data/bootstrap: Pull content out of pkg/asset/ignition/bootstrap

It's easier for humans and linters to find this content if it's not hidden in Go variables. Since we're effectively pulling these files from Git now (either at build time or at run-time depending on release vs. dev mode in hack/build.sh), I'm being a bit more relaxed about file modes than the previous implementation. Files are now either 0555 (if they are in a 'bin' directory) or 0600 (if they aren't). This is a change for files like manifests.Manifests, which had previously been 0644. I've flattened the manifest overrides into a single directly, because the filenames are sufficient for sorting them by operator. And all of the override manifests now have their own comment explaining their target and eventual location.
wking · Nov 8, 2018 · 6c4160f · 6c4160f
1 parent e64a43d
commit 6c4160f
Show file tree

Hide file tree

Showing 18 changed files with 308 additions and 339 deletions.
diff --git a/...otstrap/files/opt/tectonic/bootkube-config-overrides/kube-apiserver-config-overrides.yaml b/...otstrap/files/opt/tectonic/bootkube-config-overrides/kube-apiserver-config-overrides.yaml
@@ -0,0 +1,4 @@
+apiVersion: kubecontrolplane.config.openshift.io/v1
+kind: KubeAPIServerConfig
+kubeletClientInfo:
+  ca: "" # kubelet uses self-signed serving certs. TODO: fix kubelet pki
diff --git a/...iles/opt/tectonic/bootkube-config-overrides/kube-controller-manager-config-overrides.yaml b/...iles/opt/tectonic/bootkube-config-overrides/kube-controller-manager-config-overrides.yaml
@@ -0,0 +1,2 @@
+apiVersion: kubecontrolplane.config.openshift.io/v1
+kind: KubeControllerManagerConfig
diff --git a/data/data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-daemonset.yaml b/data/data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-daemonset.yaml
@@ -0,0 +1,61 @@
+# This is needed by kube-proxy.
+# TODO: move to the networking operator renderer.
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: kube-proxy
+    tier: node
+  name: kube-proxy
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-proxy
+      tier: node
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-proxy
+        tier: node
+    spec:
+      containers:
+      - command:
+        - ./hyperkube
+        - proxy
+        - --cluster-cidr=10.3.0.0/16
+        - --hostname-override=$(NODE_NAME)
+        - --kubeconfig=/etc/kubernetes/kubeconfig
+        - --proxy-mode=iptables
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        image: quay.io/coreos/hyperkube:v1.9.3_coreos.0
+        name: kube-proxy
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /etc/ssl/certs
+          name: ssl-certs-host
+          readOnly: true
+        - mountPath: /etc/kubernetes
+          name: kubeconfig
+          readOnly: true
+      hostNetwork: true
+      serviceAccountName: kube-proxy
+      tolerations:
+      - operator: Exists
+      volumes:
+      - hostPath:
+          path: /etc/ssl/certs
+        name: ssl-certs-host
+      - name: kubeconfig
+        secret:
+          defaultMode: 420
+          secretName: kube-proxy-kubeconfig
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
diff --git a/...strap/files/opt/tectonic/manifest-overrides/kube-proxy-kube-system-rbac-role-binding.yaml b/...strap/files/opt/tectonic/manifest-overrides/kube-proxy-kube-system-rbac-role-binding.yaml
@@ -0,0 +1,14 @@
+# This is needed by kube-proxy.
+# TODO: move to the networking operator renderer.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:default-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kube-system
diff --git a/.../data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-kubeconfig.yaml.template b/.../data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-kubeconfig.yaml.template
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kube-proxy-kubeconfig
+  namespace: kube-system
+data:
+  kubeconfig: {{ .AdminKubeConfigBase64 }}
diff --git a/data/data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-role-binding.yaml b/data/data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-role-binding.yaml
@@ -0,0 +1,14 @@
+# This is needed by kube-proxy.
+# TODO: move to the networking operator renderer.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-proxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:node-proxier # Automatically created system role.
+subjects:
+- kind: ServiceAccount
+  name: kube-proxy
+  namespace: kube-system
diff --git a/data/data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-service-account.yaml b/data/data/bootstrap/files/opt/tectonic/manifest-overrides/kube-proxy-service-account.yaml
@@ -0,0 +1,7 @@
+# This is needed by kube-proxy.
+# TODO: move to the networking operator renderer.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: kube-system
+  name: kube-proxy
diff --git a/...et/ignition/bootstrap/content/bootkube.go → .../files/usr/local/bin/bootkube.sh.template b/...et/ignition/bootstrap/content/bootkube.go → .../files/usr/local/bin/bootkube.sh.template
@@ -1,32 +1,4 @@
-package content
-
-import (
-	"text/template"
-)
-
-const (
-	// BootkubeSystemdContents is a service for running bootkube on the bootstrap
-	// nodes
-	BootkubeSystemdContents = `
-[Unit]
-Description=Bootstrap a Kubernetes cluster
-Wants=kubelet.service
-After=kubelet.service
-ConditionPathExists=!/opt/tectonic/.bootkube.done
-
-[Service]
-WorkingDirectory=/opt/tectonic
-ExecStart=/usr/local/bin/bootkube.sh
-
-Restart=on-failure
-RestartSec=5s
-`
-)
-
-var (
-	// BootkubeShFileTemplate is a script file for running bootkube on the
-	// bootstrap nodes.
-	BootkubeShFileTemplate = template.Must(template.New("bootkube.sh").Parse(`#!/usr/bin/env bash
+#!/usr/bin/env bash
 set -e
 
 mkdir --parents /etc/kubernetes/{manifests,bootstrap-configs,bootstrap-manifests}
@@ -122,9 +94,9 @@ then
 	cp kube-scheduler-bootstrap/manifests/* manifests/
 fi
 
-# TODO: Remove this when kube-proxy is properly rendered by corresponding operator.
+# TODO: Remove this when manifest-overrides is empty.
 echo "Installing temporary bootstrap manifests..."
-cp kube-proxy-operator-bootstrap/* manifests/
+cp manifest-overrides/* manifests/
 
 if [ ! -d mco-bootstrap ]
 then
@@ -227,32 +199,3 @@ podman run \
 
 # Workaround for https://github.com/opencontainers/runc/pull/1807
 touch /opt/tectonic/.bootkube.done
-`))
-)
-
-var (
-	// BootkubeConfigOverrides contains the configuration override files passed to the render commands of the components.
-	// These are supposed to be customized by the installer where the config differs from the operator render default.
-	BootkubeConfigOverrides = []*template.Template{
-		KubeApiserverConfigOverridesTemplate,
-		KubeControllerManagerConfigOverridesTemplate,
-	}
-)
-
-var (
-	// KubeApiserverConfigOverridesTemplate are overrides that the installer passes to the default config of the
-	// kube-apiserver rendered by the cluster-kube-apiserver-operator.
-	KubeApiserverConfigOverridesTemplate = template.Must(template.New("kube-apiserver-config-overrides.yaml").Parse(`
-apiVersion: kubecontrolplane.config.openshift.io/v1
-kind: KubeAPIServerConfig
-kubeletClientInfo:
-  ca: "" # kubelet uses self-signed serving certs. TODO: fix kubelet pki
-`))
-
-	// KubeControllerManagerConfigOverridesTemplate are overrides that the installer passes to the default config of the
-	// kube-controller-manager rendered by the cluster-kube-controller-manager-operator.
-	KubeControllerManagerConfigOverridesTemplate = template.Must(template.New("kube-controller-manager-config-overrides.yaml").Parse(`
-apiVersion: kubecontrolplane.config.openshift.io/v1
-kind: KubeControllerManagerConfig
-`))
-)
diff --git a/data/data/bootstrap/files/usr/local/bin/report-progress.sh b/data/data/bootstrap/files/usr/local/bin/report-progress.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -e
+
+KUBECONFIG="${1}"
+NAME="${2}"
+MESSAGE="${3}"
+TIMESTAMP="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+
+echo "Reporting install progress..."
+
+oc --config="$KUBECONFIG" create -f - <<EOF
+apiVersion: v1
+kind: Event
+metadata:
+  name: "${NAME}"
+  namespace: kube-system
+involvedObject:
+  namespace: kube-system
+message: "${MESSAGE}"
+firstTimestamp: "${TIMESTAMP}"
+lastTimestamp: "${TIMESTAMP}"
+count: 1
+source:
+  component: cluster
+  host: $(hostname)
+EOF
diff --git a/...et/ignition/bootstrap/content/tectonic.go → ...bootstrap/files/usr/local/bin/tectonic.sh b/...et/ignition/bootstrap/content/tectonic.go → ...bootstrap/files/usr/local/bin/tectonic.sh
@@ -1,25 +1,4 @@
-package content
-
-const (
-	// TectonicSystemdContents is a service that runs tectonic on the masters.
-	TectonicSystemdContents = `
-[Unit]
-Description=Bootstrap a Tectonic cluster
-Wants=bootkube.service
-After=bootkube.service
-ConditionPathExists=!/opt/tectonic/.tectonic.done
-
-[Service]
-WorkingDirectory=/opt/tectonic/tectonic
-ExecStart=/usr/local/bin/tectonic.sh /opt/tectonic/auth/kubeconfig
-
-Restart=on-failure
-RestartSec=5s
-`
-
-	// TectonicShFileContents is a script file for running tectonic on bootstrap
-	// nodes.
-	TectonicShFileContents = `#!/usr/bin/env bash
+#!/usr/bin/env bash
 set -e
 
 KUBECONFIG="$1"
@@ -93,5 +72,3 @@ wait_for_pods tectonic-system
 touch /opt/tectonic/.tectonic.done
 
 echo "Tectonic installation is done"
-`
-)
diff --git a/data/data/bootstrap/systemd/units/bootkube.service b/data/data/bootstrap/systemd/units/bootkube.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Bootstrap a Kubernetes cluster
+Wants=kubelet.service
+After=kubelet.service
+ConditionPathExists=!/opt/tectonic/.bootkube.done
+
+[Service]
+WorkingDirectory=/opt/tectonic
+ExecStart=/usr/local/bin/bootkube.sh
+
+Restart=on-failure
+RestartSec=5s
diff --git a/...set/ignition/bootstrap/content/kubelet.go → ...ap/systemd/units/kubelet.service.template b/...set/ignition/bootstrap/content/kubelet.go → ...ap/systemd/units/kubelet.service.template
@@ -1,9 +1,3 @@
-package content
-
-var (
-	// KubeletSystemdContents is a service for running the kubelet on the
-	// bootstrap nodes.
-	KubeletSystemdContents = `
 [Unit]
 Description=Kubernetes Kubelet
 Wants=rpc-statd.service
@@ -36,5 +30,3 @@ RestartSec=10
 
 [Install]
 WantedBy=multi-user.target
-`
-)
diff --git a/data/data/bootstrap/systemd/units/progress.service b/data/data/bootstrap/systemd/units/progress.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Report the completion of the cluster bootstrap process
+# Workaround for https://github.com/systemd/systemd/issues/1312
+Wants=bootkube.service tectonic.service
+After=bootkube.service tectonic.service
+
+[Service]
+# Workaround for https://github.com/systemd/systemd/issues/1312 and https://github.com/opencontainers/runc/pull/1807
+ExecStartPre=/usr/bin/test -f /opt/tectonic/.bootkube.done
+ExecStartPre=/usr/bin/test -f /opt/tectonic/.tectonic.done
+ExecStart=/usr/local/bin/report-progress.sh /opt/tectonic/auth/kubeconfig bootstrap-complete "cluster bootstrapping has completed"
+
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/data/data/bootstrap/systemd/units/tectonic.service b/data/data/bootstrap/systemd/units/tectonic.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Bootstrap a Tectonic cluster
+Wants=bootkube.service
+After=bootkube.service
+ConditionPathExists=!/opt/tectonic/.tectonic.done
+
+[Service]
+WorkingDirectory=/opt/tectonic/tectonic
+ExecStart=/usr/local/bin/tectonic.sh /opt/tectonic/auth/kubeconfig
+
+Restart=on-failure
+RestartSec=5s
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		apiVersion: kubecontrolplane.config.openshift.io/v1
		kind: KubeControllerManagerConfig