mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-11 15:39:33 -05:00
Preinstall kubelet systemd unit in OS images (#365)
This commit is contained in:
parent
fa63e51370
commit
c1e3231848
@ -12,10 +12,7 @@ const (
|
|||||||
binDir = "/run/state/bin"
|
binDir = "/run/state/bin"
|
||||||
kubeadmPath = "/run/state/bin/kubeadm"
|
kubeadmPath = "/run/state/bin/kubeadm"
|
||||||
kubeletPath = "/run/state/bin/kubelet"
|
kubeletPath = "/run/state/bin/kubelet"
|
||||||
kubeletServiceEtcPath = "/run/systemd/system/kubelet.service"
|
kubeletServicePath = "/usr/lib/systemd/system/kubelet.service"
|
||||||
kubeletServiceStatePath = "/run/state/systemd/system/kubelet.service"
|
|
||||||
kubeadmConfEtcPath = "/run/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
|
||||||
kubeadmConfStatePath = "/run/state/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
|
||||||
executablePerm = 0o544
|
executablePerm = 0o544
|
||||||
systemdUnitPerm = 0o644
|
systemdUnitPerm = 0o644
|
||||||
)
|
)
|
||||||
|
@ -34,7 +34,6 @@ import (
|
|||||||
"github.com/edgelesssys/constellation/v2/internal/file"
|
"github.com/edgelesssys/constellation/v2/internal/file"
|
||||||
"github.com/edgelesssys/constellation/v2/internal/logger"
|
"github.com/edgelesssys/constellation/v2/internal/logger"
|
||||||
"github.com/edgelesssys/constellation/v2/internal/versions"
|
"github.com/edgelesssys/constellation/v2/internal/versions"
|
||||||
"github.com/icholy/replace"
|
|
||||||
"github.com/spf13/afero"
|
"github.com/spf13/afero"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
"golang.org/x/text/transform"
|
"golang.org/x/text/transform"
|
||||||
@ -93,16 +92,6 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions
|
|||||||
); err != nil {
|
); err != nil {
|
||||||
return fmt.Errorf("installing crictl: %w", err)
|
return fmt.Errorf("installing crictl: %w", err)
|
||||||
}
|
}
|
||||||
if err := k.inst.Install(
|
|
||||||
ctx, versionConf.KubeletServiceURL, []string{kubeletServiceEtcPath, kubeletServiceStatePath}, systemdUnitPerm, false, replace.String("/usr/bin", binDir),
|
|
||||||
); err != nil {
|
|
||||||
return fmt.Errorf("installing kubelet service: %w", err)
|
|
||||||
}
|
|
||||||
if err := k.inst.Install(
|
|
||||||
ctx, versionConf.KubeadmConfURL, []string{kubeadmConfEtcPath, kubeadmConfStatePath}, systemdUnitPerm, false, replace.String("/usr/bin", binDir),
|
|
||||||
); err != nil {
|
|
||||||
return fmt.Errorf("installing kubeadm conf: %w", err)
|
|
||||||
}
|
|
||||||
if err := k.inst.Install(
|
if err := k.inst.Install(
|
||||||
ctx, versionConf.KubeletURL, []string{kubeletPath}, executablePerm, false,
|
ctx, versionConf.KubeletURL, []string{kubeletPath}, executablePerm, false,
|
||||||
); err != nil {
|
); err != nil {
|
||||||
@ -119,7 +108,7 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions
|
|||||||
return fmt.Errorf("installing kubectl: %w", err)
|
return fmt.Errorf("installing kubectl: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return enableSystemdUnit(ctx, kubeletServiceEtcPath)
|
return enableSystemdUnit(ctx, kubeletServicePath)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *KubernetesUtil) InitCluster(
|
func (k *KubernetesUtil) InitCluster(
|
||||||
@ -434,7 +423,7 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, pee
|
|||||||
func (k *KubernetesUtil) StartKubelet() error {
|
func (k *KubernetesUtil) StartKubelet() error {
|
||||||
ctx, cancel := context.WithTimeout(context.TODO(), kubeletStartTimeout)
|
ctx, cancel := context.WithTimeout(context.TODO(), kubeletStartTimeout)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
if err := enableSystemdUnit(ctx, kubeletServiceEtcPath); err != nil {
|
if err := enableSystemdUnit(ctx, kubeletServicePath); err != nil {
|
||||||
return fmt.Errorf("enabling kubelet systemd unit: %w", err)
|
return fmt.Errorf("enabling kubelet systemd unit: %w", err)
|
||||||
}
|
}
|
||||||
return startSystemdUnit(ctx, "kubelet.service")
|
return startSystemdUnit(ctx, "kubelet.service")
|
||||||
|
@ -5,12 +5,5 @@
|
|||||||
|
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
# recreate kubelet systemd unit after reboot.
|
|
||||||
# tmpfile config has to be written late as it interferes with the systemd-nspawn build environment
|
|
||||||
cat >"${BUILDROOT}/usr/lib/tmpfiles.d/kubelet-service.conf" <<EOF
|
|
||||||
C /run/systemd/system/kubelet.service - - - - /run/state/systemd/system/kubelet.service
|
|
||||||
C /run/systemd/system/kubelet.service.d/10-kubeadm.conf - - - - /run/state/systemd/system/kubelet.service.d/10-kubeadm.conf
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# cleanup dracut generation files (disk-mapper) to save space
|
# cleanup dracut generation files (disk-mapper) to save space
|
||||||
rm -rf "${BUILDROOT}/usr/lib/dracut/modules.d/39constellation-mount/"
|
rm -rf "${BUILDROOT}/usr/lib/dracut/modules.d/39constellation-mount/"
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
enable constellation-bootstrapper.service
|
|
||||||
enable configure-constel-csp.service
|
enable configure-constel-csp.service
|
||||||
|
enable constellation-bootstrapper.service
|
||||||
enable containerd.service
|
enable containerd.service
|
||||||
enable tpm-pcrs.service
|
enable kubelet.service
|
||||||
enable systemd-networkd.service
|
enable systemd-networkd.service
|
||||||
|
enable tpm-pcrs.service
|
||||||
|
21
image/mkosi.skeleton/usr/lib/systemd/system/kubelet.service
Normal file
21
image/mkosi.skeleton/usr/lib/systemd/system/kubelet.service
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=kubelet: The Kubernetes Node Agent
|
||||||
|
Documentation=https://kubernetes.io/docs/home/
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
|
||||||
|
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
|
||||||
|
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
|
||||||
|
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
|
||||||
|
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
|
||||||
|
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
|
||||||
|
EnvironmentFile=-/etc/default/kubelet
|
||||||
|
ExecStart=/run/state/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
|
||||||
|
Restart=always
|
||||||
|
StartLimitInterval=0
|
||||||
|
RestartSec=10
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -85,8 +85,6 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
|||||||
PatchVersion: "1.23.12",
|
PatchVersion: "1.23.12",
|
||||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.1/crictl-v1.24.1-linux-amd64.tar.gz",
|
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.1/crictl-v1.24.1-linux-amd64.tar.gz",
|
||||||
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service",
|
|
||||||
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf",
|
|
||||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubelet",
|
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubelet",
|
||||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubeadm",
|
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubeadm",
|
||||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubectl",
|
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubectl",
|
||||||
@ -104,8 +102,6 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
|||||||
PatchVersion: "1.24.6",
|
PatchVersion: "1.24.6",
|
||||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz",
|
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz",
|
||||||
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service",
|
|
||||||
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf",
|
|
||||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubelet",
|
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubelet",
|
||||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubeadm",
|
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubeadm",
|
||||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubectl",
|
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubectl",
|
||||||
@ -123,8 +119,6 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
|||||||
PatchVersion: "1.25.2",
|
PatchVersion: "1.25.2",
|
||||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz",
|
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz",
|
||||||
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service",
|
|
||||||
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf",
|
|
||||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubelet",
|
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubelet",
|
||||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubeadm",
|
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubeadm",
|
||||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubectl",
|
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubectl",
|
||||||
@ -148,8 +142,6 @@ type KubernetesVersion struct {
|
|||||||
PatchVersion string
|
PatchVersion string
|
||||||
CNIPluginsURL string // No k8s version dependency.
|
CNIPluginsURL string // No k8s version dependency.
|
||||||
CrictlURL string // k8s version dependency.
|
CrictlURL string // k8s version dependency.
|
||||||
KubeletServiceURL string // No k8s version dependency.
|
|
||||||
KubeadmConfURL string // kubeadm/kubelet v1.11+.
|
|
||||||
KubeletURL string // k8s version dependency.
|
KubeletURL string // k8s version dependency.
|
||||||
KubeadmURL string // k8s version dependency.
|
KubeadmURL string // k8s version dependency.
|
||||||
KubectlURL string // k8s version dependency.
|
KubectlURL string // k8s version dependency.
|
||||||
|
Loading…
Reference in New Issue
Block a user