porkadot 0.2.2 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 958ab6006bc337cbefb89951fcc80af8f32d4799dcf6f7090a68c7901743d2df
-  data.tar.gz: 1b9b98c07b61d6d3ed29879e81983a65637228be7ca494d4cff45a34cd64d08e
+  metadata.gz: d57037f96d15fcabbd441ec706449775c89984f0b6019b1f15f863ccc970360a
+  data.tar.gz: 8c03689d67687fde6012cda7f0cea22e0f1c8b7b96a64942649d43e76560aaa2
 SHA512:
-  metadata.gz: bd2e2d802c35ace23dc60f202b8314974936b77a0b00c94a2013303b9dfd13519a0d673ee4fb2ef322e1d8d97f751db6d355ea9cf6e789219059c3028085cbe3
-  data.tar.gz: a4291b924ae9f280b2beaee9fd7cb2ed1c711cd64a1e6c11061a5b26477de5b9913c7abc9d2baaa88d6e402d0f585aec7b8bad888eaa19c16af7697cc3a57015
+  metadata.gz: 9a941712075f648d17b5e6a75de10ce83974945ffb7feafcd630d4695d7ba7fab501d63e4a965319957ddf6676aa893e5035b01a2b93711ce1759153e35fc0d8
+  data.tar.gz: cb9b0ff915cea06c91a8da7fcdd894bee593bda0ec2efe3593a4b9dd5030b42269e5ba1f29230a77b076629651e387995cd2b1022906a66848cd74b84585c713

data/lib/porkadot/assets.rb

@@ -4,6 +4,15 @@ module Porkadot::Assets
       space = space.times.map{' '}.join('')
       text.lines.map{|line| "#{space}#{line}"}.join('')
     end
+
+    def to_yaml(obj, space=0)
+      h = Hashie::Mash.new({obj: obj})
+      h = h.to_hash
+      if h['obj'].size == 0
+        return ''
+      end
+      return self.indent(h['obj'].to_yaml(canonical: false, header: false).gsub(/---\n/, ''), space)
+    end
   end
 
   def render_erb file, opts={}

data/lib/porkadot/assets/etcd/etcd-server.yaml.erb

@@ -30,6 +30,8 @@ spec:
     - --data-dir=/var/lib/etcd
     - --heartbeat-interval=1000
     - --election-timeout=10000
+    env:
+<%= u.to_yaml(etcd.extra_env, 4) -%>
     volumeMounts:
     - mountPath: /var/lib/etcd
       name: etcd

data/lib/porkadot/assets/kubelet/config.yaml.erb

@@ -32,5 +32,7 @@ streamingConnectionIdleTimeout: 0s
 syncFrequency: 0s
 volumeStatsAggPeriod: 0s
 serverTLSBootstrap: true
+featureGates:
+  CSIMigration: false
 
 # vim:filetype=yaml

data/lib/porkadot/assets/kubelet/install-deps.sh.erb

@@ -26,3 +26,14 @@ curl -L https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin
 chmod +x /opt/bin/kubelet-${RELEASE}
 rm -f /opt/bin/kubelet
 ln -s /opt/bin/kubelet-${RELEASE} /opt/bin/kubelet
+
+ETCD_VER="<%= global_config.etcd.image_tag.gsub(/\-\w+$/, '') %>"
+ETCD_URL=https://storage.googleapis.com/etcd/${ETCD_VER}/etcd-${ETCD_VER}-linux-${architecture}.tar.gz
+ETCD_TMP=$(mktemp -d)
+
+curl -L ${ETCD_URL} -o ${ETCD_TMP}/etcd.tar.gz
+tar zxvf ${ETCD_TMP}/etcd.tar.gz -C ${ETCD_TMP}/ --strip-components=1
+chmod +x ${ETCD_TMP}/etcdctl
+rm -f /opt/bin/etcdctl
+mv ${ETCD_TMP}/etcdctl /opt/bin/etcdctl-${ETCD_VER}
+ln -s /opt/bin/etcdctl-${ETCD_VER} /opt/bin/etcdctl

data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb

@@ -22,7 +22,8 @@ if type apt-get > /dev/null 2>&1 ;then
       nfs-common \
       socat \
       udev \
-      util-linux
+      util-linux \
+      open-iscsi
 fi
 
 cat <<EOF >  /etc/sysctl.d/k8s.conf
@@ -30,4 +31,10 @@ net.bridge.bridge-nf-call-ip6tables = 1
 net.bridge.bridge-nf-call-iptables = 1
 EOF
 
+cat <<EOF > /etc/iscsi/initiatorname.iscsi
+InitiatorName=iqn.2020-04.cloud.unstable:<%= config.hostname %>
+EOF
+
+systemctl restart iscsid.service
+
 sysctl --system

data/lib/porkadot/assets/kubernetes.rb

@@ -29,6 +29,8 @@ module Porkadot; module Assets
       render_erb 'manifests/kubelet.yaml'
       render_erb "manifests/#{lb.type}.yaml"
       render_erb "manifests/#{cni.type}.yaml"
+      render_erb "manifests/coredns.yaml"
+      render_erb "manifests/dns-horizontal-autoscaler.yaml"
       render_erb "manifests/kube-apiserver.yaml"
       render_secrets_erb "manifests/kube-apiserver.secrets.yaml"
       render_erb "manifests/kube-proxy.yaml"
@@ -37,6 +39,7 @@ module Porkadot; module Assets
       render_secrets_erb "manifests/kube-controller-manager.secrets.yaml"
       render_erb "manifests/pod-checkpointer.yaml"
       render_erb "manifests/kubelet-rubber-stamp.yaml"
+      render_erb "manifests/storage-version-migrator.yaml"
       render_erb 'install.sh'
     end
 

data/lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb

@@ -0,0 +1,202 @@
+<% k8s = global_config.k8s -%>
+# __MACHINE_GENERATED_WARNING__
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: coredns
+  namespace: kube-system
+  labels:
+      kubernetes.io/cluster-service: "true"
+      addonmanager.kubernetes.io/mode: Reconcile
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+    addonmanager.kubernetes.io/mode: Reconcile
+  name: system:coredns
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - services
+  - pods
+  - namespaces
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+    addonmanager.kubernetes.io/mode: EnsureExists
+  name: system:coredns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:coredns
+subjects:
+- kind: ServiceAccount
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+  labels:
+      addonmanager.kubernetes.io/mode: EnsureExists
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health {
+            lameduck 5s
+        }
+        ready
+        kubernetes <%= k8s.networking.dns_domain %>  in-addr.arpa ip6.arpa {
+            pods insecure
+            fallthrough in-addr.arpa ip6.arpa
+            ttl 30
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coredns
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    kubernetes.io/name: "CoreDNS"
+spec:
+  # replicas: not specified here:
+  # 1. In order to make Addon Manager do not reconcile this replicas parameter.
+  # 2. Default is 1.
+  # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      k8s-app: kube-dns
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns
+      annotations:
+        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
+    spec:
+      priorityClassName: system-cluster-critical
+      serviceAccountName: coredns
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      nodeSelector:
+        kubernetes.io/os: linux
+      containers:
+      - name: coredns
+        image: k8s.gcr.io/coredns:1.6.7
+        imagePullPolicy: IfNotPresent
+        resources:
+          limits:
+            memory: 170Mi
+          requests:
+            cpu: 100m
+            memory: 70Mi
+        args: [ "-conf", "/etc/coredns/Corefile" ]
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/coredns
+          readOnly: true
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        - containerPort: 9153
+          name: metrics
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 5
+        readinessProbe:
+          httpGet:
+            path: /ready
+            port: 8181
+            scheme: HTTP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+      dnsPolicy: Default
+      volumes:
+        - name: config-volume
+          configMap:
+            name: coredns
+            items:
+            - key: Corefile
+              path: Corefile
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-dns
+  namespace: kube-system
+  annotations:
+    prometheus.io/port: "9153"
+    prometheus.io/scrape: "true"
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    kubernetes.io/name: "CoreDNS"
+spec:
+  selector:
+    k8s-app: kube-dns
+  clusterIP: <%= k8s.networking.dns_ip %>
+  ports:
+  - name: dns
+    port: 53
+    protocol: UDP
+  - name: dns-tcp
+    port: 53
+    protocol: TCP
+  - name: metrics
+    port: 9153
+    protocol: TCP

data/lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb

@@ -0,0 +1,110 @@
+# Copyright 2016 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: kube-dns-autoscaler
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-dns-autoscaler
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list", "watch"]
+  - apiGroups: [""]
+    resources: ["replicationcontrollers/scale"]
+    verbs: ["get", "update"]
+  - apiGroups: ["apps"]
+    resources: ["deployments/scale", "replicasets/scale"]
+    verbs: ["get", "update"]
+# Remove the configmaps rule once below issue is fixed:
+# kubernetes-incubator/cluster-proportional-autoscaler#16
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "create"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-dns-autoscaler
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+subjects:
+  - kind: ServiceAccount
+    name: kube-dns-autoscaler
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: system:kube-dns-autoscaler
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-dns-autoscaler
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns-autoscaler
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-dns-autoscaler
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns-autoscaler
+      annotations:
+        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
+    spec:
+      priorityClassName: system-cluster-critical
+      securityContext:
+        supplementalGroups: [ 65534 ]
+        fsGroup: 65534
+      nodeSelector:
+        kubernetes.io/os: linux
+      containers:
+      - name: autoscaler
+        image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.7.1
+        resources:
+            requests:
+                cpu: "20m"
+                memory: "10Mi"
+        command:
+          - /cluster-proportional-autoscaler
+          - --namespace=kube-system
+          - --configmap=kube-dns-autoscaler
+          # Should keep target in sync with cluster/addons/dns/kube-dns.yaml.base
+          - --target=Deployment/coredns
+          # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+          # If using small nodes, "nodesPerReplica" should dominate.
+          - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}}
+          - --logtostderr=true
+          - --v=2
+      tolerations:
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: kube-dns-autoscaler

data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb

@@ -154,11 +154,11 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
               - matchExpressions:
-                  - key: beta.kubernetes.io/os
+                  - key: kubernetes.io/os
                     operator: In
                     values:
                       - linux
-                  - key: beta.kubernetes.io/arch
+                  - key: kubernetes.io/arch
                     operator: In
                     values:
                       - amd64
@@ -248,11 +248,11 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
               - matchExpressions:
-                  - key: beta.kubernetes.io/os
+                  - key: kubernetes.io/os
                     operator: In
                     values:
                       - linux
-                  - key: beta.kubernetes.io/arch
+                  - key: kubernetes.io/arch
                     operator: In
                     values:
                       - arm64
@@ -342,11 +342,11 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
               - matchExpressions:
-                  - key: beta.kubernetes.io/os
+                  - key: kubernetes.io/os
                     operator: In
                     values:
                       - linux
-                  - key: beta.kubernetes.io/arch
+                  - key: kubernetes.io/arch
                     operator: In
                     values:
                       - arm
@@ -436,11 +436,11 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
               - matchExpressions:
-                  - key: beta.kubernetes.io/os
+                  - key: kubernetes.io/os
                     operator: In
                     values:
                       - linux
-                  - key: beta.kubernetes.io/arch
+                  - key: kubernetes.io/arch
                     operator: In
                     values:
                       - ppc64le
@@ -530,11 +530,11 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
               - matchExpressions:
-                  - key: beta.kubernetes.io/os
+                  - key: kubernetes.io/os
                     operator: In
                     values:
                       - linux
-                  - key: beta.kubernetes.io/arch
+                  - key: kubernetes.io/arch
                     operator: In
                     values:
                       - s390x

data/lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb

@@ -62,7 +62,7 @@ rules:
   verbs: ["get", "watch", "list"]
 - apiGroups: [""] # "" indicates the core API group
   resources: ["secrets", "configmaps"]
-  verbs: ["get"]
+  verbs: ["get", "watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb

@@ -24,7 +24,7 @@ spec:
         - name: kubelet-rubber-stamp
           # image: quay.io/kontena/kubelet-rubber-stamp-amd64:0.2
           # Use following image until issue is fixed
-          image: yuanying/kubelet-rubber-stamp:0.2.0.y01
+          image: yuanying/kubelet-rubber-stamp:0.3.0.y01
           args:
             - "--v=2"
           imagePullPolicy: Always
@@ -56,12 +56,21 @@ kind: ClusterRole
 metadata:
   name: kubelet-rubber-stamp
 rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - signers
+  # legacy-unknown: support before kubernetes-1.18.0
+  resourceNames:
+  - "kubernetes.io/legacy-unknown"
+  - "kubernetes.io/kubelet-serving"
+  verbs:
+  - approve
 - apiGroups:
   - certificates.k8s.io
   resources:
   - certificatesigningrequests
   verbs:
-  - delete
   - get
   - list
   - watch

data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb

@@ -206,7 +206,7 @@ spec:
         - "-P"
         - "FORWARD"
         - "ACCEPT"
-        image: <%= k8s.image_repository %>/hyperkube:<%= k8s.kubernetes_version %>
+        image: <%= k8s.image_repository %>/kube-proxy:<%= k8s.kubernetes_version %>
         imagePullPolicy: IfNotPresent
         name: default-iptables
         securityContext:
@@ -253,7 +253,7 @@ spec:
           readOnlyRootFilesystem: true
       hostNetwork: true
       nodeSelector:
-        beta.kubernetes.io/os: linux
+        kubernetes.io/os: linux
       serviceAccountName: speaker
       terminationGracePeriodSeconds: 0
       tolerations:
@@ -304,7 +304,7 @@ spec:
             - all
           readOnlyRootFilesystem: true
       nodeSelector:
-        beta.kubernetes.io/os: linux
+        kubernetes.io/os: linux
       securityContext:
         runAsNonRoot: true
         runAsUser: 65534

data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb

@@ -78,7 +78,7 @@ spec:
     spec:
       containers:
       - name: pod-checkpointer
-        image: quay.io/coreos/pod-checkpointer:83e25e5968391b9eb342042c435d1b3eeddb2be1
+        image: yuanying/pod-checkpointer:v0.18.0
         command:
         - /checkpoint
         - --lock-file=/var/run/lock/pod-checkpointer.lock

data/lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb

@@ -66,3 +66,26 @@ data:
     - context:
         cluster: local
         user: service-account
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeconfig-in-cluster-latest
+  namespace: kube-system
+data:
+  kubeconfig: |
+    apiVersion: v1
+    clusters:
+    - name: local
+      cluster:
+        server: https://porkadot-kubernetes-latest:<%= port %>
+        certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    users:
+    - name: service-account
+      user:
+        # Use service account token
+        tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    contexts:
+    - context:
+        cluster: local
+        user: service-account

data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb

@@ -0,0 +1,327 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: storageversionmigrations.migration.k8s.io
+spec:
+  group: migration.k8s.io
+  names:
+    kind: StorageVersionMigration
+    listKind: StorageVersionMigrationList
+    plural: storageversionmigrations
+    singular: storageversionmigration
+  scope: Cluster
+  subresources:
+    status: {}
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  "validation":
+    "openAPIV3Schema":
+      description: StorageVersionMigration represents a migration of stored data to
+        the latest storage version.
+      type: object
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: Specification of the migration.
+          type: object
+          required:
+          - resource
+          properties:
+            continueToken:
+              description: The token used in the list options to get the next chunk
+                of objects to migrate. When the .status.conditions indicates the migration
+                is "Running", users can use this token to check the progress of the
+                migration.
+              type: string
+            resource:
+              description: The resource that is being migrated. The migrator sends
+                requests to the endpoint serving the resource. Immutable.
+              type: object
+              properties:
+                group:
+                  description: The name of the group.
+                  type: string
+                resource:
+                  description: The name of the resource.
+                  type: string
+                version:
+                  description: The name of the version.
+                  type: string
+        status:
+          description: Status of the migration.
+          type: object
+          properties:
+            conditions:
+              description: The latest available observations of the migration's current
+                state.
+              type: array
+              items:
+                description: Describes the state of a migration at a certain point.
+                type: object
+                required:
+                - status
+                - type
+                properties:
+                  lastUpdateTime:
+                    description: The last time this condition was updated.
+                    type: string
+                    format: date-time
+                  message:
+                    description: A human readable message indicating details about
+                      the transition.
+                    type: string
+                  reason:
+                    description: The reason for the condition's last transition.
+                    type: string
+                  status:
+                    description: Status of the condition, one of True, False, Unknown.
+                    type: string
+                  type:
+                    description: Type of the condition.
+                    type: string
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: storagestates.migration.k8s.io
+spec:
+  group: migration.k8s.io
+  names:
+    kind: StorageState
+    listKind: StorageStateList
+    plural: storagestates
+    singular: storagestate
+  scope: Cluster
+  subresources:
+    status: {}
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  "validation":
+    "openAPIV3Schema":
+      description: The state of the storage of a specific resource.
+      type: object
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          description: The name must be "<.spec.resource.resouce>.<.spec.resource.group>".
+          type: object
+        spec:
+          description: Specification of the storage state.
+          type: object
+          properties:
+            resource:
+              description: The resource this storageState is about.
+              type: object
+              properties:
+                group:
+                  description: The name of the group.
+                  type: string
+                resource:
+                  description: The name of the resource.
+                  type: string
+        status:
+          description: Status of the storage state.
+          type: object
+          properties:
+            currentStorageVersionHash:
+              description: The hash value of the current storage version, as shown
+                in the discovery document served by the API server. Storage Version
+                is the version to which objects are converted to before persisted.
+              type: string
+            lastHeartbeatTime:
+              description: LastHeartbeatTime is the last time the storage migration
+                triggering controller checks the storage version hash of this resource
+                in the discovery document and updates this field.
+              type: string
+              format: date-time
+            persistedStorageVersionHashes:
+              description: The hash values of storage versions that persisted instances
+                of spec.resource might still be encoded in. "Unknown" is a valid value
+                in the list, and is the default value. It is not safe to upgrade or
+                downgrade to an apiserver binary that does not support all versions
+                listed in this field, or if "Unknown" is listed. Once the storage
+                version migration for this resource has completed, the value of this
+                field is refined to only contain the currentStorageVersionHash. Once
+                the apiserver has changed the storage version, the new storage version
+                is appended to the list.
+              type: array
+              items:
+                type: string
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: storage-version-migration-trigger
+rules:
+- apiGroups: ["migration.k8s.io"]
+  resources: ["storagestates"]
+  verbs: ["watch", "get", "list", "delete", "create", "update"]
+- apiGroups: ["migration.k8s.io"]
+  resources: ["storageversionmigrations"]
+  verbs: ["watch", "get", "list", "delete", "create"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: storage-version-migration-crd-creator
+rules:
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: ["create", "delete", "get"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: storage-version-migration-initializer
+rules:
+- apiGroups: ["migration.k8s.io"]
+  resources: ["storageversionmigrations"]
+  verbs: ["create"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: storage-version-migration-migrator
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: storage-version-migration-trigger
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: storage-version-migration-trigger
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: storage-version-migration-crd-creator
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: storage-version-migration-crd-creator
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: storage-version-migration-initializer
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: storage-version-migration-initializer
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: trigger
+  namespace: kube-system
+  labels:
+    app: trigger
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: trigger
+  template:
+    metadata:
+      labels:
+        app: trigger
+    spec:
+      containers:
+      - name: trigger
+        image: yuanying/storage-version-migration-trigger:v0.1
+        args:
+        - --kubeconfig=/etc/trigger/kubeconfig
+        volumeMounts:
+        - mountPath: /etc/trigger
+          name: kubeconfig
+      volumes:
+      - name: kubeconfig
+        configMap:
+          name: kubeconfig-in-cluster-latest
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: migrator
+  namespace: kube-system
+  labels:
+    app: migrator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: migrator
+  template:
+    metadata:
+      labels:
+        app: migrator
+    spec:
+      containers:
+      - name: migrator
+        image: yuanying/storage-version-migration-migrator:v0.1
+        command:
+          - /migrator
+          - --v=2
+          - --alsologtostderr
+          - --kube-api-qps=40
+          - --kube-api-burst=1000
+          - --kubeconfig=/etc/migrator/kubeconfig
+        volumeMounts:
+        - mountPath: /etc/migrator
+          name: kubeconfig
+      volumes:
+      - name: kubeconfig
+        configMap:
+          name: kubeconfig-in-cluster-latest

data/lib/porkadot/configs/certs/k8s.rb

@@ -33,6 +33,12 @@ module Porkadot; module Configs; class Certs
         DNS:kubernetes.default
         DNS:kubernetes.default.svc
         DNS:kubernetes.default.svc.#{self.config.k8s.networking.dns_domain}
+        DNS:porkadot-kubernetes
+        DNS:porkadot-kubernetes.kube-system
+        DNS:porkadot-kubernetes.kube-system.svc
+        DNS:porkadot-kubernetes-latest
+        DNS:porkadot-kubernetes-latest.kube-system
+        DNS:porkadot-kubernetes-latest.kube-system.svc
         DNS:localhost
         IP:#{self.config.k8s.networking.kubernetes_ip}
         IP:127.0.0.1

data/lib/porkadot/configs/kubernetes.rb

@@ -56,6 +56,7 @@ module Porkadot; module Configs
           "#{RECOMMENDED_LABEL_PREFIX}/version": self.config.k8s.kubernetes_version,
           "#{RECOMMENDED_LABEL_PREFIX}/part-of": 'kubernetes',
           "#{RECOMMENDED_LABEL_PREFIX}/managed-by": 'porkadot',
+          "k8s-app": self.component_name,
         })
       end
 

data/lib/porkadot/default.yaml

@@ -27,10 +27,11 @@ lb:
 
 etcd:
   image_repository: gcr.io/etcd-development/etcd
-  image_tag: v3.3.10
+  image_tag: v3.4.3
+  extra_env: []
 
 kubernetes:
-  kubernetes_version: v1.17.3
+  kubernetes_version: v1.18.10
   image_repository: k8s.gcr.io
 
   networking:

data/lib/porkadot/version.rb

@@ -1,3 +1,3 @@
 module Porkadot
-  VERSION = "0.2.2"
+  VERSION = "0.18.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: porkadot
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.18.0
 platform: ruby
 authors:
 - OTSUKA, Yuanying
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-04-15 00:00:00.000000000 Z
+date: 2020-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -140,6 +140,8 @@ files:
 - lib/porkadot/assets/kubelet/kubelet.service.erb
 - lib/porkadot/assets/kubernetes.rb
 - lib/porkadot/assets/kubernetes/install.sh.erb
+- lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb
@@ -152,6 +154,7 @@ files:
 - lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb
 - lib/porkadot/cmd.rb
 - lib/porkadot/cmd/cli.rb
 - lib/porkadot/cmd/install.rb