Skip to content

[WIP] Update kubernetes #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[WIP] Update kubernetes #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
875bed6
Update kubernetes to 1.14
bjwschaap Jul 19, 2019
f6ef3ed
Update k8s and Docker version
bjwschaap Jul 25, 2019
fa7d4d3
Refactor CI
bjwschaap Aug 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 19 additions & 12 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ linuxkit_pkg_build: &linuxkit_pkg_build
at: /workspace
- checkout
- setup_remote_docker:
version: 17.06.1-ce
version: 18.06.0-ce
- run:
name: Docker version
command: |
Expand Down Expand Up @@ -47,7 +47,7 @@ image_build: &image_build
at: /workspace
- checkout
- setup_remote_docker:
version: 17.06.1-ce
version: 18.06.0-ce
- run:
name: Importing packages from workspace
command: |
Expand Down Expand Up @@ -102,24 +102,24 @@ jobs:
- run:
name: Fetch binaries
command: |
curl -fsSL -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-18.03.0-ce.tgz
curl -fsSL -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-18.06.0-ce.tgz
tar xfO /tmp/docker.tgz docker/docker > /workspace/bin/docker
# To update find the most recent successful build at https://circleci.com/gh/linuxkit/linuxkit/tree/master
# and find the link + SHA256 in the `Artifacts` tab
curl -fsSL -o /workspace/bin/linuxkit https://github.com/linuxkit/linuxkit/releases/download/v0.4/linuxkit-linux-amd64
curl -fsSL -o /workspace/bin/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.7.0/manifest-tool-linux-amd64
curl -fsSL -o /workspace/bin/notary https://github.com/theupdateframework/notary/releases/download/v0.6.0/notary-Linux-amd64
curl -fsSL -o /workspace/bin/linuxkit https://github.com/linuxkit/linuxkit/releases/download/v0.7/linuxkit-linux-amd64
curl -fsSL -o /workspace/bin/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.9.0/manifest-tool-linux-amd64
curl -fsSL -o /workspace/bin/notary https://github.com/theupdateframework/notary/releases/download/v0.6.1/notary-Linux-amd64

echo "Downloaded:"
sha256sum /workspace/bin/*
echo

echo "Checking checksums"
sha256sum -c <<EOF
f5ea546a4ccd64fbb71825f964171256388f1181b000f3c56747075e383c81c6 /workspace/bin/docker
57074fda28aefdefaec96866b178d1d0b8d3e251725c506d4e22851032733649 /workspace/bin/linuxkit
e4ca2ef0015a4be8597d31d9e3e70d88da33924ae72b0999e9f3b79304d4710d /workspace/bin/manifest-tool
f4e421b3bb3c32c39372f7f02fbe80c67580cccd381f9722b1c702b3ab63a1c7 /workspace/bin/notary
7ceb584cedba158b335fa2df11556cd70c6c528c7c93ceb3bf9aa13903e824cd /workspace/bin/docker
c747033343315774b6e51f618eb143d5714e398a32b59b9b6acab23b599dd970 /workspace/bin/linuxkit
80906341c3306e3838437eeb08fff5da2c38bd89149019aa301c7745e07ea8f9 /workspace/bin/manifest-tool
73353b2b4b85604c738a6800465133cb3a828dff0aa26f3c0926dd9a73e19879 /workspace/bin/notary
EOF
- run:
name: Versions
Expand All @@ -146,7 +146,7 @@ jobs:
- attach_workspace:
at: /workspace
- setup_remote_docker:
version: 17.06.1-ce
version: 18.06.0-ce
- run:
name: Docker version
command: |
Expand Down Expand Up @@ -194,6 +194,8 @@ jobs:
exit 1
fi

pkg-eudev:
<<: *linuxkit_pkg_build
pkg-kubelet:
<<: *linuxkit_pkg_build
pkg-cri-containerd:
Expand Down Expand Up @@ -247,7 +249,7 @@ jobs:
at: /workspace
- checkout
- setup_remote_docker:
version: 17.06.1-ce
version: 18.06.0-ce
- run:
name: Docker version
command: |
Expand All @@ -274,6 +276,7 @@ jobs:
mkdir -p ~/.docker/trust/private
cp .circleci/content-trust.key ~/.docker/trust/private/b056f84873aa0be205dfe826afa6e7458120c9569dd19a2a84154498fb1165d5.key

linuxkit pkg push --nobuild pkg/eudev
linuxkit pkg push --nobuild pkg/kubelet
linuxkit pkg push --nobuild pkg/cri-containerd
linuxkit pkg push --nobuild pkg/kube-e2e-test
Expand All @@ -289,6 +292,9 @@ workflows:
requires:
- dependencies

- pkg-eudev:
requires:
- dependencies
- pkg-kubelet:
requires:
- dependencies
Expand Down Expand Up @@ -334,6 +340,7 @@ workflows:
# but be more explicit.
requires:
- lint
- pkg-eudev
- pkg-kubelet
- pkg-cri-containerd
- pkg-kube-e2e-test
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
*.iso
*.tar
kube-*-kernel
kube-*-cmdline
kube-*-initrd.img
kube-*-state
kube-weave.yaml
kube-calico.yaml
14 changes: 10 additions & 4 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
KUBE_RUNTIME ?= docker
KUBE_NETWORK ?= weave

KUBE_NETWORK_WEAVE ?= v2.2.1
KUBE_VERSION ?= 1.15
KUBE_NETWORK_WEAVE ?= v2.5.2
KUBE_NETWORK_CALICO ?= v3.8

ifeq ($(shell uname -s),Darwin)
KUBE_FORMATS ?= iso-efi
Expand All @@ -25,7 +26,12 @@ node: yml/kube.yml yml/$(KUBE_RUNTIME).yml yml/$(KUBE_NETWORK).yml $(KUBE_EXTRA_
yml/weave.yml: kube-weave.yaml

kube-weave.yaml:
curl -L -o $@ https://cloud.weave.works/k8s/v1.8/net?v=$(KUBE_NETWORK_WEAVE)
curl -L -o $@ https://cloud.weave.works/k8s/v$(KUBE_VERSION)/net?v=$(KUBE_NETWORK_WEAVE)

yml/calico.yml: kube-calico.yaml

kube-calico.yaml:
curl -L -o $@ https://docs.projectcalico.org/${KUBE_NETWORK_CALICO}/manifests/calico.yaml

.PHONY: update-hashes
update-hashes:
Expand All @@ -41,7 +47,7 @@ update-hashes:
clean:
rm -f -r \
kube-*-kernel kube-*-cmdline kube-*-state kube-*-initrd.img *.iso \
kube-weave.yaml
kube-weave.yaml kube-calico.yaml

.PHONY: refresh-image-caches
refresh-image-caches:
Expand Down
2 changes: 1 addition & 1 deletion pkg/cri-containerd/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why lock it to amd64?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not done on purpose. I built a new linuxkit/alpine 3.10 base image (mirror), which I need to use as base. So it's just a quick copy-and-paste from my docker build output...

I guess all image hashed would need to be corrected, since there will be new ones once the upstream image gets built, signed and pushed by a Docker employee.


RUN \
apk add \
Expand Down
22 changes: 22 additions & 0 deletions pkg/eudev/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS mirror

RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/

RUN apk add --no-cache --initdb -p /out \
alpine-baselayout \
busybox \
ca-certificates \
tini \
eudev \
&& true

# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache

FROM scratch
WORKDIR /
ENTRYPOINT []
COPY --from=mirror /out /
COPY etc/ /etc/
COPY usr/ /usr/
CMD ["/sbin/tini", "/usr/bin/udevd.sh"]
22 changes: 22 additions & 0 deletions pkg/eudev/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
org: linuxkit
image: eudev
network: true
arches:
- amd64
config:
binds:
- /dev:/dev
- /run:/run:rshared,rbind
- /var:/var:rshared,rbind
capabilities:
- all
rootfsPropagation: shared
pid: host
runtime:
mkdir:
- /run/udev
mounts:
- type: bind
source: /run/udev
destination: /run/udev
options: ["rw","bind"]
3 changes: 3 additions & 0 deletions pkg/eudev/etc/udev/udev.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# see udev.conf(5) for details

udev_log="info"
3 changes: 3 additions & 0 deletions pkg/eudev/usr/bin/udevd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh
udevadm hwdb --update
exec /sbin/udevd
2 changes: 1 addition & 1 deletion pkg/kube-e2e-test/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build

# When changing kubernetes_version remember to also update:
# - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level
Expand Down
18 changes: 13 additions & 5 deletions pkg/kubelet/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build

# When changing kubernetes_version remember to also update:
# - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level
# - pkg/e2e-test/Dockerfile
ENV kubernetes_version v1.10.3
ENV cni_version v0.7.1
ENV critools_version v1.0.0-alpha.0
ENV kubernetes_version v1.15.1
ENV cni_version v0.8.1
ENV critools_version v1.15.0

RUN apk add -U --no-cache \
bash \
Expand All @@ -19,6 +19,7 @@ RUN apk add -U --no-cache \
linux-headers \
make \
rsync \
py-prettytable \
&& true

ENV GOPATH=/go PATH=$PATH:/go/bin
Expand Down Expand Up @@ -54,7 +55,7 @@ RUN set -e; \
git fetch origin "CNI_BRANCH"; \
fi; \
git checkout -q $CNI_COMMIT
RUN ./build.sh
RUN ./build_linux.sh

### critools

Expand Down Expand Up @@ -94,6 +95,12 @@ RUN apk add --no-cache --initdb -p /out \
socat \
util-linux \
nfs-utils \
ceph-common \
rbd-nbd \
py-prettytable \
e2fsprogs \
xfsprogs \
btrfs-progs \
&& true

RUN cp $GOPATH/src/github.com/kubernetes/kubernetes/_output/bin/kubelet /out/usr/bin/kubelet
Expand All @@ -116,4 +123,5 @@ FROM scratch
WORKDIR /
ENTRYPOINT ["/usr/bin/kubelet.sh"]
COPY --from=build /out /
COPY --from=docker:18.06.3-ce /usr/local/bin/docker /usr/local/bin/docker
ENV KUBECONFIG "/etc/kubernetes/admin.conf"
5 changes: 5 additions & 0 deletions pkg/kubelet/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ config:
- /var/lib/cni/bin
- /var/lib/kubelet-plugins
- /var/lib/nfs/statd/sm
- /run/udev
mounts:
- type: bind
source: /var/lib/cni/bin
Expand All @@ -45,3 +46,7 @@ config:
source: /var/lib/cni/conf
destination: /etc/cni/net.d
options: ["rw","bind"]
- type: bind
source: /run/udev
destination: /run/udev
options: ["rw","bind"]
19 changes: 16 additions & 3 deletions pkg/kubelet/kubelet.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
# Kubelet outputs only to stderr, so arrange for everything we do to go there too
exec 1>&2

# Need to remount the CNI plugins mount, because it's noexec when no disk
# is present in the host (tmpfs)
mount -o remount,exec /opt/cni/bin

if [ -e /etc/kubelet.sh.conf ] ; then
. /etc/kubelet.sh.conf
fi
Expand Down Expand Up @@ -79,7 +83,18 @@ else
"enforceNodeAllocatable": [],
"kubeReservedCgroup": "podruntime",
"systemReservedCgroup": "systemreserved",
"cgroupRoot": "kubepods"
"cgroupRoot": "kubepods",
"authentication": {
"x509": {
"clientCAFile": "/etc/kubernetes/pki/ca.crt"
},
"anonymous": {
"enabled": true
}
},
"authorization": {
"mode": "AlwaysAllow"
}
}
EOF
fi
Expand All @@ -98,9 +113,7 @@ exec kubelet \
--config=/run/config/kubelet-config.json \
--kubeconfig=/etc/kubernetes/kubelet.conf \
--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
--allow-privileged=true \
--network-plugin=cni \
--cni-conf-dir=/etc/cni/net.d \
--cni-bin-dir=/opt/cni/bin \
--cadvisor-port=0 \
$KUBELET_ARGS $@
6 changes: 3 additions & 3 deletions pkg/kubernetes-docker-image-cache-common/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build

RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
Expand All @@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
FROM scratch
WORKDIR /
COPY --from=build /out /
COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker
COPY --from=docker:18.06.3-ce /usr/local/bin/docker /usr/local/bin/docker
COPY dl/*.tar /images/
ENTRYPOINT [ "/bin/sh", "-c" ]
CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
8 changes: 3 additions & 5 deletions pkg/kubernetes-docker-image-cache-common/images.lst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# autogenerated by:
# ./scripts/mk-image-cache-lst common
gcr.io/google_containers/kube-proxy-amd64:v1.10.3@sha256:568df575bb2e630abfd4a4754a23a8af7b13c3f4a526796af01021eda3ff7a30
gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.8@sha256:23df717980b4aa08d2da6c4cfa327f1b730d92ec9cf740959d2d5911830d82fb
gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.8@sha256:6d8e0da4fb46e9ea2034a3f4cab0e095618a2ead78720c12e791342738e5f85d
gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8@sha256:93c827f018cf3322f1ff2aa80324a0306048b0a69bc274e423071fb0d2d29d8b
gcr.io/google_containers/pause-amd64:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610
gcr.io/google_containers/kube-proxy:v1.15.1@sha256:08186f4897488e96cb098dd8d1d931af9a6ea718bb8737bf44bb76e42075f0ce
gcr.io/google_containers/coredns:1.3.1@sha256:02382353821b12c21b062c59184e227e001079bb13ebd01f9d3270ba0fcbf1e4
gcr.io/google_containers/pause:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610
6 changes: 3 additions & 3 deletions pkg/kubernetes-docker-image-cache-control-plane/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build

RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
Expand All @@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
FROM scratch
WORKDIR /
COPY --from=build /out /
COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker
COPY --from=docker:18.06.3-ce /usr/local/bin/docker /usr/local/bin/docker
COPY dl/*.tar /images/
ENTRYPOINT [ "/bin/sh", "-c" ]
CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
8 changes: 4 additions & 4 deletions pkg/kubernetes-docker-image-cache-control-plane/images.lst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# autogenerated by:
# ./scripts/mk-image-cache-lst control-plane
gcr.io/google_containers/kube-apiserver-amd64:v1.10.3@sha256:a6c4b6b2429d0a15d30a546226e01b1164118e022ad40f3ece2f95126f1580f5
gcr.io/google_containers/kube-controller-manager-amd64:v1.10.3@sha256:98a3a7dc4c6c60dbeb0273302d697edaa89bd10fceed87ad5144c0b0acc5cced
gcr.io/google_containers/kube-scheduler-amd64:v1.10.3@sha256:4770e1f1eef2229138e45a2b813c927e971da9c40256a7e2321ccf825af56916
gcr.io/google_containers/etcd-amd64:3.1.12@sha256:68235934469f3bc58917bcf7018bf0d3b72129e6303b0bef28186d96b2259317
gcr.io/google_containers/kube-apiserver:v1.15.1@sha256:304a1c38707834062ee87df62ef329d52a8b9a3e70459565d0a396479073f54c
gcr.io/google_containers/kube-controller-manager:v1.15.1@sha256:9abae95e428e228fe8f6d1630d55e79e018037460f3731312805c0f37471e4bf
gcr.io/google_containers/kube-scheduler:v1.15.1@sha256:d0ee18a9593013fbc44b1920e4930f29b664b59a3958749763cb33b57e0e8956
gcr.io/google_containers/etcd:3.3.10@sha256:17da501f5d2a675be46040422a27b7cc21b8a43895ac998b171db1c346f361f7
Loading