Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bake k0s as a systemd sysext image. #99

Closed
wants to merge 3 commits into from
Closed

Bake k0s as a systemd sysext image. #99

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
daa5dd6
Add create_k0s_sysext.sh
mnbro Nov 21, 2024
e0a5e34
Add create_k0s_sysext.sh, fix1
mnbro Nov 25, 2024
18b991e
Add documentation
mnbro Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
127 changes: 127 additions & 0 deletions create_k0s_sysext.sh
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file needs to be pushed with executable mode:

diff --git a/create_k0s_sysext.sh b/create_k0s_sysext.sh
old mode 100644
new mode 100755

Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
#!/usr/bin/env bash
set -euo pipefail

export ARCH="${ARCH-x86-64}"
SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")"

if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 VERSION SYSEXTNAME"
echo "The script will download the k0s binary (e.g., for v1.31.2+k0s.0) and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder."
echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again."
echo "All files in the sysext image will be owned by root."
echo "To use arm64 pass 'ARCH=arm64' as environment variable (current value is '${ARCH}')."
"${SCRIPTFOLDER}"/bake.sh --help
exit 1
fi

VERSION="$1"
SYSEXTNAME="$2"

# The github release uses different arch identifiers, we map them here
# and rely on bake.sh to map them back to what systemd expects
if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-amd64"
elif [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "aarch64" ]; then
URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-arm64"
fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can just set the correct ARCH and only assign one URL. Something like that:

Suggested change
# The github release uses different arch identifiers, we map them here
# and rely on bake.sh to map them back to what systemd expects
if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-amd64"
elif [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "aarch64" ]; then
URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-arm64"
fi
# The github release uses different arch identifiers, we map them here
# and rely on bake.sh to map them back to what systemd expects
if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
ARCH="amd64"
fi
if [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "aarch64" ]; then
ARCH="arm64"
fi
URL="https://github.com/k0sproject/k0s/releases/download/${VERSION}/k0s-${VERSION}-${ARCH}"


rm -rf "${SYSEXTNAME}"
mkdir -p "${SYSEXTNAME}"/usr/local/bin
curl -o "${SYSEXTNAME}/usr/local/bin/k0s" -fsSL "${URL}"
chmod +x "${SYSEXTNAME}"/usr/local/bin/k0s
pushd "${SYSEXTNAME}"/usr/local/bin/
ln -s ./k0s kubectl
ln -s ./k0s ctr
popd

mkdir -p "${SYSEXTNAME}"/usr/local/lib/systemd/system/
cat > "${SYSEXTNAME}"/etc/systemd/system/k0s.service << EOF
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cat > "${SYSEXTNAME}"/etc/systemd/system/k0s.service << EOF
cat > "${SYSEXTNAME}"/usr/local/lib/systemd/system/k0s.service << EOF

/etc content is not applied when the sysext is merged to the OS (only /usr and /opt).

[Unit]
Description=k0s - Init Controller / External ETCD Controller
Documentation=https://docs.k0sproject.io
ConditionFileIsExecutable=/usr/local/bin/k0s

Requires=containerd.service
Wants=network-online.target
After=network-online.target containerd.service

[Service]
EnvironmentFile=-/etc/default/k0s
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/bin/sh -c '[ -n "${CRI_SOCKET}" ] && exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml --cri-socket=${CRI_SOCKET} || exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml'
tormath1 marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work:

./create_k0s_sysext.sh: line 41: CRI_SOCKET: unbound variable

You need to escape those values (individually or globally with \EOF)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ExecStart=/bin/sh -c '[ -n "${CRI_SOCKET}" ] && exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml --cri-socket=${CRI_SOCKET} || exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml'
ExecStart=/bin/sh -c '[ -n "${CRI_SOCKET}" ] && exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml --cri-socket="${CRI_SOCKET}" || exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml'

(Same for the other units)


RestartSec=10
Delegate=yes
KillMode=process
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
LimitNOFILE=999999
Restart=always

[Install]
WantedBy=multi-user.target
EOF

cat > "${SYSEXTNAME}"/etc/systemd/system/k0scontroller.service << EOF
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cat > "${SYSEXTNAME}"/etc/systemd/system/k0scontroller.service << EOF
cat > "${SYSEXTNAME}"/usr/local/lib/systemd/system/k0scontroller.service << EOF

Same as above.

[Unit]
Description=k0s - Controller
Documentation=https://docs.k0sproject.io
ConditionFileIsExecutable=/usr/local/bin/k0s

Requires=containerd.service
Wants=network-online.target
After=network-online.target containerd.service

[Service]
EnvironmentFile=-/etc/default/k0s
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/bin/sh -c '[ -n "${CRI_SOCKET}" ] && exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml --cri-socket=${CRI_SOCKET} --token-file=/etc/k0s/controller-token|| exec /usr/local/bin/k0s controller --config=/etc/k0s/k0s.yaml --token-file=/etc/k0s/controller-token'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Who's supposed to generate this /etc/k0s/controller-token ?

Should we start the k0s.service before ? If yes, it should be documented.


RestartSec=10
Delegate=yes
KillMode=process
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
LimitNOFILE=999999
Restart=always

[Install]
WantedBy=multi-user.target
EOF

cat > "${SYSEXTNAME}"/etc/systemd/system/k0sworker.service << EOF
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above.

[Unit]
Description=k0s - Worker
Documentation=https://docs.k0sproject.io
ConditionFileIsExecutable=/usr/local/bin/k0s

Requires=containerd.service
Wants=network-online.target
After=network-online.target containerd.service

[Service]
EnvironmentFile=-/etc/default/k0s
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/bin/k0s worker --cri-socket=$CRI_SOCKET --token-file=/etc/k0s/worker-token
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ExecStart=/usr/local/bin/k0s worker --cri-socket=$CRI_SOCKET --token-file=/etc/k0s/worker-token
ExecStart=/usr/local/bin/k0s worker --cri-socket="${CRI_SOCKET}" --token-file=/etc/k0s/worker-token

ExecStart=/bin/sh -c '[ -n "${CRI_SOCKET}" ] && exec /usr/local/bin/k0s worker --cri-socket=${CRI_SOCKET} --token-file=/etc/k0s/worker-token|| exec /usr/local/bin/k0s worker --token-file=/etc/k0s/worker-token'

RestartSec=10
Delegate=yes
KillMode=process
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
LimitNOFILE=999999
Restart=always

[Install]
WantedBy=multi-user.target
EOF

RELOAD=1 "${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}"
rm -rf "${SYSEXTNAME}"