Merge "remove script update-k8s-feature-gates"
This commit is contained in:
Zuul
Gerrit Code Review
commit
4c83b058b1
@ -5,7 +5,6 @@ Source: https://github.com/kubernetes/kubernetes
|
|||||||
Files:
|
Files:
|
||||||
debian/kubeadm.conf
|
debian/kubeadm.conf
|
||||||
debian/kubelet-cgroup-setup.sh
|
debian/kubelet-cgroup-setup.sh
|
||||||
debian/update-k8s-feature-gates.sh
|
|
||||||
Copyright:
|
Copyright:
|
||||||
2022 Wind River Systems, Inc.
|
2022 Wind River Systems, Inc.
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
|
|||||||
@ -1,3 +1,2 @@
|
|||||||
usr/local/kubernetes/1.22.5/stage2/usr/bin/kubelet
|
usr/local/kubernetes/1.22.5/stage2/usr/bin/kubelet
|
||||||
usr/local/kubernetes/1.22.5/stage2/usr/bin/kubelet-cgroup-setup.sh
|
usr/local/kubernetes/1.22.5/stage2/usr/bin/kubelet-cgroup-setup.sh
|
||||||
usr/local/kubernetes/1.22.5/stage2/usr/local/sbin/update-k8s-feature-gates.sh
|
|
||||||
|
|||||||
@ -61,9 +61,6 @@ override_dh_install:
|
|||||||
echo "+++ INSTALLING kubelet-cgroup-setup.sh"
|
echo "+++ INSTALLING kubelet-cgroup-setup.sh"
|
||||||
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
|
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
|
||||||
|
|
||||||
echo "+++ INSTALLING update-k8s-feature-gates.sh"
|
|
||||||
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_local_sbindir} debian/update-k8s-feature-gates.sh
|
|
||||||
|
|
||||||
echo "+++ INSTALLING kube-apiserver"\
|
echo "+++ INSTALLING kube-apiserver"\
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_path}/kube-apiserver
|
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_path}/kube-apiserver
|
||||||
|
|
||||||
|
|||||||
@ -1,196 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# Copyright (c) 2022 Wind River Systems, Inc.
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
#
|
|
||||||
# This script is intended to be run during platform upgrade.
|
|
||||||
# It removes below feature gates from kube-apiserver configmap and rewrites
|
|
||||||
# kube-api-server and kube-controller-manager manifests
|
|
||||||
# - SCTPSupport=true
|
|
||||||
# - HugePageStorageMediumSize=true
|
|
||||||
# - TTLAfterFinished=true
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# Background:
|
|
||||||
# HugePageStorageMediumSize is deprecated in Kubernetes 1.22
|
|
||||||
# SCTPSupport blocks kube-apiserver pod to spawn after control-plane upgrade
|
|
||||||
# TTLAfterFinished value defaults to true from k8s 1.21
|
|
||||||
#
|
|
||||||
# The script also preserves the advertise-address in kube-apiserver
|
|
||||||
# manifest that gets overwritten as kubeadm init is run again in this script.
|
|
||||||
# In other words, it maintains the effect of this commit
|
|
||||||
# https://opendev.org/starlingx/stx-puppet/commit/04a1c1b0809f66488bd54e3f31d323430e7d9913
|
|
||||||
#
|
|
||||||
# Similarly, it removes the seccomp profiles configuration from the
|
|
||||||
# kube-apiserver manifest file to maintain the effect of this commit,
|
|
||||||
# https://opendev.org/starlingx/stx-puppet/commit/52ace69c837acc7e3aff8a2d584968297afd70fe
|
|
||||||
|
|
||||||
KUBEADM_CONFIGMAP_TMPFILE='/tmp/kubeadm_cm'
|
|
||||||
API_SERVER_MANIFEST='/etc/kubernetes/manifests/kube-apiserver.yaml'
|
|
||||||
|
|
||||||
rc_controller_manager=0
|
|
||||||
rc_apiserver=0
|
|
||||||
|
|
||||||
function log {
|
|
||||||
logger -p local1.info "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
function get_kubeadm_configmap {
|
|
||||||
|
|
||||||
log "Retrieving kubeadm configmap to temporary location: ${KUBEADM_CONFIGMAP_TMPFILE}"
|
|
||||||
counter=0
|
|
||||||
RC=0
|
|
||||||
RETRIES=10
|
|
||||||
until [ ${counter} -gt ${RETRIES} ]; do
|
|
||||||
kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system get \
|
|
||||||
configmap kubeadm-config -o "$1" > ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
RC=$?
|
|
||||||
if [ ${RC} == 0 ] ; then
|
|
||||||
log "Kubeadm configmap retrieved."
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
log "Error retrieving kubeadm configmap, retrying..."
|
|
||||||
sleep 5
|
|
||||||
counter=$(( counter+1 ))
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ ${counter} -gt ${RETRIES} ]; then
|
|
||||||
log "Failed to retrieve kubeadm configmap with error code [${RC}]".
|
|
||||||
exit ${RC}
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Update the configmap for kubeadm
|
|
||||||
function update_kubeadm_configmap {
|
|
||||||
|
|
||||||
get_kubeadm_configmap yaml
|
|
||||||
|
|
||||||
log "Updating kube-apiserver feature-gates in retrieved kubeadm-config"
|
|
||||||
|
|
||||||
# Update api-server feature-gates
|
|
||||||
sed -i \
|
|
||||||
's/^\( *\)feature-gates:\s.*RemoveSelfLink=false/\1feature-gates: RemoveSelfLink=false/g' \
|
|
||||||
${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
rc_apiserver=$?
|
|
||||||
if [ ${rc_apiserver} == 0 ]; then
|
|
||||||
log "Successfully updated kube-apiserver feature-gates in retrieved kubeadm-config"
|
|
||||||
else
|
|
||||||
log "Failed to update kube-apiserver feature-gates in retrieved kubeadm-config with error code: [${rc_apiserver}]"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# update controller-manager feature-gates
|
|
||||||
sed -i \
|
|
||||||
'/feature-gates: TTLAfterFinished=true/d' ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
rc_controller_manager=$?
|
|
||||||
if [ ${rc_controller_manager} == 0 ]; then
|
|
||||||
log "Successfully updated controller-manager feature-gates in retrieved kubeadm-config"
|
|
||||||
else
|
|
||||||
# we need not gracefully exit here as failing to update this does not
|
|
||||||
# make any difference to the k8s cluster functions as default value of
|
|
||||||
# TTLAfterFinished is true
|
|
||||||
log "Failed to update controller-manager feature-gates in retrieved kubeadm-config with error code: [${rc_controller_manager}]"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ${rc_controller_manager} ] || [ ${rc_apiserver} ]; then
|
|
||||||
if kubectl --kubeconfig=/etc/kubernetes/admin.conf replace -f \
|
|
||||||
${KUBEADM_CONFIGMAP_TMPFILE}; then
|
|
||||||
log 'Successfully replaced updated kubeadm configmap.'
|
|
||||||
else
|
|
||||||
RC=$?
|
|
||||||
log "Failed to replace updated kubeadm configmap with error code: [${RC}]"
|
|
||||||
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
exit ${RC}
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
log "Failed to update ${KUBEADM_CONFIGMAP_TMPFILE}"
|
|
||||||
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
exit ${RC}
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
function update_manifests {
|
|
||||||
|
|
||||||
get_kubeadm_configmap jsonpath='{.data.ClusterConfiguration}'
|
|
||||||
|
|
||||||
# Rewrite apiserver manifest only if it is updated in the configmap
|
|
||||||
if [ ${rc_apiserver} == 0 ]; then
|
|
||||||
kubeadm init phase control-plane apiserver \
|
|
||||||
--config ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
RC=$?
|
|
||||||
if [ ${RC} == 0 ]; then
|
|
||||||
log "Success executing kubeadm init phase control-plane for kube-api-server"
|
|
||||||
else
|
|
||||||
log "Failed to update kube-api-server manifest with error code: [${RC}]"
|
|
||||||
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
exit ${RC}
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Rewrite controller-manager manifest only if it is updated in the configmap
|
|
||||||
if [ ${rc_controller_manager} == 0 ]; then
|
|
||||||
kubeadm init phase control-plane controller-manager \
|
|
||||||
--config ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
RC=$?
|
|
||||||
if [ ${RC} == 0 ]; then
|
|
||||||
log "Success executing kubeadm init phase control-plane for kube-controller-manager"
|
|
||||||
else
|
|
||||||
log "Failed to update kube-controller-manager manifest with error code: [${RC}]"
|
|
||||||
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
exit ${RC}
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
function preserve_apiserver_manifest_params {
|
|
||||||
|
|
||||||
# The following code preserves the kube-apiserver advertise address that gets overwitten
|
|
||||||
# after kubeadm init phase is run in order to preserve the effect of:
|
|
||||||
# https://opendev.org/starlingx/stx-puppet/commit/04a1c1b0809f66488bd54e3f31d323430e7d9913
|
|
||||||
DEFAULT_NETWORK_INTERFACE=$(grep 'advertise-address=' ${API_SERVER_MANIFEST} | cut -d "=" -f2)
|
|
||||||
RC=$?
|
|
||||||
if [ ${RC} == 0 ]; then
|
|
||||||
log "advertise-address: ${DEFAULT_NETWORK_INTERFACE}"
|
|
||||||
else
|
|
||||||
log "Failed to get advertise address from kube-apiserver manifest. Error code: [${RC}]"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${DEFAULT_NETWORK_INTERFACE}" ] && [ "${APISERVER_ADVERTISE_ADDRESS}" ]; then
|
|
||||||
sed -i "/oidc-issuer-url/! s/${DEFAULT_NETWORK_INTERFACE}/${APISERVER_ADVERTISE_ADDRESS}/g" ${API_SERVER_MANIFEST}
|
|
||||||
RC=$?
|
|
||||||
if [ ${RC} == 0 ]; then
|
|
||||||
log "Advertise address [${DEFAULT_NETWORK_INTERFACE}] is replaced by [${APISERVER_ADVERTISE_ADDRESS}] in kube-apiserver manifest."
|
|
||||||
else
|
|
||||||
log "Failed to preserve advertise address in kube-apiserver manifest. Error code: [${RC}]"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# The following code removes seccomp profiles configuration from the kube-apiserver manifest
|
|
||||||
# to preserve the effect of:
|
|
||||||
# https://opendev.org/starlingx/stx-puppet/commit/52ace69c837acc7e3aff8a2d584968297afd70fe
|
|
||||||
sed -i '/securityContext:/,/type: RuntimeDefault/d' ${API_SERVER_MANIFEST}
|
|
||||||
RC=$?
|
|
||||||
if [ ${RC} == 0 ]; then
|
|
||||||
log "Seccomp Profile configuration removed from the kube-apiserver manifest if existed."
|
|
||||||
else
|
|
||||||
log "Failed to remove Seccomp Profile configuration from the kube-apiserver manifest. Error code: [${RC}]"
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
APISERVER_ADVERTISE_ADDRESS=$(grep 'advertise-address=' ${API_SERVER_MANIFEST} | cut -d "=" -f2)
|
|
||||||
RC=$?
|
|
||||||
if [ ${RC} == 0 ]; then
|
|
||||||
log "advertise-address: ${APISERVER_ADVERTISE_ADDRESS}"
|
|
||||||
else
|
|
||||||
log "Failed to get advertise address from kube-apiserver manifest. Error code: [${RC}]"
|
|
||||||
fi
|
|
||||||
|
|
||||||
update_kubeadm_configmap
|
|
||||||
update_manifests
|
|
||||||
preserve_apiserver_manifest_params
|
|
||||||
|
|
||||||
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
Loading…
Reference in New Issue
Block a user