porkadot 0.2.2 → 0.19.1

data/lib/porkadot/cmd/cli.rb

@@ -13,6 +13,22 @@ module Porkadot; module Cmd
     desc "install", "Install kubernetes"
     subcommand "install", Porkadot::Cmd::Install::Cli
 
+    desc "setup-containerd", "Setup containerd"
+    option :node, type: :string
+    option :force, type: :boolean, default: false
+    def setup_containerd
+      logger.info "Setup containerd"
+      kubelets = Porkadot::Install::KubeletList.new(self.config)
+      nodes = []
+      if node = options[:node]
+        nodes = kubelets[node]
+      else
+        nodes = kubelets.kubelets.values
+      end
+      kubelets.setup_containerd hosts: nodes, force: options[:force]
+      ""
+    end
+
     desc "set-config", "Set cluster to kubeconfig"
     def set_config
       name = config.k8s.cluster_name

data/lib/porkadot/cmd/render/certs.rb

@@ -40,7 +40,7 @@ module Porkadot; module Cmd; module Render; module Certs
       certs.apiserver_cert(true)
       logger.info "--> Kubelet client key and certs"
       certs.kubelet_client_key
-      certs.kubelet_client_cert
+      certs.kubelet_client_cert(true)
       # logger.info "--> Bootstrap client key and certs"
       # bootstrap_client_key = self.private_key(self.assets.k8s_bootstrap_key_path)
       # self.client_cert(self.assets.k8s_bootstrap_cert_path, '/O=porkadot:node-bootstrappers/CN=node-bootstrapper', bootstrap_client_key, ca_cert, ca_key)

data/lib/porkadot/configs/certs/k8s.rb

@@ -33,6 +33,12 @@ module Porkadot; module Configs; class Certs
         DNS:kubernetes.default
         DNS:kubernetes.default.svc
         DNS:kubernetes.default.svc.#{self.config.k8s.networking.dns_domain}
+        DNS:porkadot-kubernetes
+        DNS:porkadot-kubernetes.kube-system
+        DNS:porkadot-kubernetes.kube-system.svc
+        DNS:porkadot-kubernetes-latest
+        DNS:porkadot-kubernetes-latest.kube-system
+        DNS:porkadot-kubernetes-latest.kube-system.svc
         DNS:localhost
         IP:#{self.config.k8s.networking.kubernetes_ip}
         IP:127.0.0.1

data/lib/porkadot/configs/kubernetes.rb

@@ -56,6 +56,7 @@ module Porkadot; module Configs
           "#{RECOMMENDED_LABEL_PREFIX}/version": self.config.k8s.kubernetes_version,
           "#{RECOMMENDED_LABEL_PREFIX}/part-of": 'kubernetes',
           "#{RECOMMENDED_LABEL_PREFIX}/managed-by": 'porkadot',
+          "k8s-app": self.component_name,
         })
       end
 
@@ -68,11 +69,14 @@ module Porkadot; module Configs
         }
       end
 
-      def args
+      def args bootstrap: false
         extra = {}
         if self.extra_args
           extra = self.extra_args.map{|i| i.split('=', 2)}.to_h
         end
+        if bootstrap
+          extra = self.bootstrap_args.merge(extra)
+        end
         return self.default_args.merge(extra)
       end
 
@@ -95,6 +99,10 @@ module Porkadot; module Configs
         'kube-apiserver'
       end
 
+      def bootstrap_args
+        return {}
+      end
+
       def default_args
         return %W(
           --advertise-address=$(POD_IP)
@@ -102,6 +110,7 @@ module Porkadot; module Configs
           --authorization-mode=Node,RBAC
           --bind-address=0.0.0.0
           --client-ca-file=/etc/kubernetes/pki/kubernetes/ca.crt
+          --enable-admission-plugins=NodeRestriction
           --enable-bootstrap-token-auth=true
           --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
           --etcd-certfile=/etc/kubernetes/pki/etcd/etcd-client.crt
@@ -142,6 +151,14 @@ module Porkadot; module Configs
         'kube-scheduler'
       end
 
+      def bootstrap_args
+        return %W(
+          --kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+          --authentication-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+          --authorization-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+        ).map {|i| i.split('=', 2)}.to_h
+      end
+
       def default_args
         return %W(
           --leader-elect=true
@@ -163,6 +180,12 @@ module Porkadot; module Configs
         'kube-controller-manager'
       end
 
+      def bootstrap_args
+        return %W(
+          --kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
+        ).map {|i| i.split('=', 2)}.to_h
+      end
+
       def default_args
         return %W(
           --allocate-node-cidrs=true
@@ -201,6 +224,12 @@ module Porkadot; module Configs
         'kube-proxy'
       end
 
+      def bootstrap_args
+        return %W(
+          --config=/etc/kubernetes/bootstrap/kube-proxy-bootstrap.yaml
+        ).map {|i| i.split('=', 2)}.to_h
+      end
+
       def default_args
         return %W(
           --config=/var/lib/kube-proxy/config.conf

data/lib/porkadot/default.yaml

@@ -27,10 +27,11 @@ lb:
 
 etcd:
   image_repository: gcr.io/etcd-development/etcd
-  image_tag: v3.3.10
+  image_tag: v3.4.3
+  extra_env: []
 
 kubernetes:
-  kubernetes_version: v1.17.3
+  kubernetes_version: v1.19.6
   image_repository: k8s.gcr.io
 
   networking:
@@ -101,7 +102,7 @@ kubernetes:
         webhook:
           cacheAuthorizedTTL: 0s
           cacheUnauthorizedTTL: 0s
-      cgroupDriver: cgroupfs
+      cgroupDriver: systemd
       clusterDNS: []
       clusterDomain: cluster.local
       cpuManagerReconcilePeriod: 0s

data/lib/porkadot/install/kubelet.rb

@@ -16,6 +16,30 @@ module Porkadot; module Install
       end
     end
 
+    def setup_containerd hosts: nil, force: false
+      unless hosts
+        hosts = []
+        self.kubelets.each do |_, v|
+          hosts << v
+        end
+      end
+
+      on(hosts) do |host|
+        execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
+        if test("[ -d #{KUBE_TEMP} ]")
+          execute(:rm, '-rf', KUBE_TEMP)
+          execute(:rm, '-rf', KUBE_SECRETS_TEMP)
+        end
+        upload! host.config.target_path, KUBE_TEMP, recursive: true
+        upload! host.config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
+        execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
+
+        as user: 'root' do
+          execute(:bash, File.join(KUBE_TEMP, 'setup-containerd.sh'))
+        end
+      end
+    end
+
     def install hosts: nil, force: false
       unless hosts
         hosts = []

data/lib/porkadot/version.rb

@@ -1,3 +1,3 @@
 module Porkadot
-  VERSION = "0.2.2"
+  VERSION = "0.19.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: porkadot
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.19.1
 platform: ruby
 authors:
 - OTSUKA, Yuanying
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-04-15 00:00:00.000000000 Z
+date: 2021-07-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -113,6 +113,8 @@ files:
 - config/porkadot.yaml
 - config/unstable.yaml
 - exe/porkadot
+- hack/gen-storage-version-migrator.sh
+- hack/storage-version-migrator/kustomization.yaml
 - lib/porkadot.rb
 - lib/porkadot/assets.rb
 - lib/porkadot/assets/bootstrap.rb
@@ -138,8 +140,11 @@ files:
 - lib/porkadot/assets/kubelet/install-pkgs.sh.erb
 - lib/porkadot/assets/kubelet/install.sh.erb
 - lib/porkadot/assets/kubelet/kubelet.service.erb
+- lib/porkadot/assets/kubelet/setup-containerd.sh.erb
 - lib/porkadot/assets/kubernetes.rb
 - lib/porkadot/assets/kubernetes/install.sh.erb
+- lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/dns-horizontal-autoscaler.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/flannel.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb
@@ -149,9 +154,10 @@ files:
 - lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/kubelet.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb
-- lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/porkadot.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb
 - lib/porkadot/cmd.rb
 - lib/porkadot/cmd/cli.rb
 - lib/porkadot/cmd/install.rb

data/lib/porkadot/assets/kubernetes/manifests/pod-checkpointer.yaml.erb

@@ -1,130 +0,0 @@
-<% k8s = global_config.k8s -%>
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: pod-checkpointer
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: pod-checkpointer
-  namespace: kube-system
-rules:
-- apiGroups: [""] # "" indicates the core API group
-  resources: ["pods"]
-  verbs: ["get", "watch", "list"]
-- apiGroups: [""] # "" indicates the core API group
-  resources: ["secrets", "configmaps"]
-  verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: pod-checkpointer
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: pod-checkpointer
-subjects:
-- kind: ServiceAccount
-  name: pod-checkpointer
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: pod-checkpointer
-rules:
-  - apiGroups: [""]
-    resources: ["nodes", "nodes/proxy"]
-    verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: pod-checkpointer
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: pod-checkpointer
-subjects:
-- kind: ServiceAccount
-  name: pod-checkpointer
-  namespace: kube-system
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: pod-checkpointer
-  namespace: kube-system
-  labels:
-    tier: control-plane
-    k8s-app: pod-checkpointer
-spec:
-  selector:
-    matchLabels:
-      tier: control-plane
-      k8s-app: pod-checkpointer
-  template:
-    metadata:
-      labels:
-        tier: control-plane
-        k8s-app: pod-checkpointer
-      annotations:
-        checkpointer.alpha.coreos.com/checkpoint: "true"
-    spec:
-      containers:
-      - name: pod-checkpointer
-        image: quay.io/coreos/pod-checkpointer:83e25e5968391b9eb342042c435d1b3eeddb2be1
-        command:
-        - /checkpoint
-        - --lock-file=/var/run/lock/pod-checkpointer.lock
-        - --kubeconfig=/etc/checkpointer/kubeconfig
-        - --checkpoint-grace-period=5m
-        env:
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        imagePullPolicy: Always
-        volumeMounts:
-        - mountPath: /etc/checkpointer
-          name: kubeconfig
-        - mountPath: /etc/kubernetes
-          name: etc-kubernetes
-        - mountPath: /var/run
-          name: var-run
-      serviceAccountName: pod-checkpointer
-      hostNetwork: true
-      nodeSelector:
-        k8s.unstable.cloud/master: ""
-      restartPolicy: Always
-      tolerations:
-      - key: node-role.kubernetes.io/master
-        operator: Exists
-        effect: NoSchedule
-      volumes:
-      - name: kubeconfig
-        configMap:
-          name: kubeconfig-in-cluster
-      - name: etc-kubernetes
-        hostPath:
-          path: /etc/kubernetes
-      - name: var-run
-        hostPath:
-          path: /var/run
-  updateStrategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate