mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-11 15:39:33 -05:00
Preinstall kubelet systemd unit in OS images (#365)
This commit is contained in:
parent
fa63e51370
commit
c1e3231848
@ -8,14 +8,11 @@ package k8sapi
|
||||
|
||||
const (
|
||||
// Paths and permissions necessary for Kubernetes installation.
|
||||
cniPluginsDir = "/opt/cni/bin"
|
||||
binDir = "/run/state/bin"
|
||||
kubeadmPath = "/run/state/bin/kubeadm"
|
||||
kubeletPath = "/run/state/bin/kubelet"
|
||||
kubeletServiceEtcPath = "/run/systemd/system/kubelet.service"
|
||||
kubeletServiceStatePath = "/run/state/systemd/system/kubelet.service"
|
||||
kubeadmConfEtcPath = "/run/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
||||
kubeadmConfStatePath = "/run/state/systemd/system/kubelet.service.d/10-kubeadm.conf"
|
||||
executablePerm = 0o544
|
||||
systemdUnitPerm = 0o644
|
||||
cniPluginsDir = "/opt/cni/bin"
|
||||
binDir = "/run/state/bin"
|
||||
kubeadmPath = "/run/state/bin/kubeadm"
|
||||
kubeletPath = "/run/state/bin/kubelet"
|
||||
kubeletServicePath = "/usr/lib/systemd/system/kubelet.service"
|
||||
executablePerm = 0o544
|
||||
systemdUnitPerm = 0o644
|
||||
)
|
||||
|
@ -34,7 +34,6 @@ import (
|
||||
"github.com/edgelesssys/constellation/v2/internal/file"
|
||||
"github.com/edgelesssys/constellation/v2/internal/logger"
|
||||
"github.com/edgelesssys/constellation/v2/internal/versions"
|
||||
"github.com/icholy/replace"
|
||||
"github.com/spf13/afero"
|
||||
"go.uber.org/zap"
|
||||
"golang.org/x/text/transform"
|
||||
@ -93,16 +92,6 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions
|
||||
); err != nil {
|
||||
return fmt.Errorf("installing crictl: %w", err)
|
||||
}
|
||||
if err := k.inst.Install(
|
||||
ctx, versionConf.KubeletServiceURL, []string{kubeletServiceEtcPath, kubeletServiceStatePath}, systemdUnitPerm, false, replace.String("/usr/bin", binDir),
|
||||
); err != nil {
|
||||
return fmt.Errorf("installing kubelet service: %w", err)
|
||||
}
|
||||
if err := k.inst.Install(
|
||||
ctx, versionConf.KubeadmConfURL, []string{kubeadmConfEtcPath, kubeadmConfStatePath}, systemdUnitPerm, false, replace.String("/usr/bin", binDir),
|
||||
); err != nil {
|
||||
return fmt.Errorf("installing kubeadm conf: %w", err)
|
||||
}
|
||||
if err := k.inst.Install(
|
||||
ctx, versionConf.KubeletURL, []string{kubeletPath}, executablePerm, false,
|
||||
); err != nil {
|
||||
@ -119,7 +108,7 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions
|
||||
return fmt.Errorf("installing kubectl: %w", err)
|
||||
}
|
||||
|
||||
return enableSystemdUnit(ctx, kubeletServiceEtcPath)
|
||||
return enableSystemdUnit(ctx, kubeletServicePath)
|
||||
}
|
||||
|
||||
func (k *KubernetesUtil) InitCluster(
|
||||
@ -434,7 +423,7 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, pee
|
||||
func (k *KubernetesUtil) StartKubelet() error {
|
||||
ctx, cancel := context.WithTimeout(context.TODO(), kubeletStartTimeout)
|
||||
defer cancel()
|
||||
if err := enableSystemdUnit(ctx, kubeletServiceEtcPath); err != nil {
|
||||
if err := enableSystemdUnit(ctx, kubeletServicePath); err != nil {
|
||||
return fmt.Errorf("enabling kubelet systemd unit: %w", err)
|
||||
}
|
||||
return startSystemdUnit(ctx, "kubelet.service")
|
||||
|
@ -5,12 +5,5 @@
|
||||
|
||||
set -euxo pipefail
|
||||
|
||||
# recreate kubelet systemd unit after reboot.
|
||||
# tmpfile config has to be written late as it interferes with the systemd-nspawn build environment
|
||||
cat >"${BUILDROOT}/usr/lib/tmpfiles.d/kubelet-service.conf" <<EOF
|
||||
C /run/systemd/system/kubelet.service - - - - /run/state/systemd/system/kubelet.service
|
||||
C /run/systemd/system/kubelet.service.d/10-kubeadm.conf - - - - /run/state/systemd/system/kubelet.service.d/10-kubeadm.conf
|
||||
EOF
|
||||
|
||||
# cleanup dracut generation files (disk-mapper) to save space
|
||||
rm -rf "${BUILDROOT}/usr/lib/dracut/modules.d/39constellation-mount/"
|
||||
|
@ -1,5 +1,6 @@
|
||||
enable constellation-bootstrapper.service
|
||||
enable configure-constel-csp.service
|
||||
enable constellation-bootstrapper.service
|
||||
enable containerd.service
|
||||
enable tpm-pcrs.service
|
||||
enable kubelet.service
|
||||
enable systemd-networkd.service
|
||||
enable tpm-pcrs.service
|
||||
|
21
image/mkosi.skeleton/usr/lib/systemd/system/kubelet.service
Normal file
21
image/mkosi.skeleton/usr/lib/systemd/system/kubelet.service
Normal file
@ -0,0 +1,21 @@
|
||||
[Unit]
|
||||
Description=kubelet: The Kubernetes Node Agent
|
||||
Documentation=https://kubernetes.io/docs/home/
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
|
||||
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
|
||||
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
|
||||
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
|
||||
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
|
||||
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
|
||||
EnvironmentFile=-/etc/default/kubelet
|
||||
ExecStart=/run/state/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
|
||||
Restart=always
|
||||
StartLimitInterval=0
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -82,14 +82,12 @@ var (
|
||||
// versionConfigs holds download URLs for all required kubernetes components for every supported version.
|
||||
var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
||||
V1_23: {
|
||||
PatchVersion: "1.23.12",
|
||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.1/crictl-v1.24.1-linux-amd64.tar.gz",
|
||||
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service",
|
||||
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf",
|
||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubelet",
|
||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubeadm",
|
||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubectl",
|
||||
PatchVersion: "1.23.12",
|
||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.1/crictl-v1.24.1-linux-amd64.tar.gz",
|
||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubelet",
|
||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubeadm",
|
||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.23.12/bin/linux/amd64/kubectl",
|
||||
// CloudControllerManagerImageGCP is the CCM image used on GCP.
|
||||
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
|
||||
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v23.0.0@sha256:476616939b85345d7188815045847fcbea8d502464083407cdbb6c934e35820d",
|
||||
@ -101,14 +99,12 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
||||
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7",
|
||||
},
|
||||
V1_24: {
|
||||
PatchVersion: "1.24.6",
|
||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz",
|
||||
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service",
|
||||
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf",
|
||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubelet",
|
||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubeadm",
|
||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubectl",
|
||||
PatchVersion: "1.24.6",
|
||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz",
|
||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubelet",
|
||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubeadm",
|
||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.24.6/bin/linux/amd64/kubectl",
|
||||
// CloudControllerManagerImageGCP is the CCM image used on GCP.
|
||||
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
|
||||
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v24.0.0@sha256:8ee4261980019d3ee8517e12f36fc313fe3ea3e44dd40ee2e004b57f6e5ef171",
|
||||
@ -120,14 +116,12 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
|
||||
ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72",
|
||||
},
|
||||
V1_25: {
|
||||
PatchVersion: "1.25.2",
|
||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz",
|
||||
KubeletServiceURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service",
|
||||
KubeadmConfURL: "https://raw.githubusercontent.com/kubernetes/release/v0.14.0/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf",
|
||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubelet",
|
||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubeadm",
|
||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubectl",
|
||||
PatchVersion: "1.25.2",
|
||||
CNIPluginsURL: "https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz",
|
||||
CrictlURL: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz",
|
||||
KubeletURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubelet",
|
||||
KubeadmURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubeadm",
|
||||
KubectlURL: "https://storage.googleapis.com/kubernetes-release/release/v1.25.2/bin/linux/amd64/kubectl",
|
||||
// CloudControllerManagerImageGCP is the CCM image used on GCP.
|
||||
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
|
||||
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v25.2.0@sha256:86fa9d31ed0b3d0d8806f13d6e7debd3471028b2cb7cca3a876d8a31612a7ba5",
|
||||
@ -148,8 +142,6 @@ type KubernetesVersion struct {
|
||||
PatchVersion string
|
||||
CNIPluginsURL string // No k8s version dependency.
|
||||
CrictlURL string // k8s version dependency.
|
||||
KubeletServiceURL string // No k8s version dependency.
|
||||
KubeadmConfURL string // kubeadm/kubelet v1.11+.
|
||||
KubeletURL string // k8s version dependency.
|
||||
KubeadmURL string // k8s version dependency.
|
||||
KubectlURL string // k8s version dependency.
|
||||
|
Loading…
Reference in New Issue
Block a user