From bf9e579c905736e1868a841a15efc0824f4096b6 Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Tue, 1 Aug 2023 12:07:24 -0700 Subject: [PATCH 1/6] packages: add kubernetes-1.28 This adds the K8s 1.28 package. --- ...rocs-install-optional-limit-to-tests.patch | 78 ++++++++ packages/kubernetes-1.28/Cargo.toml | 32 ++++ packages/kubernetes-1.28/clarify.toml | 62 ++++++ .../credential-provider-config-yaml | 33 ++++ .../kubernetes-1.28/dockershim-symlink.conf | 2 + .../etc-kubernetes-pki-private.mount | 16 ++ .../kubelet-bootstrap-kubeconfig | 22 +++ packages/kubernetes-1.28/kubelet-config | 179 ++++++++++++++++++ packages/kubernetes-1.28/kubelet-env | 4 + .../kubernetes-1.28/kubelet-exec-start-conf | 33 ++++ packages/kubernetes-1.28/kubelet-kubeconfig | 39 ++++ packages/kubernetes-1.28/kubelet-server-crt | 3 + packages/kubernetes-1.28/kubelet-server-key | 3 + packages/kubernetes-1.28/kubelet-sysctl.conf | 2 + packages/kubernetes-1.28/kubelet.service | 26 +++ packages/kubernetes-1.28/kubernetes-1.28.spec | 163 ++++++++++++++++ packages/kubernetes-1.28/kubernetes-ca-crt | 3 + .../kubernetes-1.28/kubernetes-tmpfiles.conf | 5 + .../kubernetes-1.28/load-ipvs-modules.conf | 3 + .../kubernetes-1.28/make-kubelet-dirs.conf | 5 + .../prepare-var-lib-kubelet.service | 23 +++ .../prestart-pull-pause-ctr.conf | 9 + 22 files changed, 745 insertions(+) create mode 100644 packages/kubernetes-1.28/0001-Make-gomaxprocs-install-optional-limit-to-tests.patch create mode 100644 packages/kubernetes-1.28/Cargo.toml create mode 100644 packages/kubernetes-1.28/clarify.toml create mode 100644 packages/kubernetes-1.28/credential-provider-config-yaml create mode 100644 packages/kubernetes-1.28/dockershim-symlink.conf create mode 100644 packages/kubernetes-1.28/etc-kubernetes-pki-private.mount create mode 100644 packages/kubernetes-1.28/kubelet-bootstrap-kubeconfig create mode 100644 packages/kubernetes-1.28/kubelet-config create mode 100644 packages/kubernetes-1.28/kubelet-env create mode 100644 packages/kubernetes-1.28/kubelet-exec-start-conf create mode 100644 packages/kubernetes-1.28/kubelet-kubeconfig create mode 100644 packages/kubernetes-1.28/kubelet-server-crt create mode 100644 packages/kubernetes-1.28/kubelet-server-key create mode 100644 packages/kubernetes-1.28/kubelet-sysctl.conf create mode 100644 packages/kubernetes-1.28/kubelet.service create mode 100644 packages/kubernetes-1.28/kubernetes-1.28.spec create mode 100644 packages/kubernetes-1.28/kubernetes-ca-crt create mode 100644 packages/kubernetes-1.28/kubernetes-tmpfiles.conf create mode 100644 packages/kubernetes-1.28/load-ipvs-modules.conf create mode 100644 packages/kubernetes-1.28/make-kubelet-dirs.conf create mode 100644 packages/kubernetes-1.28/prepare-var-lib-kubelet.service create mode 100644 packages/kubernetes-1.28/prestart-pull-pause-ctr.conf diff --git a/packages/kubernetes-1.28/0001-Make-gomaxprocs-install-optional-limit-to-tests.patch b/packages/kubernetes-1.28/0001-Make-gomaxprocs-install-optional-limit-to-tests.patch new file mode 100644 index 00000000000..b110fcc49d0 --- /dev/null +++ b/packages/kubernetes-1.28/0001-Make-gomaxprocs-install-optional-limit-to-tests.patch @@ -0,0 +1,78 @@ +From cce3f6ffa796ea416021b0d62567a3f52b979567 Mon Sep 17 00:00:00 2001 +From: Jordan Liggitt +Date: Wed, 16 Aug 2023 09:33:02 -0400 +Subject: [PATCH] Make gomaxprocs install optional, limit to tests + +--- + hack/lib/golang.sh | 25 +++++++++++++++---------- + hack/make-rules/test-e2e-node.sh | 1 + + hack/make-rules/test.sh | 1 + + 3 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh +index 66772f08a81..983ff368e25 100755 +--- a/hack/lib/golang.sh ++++ b/hack/lib/golang.sh +@@ -556,20 +556,25 @@ kube::golang::setup_env() { + + # This seems to matter to some tools + export GO15VENDOREXPERIMENT=1 ++} + ++kube::golang::setup_gomaxprocs() { + # GOMAXPROCS by default does not reflect the number of cpu(s) available + # when running in a container, please see https://github.com/golang/go/issues/33803 +- if ! command -v ncpu >/dev/null 2>&1; then +- # shellcheck disable=SC2164 +- pushd "${KUBE_ROOT}/hack/tools" >/dev/null +- GO111MODULE=on go install ./ncpu +- # shellcheck disable=SC2164 +- popd >/dev/null ++ if [[ -z "${GOMAXPROCS:-}" ]]; then ++ if ! command -v ncpu >/dev/null 2>&1; then ++ # shellcheck disable=SC2164 ++ pushd "${KUBE_ROOT}/hack/tools" >/dev/null ++ GO111MODULE=on go install ./ncpu || echo "Will not automatically set GOMAXPROCS" ++ # shellcheck disable=SC2164 ++ popd >/dev/null ++ fi ++ if command -v ncpu >/dev/null 2>&1; then ++ GOMAXPROCS=$(ncpu) ++ export GOMAXPROCS ++ kube::log::status "Set GOMAXPROCS automatically to ${GOMAXPROCS}" ++ fi + fi +- +- GOMAXPROCS=${GOMAXPROCS:-$(ncpu)} +- export GOMAXPROCS +- kube::log::status "Setting GOMAXPROCS: ${GOMAXPROCS}" + } + + # This will take binaries from $GOPATH/bin and copy them to the appropriate +diff --git a/hack/make-rules/test-e2e-node.sh b/hack/make-rules/test-e2e-node.sh +index 43dde0c740f..49e3e04ac71 100755 +--- a/hack/make-rules/test-e2e-node.sh ++++ b/hack/make-rules/test-e2e-node.sh +@@ -18,6 +18,7 @@ KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../.. + source "${KUBE_ROOT}/hack/lib/init.sh" + + kube::golang::setup_env ++kube::golang::setup_gomaxprocs + + # start the cache mutation detector by default so that cache mutators will be found + KUBE_CACHE_MUTATION_DETECTOR="${KUBE_CACHE_MUTATION_DETECTOR:-true}" +diff --git a/hack/make-rules/test.sh b/hack/make-rules/test.sh +index e9074678a8f..4aa72730d83 100755 +--- a/hack/make-rules/test.sh ++++ b/hack/make-rules/test.sh +@@ -22,6 +22,7 @@ KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../.. + source "${KUBE_ROOT}/hack/lib/init.sh" + + kube::golang::setup_env ++kube::golang::setup_gomaxprocs + + # start the cache mutation detector by default so that cache mutators will be found + KUBE_CACHE_MUTATION_DETECTOR="${KUBE_CACHE_MUTATION_DETECTOR:-true}" +-- +2.25.1 + diff --git a/packages/kubernetes-1.28/Cargo.toml b/packages/kubernetes-1.28/Cargo.toml new file mode 100644 index 00000000000..c0b0f5210d9 --- /dev/null +++ b/packages/kubernetes-1.28/Cargo.toml @@ -0,0 +1,32 @@ +[package] +# "." is not allowed in crate names, but we want a friendlier name for the +# directory and spec file, so we override it below. +name = "kubernetes-1_28" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" + +[lib] +path = "../packages.rs" + +[package.metadata.build-package] +package-name = "kubernetes-1.28" + +[[package.metadata.build-package.external-files]] +url = "https://distro.eks.amazonaws.com/kubernetes-1-28/releases/2/artifacts/kubernetes/v1.28.0/kubernetes-src.tar.gz" +sha512 = "2ac33a02a614c59f8c347a82daad9cfe4332599c25e3e220fb66055ff156cfdcbf1079489a272c685893ffbe25bcc6cbbcde9327357604924c575fd83fabe1b6" + +# RPM BuildRequires +[build-dependencies] +glibc = { path = "../glibc" } + +# RPM Requires +[dependencies] +aws-signing-helper = { path = "../aws-signing-helper" } +ecr-credential-provider-1_27 = { path = "../ecr-credential-provider-1.27" } +# `conntrack-tools`, `containerd` and `findutils` are only needed at runtime, +# and are pulled in by `release`. +# conntrack-tools = { path = "../conntrack-tools" } +# containerd = { path = "../containerd" } +# findutils = { path = "../findutils" } diff --git a/packages/kubernetes-1.28/clarify.toml b/packages/kubernetes-1.28/clarify.toml new file mode 100644 index 00000000000..5b6e8b60967 --- /dev/null +++ b/packages/kubernetes-1.28/clarify.toml @@ -0,0 +1,62 @@ +[clarify."github.com/JeffAshton/win_pdh"] +expression = "BSD-3-Clause" +license-files = [ + { path = "LICENSE", hash = 0xb221dcc9 }, +] + +[clarify."github.com/daviddengcn/go-colortext"] +expression = "BSD-3-Clause AND MIT" +license-files = [ + { path = "LICENSE", hash = 0x9769fae1 }, +] + +[clarify."github.com/ghodss/yaml"] +expression = "MIT AND BSD-3-Clause" +license-files = [ + { path = "LICENSE", hash = 0xcdf3ae00 }, +] + +[clarify."github.com/heketi/heketi"] +# kubernetes only uses code that is under LGPLv3+/Apache 2.0, not the code that is GPLv2+/LGPLv3+ +expression = "LGPL-3.0-or-later OR Apache-2.0" +license-files = [ + { path = "LICENSE", hash = 0x3c4b96d1 }, + { path = "LICENSE-APACHE2", hash = 0x438c8616 }, + { path = "COPYING-LGPLV3", hash = 0xf0bccb3a }, +] +skip-files = [ "COPYING-GPLV2" ] + +[clarify."github.com/go-bindata/go-bindata"] +expression = "CC0-1.0" +license-files = [ + { path = "LICENSE", hash = 0x393fafd6 }, +] + +[clarify."github.com/miekg/dns"] +expression = "BSD-3-Clause" +license-files = [ + { path = "COPYRIGHT", hash = 0xe41dd36c }, + { path = "LICENSE", hash = 0xfc8f12ff }, +] + +[clarify."sigs.k8s.io/yaml"] +expression = "MIT AND BSD-3-Clause" +license-files = [ + { path = "LICENSE", hash = 0xcdf3ae00 }, +] + +[clarify."honnef.co/go/tools"] +expression = "MIT AND BSD-3-Clause AND Apache-2.0" +license-files = [ + { path = "LICENSE", hash = 0xad378ed2 }, + { path = "LICENSE-THIRD-PARTY", hash = 0x546425eb }, + { path = "lint/LICENSE", hash = 0xc6b58232 }, + { path = "ssa/LICENSE", hash = 0xe656fb62 }, +] + +[clarify."github.com/storageos/go-api"] +expression = "MIT AND BSD-2-Clause" +license-files = [ + { path = "LICENCE", hash = 0x67a6861e }, +] +skip-files = ["licence.go", "types/licence.go"] diff --git a/packages/kubernetes-1.28/credential-provider-config-yaml b/packages/kubernetes-1.28/credential-provider-config-yaml new file mode 100644 index 00000000000..03be81fb151 --- /dev/null +++ b/packages/kubernetes-1.28/credential-provider-config-yaml @@ -0,0 +1,33 @@ +apiVersion: kubelet.config.k8s.io/v1 +kind: CredentialProviderConfig +providers: +{{#if settings.kubernetes.credential-providers}} +{{#each settings.kubernetes.credential-providers}} +{{#if this.enabled}} + - name: {{@key}} + matchImages: +{{#each this.image-patterns}} + - "{{this}}" +{{/each}} + defaultCacheDuration: "{{default "12h" this.cache-duration}}" + apiVersion: credentialprovider.kubelet.k8s.io/v1 +{{#if (or (eq @key "ecr-credential-provider") this.environment)}} + env: +{{#if this.environment}} +{{#each this.environment}} + - name: {{@key}} + value: '{{this}}' +{{/each}} +{{/if}} +{{#if (eq @key "ecr-credential-provider")}} + - name: HOME + value: '/root' +{{#if @root.settings.aws.profile}} + - name: AWS_PROFILE + value: '{{@root.settings.aws.profile}}' +{{/if}} +{{/if}} +{{/if}} +{{/if}} +{{/each}} +{{/if}} diff --git a/packages/kubernetes-1.28/dockershim-symlink.conf b/packages/kubernetes-1.28/dockershim-symlink.conf new file mode 100644 index 00000000000..d3fcda86914 --- /dev/null +++ b/packages/kubernetes-1.28/dockershim-symlink.conf @@ -0,0 +1,2 @@ +[Service] +ExecStartPre=/bin/ln -sf /run/containerd/containerd.sock /run/dockershim.sock diff --git a/packages/kubernetes-1.28/etc-kubernetes-pki-private.mount b/packages/kubernetes-1.28/etc-kubernetes-pki-private.mount new file mode 100644 index 00000000000..584e61475d1 --- /dev/null +++ b/packages/kubernetes-1.28/etc-kubernetes-pki-private.mount @@ -0,0 +1,16 @@ +[Unit] +Description=Kubernetes PKI private directory (/etc/kubernetes/pki/private) +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target +After=selinux-policy-files.service +Wants=selinux-policy-files.service + +[Mount] +What=tmpfs +Where=/etc/kubernetes/pki/private +Type=tmpfs +Options=nosuid,nodev,noexec,noatime,context=system_u:object_r:secret_t:s0,mode=0700 + +[Install] +WantedBy=preconfigured.target diff --git a/packages/kubernetes-1.28/kubelet-bootstrap-kubeconfig b/packages/kubernetes-1.28/kubelet-bootstrap-kubeconfig new file mode 100644 index 00000000000..09e58523196 --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-bootstrap-kubeconfig @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Config +clusters: +- cluster: +{{#if settings.kubernetes.api-server}} + certificate-authority: "/etc/kubernetes/pki/ca.crt" + server: "{{settings.kubernetes.api-server}}" +{{/if}} + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: kubelet + name: kubelet +current-context: kubelet +users: +- name: kubelet +{{#if settings.kubernetes.bootstrap-token}} + user: + token: "{{settings.kubernetes.bootstrap-token}}" +{{/if}} diff --git a/packages/kubernetes-1.28/kubelet-config b/packages/kubernetes-1.28/kubelet-config new file mode 100644 index 00000000000..119fa2481a8 --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-config @@ -0,0 +1,179 @@ +--- +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +{{#if settings.kubernetes.standalone-mode}} +address: 127.0.0.1 +authentication: + anonymous: + enabled: true + webhook: + enabled: false +authorization: + mode: AlwaysAllow +{{else}} +address: 0.0.0.0 +authentication: + anonymous: + enabled: false + webhook: + cacheTTL: 2m0s + enabled: true + x509: + clientCAFile: "/etc/kubernetes/pki/ca.crt" +authorization: + mode: Webhook + webhook: + cacheAuthorizedTTL: 5m0s + cacheUnauthorizedTTL: 30s +{{/if}} +clusterDomain: {{settings.kubernetes.cluster-domain}} +{{#if settings.kubernetes.cluster-dns-ip}} +clusterDNS: +{{#each settings.kubernetes.cluster-dns-ip}} +- {{this}} +{{else}} +- {{settings.kubernetes.cluster-dns-ip}} +{{/each}} +{{/if}} +{{#if settings.kubernetes.eviction-hard}} +evictionHard: + {{#each settings.kubernetes.eviction-hard}} + {{@key}}: "{{this}}" + {{/each}} +{{/if}} +{{#if settings.kubernetes.eviction-soft}} +evictionSoft: + {{#each settings.kubernetes.eviction-soft}} + {{@key}}: "{{this}}" + {{/each}} +{{/if}} +{{#if settings.kubernetes.eviction-soft-grace-period}} +evictionSoftGracePeriod: + {{#each settings.kubernetes.eviction-soft-grace-period}} + {{@key}}: "{{this}}" + {{/each}} +{{/if}} +{{#if settings.kubernetes.eviction-max-pod-grace-period}} +evictionMaxPodGracePeriod: {{settings.kubernetes.eviction-max-pod-grace-period}} +{{/if}} +{{#if settings.kubernetes.allowed-unsafe-sysctls}} +allowedUnsafeSysctls: {{settings.kubernetes.allowed-unsafe-sysctls}} +{{/if}} +{{#if settings.kubernetes.registry-qps includeZero=true}} +registryPullQPS: {{settings.kubernetes.registry-qps}} +{{/if}} +{{#if settings.kubernetes.registry-burst includeZero=true}} +registryBurst: {{settings.kubernetes.registry-burst}} +{{/if}} +{{#if settings.kubernetes.event-qps includeZero=true}} +eventRecordQPS: {{settings.kubernetes.event-qps}} +{{/if}} +{{#if settings.kubernetes.event-burst includeZero=true}} +eventBurst: {{settings.kubernetes.event-burst}} +{{/if}} +{{#if settings.kubernetes.kube-api-qps includeZero=true}} +kubeAPIQPS: {{settings.kubernetes.kube-api-qps}} +{{/if}} +{{#if settings.kubernetes.kube-api-burst includeZero=true}} +kubeAPIBurst: {{settings.kubernetes.kube-api-burst}} +{{/if}} +kubeReserved: + cpu: "{{kube_reserve_cpu settings.kubernetes.kube-reserved.cpu}}" + {{#if settings.kubernetes.kube-reserved.memory}} + memory: "{{settings.kubernetes.kube-reserved.memory}}" + {{else}} + {{#if settings.kubernetes.max-pods}} + memory: "{{kube_reserve_memory settings.kubernetes.max-pods settings.kubernetes.kube-reserved.memory}}" + {{/if}} + {{/if}} + ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" +kubeReservedCgroup: "/runtime" +{{#if settings.kubernetes.system-reserved}} +systemReserved: + {{#each settings.kubernetes.system-reserved}} + {{@key}}: "{{this}}" + {{/each}} +systemReservedCgroup: "/system" +{{/if}} +cpuCFSQuota: {{default true settings.kubernetes.cpu-cfs-quota-enforced}} +cpuManagerPolicy: {{default "none" settings.kubernetes.cpu-manager-policy}} +{{#if settings.kubernetes.cpu-manager-reconcile-period}} +cpuManagerReconcilePeriod: {{settings.kubernetes.cpu-manager-reconcile-period}} +{{/if}} +{{#if settings.kubernetes.cpu-manager-policy-options}} +cpuManagerPolicyOptions: +{{#each settings.kubernetes.cpu-manager-policy-options}} + {{this}}: "true" +{{/each}} +{{/if}} +{{#if settings.kubernetes.topology-manager-scope}} +topologyManagerScope: {{settings.kubernetes.topology-manager-scope}} +{{/if}} +{{#if settings.kubernetes.topology-manager-policy}} +topologyManagerPolicy: {{settings.kubernetes.topology-manager-policy}} +{{/if}} +podPidsLimit: {{default 1048576 settings.kubernetes.pod-pids-limit}} +{{#if settings.kubernetes.image-gc-high-threshold-percent includeZero=true}} +imageGCHighThresholdPercent: {{settings.kubernetes.image-gc-high-threshold-percent}} +{{/if}} +{{#if settings.kubernetes.image-gc-low-threshold-percent includeZero=true}} +imageGCLowThresholdPercent: {{settings.kubernetes.image-gc-low-threshold-percent}} +{{/if}} +{{#if settings.kubernetes.provider-id}} +providerID: {{settings.kubernetes.provider-id}} +{{/if}} +resolvConf: "/etc/resolv.conf" +hairpinMode: hairpin-veth +readOnlyPort: 0 +cgroupDriver: systemd +cgroupRoot: "/" +runtimeRequestTimeout: 15m +protectKernelDefaults: true +serializeImagePulls: false +seccompDefault: {{default false settings.kubernetes.seccomp-default}} +{{#if (and (default "" settings.kubernetes.server-certificate) (default "" settings.kubernetes.server-key))}} +tlsCertFile: "/etc/kubernetes/pki/kubelet-server.crt" +tlsPrivateKeyFile: "/etc/kubernetes/pki/private/kubelet-server.key" +{{else}} +serverTLSBootstrap: {{settings.kubernetes.server-tls-bootstrap}} +{{/if}} +tlsCipherSuites: +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +volumePluginDir: "/var/lib/kubelet/plugins/volume/exec" +maxPods: {{default 110 settings.kubernetes.max-pods}} +staticPodPath: "/etc/kubernetes/static-pods/" +{{#if settings.kubernetes.container-log-max-size includeZero=true}} +containerLogMaxSize: {{settings.kubernetes.container-log-max-size}} +{{/if}} +{{#if settings.kubernetes.container-log-max-files includeZero=true}} +containerLogMaxFiles: {{settings.kubernetes.container-log-max-files}} +{{/if}} +{{#if settings.kubernetes.shutdown-grace-period}} +shutdownGracePeriod: {{settings.kubernetes.shutdown-grace-period}} +{{/if}} +{{#if settings.kubernetes.shutdown-grace-period-for-critical-pods}} +shutdownGracePeriodCriticalPods: {{settings.kubernetes.shutdown-grace-period-for-critical-pods}} +{{/if}} +{{#if settings.kubernetes.memory-manager-reserved-memory}} +{{#if (any_enabled settings.kubernetes.memory-manager-reserved-memory)}} +{{#if settings.kubernetes.memory-manager-policy}} +memoryManagerPolicy: {{settings.kubernetes.memory-manager-policy}} +{{/if}} +reservedMemory: +{{#each settings.kubernetes.memory-manager-reserved-memory}} +{{#if this.enabled}} + - numaNode: {{@key}} + limits: +{{#if this.memory}} + memory: {{this.memory}} +{{/if}} +{{#if this.hugepages-1Gi}} + hugepages-1Gi: {{this.hugepages-1Gi}} +{{/if}} +{{#if this.hugepages-2Mi}} + hugepages-2Mi: {{this.hugepages-2Mi}} +{{/if}} +{{/if}} +{{/each}} +{{/if}} +{{/if}} diff --git a/packages/kubernetes-1.28/kubelet-env b/packages/kubernetes-1.28/kubelet-env new file mode 100644 index 00000000000..681726d0176 --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-env @@ -0,0 +1,4 @@ +NODE_IP={{settings.kubernetes.node-ip}} +NODE_LABELS={{join_map "=" "," "no-fail-if-missing" settings.kubernetes.node-labels}} +NODE_TAINTS={{join_node_taints settings.kubernetes.node-taints}} +POD_INFRA_CONTAINER_IMAGE={{settings.kubernetes.pod-infra-container-image}} diff --git a/packages/kubernetes-1.28/kubelet-exec-start-conf b/packages/kubernetes-1.28/kubelet-exec-start-conf new file mode 100644 index 00000000000..e4608065b9d --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-exec-start-conf @@ -0,0 +1,33 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/kubelet \ +{{#unless settings.kubernetes.standalone-mode}} + --cloud-provider {{default "external" settings.kubernetes.cloud-provider}} \ + --kubeconfig /etc/kubernetes/kubelet/kubeconfig \ +{{#if (eq settings.kubernetes.authentication-mode "tls")}} + --bootstrap-kubeconfig /etc/kubernetes/kubelet/bootstrap-kubeconfig \ +{{/if}} +{{else}} + --cloud-provider "" \ +{{/unless}} + --config /etc/kubernetes/kubelet/config \ + --container-runtime-endpoint=unix:///run/containerd/containerd.sock \ + --containerd=/run/containerd/containerd.sock \ + --root-dir /var/lib/kubelet \ + --cert-dir /var/lib/kubelet/pki \ +{{#if settings.kubernetes.credential-providers}} +{{#if (any_enabled settings.kubernetes.credential-providers)}} + --image-credential-provider-bin-dir /usr/libexec/kubernetes/kubelet/plugins \ + --image-credential-provider-config /etc/kubernetes/kubelet/credential-provider-config.yaml \ +{{/if}} +{{/if}} +{{#if settings.kubernetes.hostname-override}} + --hostname-override {{settings.kubernetes.hostname-override}} \ +{{/if}} + --node-ip ${NODE_IP} \ + --node-labels "${NODE_LABELS}" \ + --register-with-taints "${NODE_TAINTS}" \ +{{#if settings.kubernetes.log-level includeZero=true}} + -v {{settings.kubernetes.log-level}} \ +{{/if}} + --pod-infra-container-image ${POD_INFRA_CONTAINER_IMAGE} diff --git a/packages/kubernetes-1.28/kubelet-kubeconfig b/packages/kubernetes-1.28/kubelet-kubeconfig new file mode 100644 index 00000000000..f39de0e6a8a --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-kubeconfig @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: Config +clusters: +- cluster: +{{#if settings.kubernetes.api-server}} + certificate-authority: "/etc/kubernetes/pki/ca.crt" + server: "{{settings.kubernetes.api-server}}" +{{/if}} + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: kubelet + name: kubelet +current-context: kubelet +users: +- name: kubelet +{{#if (eq settings.kubernetes.authentication-mode "aws")}} +{{#if settings.kubernetes.cluster-name}} + user: + exec: + apiVersion: client.authentication.k8s.io/v1beta1 + command: "/usr/bin/aws-iam-authenticator" + args: + - token + - "-i" + - "{{settings.kubernetes.cluster-name}}" + {{#if settings.aws.region}} + - "--region" + - "{{settings.aws.region}}" + {{/if}} +{{/if}} +{{/if}} +{{#if (eq settings.kubernetes.authentication-mode "tls")}} + user: + client-certificate: "/var/lib/kubelet/pki/kubelet-client-current.pem" + client-key: "/var/lib/kubelet/pki/kubelet-client-current.pem" +{{/if}} diff --git a/packages/kubernetes-1.28/kubelet-server-crt b/packages/kubernetes-1.28/kubelet-server-crt new file mode 100644 index 00000000000..21af4222ea2 --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-server-crt @@ -0,0 +1,3 @@ +{{~#if settings.kubernetes.server-certificate~}} +{{base64_decode settings.kubernetes.server-certificate}} +{{~/if~}} diff --git a/packages/kubernetes-1.28/kubelet-server-key b/packages/kubernetes-1.28/kubelet-server-key new file mode 100644 index 00000000000..0310e76ddd8 --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-server-key @@ -0,0 +1,3 @@ +{{~#if settings.kubernetes.server-key~}} +{{base64_decode settings.kubernetes.server-key}} +{{~/if~}} diff --git a/packages/kubernetes-1.28/kubelet-sysctl.conf b/packages/kubernetes-1.28/kubelet-sysctl.conf new file mode 100644 index 00000000000..ed68c7e197f --- /dev/null +++ b/packages/kubernetes-1.28/kubelet-sysctl.conf @@ -0,0 +1,2 @@ +# Overcommit handling mode - 1: Always overcommit +vm.overcommit_memory = 1 diff --git a/packages/kubernetes-1.28/kubelet.service b/packages/kubernetes-1.28/kubelet.service new file mode 100644 index 00000000000..1285853f2d1 --- /dev/null +++ b/packages/kubernetes-1.28/kubelet.service @@ -0,0 +1,26 @@ +[Unit] +Description=Kubelet +Documentation=https://github.com/kubernetes/kubernetes +After=containerd.service configured.target +Wants=configured.target +BindsTo=containerd.service + +[Service] +Slice=runtime.slice +Type=notify +EnvironmentFile=/etc/network/proxy.env +EnvironmentFile=/etc/kubernetes/kubelet/env +ExecStartPre=/sbin/iptables -P FORWARD ACCEPT +# Must be overridden by a drop-in file or `kubelet` won't start +ExecStart=/usr/bin/false + +Restart=always +RestartForceExitStatus=SIGPIPE +RestartSec=5 +Delegate=yes +KillMode=process +CPUAccounting=true +MemoryAccounting=true + +[Install] +WantedBy=multi-user.target diff --git a/packages/kubernetes-1.28/kubernetes-1.28.spec b/packages/kubernetes-1.28/kubernetes-1.28.spec new file mode 100644 index 00000000000..0a3065a6acf --- /dev/null +++ b/packages/kubernetes-1.28/kubernetes-1.28.spec @@ -0,0 +1,163 @@ +# After this upstream change, the linker flags `-s -w` are always added unless +# DBG=1 is set in the environment, which would set compiler flags to disable +# optimizations and inlining: +# https://github.com/kubernetes/kubernetes/pull/108371 +# +# For now, work around this by indicating that no debug package is expected. +%global debug_package %{nil} + +%global goproject github.com/kubernetes +%global gorepo kubernetes +%global goimport %{goproject}/%{gorepo} + +%global gover 1.28.0 +%global rpmver %{gover} + +%global _dwz_low_mem_die_limit 0 + +# The kubernetes build process expects the cross-compiler to be specified via `KUBE_*_CC` +# Here we generate that variable to use bottlerocket-specific compile aliases +# Examples of the generated variable: +# KUBE_LINUX_AMD64_CC=x86_64-bottlerocket-linux-gnu-gcc +# KUBE_LINUX_ARM64_CC=aarch64-bottlerocket-linux-gnu-gcc +%global kube_cc %{shrink: \ + %{lua: print(string.upper( \ + rpm.expand("KUBE_%{_cross_go_os}_%{_cross_go_arch}_CC=")) .. \ + rpm.expand("%{_cross_target}-gcc")) }} + +Name: %{_cross_os}%{gorepo} +Version: %{rpmver} +Release: 1%{?dist} +Summary: Container cluster management +# base Apache-2.0, third_party Apache-2.0 AND BSD-3-Clause +License: Apache-2.0 AND BSD-3-Clause +URL: https://%{goimport} +Source0: https://distro.eks.amazonaws.com/kubernetes-1-28/releases/2/artifacts/kubernetes/v%{gover}/kubernetes-src.tar.gz +Source1: kubelet.service +Source2: kubelet-env +Source3: kubelet-config +Source4: kubelet-kubeconfig +Source5: kubernetes-ca-crt +Source6: kubelet-exec-start-conf +Source7: kubelet-bootstrap-kubeconfig +Source8: kubernetes-tmpfiles.conf +Source9: kubelet-sysctl.conf +Source10: prepare-var-lib-kubelet.service +Source11: kubelet-server-crt +Source12: kubelet-server-key +Source13: etc-kubernetes-pki-private.mount +Source14: credential-provider-config-yaml + +# ExecStartPre drop-ins +Source20: prestart-pull-pause-ctr.conf +Source21: dockershim-symlink.conf +Source22: make-kubelet-dirs.conf +Source23: load-ipvs-modules.conf + +Source1000: clarify.toml + +Patch9001: 0001-Make-gomaxprocs-install-optional-limit-to-tests.patch + +BuildRequires: git +BuildRequires: rsync +BuildRequires: %{_cross_os}glibc-devel + +%description +%{summary}. + +%package -n %{_cross_os}kubelet-1.28 +Summary: Container cluster node agent +Requires: %{_cross_os}conntrack-tools +Requires: %{_cross_os}containerd +Requires: %{_cross_os}findutils +Requires: %{_cross_os}ecr-credential-provider-1.27 +Requires: %{_cross_os}aws-signing-helper + +%description -n %{_cross_os}kubelet-1.28 +%{summary}. + +%prep +%autosetup -Sgit -c -n %{gorepo}-%{gover} -p1 + +# third_party licenses +# multiarch/qemu-user-static ignored, we're not using it +cp third_party/forked/gonum/graph/LICENSE LICENSE.gonum.graph +cp third_party/forked/shell2junit/LICENSE LICENSE.shell2junit +cp third_party/forked/golang/LICENSE LICENSE.golang +cp third_party/forked/golang/PATENTS PATENTS.golang + +%build +# Build codegen programs with the host toolchain. +make hack/update-codegen.sh + +# Build kubelet with the target toolchain. +export KUBE_BUILD_PLATFORMS="linux/%{_cross_go_arch}" +export %{kube_cc} +export GOFLAGS='-tags=dockerless' +export GOLDFLAGS="-buildmode=pie -linkmode=external -compressdwarf=false" +make WHAT="cmd/kubelet" + +%install +output="./_output/local/bin/linux/%{_cross_go_arch}" +install -d %{buildroot}%{_cross_bindir} +install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir} + +install -d %{buildroot}%{_cross_unitdir} +install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir} + +install -d %{buildroot}%{_cross_unitdir}/kubelet.service.d +install -p -m 0644 %{S:20} %{S:21} %{S:22} %{S:23} %{buildroot}%{_cross_unitdir}/kubelet.service.d + +mkdir -p %{buildroot}%{_cross_templatedir} +install -m 0644 %{S:2} %{buildroot}%{_cross_templatedir}/kubelet-env +install -m 0644 %{S:3} %{buildroot}%{_cross_templatedir}/kubelet-config +install -m 0644 %{S:4} %{buildroot}%{_cross_templatedir}/kubelet-kubeconfig +install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt +install -m 0644 %{S:6} %{buildroot}%{_cross_templatedir}/kubelet-exec-start-conf +install -m 0644 %{S:7} %{buildroot}%{_cross_templatedir}/kubelet-bootstrap-kubeconfig +install -m 0644 %{S:11} %{buildroot}%{_cross_templatedir}/kubelet-server-crt +install -m 0644 %{S:12} %{buildroot}%{_cross_templatedir}/kubelet-server-key +install -m 0644 %{S:14} %{buildroot}%{_cross_templatedir}/credential-provider-config-yaml + +install -d %{buildroot}%{_cross_tmpfilesdir} +install -p -m 0644 %{S:8} %{buildroot}%{_cross_tmpfilesdir}/kubernetes.conf + +install -d %{buildroot}%{_cross_sysctldir} +install -p -m 0644 %{S:9} %{buildroot}%{_cross_sysctldir}/90-kubelet.conf + +install -d %{buildroot}%{_cross_libexecdir}/kubernetes +ln -rs \ + %{buildroot}%{_sharedstatedir}/kubelet/plugins \ + %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet-plugins + +%cross_scan_attribution --clarify %{S:1000} go-vendor vendor + +%files -n %{_cross_os}kubelet-1.28 +%license LICENSE LICENSE.gonum.graph LICENSE.shell2junit LICENSE.golang PATENTS.golang +%{_cross_attribution_file} +%{_cross_attribution_vendor_dir} +%{_cross_bindir}/kubelet +%{_cross_unitdir}/kubelet.service +%{_cross_unitdir}/prepare-var-lib-kubelet.service +%{_cross_unitdir}/etc-kubernetes-pki-private.mount +%dir %{_cross_unitdir}/kubelet.service.d +%{_cross_unitdir}/kubelet.service.d/prestart-pull-pause-ctr.conf +%{_cross_unitdir}/kubelet.service.d/make-kubelet-dirs.conf +%{_cross_unitdir}/kubelet.service.d/load-ipvs-modules.conf +%{_cross_unitdir}/kubelet.service.d/dockershim-symlink.conf +%dir %{_cross_templatedir} +%{_cross_templatedir}/kubelet-env +%{_cross_templatedir}/kubelet-config +%{_cross_templatedir}/kubelet-kubeconfig +%{_cross_templatedir}/kubelet-bootstrap-kubeconfig +%{_cross_templatedir}/kubelet-exec-start-conf +%{_cross_templatedir}/kubernetes-ca-crt +%{_cross_templatedir}/kubelet-server-crt +%{_cross_templatedir}/kubelet-server-key +%{_cross_templatedir}/credential-provider-config-yaml +%{_cross_tmpfilesdir}/kubernetes.conf +%{_cross_sysctldir}/90-kubelet.conf +%dir %{_cross_libexecdir}/kubernetes +%{_cross_libexecdir}/kubernetes/kubelet-plugins + +%changelog diff --git a/packages/kubernetes-1.28/kubernetes-ca-crt b/packages/kubernetes-1.28/kubernetes-ca-crt new file mode 100644 index 00000000000..ab82c485f56 --- /dev/null +++ b/packages/kubernetes-1.28/kubernetes-ca-crt @@ -0,0 +1,3 @@ +{{~#if settings.kubernetes.cluster-certificate~}} +{{base64_decode settings.kubernetes.cluster-certificate}} +{{~/if~}} diff --git a/packages/kubernetes-1.28/kubernetes-tmpfiles.conf b/packages/kubernetes-1.28/kubernetes-tmpfiles.conf new file mode 100644 index 00000000000..15c1deec646 --- /dev/null +++ b/packages/kubernetes-1.28/kubernetes-tmpfiles.conf @@ -0,0 +1,5 @@ +d /etc/kubernetes/static-pods - - - - +L /etc/kubernetes/manifests - - - - static-pods +L /etc/kubernetes/secrets-store-csi-providers - - - - /var/lib/kubelet/providers/secrets-store +r! /var/lib/kubelet/cpu_manager_state +L /etc/kubernetes/node-feature-discovery/features.d - - - - /var/lib/kubelet/node-feature-discovery/features.d diff --git a/packages/kubernetes-1.28/load-ipvs-modules.conf b/packages/kubernetes-1.28/load-ipvs-modules.conf new file mode 100644 index 00000000000..e895782bdfb --- /dev/null +++ b/packages/kubernetes-1.28/load-ipvs-modules.conf @@ -0,0 +1,3 @@ +[Unit] +Wants=modprobe@ip_vs_sh.service modprobe@ip_vs_rr.service modprobe@ip_vs_wrr.service +After=modprobe@ip_vs_sh.service modprobe@ip_vs_rr.service modprobe@ip_vs_wrr.service diff --git a/packages/kubernetes-1.28/make-kubelet-dirs.conf b/packages/kubernetes-1.28/make-kubelet-dirs.conf new file mode 100644 index 00000000000..a7249c9ac3f --- /dev/null +++ b/packages/kubernetes-1.28/make-kubelet-dirs.conf @@ -0,0 +1,5 @@ +[Service] +# Create the backing directories for symlinks in /etc +ExecStartPre=/usr/bin/mkdir -p \ + /var/lib/kubelet/providers/secrets-store \ + /var/lib/kubelet/node-feature-discovery/features.d diff --git a/packages/kubernetes-1.28/prepare-var-lib-kubelet.service b/packages/kubernetes-1.28/prepare-var-lib-kubelet.service new file mode 100644 index 00000000000..1b8c6207aa4 --- /dev/null +++ b/packages/kubernetes-1.28/prepare-var-lib-kubelet.service @@ -0,0 +1,23 @@ +[Unit] +Description=Prepare Kubelet Directory (/var/lib/kubelet) +DefaultDependencies=no +RequiresMountsFor=/var +RefuseManualStart=true +RefuseManualStop=true + +[Service] +Type=oneshot + +# Remove an existing symlink, if present. Intentionally not recursive! +ExecStartPre=-/usr/bin/rm -f /var/lib/kubelet + +# Create /var/lib/kubelet so it is available for bind mounts. +ExecStart=/usr/bin/mkdir -p /var/lib/kubelet + +# Suppress warning if directory exists. +StandardError=null + +RemainAfterExit=true + +[Install] +WantedBy=local-fs.target diff --git a/packages/kubernetes-1.28/prestart-pull-pause-ctr.conf b/packages/kubernetes-1.28/prestart-pull-pause-ctr.conf new file mode 100644 index 00000000000..5f6d04cb28e --- /dev/null +++ b/packages/kubernetes-1.28/prestart-pull-pause-ctr.conf @@ -0,0 +1,9 @@ +[Service] +# Pull the pause container image before starting `kubelet` so `containerd/cri` wouldn't have to +ExecStartPre=/usr/bin/host-ctr \ + --containerd-socket=/run/containerd/containerd.sock \ + --namespace=k8s.io \ + pull-image \ + --source=${POD_INFRA_CONTAINER_IMAGE} \ + --registry-config=/etc/host-containers/host-ctr.toml \ + --skip-if-image-exists=true From 3021604ec5c1cda853dc0dd15fccad23824bab7e Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Tue, 1 Aug 2023 12:29:34 -0700 Subject: [PATCH 2/6] sources, variants: add aws-k8s-1.28 variant --- README.md | 1 + sources/logdog/conf/logdog.aws-k8s-1.28.conf | 1 + sources/models/README.md | 9 +++- sources/models/src/aws-k8s-1.27 | 1 + .../defaults.d/10-defaults.toml | 0 .../defaults.d/15-aws-tuf.toml | 0 .../defaults.d/20-aws-host-containers.toml | 0 .../defaults.d/25-cf-signal.toml | 0 .../defaults.d/26-aws-autoscaling.toml | 0 .../defaults.d/30-metrics.toml | 0 .../defaults.d/31-send-metrics-aws.toml | 0 .../defaults.d/40-aws-creds.toml | 0 .../defaults.d/50-kubernetes-aws.toml | 0 .../defaults.d/51-kubernetes-containerd.toml | 0 .../defaults.d/52-kubernetes-services.toml | 0 .../defaults.d/53-containerd-cri-pki.toml | 0 ...ubernetes-aws-external-cloud-provider.toml | 0 ...55-kubernetes-aws-credential-provider.toml | 0 .../56-kubernetes-seccomp-default-false.toml} | 0 .../defaults.d/60-lockdown-integrity.toml | 0 .../defaults.d/70-oci-hooks.toml | 0 .../75-oci-defaults-containerd-cri.toml | 0 .../76-oci-defaults-capabilities.toml | 0 ...faults-containerd-cri-resource-limits.toml | 0 .../defaults.d/90-boot.toml | 0 .../src/{aws-k8s-1.27 => aws-k8s-1.28}/mod.rs | 0 sources/models/src/lib.rs | 9 +++- variants/Cargo.lock | 21 ++++++++ variants/Cargo.toml | 1 + variants/README.md | 7 +++ variants/aws-k8s-1.28/Cargo.toml | 48 +++++++++++++++++++ 31 files changed, 94 insertions(+), 4 deletions(-) create mode 120000 sources/logdog/conf/logdog.aws-k8s-1.28.conf create mode 120000 sources/models/src/aws-k8s-1.27 rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/10-defaults.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/15-aws-tuf.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/20-aws-host-containers.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/25-cf-signal.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/26-aws-autoscaling.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/30-metrics.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/31-send-metrics-aws.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/40-aws-creds.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/50-kubernetes-aws.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/51-kubernetes-containerd.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/52-kubernetes-services.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/53-containerd-cri-pki.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/54-kubernetes-aws-external-cloud-provider.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/55-kubernetes-aws-credential-provider.toml (100%) rename sources/models/src/{aws-k8s-1.27/defaults.d/54-kubernetes-seccomp-default-false.toml => aws-k8s-1.28/defaults.d/56-kubernetes-seccomp-default-false.toml} (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/60-lockdown-integrity.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/70-oci-hooks.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/75-oci-defaults-containerd-cri.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/76-oci-defaults-capabilities.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/defaults.d/90-boot.toml (100%) rename sources/models/src/{aws-k8s-1.27 => aws-k8s-1.28}/mod.rs (100%) create mode 100644 variants/aws-k8s-1.28/Cargo.toml diff --git a/README.md b/README.md index 7e8b6853722..7d13a919e7e 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ The following variants support EKS, as described above: * `aws-k8s-1.25` * `aws-k8s-1.26` * `aws-k8s-1.27` +* `aws-k8s-1.28` * `aws-k8s-1.23-nvidia` * `aws-k8s-1.24-nvidia` * `aws-k8s-1.25-nvidia` diff --git a/sources/logdog/conf/logdog.aws-k8s-1.28.conf b/sources/logdog/conf/logdog.aws-k8s-1.28.conf new file mode 120000 index 00000000000..63115aee60b --- /dev/null +++ b/sources/logdog/conf/logdog.aws-k8s-1.28.conf @@ -0,0 +1 @@ +aws-k8s.conf \ No newline at end of file diff --git a/sources/models/README.md b/sources/models/README.md index fcaeaad5e00..035df8d9a33 100644 --- a/sources/models/README.md +++ b/sources/models/README.md @@ -64,14 +64,19 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ### aws-k8s-1.27: Kubernetes 1.27 -* [Model](src/aws-k8s-1.27/mod.rs) -* [Default settings](src/aws-k8s-1.27/defaults.d/) +* [Model](src/aws-k8s-1.28/mod.rs) +* [Default settings](src/aws-k8s-1.28/defaults.d/) ### aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA * [Model](src/aws-k8s-1.27-nvidia/mod.rs) * [Default settings](src/aws-k8s-1.27-nvidia/defaults.d/) +### aws-k8s-1.28: Kubernetes 1.28 + +* [Model](src/aws-k8s-1.28/mod.rs) +* [Default settings](src/aws-k8s-1.28/defaults.d/) + ### aws-ecs-1: Amazon ECS * [Model](src/aws-ecs-1/mod.rs) diff --git a/sources/models/src/aws-k8s-1.27 b/sources/models/src/aws-k8s-1.27 new file mode 120000 index 00000000000..d3073c9b7d9 --- /dev/null +++ b/sources/models/src/aws-k8s-1.27 @@ -0,0 +1 @@ +aws-k8s-1.28 \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/10-defaults.toml b/sources/models/src/aws-k8s-1.28/defaults.d/10-defaults.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/10-defaults.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/10-defaults.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/15-aws-tuf.toml b/sources/models/src/aws-k8s-1.28/defaults.d/15-aws-tuf.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/15-aws-tuf.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/15-aws-tuf.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/20-aws-host-containers.toml b/sources/models/src/aws-k8s-1.28/defaults.d/20-aws-host-containers.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/20-aws-host-containers.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/20-aws-host-containers.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/25-cf-signal.toml b/sources/models/src/aws-k8s-1.28/defaults.d/25-cf-signal.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/25-cf-signal.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/25-cf-signal.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/26-aws-autoscaling.toml b/sources/models/src/aws-k8s-1.28/defaults.d/26-aws-autoscaling.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/26-aws-autoscaling.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/26-aws-autoscaling.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/30-metrics.toml b/sources/models/src/aws-k8s-1.28/defaults.d/30-metrics.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/30-metrics.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/30-metrics.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/31-send-metrics-aws.toml b/sources/models/src/aws-k8s-1.28/defaults.d/31-send-metrics-aws.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/31-send-metrics-aws.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/31-send-metrics-aws.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/40-aws-creds.toml b/sources/models/src/aws-k8s-1.28/defaults.d/40-aws-creds.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/40-aws-creds.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/40-aws-creds.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/50-kubernetes-aws.toml b/sources/models/src/aws-k8s-1.28/defaults.d/50-kubernetes-aws.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/50-kubernetes-aws.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/50-kubernetes-aws.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/51-kubernetes-containerd.toml b/sources/models/src/aws-k8s-1.28/defaults.d/51-kubernetes-containerd.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/51-kubernetes-containerd.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/51-kubernetes-containerd.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/52-kubernetes-services.toml b/sources/models/src/aws-k8s-1.28/defaults.d/52-kubernetes-services.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/52-kubernetes-services.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/52-kubernetes-services.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/53-containerd-cri-pki.toml b/sources/models/src/aws-k8s-1.28/defaults.d/53-containerd-cri-pki.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/53-containerd-cri-pki.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/53-containerd-cri-pki.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/54-kubernetes-aws-external-cloud-provider.toml b/sources/models/src/aws-k8s-1.28/defaults.d/54-kubernetes-aws-external-cloud-provider.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/54-kubernetes-aws-external-cloud-provider.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/54-kubernetes-aws-external-cloud-provider.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/55-kubernetes-aws-credential-provider.toml b/sources/models/src/aws-k8s-1.28/defaults.d/55-kubernetes-aws-credential-provider.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/55-kubernetes-aws-credential-provider.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/55-kubernetes-aws-credential-provider.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/models/src/aws-k8s-1.28/defaults.d/56-kubernetes-seccomp-default-false.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/54-kubernetes-seccomp-default-false.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/56-kubernetes-seccomp-default-false.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/60-lockdown-integrity.toml b/sources/models/src/aws-k8s-1.28/defaults.d/60-lockdown-integrity.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/60-lockdown-integrity.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/60-lockdown-integrity.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/70-oci-hooks.toml b/sources/models/src/aws-k8s-1.28/defaults.d/70-oci-hooks.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/70-oci-hooks.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/70-oci-hooks.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/models/src/aws-k8s-1.28/defaults.d/75-oci-defaults-containerd-cri.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/75-oci-defaults-containerd-cri.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/75-oci-defaults-containerd-cri.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.28/defaults.d/76-oci-defaults-capabilities.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/76-oci-defaults-capabilities.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/models/src/aws-k8s-1.28/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml diff --git a/sources/models/src/aws-k8s-1.27/defaults.d/90-boot.toml b/sources/models/src/aws-k8s-1.28/defaults.d/90-boot.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27/defaults.d/90-boot.toml rename to sources/models/src/aws-k8s-1.28/defaults.d/90-boot.toml diff --git a/sources/models/src/aws-k8s-1.27/mod.rs b/sources/models/src/aws-k8s-1.28/mod.rs similarity index 100% rename from sources/models/src/aws-k8s-1.27/mod.rs rename to sources/models/src/aws-k8s-1.28/mod.rs diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index c20d9296110..c05ab74828a 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -61,14 +61,19 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ## aws-k8s-1.27: Kubernetes 1.27 -* [Model](src/aws-k8s-1.27/mod.rs) -* [Default settings](src/aws-k8s-1.27/defaults.d/) +* [Model](src/aws-k8s-1.28/mod.rs) +* [Default settings](src/aws-k8s-1.28/defaults.d/) ## aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA * [Model](src/aws-k8s-1.27-nvidia/mod.rs) * [Default settings](src/aws-k8s-1.27-nvidia/defaults.d/) +## aws-k8s-1.28: Kubernetes 1.28 + +* [Model](src/aws-k8s-1.28/mod.rs) +* [Default settings](src/aws-k8s-1.28/defaults.d/) + ## aws-ecs-1: Amazon ECS * [Model](src/aws-ecs-1/mod.rs) diff --git a/variants/Cargo.lock b/variants/Cargo.lock index 6f9e03ae6b0..68e45482e37 100644 --- a/variants/Cargo.lock +++ b/variants/Cargo.lock @@ -232,6 +232,18 @@ dependencies = [ "release", ] +[[package]] +name = "aws-k8s-1_28" +version = "0.1.0" +dependencies = [ + "aws-iam-authenticator", + "cni", + "cni-plugins", + "kernel-6_1", + "kubernetes-1_28", + "release", +] + [[package]] name = "aws-signing-helper" version = "0.1.0" @@ -589,6 +601,15 @@ dependencies = [ "glibc", ] +[[package]] +name = "kubernetes-1_28" +version = "0.1.0" +dependencies = [ + "aws-signing-helper", + "ecr-credential-provider-1_27", + "glibc", +] + [[package]] name = "libacl" version = "0.1.0" diff --git a/variants/Cargo.toml b/variants/Cargo.toml index 197e75c04e3..3d537393f7b 100644 --- a/variants/Cargo.toml +++ b/variants/Cargo.toml @@ -14,6 +14,7 @@ members = [ "aws-k8s-1.26", "aws-k8s-1.26-nvidia", "aws-k8s-1.27", + "aws-k8s-1.28", "aws-k8s-1.27-nvidia", "metal-dev", "metal-k8s-1.23", diff --git a/variants/README.md b/variants/README.md index a416ad80626..f600a8cc667 100644 --- a/variants/README.md +++ b/variants/README.md @@ -96,6 +96,13 @@ It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazo This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +### aws-k8s-1.28: Kubernetes 1.28 node + +The [aws-k8s-1.28](aws-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. +It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). + +This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. + ### aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA node The [aws-k8s-1.27-nvidia](aws-k8s-1.27-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. diff --git a/variants/aws-k8s-1.28/Cargo.toml b/variants/aws-k8s-1.28/Cargo.toml new file mode 100644 index 00000000000..d8b7e4a01b1 --- /dev/null +++ b/variants/aws-k8s-1.28/Cargo.toml @@ -0,0 +1,48 @@ +[package] +# This is the aws-k8s-1.28 variant. "." is not allowed in crate names, but we +# don't use this crate name anywhere. +name = "aws-k8s-1_28" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +unified-cgroup-hierarchy = true +uefi-secure-boot = true +xfs-data-partition = true + +[package.metadata.build-variant] +included-packages = [ +# core + "release", + "kernel-6.1", +# k8s + "cni", + "cni-plugins", + "kubelet-1.28", + "aws-iam-authenticator", +] +kernel-parameters = [ + "console=tty0", + "console=ttyS0,115200n8", + "net.ifnames=0", + "netdog.default-interface=eth0:dhcp4,dhcp6?", + "quiet", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +# core +release = { path = "../../packages/release" } +kernel-6_1 = { path = "../../packages/kernel-6.1" } +# k8s +cni = { path = "../../packages/cni" } +cni-plugins = { path = "../../packages/cni-plugins" } +kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } +aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } From 5b3fe5c4329583d96555d418b76902c28f72019a Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Tue, 1 Aug 2023 16:23:03 -0700 Subject: [PATCH 3/6] sources, variants: add aws-k8s-1.28-nvidia variant --- README.md | 1 + .../conf/logdog.aws-k8s-1.28-nvidia.conf | 1 + sources/models/README.md | 9 ++- sources/models/src/aws-k8s-1.27-nvidia | 1 + .../defaults.d/10-defaults.toml | 0 .../defaults.d/15-aws-tuf.toml | 0 .../defaults.d/20-aws-host-containers.toml | 0 .../defaults.d/25-cf-signal.toml | 0 .../defaults.d/26-aws-autoscaling.toml | 0 .../defaults.d/30-metrics.toml | 0 .../defaults.d/31-send-metrics-aws.toml | 0 .../defaults.d/40-aws-creds.toml | 0 .../defaults.d/50-kubernetes-aws.toml | 0 .../51-kubernetes-containerd-nvidia.toml | 0 .../defaults.d/52-kubernetes-services.toml | 0 .../defaults.d/53-containerd-cri-pki.toml | 0 ...ubernetes-aws-external-cloud-provider.toml | 0 ...55-kubernetes-aws-credential-provider.toml | 0 .../56-kubernetes-seccomp-default-false.toml} | 0 .../defaults.d/60-lockdown-none.toml | 0 .../defaults.d/70-oci-hooks.toml | 0 .../75-oci-defaults-containerd-cri.toml | 0 .../76-oci-defaults-capabilities.toml | 0 ...faults-containerd-cri-resource-limits.toml | 0 .../defaults.d/90-boot.toml | 0 .../mod.rs | 0 sources/models/src/lib.rs | 9 ++- variants/Cargo.lock | 15 +++++ variants/Cargo.toml | 1 + variants/README.md | 13 +++- variants/aws-k8s-1.28-nvidia/Cargo.toml | 59 +++++++++++++++++++ 31 files changed, 102 insertions(+), 7 deletions(-) create mode 120000 sources/logdog/conf/logdog.aws-k8s-1.28-nvidia.conf create mode 120000 sources/models/src/aws-k8s-1.27-nvidia rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/10-defaults.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/15-aws-tuf.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/20-aws-host-containers.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/25-cf-signal.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/26-aws-autoscaling.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/30-metrics.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/31-send-metrics-aws.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/40-aws-creds.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/50-kubernetes-aws.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/51-kubernetes-containerd-nvidia.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/52-kubernetes-services.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/53-containerd-cri-pki.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/54-kubernetes-aws-external-cloud-provider.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/55-kubernetes-aws-credential-provider.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml => aws-k8s-1.28-nvidia/defaults.d/56-kubernetes-seccomp-default-false.toml} (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/60-lockdown-none.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/70-oci-hooks.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/75-oci-defaults-containerd-cri.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/76-oci-defaults-capabilities.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/defaults.d/90-boot.toml (100%) rename sources/models/src/{aws-k8s-1.27-nvidia => aws-k8s-1.28-nvidia}/mod.rs (100%) create mode 100644 variants/aws-k8s-1.28-nvidia/Cargo.toml diff --git a/README.md b/README.md index 7d13a919e7e..3bcc7be3cb5 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ The following variants support EKS, as described above: * `aws-k8s-1.25-nvidia` * `aws-k8s-1.26-nvidia` * `aws-k8s-1.27-nvidia` +* `aws-k8s-1.28-nvidia` The following variants support ECS: diff --git a/sources/logdog/conf/logdog.aws-k8s-1.28-nvidia.conf b/sources/logdog/conf/logdog.aws-k8s-1.28-nvidia.conf new file mode 120000 index 00000000000..63115aee60b --- /dev/null +++ b/sources/logdog/conf/logdog.aws-k8s-1.28-nvidia.conf @@ -0,0 +1 @@ +aws-k8s.conf \ No newline at end of file diff --git a/sources/models/README.md b/sources/models/README.md index 035df8d9a33..82069bc936a 100644 --- a/sources/models/README.md +++ b/sources/models/README.md @@ -69,14 +69,19 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ### aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA -* [Model](src/aws-k8s-1.27-nvidia/mod.rs) -* [Default settings](src/aws-k8s-1.27-nvidia/defaults.d/) +* [Model](src/aws-k8s-1.28-nvidia/mod.rs) +* [Default settings](src/aws-k8s-1.28-nvidia/defaults.d/) ### aws-k8s-1.28: Kubernetes 1.28 * [Model](src/aws-k8s-1.28/mod.rs) * [Default settings](src/aws-k8s-1.28/defaults.d/) +### aws-k8s-1.28-nvidia: Kubernetes 1.28 NVIDIA + +* [Model](src/aws-k8s-1.28-nvidia/mod.rs) +* [Default settings](src/aws-k8s-1.28-nvidia/defaults.d/) + ### aws-ecs-1: Amazon ECS * [Model](src/aws-ecs-1/mod.rs) diff --git a/sources/models/src/aws-k8s-1.27-nvidia b/sources/models/src/aws-k8s-1.27-nvidia new file mode 120000 index 00000000000..51b13d5fc83 --- /dev/null +++ b/sources/models/src/aws-k8s-1.27-nvidia @@ -0,0 +1 @@ +aws-k8s-1.28-nvidia \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/10-defaults.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/10-defaults.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/10-defaults.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/10-defaults.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/15-aws-tuf.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/15-aws-tuf.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/15-aws-tuf.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/15-aws-tuf.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/20-aws-host-containers.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/20-aws-host-containers.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/20-aws-host-containers.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/20-aws-host-containers.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/25-cf-signal.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/25-cf-signal.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/25-cf-signal.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/25-cf-signal.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/26-aws-autoscaling.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/26-aws-autoscaling.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/26-aws-autoscaling.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/26-aws-autoscaling.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/30-metrics.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/30-metrics.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/30-metrics.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/30-metrics.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/31-send-metrics-aws.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/31-send-metrics-aws.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/31-send-metrics-aws.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/31-send-metrics-aws.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/40-aws-creds.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/40-aws-creds.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/40-aws-creds.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/40-aws-creds.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/50-kubernetes-aws.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/50-kubernetes-aws.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/50-kubernetes-aws.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/50-kubernetes-aws.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/51-kubernetes-containerd-nvidia.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/52-kubernetes-services.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/52-kubernetes-services.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/52-kubernetes-services.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/52-kubernetes-services.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/53-containerd-cri-pki.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/53-containerd-cri-pki.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/53-containerd-cri-pki.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/53-containerd-cri-pki.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/54-kubernetes-aws-external-cloud-provider.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/55-kubernetes-aws-credential-provider.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/55-kubernetes-aws-credential-provider.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/55-kubernetes-aws-credential-provider.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/55-kubernetes-aws-credential-provider.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/56-kubernetes-seccomp-default-false.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/54-kubernetes-seccomp-default-false.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/56-kubernetes-seccomp-default-false.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/60-lockdown-none.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/60-lockdown-none.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/60-lockdown-none.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/60-lockdown-none.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/70-oci-hooks.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/70-oci-hooks.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/70-oci-hooks.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/70-oci-hooks.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/75-oci-defaults-containerd-cri.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/76-oci-defaults-capabilities.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/76-oci-defaults-capabilities.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/76-oci-defaults-capabilities.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/defaults.d/90-boot.toml b/sources/models/src/aws-k8s-1.28-nvidia/defaults.d/90-boot.toml similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/defaults.d/90-boot.toml rename to sources/models/src/aws-k8s-1.28-nvidia/defaults.d/90-boot.toml diff --git a/sources/models/src/aws-k8s-1.27-nvidia/mod.rs b/sources/models/src/aws-k8s-1.28-nvidia/mod.rs similarity index 100% rename from sources/models/src/aws-k8s-1.27-nvidia/mod.rs rename to sources/models/src/aws-k8s-1.28-nvidia/mod.rs diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index c05ab74828a..231b7d686e5 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -66,14 +66,19 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ## aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA -* [Model](src/aws-k8s-1.27-nvidia/mod.rs) -* [Default settings](src/aws-k8s-1.27-nvidia/defaults.d/) +* [Model](src/aws-k8s-1.28-nvidia/mod.rs) +* [Default settings](src/aws-k8s-1.28-nvidia/defaults.d/) ## aws-k8s-1.28: Kubernetes 1.28 * [Model](src/aws-k8s-1.28/mod.rs) * [Default settings](src/aws-k8s-1.28/defaults.d/) +## aws-k8s-1.28-nvidia: Kubernetes 1.28 NVIDIA + +* [Model](src/aws-k8s-1.28-nvidia/mod.rs) +* [Default settings](src/aws-k8s-1.28-nvidia/defaults.d/) + ## aws-ecs-1: Amazon ECS * [Model](src/aws-ecs-1/mod.rs) diff --git a/variants/Cargo.lock b/variants/Cargo.lock index 68e45482e37..4d4aa50a1e9 100644 --- a/variants/Cargo.lock +++ b/variants/Cargo.lock @@ -244,6 +244,21 @@ dependencies = [ "release", ] +[[package]] +name = "aws-k8s-1_28-nvidia" +version = "0.1.0" +dependencies = [ + "aws-iam-authenticator", + "cni", + "cni-plugins", + "kernel-6_1", + "kmod-6_1-nvidia", + "kubernetes-1_28", + "nvidia-container-toolkit", + "nvidia-k8s-device-plugin", + "release", +] + [[package]] name = "aws-signing-helper" version = "0.1.0" diff --git a/variants/Cargo.toml b/variants/Cargo.toml index 3d537393f7b..3865a214ca2 100644 --- a/variants/Cargo.toml +++ b/variants/Cargo.toml @@ -16,6 +16,7 @@ members = [ "aws-k8s-1.27", "aws-k8s-1.28", "aws-k8s-1.27-nvidia", + "aws-k8s-1.28-nvidia", "metal-dev", "metal-k8s-1.23", "metal-k8s-1.24", diff --git a/variants/README.md b/variants/README.md index f600a8cc667..c868c5a091f 100644 --- a/variants/README.md +++ b/variants/README.md @@ -96,6 +96,13 @@ It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazo This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +### aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA node + +The [aws-k8s-1.27-nvidia](aws-k8s-1.27-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. +It also includes the required packages to configure containers to leverage NVIDIA GPUs. +It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). +This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. + ### aws-k8s-1.28: Kubernetes 1.28 node The [aws-k8s-1.28](aws-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. @@ -103,12 +110,12 @@ It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazo This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. -### aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA node +### aws-k8s-1.28-nvidia: Kubernetes 1.28 NVIDIA node -The [aws-k8s-1.27-nvidia](aws-k8s-1.27-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. +The [aws-k8s-1.28-nvidia](aws-k8s-1.28-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. ### aws-ecs-1: Amazon ECS container instance diff --git a/variants/aws-k8s-1.28-nvidia/Cargo.toml b/variants/aws-k8s-1.28-nvidia/Cargo.toml new file mode 100644 index 00000000000..4ad253928fd --- /dev/null +++ b/variants/aws-k8s-1.28-nvidia/Cargo.toml @@ -0,0 +1,59 @@ +[package] +# This is the aws-k8s-1.28-nvidia variant. "." is not allowed in crate names, but we +# don't use this crate name anywhere. +name = "aws-k8s-1_28-nvidia" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[package.metadata.build-variant.image-layout] +os-image-size-gib = 4 + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +unified-cgroup-hierarchy = true +uefi-secure-boot = true +xfs-data-partition = true + +[package.metadata.build-variant] +included-packages = [ + # core + "release", + "kernel-6.1", + # k8s + "cni", + "cni-plugins", + "kubelet-1.28", + "aws-iam-authenticator", + # nvidia + "nvidia-container-toolkit", + "nvidia-k8s-device-plugin", + "kmod-6.1-nvidia-tesla-535", +] +kernel-parameters = [ + "console=tty0", + "console=ttyS0,115200n8", + "net.ifnames=0", + "netdog.default-interface=eth0:dhcp4,dhcp6?", + "quiet", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +# core +release = { path = "../../packages/release" } +kernel-6_1 = { path = "../../packages/kernel-6.1" } +# k8s +cni = { path = "../../packages/cni" } +cni-plugins = { path = "../../packages/cni-plugins" } +kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } +aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } +# nvidia +nvidia-container-toolkit = { path = "../../packages/nvidia-container-toolkit" } +nvidia-k8s-device-plugin = { path = "../../packages/nvidia-k8s-device-plugin" } +kmod-6_1-nvidia = { path = "../../packages/kmod-6.1-nvidia" } From 4618eaaa5364c5f3418f9fd405a9ad7743e97b7c Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Tue, 1 Aug 2023 16:41:14 -0700 Subject: [PATCH 4/6] sources, variants: add vmware-k8s-1.28 variant --- README.md | 1 + .../logdog/conf/logdog.vmware-k8s-1.28.conf | 1 + sources/models/README.md | 25 +++++---- sources/models/src/lib.rs | 25 +++++---- sources/models/src/vmware-k8s-1.27 | 1 + .../defaults.d/10-defaults.toml | 0 .../defaults.d/15-public-tuf.toml | 0 .../defaults.d/20-public-host-containers.toml | 0 .../defaults.d/30-metrics.toml | 0 .../defaults.d/31-send-metrics.toml | 0 .../defaults.d/40-aws-creds.toml | 0 .../defaults.d/50-kubernetes-vmware.toml | 0 .../defaults.d/51-kubernetes-containerd.toml | 0 .../defaults.d/52-kubernetes-services.toml | 0 .../defaults.d/53-containerd-cri-pki.toml | 0 .../54-kubernetes-seccomp-default-false.toml | 0 .../defaults.d/60-lockdown-integrity.toml | 0 .../defaults.d/70-public-ntp.toml | 0 .../75-oci-defaults-containerd-cri.toml | 0 .../76-oci-defaults-capabilities.toml | 0 ...faults-containerd-cri-resource-limits.toml | 0 .../defaults.d/80-oci-hooks.toml | 0 .../defaults.d/90-boot.toml | 0 .../mod.rs | 0 variants/Cargo.lock | 12 ++++ variants/Cargo.toml | 1 + variants/README.md | 9 ++- variants/vmware-k8s-1.28/Cargo.toml | 56 +++++++++++++++++++ variants/vmware-k8s-1.28/template.ovf | 1 + 29 files changed, 111 insertions(+), 21 deletions(-) create mode 120000 sources/logdog/conf/logdog.vmware-k8s-1.28.conf create mode 120000 sources/models/src/vmware-k8s-1.27 rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/10-defaults.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/15-public-tuf.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/20-public-host-containers.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/30-metrics.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/31-send-metrics.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/40-aws-creds.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/50-kubernetes-vmware.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/51-kubernetes-containerd.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/52-kubernetes-services.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/53-containerd-cri-pki.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/54-kubernetes-seccomp-default-false.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/60-lockdown-integrity.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/70-public-ntp.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/75-oci-defaults-containerd-cri.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/76-oci-defaults-capabilities.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/80-oci-hooks.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/defaults.d/90-boot.toml (100%) rename sources/models/src/{vmware-k8s-1.27 => vmware-k8s-1.28}/mod.rs (100%) create mode 100644 variants/vmware-k8s-1.28/Cargo.toml create mode 120000 variants/vmware-k8s-1.28/template.ovf diff --git a/README.md b/README.md index 3bcc7be3cb5..775f692f144 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,7 @@ We also have variants that are designed to be Kubernetes worker nodes in VMware: * `vmware-k8s-1.25` * `vmware-k8s-1.26` * `vmware-k8s-1.27` +* `vmware-k8s-1.28` The following variants are designed to be Kubernetes worker nodes on bare metal: diff --git a/sources/logdog/conf/logdog.vmware-k8s-1.28.conf b/sources/logdog/conf/logdog.vmware-k8s-1.28.conf new file mode 120000 index 00000000000..7134ec8b998 --- /dev/null +++ b/sources/logdog/conf/logdog.vmware-k8s-1.28.conf @@ -0,0 +1 @@ +k8s.conf \ No newline at end of file diff --git a/sources/models/README.md b/sources/models/README.md index 82069bc936a..1f2c7704da4 100644 --- a/sources/models/README.md +++ b/sources/models/README.md @@ -114,28 +114,33 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ### vmware-k8s-1.23: VMware Kubernetes 1.23 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ### vmware-k8s-1.24: VMware Kubernetes 1.24 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ### vmware-k8s-1.25: VMware Kubernetes 1.25 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ### vmware-k8s-1.26: VMware Kubernetes 1.26 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ### vmware-k8s-1.27: VMware Kubernetes 1.27 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) + +### vmware-k8s-1.27: VMware Kubernetes 1.27 + +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ### metal-dev: Metal development build diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index 231b7d686e5..24a4b83494c 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -111,28 +111,33 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ## vmware-k8s-1.23: VMware Kubernetes 1.23 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ## vmware-k8s-1.24: VMware Kubernetes 1.24 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ## vmware-k8s-1.25: VMware Kubernetes 1.25 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ## vmware-k8s-1.26: VMware Kubernetes 1.26 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ## vmware-k8s-1.27: VMware Kubernetes 1.27 -* [Model](src/vmware-k8s-1.27/mod.rs) -* [Default settings](src/vmware-k8s-1.27/defaults.d/) +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) + +## vmware-k8s-1.27: VMware Kubernetes 1.27 + +* [Model](src/vmware-k8s-1.28/mod.rs) +* [Default settings](src/vmware-k8s-1.28/defaults.d/) ## metal-dev: Metal development build diff --git a/sources/models/src/vmware-k8s-1.27 b/sources/models/src/vmware-k8s-1.27 new file mode 120000 index 00000000000..fb914adaab0 --- /dev/null +++ b/sources/models/src/vmware-k8s-1.27 @@ -0,0 +1 @@ +vmware-k8s-1.28 \ No newline at end of file diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/10-defaults.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/10-defaults.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/10-defaults.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/10-defaults.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/15-public-tuf.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/15-public-tuf.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/15-public-tuf.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/15-public-tuf.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/20-public-host-containers.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/20-public-host-containers.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/20-public-host-containers.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/20-public-host-containers.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/30-metrics.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/30-metrics.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/30-metrics.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/30-metrics.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/31-send-metrics.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/31-send-metrics.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/31-send-metrics.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/31-send-metrics.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/40-aws-creds.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/40-aws-creds.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/40-aws-creds.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/40-aws-creds.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/50-kubernetes-vmware.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/50-kubernetes-vmware.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/50-kubernetes-vmware.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/50-kubernetes-vmware.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/51-kubernetes-containerd.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/51-kubernetes-containerd.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/51-kubernetes-containerd.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/51-kubernetes-containerd.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/52-kubernetes-services.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/52-kubernetes-services.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/52-kubernetes-services.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/52-kubernetes-services.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/53-containerd-cri-pki.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/53-containerd-cri-pki.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/53-containerd-cri-pki.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/53-containerd-cri-pki.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/54-kubernetes-seccomp-default-false.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/54-kubernetes-seccomp-default-false.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/54-kubernetes-seccomp-default-false.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/60-lockdown-integrity.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/60-lockdown-integrity.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/60-lockdown-integrity.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/60-lockdown-integrity.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/70-public-ntp.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/70-public-ntp.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/70-public-ntp.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/70-public-ntp.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/75-oci-defaults-containerd-cri.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/75-oci-defaults-containerd-cri.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/75-oci-defaults-containerd-cri.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/75-oci-defaults-containerd-cri.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/76-oci-defaults-capabilities.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/76-oci-defaults-capabilities.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/76-oci-defaults-capabilities.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/77-oci-defaults-containerd-cri-resource-limits.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/80-oci-hooks.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/80-oci-hooks.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/80-oci-hooks.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/80-oci-hooks.toml diff --git a/sources/models/src/vmware-k8s-1.27/defaults.d/90-boot.toml b/sources/models/src/vmware-k8s-1.28/defaults.d/90-boot.toml similarity index 100% rename from sources/models/src/vmware-k8s-1.27/defaults.d/90-boot.toml rename to sources/models/src/vmware-k8s-1.28/defaults.d/90-boot.toml diff --git a/sources/models/src/vmware-k8s-1.27/mod.rs b/sources/models/src/vmware-k8s-1.28/mod.rs similarity index 100% rename from sources/models/src/vmware-k8s-1.27/mod.rs rename to sources/models/src/vmware-k8s-1.28/mod.rs diff --git a/variants/Cargo.lock b/variants/Cargo.lock index 4d4aa50a1e9..19e450456a7 100644 --- a/variants/Cargo.lock +++ b/variants/Cargo.lock @@ -1234,6 +1234,18 @@ dependencies = [ "release", ] +[[package]] +name = "vmware-k8s-1_28" +version = "0.1.0" +dependencies = [ + "cni", + "cni-plugins", + "kernel-6_1", + "kubernetes-1_28", + "open-vm-tools", + "release", +] + [[package]] name = "wicked" version = "0.1.0" diff --git a/variants/Cargo.toml b/variants/Cargo.toml index 3865a214ca2..44eabb0dee2 100644 --- a/variants/Cargo.toml +++ b/variants/Cargo.toml @@ -29,6 +29,7 @@ members = [ "vmware-k8s-1.25", "vmware-k8s-1.26", "vmware-k8s-1.27", + "vmware-k8s-1.28", ] [profile.dev] diff --git a/variants/README.md b/variants/README.md index c868c5a091f..431ff4877db 100644 --- a/variants/README.md +++ b/variants/README.md @@ -178,13 +178,20 @@ It supports self-hosted clusters. This variant is compatible with Kubernetes 1.26, 1.27, and 1.28 clusters. -## vmware-k8s-1.27: VMware Kubernetes 1.26 7ode +## vmware-k8s-1.27: VMware Kubernetes 1.27 node The [vmware-k8s-1.27](vmware-k8s-1.27/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. It supports self-hosted clusters. This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +## vmware-k8s-1.28: VMware Kubernetes 1.28 node + +The [vmware-k8s-1.27](vmware-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. +It supports self-hosted clusters. + +This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. + ### metal-dev: Metal development build The [metal-dev](metal-dev/Cargo.toml) variant has useful packages for local development of the OS and is intended to run bare metal. diff --git a/variants/vmware-k8s-1.28/Cargo.toml b/variants/vmware-k8s-1.28/Cargo.toml new file mode 100644 index 00000000000..8f1cd493d03 --- /dev/null +++ b/variants/vmware-k8s-1.28/Cargo.toml @@ -0,0 +1,56 @@ +[package] +# This is the vmware-k8s-1.28 variant. "." is not allowed in crate names, but +# we don't use this crate name anywhere. +name = "vmware-k8s-1_28" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[package.metadata.build-variant.image-layout] +partition-plan = "unified" + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +unified-cgroup-hierarchy = true +uefi-secure-boot = true +xfs-data-partition = true + +[package.metadata.build-variant] +image-format = "vmdk" +supported-arches = ["x86_64"] +kernel-parameters = [ + "console=tty1", + # Only reserve if there are at least 2GB + "crashkernel=2G-:256M", + "net.ifnames=0", + "netdog.default-interface=eth0:dhcp4,dhcp6?", + "quiet", +] +included-packages = [ + # core + "release", + "kernel-6.1", + # k8s + "cni", + "cni-plugins", + "kubelet-1.28", + # vmware + "open-vm-tools", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +# core +release = { path = "../../packages/release" } +kernel-6_1 = { path = "../../packages/kernel-6.1" } +# k8s +cni = { path = "../../packages/cni" } +cni-plugins = { path = "../../packages/cni-plugins" } +kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } +# vmware +open-vm-tools = { path = "../../packages/open-vm-tools" } diff --git a/variants/vmware-k8s-1.28/template.ovf b/variants/vmware-k8s-1.28/template.ovf new file mode 120000 index 00000000000..db70bac6f1b --- /dev/null +++ b/variants/vmware-k8s-1.28/template.ovf @@ -0,0 +1 @@ +../shared/template-unified-secboot.ovf \ No newline at end of file From e4b41870ecf2f586b123d2a5ddc34cfc4cd1de67 Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Tue, 1 Aug 2023 16:49:04 -0700 Subject: [PATCH 5/6] sources, variants: add metal-k8s-1.28 variant --- README.md | 1 + .../logdog/conf/logdog.metal-k8s-1.28.conf | 1 + sources/models/README.md | 25 +++++---- sources/models/src/lib.rs | 25 +++++---- sources/models/src/metal-k8s-1.27 | 1 + .../defaults.d/10-defaults.toml | 0 .../defaults.d/15-public-tuf.toml | 0 .../defaults.d/20-public-host-containers.toml | 0 .../defaults.d/30-metrics.toml | 0 .../defaults.d/31-send-metrics.toml | 0 .../defaults.d/40-aws-creds.toml | 0 .../defaults.d/50-kubernetes-metal.toml | 0 .../defaults.d/51-kubernetes-containerd.toml | 0 .../defaults.d/52-kubernetes-services.toml | 0 .../defaults.d/53-containerd-cri-pki.toml | 0 .../54-kubernetes-seccomp-default-false.toml | 0 .../defaults.d/60-lockdown-integrity.toml | 0 .../defaults.d/70-public-ntp.toml | 0 .../defaults.d/80-oci-hooks.toml | 0 .../85-oci-defaults-containerd-cri.toml | 0 .../86-oci-defaults-capabilities.toml | 0 ...faults-containerd-cri-resource-limits.toml | 0 .../defaults.d/90-boot.toml | 0 .../{metal-k8s-1.27 => metal-k8s-1.28}/mod.rs | 0 variants/Cargo.lock | 12 +++++ variants/Cargo.toml | 1 + variants/README.md | 7 +++ variants/metal-k8s-1.28/Cargo.toml | 51 +++++++++++++++++++ 28 files changed, 104 insertions(+), 20 deletions(-) create mode 120000 sources/logdog/conf/logdog.metal-k8s-1.28.conf create mode 120000 sources/models/src/metal-k8s-1.27 rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/10-defaults.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/15-public-tuf.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/20-public-host-containers.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/30-metrics.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/31-send-metrics.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/40-aws-creds.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/50-kubernetes-metal.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/51-kubernetes-containerd.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/52-kubernetes-services.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/53-containerd-cri-pki.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/54-kubernetes-seccomp-default-false.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/60-lockdown-integrity.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/70-public-ntp.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/80-oci-hooks.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/85-oci-defaults-containerd-cri.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/86-oci-defaults-capabilities.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/defaults.d/90-boot.toml (100%) rename sources/models/src/{metal-k8s-1.27 => metal-k8s-1.28}/mod.rs (100%) create mode 100644 variants/metal-k8s-1.28/Cargo.toml diff --git a/README.md b/README.md index 775f692f144..cd8f861124d 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ The following variants are designed to be Kubernetes worker nodes on bare metal: * `metal-k8s-1.25` * `metal-k8s-1.26` * `metal-k8s-1.27` +* `metal-k8s-1.28` The following variants are no longer supported: diff --git a/sources/logdog/conf/logdog.metal-k8s-1.28.conf b/sources/logdog/conf/logdog.metal-k8s-1.28.conf new file mode 120000 index 00000000000..7134ec8b998 --- /dev/null +++ b/sources/logdog/conf/logdog.metal-k8s-1.28.conf @@ -0,0 +1 @@ +k8s.conf \ No newline at end of file diff --git a/sources/models/README.md b/sources/models/README.md index 1f2c7704da4..4c9f763fd28 100644 --- a/sources/models/README.md +++ b/sources/models/README.md @@ -149,28 +149,33 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ### metal-k8s-1.23: Metal Kubernetes 1.23 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ### metal-k8s-1.24: Metal Kubernetes 1.24 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ### metal-k8s-1.25: Metal Kubernetes 1.25 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ### metal-k8s-1.26: Metal Kubernetes 1.26 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ### metal-k8s-1.27: Metal Kubernetes 1.27 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) + +### metal-k8s-1.28: Metal Kubernetes 1.28 + +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ## This directory diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index 24a4b83494c..e1ebf9e40c5 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -146,28 +146,33 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and ## metal-k8s-1.23: Metal Kubernetes 1.23 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ## metal-k8s-1.24: Metal Kubernetes 1.24 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ## metal-k8s-1.25: Metal Kubernetes 1.25 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ## metal-k8s-1.26: Metal Kubernetes 1.26 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) ## metal-k8s-1.27: Metal Kubernetes 1.27 -* [Model](src/metal-k8s-1.27/mod.rs) -* [Default settings](src/metal-k8s-1.27/defaults.d/) +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) + +## metal-k8s-1.28: Metal Kubernetes 1.28 + +* [Model](src/metal-k8s-1.28/mod.rs) +* [Default settings](src/metal-k8s-1.28/defaults.d/) # This directory diff --git a/sources/models/src/metal-k8s-1.27 b/sources/models/src/metal-k8s-1.27 new file mode 120000 index 00000000000..51707e5c0db --- /dev/null +++ b/sources/models/src/metal-k8s-1.27 @@ -0,0 +1 @@ +metal-k8s-1.28 \ No newline at end of file diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/10-defaults.toml b/sources/models/src/metal-k8s-1.28/defaults.d/10-defaults.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/10-defaults.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/10-defaults.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/15-public-tuf.toml b/sources/models/src/metal-k8s-1.28/defaults.d/15-public-tuf.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/15-public-tuf.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/15-public-tuf.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/20-public-host-containers.toml b/sources/models/src/metal-k8s-1.28/defaults.d/20-public-host-containers.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/20-public-host-containers.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/20-public-host-containers.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/30-metrics.toml b/sources/models/src/metal-k8s-1.28/defaults.d/30-metrics.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/30-metrics.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/30-metrics.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/31-send-metrics.toml b/sources/models/src/metal-k8s-1.28/defaults.d/31-send-metrics.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/31-send-metrics.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/31-send-metrics.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/40-aws-creds.toml b/sources/models/src/metal-k8s-1.28/defaults.d/40-aws-creds.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/40-aws-creds.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/40-aws-creds.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/50-kubernetes-metal.toml b/sources/models/src/metal-k8s-1.28/defaults.d/50-kubernetes-metal.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/50-kubernetes-metal.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/50-kubernetes-metal.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/51-kubernetes-containerd.toml b/sources/models/src/metal-k8s-1.28/defaults.d/51-kubernetes-containerd.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/51-kubernetes-containerd.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/51-kubernetes-containerd.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/52-kubernetes-services.toml b/sources/models/src/metal-k8s-1.28/defaults.d/52-kubernetes-services.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/52-kubernetes-services.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/52-kubernetes-services.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/53-containerd-cri-pki.toml b/sources/models/src/metal-k8s-1.28/defaults.d/53-containerd-cri-pki.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/53-containerd-cri-pki.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/53-containerd-cri-pki.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/54-kubernetes-seccomp-default-false.toml b/sources/models/src/metal-k8s-1.28/defaults.d/54-kubernetes-seccomp-default-false.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/54-kubernetes-seccomp-default-false.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/54-kubernetes-seccomp-default-false.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/60-lockdown-integrity.toml b/sources/models/src/metal-k8s-1.28/defaults.d/60-lockdown-integrity.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/60-lockdown-integrity.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/60-lockdown-integrity.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/70-public-ntp.toml b/sources/models/src/metal-k8s-1.28/defaults.d/70-public-ntp.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/70-public-ntp.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/70-public-ntp.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/80-oci-hooks.toml b/sources/models/src/metal-k8s-1.28/defaults.d/80-oci-hooks.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/80-oci-hooks.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/80-oci-hooks.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/85-oci-defaults-containerd-cri.toml b/sources/models/src/metal-k8s-1.28/defaults.d/85-oci-defaults-containerd-cri.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/85-oci-defaults-containerd-cri.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/85-oci-defaults-containerd-cri.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-capabilities.toml b/sources/models/src/metal-k8s-1.28/defaults.d/86-oci-defaults-capabilities.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/86-oci-defaults-capabilities.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/86-oci-defaults-capabilities.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml b/sources/models/src/metal-k8s-1.28/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/87-oci-defaults-containerd-cri-resource-limits.toml diff --git a/sources/models/src/metal-k8s-1.27/defaults.d/90-boot.toml b/sources/models/src/metal-k8s-1.28/defaults.d/90-boot.toml similarity index 100% rename from sources/models/src/metal-k8s-1.27/defaults.d/90-boot.toml rename to sources/models/src/metal-k8s-1.28/defaults.d/90-boot.toml diff --git a/sources/models/src/metal-k8s-1.27/mod.rs b/sources/models/src/metal-k8s-1.28/mod.rs similarity index 100% rename from sources/models/src/metal-k8s-1.27/mod.rs rename to sources/models/src/metal-k8s-1.28/mod.rs diff --git a/variants/Cargo.lock b/variants/Cargo.lock index 19e450456a7..40397cf9284 100644 --- a/variants/Cargo.lock +++ b/variants/Cargo.lock @@ -990,6 +990,18 @@ dependencies = [ "release", ] +[[package]] +name = "metal-k8s-1_28" +version = "0.1.0" +dependencies = [ + "aws-iam-authenticator", + "cni", + "cni-plugins", + "kernel-6_1", + "kubernetes-1_28", + "release", +] + [[package]] name = "microcode" version = "0.1.0" diff --git a/variants/Cargo.toml b/variants/Cargo.toml index 44eabb0dee2..4c8b80ed1f7 100644 --- a/variants/Cargo.toml +++ b/variants/Cargo.toml @@ -23,6 +23,7 @@ members = [ "metal-k8s-1.25", "metal-k8s-1.26", "metal-k8s-1.27", + "metal-k8s-1.28", "vmware-dev", "vmware-k8s-1.23", "vmware-k8s-1.24", diff --git a/variants/README.md b/variants/README.md index 431ff4877db..75187256e08 100644 --- a/variants/README.md +++ b/variants/README.md @@ -232,6 +232,13 @@ It supports self-hosted clusters. This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +### metal-k8s-1.28: Metal Kubernetes 1.28 node + +The [metal-k8s-1.28](metal-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. +It supports self-hosted clusters. + +This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. + ### Deprecated variants #### aws-k8s-1.15: Kubernetes 1.15 node diff --git a/variants/metal-k8s-1.28/Cargo.toml b/variants/metal-k8s-1.28/Cargo.toml new file mode 100644 index 00000000000..f28fe623f58 --- /dev/null +++ b/variants/metal-k8s-1.28/Cargo.toml @@ -0,0 +1,51 @@ +[package] +# This is the metal-k8s-1.28 variant. "." is not allowed in crate names, but +# we don't use this crate name anywhere. +name = "metal-k8s-1_28" +version = "0.1.0" +edition = "2021" +publish = false +build = "../build.rs" +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[package.metadata.build-variant.image-layout] +os-image-size-gib = 4 +partition-plan = "unified" + +[package.metadata.build-variant.image-features] +grub-set-private-var = true +unified-cgroup-hierarchy = true +uefi-secure-boot = true +xfs-data-partition = true + +[package.metadata.build-variant] +image-format = "raw" +supported-arches = ["x86_64"] +kernel-parameters = [ + # Only reserve if there are at least 2GB + "crashkernel=2G-:256M" +] +included-packages = [ + # core + "release", + "kernel-6.1", + # k8s + "aws-iam-authenticator", + "cni", + "cni-plugins", + "kubelet-1.28", +] + +[lib] +path = "../variants.rs" + +[build-dependencies] +# core +release = { path = "../../packages/release" } +kernel-6_1 = { path = "../../packages/kernel-6.1" } +# k8s +aws-iam-authenticator = { path = "../../packages/aws-iam-authenticator" } +cni = { path = "../../packages/cni" } +cni-plugins = { path = "../../packages/cni-plugins" } +kubernetes-1_28 = { path = "../../packages/kubernetes-1.28" } From e6cd038ab17867b88112864d11865c8cf91ae732 Mon Sep 17 00:00:00 2001 From: Erikson Tung Date: Tue, 29 Aug 2023 14:53:53 -0700 Subject: [PATCH 6/6] variants: update README with new control plane and node version skew Starting with K8s 1.28, the supported skew between the node and control plane componenets expands by one minor version from n-2 to n-3. See https://kubernetes.io/blog/2023/08/15/kubernetes-v1-28-release/#changes-to-supported-skew-between-control-plane-and-node-versions --- variants/README.md | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/variants/README.md b/variants/README.md index 75187256e08..ff099d33139 100644 --- a/variants/README.md +++ b/variants/README.md @@ -45,6 +45,7 @@ This variant is compatible with Kubernetes 1.23, 1.24, and 1.25 clusters. The [aws-k8s-1.23-nvidia](aws-k8s-1.23-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). + This variant is compatible with Kubernetes 1.23, 1.24, and 1.25 clusters. ### aws-k8s-1.24: Kubernetes 1.24 node @@ -59,6 +60,7 @@ This variant is compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. The [aws-k8s-1.24-nvidia](aws-k8s-1.24-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). + This variant is compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. ### aws-k8s-1.25: Kubernetes 1.25 node @@ -66,56 +68,60 @@ This variant is compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. The [aws-k8s-1.25](aws-k8s-1.25/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.25, 1.26, and 1.27 clusters. +This variant is compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. ### aws-k8s-1.25-nvidia: Kubernetes 1.25 NVIDIA node The [aws-k8s-1.25-nvidia](aws-k8s-1.25-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.25, 1.26, and 1.27 clusters. + +This variant is compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. ### aws-k8s-1.26: Kubernetes 1.26 node The [aws-k8s-1.26](aws-k8s-1.26/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.26, 1.27, and 1.28 clusters. +This variant is compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. ### aws-k8s-1.26-nvidia: Kubernetes 1.26 NVIDIA node The [aws-k8s-1.26-nvidia](aws-k8s-1.26-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.26, 1.27, and 1.28 clusters. + +This variant is compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. ### aws-k8s-1.27: Kubernetes 1.27 node The [aws-k8s-1.27](aws-k8s-1.27/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. ### aws-k8s-1.27-nvidia: Kubernetes 1.27 NVIDIA node The [aws-k8s-1.27-nvidia](aws-k8s-1.27-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. + +This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. ### aws-k8s-1.28: Kubernetes 1.28 node The [aws-k8s-1.28](aws-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. +This variant is compatible with Kubernetes 1.28, 1.29, 1.30, and 1.31 clusters. ### aws-k8s-1.28-nvidia: Kubernetes 1.28 NVIDIA node The [aws-k8s-1.28-nvidia](aws-k8s-1.28-nvidia/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. It also includes the required packages to configure containers to leverage NVIDIA GPUs. It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). -This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. + +This variant is compatible with Kubernetes 1.28, 1.29, 1.30, and 1.31 clusters. ### aws-ecs-1: Amazon ECS container instance @@ -169,28 +175,28 @@ This variant is compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. The [vmware-k8s-1.25](vmware-k8s-1.25/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.25, 1.26, and 1.27 clusters. +This variant is compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. ## vmware-k8s-1.26: VMware Kubernetes 1.26 node The [vmware-k8s-1.26](vmware-k8s-1.26/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.26, 1.27, and 1.28 clusters. +This variant is compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. ## vmware-k8s-1.27: VMware Kubernetes 1.27 node The [vmware-k8s-1.27](vmware-k8s-1.27/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. ## vmware-k8s-1.28: VMware Kubernetes 1.28 node The [vmware-k8s-1.27](vmware-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes worker node as a VMware guest. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. +This variant is compatible with Kubernetes 1.28, 1.29, 1.30 and 1.31 clusters. ### metal-dev: Metal development build @@ -216,28 +222,28 @@ This variant is compatible with Kubernetes 1.24, 1.25, and 1.26 clusters. The [metal-k8s-1.25](metal-k8s-1.25/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.25, 1.26, and 1.27 clusters. +This variant is compatible with Kubernetes 1.25, 1.26, 1.27, and 1.28 clusters. ### metal-k8s-1.26: Metal Kubernetes 1.26 node The [metal-k8s-1.26](metal-k8s-1.26/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.26, 1.27, and 1.28 clusters. +This variant is compatible with Kubernetes 1.26, 1.27, 1.28, and 1.29 clusters. ### metal-k8s-1.27: Metal Kubernetes 1.27 node The [metal-k8s-1.27](metal-k8s-1.27/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.27, 1.28, and 1.29 clusters. +This variant is compatible with Kubernetes 1.27, 1.28, 1.29, and 1.30 clusters. ### metal-k8s-1.28: Metal Kubernetes 1.28 node The [metal-k8s-1.28](metal-k8s-1.28/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal. It supports self-hosted clusters. -This variant is compatible with Kubernetes 1.28, 1.29, and 1.30 clusters. +This variant is compatible with Kubernetes 1.28, 1.29, 1.30, and 1.31 clusters. ### Deprecated variants