: object
|
181
|
+
type: array
|
182
|
+
type: object
|
183
|
+
type: object
|
114
184
|
served: true
|
115
185
|
storage: true
|
116
|
-
|
117
|
-
|
118
|
-
description: The state of the storage of a specific resource.
|
119
|
-
type: object
|
120
|
-
properties:
|
121
|
-
apiVersion:
|
122
|
-
description: 'APIVersion defines the versioned schema of this representation
|
123
|
-
of an object. Servers should convert recognized schemas to the latest
|
124
|
-
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
125
|
-
type: string
|
126
|
-
kind:
|
127
|
-
description: 'Kind is a string value representing the REST resource this
|
128
|
-
object represents. Servers may infer this from the endpoint the client
|
129
|
-
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
130
|
-
type: string
|
131
|
-
metadata:
|
132
|
-
description: The name must be "<.spec.resource.resouce>.<.spec.resource.group>".
|
133
|
-
type: object
|
134
|
-
spec:
|
135
|
-
description: Specification of the storage state.
|
136
|
-
type: object
|
137
|
-
properties:
|
138
|
-
resource:
|
139
|
-
description: The resource this storageState is about.
|
140
|
-
type: object
|
141
|
-
properties:
|
142
|
-
group:
|
143
|
-
description: The name of the group.
|
144
|
-
type: string
|
145
|
-
resource:
|
146
|
-
description: The name of the resource.
|
147
|
-
type: string
|
148
|
-
status:
|
149
|
-
description: Status of the storage state.
|
150
|
-
type: object
|
151
|
-
properties:
|
152
|
-
currentStorageVersionHash:
|
153
|
-
description: The hash value of the current storage version, as shown
|
154
|
-
in the discovery document served by the API server. Storage Version
|
155
|
-
is the version to which objects are converted to before persisted.
|
156
|
-
type: string
|
157
|
-
lastHeartbeatTime:
|
158
|
-
description: LastHeartbeatTime is the last time the storage migration
|
159
|
-
triggering controller checks the storage version hash of this resource
|
160
|
-
in the discovery document and updates this field.
|
161
|
-
type: string
|
162
|
-
format: date-time
|
163
|
-
persistedStorageVersionHashes:
|
164
|
-
description: The hash values of storage versions that persisted instances
|
165
|
-
of spec.resource might still be encoded in. "Unknown" is a valid value
|
166
|
-
in the list, and is the default value. It is not safe to upgrade or
|
167
|
-
downgrade to an apiserver binary that does not support all versions
|
168
|
-
listed in this field, or if "Unknown" is listed. Once the storage
|
169
|
-
version migration for this resource has completed, the value of this
|
170
|
-
field is refined to only contain the currentStorageVersionHash. Once
|
171
|
-
the apiserver has changed the storage version, the new storage version
|
172
|
-
is appended to the list.
|
173
|
-
type: array
|
174
|
-
items:
|
175
|
-
type: string
|
176
|
-
---
|
177
|
-
apiVersion: v1
|
178
|
-
kind: Namespace
|
179
|
-
metadata:
|
180
|
-
name: kube-system
|
186
|
+
subresources:
|
187
|
+
status: {}
|
181
188
|
---
|
182
|
-
kind: ClusterRole
|
183
189
|
apiVersion: rbac.authorization.k8s.io/v1
|
190
|
+
kind: ClusterRole
|
184
191
|
metadata:
|
185
|
-
name: storage-version-migration-
|
192
|
+
name: storage-version-migration-crd-creator
|
186
193
|
rules:
|
187
|
-
- apiGroups:
|
188
|
-
|
189
|
-
|
190
|
-
-
|
191
|
-
|
192
|
-
|
194
|
+
- apiGroups:
|
195
|
+
- apiextensions.k8s.io
|
196
|
+
resources:
|
197
|
+
- customresourcedefinitions
|
198
|
+
verbs:
|
199
|
+
- create
|
200
|
+
- delete
|
201
|
+
- get
|
193
202
|
---
|
194
|
-
kind: ClusterRole
|
195
203
|
apiVersion: rbac.authorization.k8s.io/v1
|
204
|
+
kind: ClusterRole
|
196
205
|
metadata:
|
197
|
-
name: storage-version-migration-
|
206
|
+
name: storage-version-migration-initializer
|
198
207
|
rules:
|
199
|
-
- apiGroups:
|
200
|
-
|
201
|
-
|
208
|
+
- apiGroups:
|
209
|
+
- migration.k8s.io
|
210
|
+
resources:
|
211
|
+
- storageversionmigrations
|
212
|
+
verbs:
|
213
|
+
- create
|
202
214
|
---
|
203
|
-
kind: ClusterRole
|
204
215
|
apiVersion: rbac.authorization.k8s.io/v1
|
216
|
+
kind: ClusterRole
|
205
217
|
metadata:
|
206
|
-
name: storage-version-migration-
|
218
|
+
name: storage-version-migration-trigger
|
207
219
|
rules:
|
208
|
-
- apiGroups:
|
209
|
-
|
210
|
-
|
220
|
+
- apiGroups:
|
221
|
+
- migration.k8s.io
|
222
|
+
resources:
|
223
|
+
- storagestates
|
224
|
+
verbs:
|
225
|
+
- watch
|
226
|
+
- get
|
227
|
+
- list
|
228
|
+
- delete
|
229
|
+
- create
|
230
|
+
- update
|
231
|
+
- apiGroups:
|
232
|
+
- migration.k8s.io
|
233
|
+
resources:
|
234
|
+
- storageversionmigrations
|
235
|
+
verbs:
|
236
|
+
- watch
|
237
|
+
- get
|
238
|
+
- list
|
239
|
+
- delete
|
240
|
+
- create
|
211
241
|
---
|
212
|
-
kind: ClusterRoleBinding
|
213
242
|
apiVersion: rbac.authorization.k8s.io/v1
|
243
|
+
kind: ClusterRoleBinding
|
214
244
|
metadata:
|
215
|
-
name: storage-version-migration-
|
245
|
+
name: storage-version-migration-crd-creator
|
246
|
+
roleRef:
|
247
|
+
apiGroup: rbac.authorization.k8s.io
|
248
|
+
kind: ClusterRole
|
249
|
+
name: storage-version-migration-crd-creator
|
216
250
|
subjects:
|
217
251
|
- kind: ServiceAccount
|
218
252
|
name: default
|
219
253
|
namespace: kube-system
|
220
|
-
roleRef:
|
221
|
-
kind: ClusterRole
|
222
|
-
name: cluster-admin
|
223
|
-
apiGroup: rbac.authorization.k8s.io
|
224
254
|
---
|
225
|
-
kind: ClusterRoleBinding
|
226
255
|
apiVersion: rbac.authorization.k8s.io/v1
|
256
|
+
kind: ClusterRoleBinding
|
227
257
|
metadata:
|
228
|
-
name: storage-version-migration-
|
258
|
+
name: storage-version-migration-initializer
|
259
|
+
roleRef:
|
260
|
+
apiGroup: rbac.authorization.k8s.io
|
261
|
+
kind: ClusterRole
|
262
|
+
name: storage-version-migration-initializer
|
229
263
|
subjects:
|
230
264
|
- kind: ServiceAccount
|
231
265
|
name: default
|
232
266
|
namespace: kube-system
|
233
|
-
roleRef:
|
234
|
-
kind: ClusterRole
|
235
|
-
name: storage-version-migration-trigger
|
236
|
-
apiGroup: rbac.authorization.k8s.io
|
237
267
|
---
|
238
|
-
kind: ClusterRoleBinding
|
239
268
|
apiVersion: rbac.authorization.k8s.io/v1
|
269
|
+
kind: ClusterRoleBinding
|
240
270
|
metadata:
|
241
|
-
name: storage-version-migration-
|
271
|
+
name: storage-version-migration-migrator
|
272
|
+
roleRef:
|
273
|
+
apiGroup: rbac.authorization.k8s.io
|
274
|
+
kind: ClusterRole
|
275
|
+
name: cluster-admin
|
242
276
|
subjects:
|
243
277
|
- kind: ServiceAccount
|
244
278
|
name: default
|
245
279
|
namespace: kube-system
|
246
|
-
roleRef:
|
247
|
-
kind: ClusterRole
|
248
|
-
name: storage-version-migration-crd-creator
|
249
|
-
apiGroup: rbac.authorization.k8s.io
|
250
280
|
---
|
251
|
-
kind: ClusterRoleBinding
|
252
281
|
apiVersion: rbac.authorization.k8s.io/v1
|
282
|
+
kind: ClusterRoleBinding
|
253
283
|
metadata:
|
254
|
-
name: storage-version-migration-
|
284
|
+
name: storage-version-migration-trigger
|
285
|
+
roleRef:
|
286
|
+
apiGroup: rbac.authorization.k8s.io
|
287
|
+
kind: ClusterRole
|
288
|
+
name: storage-version-migration-trigger
|
255
289
|
subjects:
|
256
290
|
- kind: ServiceAccount
|
257
291
|
name: default
|
258
292
|
namespace: kube-system
|
259
|
-
roleRef:
|
260
|
-
kind: ClusterRole
|
261
|
-
name: storage-version-migration-initializer
|
262
|
-
apiGroup: rbac.authorization.k8s.io
|
263
293
|
---
|
264
294
|
apiVersion: apps/v1
|
265
295
|
kind: Deployment
|
266
296
|
metadata:
|
267
|
-
name: trigger
|
268
|
-
namespace: kube-system
|
269
297
|
labels:
|
270
|
-
app:
|
298
|
+
app: migrator
|
299
|
+
name: migrator
|
300
|
+
namespace: kube-system
|
271
301
|
spec:
|
272
302
|
replicas: 1
|
273
303
|
selector:
|
274
304
|
matchLabels:
|
275
|
-
app:
|
305
|
+
app: migrator
|
276
306
|
template:
|
277
307
|
metadata:
|
278
308
|
labels:
|
279
|
-
app:
|
309
|
+
app: migrator
|
280
310
|
spec:
|
281
311
|
containers:
|
282
|
-
-
|
283
|
-
|
284
|
-
|
285
|
-
- --
|
312
|
+
- command:
|
313
|
+
- /migrator
|
314
|
+
- --v=2
|
315
|
+
- --alsologtostderr
|
316
|
+
- --kube-api-qps=40
|
317
|
+
- --kube-api-burst=1000
|
318
|
+
- --kubeconfig=/etc/migrator/kubeconfig
|
319
|
+
image: asia.gcr.io/k8s-artifacts-prod/storage-migrator/storage-version-migration-migrator:v0.0.3
|
320
|
+
name: migrator
|
286
321
|
volumeMounts:
|
287
|
-
- mountPath: /etc/
|
322
|
+
- mountPath: /etc/migrator
|
288
323
|
name: kubeconfig
|
289
324
|
volumes:
|
290
|
-
-
|
291
|
-
configMap:
|
325
|
+
- configMap:
|
292
326
|
name: kubeconfig-in-cluster-latest
|
327
|
+
name: kubeconfig
|
293
328
|
---
|
294
329
|
apiVersion: apps/v1
|
295
330
|
kind: Deployment
|
296
331
|
metadata:
|
297
|
-
name: migrator
|
298
|
-
namespace: kube-system
|
299
332
|
labels:
|
300
|
-
app:
|
333
|
+
app: trigger
|
334
|
+
name: trigger
|
335
|
+
namespace: kube-system
|
301
336
|
spec:
|
302
337
|
replicas: 1
|
303
338
|
selector:
|
304
339
|
matchLabels:
|
305
|
-
app:
|
340
|
+
app: trigger
|
306
341
|
template:
|
307
342
|
metadata:
|
308
343
|
labels:
|
309
|
-
app:
|
344
|
+
app: trigger
|
310
345
|
spec:
|
311
346
|
containers:
|
312
|
-
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
- --v=2
|
317
|
-
- --alsologtostderr
|
318
|
-
- --kube-api-qps=40
|
319
|
-
- --kube-api-burst=1000
|
320
|
-
- --kubeconfig=/etc/migrator/kubeconfig
|
347
|
+
- args:
|
348
|
+
- --kubeconfig=/etc/migrator/kubeconfig
|
349
|
+
image: asia.gcr.io/k8s-artifacts-prod/storage-migrator/storage-version-migration-trigger:v0.0.3
|
350
|
+
name: trigger
|
321
351
|
volumeMounts:
|
322
352
|
- mountPath: /etc/migrator
|
323
353
|
name: kubeconfig
|
324
354
|
volumes:
|
325
|
-
-
|
326
|
-
configMap:
|
355
|
+
- configMap:
|
327
356
|
name: kubeconfig-in-cluster-latest
|
357
|
+
name: kubeconfig
|