porkadot 0.23.0 → 0.25.0

data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.yaml.erb

@@ -58,7 +58,7 @@ spec:
           periodSeconds: 1
           timeoutSeconds: 15
         startupProbe:
-          failureThreshold: 24
+          failureThreshold: 48
           httpGet:
             host: 127.0.0.1
             path: /livez
@@ -101,6 +101,9 @@ spec:
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
       volumes:
       - hostPath:
           path: /etc/ssl/certs

data/lib/porkadot/assets/kubernetes/manifests/kube-controller-manager.yaml.erb

@@ -146,6 +146,9 @@ spec:
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
       volumes:
       - name: var-run-kubernetes
         emptyDir: {}

data/lib/porkadot/assets/kubernetes/manifests/kube-scheduler.yaml.erb

@@ -173,4 +173,6 @@ spec:
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
-
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule

data/lib/porkadot/assets/kubernetes.rb

@@ -80,14 +80,28 @@ module Porkadot; module Assets
         secrets.each do |m|
           render_secrets_erb(m)
         end
+        crds = @@crds[name]
+        crds.each do |m|
+          copy_crds(m)
+        end
       end
     end
 
-    def self.register_manifests name, manifests, secrets: []
+    def copy_crds file
+      logger.info "----> #{file}"
+      crd_path = File.join(config.target_crd_dir_path, file)
+      crd_dir = File.dirname(crd_path)
+      FileUtils.mkdir_p(crd_dir) unless File.directory?(crd_dir)
+      FileUtils.copy(File.join(TEMPLATE_DIR, file), crd_path)
+    end
+
+    def self.register_manifests name, manifests, secrets: [], crds: []
       @@manifests ||= {}
       @@manifests[name] = manifests
       @@secrets_manifests ||= {}
       @@secrets_manifests[name] = secrets
+      @@crds ||= {}
+      @@crds[name] = crds
     end
 
     register_manifests('flannel', [
@@ -106,6 +120,8 @@ module Porkadot; module Assets
       'metallb/metallb.yaml',
       'metallb/metallb.config.yaml',
       'metallb/kustomization.yaml'
+    ], crds: [
+      'metallb/crds.yaml'
     ])
 
 
@@ -119,5 +135,10 @@ module Porkadot; module Assets
       'storage-version-migrator/kustomization.yaml'
     ])
 
+    register_manifests('kubelet-serving-cert-approver', [
+      'kubelet-serving-cert-approver/src.yaml',
+      'kubelet-serving-cert-approver/kustomization.yaml'
+    ])
+
   end
 end; end

data/lib/porkadot/config.rb

@@ -4,7 +4,7 @@ require 'logger'
 
 module Porkadot
   class Raw < ::Hashie::Mash
-    disable_warnings :keys, :min
+    disable_warnings :keys, :key, :min
   end
 
   class Config

data/lib/porkadot/configs/addons.rb

@@ -16,6 +16,10 @@ module Porkadot; module Configs
       File.join(self.config.secrets_root_dir, 'kubernetes', 'manifests', 'addons')
     end
 
+    def target_crd_dir_path
+      File.join(self.config.assets_dir, 'kubernetes', 'manifests', 'crds')
+    end
+
   end
 end; end
 

data/lib/porkadot/configs/etcd.rb

@@ -87,6 +87,15 @@ module Porkadot; module Configs
       ["https://#{self.listen_client_address}:2380"]
     end
 
+    def listen_metrics_urls
+      address = self.listen_client_address
+      if address != '0.0.0.0'
+        return  ["http://#{address}:2381", "http://127.0.0.1:2381"]
+      else
+        return  ["http://#{address}:2381"]
+      end
+    end
+
     def initial_cluster
       return {}.tap do |rtn|
         self.config.etcd_nodes.each do |_, v|

data/lib/porkadot/configs/kubelet.rb

@@ -23,6 +23,14 @@ module Porkadot; module Configs
       File.join(self.target_secrets_path, 'addons')
     end
 
+    def ca_crt_path
+      File.join(self.target_path, 'ca.crt')
+    end
+
+    def control_plane_endpoint
+      (self.raw.kubernetes && self.raw.kubernetes.control_plane_endpoint) || self.config.k8s.control_plane_endpoint
+    end
+
   end
 
   class Kubelet
@@ -54,9 +62,23 @@ module Porkadot; module Configs
       return self.raw.labels.map{|v| v.compact.join('=')}.join(',')
     end
 
-    def taints_string
-      return '' unless self.raw.taints
-      return self.raw.taints.map{|v| v.compact.join('=')}.join(',')
+    def labels
+      return self.raw.labels || {}
+    end
+
+    def annotations
+      return self.raw.annotations || {}
+    end
+
+    def kubelet_config
+      kc = self.raw.config || ::Porkadot::Raw.new
+      kc = kc.merge(self.config.kubernetes.kubelet.config)
+      kc.clusterDNS << self.config.k8s.networking.dns_ip.to_s
+      kc.clusterDomain = self.config.k8s.networking.dns_domain
+      if self.raw.taints
+        kc.registerWithTaints = self.raw.taints
+      end
+      return kc
     end
 
     def hostname
@@ -79,10 +101,6 @@ module Porkadot; module Configs
       File.join(self.target_secrets_path, 'addons')
     end
 
-    def ca_crt_path
-      File.join(self.target_path, 'ca.crt')
-    end
-
     def bootstrap_key_path
       File.join(self.target_secrets_path, 'bootstrap.key')
     end

data/lib/porkadot/default.yaml

@@ -11,14 +11,14 @@ nodes: {}
 bootstrap: {}
 
 addons:
-  enabled: [flannel, coredns, metallb, kubelet-rubber-stamp, storage-version-migrator]
+  enabled: [flannel, coredns, metallb, kubelet-serving-cert-approver, storage-version-migrator]
 
   flannel:
     backend: vxlan
-    plugin_image_repository: rancher/mirrored-flannelcni-flannel-cni-plugin
-    plugin_image_tag: v1.0.1
-    daemon_image_repository: rancher/mirrored-flannelcni-flannel
-    daemon_image_tag: v0.17.0
+    plugin_image_repository: flannel/flannel-cni-plugin
+    plugin_image_tag: v1.4.1-flannel1
+    daemon_image_repository: flannel/flannel
+    daemon_image_tag: v0.25.1
     resources:
       requests:
         cpu: "100m"
@@ -39,20 +39,22 @@ addons:
 
   kubelet-rubber-stamp: {}
 
+  kubelet-serving-cert-approver: {}
+
   storage-version-migrator: {}
 
 etcd:
-  image_repository: gcr.io/etcd-development/etcd
-  image_tag: v3.4.13
+  image_repository: registry.k8s.io/etcd
+  image_tag: 3.5.5-0
   extra_env: []
 
 kubernetes:
-  kubernetes_version: v1.23.5
-  crictl_version: v1.23.0
-  image_repository: k8s.gcr.io
+  kubernetes_version: v1.25.15
+  crictl_version: v1.25.0
+  image_repository: registry.k8s.io
 
   networking:
-    cni_version: v1.0.1
+    cni_version: v1.2.0
     service_subnet: '10.254.0.0/24'
     pod_subnet: '10.244.0.0/16'
     dns_domain: 'cluster.local'
@@ -96,7 +98,7 @@ kubernetes:
         minSyncPeriod: 0s
         scheduler: ""
         syncPeriod: 30s
-      metricsBindAddress: 127.0.0.1:10249
+      metricsBindAddress: 0.0.0.0:10249
       mode: "iptables"
       nodePortAddresses: null
       oomScoreAdj: -999
@@ -106,7 +108,6 @@ kubernetes:
   kubelet:
     config:
       apiVersion: kubelet.config.k8s.io/v1beta1
-      kind: KubeletConfiguration
       authentication:
         anonymous:
           enabled: false
@@ -122,7 +123,7 @@ kubernetes:
           cacheUnauthorizedTTL: 0s
       cgroupDriver: systemd
       clusterDNS: []
-      clusterDomain: cluster.local
+      clusterDomain: ""
       cpuManagerReconcilePeriod: 0s
       evictionPressureTransitionPeriod: 0s
       fileCheckFrequency: 0s
@@ -130,13 +131,14 @@ kubernetes:
       healthzPort: 10248
       httpCheckFrequency: 0s
       imageMinimumGCAge: 0s
+      kind: KubeletConfiguration
       nodeStatusReportFrequency: 0s
       nodeStatusUpdateFrequency: 0s
       resolvConf: /run/systemd/resolve/resolv.conf
       rotateCertificates: true
       runtimeRequestTimeout: 0s
-      serverTLSBootstrap: true
       staticPodPath: /etc/kubernetes/manifests
       streamingConnectionIdleTimeout: 0s
       syncFrequency: 0s
       volumeStatsAggPeriod: 0s
+      serverTLSBootstrap: true

data/lib/porkadot/install/bootstrap.rb

@@ -32,7 +32,7 @@ module Porkadot; module Install
           execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
         end
 
-       endpoint = "https://127.0.0.1:#{global_config.k8s.apiserver.bind_port}/healthz"
+       endpoint = "https://127.0.0.1:#{global_config.k8s.apiserver.bind_port}/readyz"
        info "Start to wait for Bootstrapping Kubernetes API: #{endpoint}"
         while !test('curl', '-skf', endpoint)
           info "Still wating for Bootstrapping Kubernetes API..."

data/lib/porkadot/install/kubelet.rb

@@ -3,6 +3,7 @@ module Porkadot; module Install
     KUBE_TEMP = File.join(Porkadot::Install::KUBE_TEMP, 'kubelet')
     KUBE_SECRETS_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.kubelet')
     KUBE_DEFAULT_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.default')
+    KUBE_SECRETS_DEFAULT_TEMP = File.join(Porkadot::Install::KUBE_TEMP, '.default.kubelet')
     ETCD_TEMP = '/opt/porkadot'
     include SSHKit::DSL
     attr_reader :global_config
@@ -19,23 +20,8 @@ module Porkadot; module Install
     end
 
     def setup_containerd hosts: nil, force: false
-      unless hosts
-        hosts = []
-        self.kubelets.each do |_, v|
-          hosts << v
-        end
-      end
-
+      hosts = self.exec hosts: hosts
       on(hosts) do |host|
-        execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
-        if test("[ -d #{KUBE_TEMP} ]")
-          execute(:rm, '-rf', KUBE_TEMP)
-          execute(:rm, '-rf', KUBE_SECRETS_TEMP)
-        end
-        upload! host.config.target_path, KUBE_TEMP, recursive: true
-        upload! host.config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
-        execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
-
         as user: 'root' do
           execute(:bash, File.join(KUBE_TEMP, 'setup-containerd.sh'))
         end
@@ -43,30 +29,28 @@ module Porkadot; module Install
     end
 
     def setup_default hosts: nil, force: false
-      unless hosts
-        hosts = []
-        self.kubelets.each do |_, v|
-          hosts << v
+      hosts = self.exec hosts: hosts
+      on(hosts) do |host|
+        as user: 'root' do
+          execute(:bash, File.join(KUBE_TEMP, 'setup-node.sh'))
         end
       end
+    end
 
+    def install hosts: nil, force: false
+      hosts = self.exec hosts: hosts
       on(hosts) do |host|
-        execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
-        if test("[ -d #{KUBE_TEMP} ]")
-          execute(:rm, '-rf', KUBE_TEMP)
-          execute(:rm, '-rf', KUBE_SECRETS_TEMP)
-        end
-        upload! host.global_config.kubelet_default.target_path, KUBE_TEMP, recursive: true
-        upload! host.global_config.kubelet_default.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
-        execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
-
         as user: 'root' do
+          unless test("[ -f /opt/bin/kubelet-#{host.global_config.k8s.kubernetes_version} ]") && !force
+            execute(:bash, File.join(KUBE_TEMP, 'install-deps.sh'))
+          end
+          execute(:bash, File.join(KUBE_TEMP, 'install-pkgs.sh'))
           execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
         end
       end
     end
 
-    def install hosts: nil, force: false
+    def exec hosts: nil
       unless hosts
         hosts = []
         self.kubelets.each do |_, v|
@@ -79,19 +63,19 @@ module Porkadot; module Install
         if test("[ -d #{KUBE_TEMP} ]")
           execute(:rm, '-rf', KUBE_TEMP)
           execute(:rm, '-rf', KUBE_SECRETS_TEMP)
+          execute(:rm, '-rf', KUBE_DEFAULT_TEMP)
+          execute(:rm, '-rf', KUBE_SECRETS_DEFAULT_TEMP)
         end
-        upload! host.config.target_path, KUBE_TEMP, recursive: true
-        upload! host.config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
+        upload! host.global_config.kubelet_default.target_path, KUBE_TEMP, recursive: true
+        upload! host.global_config.kubelet_default.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
+        upload! host.config.target_path, KUBE_DEFAULT_TEMP, recursive: true
+        upload! host.config.target_secrets_path, KUBE_SECRETS_DEFAULT_TEMP, recursive: true
         execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
-
-        as user: 'root' do
-          unless test("[ -f /opt/bin/kubelet-#{host.global_config.k8s.kubernetes_version} ]") && !force
-            execute(:bash, File.join(KUBE_TEMP, 'install-deps.sh'))
-          end
-          execute(:bash, File.join(KUBE_TEMP, 'install-pkgs.sh'))
-          execute(:bash, File.join(KUBE_TEMP, 'install.sh'))
-        end
+        execute(:cp, '-r', KUBE_DEFAULT_TEMP + '/*', KUBE_TEMP)
+        execute(:cp, '-r', KUBE_SECRETS_DEFAULT_TEMP + '/*', KUBE_TEMP)
       end
+
+      return hosts
     end
 
     def backup_etcd host: nil, path: "./backup/etcd.db"

data/lib/porkadot/version.rb

@@ -1,3 +1,3 @@
 module Porkadot
-  VERSION = "0.23.0"
+  VERSION = "0.25.0"
 end

data/lib/porkadot.rb

@@ -1,5 +1,6 @@
 require 'thor'
 require 'sshkit'
+require 'json'
 
 require "porkadot/version"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: porkadot
 version: !ruby/object:Gem::Version
-  version: 0.23.0
+  version: 0.25.0
 platform: ruby
 authors:
 - OTSUKA, Yuanying
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-09-24 00:00:00.000000000 Z
+date: 2024-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -128,7 +128,12 @@ files:
 - config/unstable.yaml
 - exe/porkadot
 - hack/gen-storage-version-migrator.sh
+- hack/metallb/crds/kustomization.yaml
+- hack/metallb/exclude-l2-config.yaml
+- hack/metallb/kustomization.yaml
 - hack/storage-version-migrator/kustomization.yaml
+- hack/update-kubelet-cert-approver.sh
+- hack/update-metallb.sh
 - lib/porkadot.rb
 - lib/porkadot/assets.rb
 - lib/porkadot/assets/bootstrap.rb
@@ -146,16 +151,19 @@ files:
 - lib/porkadot/assets/certs/k8s.rb
 - lib/porkadot/assets/etcd.rb
 - lib/porkadot/assets/etcd/etcd-server.yaml.erb
+- lib/porkadot/assets/etcd/etcd.env.erb
 - lib/porkadot/assets/etcd/install.sh.erb
+- lib/porkadot/assets/kubelet-default/install-deps.sh.erb
+- lib/porkadot/assets/kubelet-default/install-pkgs.sh.erb
 - lib/porkadot/assets/kubelet-default/install.sh.erb
+- lib/porkadot/assets/kubelet-default/setup-containerd.sh.erb
+- lib/porkadot/assets/kubelet-default/setup-node.sh.erb
 - lib/porkadot/assets/kubelet.rb
 - lib/porkadot/assets/kubelet/bootstrap-kubelet.conf.erb
 - lib/porkadot/assets/kubelet/config.yaml.erb
-- lib/porkadot/assets/kubelet/install-deps.sh.erb
-- lib/porkadot/assets/kubelet/install-pkgs.sh.erb
-- lib/porkadot/assets/kubelet/install.sh.erb
+- lib/porkadot/assets/kubelet/initiatorname.iscsi.erb
 - lib/porkadot/assets/kubelet/kubelet.service.erb
-- lib/porkadot/assets/kubelet/setup-containerd.sh.erb
+- lib/porkadot/assets/kubelet/metadata.json.erb
 - lib/porkadot/assets/kubernetes.rb
 - lib/porkadot/assets/kubernetes/install.secrets.sh.erb
 - lib/porkadot/assets/kubernetes/install.sh.erb
@@ -168,11 +176,13 @@ files:
 - lib/porkadot/assets/kubernetes/manifests/addons/flannel/kustomization.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/addons/kubelet-rubber-stamp/kubelet-rubber-stamp.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/addons/kubelet-rubber-stamp/kustomization.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/addons/kubelet-serving-cert-approver/kustomization.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/addons/kubelet-serving-cert-approver/src.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/addons/kustomization.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/addons/metallb/000-metallb.yaml.erb
+- lib/porkadot/assets/kubernetes/manifests/addons/metallb/crds.yaml
 - lib/porkadot/assets/kubernetes/manifests/addons/metallb/kustomization.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/addons/metallb/metallb.config.yaml.erb
-- lib/porkadot/assets/kubernetes/manifests/addons/metallb/metallb.yaml
 - lib/porkadot/assets/kubernetes/manifests/addons/metallb/metallb.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/addons/storage-version-migrator/kustomization.yaml.erb
 - lib/porkadot/assets/kubernetes/manifests/addons/storage-version-migrator/storage-version-migrator.yaml.erb

data/lib/porkadot/assets/kubelet/install.sh.erb

@@ -1,35 +0,0 @@
-#!/bin/bash
-
-set -eu
-export LC_ALL=C
-ROOT=$(dirname "${BASH_SOURCE}")
-
-export KUBERNETES_PATH="/etc/kubernetes"
-export KUBERNETES_PKI_PATH="${KUBERNETES_PATH}/pki"
-export KUBERNETES_MANIFESTS_PATH="${KUBERNETES_PATH}/manifests"
-export KUBELET_PATH="/var/lib/kubelet"
-
-mkdir -p ${KUBERNETES_PATH}
-mkdir -p ${KUBERNETES_PKI_PATH}
-mkdir -p ${KUBERNETES_MANIFESTS_PATH}
-mkdir -p ${KUBELET_PATH}
-
-cp ${ROOT}/bootstrap-kubelet.conf ${KUBERNETES_PATH}/
-cp ${ROOT}/bootstrap.* ${KUBERNETES_PKI_PATH}/
-cp ${ROOT}/ca.crt ${KUBERNETES_PKI_PATH}/
-cp ${ROOT}/config.yaml ${KUBELET_PATH}/
-cp ${ROOT}/kubelet.service /etc/systemd/system/
-
-# Install addons
-for addon in $(ls ${ROOT}/addons/); do
-  install_sh="${ROOT}/addons/${addon}/install.sh"
-  if [[ -f ${install_sh} ]]; then
-    echo "Install: ${install_sh}"
-    bash ${install_sh}
-  fi
-done
-
-rm -f ${KUBERNETES_PATH}/kubelet.conf
-systemctl daemon-reload
-systemctl enable kubelet
-systemctl restart kubelet

data/lib/porkadot/assets/kubelet/setup-containerd.sh.erb

@@ -1,17 +0,0 @@
-#!/bin/bash
-set -eu
-export LC_ALL=C
-ROOT=$(dirname "${BASH_SOURCE}")
-
-mkdir -p /etc/containerd
-containerd config default | tee /etc/containerd/config.toml
-
-grep SystemdCgroup /etc/containerd/config.toml && :
-
-if [[ $? == 0 ]]; then
-  sed -i -e "s/SystemdCgroup.*$/SystemdCgroup = true/" /etc/containerd/config.toml
-else
-  sed -i -e "/containerd.runtimes.runc.options/a SystemdCgroup = true" /etc/containerd/config.toml
-fi
-
-systemctl restart containerd