Preinstall kubelet systemd unit in OS images (#365)

This commit is contained in:
Malte Poll 2022-10-25 16:36:03 +02:00 committed by GitHub
parent fa63e51370
commit c1e3231848
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 51 additions and 58 deletions

View File

@ -8,14 +8,11 @@ package k8sapi
const ( const (
// Paths and permissions necessary for Kubernetes installation. // Paths and permissions necessary for Kubernetes installation.
cniPluginsDir = "/opt/cni/bin" cniPluginsDir = "/opt/cni/bin"
binDir = "/run/state/bin" binDir = "/run/state/bin"
kubeadmPath = "/run/state/bin/kubeadm" kubeadmPath = "/run/state/bin/kubeadm"
kubeletPath = "/run/state/bin/kubelet" kubeletPath = "/run/state/bin/kubelet"
kubeletServiceEtcPath = "/run/systemd/system/kubelet.service" kubeletServicePath = "/usr/lib/systemd/system/kubelet.service"
kubeletServiceStatePath = "/run/state/systemd/system/kubelet.service" executablePerm = 0o544
kubeadmConfEtcPath = "/run/systemd/system/kubelet.service.d/10-kubeadm.conf" systemdUnitPerm = 0o644
kubeadmConfStatePath = "/run/state/systemd/system/kubelet.service.d/10-kubeadm.conf"
executablePerm = 0o544
systemdUnitPerm = 0o644
) )

View File

@ -34,7 +34,6 @@ import (
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/versions" "github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/icholy/replace"
"github.com/spf13/afero" "github.com/spf13/afero"
"go.uber.org/zap" "go.uber.org/zap"
"golang.org/x/text/transform" "golang.org/x/text/transform"
@ -93,16 +92,6 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions
); err != nil { ); err != nil {
return fmt.Errorf("installing crictl: %w", err) return fmt.Errorf("installing crictl: %w", err)
} }
if err := k.inst.Install(
ctx, versionConf.KubeletServiceURL, []string{kubeletServiceEtcPath, kubeletServiceStatePath}, systemdUnitPerm, false, replace.String("/usr/bin", binDir),
); err != nil {
return fmt.Errorf("installing kubelet service: %w", err)
}
if err := k.inst.Install(
ctx, versionConf.KubeadmConfURL, []string{kubeadmConfEtcPath, kubeadmConfStatePath}, systemdUnitPerm, false, replace.String("/usr/bin", binDir),
); err != nil {
return fmt.Errorf("installing kubeadm conf: %w", err)
}
if err := k.inst.Install( if err := k.inst.Install(
ctx, versionConf.KubeletURL, []string{kubeletPath}, executablePerm, false, ctx, versionConf.KubeletURL, []string{kubeletPath}, executablePerm, false,
); err != nil { ); err != nil {
@ -119,7 +108,7 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions
return fmt.Errorf("installing kubectl: %w", err) return fmt.Errorf("installing kubectl: %w", err)
} }
return enableSystemdUnit(ctx, kubeletServiceEtcPath) return enableSystemdUnit(ctx, kubeletServicePath)
} }
func (k *KubernetesUtil) InitCluster( func (k *KubernetesUtil) InitCluster(
@ -434,7 +423,7 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, pee
func (k *KubernetesUtil) StartKubelet() error { func (k *KubernetesUtil) StartKubelet() error {
ctx, cancel := context.WithTimeout(context.TODO(), kubeletStartTimeout) ctx, cancel := context.WithTimeout(context.TODO(), kubeletStartTimeout)
defer cancel() defer cancel()
if err := enableSystemdUnit(ctx, kubeletServiceEtcPath); err != nil { if err := enableSystemdUnit(ctx, kubeletServicePath); err != nil {
return fmt.Errorf("enabling kubelet systemd unit: %w", err) return fmt.Errorf("enabling kubelet systemd unit: %w", err)
} }
return startSystemdUnit(ctx, "kubelet.service") return startSystemdUnit(ctx, "kubelet.service")

View File

@ -5,12 +5,5 @@
set -euxo pipefail set -euxo pipefail
# recreate kubelet systemd unit after reboot.
# tmpfile config has to be written late as it interferes with the systemd-nspawn build environment
cat >"${BUILDROOT}/usr/lib/tmpfiles.d/kubelet-service.conf" <<EOF
C /run/systemd/system/kubelet.service - - - - /run/state/systemd/system/kubelet.service
C /run/systemd/system/kubelet.service.d/10-kubeadm.conf - - - - /run/state/systemd/system/kubelet.service.d/10-kubeadm.conf
EOF
# cleanup dracut generation files (disk-mapper) to save space # cleanup dracut generation files (disk-mapper) to save space
rm -rf "${BUILDROOT}/usr/lib/dracut/modules.d/39constellation-mount/" rm -rf "${BUILDROOT}/usr/lib/dracut/modules.d/39constellation-mount/"

View File

@ -1,5 +1,6 @@
enable constellation-bootstrapper.service
enable configure-constel-csp.service enable configure-constel-csp.service
enable constellation-bootstrapper.service
enable containerd.service enable containerd.service
enable tpm-pcrs.service enable kubelet.service
enable systemd-networkd.service enable systemd-networkd.service
enable tpm-pcrs.service

View File

@ -0,0 +1,21 @@
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home/
Wants=network-online.target
After=network-online.target
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=/run/state/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target

View File

@ -82,14 +82,12 @@ var (
// versionConfigs holds download URLs for all required kubernetes components for every supported version. // versionConfigs holds download URLs for all required kubernetes components for every supported version.
var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
V1_23: { V1_23: {
PatchVersion: "1.23.12", PatchVersion: "1.23.12",
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.1/crictl-v1.24.1-linux-amd64.tar.gz", CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.1/crictl-v1.24.1-linux-amd64.tar.gz",
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service", KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubelet",
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf", KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubeadm",
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubelet", KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubectl",
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubeadm",
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubectl",
// CloudControllerManagerImageGCP is the CCM image used on GCP. // CloudControllerManagerImageGCP is the CCM image used on GCP.
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available. // TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v23.0.0@sha256:476616939b85345d7188815045847fcbea8d502464083407cdbb6c934e35820d", CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v23.0.0@sha256:476616939b85345d7188815045847fcbea8d502464083407cdbb6c934e35820d",
@ -101,14 +99,12 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7", ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7",
}, },
V1_24: { V1_24: {
PatchVersion: "1.24.6", PatchVersion: "1.24.6",
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz", CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz",
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service", KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubelet",
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf", KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubeadm",
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubelet", KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubectl",
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubeadm",
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubectl",
// CloudControllerManagerImageGCP is the CCM image used on GCP. // CloudControllerManagerImageGCP is the CCM image used on GCP.
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available. // TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v24.0.0@sha256:8ee4261980019d3ee8517e12f36fc313fe3ea3e44dd40ee2e004b57f6e5ef171", CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v24.0.0@sha256:8ee4261980019d3ee8517e12f36fc313fe3ea3e44dd40ee2e004b57f6e5ef171",
@ -120,14 +116,12 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72", ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72",
}, },
V1_25: { V1_25: {
PatchVersion: "1.25.2", PatchVersion: "1.25.2",
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz", CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz", CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz",
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service", KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubelet",
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf", KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubeadm",
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubelet", KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubectl",
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubeadm",
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubectl",
// CloudControllerManagerImageGCP is the CCM image used on GCP. // CloudControllerManagerImageGCP is the CCM image used on GCP.
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available. // TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v25.2.0@sha256:86fa9d31ed0b3d0d8806f13d6e7debd3471028b2cb7cca3a876d8a31612a7ba5", CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v25.2.0@sha256:86fa9d31ed0b3d0d8806f13d6e7debd3471028b2cb7cca3a876d8a31612a7ba5",
@ -148,8 +142,6 @@ type KubernetesVersion struct {
PatchVersion string PatchVersion string
CNIPluginsURL string // No k8s version dependency. CNIPluginsURL string // No k8s version dependency.
CrictlURL string // k8s version dependency. CrictlURL string // k8s version dependency.
KubeletServiceURL string // No k8s version dependency.
KubeadmConfURL string // kubeadm/kubelet v1.11+.
KubeletURL string // k8s version dependency. KubeletURL string // k8s version dependency.
KubeadmURL string // k8s version dependency. KubeadmURL string // k8s version dependency.
KubectlURL string // k8s version dependency. KubectlURL string // k8s version dependency.