porkadot 0.19.0 → 0.19.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/hack/storage-version-migrator/kustomization.yaml +65 -1
- data/lib/porkadot/assets/bootstrap/manifests/kube-apiserver.bootstrap.yaml.erb +4 -30
- data/lib/porkadot/assets/bootstrap/manifests/kube-controller-manager.bootstrap.yaml.erb +13 -16
- data/lib/porkadot/assets/bootstrap/manifests/kube-proxy.bootstrap.yaml.erb +3 -2
- data/lib/porkadot/assets/bootstrap/manifests/kube-scheduler.bootstrap.yaml.erb +3 -5
- data/lib/porkadot/assets/kubelet.rb +1 -0
- data/lib/porkadot/assets/kubelet/install-pkgs.sh.erb +0 -6
- data/lib/porkadot/assets/kubelet/setup-containerd.sh.erb +10 -0
- data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb +18 -15
- data/lib/porkadot/cmd/cli.rb +16 -0
- data/lib/porkadot/configs/kubernetes.rb +29 -1
- data/lib/porkadot/install/kubelet.rb +24 -0
- data/lib/porkadot/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 834e1f31cbbf8c7c8766162945572512fc0311dbf772df008f85ef2a00b3ea3d
|
4
|
+
data.tar.gz: f453e7a4899673f08a550b69c41b30c908eb5bf0906a67eee79a21ccd5fc1dcd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e13576f10e90eb2d277302bfcfe7cecb7feb681d25070052c50b6060b95e0b455061d093d8ddde84a69c650e2fa6f2b3775e25913cf743023c2ee036bdef0764
|
7
|
+
data.tar.gz: 5714fefdd57b9683974ea42f6d111ac87b66f723221f5f0852c95b758d92cf19f6eac32c9ddd2e98e1f77dcbac4db70c735eddf4999cb39be71ad2717efb5d5d
|
@@ -1,5 +1,7 @@
|
|
1
|
+
namespace: kube-system
|
2
|
+
|
1
3
|
resources:
|
2
|
-
- https://github.com/kubernetes-sigs/kube-storage-version-migrator/manifests/?ref=
|
4
|
+
- https://github.com/kubernetes-sigs/kube-storage-version-migrator/manifests/?ref=acdee30ced218b79e39c6a701985e8cd8bd33824
|
3
5
|
|
4
6
|
images:
|
5
7
|
- name: REGISTRY/storage-version-migration-initializer:VERSION
|
@@ -11,3 +13,65 @@ images:
|
|
11
13
|
- name: REGISTRY/storage-version-migration-trigger:VERSION
|
12
14
|
newName: asia.gcr.io/k8s-artifacts-prod/storage-migrator/storage-version-migration-trigger
|
13
15
|
newTag: v0.0.3
|
16
|
+
patchesJson6902:
|
17
|
+
- target:
|
18
|
+
group: apps
|
19
|
+
version: v1
|
20
|
+
kind: Deployment
|
21
|
+
name: migrator
|
22
|
+
namespace: kube-system
|
23
|
+
patch: |-
|
24
|
+
- op: remove
|
25
|
+
path: /spec/template/spec/containers/0/livenessProbe
|
26
|
+
- op: add
|
27
|
+
path: /spec/template/spec/containers/0/command/-
|
28
|
+
value: --kubeconfig=/etc/migrator/kubeconfig
|
29
|
+
- target:
|
30
|
+
group: apps
|
31
|
+
version: v1
|
32
|
+
kind: Deployment
|
33
|
+
name: trigger
|
34
|
+
namespace: kube-system
|
35
|
+
patch: |-
|
36
|
+
- op: remove
|
37
|
+
path: /spec/template/spec/containers/0/livenessProbe
|
38
|
+
- op: add
|
39
|
+
path: /spec/template/spec/containers/0/args
|
40
|
+
value: ["--kubeconfig=/etc/migrator/kubeconfig"]
|
41
|
+
patchesStrategicMerge:
|
42
|
+
- |-
|
43
|
+
apiVersion: apps/v1
|
44
|
+
kind: Deployment
|
45
|
+
metadata:
|
46
|
+
name: migrator
|
47
|
+
namespace: NAMESPACE
|
48
|
+
spec:
|
49
|
+
template:
|
50
|
+
spec:
|
51
|
+
containers:
|
52
|
+
- name: migrator
|
53
|
+
volumeMounts:
|
54
|
+
- mountPath: /etc/migrator
|
55
|
+
name: kubeconfig
|
56
|
+
volumes:
|
57
|
+
- name: kubeconfig
|
58
|
+
configMap:
|
59
|
+
name: kubeconfig-in-cluster-latest
|
60
|
+
- |-
|
61
|
+
apiVersion: apps/v1
|
62
|
+
kind: Deployment
|
63
|
+
metadata:
|
64
|
+
name: trigger
|
65
|
+
namespace: NAMESPACE
|
66
|
+
spec:
|
67
|
+
template:
|
68
|
+
spec:
|
69
|
+
containers:
|
70
|
+
- name: trigger
|
71
|
+
volumeMounts:
|
72
|
+
- mountPath: /etc/migrator
|
73
|
+
name: kubeconfig
|
74
|
+
volumes:
|
75
|
+
- name: kubeconfig
|
76
|
+
configMap:
|
77
|
+
name: kubeconfig-in-cluster-latest
|
@@ -20,35 +20,9 @@ spec:
|
|
20
20
|
image: <%= k8s.image_repository %>/kube-apiserver:<%= k8s.kubernetes_version %>
|
21
21
|
command:
|
22
22
|
- kube-apiserver
|
23
|
-
|
24
|
-
-
|
25
|
-
|
26
|
-
- --bind-address=0.0.0.0
|
27
|
-
- --client-ca-file=/etc/kubernetes/secrets/kubernetes/ca.crt
|
28
|
-
- --enable-admission-plugins=NodeRestriction
|
29
|
-
- --enable-bootstrap-token-auth=true
|
30
|
-
- --etcd-cafile=/etc/kubernetes/secrets/etcd/ca.crt
|
31
|
-
- --etcd-certfile=/etc/kubernetes/secrets/etcd/etcd-client.crt
|
32
|
-
- --etcd-keyfile=/etc/kubernetes/secrets/etcd/etcd-client.key
|
33
|
-
- --etcd-servers=<%= global_config.etcd.advertise_client_urls.join(',') %>
|
34
|
-
- --kubelet-certificate-authority=/etc/kubernetes/secrets/kubernetes/ca.crt
|
35
|
-
- --kubelet-client-certificate=/etc/kubernetes/secrets/kubernetes/kubelet-client.crt
|
36
|
-
- --kubelet-client-key=/etc/kubernetes/secrets/kubernetes/kubelet-client.key
|
37
|
-
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
38
|
-
- --proxy-client-cert-file=/etc/kubernetes/secrets/kubernetes/front-proxy-client.crt
|
39
|
-
- --proxy-client-key-file=/etc/kubernetes/secrets/kubernetes/front-proxy-client.key
|
40
|
-
- --requestheader-allowed-names=front-proxy-client
|
41
|
-
- --requestheader-client-ca-file=/etc/kubernetes/secrets/kubernetes/front-proxy-ca.crt
|
42
|
-
- --requestheader-extra-headers-prefix=X-Remote-Extra-
|
43
|
-
- --requestheader-group-headers=X-Remote-Group
|
44
|
-
- --requestheader-username-headers=X-Remote-User
|
45
|
-
- --secure-port=<%= k8s.apiserver.bind_port %>
|
46
|
-
- --service-account-key-file=/etc/kubernetes/secrets/kubernetes/sa.pub
|
47
|
-
- --service-cluster-ip-range=<%= k8s.networking.service_subnet %>
|
48
|
-
- --storage-backend=etcd3
|
49
|
-
- --tls-cert-file=/etc/kubernetes/secrets/kubernetes/apiserver.crt
|
50
|
-
- --tls-private-key-file=/etc/kubernetes/secrets/kubernetes/apiserver.key
|
51
|
-
- --v=2
|
23
|
+
<%- k8s.apiserver.args(bootstrap: true).each do |k, v| -%>
|
24
|
+
- <%= k %><% if v ;%>=<%= v %><%; end %>
|
25
|
+
<%- end -%>
|
52
26
|
env:
|
53
27
|
- name: POD_IP
|
54
28
|
valueFrom:
|
@@ -64,7 +38,7 @@ spec:
|
|
64
38
|
- mountPath: /usr/share/ca-certificates
|
65
39
|
name: usr-share-ca-certificates
|
66
40
|
readOnly: true
|
67
|
-
- mountPath: /etc/kubernetes/
|
41
|
+
- mountPath: /etc/kubernetes/pki
|
68
42
|
name: secrets
|
69
43
|
readOnly: true
|
70
44
|
- mountPath: /var/lock
|
@@ -15,23 +15,17 @@ spec:
|
|
15
15
|
image: <%= k8s.image_repository %>/kube-controller-manager:<%= k8s.kubernetes_version %>
|
16
16
|
command:
|
17
17
|
- kube-controller-manager
|
18
|
-
|
19
|
-
-
|
20
|
-
|
21
|
-
- --cluster-signing-key-file=/etc/kubernetes/bootstrap/secrets/kubernetes/ca.key
|
22
|
-
- --controllers=*,bootstrapsigner,tokencleaner
|
23
|
-
- --kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
24
|
-
- --leader-elect=true
|
25
|
-
- --node-cidr-mask-size=24
|
26
|
-
- --root-ca-file=/etc/kubernetes/bootstrap/secrets/kubernetes/ca.crt
|
27
|
-
- --service-account-private-key-file=/etc/kubernetes/bootstrap/secrets/kubernetes/sa.key
|
28
|
-
- --use-service-account-credentials=true
|
29
|
-
- --v=2
|
18
|
+
<%- k8s.controller_manager.args(bootstrap: true).each do |k, v| -%>
|
19
|
+
- <%= k %><% if v ;%>=<%= v %><%; end %>
|
20
|
+
<%- end -%>
|
30
21
|
volumeMounts:
|
31
22
|
- name: var-run-kubernetes
|
32
23
|
mountPath: /var/run/kubernetes
|
33
|
-
- name: kubernetes
|
34
|
-
mountPath: /etc/kubernetes
|
24
|
+
- name: kubernetes-secrets
|
25
|
+
mountPath: /etc/kubernetes/pki
|
26
|
+
readOnly: true
|
27
|
+
- name: kubernetes-bootstrap
|
28
|
+
mountPath: /etc/kubernetes/bootstrap
|
35
29
|
readOnly: true
|
36
30
|
- mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
|
37
31
|
name: flexvolume-dir
|
@@ -48,9 +42,12 @@ spec:
|
|
48
42
|
volumes:
|
49
43
|
- name: var-run-kubernetes
|
50
44
|
emptyDir: {}
|
51
|
-
- name: kubernetes
|
45
|
+
- name: kubernetes-secrets
|
46
|
+
hostPath:
|
47
|
+
path: /etc/kubernetes/bootstrap/secrets
|
48
|
+
- name: kubernetes-bootstrap
|
52
49
|
hostPath:
|
53
|
-
path: /etc/kubernetes
|
50
|
+
path: /etc/kubernetes/bootstrap
|
54
51
|
- hostPath:
|
55
52
|
path: /etc/ssl/certs
|
56
53
|
type: DirectoryOrCreate
|
@@ -18,8 +18,9 @@ spec:
|
|
18
18
|
imagePullPolicy: IfNotPresent
|
19
19
|
command:
|
20
20
|
- kube-proxy
|
21
|
-
|
22
|
-
-
|
21
|
+
<%- k8s.proxy.args(bootstrap: true).each do |k, v| -%>
|
22
|
+
- <%= k %><% if v ;%>=<%= v %><%; end %>
|
23
|
+
<%- end -%>
|
23
24
|
env:
|
24
25
|
- name: NODE_NAME
|
25
26
|
valueFrom:
|
@@ -15,11 +15,9 @@ spec:
|
|
15
15
|
image: <%= k8s.image_repository %>/kube-scheduler:<%= k8s.kubernetes_version %>
|
16
16
|
command:
|
17
17
|
- kube-scheduler
|
18
|
-
|
19
|
-
-
|
20
|
-
|
21
|
-
- --leader-elect=true
|
22
|
-
- --v=2
|
18
|
+
<%- k8s.scheduler.args(bootstrap: true).each do |k, v| -%>
|
19
|
+
- <%= k %><% if v ;%>=<%= v %><%; end %>
|
20
|
+
<%- end -%>
|
23
21
|
volumeMounts:
|
24
22
|
- name: kubernetes
|
25
23
|
mountPath: /etc/kubernetes
|
@@ -41,12 +41,6 @@ net.ipv4.ip_forward = 1
|
|
41
41
|
net.bridge.bridge-nf-call-iptables = 1
|
42
42
|
EOF
|
43
43
|
|
44
|
-
mkdir -p /etc/containerd
|
45
|
-
containerd config default | tee /etc/containerd/config.toml
|
46
|
-
sed -i -e "/containerd.runtimes.runc.options/a SystemdCgroup = true" /etc/containerd/config.toml
|
47
|
-
|
48
|
-
systemctl restart containerd
|
49
|
-
|
50
44
|
cat <<EOF > /etc/iscsi/initiatorname.iscsi
|
51
45
|
InitiatorName=iqn.2020-04.cloud.unstable:<%= config.hostname %>
|
52
46
|
EOF
|
@@ -0,0 +1,10 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
set -eu
|
3
|
+
export LC_ALL=C
|
4
|
+
ROOT=$(dirname "${BASH_SOURCE}")
|
5
|
+
|
6
|
+
mkdir -p /etc/containerd
|
7
|
+
containerd config default | tee /etc/containerd/config.toml
|
8
|
+
sed -i -e "/containerd.runtimes.runc.options/a SystemdCgroup = true" /etc/containerd/config.toml
|
9
|
+
|
10
|
+
systemctl restart containerd
|
@@ -315,15 +315,16 @@ spec:
|
|
315
315
|
- --alsologtostderr
|
316
316
|
- --kube-api-qps=40
|
317
317
|
- --kube-api-burst=1000
|
318
|
+
- --kubeconfig=/etc/migrator/kubeconfig
|
318
319
|
image: asia.gcr.io/k8s-artifacts-prod/storage-migrator/storage-version-migration-migrator:v0.0.3
|
319
|
-
livenessProbe:
|
320
|
-
httpGet:
|
321
|
-
path: /healthz
|
322
|
-
port: 2112
|
323
|
-
scheme: HTTP
|
324
|
-
initialDelaySeconds: 10
|
325
|
-
timeoutSeconds: 60
|
326
320
|
name: migrator
|
321
|
+
volumeMounts:
|
322
|
+
- mountPath: /etc/migrator
|
323
|
+
name: kubeconfig
|
324
|
+
volumes:
|
325
|
+
- configMap:
|
326
|
+
name: kubeconfig-in-cluster-latest
|
327
|
+
name: kubeconfig
|
327
328
|
---
|
328
329
|
apiVersion: apps/v1
|
329
330
|
kind: Deployment
|
@@ -343,12 +344,14 @@ spec:
|
|
343
344
|
app: trigger
|
344
345
|
spec:
|
345
346
|
containers:
|
346
|
-
-
|
347
|
-
|
348
|
-
|
349
|
-
path: /healthz
|
350
|
-
port: 2113
|
351
|
-
scheme: HTTP
|
352
|
-
initialDelaySeconds: 10
|
353
|
-
timeoutSeconds: 60
|
347
|
+
- args:
|
348
|
+
- --kubeconfig=/etc/migrator/kubeconfig
|
349
|
+
image: asia.gcr.io/k8s-artifacts-prod/storage-migrator/storage-version-migration-trigger:v0.0.3
|
354
350
|
name: trigger
|
351
|
+
volumeMounts:
|
352
|
+
- mountPath: /etc/migrator
|
353
|
+
name: kubeconfig
|
354
|
+
volumes:
|
355
|
+
- configMap:
|
356
|
+
name: kubeconfig-in-cluster-latest
|
357
|
+
name: kubeconfig
|
data/lib/porkadot/cmd/cli.rb
CHANGED
@@ -13,6 +13,22 @@ module Porkadot; module Cmd
|
|
13
13
|
desc "install", "Install kubernetes"
|
14
14
|
subcommand "install", Porkadot::Cmd::Install::Cli
|
15
15
|
|
16
|
+
desc "setup-containerd", "Setup containerd"
|
17
|
+
option :node, type: :string
|
18
|
+
option :force, type: :boolean, default: false
|
19
|
+
def setup_containerd
|
20
|
+
logger.info "Setup containerd"
|
21
|
+
kubelets = Porkadot::Install::KubeletList.new(self.config)
|
22
|
+
nodes = []
|
23
|
+
if node = options[:node]
|
24
|
+
nodes = kubelets[node]
|
25
|
+
else
|
26
|
+
nodes = kubelets.kubelets.values
|
27
|
+
end
|
28
|
+
kubelets.setup_containerd hosts: nodes, force: options[:force]
|
29
|
+
""
|
30
|
+
end
|
31
|
+
|
16
32
|
desc "set-config", "Set cluster to kubeconfig"
|
17
33
|
def set_config
|
18
34
|
name = config.k8s.cluster_name
|
@@ -69,11 +69,14 @@ module Porkadot; module Configs
|
|
69
69
|
}
|
70
70
|
end
|
71
71
|
|
72
|
-
def args
|
72
|
+
def args bootstrap: false
|
73
73
|
extra = {}
|
74
74
|
if self.extra_args
|
75
75
|
extra = self.extra_args.map{|i| i.split('=', 2)}.to_h
|
76
76
|
end
|
77
|
+
if bootstrap
|
78
|
+
extra = self.bootstrap_args.merge(extra)
|
79
|
+
end
|
77
80
|
return self.default_args.merge(extra)
|
78
81
|
end
|
79
82
|
|
@@ -96,6 +99,10 @@ module Porkadot; module Configs
|
|
96
99
|
'kube-apiserver'
|
97
100
|
end
|
98
101
|
|
102
|
+
def bootstrap_args
|
103
|
+
return {}
|
104
|
+
end
|
105
|
+
|
99
106
|
def default_args
|
100
107
|
return %W(
|
101
108
|
--advertise-address=$(POD_IP)
|
@@ -103,6 +110,7 @@ module Porkadot; module Configs
|
|
103
110
|
--authorization-mode=Node,RBAC
|
104
111
|
--bind-address=0.0.0.0
|
105
112
|
--client-ca-file=/etc/kubernetes/pki/kubernetes/ca.crt
|
113
|
+
--enable-admission-plugins=NodeRestriction
|
106
114
|
--enable-bootstrap-token-auth=true
|
107
115
|
--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
|
108
116
|
--etcd-certfile=/etc/kubernetes/pki/etcd/etcd-client.crt
|
@@ -143,6 +151,14 @@ module Porkadot; module Configs
|
|
143
151
|
'kube-scheduler'
|
144
152
|
end
|
145
153
|
|
154
|
+
def bootstrap_args
|
155
|
+
return %W(
|
156
|
+
--kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
157
|
+
--authentication-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
158
|
+
--authorization-kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
159
|
+
).map {|i| i.split('=', 2)}.to_h
|
160
|
+
end
|
161
|
+
|
146
162
|
def default_args
|
147
163
|
return %W(
|
148
164
|
--leader-elect=true
|
@@ -164,6 +180,12 @@ module Porkadot; module Configs
|
|
164
180
|
'kube-controller-manager'
|
165
181
|
end
|
166
182
|
|
183
|
+
def bootstrap_args
|
184
|
+
return %W(
|
185
|
+
--kubeconfig=/etc/kubernetes/bootstrap/kubeconfig-bootstrap.yaml
|
186
|
+
).map {|i| i.split('=', 2)}.to_h
|
187
|
+
end
|
188
|
+
|
167
189
|
def default_args
|
168
190
|
return %W(
|
169
191
|
--allocate-node-cidrs=true
|
@@ -202,6 +224,12 @@ module Porkadot; module Configs
|
|
202
224
|
'kube-proxy'
|
203
225
|
end
|
204
226
|
|
227
|
+
def bootstrap_args
|
228
|
+
return %W(
|
229
|
+
--config=/etc/kubernetes/bootstrap/kube-proxy-bootstrap.yaml
|
230
|
+
).map {|i| i.split('=', 2)}.to_h
|
231
|
+
end
|
232
|
+
|
205
233
|
def default_args
|
206
234
|
return %W(
|
207
235
|
--config=/var/lib/kube-proxy/config.conf
|
@@ -16,6 +16,30 @@ module Porkadot; module Install
|
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
|
+
def setup_containerd hosts: nil, force: false
|
20
|
+
unless hosts
|
21
|
+
hosts = []
|
22
|
+
self.kubelets.each do |_, v|
|
23
|
+
hosts << v
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
on(hosts) do |host|
|
28
|
+
execute(:mkdir, '-p', Porkadot::Install::KUBE_TEMP)
|
29
|
+
if test("[ -d #{KUBE_TEMP} ]")
|
30
|
+
execute(:rm, '-rf', KUBE_TEMP)
|
31
|
+
execute(:rm, '-rf', KUBE_SECRETS_TEMP)
|
32
|
+
end
|
33
|
+
upload! host.config.target_path, KUBE_TEMP, recursive: true
|
34
|
+
upload! host.config.target_secrets_path, KUBE_SECRETS_TEMP, recursive: true
|
35
|
+
execute(:cp, '-r', KUBE_SECRETS_TEMP + '/*', KUBE_TEMP)
|
36
|
+
|
37
|
+
as user: 'root' do
|
38
|
+
execute(:bash, File.join(KUBE_TEMP, 'setup-containerd.sh'))
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
19
43
|
def install hosts: nil, force: false
|
20
44
|
unless hosts
|
21
45
|
hosts = []
|
data/lib/porkadot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: porkadot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.19.
|
4
|
+
version: 0.19.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OTSUKA, Yuanying
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -140,6 +140,7 @@ files:
|
|
140
140
|
- lib/porkadot/assets/kubelet/install-pkgs.sh.erb
|
141
141
|
- lib/porkadot/assets/kubelet/install.sh.erb
|
142
142
|
- lib/porkadot/assets/kubelet/kubelet.service.erb
|
143
|
+
- lib/porkadot/assets/kubelet/setup-containerd.sh.erb
|
143
144
|
- lib/porkadot/assets/kubernetes.rb
|
144
145
|
- lib/porkadot/assets/kubernetes/install.sh.erb
|
145
146
|
- lib/porkadot/assets/kubernetes/manifests/coredns.yaml.erb
|