From 875bed6580dac4d611e6dd90fa31852d304e079c Mon Sep 17 00:00:00 2001 From: Bastiaan Schaap Date: Fri, 19 Jul 2019 11:38:46 +0200 Subject: [PATCH 1/3] Update kubernetes to 1.14 Also enable external storage provisioners like Ceph RBD. Added eudev needed for detecting device mounts. Without it tools like rbd will timeout waiting for a message on /run/udev/control. Signed-off-by: Bastiaan Schaap --- .gitignore | 2 + Makefile | 23 ++++++--- pkg/cri-containerd/Dockerfile | 2 +- pkg/eudev/Dockerfile | 22 +++++++++ pkg/eudev/build.yml | 22 +++++++++ pkg/eudev/etc/udev/udev.conf | 3 ++ pkg/eudev/usr/bin/udevd.sh | 3 ++ pkg/kube-e2e-test/Dockerfile | 2 +- pkg/kubelet/Dockerfile | 18 +++++-- pkg/kubelet/build.yml | 5 ++ pkg/kubelet/kubelet.sh | 19 +++++-- .../Dockerfile | 6 +-- .../images.lst | 8 ++- .../Dockerfile | 6 +-- .../images.lst | 9 ++-- scripts/mk-image-cache-lst | 22 ++++----- yml/calico.yml | 3 ++ yml/docker-master.yml | 2 +- yml/docker.yml | 2 +- yml/kube.yml | 49 +++++++++++-------- 20 files changed, 160 insertions(+), 68 deletions(-) create mode 100644 pkg/eudev/Dockerfile create mode 100644 pkg/eudev/build.yml create mode 100644 pkg/eudev/etc/udev/udev.conf create mode 100755 pkg/eudev/usr/bin/udevd.sh create mode 100644 yml/calico.yml diff --git a/.gitignore b/.gitignore index d8f30c0..471a48b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ *.iso +*.tar kube-*-kernel kube-*-cmdline kube-*-initrd.img kube-*-state kube-weave.yaml +kube-calico.yaml diff --git a/Makefile b/Makefile index 3ece7f8..88f1877 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,15 @@ KUBE_RUNTIME ?= docker KUBE_NETWORK ?= weave +KUBE_VERSION ?= 1.14 +KUBE_NETWORK_WEAVE ?= v2.5.2 +KUBE_NETWORK_CALICO ?= v3.8 -KUBE_NETWORK_WEAVE ?= v2.2.1 - -ifeq ($(shell uname -s),Darwin) -KUBE_FORMATS ?= iso-efi -else -KUBE_FORMATS ?= iso-bios -endif +# ifeq ($(shell uname -s),Darwin) +# KUBE_FORMATS ?= iso-efi +# else +#KUBE_FORMATS ?= iso-bios +# endif +KUBE_FORMATS ?= tar-kernel-initrd KUBE_FORMAT_ARGS := $(patsubst %,-format %,$(KUBE_FORMATS)) @@ -25,7 +27,12 @@ node: yml/kube.yml yml/$(KUBE_RUNTIME).yml yml/$(KUBE_NETWORK).yml $(KUBE_EXTRA_ yml/weave.yml: kube-weave.yaml kube-weave.yaml: - curl -L -o $@ https://cloud.weave.works/k8s/v1.8/net?v=$(KUBE_NETWORK_WEAVE) + curl -L -o $@ https://cloud.weave.works/k8s/v$(KUBE_VERSION)/net?v=$(KUBE_NETWORK_WEAVE) + +yml/calico.yml: kube-calico.yaml + +kube-calico.yaml: + curl -L -o $@ https://docs.projectcalico.org/${KUBE_NETWORK_CALICO}/manifests/calico.yaml .PHONY: update-hashes update-hashes: diff --git a/pkg/cri-containerd/Dockerfile b/pkg/cri-containerd/Dockerfile index fe1093d..83fe529 100644 --- a/pkg/cri-containerd/Dockerfile +++ b/pkg/cri-containerd/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build +FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build RUN \ apk add \ diff --git a/pkg/eudev/Dockerfile b/pkg/eudev/Dockerfile new file mode 100644 index 0000000..be55e51 --- /dev/null +++ b/pkg/eudev/Dockerfile @@ -0,0 +1,22 @@ +FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS mirror + +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ + +RUN apk add --no-cache --initdb -p /out \ + alpine-baselayout \ + busybox \ + ca-certificates \ + tini \ + eudev \ + && true + +# Remove apk residuals. We have a read-only rootfs, so apk is of no use. +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache + +FROM scratch +WORKDIR / +ENTRYPOINT [] +COPY --from=mirror /out / +COPY etc/ /etc/ +COPY usr/ /usr/ +CMD ["/sbin/tini", "/usr/bin/udevd.sh"] diff --git a/pkg/eudev/build.yml b/pkg/eudev/build.yml new file mode 100644 index 0000000..77e9083 --- /dev/null +++ b/pkg/eudev/build.yml @@ -0,0 +1,22 @@ +org: linuxkit +image: eudev +network: true +arches: + - amd64 +config: + binds: + - /dev:/dev + - /run:/run:rshared,rbind + - /var:/var:rshared,rbind + capabilities: + - all + rootfsPropagation: shared + pid: host + runtime: + mkdir: + - /run/udev + mounts: + - type: bind + source: /run/udev + destination: /run/udev + options: ["rw","bind"] diff --git a/pkg/eudev/etc/udev/udev.conf b/pkg/eudev/etc/udev/udev.conf new file mode 100644 index 0000000..ffbaf2c --- /dev/null +++ b/pkg/eudev/etc/udev/udev.conf @@ -0,0 +1,3 @@ +# see udev.conf(5) for details + +udev_log="info" diff --git a/pkg/eudev/usr/bin/udevd.sh b/pkg/eudev/usr/bin/udevd.sh new file mode 100755 index 0000000..bbe03bb --- /dev/null +++ b/pkg/eudev/usr/bin/udevd.sh @@ -0,0 +1,3 @@ +#!/bin/sh +udevadm hwdb --update +exec /sbin/udevd diff --git a/pkg/kube-e2e-test/Dockerfile b/pkg/kube-e2e-test/Dockerfile index c27d029..c5bbf05 100644 --- a/pkg/kube-e2e-test/Dockerfile +++ b/pkg/kube-e2e-test/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build +FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build # When changing kubernetes_version remember to also update: # - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level diff --git a/pkg/kubelet/Dockerfile b/pkg/kubelet/Dockerfile index 6d131c4..cbb519d 100644 --- a/pkg/kubelet/Dockerfile +++ b/pkg/kubelet/Dockerfile @@ -1,11 +1,11 @@ -FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build +FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build # When changing kubernetes_version remember to also update: # - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level # - pkg/e2e-test/Dockerfile -ENV kubernetes_version v1.10.3 -ENV cni_version v0.7.1 -ENV critools_version v1.0.0-alpha.0 +ENV kubernetes_version v1.14.4 +ENV cni_version v0.8.1 +ENV critools_version v1.15.0 RUN apk add -U --no-cache \ bash \ @@ -19,6 +19,7 @@ RUN apk add -U --no-cache \ linux-headers \ make \ rsync \ + py-prettytable \ && true ENV GOPATH=/go PATH=$PATH:/go/bin @@ -54,7 +55,7 @@ RUN set -e; \ git fetch origin "CNI_BRANCH"; \ fi; \ git checkout -q $CNI_COMMIT -RUN ./build.sh +RUN ./build_linux.sh ### critools @@ -94,6 +95,12 @@ RUN apk add --no-cache --initdb -p /out \ socat \ util-linux \ nfs-utils \ + ceph-common \ + rbd-nbd \ + py-prettytable \ + e2fsprogs \ + xfsprogs \ + btrfs-progs \ && true RUN cp $GOPATH/src/github.com/kubernetes/kubernetes/_output/bin/kubelet /out/usr/bin/kubelet @@ -116,4 +123,5 @@ FROM scratch WORKDIR / ENTRYPOINT ["/usr/bin/kubelet.sh"] COPY --from=build /out / +COPY --from=docker:18.03.0-ce /usr/local/bin/docker /usr/local/bin/docker ENV KUBECONFIG "/etc/kubernetes/admin.conf" diff --git a/pkg/kubelet/build.yml b/pkg/kubelet/build.yml index 1cd77b5..57b602c 100644 --- a/pkg/kubelet/build.yml +++ b/pkg/kubelet/build.yml @@ -36,6 +36,7 @@ config: - /var/lib/cni/bin - /var/lib/kubelet-plugins - /var/lib/nfs/statd/sm + - /run/udev mounts: - type: bind source: /var/lib/cni/bin @@ -45,3 +46,7 @@ config: source: /var/lib/cni/conf destination: /etc/cni/net.d options: ["rw","bind"] + - type: bind + source: /run/udev + destination: /run/udev + options: ["rw","bind"] diff --git a/pkg/kubelet/kubelet.sh b/pkg/kubelet/kubelet.sh index d002e48..37a419d 100755 --- a/pkg/kubelet/kubelet.sh +++ b/pkg/kubelet/kubelet.sh @@ -2,6 +2,10 @@ # Kubelet outputs only to stderr, so arrange for everything we do to go there too exec 1>&2 +# Need to remount the CNI plugins mount, because it's noexec when no disk +# is present in the host (tmpfs) +mount -o remount,exec /opt/cni/bin + if [ -e /etc/kubelet.sh.conf ] ; then . /etc/kubelet.sh.conf fi @@ -79,7 +83,18 @@ else "enforceNodeAllocatable": [], "kubeReservedCgroup": "podruntime", "systemReservedCgroup": "systemreserved", - "cgroupRoot": "kubepods" + "cgroupRoot": "kubepods", + "authentication": { + "x509": { + "clientCAFile": "/etc/kubernetes/pki/ca.crt" + }, + "anonymous": { + "enabled": true + } + }, + "authorization": { + "mode": "AlwaysAllow" + } } EOF fi @@ -98,9 +113,7 @@ exec kubelet \ --config=/run/config/kubelet-config.json \ --kubeconfig=/etc/kubernetes/kubelet.conf \ --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ - --allow-privileged=true \ --network-plugin=cni \ --cni-conf-dir=/etc/cni/net.d \ --cni-bin-dir=/opt/cni/bin \ - --cadvisor-port=0 \ $KUBELET_ARGS $@ diff --git a/pkg/kubernetes-docker-image-cache-common/Dockerfile b/pkg/kubernetes-docker-image-cache-common/Dockerfile index 0ceb5c4..a704355 100644 --- a/pkg/kubernetes-docker-image-cache-common/Dockerfile +++ b/pkg/kubernetes-docker-image-cache-common/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build +FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk add --no-cache --initdb -p /out \ @@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache FROM scratch WORKDIR / COPY --from=build /out / -COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker +COPY --from=docker:18.03.0-ce /usr/local/bin/docker /usr/local/bin/docker COPY dl/*.tar /images/ ENTRYPOINT [ "/bin/sh", "-c" ] -CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ] +CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ] diff --git a/pkg/kubernetes-docker-image-cache-common/images.lst b/pkg/kubernetes-docker-image-cache-common/images.lst index a1ad79e..044ca5d 100644 --- a/pkg/kubernetes-docker-image-cache-common/images.lst +++ b/pkg/kubernetes-docker-image-cache-common/images.lst @@ -1,7 +1,5 @@ # autogenerated by: # ./scripts/mk-image-cache-lst common -gcr.io/google_containers/kube-proxy-amd64:v1.10.3@sha256:568df575bb2e630abfd4a4754a23a8af7b13c3f4a526796af01021eda3ff7a30 -gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.8@sha256:23df717980b4aa08d2da6c4cfa327f1b730d92ec9cf740959d2d5911830d82fb -gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.8@sha256:6d8e0da4fb46e9ea2034a3f4cab0e095618a2ead78720c12e791342738e5f85d -gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8@sha256:93c827f018cf3322f1ff2aa80324a0306048b0a69bc274e423071fb0d2d29d8b -gcr.io/google_containers/pause-amd64:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610 +gcr.io/google_containers/kube-proxy:v1.14.4@sha256:a8d90a206f775e09927af8567b076d7a14caa1a451be16b1cf1933a972e8aad4 +gcr.io/google_containers/coredns:1.3.1@sha256:02382353821b12c21b062c59184e227e001079bb13ebd01f9d3270ba0fcbf1e4 +gcr.io/google_containers/pause:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610 diff --git a/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile b/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile index 0ceb5c4..a704355 100644 --- a/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile +++ b/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile @@ -1,4 +1,4 @@ -FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build +FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ RUN apk add --no-cache --initdb -p /out \ @@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache FROM scratch WORKDIR / COPY --from=build /out / -COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker +COPY --from=docker:18.03.0-ce /usr/local/bin/docker /usr/local/bin/docker COPY dl/*.tar /images/ ENTRYPOINT [ "/bin/sh", "-c" ] -CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ] +CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ] diff --git a/pkg/kubernetes-docker-image-cache-control-plane/images.lst b/pkg/kubernetes-docker-image-cache-control-plane/images.lst index 111192e..bb2d7af 100644 --- a/pkg/kubernetes-docker-image-cache-control-plane/images.lst +++ b/pkg/kubernetes-docker-image-cache-control-plane/images.lst @@ -1,6 +1,7 @@ # autogenerated by: # ./scripts/mk-image-cache-lst control-plane -gcr.io/google_containers/kube-apiserver-amd64:v1.10.3@sha256:a6c4b6b2429d0a15d30a546226e01b1164118e022ad40f3ece2f95126f1580f5 -gcr.io/google_containers/kube-controller-manager-amd64:v1.10.3@sha256:98a3a7dc4c6c60dbeb0273302d697edaa89bd10fceed87ad5144c0b0acc5cced -gcr.io/google_containers/kube-scheduler-amd64:v1.10.3@sha256:4770e1f1eef2229138e45a2b813c927e971da9c40256a7e2321ccf825af56916 -gcr.io/google_containers/etcd-amd64:3.1.12@sha256:68235934469f3bc58917bcf7018bf0d3b72129e6303b0bef28186d96b2259317 +gcr.io/google_containers/kube-apiserver:v1.14.4@sha256:be78c5871964d5f7a6716670a3e40fc0815e8a7391b31a60d261b8d40e663e34 +gcr.io/google_containers/kube-proxy:v1.14.4@sha256:a8d90a206f775e09927af8567b076d7a14caa1a451be16b1cf1933a972e8aad4 +gcr.io/google_containers/kube-controller-manager:v1.14.4@sha256:8c990c920d141979a35d3da73dac38415ba5946ecff48bdf1a4455271090ffaf +gcr.io/google_containers/kube-scheduler:v1.14.4@sha256:5463ae2574811dc07f8c8bf70b8ebce8c021e630d5f176ad0d0bfeebea504d8b +gcr.io/google_containers/etcd:3.3.10-1@sha256:02cd751eef4f7dcea7986e58d51903dab39baf4606f636b50891f30190abce2c diff --git a/scripts/mk-image-cache-lst b/scripts/mk-image-cache-lst index f1c1539..796492d 100755 --- a/scripts/mk-image-cache-lst +++ b/scripts/mk-image-cache-lst @@ -3,23 +3,21 @@ repo=gcr.io/google_containers # When changing kubernetes_version remember to also update: # - pkg/kubelet/Dockerfile # - pkg/e2e-test/Dockerfile -kubernetes_version=v1.10.3 -kube_dns_version=1.14.8 +kubernetes_version=v1.14.4 +coredns_version=1.3.1 pause_version=3.1 -etcd_version=3.1.12 +etcd_version=3.3.10-1 common=" - kube-proxy-amd64:$kubernetes_version - k8s-dns-sidecar-amd64:$kube_dns_version - k8s-dns-kube-dns-amd64:$kube_dns_version - k8s-dns-dnsmasq-nanny-amd64:$kube_dns_version - pause-amd64:$pause_version" + kube-proxy:$kubernetes_version + coredns:$coredns_version + pause:$pause_version" control=" - kube-apiserver-amd64:$kubernetes_version - kube-controller-manager-amd64:$kubernetes_version - kube-scheduler-amd64:$kubernetes_version - etcd-amd64:$etcd_version" + kube-apiserver:$kubernetes_version + kube-controller-manager:$kubernetes_version + kube-scheduler:$kubernetes_version + etcd:$etcd_version" oi() { local i="$1" diff --git a/yml/calico.yml b/yml/calico.yml new file mode 100644 index 0000000..24cd5a5 --- /dev/null +++ b/yml/calico.yml @@ -0,0 +1,3 @@ +files: + - path: /etc/kubeadm/kube-system.init/50-calico.yaml + source: kube-calico.yaml diff --git a/yml/docker-master.yml b/yml/docker-master.yml index cb56471..8c42dba 100644 --- a/yml/docker-master.yml +++ b/yml/docker-master.yml @@ -1,4 +1,4 @@ services: - name: kubernetes-docker-image-cache-control-plane - image: linuxkit/kubernetes-docker-image-cache-control-plane:698faae3de953d7fc0f009360bcfce98497afe76 + image: linuxkit/kubernetes-docker-image-cache-control-plane:698faae3de953d7fc0f009360bcfce98497afe76-dirty cgroupsPath: podruntime/control-cache diff --git a/yml/docker.yml b/yml/docker.yml index 34851e2..3a48c37 100644 --- a/yml/docker.yml +++ b/yml/docker.yml @@ -26,7 +26,7 @@ services: mkdir: ["/var/lib/kubeadm", "/var/lib/cni/conf", "/var/lib/cni/bin", "/var/lib/kubelet-plugins"] cgroupsPath: podruntime/docker - name: kubernetes-docker-image-cache-common - image: linuxkit/kubernetes-docker-image-cache-common:2da947148638cbbef869215cdb0e572c0402833c + image: linuxkit/kubernetes-docker-image-cache-common:2da947148638cbbef869215cdb0e572c0402833c-dirty cgroupsPath: podruntime/common-cache files: - path: /etc/kubelet.sh.conf diff --git a/yml/kube.yml b/yml/kube.yml index 1289062..57604b2 100644 --- a/yml/kube.yml +++ b/yml/kube.yml @@ -1,47 +1,52 @@ kernel: - image: linuxkit/kernel:4.14.40 + image: linuxkit/kernel:4.19.56 cmdline: "console=tty0 console=ttyS0" init: - - linuxkit/init:c79d7587fcd0a195b8a3ecafe428a30e735cf2b4 - - linuxkit/runc:d659de11767a419319b175700a7c6f64b8704f8c - - linuxkit/containerd:018fc633223d8a49f650da365603a5abccc6a423 - - linuxkit/ca-certificates:f882e9be933fac737bf1f4d303a4bb49a12f302f + - linuxkit/init:v0.7 + - linuxkit/runc:v0.7 + - linuxkit/containerd:v0.7 + - linuxkit/ca-certificates:v0.7 onboot: + - name: modprobe + image: linuxkit/modprobe:v0.7 + command: ["modprobe", "rbd"] - name: sysctl - image: linuxkit/sysctl:2a98cb7a116d4d8a71498cea0e0ad8116a9b5a3b + image: linuxkit/sysctl:v0.7 binds: - /etc/sysctl.d/01-kubernetes.conf:/etc/sysctl.d/01-kubernetes.conf readonly: false - name: sysfs - image: linuxkit/sysfs:dc7b876f395fa44c2b93bad6b987e418497c5b34 + image: linuxkit/sysfs:v0.7 - name: dhcpcd - image: linuxkit/dhcpcd:193a81bd4a93779c8a048d66e0cb1d201d0ae102 + image: linuxkit/dhcpcd:v0.7 command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: metadata - image: linuxkit/metadata:6962be42ec291db67ac9bb4267d8fd06fd464f48 + image: linuxkit/metadata:v0.7 - name: format - image: linuxkit/format:9a537dd3eaefd02dbc01c598b843fba33da8c1a5 + image: linuxkit/format:v0.7 - name: mounts - image: linuxkit/mount:a718496fa5ea2a7a9f7552eac64c7f3699fb6a86 + image: linuxkit/mount:v0.7 command: ["/usr/bin/mountie", "/var/lib/"] services: - - name: getty - image: linuxkit/getty:3fa8e2240c1392ba4af508d3e6be8548443b12cc - env: - - INSECURE=true - cgroupsPath: systemreserved/getty - name: rngd - image: linuxkit/rngd:aaa9a63cbc9c04421b160b85aef4df5fa5d0f5f0 + image: linuxkit/rngd:v0.7 cgroupsPath: systemreserved/rngd + - name: eudev + image: linuxkit/eudev:83ba66c5e59fa5077c21d42a7ff4f620a8456b1d-dirty + cgroupsPath: systemreserved/eudev - name: ntpd - image: linuxkit/openntpd:413ee972bc71a66030c50bc8daf7385e5c8ea269 + image: linuxkit/openntpd:v0.7 cgroupsPath: systemreserved/ntpd - name: sshd - image: linuxkit/sshd:5544de2376475f6685e12bdc10bfe49f4695873a + image: linuxkit/sshd:v0.7 cgroupsPath: systemreserved/sshd - name: kubelet - image: linuxkit/kubelet:9aed4553dba72f8424da7b3b3029e3974a5bea7b + image: linuxkit/kubelet:0bc50f1bacc8a95e9d0b5e8c089cf295ca7e5bef-dirty cgroupsPath: podruntime/kubelet + - name: getty + image: linuxkit/getty:v0.7 + env: + - INSECURE=true files: - path: etc/linuxkit.yml metadata: yaml @@ -55,7 +60,9 @@ files: - path: /etc/kubeadm/ directory: true - path: /etc/sysctl.d/01-kubernetes.conf - contents: 'net.ipv4.ip_forward = 1' + contents: |+ + net.ipv4.ip_forward = 1 + net.bridge.bridge-nf-call-iptables = 1 - path: /etc/cni/net.d directory: true - path: /opt/cni/bin From f6ef3ed32a5da07dfa4fcabad0ce7f0c22a8dfa3 Mon Sep 17 00:00:00 2001 From: Bastiaan Schaap Date: Thu, 25 Jul 2019 11:53:31 +0200 Subject: [PATCH 2/3] Update k8s and Docker version Signed-off-by: Bastiaan Schaap --- .circleci/config.yml | 24 +++++++++---------- Makefile | 13 +++++----- pkg/kubelet/Dockerfile | 4 ++-- .../Dockerfile | 2 +- .../images.lst | 2 +- .../Dockerfile | 2 +- .../images.lst | 9 ++++--- scripts/mk-image-cache-lst | 4 ++-- yml/cri-containerd.yml | 2 +- yml/docker-master.yml | 2 +- yml/docker.yml | 4 ++-- yml/kube.yml | 5 ++-- 12 files changed, 36 insertions(+), 37 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 065d9bf..012f1b6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ linuxkit_pkg_build: &linuxkit_pkg_build at: /workspace - checkout - setup_remote_docker: - version: 17.06.1-ce + version: 18.06.0-ce - run: name: Docker version command: | @@ -47,7 +47,7 @@ image_build: &image_build at: /workspace - checkout - setup_remote_docker: - version: 17.06.1-ce + version: 18.06.0-ce - run: name: Importing packages from workspace command: | @@ -102,13 +102,13 @@ jobs: - run: name: Fetch binaries command: | - curl -fsSL -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-18.03.0-ce.tgz + curl -fsSL -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-18.06.0-ce.tgz tar xfO /tmp/docker.tgz docker/docker > /workspace/bin/docker # To update find the most recent successful build at https://circleci.com/gh/linuxkit/linuxkit/tree/master # and find the link + SHA256 in the `Artifacts` tab - curl -fsSL -o /workspace/bin/linuxkit https://github.com/linuxkit/linuxkit/releases/download/v0.4/linuxkit-linux-amd64 - curl -fsSL -o /workspace/bin/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.7.0/manifest-tool-linux-amd64 - curl -fsSL -o /workspace/bin/notary https://github.com/theupdateframework/notary/releases/download/v0.6.0/notary-Linux-amd64 + curl -fsSL -o /workspace/bin/linuxkit https://github.com/linuxkit/linuxkit/releases/download/v0.7/linuxkit-linux-amd64 + curl -fsSL -o /workspace/bin/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.9.0/manifest-tool-linux-amd64 + curl -fsSL -o /workspace/bin/notary https://github.com/theupdateframework/notary/releases/download/v0.6.1/notary-Linux-amd64 echo "Downloaded:" sha256sum /workspace/bin/* @@ -116,10 +116,10 @@ jobs: echo "Checking checksums" sha256sum -c < Date: Thu, 1 Aug 2019 11:23:07 +0200 Subject: [PATCH 3/3] Refactor CI Signed-off-by: Bastiaan Schaap --- .circleci/config.yml | 7 +++++++ Makefile | 2 +- yml/docker-master.yml | 2 +- yml/docker.yml | 2 +- yml/kube.yml | 2 +- 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 012f1b6..449018d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -194,6 +194,8 @@ jobs: exit 1 fi + pkg-eudev: + <<: *linuxkit_pkg_build pkg-kubelet: <<: *linuxkit_pkg_build pkg-cri-containerd: @@ -274,6 +276,7 @@ jobs: mkdir -p ~/.docker/trust/private cp .circleci/content-trust.key ~/.docker/trust/private/b056f84873aa0be205dfe826afa6e7458120c9569dd19a2a84154498fb1165d5.key + linuxkit pkg push --nobuild pkg/eudev linuxkit pkg push --nobuild pkg/kubelet linuxkit pkg push --nobuild pkg/cri-containerd linuxkit pkg push --nobuild pkg/kube-e2e-test @@ -289,6 +292,9 @@ workflows: requires: - dependencies + - pkg-eudev: + requires: + - dependencies - pkg-kubelet: requires: - dependencies @@ -334,6 +340,7 @@ workflows: # but be more explicit. requires: - lint + - pkg-eudev - pkg-kubelet - pkg-cri-containerd - pkg-kube-e2e-test diff --git a/Makefile b/Makefile index 5062f9a..393bfe6 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ update-hashes: clean: rm -f -r \ kube-*-kernel kube-*-cmdline kube-*-state kube-*-initrd.img *.iso \ - kube-weave.yaml + kube-weave.yaml kube-calico.yaml .PHONY: refresh-image-caches refresh-image-caches: diff --git a/yml/docker-master.yml b/yml/docker-master.yml index 964e52d..acafe68 100644 --- a/yml/docker-master.yml +++ b/yml/docker-master.yml @@ -1,4 +1,4 @@ services: - name: kubernetes-docker-image-cache-control-plane - image: linuxkit/kubernetes-docker-image-cache-control-plane:139f1a654743704a4878e3406390538008560be6-dirty + image: linuxkit/kubernetes-docker-image-cache-control-plane:0697f819e2e7ddb6238004bc965e1b0832c4d5bd cgroupsPath: podruntime/control-cache diff --git a/yml/docker.yml b/yml/docker.yml index 3a7355c..817357c 100644 --- a/yml/docker.yml +++ b/yml/docker.yml @@ -26,7 +26,7 @@ services: mkdir: ["/var/lib/kubeadm", "/var/lib/cni/conf", "/var/lib/cni/bin", "/var/lib/kubelet-plugins"] cgroupsPath: podruntime/docker - name: kubernetes-docker-image-cache-common - image: linuxkit/kubernetes-docker-image-cache-common:2284c229745de46e754ee3d64e9646af51f1cf73-dirty + image: linuxkit/kubernetes-docker-image-cache-common:4bf2b793229d248700d46ebfbffcfd57d9c70fce cgroupsPath: podruntime/common-cache files: - path: /etc/kubelet.sh.conf diff --git a/yml/kube.yml b/yml/kube.yml index bfbdb46..6781ca2 100644 --- a/yml/kube.yml +++ b/yml/kube.yml @@ -41,7 +41,7 @@ services: image: linuxkit/sshd:v0.7 cgroupsPath: systemreserved/sshd - name: kubelet - image: linuxkit/kubelet:4c3974d5ffa7de9769e5142056d453dc562481b7-dirty + image: linuxkit/kubelet:cb9348e381e51447843f3c86b1b99cff9e6dbf5e cgroupsPath: podruntime/kubelet - name: getty image: linuxkit/getty:v0.7