porkadot 0.18.0 → 0.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/hack/gen-storage-version-migrator.sh +7 -0
- data/hack/storage-version-migrator/kustomization.yaml +77 -0
- data/lib/porkadot/assets/bootstrap/manifests/kube-apiserver.bootstrap.yaml.erb +4 -30
- data/lib/porkadot/assets/bootstrap/manifests/kube-controller-manager.bootstrap.yaml.erb +13 -16
- data/lib/porkadot/assets/bootstrap/manifests/kube-proxy.bootstrap.yaml.erb +3 -2
- data/lib/porkadot/assets/bootstrap/manifests/kube-scheduler.bootstrap.yaml.erb +3 -5
- data/lib/porkadot/assets/kubelet.rb +1 -0
- data/lib/porkadot/assets/kubelet/config.yaml.erb +1 -0
- data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb +11 -1
- data/lib/porkadot/assets/kubelet/kubelet.service.erb +3 -1
- data/lib/porkadot/assets/kubelet/setup-containerd.sh.erb +10 -0
- data/lib/porkadot/assets/kubernetes.rb +2 -1
- data/lib/porkadot/assets/kubernetes/kubeconfig.yaml.erb +19 -0
- data/lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb +8 -1
- data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb +52 -431
- data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb +1 -0
- data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb +1 -1
- data/lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb +13 -0
- data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb +116 -26
- data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb +258 -228
- data/lib/porkadot/cmd/cli.rb +16 -0
- data/lib/porkadot/cmd/render/certs.rb +1 -1
- data/lib/porkadot/configs/kubernetes.rb +31 -1
- data/lib/porkadot/default.yaml +3 -3
- data/lib/porkadot/install/kubelet.rb +24 -0
- data/lib/porkadot/install/kubernetes.rb +2 -1
- data/lib/porkadot/version.rb +1 -1
- metadata +7 -3
- data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb +0 -130
data/lib/porkadot/cmd/cli.rb
CHANGED
@@ -13,6 +13,22 @@ module Porkadot; module Cmd
|
|
13
13
|
desc "install", "Install kubernetes"
|
14
14
|
subcommand "install", Porkadot::Cmd::Install::Cli
|
15
15
|
|
16
|
+
desc "setup-containerd", "Setup containerd"
|
17
|
+
option :node, type: :string
|
18
|
+
option :force, type: :boolean, default: false
|
19
|
+
def setup_containerd
|
20
|
+
logger.info "Setup containerd"
|
21
|
+
kubelets = Porkadot::Install::KubeletList.new(self.config)
|
22
|
+
nodes = []
|
23
|
+
if node = options[:node]
|
24
|
+
nodes = kubelets[node]
|
25
|
+
else
|
26
|
+
nodes = kubelets.kubelets.values
|
27
|
+
end
|
28
|
+
kubelets.setup_containerd hosts: nodes, force: options[:force]
|
29
|
+
""
|
30
|
+
end
|
31
|
+
|
16
32
|
desc "set-config", "Set cluster to kubeconfig"
|
17
33
|
def set_config
|
18
34
|
name = config.k8s.cluster_name
|
@@ -40,7 +40,7 @@ module Porkadot; module Cmd; module Render; module Certs
|
|
40
40
|
certs.apiserver_cert(true)
|
41
41
|
logger.info "--> Kubelet client key and certs"
|
42
42
|
certs.kubelet_client_key
|
43
|
-
certs.kubelet_client_cert
|
43
|
+
certs.kubelet_client_cert(true)
|
44
44
|
# logger.info "--> Bootstrap client key and certs"
|
45
45
|
# bootstrap_client_key = self.private_key(self.assets.k8s_bootstrap_key_path)
|
46
46
|
# self.client_cert(self.assets.k8s_bootstrap_cert_path, '/O=porkadot:node-bootstrappers/CN=node-bootstrapper', bootstrap_client_key, ca_cert, ca_key)
|
@@ -69,11 +69,14 @@ module Porkadot; module Configs
|
|
69
69
|
}
|
70
70
|
end
|
71
71
|
|
72
|
-
def args
|
72
|
+
def args bootstrap: false
|
73
73
|
extra = {}
|
74
74
|
if self.extra_args
|
75
75
|
extra = self.extra_args.map{|i| i.split('=', 2)}.to_h
|
76
76
|
end
|
77
|
+
if bootstrap
|
78
|
+
extra = self.bootstrap_args.merge(extra)
|
79
|
+
end
|
77
80
|
return self.default_args.merge(extra)
|
78
81
|
end
|
79
82
|
|
@@ -96,6 +99,10 @@ module Porkadot; module Configs
|
|
96
99
|
'kube-apiserver'
|
97
100
|
end
|
98
101
|
|
102
|
+
def bootstrap_args
|
103
|
+
return {}
|
104
|
+
end
|
105
|
+
|
99
106
|
def default_args
|
100
107
|
return %W(
|
101
108
|
--advertise-address=$(POD_IP)
|
@@ -103,6 +110,7 @@ module Porkadot; module Configs
|
|
103
110
|
--authorization-mode=Node,RBAC
|
104
111
|
--bind-address=0.0.0.0
|
105
112
|
--client-ca-file=/etc/kubernetes/pki/kubernetes/ca.crt
|
113
|
+
--enable-admission-plugins=NodeRestriction
|
106
114
|
--enable-bootstrap-token-auth=true
|
107
115
|
--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
|
108
116
|
--etcd-certfile=/etc/kubernetes/pki/etcd/etcd-client.crt
|
@@ -120,7 +128,9 @@ module Porkadot; module Configs
|
|
120
128
|
--requestheader-group-headers=X-Remote-Group
|
121
129
|
--requestheader-username-headers=X-Remote-User
|
122
130
|
--secure-port=#{self.bind_port}
|
131
|
+
--service-account-issuer=https://kubernetes.default.svc#{self.config.k8s.networking.dns_domain}
|
123
132
|
--service-account-key-file=/etc/kubernetes/pki/kubernetes/sa.pub
|
133
|
+
--service-account-signing-key-file=/etc/kubernetes/pki/kubernetes/sa.key
|
124
134
|
--service-cluster-ip-range=#{config.k8s.networking.service_subnet}
|
125
135
|
--storage-backend=etcd3
|
126
136
|
--tls-cert-file=/etc/kubernetes/pki/kubernetes/apiserver.crt
|
@@ -143,6 +153,14 @@ module Porkadot; module Configs
|
|
143
153
|
'kube-scheduler'
|
144
154
|
end
|
145
155
|
|
156
|
+
def bootstrap_args
|
157
|
+
return %W(
|
158
|
+
--kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
159
|
+
--authentication-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
160
|
+
--authorization-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
161
|
+
).map {|i| i.split('=', 2)}.to_h
|
162
|
+
end
|
163
|
+
|
146
164
|
def default_args
|
147
165
|
return %W(
|
148
166
|
--leader-elect=true
|
@@ -164,6 +182,12 @@ module Porkadot; module Configs
|
|
164
182
|
'kube-controller-manager'
|
165
183
|
end
|
166
184
|
|
185
|
+
def bootstrap_args
|
186
|
+
return %W(
|
187
|
+
--kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
188
|
+
).map {|i| i.split('=', 2)}.to_h
|
189
|
+
end
|
190
|
+
|
167
191
|
def default_args
|
168
192
|
return %W(
|
169
193
|
--allocate-node-cidrs=true
|
@@ -202,6 +226,12 @@ module Porkadot; module Configs
|
|
202
226
|
'kube-proxy'
|
203
227
|
end
|
204
228
|
|
229
|
+
def bootstrap_args
|
230
|
+
return %W(
|
231
|
+
--config=/etc/kubernetes/bootstrap/kube-proxy-bootstrap.yaml
|
232
|
+
).map {|i| i.split('=', 2)}.to_h
|
233
|
+
end
|
234
|
+
|
205
235
|
def default_args
|
206
236
|
return %W(
|
207
237
|
--config=/var/lib/kube-proxy/config.conf
|
data/lib/porkadot/default.yaml
CHANGED
@@ -27,11 +27,11 @@ lb:
|
|
27
27
|
|
28
28
|
etcd:
|
29
29
|
image_repository: gcr.io/etcd-development/etcd
|
30
|
-
image_tag: v3.4.
|
30
|
+
image_tag: v3.4.13
|
31
31
|
extra_env: []
|
32
32
|
|
33
33
|
kubernetes:
|
34
|
-
kubernetes_version: v1.
|
34
|
+
kubernetes_version: v1.20.3
|
35
35
|
image_repository: k8s.gcr.io
|
36
36
|
|
37
37
|
networking:
|
@@ -102,7 +102,7 @@ kubernetes:
|
|
102
102
|
webhook:
|
103
103
|
cacheAuthorizedTTL: 0s
|
104
104
|
cacheUnauthorizedTTL: 0s
|
105
|
-
cgroupDriver:
|
105
|
+
cgroupDriver: systemd
|
106
106
|
clusterDNS: []
|
107
107
|
clusterDomain: cluster.local
|
108
108
|
cpuManagerReconcilePeriod: 0s
|
@@ -16,6 +16,30 @@ module Porkadot; module Install
|
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
|
+
def setup_containerd hosts: nil, force: false
|
20
|
+
unless hosts
|
21
|
+
hosts = []
|
22
|
+
self.kubelets.each do |_, v|
|
23
|
+
hosts << v
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
on(hosts) do |host|
|
28
|
+
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
29
|
+
if test("[ -d #{KUBE_TEMP} ]")
|
30
|
+
execute(:rm, '-rf', KUBE_TEMP)
|
31
|
+
execute(:rm, '-rf', KUBE_SECRETS_TEMP)
|
32
|
+
end
|
33
|
+
upload! host.config.target_path, KUBE_TEMP, recursive: true
|
34
|
+
upload! host.config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
|
35
|
+
execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
|
36
|
+
|
37
|
+
as user: 'root' do
|
38
|
+
execute(:bash, File.join(KUBE_TEMP, 'setup-containerd.sh'))
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
19
43
|
def install hosts: nil, force: false
|
20
44
|
unless hosts
|
21
45
|
hosts = []
|
@@ -26,7 +26,8 @@ module Porkadot; module Install
|
|
26
26
|
upload! config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
|
27
27
|
execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
|
28
28
|
|
29
|
-
as user: 'root' do
|
29
|
+
# as user: 'root' do
|
30
|
+
with KUBECONFIG: File.join(KUBE_TEMP, 'kubeconfig.yaml') do
|
30
31
|
execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
|
31
32
|
end
|
32
33
|
end
|
data/lib/porkadot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: porkadot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.20.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OTSUKA, Yuanying
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-07-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -113,6 +113,8 @@ files:
|
|
113
113
|
- config/porkadot.yaml
|
114
114
|
- config/unstable.yaml
|
115
115
|
- exe/porkadot
|
116
|
+
- hack/gen-storage-version-migrator.sh
|
117
|
+
- hack/storage-version-migrator/kustomization.yaml
|
116
118
|
- lib/porkadot.rb
|
117
119
|
- lib/porkadot/assets.rb
|
118
120
|
- lib/porkadot/assets/bootstrap.rb
|
@@ -138,8 +140,10 @@ files:
|
|
138
140
|
- lib/porkadot/assets/kubelet/install-pkgs.sh.erb
|
139
141
|
- lib/porkadot/assets/kubelet/install.sh.erb
|
140
142
|
- lib/porkadot/assets/kubelet/kubelet.service.erb
|
143
|
+
- lib/porkadot/assets/kubelet/setup-containerd.sh.erb
|
141
144
|
- lib/porkadot/assets/kubernetes.rb
|
142
145
|
- lib/porkadot/assets/kubernetes/install.sh.erb
|
146
|
+
- lib/porkadot/assets/kubernetes/kubeconfig.yaml.erb
|
143
147
|
- lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb
|
144
148
|
- lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb
|
145
149
|
- lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb
|
@@ -151,8 +155,8 @@ files:
|
|
151
155
|
- lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb
|
152
156
|
- lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb
|
153
157
|
- lib/porkadot/assets/kubernetes/manifests/kubelet.yaml.erb
|
158
|
+
- lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb
|
154
159
|
- lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb
|
155
|
-
- lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb
|
156
160
|
- lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb
|
157
161
|
- lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb
|
158
162
|
- lib/porkadot/cmd.rb
|
@@ -1,130 +0,0 @@
|
|
1
|
-
<% k8s = global_config.k8s -%>
|
2
|
-
---
|
3
|
-
apiVersion: v1
|
4
|
-
kind: ServiceAccount
|
5
|
-
metadata:
|
6
|
-
name: pod-checkpointer
|
7
|
-
namespace: kube-system
|
8
|
-
---
|
9
|
-
apiVersion: rbac.authorization.k8s.io/v1
|
10
|
-
kind: Role
|
11
|
-
metadata:
|
12
|
-
name: pod-checkpointer
|
13
|
-
namespace: kube-system
|
14
|
-
rules:
|
15
|
-
- apiGroups: [""] # "" indicates the core API group
|
16
|
-
resources: ["pods"]
|
17
|
-
verbs: ["get", "watch", "list"]
|
18
|
-
- apiGroups: [""] # "" indicates the core API group
|
19
|
-
resources: ["secrets", "configmaps"]
|
20
|
-
verbs: ["get"]
|
21
|
-
---
|
22
|
-
apiVersion: rbac.authorization.k8s.io/v1
|
23
|
-
kind: RoleBinding
|
24
|
-
metadata:
|
25
|
-
name: pod-checkpointer
|
26
|
-
namespace: kube-system
|
27
|
-
roleRef:
|
28
|
-
apiGroup: rbac.authorization.k8s.io
|
29
|
-
kind: Role
|
30
|
-
name: pod-checkpointer
|
31
|
-
subjects:
|
32
|
-
- kind: ServiceAccount
|
33
|
-
name: pod-checkpointer
|
34
|
-
namespace: kube-system
|
35
|
-
---
|
36
|
-
apiVersion: rbac.authorization.k8s.io/v1
|
37
|
-
kind: ClusterRole
|
38
|
-
metadata:
|
39
|
-
name: pod-checkpointer
|
40
|
-
rules:
|
41
|
-
- apiGroups: [""]
|
42
|
-
resources: ["nodes", "nodes/proxy"]
|
43
|
-
verbs: ["get"]
|
44
|
-
---
|
45
|
-
apiVersion: rbac.authorization.k8s.io/v1
|
46
|
-
kind: ClusterRoleBinding
|
47
|
-
metadata:
|
48
|
-
name: pod-checkpointer
|
49
|
-
roleRef:
|
50
|
-
apiGroup: rbac.authorization.k8s.io
|
51
|
-
kind: ClusterRole
|
52
|
-
name: pod-checkpointer
|
53
|
-
subjects:
|
54
|
-
- kind: ServiceAccount
|
55
|
-
name: pod-checkpointer
|
56
|
-
namespace: kube-system
|
57
|
-
---
|
58
|
-
apiVersion: apps/v1
|
59
|
-
kind: DaemonSet
|
60
|
-
metadata:
|
61
|
-
name: pod-checkpointer
|
62
|
-
namespace: kube-system
|
63
|
-
labels:
|
64
|
-
tier: control-plane
|
65
|
-
k8s-app: pod-checkpointer
|
66
|
-
spec:
|
67
|
-
selector:
|
68
|
-
matchLabels:
|
69
|
-
tier: control-plane
|
70
|
-
k8s-app: pod-checkpointer
|
71
|
-
template:
|
72
|
-
metadata:
|
73
|
-
labels:
|
74
|
-
tier: control-plane
|
75
|
-
k8s-app: pod-checkpointer
|
76
|
-
annotations:
|
77
|
-
checkpointer.alpha.coreos.com/checkpoint: "true"
|
78
|
-
spec:
|
79
|
-
containers:
|
80
|
-
- name: pod-checkpointer
|
81
|
-
image: yuanying/pod-checkpointer:v0.18.0
|
82
|
-
command:
|
83
|
-
- /checkpoint
|
84
|
-
- --lock-file=/var/run/lock/pod-checkpointer.lock
|
85
|
-
- --kubeconfig=/etc/checkpointer/kubeconfig
|
86
|
-
- --checkpoint-grace-period=5m
|
87
|
-
env:
|
88
|
-
- name: NODE_NAME
|
89
|
-
valueFrom:
|
90
|
-
fieldRef:
|
91
|
-
fieldPath: spec.nodeName
|
92
|
-
- name: POD_NAME
|
93
|
-
valueFrom:
|
94
|
-
fieldRef:
|
95
|
-
fieldPath: metadata.name
|
96
|
-
- name: POD_NAMESPACE
|
97
|
-
valueFrom:
|
98
|
-
fieldRef:
|
99
|
-
fieldPath: metadata.namespace
|
100
|
-
imagePullPolicy: Always
|
101
|
-
volumeMounts:
|
102
|
-
- mountPath: /etc/checkpointer
|
103
|
-
name: kubeconfig
|
104
|
-
- mountPath: /etc/kubernetes
|
105
|
-
name: etc-kubernetes
|
106
|
-
- mountPath: /var/run
|
107
|
-
name: var-run
|
108
|
-
serviceAccountName: pod-checkpointer
|
109
|
-
hostNetwork: true
|
110
|
-
nodeSelector:
|
111
|
-
k8s.unstable.cloud/master: ""
|
112
|
-
restartPolicy: Always
|
113
|
-
tolerations:
|
114
|
-
- key: node-role.kubernetes.io/master
|
115
|
-
operator: Exists
|
116
|
-
effect: NoSchedule
|
117
|
-
volumes:
|
118
|
-
- name: kubeconfig
|
119
|
-
configMap:
|
120
|
-
name: kubeconfig-in-cluster
|
121
|
-
- name: etc-kubernetes
|
122
|
-
hostPath:
|
123
|
-
path: /etc/kubernetes
|
124
|
-
- name: var-run
|
125
|
-
hostPath:
|
126
|
-
path: /var/run
|
127
|
-
updateStrategy:
|
128
|
-
rollingUpdate:
|
129
|
-
maxUnavailable: 1
|
130
|
-
type: RollingUpdate
|