porkadot 0.2.2 → 0.19.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/hack/gen-storage-version-migrator.sh +7 -0
  3. data/hack/storage-version-migrator/kustomization.yaml +77 -0
  4. data/lib/porkadot/assets.rb +9 -0
  5. data/lib/porkadot/assets/bootstrap/manifests/kube-apiserver.bootstrap.yaml.erb +4 -30
  6. data/lib/porkadot/assets/bootstrap/manifests/kube-controller-manager.bootstrap.yaml.erb +13 -16
  7. data/lib/porkadot/assets/bootstrap/manifests/kube-proxy.bootstrap.yaml.erb +3 -2
  8. data/lib/porkadot/assets/bootstrap/manifests/kube-scheduler.bootstrap.yaml.erb +3 -5
  9. data/lib/porkadot/assets/etcd/etcd-server.yaml.erb +2 -0
  10. data/lib/porkadot/assets/kubelet.rb +1 -0
  11. data/lib/porkadot/assets/kubelet/config.yaml.erb +3 -0
  12. data/lib/porkadot/assets/kubelet/install-deps.sh.erb +11 -0
  13. data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb +19 -2
  14. data/lib/porkadot/assets/kubelet/kubelet.service.erb +3 -1
  15. data/lib/porkadot/assets/kubelet/setup-containerd.sh.erb +10 -0
  16. data/lib/porkadot/assets/kubernetes.rb +4 -1
  17. data/lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb +209 -0
  18. data/lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb +110 -0
  19. data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb +52 -431
  20. data/lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb +1 -1
  21. data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb +12 -3
  22. data/lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb +13 -0
  23. data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb +116 -26
  24. data/lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb +23 -0
  25. data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb +357 -0
  26. data/lib/porkadot/cmd/cli.rb +16 -0
  27. data/lib/porkadot/cmd/render/certs.rb +1 -1
  28. data/lib/porkadot/configs/certs/k8s.rb +6 -0
  29. data/lib/porkadot/configs/kubernetes.rb +30 -1
  30. data/lib/porkadot/default.yaml +4 -3
  31. data/lib/porkadot/install/kubelet.rb +24 -0
  32. data/lib/porkadot/version.rb +1 -1
  33. metadata +9 -3
  34. data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb +0 -130
data/lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb ADDED
@@ -0,0 +1,110 @@
1
+ # Copyright 2016 The Kubernetes Authors.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ kind: ServiceAccount
16
+ apiVersion: v1
17
+ metadata:
18
+ name: kube-dns-autoscaler
19
+ namespace: kube-system
20
+ labels:
21
+ addonmanager.kubernetes.io/mode: Reconcile
22
+ ---
23
+ kind: ClusterRole
24
+ apiVersion: rbac.authorization.k8s.io/v1
25
+ metadata:
26
+ name: system:kube-dns-autoscaler
27
+ labels:
28
+ addonmanager.kubernetes.io/mode: Reconcile
29
+ rules:
30
+ - apiGroups: [""]
31
+ resources: ["nodes"]
32
+ verbs: ["list", "watch"]
33
+ - apiGroups: [""]
34
+ resources: ["replicationcontrollers/scale"]
35
+ verbs: ["get", "update"]
36
+ - apiGroups: ["apps"]
37
+ resources: ["deployments/scale", "replicasets/scale"]
38
+ verbs: ["get", "update"]
39
+ # Remove the configmaps rule once below issue is fixed:
40
+ # kubernetes-incubator/cluster-proportional-autoscaler#16
41
+ - apiGroups: [""]
42
+ resources: ["configmaps"]
43
+ verbs: ["get", "create"]
44
+ ---
45
+ kind: ClusterRoleBinding
46
+ apiVersion: rbac.authorization.k8s.io/v1
47
+ metadata:
48
+ name: system:kube-dns-autoscaler
49
+ labels:
50
+ addonmanager.kubernetes.io/mode: Reconcile
51
+ subjects:
52
+ - kind: ServiceAccount
53
+ name: kube-dns-autoscaler
54
+ namespace: kube-system
55
+ roleRef:
56
+ kind: ClusterRole
57
+ name: system:kube-dns-autoscaler
58
+ apiGroup: rbac.authorization.k8s.io
59
+
60
+ ---
61
+ apiVersion: apps/v1
62
+ kind: Deployment
63
+ metadata:
64
+ name: kube-dns-autoscaler
65
+ namespace: kube-system
66
+ labels:
67
+ k8s-app: kube-dns-autoscaler
68
+ kubernetes.io/cluster-service: "true"
69
+ addonmanager.kubernetes.io/mode: Reconcile
70
+ spec:
71
+ selector:
72
+ matchLabels:
73
+ k8s-app: kube-dns-autoscaler
74
+ template:
75
+ metadata:
76
+ labels:
77
+ k8s-app: kube-dns-autoscaler
78
+ annotations:
79
+ seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
80
+ spec:
81
+ priorityClassName: system-cluster-critical
82
+ securityContext:
83
+ supplementalGroups: [ 65534 ]
84
+ fsGroup: 65534
85
+ nodeSelector:
86
+ kubernetes.io/os: linux
87
+ containers:
88
+ - name: autoscaler
89
+ image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.7.1
90
+ resources:
91
+ requests:
92
+ cpu: "20m"
93
+ memory: "10Mi"
94
+ command:
95
+ - /cluster-proportional-autoscaler
96
+ - --namespace=kube-system
97
+ - --configmap=kube-dns-autoscaler
98
+ # Should keep target in sync with cluster/addons/dns/kube-dns.yaml.base
99
+ - --target=Deployment/coredns
100
+ # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
101
+ # If using small nodes, "nodesPerReplica" should dominate.
102
+ - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}}
103
+ - --logtostderr=true
104
+ - --v=2
105
+ tolerations:
106
+ - key: "CriticalAddonsOnly"
107
+ operator: "Exists"
108
+ nodeSelector:
109
+ kubernetes.io/os: linux
110
+ serviceAccountName: kube-dns-autoscaler
data/lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb CHANGED
@@ -11,14 +11,14 @@ metadata:
11
11
  spec:
12
12
  privileged: false
13
13
  volumes:
14
- - configMap
15
- - secret
16
- - emptyDir
17
- - hostPath
14
+ - configMap
15
+ - secret
16
+ - emptyDir
17
+ - hostPath
18
18
  allowedHostPaths:
19
- - pathPrefix: "/etc/cni/net.d"
20
- - pathPrefix: "/etc/kube-flannel"
21
- - pathPrefix: "/run/flannel"
19
+ - pathPrefix: "/etc/cni/net.d"
20
+ - pathPrefix: "/etc/kube-flannel"
21
+ - pathPrefix: "/run/flannel"
22
22
  readOnlyRootFilesystem: false
23
23
  # Users and groups
24
24
  runAsUser:
@@ -31,7 +31,7 @@ spec:
31
31
  allowPrivilegeEscalation: false
32
32
  defaultAllowPrivilegeEscalation: false
33
33
  # Capabilities
34
- allowedCapabilities: ['NET_ADMIN']
34
+ allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
35
35
  defaultAddCapabilities: []
36
36
  requiredDropCapabilities: []
37
37
  # Host namespaces
@@ -47,36 +47,36 @@ spec:
47
47
  rule: 'RunAsAny'
48
48
  ---
49
49
  kind: ClusterRole
50
- apiVersion: rbac.authorization.k8s.io/v1beta1
50
+ apiVersion: rbac.authorization.k8s.io/v1
51
51
  metadata:
52
52
  name: flannel
53
53
  rules:
54
- - apiGroups: ['extensions']
55
- resources: ['podsecuritypolicies']
56
- verbs: ['use']
57
- resourceNames: ['psp.flannel.unprivileged']
58
- - apiGroups:
59
- - ""
60
- resources:
61
- - pods
62
- verbs:
63
- - get
64
- - apiGroups:
65
- - ""
66
- resources:
67
- - nodes
68
- verbs:
69
- - list
70
- - watch
71
- - apiGroups:
72
- - ""
73
- resources:
74
- - nodes/status
75
- verbs:
76
- - patch
54
+ - apiGroups: ['extensions']
55
+ resources: ['podsecuritypolicies']
56
+ verbs: ['use']
57
+ resourceNames: ['psp.flannel.unprivileged']
58
+ - apiGroups:
59
+ - ""
60
+ resources:
61
+ - pods
62
+ verbs:
63
+ - get
64
+ - apiGroups:
65
+ - ""
66
+ resources:
67
+ - nodes
68
+ verbs:
69
+ - list
70
+ - watch
71
+ - apiGroups:
72
+ - ""
73
+ resources:
74
+ - nodes/status
75
+ verbs:
76
+ - patch
77
77
  ---
78
78
  kind: ClusterRoleBinding
79
- apiVersion: rbac.authorization.k8s.io/v1beta1
79
+ apiVersion: rbac.authorization.k8s.io/v1
80
80
  metadata:
81
81
  name: flannel
82
82
  roleRef:
@@ -134,7 +134,7 @@ data:
134
134
  apiVersion: apps/v1
135
135
  kind: DaemonSet
136
136
  metadata:
137
- name: kube-flannel-ds-amd64
137
+ name: kube-flannel-ds
138
138
  namespace: kube-system
139
139
  labels:
140
140
  tier: node
@@ -153,23 +153,20 @@ spec:
153
153
  nodeAffinity:
154
154
  requiredDuringSchedulingIgnoredDuringExecution:
155
155
  nodeSelectorTerms:
156
- - matchExpressions:
157
- - key: beta.kubernetes.io/os
158
- operator: In
159
- values:
160
- - linux
161
- - key: beta.kubernetes.io/arch
162
- operator: In
163
- values:
164
- - amd64
156
+ - matchExpressions:
157
+ - key: kubernetes.io/os
158
+ operator: In
159
+ values:
160
+ - linux
165
161
  hostNetwork: true
162
+ priorityClassName: system-node-critical
166
163
  tolerations:
167
164
  - operator: Exists
168
165
  effect: NoSchedule
169
166
  serviceAccountName: flannel
170
167
  initContainers:
171
168
  - name: install-cni
172
- image: quay.io/coreos/flannel:v0.12.0-amd64
169
+ image: quay.io/coreos/flannel:v0.13.0
173
170
  command:
174
171
  - cp
175
172
  args:
@@ -183,7 +180,7 @@ spec:
183
180
  mountPath: /etc/kube-flannel/
184
181
  containers:
185
182
  - name: kube-flannel
186
- image: quay.io/coreos/flannel:v0.12.0-amd64
183
+ image: quay.io/coreos/flannel:v0.13.0
187
184
  command:
188
185
  - /opt/bin/flanneld
189
186
  args:
@@ -199,7 +196,7 @@ spec:
199
196
  securityContext:
200
197
  privileged: false
201
198
  capabilities:
202
- add: ["NET_ADMIN"]
199
+ add: ["NET_ADMIN", "NET_RAW"]
203
200
  env:
204
201
  - name: POD_NAME
205
202
  valueFrom:
@@ -215,388 +212,12 @@ spec:
215
212
  - name: flannel-cfg
216
213
  mountPath: /etc/kube-flannel/
217
214
  volumes:
218
- - name: run
219
- hostPath:
220
- path: /run/flannel
221
- - name: cni
222
- hostPath:
223
- path: /etc/cni/net.d
224
- - name: flannel-cfg
225
- configMap:
226
- name: kube-flannel-cfg
227
- ---
228
- apiVersion: apps/v1
229
- kind: DaemonSet
230
- metadata:
231
- name: kube-flannel-ds-arm64
232
- namespace: kube-system
233
- labels:
234
- tier: node
235
- app: flannel
236
- spec:
237
- selector:
238
- matchLabels:
239
- app: flannel
240
- template:
241
- metadata:
242
- labels:
243
- tier: node
244
- app: flannel
245
- spec:
246
- affinity:
247
- nodeAffinity:
248
- requiredDuringSchedulingIgnoredDuringExecution:
249
- nodeSelectorTerms:
250
- - matchExpressions:
251
- - key: beta.kubernetes.io/os
252
- operator: In
253
- values:
254
- - linux
255
- - key: beta.kubernetes.io/arch
256
- operator: In
257
- values:
258
- - arm64
259
- hostNetwork: true
260
- tolerations:
261
- - operator: Exists
262
- effect: NoSchedule
263
- serviceAccountName: flannel
264
- initContainers:
265
- - name: install-cni
266
- image: quay.io/coreos/flannel:v0.12.0-arm64
267
- command:
268
- - cp
269
- args:
270
- - -f
271
- - /etc/kube-flannel/cni-conf.json
272
- - /etc/cni/net.d/10-flannel.conflist
273
- volumeMounts:
274
- - name: cni
275
- mountPath: /etc/cni/net.d
276
- - name: flannel-cfg
277
- mountPath: /etc/kube-flannel/
278
- containers:
279
- - name: kube-flannel
280
- image: quay.io/coreos/flannel:v0.12.0-arm64
281
- command:
282
- - /opt/bin/flanneld
283
- args:
284
- - --ip-masq
285
- - --kube-subnet-mgr
286
- resources:
287
- requests:
288
- cpu: "100m"
289
- memory: "50Mi"
290
- limits:
291
- cpu: "100m"
292
- memory: "50Mi"
293
- securityContext:
294
- privileged: false
295
- capabilities:
296
- add: ["NET_ADMIN"]
297
- env:
298
- - name: POD_NAME
299
- valueFrom:
300
- fieldRef:
301
- fieldPath: metadata.name
302
- - name: POD_NAMESPACE
303
- valueFrom:
304
- fieldRef:
305
- fieldPath: metadata.namespace
306
- volumeMounts:
307
- - name: run
308
- mountPath: /run/flannel
309
- - name: flannel-cfg
310
- mountPath: /etc/kube-flannel/
311
- volumes:
312
- - name: run
313
- hostPath:
314
- path: /run/flannel
315
- - name: cni
316
- hostPath:
317
- path: /etc/cni/net.d
318
- - name: flannel-cfg
319
- configMap:
320
- name: kube-flannel-cfg
321
- ---
322
- apiVersion: apps/v1
323
- kind: DaemonSet
324
- metadata:
325
- name: kube-flannel-ds-arm
326
- namespace: kube-system
327
- labels:
328
- tier: node
329
- app: flannel
330
- spec:
331
- selector:
332
- matchLabels:
333
- app: flannel
334
- template:
335
- metadata:
336
- labels:
337
- tier: node
338
- app: flannel
339
- spec:
340
- affinity:
341
- nodeAffinity:
342
- requiredDuringSchedulingIgnoredDuringExecution:
343
- nodeSelectorTerms:
344
- - matchExpressions:
345
- - key: beta.kubernetes.io/os
346
- operator: In
347
- values:
348
- - linux
349
- - key: beta.kubernetes.io/arch
350
- operator: In
351
- values:
352
- - arm
353
- hostNetwork: true
354
- tolerations:
355
- - operator: Exists
356
- effect: NoSchedule
357
- serviceAccountName: flannel
358
- initContainers:
359
- - name: install-cni
360
- image: quay.io/coreos/flannel:v0.12.0-arm
361
- command:
362
- - cp
363
- args:
364
- - -f
365
- - /etc/kube-flannel/cni-conf.json
366
- - /etc/cni/net.d/10-flannel.conflist
367
- volumeMounts:
368
- - name: cni
369
- mountPath: /etc/cni/net.d
370
- - name: flannel-cfg
371
- mountPath: /etc/kube-flannel/
372
- containers:
373
- - name: kube-flannel
374
- image: quay.io/coreos/flannel:v0.12.0-arm
375
- command:
376
- - /opt/bin/flanneld
377
- args:
378
- - --ip-masq
379
- - --kube-subnet-mgr
380
- resources:
381
- requests:
382
- cpu: "100m"
383
- memory: "50Mi"
384
- limits:
385
- cpu: "100m"
386
- memory: "50Mi"
387
- securityContext:
388
- privileged: false
389
- capabilities:
390
- add: ["NET_ADMIN"]
391
- env:
392
- - name: POD_NAME
393
- valueFrom:
394
- fieldRef:
395
- fieldPath: metadata.name
396
- - name: POD_NAMESPACE
397
- valueFrom:
398
- fieldRef:
399
- fieldPath: metadata.namespace
400
- volumeMounts:
401
- - name: run
402
- mountPath: /run/flannel
403
- - name: flannel-cfg
404
- mountPath: /etc/kube-flannel/
405
- volumes:
406
- - name: run
407
- hostPath:
408
- path: /run/flannel
409
- - name: cni
410
- hostPath:
411
- path: /etc/cni/net.d
412
- - name: flannel-cfg
413
- configMap:
414
- name: kube-flannel-cfg
415
- ---
416
- apiVersion: apps/v1
417
- kind: DaemonSet
418
- metadata:
419
- name: kube-flannel-ds-ppc64le
420
- namespace: kube-system
421
- labels:
422
- tier: node
423
- app: flannel
424
- spec:
425
- selector:
426
- matchLabels:
427
- app: flannel
428
- template:
429
- metadata:
430
- labels:
431
- tier: node
432
- app: flannel
433
- spec:
434
- affinity:
435
- nodeAffinity:
436
- requiredDuringSchedulingIgnoredDuringExecution:
437
- nodeSelectorTerms:
438
- - matchExpressions:
439
- - key: beta.kubernetes.io/os
440
- operator: In
441
- values:
442
- - linux
443
- - key: beta.kubernetes.io/arch
444
- operator: In
445
- values:
446
- - ppc64le
447
- hostNetwork: true
448
- tolerations:
449
- - operator: Exists
450
- effect: NoSchedule
451
- serviceAccountName: flannel
452
- initContainers:
453
- - name: install-cni
454
- image: quay.io/coreos/flannel:v0.12.0-ppc64le
455
- command:
456
- - cp
457
- args:
458
- - -f
459
- - /etc/kube-flannel/cni-conf.json
460
- - /etc/cni/net.d/10-flannel.conflist
461
- volumeMounts:
462
- - name: cni
463
- mountPath: /etc/cni/net.d
464
- - name: flannel-cfg
465
- mountPath: /etc/kube-flannel/
466
- containers:
467
- - name: kube-flannel
468
- image: quay.io/coreos/flannel:v0.12.0-ppc64le
469
- command:
470
- - /opt/bin/flanneld
471
- args:
472
- - --ip-masq
473
- - --kube-subnet-mgr
474
- resources:
475
- requests:
476
- cpu: "100m"
477
- memory: "50Mi"
478
- limits:
479
- cpu: "100m"
480
- memory: "50Mi"
481
- securityContext:
482
- privileged: false
483
- capabilities:
484
- add: ["NET_ADMIN"]
485
- env:
486
- - name: POD_NAME
487
- valueFrom:
488
- fieldRef:
489
- fieldPath: metadata.name
490
- - name: POD_NAMESPACE
491
- valueFrom:
492
- fieldRef:
493
- fieldPath: metadata.namespace
494
- volumeMounts:
495
- - name: run
496
- mountPath: /run/flannel
497
- - name: flannel-cfg
498
- mountPath: /etc/kube-flannel/
499
- volumes:
500
- - name: run
501
- hostPath:
502
- path: /run/flannel
503
- - name: cni
504
- hostPath:
505
- path: /etc/cni/net.d
506
- - name: flannel-cfg
507
- configMap:
508
- name: kube-flannel-cfg
509
- ---
510
- apiVersion: apps/v1
511
- kind: DaemonSet
512
- metadata:
513
- name: kube-flannel-ds-s390x
514
- namespace: kube-system
515
- labels:
516
- tier: node
517
- app: flannel
518
- spec:
519
- selector:
520
- matchLabels:
521
- app: flannel
522
- template:
523
- metadata:
524
- labels:
525
- tier: node
526
- app: flannel
527
- spec:
528
- affinity:
529
- nodeAffinity:
530
- requiredDuringSchedulingIgnoredDuringExecution:
531
- nodeSelectorTerms:
532
- - matchExpressions:
533
- - key: beta.kubernetes.io/os
534
- operator: In
535
- values:
536
- - linux
537
- - key: beta.kubernetes.io/arch
538
- operator: In
539
- values:
540
- - s390x
541
- hostNetwork: true
542
- tolerations:
543
- - operator: Exists
544
- effect: NoSchedule
545
- serviceAccountName: flannel
546
- initContainers:
547
- - name: install-cni
548
- image: quay.io/coreos/flannel:v0.12.0-s390x
549
- command:
550
- - cp
551
- args:
552
- - -f
553
- - /etc/kube-flannel/cni-conf.json
554
- - /etc/cni/net.d/10-flannel.conflist
555
- volumeMounts:
556
- - name: cni
557
- mountPath: /etc/cni/net.d
558
- - name: flannel-cfg
559
- mountPath: /etc/kube-flannel/
560
- containers:
561
- - name: kube-flannel
562
- image: quay.io/coreos/flannel:v0.12.0-s390x
563
- command:
564
- - /opt/bin/flanneld
565
- args:
566
- - --ip-masq
567
- - --kube-subnet-mgr
568
- resources:
569
- requests:
570
- cpu: "100m"
571
- memory: "50Mi"
572
- limits:
573
- cpu: "100m"
574
- memory: "50Mi"
575
- securityContext:
576
- privileged: false
577
- capabilities:
578
- add: ["NET_ADMIN"]
579
- env:
580
- - name: POD_NAME
581
- valueFrom:
582
- fieldRef:
583
- fieldPath: metadata.name
584
- - name: POD_NAMESPACE
585
- valueFrom:
586
- fieldRef:
587
- fieldPath: metadata.namespace
588
- volumeMounts:
589
- - name: run
590
- mountPath: /run/flannel
591
- - name: flannel-cfg
592
- mountPath: /etc/kube-flannel/
593
- volumes:
594
- - name: run
595
- hostPath:
596
- path: /run/flannel
597
- - name: cni
598
- hostPath:
599
- path: /etc/cni/net.d
600
- - name: flannel-cfg
601
- configMap:
602
- name: kube-flannel-cfg
215
+ - name: run
216
+ hostPath:
217
+ path: /run/flannel
218
+ - name: cni
219
+ hostPath:
220
+ path: /etc/cni/net.d
221
+ - name: flannel-cfg
222
+ configMap:
223
+ name: kube-flannel-cfg