Bake k0s as a systemd sysext image.

[mnbro]

Bake k0s as a systemd sysext image.

This PR aims to bake k0s as a systemd sysext and also provide a systemd unit file to manage k0s.

How to use

[ describe what reviewers need to do in order to validate this PR ]

Testing done

[Describe the testing you have done before submitting this PR. Please include both the commands you issued as well as the output you got.]

• Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
• Inspected CI output for image differences: /boot and /usr size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.

[mnbro]

@tormath1 Can you please take a look and see if we can merge this?

After this is merged it would be nice to align k0s with the latest releases in the same way it was implemented for k3s in #98

[tormath1]

Thanks for the PR, some feedback:

• do you want some units to be started when the sysext is loaded? If yes, you might need to add this kind of command:

  sysext-bakery/create_containerd_sysext.sh

  Lines 69 to 70 in 045a4f9

  	mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d"
  	{ echo "[Unit]"; echo "Upholds=containerd.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-containerd-service.conf"

• could you write some documentation on how to use this sysext (e.g does it need provisioning with Ignition to create files / enable units / etc.)

[tormath1]

I think we can just set the correct ARCH and only assign one URL. Something like that:

Suggested change

	# The github release uses different arch identifiers, we map them here
	# and rely on bake.sh to map them back to what systemd expects
	if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
	URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-amd64"
	elif [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "aarch64" ]; then
	URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-arm64"
	fi
	# The github release uses different arch identifiers, we map them here
	# and rely on bake.sh to map them back to what systemd expects
	if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
	ARCH="amd64"
	fi
	if [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "aarch64" ]; then
	ARCH="arm64"
	fi
	URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-${ARCH}"

[tormath1]

Suggested change

	cat > "${SYSEXTNAME}"/etc/systemd/system/k0s.service << EOF
	cat > "${SYSEXTNAME}"/usr/local/lib/systemd/system/k0s.service << EOF

/etc content is not applied when the sysext is merged to the OS (only /usr and /opt).

[tormath1]

Suggested change

	cat > "${SYSEXTNAME}"/etc/systemd/system/k0scontroller.service << EOF
	cat > "${SYSEXTNAME}"/usr/local/lib/systemd/system/k0scontroller.service << EOF

Same as above.

[tormath1]

Same as above.

[mnbro]

Thanks for the PR, some feedback:

• do you want some units to be started when the sysext is loaded? If yes, you might need to add this kind of command:

  sysext-bakery/create_containerd_sysext.sh

  Lines 69 to 70 in 045a4f9

  	mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d"
  	{ echo "[Unit]"; echo "Upholds=containerd.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-containerd-service.conf"

There will be no systemd units automatically enabled. As will be written in the documentation:
i. choosing the embedded components of k0s will lead to some systemd units being enabled by the user(via Ignition) -> (k0s.service for controllers and k0sworker.service for workers )

ii. not opting for k0s embedded componets will lead to other systemd units being enabled by the user(via Ignition) ->(k0scontroller.service for controllers and k0sworker.service for workers)

• could you write some documentation on how to use this sysext (e.g does it need provisioning with Ignition to create files / enable units / etc.)

Ok

[mnbro]

@tormath1 I've committed the requested changes. Please take a look.

[tormath1]

Suggested change

	After you enable k0s syext following the guide deacribed on Consuming the published images, follow the next steps:
	After you enabled k0s sysext following the guide described on consuming the published images, follow the next steps:

[tormath1]

This file needs to be pushed with executable mode:

diff --git a/create_k0s_sysext.sh b/create_k0s_sysext.sh
old mode 100644
new mode 100755

[tormath1]

This won't work:

./create_k0s_sysext.sh: line 41: CRI_SOCKET: unbound variable

You need to escape those values (individually or globally with \EOF)

[tormath1]

Suggested change

	ExecStart=/bin/sh -c '[ -n "${CRI_SOCKET}" ] && exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml --cri-socket=${CRI_SOCKET} || exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml'
	ExecStart=/bin/sh -c '[ -n "${CRI_SOCKET}" ] && exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml --cri-socket="${CRI_SOCKET}" || exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml'

(Same for the other units)

[tormath1]

Suggested change

	ExecStart=/usr/local/bin/k0s worker --cri-socket=$CRI_SOCKET --token-file=/etc/k0s/worker-token
	ExecStart=/usr/local/bin/k0s worker --cri-socket="${CRI_SOCKET}" --token-file=/etc/k0s/worker-token

[tormath1]

Is this mandatory? One might not know by advance the private IP address.

[tormath1]

1. Who's supposed to generate this /etc/k0s/controller-token ?

Should we start the k0s.service before ? If yes, it should be documented.

[mnbro]

Adding k0s as a systemdsysext will brake k0sctl.