diff --git a/.gen/pipeline/api/openapi.yaml b/.gen/pipeline/api/openapi.yaml index 3cf9733a..4ef699e5 100644 --- a/.gen/pipeline/api/openapi.yaml +++ b/.gen/pipeline/api/openapi.yaml @@ -23658,7 +23658,7 @@ components: type: string version: description: The Kubernetes version to use for your node pool. - example: 1.18.6 + example: 1.21.6 type: string spotPrice: description: The upper limit price for the requested spot instance. If this diff --git a/README.md b/README.md index a231849b..7e36fc1b 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ In order to run PKE, you need to meet the following requirements. #### Operating system -`pke` currently is available for CentOS 8.x, RHEL 8.x. and **Ubuntu 20.04 LTS**. +`pke` currently is available for AlmaLinux 8.x, RHEL 8.x. and **Ubuntu 20.04 LTS**. > We recommend using Ubuntu since it contains a much newer Kernel version. If you need support for an OS not listed above feel free to contact us. diff --git a/almalinux8-multi-upgrade.sh b/almalinux8-multi-upgrade.sh index d3b17df8..04bda9b4 100755 --- a/almalinux8-multi-upgrade.sh +++ b/almalinux8-multi-upgrade.sh @@ -3,7 +3,7 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.21.0}" +KUBERNETES_VERSION="${1:-v1.23.3}" # upgrade first master node echo "" diff --git a/almalinux8-multi.sh b/almalinux8-multi.sh index 281183be..723f6a78 100755 --- a/almalinux8-multi.sh +++ b/almalinux8-multi.sh @@ -6,7 +6,7 @@ jq --version || (echo "Please install jq command line tool. https://stedolan.git # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.20.6}" +KUBERNETES_VERSION="${1:-v1.22.6}" # install first master node echo "" diff --git a/almalinux8-single-upgrade.sh b/almalinux8-single-upgrade.sh index 3a1d5b0a..f4bdc6b5 100755 --- a/almalinux8-single-upgrade.sh +++ b/almalinux8-single-upgrade.sh @@ -3,6 +3,6 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.21.0}" +KUBERNETES_VERSION="${1:-v1.23.3}" vagrant ssh almalinux1 -c "sudo /banzaicloud/pke upgrade master --kubernetes-version='$KUBERNETES_VERSION'" diff --git a/almalinux8-single.sh b/almalinux8-single.sh index d54d3b6b..2b8e2d73 100755 --- a/almalinux8-single.sh +++ b/almalinux8-single.sh @@ -3,7 +3,7 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.20.6}" +KUBERNETES_VERSION="${1:-v1.22.6}" vagrant up almalinux1 vagrant ssh almalinux1 -c "sudo /scripts/pke-single.sh '$KUBERNETES_VERSION' '192.168.64.11:6443' containerd cilium" diff --git a/cmd/pke/app/config/default.go b/cmd/pke/app/config/default.go index 841a6073..70b11d21 100644 --- a/cmd/pke/app/config/default.go +++ b/cmd/pke/app/config/default.go @@ -14,7 +14,7 @@ package config -const DefaultKubernetesVersion = "1.19.10" +const DefaultKubernetesVersion = "1.22.1" func Default() Config { return Config{ diff --git a/cmd/pke/app/constants/constants.go b/cmd/pke/app/constants/constants.go index 4f1a1d72..e1f71e9e 100644 --- a/cmd/pke/app/constants/constants.go +++ b/cmd/pke/app/constants/constants.go @@ -126,9 +126,6 @@ const ( // FlagAdmissionPluginPodSecurityPolicy enable admission plugin PodSecurityPolicy. FlagAdmissionPluginPodSecurityPolicy = "with-plugin-psp" - // FlagNoAdmissionPluginDenyEscalatingExec disable admission plugin DenyEscalatingExec. - FlagNoAdmissionPluginDenyEscalatingExec = "without-plugin-deny-escalating-exec" - // FlagAuditLog enable audit log. FlagAuditLog = "without-audit-log" diff --git a/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.go b/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.go index cd94d199..f84a9e50 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.go @@ -505,12 +505,6 @@ func calicoTemplate() string { " metadata:\n" + " labels:\n" + " k8s-app: calico-node\n" + - " annotations:\n" + - " # This, along with the CriticalAddonsOnly toleration below,\n" + - " # marks the pod as a critical add-on, ensuring it gets\n" + - " # priority scheduling and that its resources are reserved\n" + - " # if it ever gets evicted.\n" + - " scheduler.alpha.kubernetes.io/critical-pod: ''\n" + " spec:\n" + " nodeSelector:\n" + " beta.kubernetes.io/os: linux\n" + @@ -756,8 +750,6 @@ func calicoTemplate() string { " namespace: kube-system\n" + " labels:\n" + " k8s-app: calico-kube-controllers\n" + - " annotations:\n" + - " scheduler.alpha.kubernetes.io/critical-pod: ''\n" + " spec:\n" + " nodeSelector:\n" + " beta.kubernetes.io/os: linux\n" + diff --git a/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.tmpl b/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.tmpl index 96614a89..b342552e 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.tmpl +++ b/cmd/pke/app/phases/kubeadm/controlplane/calico.yaml.tmpl @@ -487,12 +487,6 @@ spec: metadata: labels: k8s-app: calico-node - annotations: - # This, along with the CriticalAddonsOnly toleration below, - # marks the pod as a critical add-on, ensuring it gets - # priority scheduling and that its resources are reserved - # if it ever gets evicted. - scheduler.alpha.kubernetes.io/critical-pod: '' spec: nodeSelector: beta.kubernetes.io/os: linux @@ -738,8 +732,6 @@ spec: namespace: kube-system labels: k8s-app: calico-kube-controllers - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: nodeSelector: beta.kubernetes.io/os: linux diff --git a/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.go b/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.go index 89d01de4..5606d13d 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.go @@ -19,20 +19,19 @@ func certificateAutoApproverTemplate() string { var tmpl = "apiVersion: v1\n" + "kind: ServiceAccount\n" + "metadata:\n" + - " name: auto-approver\n" + + " name: kubelet-csr-approver\n" + " namespace: kube-system\n" + "---\n" + "apiVersion: rbac.authorization.k8s.io/v1\n" + "kind: ClusterRole\n" + "metadata:\n" + - " name: auto-approver\n" + + " name: kubelet-csr-approver\n" + "rules:\n" + "- apiGroups:\n" + " - certificates.k8s.io\n" + " resources:\n" + " - certificatesigningrequests\n" + " verbs:\n" + - " - delete\n" + " - get\n" + " - list\n" + " - watch\n" + @@ -41,70 +40,82 @@ func certificateAutoApproverTemplate() string { " resources:\n" + " - certificatesigningrequests/approval\n" + " verbs:\n" + - " - create\n" + " - update\n" + "- apiGroups:\n" + " - certificates.k8s.io\n" + - " resources:\n" + - " - signers\n" + " resourceNames:\n" + " - kubernetes.io/kubelet-serving\n" + - " - kubernetes.io/kube-apiserver-client-kubelet\n" + - " verbs:\n" + - " - approve\n" + - "- apiGroups:\n" + - " - authorization.k8s.io\n" + " resources:\n" + - " - subjectaccessreviews\n" + + " - signers\n" + " verbs:\n" + - " - create\n" + + " - approve\n" + "---\n" + - "kind: ClusterRoleBinding\n" + "apiVersion: rbac.authorization.k8s.io/v1\n" + + "kind: ClusterRoleBinding\n" + "metadata:\n" + - " name: auto-approver\n" + - "subjects:\n" + - "- kind: ServiceAccount\n" + + " name: kubelet-csr-approver\n" + " namespace: kube-system\n" + - " name: auto-approver\n" + "roleRef:\n" + - " kind: ClusterRole\n" + - " name: auto-approver\n" + " apiGroup: rbac.authorization.k8s.io\n" + + " kind: ClusterRole\n" + + " name: kubelet-csr-approver\n" + + "subjects:\n" + + "- kind: ServiceAccount\n" + + " name: kubelet-csr-approver\n" + + " namespace: kube-system\n" + "---\n" + "apiVersion: apps/v1\n" + "kind: Deployment\n" + "metadata:\n" + - " name: auto-approver\n" + + " name: kubelet-csr-approver\n" + " namespace: kube-system\n" + "spec:\n" + - " replicas: 1\n" + " selector:\n" + " matchLabels:\n" + - " name: auto-approver\n" + + " app: kubelet-csr-approver\n" + " template:\n" + " metadata:\n" + + " annotations:\n" + + " prometheus.io/port: '8080'\n" + + " prometheus.io/scrape: 'true'\n" + " labels:\n" + - " name: auto-approver\n" + + " app: kubelet-csr-approver\n" + " spec:\n" + - " serviceAccountName: auto-approver\n" + - " tolerations:\n" + - " - effect: NoSchedule\n" + - " operator: Exists\n" + + " serviceAccountName: kubelet-csr-approver\n" + " priorityClassName: system-cluster-critical\n" + " containers:\n" + - " - name: auto-approver\n" + - " image: {{ .ImageRepository }}/auto-approver:0.1.0\n" + - " imagePullPolicy: Always\n" + + " - name: kubelet-csr-approver\n" + + " {{ if ne .ImageRepository \"banzaicloud\" }}\n" + + " image: \"{{ .ImageRepository }}/kubelet-csr-approver:v0.1.2\"\n" + + " {{ else }}\n" + + " image: \"postfinance/kubelet-csr-approver:v0.1.2\"\n" + + " {{ end }}\n" + + " resources:\n" + + " limits:\n" + + " memory: \"128Mi\"\n" + + " cpu: \"500m\"\n" + + " args:\n" + + " - -metrics-bind-address\n" + + " - \":8080\"\n" + + " - -health-probe-bind-address\n" + + " - \":8081\"\n" + + " livenessProbe:\n" + + " httpGet:\n" + + " path: /healthz\n" + + " port: 8081\n" + " env:\n" + - " - name: WATCH_NAMESPACE\n" + - " value: \"\"\n" + - " - name: POD_NAME\n" + - " valueFrom:\n" + - " fieldRef:\n" + - " fieldPath: metadata.name\n" + - " - name: OPERATOR_NAME\n" + - " value: \"auto-approver\"\n" + - "" + " - name: PROVIDER_REGEX\n" + + " value: \\w*\n" + + " - name: MAX_EXPIRATION_SECONDS\n" + + " value: '31622400' # 366 days\n" + + " - name: BYPASS_DNS_RESOLUTION\n" + + " value: 'true'\n" + + " tolerations:\n" + + " - effect: NoSchedule\n" + + " key: node-role.kubernetes.io/master\n" + + " operator: Equal\n" + + " - effect: NoSchedule\n" + + " key: node-role.kubernetes.io/control-plane\n" + + " operator: Equal" return tmpl } diff --git a/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.tmpl b/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.tmpl index f203a1d4..408c1731 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.tmpl +++ b/cmd/pke/app/phases/kubeadm/controlplane/certificate_auto_approver.yaml.tmpl @@ -1,20 +1,19 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: auto-approver + name: kubelet-csr-approver namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: auto-approver + name: kubelet-csr-approver rules: - apiGroups: - certificates.k8s.io resources: - certificatesigningrequests verbs: - - delete - get - list - watch @@ -23,67 +22,80 @@ rules: resources: - certificatesigningrequests/approval verbs: - - create - update - apiGroups: - certificates.k8s.io - resources: - - signers resourceNames: - kubernetes.io/kubelet-serving - - kubernetes.io/kube-apiserver-client-kubelet - verbs: - - approve -- apiGroups: - - authorization.k8s.io resources: - - subjectaccessreviews + - signers verbs: - - create + - approve --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: auto-approver -subjects: -- kind: ServiceAccount + name: kubelet-csr-approver namespace: kube-system - name: auto-approver roleRef: - kind: ClusterRole - name: auto-approver apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubelet-csr-approver +subjects: +- kind: ServiceAccount + name: kubelet-csr-approver + namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: - name: auto-approver + name: kubelet-csr-approver namespace: kube-system spec: - replicas: 1 selector: matchLabels: - name: auto-approver + app: kubelet-csr-approver template: metadata: + annotations: + prometheus.io/port: '8080' + prometheus.io/scrape: 'true' labels: - name: auto-approver + app: kubelet-csr-approver spec: - serviceAccountName: auto-approver - tolerations: - - effect: NoSchedule - operator: Exists + serviceAccountName: kubelet-csr-approver priorityClassName: system-cluster-critical containers: - - name: auto-approver - image: {{ .ImageRepository }}/auto-approver:0.1.0 - imagePullPolicy: Always + - name: kubelet-csr-approver + {{ if ne .ImageRepository "banzaicloud" }} + image: "{{ .ImageRepository }}/kubelet-csr-approver:v0.1.2" + {{ else }} + image: "postfinance/kubelet-csr-approver:v0.1.2" + {{ end }} + resources: + limits: + memory: "128Mi" + cpu: "500m" + args: + - -metrics-bind-address + - ":8080" + - -health-probe-bind-address + - ":8081" + livenessProbe: + httpGet: + path: /healthz + port: 8081 env: - - name: WATCH_NAMESPACE - value: "" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "auto-approver" + - name: PROVIDER_REGEX + value: \w* + - name: MAX_EXPIRATION_SECONDS + value: '31622400' # 366 days + - name: BYPASS_DNS_RESOLUTION + value: 'true' + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Equal + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Equal \ No newline at end of file diff --git a/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.go b/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.go index d3c7f7d8..36800fbe 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.go @@ -393,11 +393,6 @@ func ciliumTemplate() string { " template:\n" + " metadata:\n" + " annotations:\n" + - " # This annotation plus the CriticalAddonsOnly toleration makes\n" + - " # cilium to be a critical pod in the cluster, which ensures cilium\n" + - " # gets priority scheduling.\n" + - " # https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/\n" + - " scheduler.alpha.kubernetes.io/critical-pod: \"\"\n" + " labels:\n" + " k8s-app: cilium\n" + " spec:\n" + @@ -484,11 +479,11 @@ func ciliumTemplate() string { " key: custom-cni-conf\n" + " name: cilium-config\n" + " optional: true\n" + - " {{if .UseImageRepositoryToK8s}}\n" + + " {{ if ne .ImageRepository \"banzaicloud\" }}\n" + " image: \"{{ .ImageRepository }}/cilium:v1.9.1\"\n" + - " {{else}}\n" + - " image: \"cilium/cilium:v1.9.1\"\n" + - " {{end}}\n" + + " {{ else }}\n" + + " image: \"cilium/cilium:{{ .Version }}\"\n" + + " {{ end }}\n" + " imagePullPolicy: IfNotPresent\n" + " lifecycle:\n" + " postStart:\n" + @@ -551,11 +546,11 @@ func ciliumTemplate() string { " key: wait-bpf-mount\n" + " name: cilium-config\n" + " optional: true\n" + - " {{if .UseImageRepositoryToK8s}}\n" + - " image: \"{{ .ImageRepository }}/cilium:v1.9.1\"\n" + - " {{else}}\n" + - " image: \"cilium/cilium:v1.9.1\"\n" + - " {{end}}\n" + + " {{ if ne .ImageRepository \"banzaicloud\" }}\n" + + " image: \"{{ .ImageRepository }}/cilium:{{ .Version }}\"\n" + + " {{ else }}\n" + + " image: \"cilium/cilium:{{ .Version }}\"\n" + + " {{ end }}\n" + " imagePullPolicy: IfNotPresent\n" + " name: clean-cilium-state\n" + " securityContext:\n" + @@ -690,11 +685,11 @@ func ciliumTemplate() string { " key: debug\n" + " name: cilium-config\n" + " optional: true\n" + - " {{if .UseImageRepositoryToK8s}}\n" + - " image: \"{{ .ImageRepository }}/cilium-operator:v1.9.1\"\n" + - " {{else}} \n" + - " image: \"cilium/operator:v1.9.1\"\n" + - " {{end}}\n" + + " {{ if ne .ImageRepository \"banzaicloud\" }}\n" + + " image: \"{{ .ImageRepository }}/cilium-operator:{{ .Version }}\"\n" + + " {{ else }}\n" + + " image: \"cilium/operator:{{ .Version }}\"\n" + + " {{ end }}\n" + " imagePullPolicy: IfNotPresent\n" + " name: cilium-operator\n" + " livenessProbe:\n" + diff --git a/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.tmpl b/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.tmpl index 29fc85a6..3fee129f 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.tmpl +++ b/cmd/pke/app/phases/kubeadm/controlplane/cilium.yaml.tmpl @@ -375,11 +375,6 @@ spec: template: metadata: annotations: - # This annotation plus the CriticalAddonsOnly toleration makes - # cilium to be a critical pod in the cluster, which ensures cilium - # gets priority scheduling. - # https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ - scheduler.alpha.kubernetes.io/critical-pod: "" labels: k8s-app: cilium spec: @@ -466,11 +461,11 @@ spec: key: custom-cni-conf name: cilium-config optional: true - {{if .UseImageRepositoryToK8s}} + {{ if ne .ImageRepository "banzaicloud" }} image: "{{ .ImageRepository }}/cilium:v1.9.1" - {{else}} - image: "cilium/cilium:v1.9.1" - {{end}} + {{ else }} + image: "cilium/cilium:{{ .Version }}" + {{ end }} imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -533,11 +528,11 @@ spec: key: wait-bpf-mount name: cilium-config optional: true - {{if .UseImageRepositoryToK8s}} - image: "{{ .ImageRepository }}/cilium:v1.9.1" - {{else}} - image: "cilium/cilium:v1.9.1" - {{end}} + {{ if ne .ImageRepository "banzaicloud" }} + image: "{{ .ImageRepository }}/cilium:{{ .Version }}" + {{ else }} + image: "cilium/cilium:{{ .Version }}" + {{ end }} imagePullPolicy: IfNotPresent name: clean-cilium-state securityContext: @@ -672,11 +667,11 @@ spec: key: debug name: cilium-config optional: true - {{if .UseImageRepositoryToK8s}} - image: "{{ .ImageRepository }}/cilium-operator:v1.9.1" - {{else}} - image: "cilium/operator:v1.9.1" - {{end}} + {{ if ne .ImageRepository "banzaicloud" }} + image: "{{ .ImageRepository }}/cilium-operator:{{ .Version }}" + {{ else }} + image: "cilium/operator:{{ .Version }}" + {{ end }} imagePullPolicy: IfNotPresent name: cilium-operator livenessProbe: diff --git a/cmd/pke/app/phases/kubeadm/controlplane/controlplane.go b/cmd/pke/app/phases/kubeadm/controlplane/controlplane.go index 54a5ff73..c4b0aa28 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/controlplane.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/controlplane.go @@ -108,8 +108,6 @@ type ControlPlane struct { imageRepository string useImageRepositoryToK8s bool withPluginPSP bool - withoutPluginDenyEscalatingExec bool - useHyperKubeImage bool withoutAuditLog bool node *node.Node azureTenantID string @@ -201,8 +199,6 @@ func (c *ControlPlane) RegisterFlags(flags *pflag.FlagSet) { flags.Bool(constants.FlagUseImageRepositoryToK8s, false, "Use defined image repository for K8s Images as well") // PodSecurityPolicy admission plugin flags.Bool(constants.FlagAdmissionPluginPodSecurityPolicy, false, "Enable PodSecurityPolicy admission plugin") - // DenyEscalatingExec admission plugin - flags.Bool(constants.FlagNoAdmissionPluginDenyEscalatingExec, false, "Disable DenyEscalatingExec admission plugin") // AuditLog enable flags.Bool(constants.FlagAuditLog, false, "Disable apiserver audit log") @@ -509,7 +505,9 @@ func (c *ControlPlane) Run(out io.Writer) error { if c.clusterMode == singleMode { single = true } - if err := installCilium(out, kubeConfig, c.podNetworkCIDR, c.imageRepository, c.useImageRepositoryToK8s, c.mtu, single); err != nil { + // TODO get cilium version from flag + version := "v1.11.1" + if err := installCilium(out, kubeConfig, c.podNetworkCIDR, c.imageRepository, version, c.mtu, single); err != nil { return err } } @@ -651,10 +649,6 @@ func (c *ControlPlane) masterBootstrapParameters(cmd *cobra.Command) (err error) if err != nil { return } - c.withoutPluginDenyEscalatingExec, err = cmd.Flags().GetBool(constants.FlagNoAdmissionPluginDenyEscalatingExec) - if err != nil { - return - } c.withoutAuditLog, err = cmd.Flags().GetBool(constants.FlagAuditLog) if err != nil { return @@ -954,7 +948,7 @@ func installWeave(out io.Writer, cloudProvider, podNetworkCIDR, kubeConfig strin //go:generate templify -t ${GOTMPL} -p controlplane -f cilium cilium.yaml.tmpl //go:generate templify -t ${GOTMPL} -p controlplane -f ciliumSysFsBpf cilium_sys_fs_bpf.mount.tmpl -func installCilium(out io.Writer, kubeConfig, podNetworkCIDR, imageRepository string, useImageRepositoryToK8s bool, mtu uint, single bool) error { +func installCilium(out io.Writer, kubeConfig, podNetworkCIDR, imageRepository, version string, mtu uint, single bool) error { if _, err := os.Stat("/sys/fs/bpf"); err != nil { // Mounting BPF filesystem if err := file.Overwrite(ciliumBpfMountSystemd, ciliumSysFsBpfTemplate()); err != nil { @@ -976,13 +970,14 @@ func installCilium(out io.Writer, kubeConfig, podNetworkCIDR, imageRepository st ImageRepository string PodCIDR string Single bool + Version string } d := data{ - UseImageRepositoryToK8s: useImageRepositoryToK8s, - ImageRepository: imageRepository, - PodCIDR: podNetworkCIDR, - Single: single, + ImageRepository: imageRepository, + PodCIDR: podNetworkCIDR, + Single: single, + Version: version, } var b bytes.Buffer diff --git a/cmd/pke/app/phases/kubeadm/controlplane/controlplane_test.go b/cmd/pke/app/phases/kubeadm/controlplane/controlplane_test.go index 8255924e..240c2dbb 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/controlplane_test.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/controlplane_test.go @@ -31,21 +31,20 @@ func TestWriteKubeadmConfig(t *testing.T) { t.Log(filename) c := &ControlPlane{ - advertiseAddress: "192.168.64.11:6443", - apiServerHostPort: "192.168.64.11:6443", - kubeletCertificateAuthority: "/etc/kubernetes/pki/ca.crt", - clusterName: "my-cluster", - kubernetesVersion: "1.21.0", - serviceCIDR: "10.32.0.0/24", - podNetworkCIDR: "10.200.0.0/16", - cloudProvider: constants.CloudProviderAmazon, - nodepool: "pool1", - controllerManagerSigningCA: "/etc/kubernetes/pki/cm-signing-ca.crt", - apiServerCertSANs: []string{"almafa", "vadkorte"}, - withPluginPSP: true, - withoutPluginDenyEscalatingExec: false, - taints: []string{"node-role.kubernetes.io/master:NoSchedule"}, - withoutAuditLog: false, + advertiseAddress: "192.168.64.11:6443", + apiServerHostPort: "192.168.64.11:6443", + kubeletCertificateAuthority: "/etc/kubernetes/pki/ca.crt", + clusterName: "my-cluster", + kubernetesVersion: "1.21.0", + serviceCIDR: "10.32.0.0/24", + podNetworkCIDR: "10.200.0.0/16", + cloudProvider: constants.CloudProviderAmazon, + nodepool: "pool1", + controllerManagerSigningCA: "/etc/kubernetes/pki/cm-signing-ca.crt", + apiServerCertSANs: []string{"almafa", "vadkorte"}, + withPluginPSP: true, + taints: []string{"node-role.kubernetes.io/master:NoSchedule"}, + withoutAuditLog: false, } err := c.WriteKubeadmConfig(os.Stdout, filename) diff --git a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm.go b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm.go index cd6923d2..1287415b 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm.go @@ -34,6 +34,7 @@ import ( ) //go:generate templify -t ${GOTMPL} -p controlplane -f kubeadmConfigV1Beta2 kubeadm_v1beta2.yaml.tmpl +//go:generate templify -t ${GOTMPL} -p controlplane -f kubeadmConfigV1Beta3 kubeadm_v1beta3.yaml.tmpl func (c ControlPlane) WriteKubeadmConfig(out io.Writer, filename string) error { // API server advertisement @@ -68,6 +69,9 @@ func (c ControlPlane) WriteKubeadmConfig(out io.Writer, filename string) error { case 19, 20, 21: // see https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2 conf = kubeadmConfigV1Beta2Template() + case 22, 23: + // see https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3 + conf = kubeadmConfigV1Beta3Template() default: return errors.New(fmt.Sprintf("unsupported Kubernetes version %q for kubeadm", c.kubernetesVersion)) } @@ -108,40 +112,38 @@ func (c ControlPlane) WriteKubeadmConfig(out io.Writer, filename string) error { } type data struct { - APIServerAdvertiseAddress string - APIServerBindPort string - CRISocket string - ControlPlaneEndpoint string - APIServerCertSANs []string - KubeletCertificateAuthority string - AdmissionConfig string - ClusterName string - KubernetesVersion string - UseHyperKubeImage bool - ServiceCIDR string - PodCIDR string - CloudProvider string - CloudConfig bool - KubeletCloudConfig bool - NodeLabels string - ControllerManagerSigningCA string - OIDCIssuerURL string - OIDCClientID string - ImageRepository string - EncryptionProviderPrefix string - WithPluginPSP bool - WithoutPluginDenyEscalatingExec bool - WithAuditLog bool - Taints []kubernetes.Taint - AuditLogDir string - AuditPolicyFile string - EtcdEndpoints []string - EtcdCAFile string - EtcdCertFile string - EtcdKeyFile string - EtcdPrefix string - KubeReservedCPU string - KubeReservedMemory string + APIServerAdvertiseAddress string + APIServerBindPort string + CRISocket string + ControlPlaneEndpoint string + APIServerCertSANs []string + KubeletCertificateAuthority string + AdmissionConfig string + ClusterName string + KubernetesVersion string + ServiceCIDR string + PodCIDR string + CloudProvider string + CloudConfig bool + KubeletCloudConfig bool + NodeLabels string + ControllerManagerSigningCA string + OIDCIssuerURL string + OIDCClientID string + ImageRepository string + EncryptionProviderPrefix string + WithPluginPSP bool + WithAuditLog bool + Taints []kubernetes.Taint + AuditLogDir string + AuditPolicyFile string + EtcdEndpoints []string + EtcdCAFile string + EtcdCertFile string + EtcdKeyFile string + EtcdPrefix string + KubeReservedCPU string + KubeReservedMemory string } imageRepository := "k8s.gcr.io" @@ -150,40 +152,38 @@ func (c ControlPlane) WriteKubeadmConfig(out io.Writer, filename string) error { } d := data{ - APIServerAdvertiseAddress: c.advertiseAddress, - APIServerBindPort: bindPort, - CRISocket: cri.GetCRISocket(c.containerRuntime), - ControlPlaneEndpoint: c.apiServerHostPort, - APIServerCertSANs: c.apiServerCertSANs, - KubeletCertificateAuthority: c.kubeletCertificateAuthority, - AdmissionConfig: admissionConfig, - ClusterName: c.clusterName, - KubernetesVersion: c.kubernetesVersion, - UseHyperKubeImage: c.useHyperKubeImage, - ServiceCIDR: c.serviceCIDR, - PodCIDR: c.podNetworkCIDR, - CloudProvider: c.cloudProvider, - CloudConfig: cloudConfig, - KubeletCloudConfig: kubeletCloudConfig, - NodeLabels: strings.Join(nodeLabels, ","), - ControllerManagerSigningCA: c.controllerManagerSigningCA, - OIDCIssuerURL: c.oidcIssuerURL, - OIDCClientID: c.oidcClientID, - ImageRepository: imageRepository, - EncryptionProviderPrefix: encryptionProviderPrefix, - WithPluginPSP: c.withPluginPSP, - WithoutPluginDenyEscalatingExec: c.withoutPluginDenyEscalatingExec, - WithAuditLog: !c.withoutAuditLog, - Taints: taints, - AuditLogDir: auditLogDir, - AuditPolicyFile: auditPolicyFile, - EtcdEndpoints: c.etcdEndpoints, - EtcdCAFile: c.etcdCAFile, - EtcdCertFile: c.etcdCertFile, - EtcdKeyFile: c.etcdKeyFile, - EtcdPrefix: c.etcdPrefix, - KubeReservedCPU: kubeReservedCPU, - KubeReservedMemory: kubeReservedMemory, + APIServerAdvertiseAddress: c.advertiseAddress, + APIServerBindPort: bindPort, + CRISocket: cri.GetCRISocket(c.containerRuntime), + ControlPlaneEndpoint: c.apiServerHostPort, + APIServerCertSANs: c.apiServerCertSANs, + KubeletCertificateAuthority: c.kubeletCertificateAuthority, + AdmissionConfig: admissionConfig, + ClusterName: c.clusterName, + KubernetesVersion: c.kubernetesVersion, + ServiceCIDR: c.serviceCIDR, + PodCIDR: c.podNetworkCIDR, + CloudProvider: c.cloudProvider, + CloudConfig: cloudConfig, + KubeletCloudConfig: kubeletCloudConfig, + NodeLabels: strings.Join(nodeLabels, ","), + ControllerManagerSigningCA: c.controllerManagerSigningCA, + OIDCIssuerURL: c.oidcIssuerURL, + OIDCClientID: c.oidcClientID, + ImageRepository: imageRepository, + EncryptionProviderPrefix: encryptionProviderPrefix, + WithPluginPSP: c.withPluginPSP, + WithAuditLog: !c.withoutAuditLog, + Taints: taints, + AuditLogDir: auditLogDir, + AuditPolicyFile: auditPolicyFile, + EtcdEndpoints: c.etcdEndpoints, + EtcdCAFile: c.etcdCAFile, + EtcdCertFile: c.etcdCertFile, + EtcdKeyFile: c.etcdKeyFile, + EtcdPrefix: c.etcdPrefix, + KubeReservedCPU: kubeReservedCPU, + KubeReservedMemory: kubeReservedMemory, } return file.WriteTemplate(filename, tmpl, d) diff --git a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.go b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.go index 176f2039..ebba3b8d 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.go @@ -48,7 +48,6 @@ func kubeadmConfigV1Beta2Template() string { "kind: ClusterConfiguration\n" + "clusterName: \"{{ .ClusterName }}\"\n" + "imageRepository: {{ .ImageRepository }}\n" + - "{{ if .UseHyperKubeImage }}useHyperKubeImage: true{{end}}\n" + "networking:\n" + " serviceSubnet: \"{{ .ServiceCIDR }}\"\n" + " podSubnet: \"{{ .PodCIDR }}\"\n" + diff --git a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.tmpl b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.tmpl index f6eaf189..651f6629 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.tmpl +++ b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta2.yaml.tmpl @@ -30,7 +30,6 @@ apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration clusterName: "{{ .ClusterName }}" imageRepository: {{ .ImageRepository }} -{{ if .UseHyperKubeImage }}useHyperKubeImage: true{{end}} networking: serviceSubnet: "{{ .ServiceCIDR }}" podSubnet: "{{ .PodCIDR }}" diff --git a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta3.yaml.go b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta3.yaml.go new file mode 100644 index 00000000..d324f80f --- /dev/null +++ b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta3.yaml.go @@ -0,0 +1,162 @@ +// Copyright © 2019 Banzai Cloud +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package controlplane + +// kubeadmConfigV1Beta3Template is a generated function returning the template as a string. +func kubeadmConfigV1Beta3Template() string { + var tmpl = "apiVersion: kubeadm.k8s.io/v1beta3\n" + + "kind: InitConfiguration\n" + + "{{ if .APIServerAdvertiseAddress}}\n" + + "localAPIEndpoint:\n" + + " advertiseAddress: \"{{ .APIServerAdvertiseAddress }}\"\n" + + " bindPort: {{ .APIServerBindPort }}{{end}}\n" + + "nodeRegistration:\n" + + " criSocket: \"{{ .CRISocket }}\"\n" + + " taints:{{ if not .Taints }} []{{end}}{{range .Taints}}\n" + + " - key: \"{{.Key}}\"\n" + + " value: \"{{.Value}}\"\n" + + " effect: \"{{.Effect}}\"{{end}}\n" + + " kubeletExtraArgs:\n" + + " {{ if .NodeLabels }}node-labels: \"{{ .NodeLabels }}\"{{end}}\n" + + " # pod-infra-container-image: {{ .ImageRepository }}/pause:3.1 # only needed by docker\n" + + " {{ if .CloudProvider }}cloud-provider: \"{{ .CloudProvider }}\"\n" + + " {{ if .KubeletCloudConfig }}cloud-config: \"/etc/kubernetes/{{ .CloudProvider }}.conf\"{{end}}{{end}}\n" + + " read-only-port: \"0\"\n" + + " anonymous-auth: \"false\"\n" + + " streaming-connection-idle-timeout: \"5m\"\n" + + " event-qps: \"0\"\n" + + " client-ca-file: \"/etc/kubernetes/pki/ca.crt\"\n" + + " feature-gates: \"RotateKubeletServerCertificate=true\"\n" + + " rotate-certificates: \"true\"\n" + + " tls-cipher-suites: \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256\"\n" + + " authorization-mode: \"Webhook\"\n" + + " experimental-kernel-memcg-notification: \"true\"\n" + + "---\n" + + "apiVersion: kubeadm.k8s.io/v1beta3\n" + + "kind: ClusterConfiguration\n" + + "clusterName: \"{{ .ClusterName }}\"\n" + + "imageRepository: {{ .ImageRepository }}\n" + + "networking:\n" + + " serviceSubnet: \"{{ .ServiceCIDR }}\"\n" + + " podSubnet: \"{{ .PodCIDR }}\"\n" + + " dnsDomain: \"cluster.local\"\n" + + "kubernetesVersion: \"v{{ .KubernetesVersion }}\"\n" + + "{{ if .ControlPlaneEndpoint }}controlPlaneEndpoint: \"{{ .ControlPlaneEndpoint }}\"{{end}}\n" + + "certificatesDir: \"/etc/kubernetes/pki\"\n" + + "apiServer:\n" + + " {{ if .APIServerCertSANs }}\n" + + " certSANs:\n" + + " {{range $k, $san := .APIServerCertSANs}} - \"{{ $san }}\"\n" + + " {{end}}{{end}}\n" + + " extraArgs:\n" + + " # anonymous-auth: \"false\"\n" + + " profiling: \"false\"\n" + + " enable-admission-plugins: \"AlwaysPullImages,EventRateLimit,NodeRestriction,ServiceAccount{{ if .WithPluginPSP }},PodSecurityPolicy{{end}}\"\n" + + " disable-admission-plugins: \"\"\n" + + " admission-control-config-file: \"{{ .AdmissionConfig }}\"\n" + + " audit-log-path: \"{{ .AuditLogDir }}/apiserver.log\"\n" + + " audit-log-maxage: \"30\"\n" + + " audit-log-maxbackup: \"10\"\n" + + " audit-log-maxsize: \"100\"\n" + + " {{ if .WithAuditLog }}audit-policy-file: \"{{ .AuditPolicyFile }}\"{{ end }}\n" + + " {{ if .EtcdPrefix }}etcd-prefix: \"{{ .EtcdPrefix }}\"{{end}}\n" + + " service-account-lookup: \"true\"\n" + + " kubelet-certificate-authority: \"{{ .KubeletCertificateAuthority }}\"\n" + + " tls-cipher-suites: \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256\"\n" + + " {{ .EncryptionProviderPrefix }}encryption-provider-config: \"/etc/kubernetes/admission-control/encryption-provider-config.yaml\"\n" + + " {{ if (and .OIDCIssuerURL .OIDCClientID) }}\n" + + " oidc-issuer-url: \"{{ .OIDCIssuerURL }}\"\n" + + " oidc-client-id: \"{{ .OIDCClientID }}\"\n" + + " oidc-username-claim: \"email\"\n" + + " oidc-username-prefix: \"oidc:\"\n" + + " oidc-groups-claim: \"groups\"{{end}}\n" + + " {{ if .CloudProvider }}cloud-provider: \"{{ .CloudProvider }}\"\n" + + " {{ if .CloudConfig }}cloud-config: /etc/kubernetes/{{ .CloudProvider }}.conf{{end}}{{end}}\n" + + " extraVolumes:\n" + + " {{ if .WithAuditLog }}\n" + + " - name: audit-log-dir\n" + + " hostPath: {{ .AuditLogDir }}\n" + + " mountPath: {{ .AuditLogDir }}\n" + + " pathType: DirectoryOrCreate\n" + + " - name: audit-policy-file\n" + + " hostPath: {{ .AuditPolicyFile }}\n" + + " mountPath: {{ .AuditPolicyFile }}\n" + + " readOnly: true\n" + + " pathType: File{{ end }}\n" + + " - name: admission-control-config-file\n" + + " hostPath: {{ .AdmissionConfig }}\n" + + " mountPath: {{ .AdmissionConfig }}\n" + + " readOnly: true\n" + + " pathType: File\n" + + " - name: admission-control-config-dir\n" + + " hostPath: /etc/kubernetes/admission-control/\n" + + " mountPath: /etc/kubernetes/admission-control/\n" + + " readOnly: true\n" + + " pathType: Directory\n" + + " {{ if and .CloudProvider .CloudConfig }}\n" + + " - name: cloud-config\n" + + " hostPath: /etc/kubernetes/{{ .CloudProvider }}.conf\n" + + " mountPath: /etc/kubernetes/{{ .CloudProvider }}.conf{{end}}\n" + + "scheduler:\n" + + " extraArgs:\n" + + " profiling: \"false\"\n" + + "controllerManager:\n" + + " extraArgs:\n" + + " cluster-name: \"{{ .ClusterName }}\"\n" + + " profiling: \"false\"\n" + + " terminated-pod-gc-threshold: \"10\"\n" + + " feature-gates: \"RotateKubeletServerCertificate=true\"\n" + + " {{ if .ControllerManagerSigningCA }}cluster-signing-cert-file: {{ .ControllerManagerSigningCA }}{{end}}\n" + + " {{ if .CloudProvider }}cloud-provider: \"{{ .CloudProvider }}\"\n" + + " {{ if .CloudConfig }}cloud-config: /etc/kubernetes/{{ .CloudProvider }}.conf\n" + + " extraVolumes:\n" + + " - name: cloud-config\n" + + " hostPath: /etc/kubernetes/{{ .CloudProvider }}.conf\n" + + " mountPath: /etc/kubernetes/{{ .CloudProvider }}.conf{{end}}{{end}}\n" + + "etcd:\n" + + " {{ if .EtcdEndpoints }}\n" + + " external:\n" + + " endpoints:\n" + + " {{range $k, $endpoint := .EtcdEndpoints }} - \"{{ $endpoint }}\"\n" + + " {{end}}\n" + + " caFile: {{ .EtcdCAFile }}\n" + + " certFile: {{ .EtcdCertFile }}\n" + + " keyFile: {{ .EtcdKeyFile }}\n" + + " {{else}}\n" + + " local:\n" + + " extraArgs:\n" + + " peer-auto-tls: \"false\"\n" + + " {{end}}\n" + + "---\n" + + "apiVersion: kubelet.config.k8s.io/v1beta1\n" + + "kind: KubeletConfiguration\n" + + "serverTLSBootstrap: true\n" + + "systemReserved:\n" + + " cpu: 50m\n" + + " memory: 50Mi\n" + + " ephemeral-storage: 1Gi\n" + + "kubeReserved:\n" + + " cpu: {{ .KubeReservedCPU }}\n" + + " memory: {{ .KubeReservedMemory }}\n" + + " ephemeral-storage: 1Gi\n" + + "evictionHard:\n" + + " imagefs.available: 15%\n" + + " memory.available: 100Mi\n" + + " nodefs.available: 10%\n" + + " nodefs.inodesFree: 5%\n" + + "protectKernelDefaults: true\n" + + "" + return tmpl +} diff --git a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta3.yaml.tmpl b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta3.yaml.tmpl new file mode 100644 index 00000000..56ba4b4c --- /dev/null +++ b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm_v1beta3.yaml.tmpl @@ -0,0 +1,141 @@ +apiVersion: kubeadm.k8s.io/v1beta3 +kind: InitConfiguration +{{ if .APIServerAdvertiseAddress}} +localAPIEndpoint: + advertiseAddress: "{{ .APIServerAdvertiseAddress }}" + bindPort: {{ .APIServerBindPort }}{{end}} +nodeRegistration: + criSocket: "{{ .CRISocket }}" + taints:{{ if not .Taints }} []{{end}}{{range .Taints}} + - key: "{{.Key}}" + value: "{{.Value}}" + effect: "{{.Effect}}"{{end}} + kubeletExtraArgs: + {{ if .NodeLabels }}node-labels: "{{ .NodeLabels }}"{{end}} + # pod-infra-container-image: {{ .ImageRepository }}/pause:3.1 # only needed by docker + {{ if .CloudProvider }}cloud-provider: "{{ .CloudProvider }}" + {{ if .KubeletCloudConfig }}cloud-config: "/etc/kubernetes/{{ .CloudProvider }}.conf"{{end}}{{end}} + read-only-port: "0" + anonymous-auth: "false" + streaming-connection-idle-timeout: "5m" + event-qps: "0" + client-ca-file: "/etc/kubernetes/pki/ca.crt" + feature-gates: "RotateKubeletServerCertificate=true" + rotate-certificates: "true" + tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" + authorization-mode: "Webhook" + experimental-kernel-memcg-notification: "true" +--- +apiVersion: kubeadm.k8s.io/v1beta3 +kind: ClusterConfiguration +clusterName: "{{ .ClusterName }}" +imageRepository: {{ .ImageRepository }} +networking: + serviceSubnet: "{{ .ServiceCIDR }}" + podSubnet: "{{ .PodCIDR }}" + dnsDomain: "cluster.local" +kubernetesVersion: "v{{ .KubernetesVersion }}" +{{ if .ControlPlaneEndpoint }}controlPlaneEndpoint: "{{ .ControlPlaneEndpoint }}"{{end}} +certificatesDir: "/etc/kubernetes/pki" +apiServer: + {{ if .APIServerCertSANs }} + certSANs: + {{range $k, $san := .APIServerCertSANs}} - "{{ $san }}" + {{end}}{{end}} + extraArgs: + # anonymous-auth: "false" + profiling: "false" + enable-admission-plugins: "AlwaysPullImages,EventRateLimit,NodeRestriction,ServiceAccount{{ if .WithPluginPSP }},PodSecurityPolicy{{end}}" + disable-admission-plugins: "" + admission-control-config-file: "{{ .AdmissionConfig }}" + audit-log-path: "{{ .AuditLogDir }}/apiserver.log" + audit-log-maxage: "30" + audit-log-maxbackup: "10" + audit-log-maxsize: "100" + {{ if .WithAuditLog }}audit-policy-file: "{{ .AuditPolicyFile }}"{{ end }} + {{ if .EtcdPrefix }}etcd-prefix: "{{ .EtcdPrefix }}"{{end}} + service-account-lookup: "true" + kubelet-certificate-authority: "{{ .KubeletCertificateAuthority }}" + tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" + {{ .EncryptionProviderPrefix }}encryption-provider-config: "/etc/kubernetes/admission-control/encryption-provider-config.yaml" + {{ if (and .OIDCIssuerURL .OIDCClientID) }} + oidc-issuer-url: "{{ .OIDCIssuerURL }}" + oidc-client-id: "{{ .OIDCClientID }}" + oidc-username-claim: "email" + oidc-username-prefix: "oidc:" + oidc-groups-claim: "groups"{{end}} + {{ if .CloudProvider }}cloud-provider: "{{ .CloudProvider }}" + {{ if .CloudConfig }}cloud-config: /etc/kubernetes/{{ .CloudProvider }}.conf{{end}}{{end}} + extraVolumes: + {{ if .WithAuditLog }} + - name: audit-log-dir + hostPath: {{ .AuditLogDir }} + mountPath: {{ .AuditLogDir }} + pathType: DirectoryOrCreate + - name: audit-policy-file + hostPath: {{ .AuditPolicyFile }} + mountPath: {{ .AuditPolicyFile }} + readOnly: true + pathType: File{{ end }} + - name: admission-control-config-file + hostPath: {{ .AdmissionConfig }} + mountPath: {{ .AdmissionConfig }} + readOnly: true + pathType: File + - name: admission-control-config-dir + hostPath: /etc/kubernetes/admission-control/ + mountPath: /etc/kubernetes/admission-control/ + readOnly: true + pathType: Directory + {{ if and .CloudProvider .CloudConfig }} + - name: cloud-config + hostPath: /etc/kubernetes/{{ .CloudProvider }}.conf + mountPath: /etc/kubernetes/{{ .CloudProvider }}.conf{{end}} +scheduler: + extraArgs: + profiling: "false" +controllerManager: + extraArgs: + cluster-name: "{{ .ClusterName }}" + profiling: "false" + terminated-pod-gc-threshold: "10" + feature-gates: "RotateKubeletServerCertificate=true" + {{ if .ControllerManagerSigningCA }}cluster-signing-cert-file: {{ .ControllerManagerSigningCA }}{{end}} + {{ if .CloudProvider }}cloud-provider: "{{ .CloudProvider }}" + {{ if .CloudConfig }}cloud-config: /etc/kubernetes/{{ .CloudProvider }}.conf + extraVolumes: + - name: cloud-config + hostPath: /etc/kubernetes/{{ .CloudProvider }}.conf + mountPath: /etc/kubernetes/{{ .CloudProvider }}.conf{{end}}{{end}} +etcd: + {{ if .EtcdEndpoints }} + external: + endpoints: + {{range $k, $endpoint := .EtcdEndpoints }} - "{{ $endpoint }}" + {{end}} + caFile: {{ .EtcdCAFile }} + certFile: {{ .EtcdCertFile }} + keyFile: {{ .EtcdKeyFile }} + {{else}} + local: + extraArgs: + peer-auto-tls: "false" + {{end}} +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +serverTLSBootstrap: true +systemReserved: + cpu: 50m + memory: 50Mi + ephemeral-storage: 1Gi +kubeReserved: + cpu: {{ .KubeReservedCPU }} + memory: {{ .KubeReservedMemory }} + ephemeral-storage: 1Gi +evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% +protectKernelDefaults: true diff --git a/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.go b/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.go index 14954734..207a9a98 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.go +++ b/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.go @@ -29,7 +29,7 @@ func storageClassLocalPathStorageTemplate() string { " namespace: kube-system\n" + "rules:\n" + "- apiGroups: [\"\"]\n" + - " resources: [\"nodes\", \"persistentvolumeclaims\"]\n" + + " resources: [\"nodes\", \"persistentvolumeclaims\", \"configmaps\"]\n" + " verbs: [\"get\", \"list\", \"watch\"]\n" + "- apiGroups: [\"\"]\n" + " resources: [\"endpoints\", \"persistentvolumes\", \"pods\"]\n" + @@ -73,7 +73,11 @@ func storageClassLocalPathStorageTemplate() string { " serviceAccountName: local-path-provisioner-service-account\n" + " containers:\n" + " - name: local-path-provisioner\n" + - " image: {{ .ImageRepository }}/local-path-provisioner:v0.0.9\n" + + " {{ if ne .ImageRepository \"banzaicloud\" }}\n" + + " image: \"{{ .ImageRepository }}/local-path-provisioner:v0.0.21\"\n" + + " {{ else }}\n" + + " image: \"rancher/local-path-provisioner:v0.0.21\"\n" + + " {{ end }}\n" + " imagePullPolicy: Always\n" + " command:\n" + " - local-path-provisioner\n" + @@ -120,6 +124,51 @@ func storageClassLocalPathStorageTemplate() string { " }\n" + " ]\n" + " }\n" + + " setup: |-\n" + + " #!/bin/sh\n" + + " while getopts \"m:s:p:\" opt\n" + + " do\n" + + " case $opt in\n" + + " p)\n" + + " absolutePath=$OPTARG\n" + + " ;;\n" + + " s)\n" + + " sizeInBytes=$OPTARG\n" + + " ;;\n" + + " m)\n" + + " volMode=$OPTARG\n" + + " ;;\n" + + " esac\n" + + " done\n" + + "\n" + + " mkdir -m 0777 -p ${absolutePath}\n" + + " teardown: |-\n" + + " #!/bin/sh\n" + + " while getopts \"m:s:p:\" opt\n" + + " do\n" + + " case $opt in\n" + + " p)\n" + + " absolutePath=$OPTARG\n" + + " ;;\n" + + " s)\n" + + " sizeInBytes=$OPTARG\n" + + " ;;\n" + + " m)\n" + + " volMode=$OPTARG\n" + + " ;;\n" + + " esac\n" + + " done\n" + + "\n" + + " rm -rf ${absolutePath}\n" + + " helperPod.yaml: |-\n" + + " apiVersion: v1\n" + + " kind: Pod\n" + + " metadata:\n" + + " name: helper-pod\n" + + " spec:\n" + + " containers:\n" + + " - name: helper-pod\n" + + " image: busybox\n" + "" return tmpl } diff --git a/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.tmpl b/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.tmpl index 7ea2bbba..621a0580 100644 --- a/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.tmpl +++ b/cmd/pke/app/phases/kubeadm/controlplane/storage_class_local_path_storage.yaml.tmpl @@ -11,7 +11,7 @@ metadata: namespace: kube-system rules: - apiGroups: [""] - resources: ["nodes", "persistentvolumeclaims"] + resources: ["nodes", "persistentvolumeclaims", "configmaps"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["endpoints", "persistentvolumes", "pods"] @@ -55,7 +55,11 @@ spec: serviceAccountName: local-path-provisioner-service-account containers: - name: local-path-provisioner - image: {{ .ImageRepository }}/local-path-provisioner:v0.0.9 + {{ if ne .ImageRepository "banzaicloud" }} + image: "{{ .ImageRepository }}/local-path-provisioner:v0.0.21" + {{ else }} + image: "rancher/local-path-provisioner:v0.0.21" + {{ end }} imagePullPolicy: Always command: - local-path-provisioner @@ -102,3 +106,48 @@ data: } ] } + setup: |- + #!/bin/sh + while getopts "m:s:p:" opt + do + case $opt in + p) + absolutePath=$OPTARG + ;; + s) + sizeInBytes=$OPTARG + ;; + m) + volMode=$OPTARG + ;; + esac + done + + mkdir -m 0777 -p ${absolutePath} + teardown: |- + #!/bin/sh + while getopts "m:s:p:" opt + do + case $opt in + p) + absolutePath=$OPTARG + ;; + s) + sizeInBytes=$OPTARG + ;; + m) + volMode=$OPTARG + ;; + esac + done + + rm -rf ${absolutePath} + helperPod.yaml: |- + apiVersion: v1 + kind: Pod + metadata: + name: helper-pod + spec: + containers: + - name: helper-pod + image: busybox diff --git a/cmd/pke/app/phases/kubeadm/node/kubeadm.go b/cmd/pke/app/phases/kubeadm/node/kubeadm.go index 2a9436df..8c37efc1 100644 --- a/cmd/pke/app/phases/kubeadm/node/kubeadm.go +++ b/cmd/pke/app/phases/kubeadm/node/kubeadm.go @@ -30,6 +30,7 @@ import ( ) //go:generate templify -t ${GOTMPL} -p node -f kubeadmConfigV1Beta2 kubeadm_v1beta2.yaml.tmpl +//go:generate templify -t ${GOTMPL} -p node -f kubeadmConfigV1Beta3 kubeadm_v1beta3.yaml.tmpl func (n Node) writeKubeadmConfig(out io.Writer, filename string) error { // API server advertisement @@ -62,6 +63,9 @@ func (n Node) writeKubeadmConfig(out io.Writer, filename string) error { case 19, 20, 21: // see https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2 conf = kubeadmConfigV1Beta2Template() + case 22, 23: + // see https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3 + conf = kubeadmConfigV1Beta3Template() default: return errors.Errorf("unsupported Kubernetes version %q for kubeadm", n.kubernetesVersion) } diff --git a/cmd/pke/app/phases/kubeadm/node/kubeadm_v1beta3.yaml.go b/cmd/pke/app/phases/kubeadm/node/kubeadm_v1beta3.yaml.go new file mode 100644 index 00000000..cc3431ee --- /dev/null +++ b/cmd/pke/app/phases/kubeadm/node/kubeadm_v1beta3.yaml.go @@ -0,0 +1,72 @@ +// Copyright © 2019 Banzai Cloud +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package node + +// kubeadmConfigV1Beta3Template is a generated function returning the template as a string. +func kubeadmConfigV1Beta3Template() string { + var tmpl = "apiVersion: kubeadm.k8s.io/v1beta3\n" + + "kind: JoinConfiguration\n" + + "{{ if and .APIServerAdvertiseAddress .APIServerBindPort }}\n" + + "controlPlane:\n" + + " localAPIEndpoint:\n" + + " advertiseAddress: \"{{ .APIServerAdvertiseAddress }}\"\n" + + " bindPort: {{ .APIServerBindPort }}{{end}}\n" + + "nodeRegistration:\n" + + " criSocket: \"{{ .CRISocket }}\"\n" + + " taints:{{ if not .Taints }} []{{end}}{{range .Taints}}\n" + + " - key: \"{{.Key}}\"\n" + + " value: \"{{.Value}}\"\n" + + " effect: \"{{.Effect}}\"{{end}}\n" + + " kubeletExtraArgs:\n" + + " {{ if .NodeLabels }}node-labels: \"{{ .NodeLabels }}\"{{end}}\n" + + " {{ if .CloudProvider }}cloud-provider: \"{{ .CloudProvider }}\"{{end}}\n" + + " {{if eq .CloudProvider \"azure\" }}cloud-config: \"/etc/kubernetes/{{ .CloudProvider }}.conf\"{{end}}\n" + + " read-only-port: \"0\"\n" + + " anonymous-auth: \"false\"\n" + + " streaming-connection-idle-timeout: \"5m\"\n" + + " event-qps: \"0\"\n" + + " client-ca-file: \"/etc/kubernetes/pki/ca.crt\"\n" + + " feature-gates: \"RotateKubeletServerCertificate=true\"\n" + + " rotate-certificates: \"true\"\n" + + " tls-cipher-suites: \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256\"\n" + + " authorization-mode: \"Webhook\"\n" + + " experimental-kernel-memcg-notification: \"true\"\n" + + "discovery:\n" + + " bootstrapToken:\n" + + " apiServerEndpoint: \"{{ .ControlPlaneEndpoint }}\"\n" + + " token: {{ .Token }}\n" + + " caCertHashes:\n" + + " - {{ .CACertHash }}\n" + + "---\n" + + "apiVersion: kubelet.config.k8s.io/v1beta1\n" + + "kind: KubeletConfiguration\n" + + "serverTLSBootstrap: true\n" + + "systemReserved:\n" + + " cpu: 50m\n" + + " memory: 50Mi\n" + + " ephemeral-storage: 1Gi\n" + + "kubeReserved:\n" + + " cpu: {{ .KubeReservedCPU }}\n" + + " memory: {{ .KubeReservedMemory }}\n" + + " ephemeral-storage: 1Gi\n" + + "evictionHard:\n" + + " imagefs.available: 15%\n" + + " memory.available: 100Mi\n" + + " nodefs.available: 10%\n" + + " nodefs.inodesFree: 5%\n" + + "protectKernelDefaults: true\n" + + "" + return tmpl +} diff --git a/cmd/pke/app/phases/kubeadm/node/kubeadm_v1beta3.yaml.tmpl b/cmd/pke/app/phases/kubeadm/node/kubeadm_v1beta3.yaml.tmpl new file mode 100644 index 00000000..9bfba553 --- /dev/null +++ b/cmd/pke/app/phases/kubeadm/node/kubeadm_v1beta3.yaml.tmpl @@ -0,0 +1,51 @@ +apiVersion: kubeadm.k8s.io/v1beta3 +kind: JoinConfiguration +{{ if and .APIServerAdvertiseAddress .APIServerBindPort }} +controlPlane: + localAPIEndpoint: + advertiseAddress: "{{ .APIServerAdvertiseAddress }}" + bindPort: {{ .APIServerBindPort }}{{end}} +nodeRegistration: + criSocket: "{{ .CRISocket }}" + taints:{{ if not .Taints }} []{{end}}{{range .Taints}} + - key: "{{.Key}}" + value: "{{.Value}}" + effect: "{{.Effect}}"{{end}} + kubeletExtraArgs: + {{ if .NodeLabels }}node-labels: "{{ .NodeLabels }}"{{end}} + {{ if .CloudProvider }}cloud-provider: "{{ .CloudProvider }}"{{end}} + {{if eq .CloudProvider "azure" }}cloud-config: "/etc/kubernetes/{{ .CloudProvider }}.conf"{{end}} + read-only-port: "0" + anonymous-auth: "false" + streaming-connection-idle-timeout: "5m" + event-qps: "0" + client-ca-file: "/etc/kubernetes/pki/ca.crt" + feature-gates: "RotateKubeletServerCertificate=true" + rotate-certificates: "true" + tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" + authorization-mode: "Webhook" + experimental-kernel-memcg-notification: "true" +discovery: + bootstrapToken: + apiServerEndpoint: "{{ .ControlPlaneEndpoint }}" + token: {{ .Token }} + caCertHashes: + - {{ .CACertHash }} +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +serverTLSBootstrap: true +systemReserved: + cpu: 50m + memory: 50Mi + ephemeral-storage: 1Gi +kubeReserved: + cpu: {{ .KubeReservedCPU }} + memory: {{ .KubeReservedMemory }} + ephemeral-storage: 1Gi +evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% +protectKernelDefaults: true diff --git a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/certificate_auto_approver_rbac_update.yaml.go b/cmd/pke/app/phases/kubeadm/upgrade/controlplane/certificate_auto_approver_rbac_update.yaml.go deleted file mode 100644 index 4760268c..00000000 --- a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/certificate_auto_approver_rbac_update.yaml.go +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -// certificateAutoApproverRbacUpdateTemplate is a generated function returning the template as a string. -func certificateAutoApproverRbacUpdateTemplate() string { - var tmpl = "apiVersion: rbac.authorization.k8s.io/v1\n" + - "kind: ClusterRole\n" + - "metadata:\n" + - " name: auto-approver\n" + - "rules:\n" + - "- apiGroups:\n" + - " - certificates.k8s.io\n" + - " resources:\n" + - " - certificatesigningrequests\n" + - " verbs:\n" + - " - delete\n" + - " - get\n" + - " - list\n" + - " - watch\n" + - "- apiGroups:\n" + - " - certificates.k8s.io\n" + - " resources:\n" + - " - certificatesigningrequests/approval\n" + - " verbs:\n" + - " - create\n" + - " - update\n" + - "- apiGroups:\n" + - " - certificates.k8s.io\n" + - " resources:\n" + - " - signers\n" + - " resourceNames:\n" + - " - kubernetes.io/kubelet-serving\n" + - " - kubernetes.io/kube-apiserver-client-kubelet\n" + - " verbs:\n" + - " - approve\n" + - "- apiGroups:\n" + - " - authorization.k8s.io\n" + - " resources:\n" + - " - subjectaccessreviews\n" + - " verbs:\n" + - " - create\n" + - "" - return tmpl -} diff --git a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/certificate_auto_approver_rbac_update.yaml.tmpl b/cmd/pke/app/phases/kubeadm/upgrade/controlplane/certificate_auto_approver_rbac_update.yaml.tmpl deleted file mode 100644 index 38d7471a..00000000 --- a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/certificate_auto_approver_rbac_update.yaml.tmpl +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: auto-approver -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - delete - - get - - list - - watch -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/approval - verbs: - - create - - update -- apiGroups: - - certificates.k8s.io - resources: - - signers - resourceNames: - - kubernetes.io/kubelet-serving - - kubernetes.io/kube-apiserver-client-kubelet - verbs: - - approve -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/controlplane.go b/cmd/pke/app/phases/kubeadm/upgrade/controlplane/controlplane.go index 69648ec2..9b08ab23 100644 --- a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/controlplane.go +++ b/cmd/pke/app/phases/kubeadm/upgrade/controlplane/controlplane.go @@ -17,11 +17,7 @@ package controlplane import ( "fmt" "io" - "io/ioutil" "os" - "path/filepath" - "strings" - "text/template" "time" "emperror.dev/errors" @@ -30,19 +26,14 @@ import ( "github.com/banzaicloud/pke/cmd/pke/app/constants" "github.com/banzaicloud/pke/cmd/pke/app/phases" "github.com/banzaicloud/pke/cmd/pke/app/phases/kubeadm/upgrade" - "github.com/banzaicloud/pke/cmd/pke/app/util/file" "github.com/banzaicloud/pke/cmd/pke/app/util/flags" "github.com/banzaicloud/pke/cmd/pke/app/util/linux" "github.com/banzaicloud/pke/cmd/pke/app/util/runner" "github.com/banzaicloud/pke/cmd/pke/app/util/validator" "github.com/spf13/cobra" "github.com/spf13/pflag" - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/yaml" ) -//go:generate templify -t ${GOTMPL} -p controlplane -f kubeadmConfigV1Beta2 kubeadm_v1beta2.yaml.tmpl - const ( use = "kubernetes-controlplane" short = "Kubernetes Control Plane upgrade" @@ -53,6 +44,8 @@ const ( certificateAutoApproverUpdate = "/etc/kubernetes/admission-control/deploy-auto-approver-update.yaml" advertiseAddressAnnotation = "kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint" kubeAPIServerManifestFile = "/etc/kubernetes/manifests/kube-apiserver.yaml" + kubeadmConfig = "/etc/kubernetes/kubeadm.conf" + kubeadmMigratedConfig = "/etc/kubernetes/kubeadm-migrated.conf" ) var _ phases.Runnable = (*ControlPlane)(nil) @@ -62,101 +55,6 @@ type ControlPlane struct { kubernetesVersion string kubernetesAdditionalControlPlane bool - kubeadmConfigMap kubeadmConfigMap - kubeadmConfigUpgrade string - advertiseAddress []string -} - -type kubeadmConfigMap struct { - APIServer struct { - CertSANs []string `yaml:"certSANs,omitempty"` - ExtraArgs struct { - AdmissionControlConfigFile string `yaml:"admission-control-config-file"` - AuditLogMaxage string `yaml:"audit-log-maxage"` - AuditLogMaxbackup string `yaml:"audit-log-maxbackup"` - AuditLogMaxsize string `yaml:"audit-log-maxsize"` - AuditLogPath string `yaml:"audit-log-path"` - AuditPolicyFile string `yaml:"audit-policy-file,omitempty"` - AuthorizationMode string `yaml:"authorization-mode"` - DisableAdmissionPlugins string `yaml:"disable-admission-plugins"` - EnableAdmissionPlugins string `yaml:"enable-admission-plugins"` - EncryptionProviderConfig string `yaml:"encryption-provider-config"` - KubeletCertificateAuthority string `yaml:"kubelet-certificate-authority"` - Profiling string `yaml:"profiling"` - ServiceAccountLookup string `yaml:"service-account-lookup"` - TLSCipherSuites string `yaml:"tls-cipher-suites"` - EtcdPrefix string `yaml:"etcd-prefix,omitempty"` - OIDCIssuerURL string `yaml:"oidc-issuer-url,omitempty"` - OIDCClientID string `yaml:"oidc-client-id,omitempty"` - OIDCUsernameClaim string `yaml:"oidc-username-claim,omitempty"` - OIDCUsernamePrefix string `yaml:"oidc-username-prefix,omitempty"` - OIDCGroupsClaim string `yaml:"oidc-groups-claim,omitempty"` - CloudProvider string `yaml:"cloud-provider,omitempty"` - CloudConfig string `yaml:"cloud-config,omitempty"` - } `yaml:"extraArgs"` - ExtraVolumes []struct { - HostPath string `yaml:"hostPath"` - MountPath string `yaml:"mountPath"` - Name string `yaml:"name"` - PathType string `yaml:"pathType"` - ReadOnly bool `yaml:"readOnly,omitempty"` - } `yaml:"extraVolumes"` - TimeoutForControlPlane string `yaml:"timeoutForControlPlane"` - } `yaml:"apiServer"` - APIVersion string `yaml:"apiVersion"` - CertificatesDir string `yaml:"certificatesDir"` - ClusterName string `yaml:"clusterName"` - ControlPlaneEndpoint string `yaml:"controlPlaneEndpoint,omitempty"` - ControllerManager struct { - ExtraArgs struct { - ClusterName string `yaml:"cluster-name"` - FeatureGates string `yaml:"feature-gates"` - Profiling string `yaml:"profiling"` - TerminatedPodGcThreshold string `yaml:"terminated-pod-gc-threshold"` - ClusterSigningCertFile string `yaml:"cluster-signing-cert-file,omitempty"` - CloudProvider string `yaml:"cloud-provider,omitempty"` - CloudConfig string `yaml:"cloud-config,omitempty"` - } `yaml:"extraArgs"` - ExtraVolumes []struct { - HostPath string `yaml:"hostPath"` - MountPath string `yaml:"mountPath"` - Name string `yaml:"name"` - PathType string `yaml:"pathType"` - ReadOnly bool `yaml:"readOnly,omitempty"` - } `yaml:"extraVolumes,omitempty"` - } `yaml:"controllerManager"` - DNS struct { - Type string `yaml:"type"` - } `yaml:"dns"` - Etcd struct { - Local struct { - DataDir string `yaml:"dataDir"` - ExtraArgs struct { - PeerAutoTLS string `yaml:"peer-auto-tls"` - } `yaml:"extraArgs"` - } `yaml:"local,omitempty"` - External struct { - Endpoints []struct { - CAFile string `yaml:"caFile"` - CertFile string `yaml:"certFile"` - KeyFile string `yaml:"keyFile"` - } `yaml:"enpoints"` - } `yaml:"external,omitempty"` - } `yaml:"etcd"` - ImageRepository string `yaml:"imageRepository"` - Kind string `yaml:"kind"` - KubernetesVersion string `yaml:"kubernetesVersion"` - Networking struct { - DNSDomain string `yaml:"dnsDomain"` - PodSubnet string `yaml:"podSubnet"` - ServiceSubnet string `yaml:"serviceSubnet"` - } `yaml:"networking"` - Scheduler struct { - ExtraArgs struct { - Profiling string `yaml:"profiling"` - } `yaml:"extraArgs"` - } `yaml:"scheduler"` - UseHyperKubeImage bool `yaml:"useHyperKubeImage,omitempty"` } func NewCommand(config config.Config) *cobra.Command { @@ -238,23 +136,14 @@ func (c *ControlPlane) upgrade(out io.Writer, from, to *semver.Version) error { } } else { - err := c.getKubeadmConfigmap() - if err != nil { - return err - } - - err = c.getKubeAPIServerManifest() - if err != nil { - return err - } - - err = c.generateNewKubeadmConfig(out, from, to) - if err != nil { - return err - } - err = c.uploadKubeadmConf(out) - if err != nil { - return err + fromVersion, _ := semver.NewConstraint("1.21.x") + toVersion, _ := semver.NewConstraint("1.22.x") + if fromVersion.Check(from) && toVersion.Check(to) { + // migrate kubeadm config to v1beta3 + err = c.migrateKubeadmConfig(out, from, to) + if err != nil { + return err + } } args = []string{ @@ -301,7 +190,7 @@ func (c *ControlPlane) uploadKubeadmConf(out io.Writer) error { "upload-config", "kubeadm", "--config", - c.kubeadmConfigUpgrade, + kubeadmConfig, } _, err := runner.Cmd(out, cmdKubeadm, args...).CombinedOutputAsync() @@ -312,113 +201,38 @@ func (c *ControlPlane) uploadKubeadmConf(out io.Writer) error { return nil } -func (c *ControlPlane) getKubeadmConfigmap() error { - cmd := runner.Cmd(ioutil.Discard, cmdKubeadm, "config", "view") - o, err := cmd.Output() - if err != nil { - return err - } - err = yaml.Unmarshal(o, &c.kubeadmConfigMap) - if err != nil { - return err - } - return nil -} +func (c *ControlPlane) migrateKubeadmConfig(out io.Writer, from, to *semver.Version) error { -func (c *ControlPlane) getKubeAPIServerManifest() error { - yamlFile, err := ioutil.ReadFile(kubeAPIServerManifestFile) - if err != nil { - return err + args := []string{ + "config", + "migrate", + "--old-config", + kubeadmConfig, + "--new-config", + kubeadmMigratedConfig, } - kubeAPIServerManifest := &corev1.Pod{} - err = yaml.Unmarshal(yamlFile, kubeAPIServerManifest) + _, err := runner.Cmd(out, cmdKubeadm, args...).CombinedOutputAsync() if err != nil { return err } - advertiseAddress := make([]string, 2) - if kubeAPIServerManifest.Annotations != nil { - if kubeAPIServerManifest.Annotations[advertiseAddressAnnotation] != "" { - advertiseAddress = strings.Split(kubeAPIServerManifest.Annotations[advertiseAddressAnnotation], ":") - } - } else { - lines := []string{} - for _, container := range kubeAPIServerManifest.Spec.Containers { - if container.Name == "kube-apiserver" { - lines = container.Command - } - } - - for _, line := range lines { - if strings.Contains(line, "--advertise-address") { - advertiseAddress[0] = strings.Split(line, "=")[1] - continue - } - if strings.Contains(line, "--secure-port") { - advertiseAddress[1] = strings.Split(line, "=")[1] - continue - } - } - } - c.advertiseAddress = advertiseAddress - - return nil -} - -func (c *ControlPlane) generateNewKubeadmConfig(out io.Writer, from, to *semver.Version) error { - var conf string - switch to.Minor() { - case 19, 20, 21: - // see https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2 - conf = kubeadmConfigV1Beta2Template() - default: - return errors.New(fmt.Sprintf("unsupported Kubernetes version %q for upgrade", c.kubernetesVersion)) - } - - type data struct { - KubeadmConfig kubeadmConfigMap - APIServerAdvertiseAddress string - APIServerBindPort string - } - - d := data{ - KubeadmConfig: c.kubeadmConfigMap, - } - - if c.advertiseAddress != nil { - d.APIServerAdvertiseAddress = c.advertiseAddress[0] - d.APIServerBindPort = c.advertiseAddress[1] - } - - tmpl, err := template.New("kubeadm-config-ugrade").Parse(conf) - if err != nil { + if err := renameKubeadmConfigs(out); err != nil { return err } - c.kubeadmConfigUpgrade = "/etc/kubernetes/kubeadm-" + time.Now().Format(time.RFC3339) + ".conf" - return file.WriteTemplate(c.kubeadmConfigUpgrade, tmpl, d) + return c.uploadKubeadmConf(out) } -//go:generate templify -t ${GOTMPL} -p controlplane -f certificateAutoApproverRbacUpdate certificate_auto_approver_rbac_update.yaml.tmpl +func renameKubeadmConfigs(out io.Writer) error { + timestampedOldConfig := "/etc/kubernetes/kubeadm-" + time.Now().Format(time.RFC3339) + ".conf" -func writeCertificateAutoApproverRbacUpdate(out io.Writer) error { - filename := certificateAutoApproverUpdate - dir := filepath.Dir(filename) - - _, _ = fmt.Fprintf(out, "[%s] creating directory: %q\n", use, dir) - err := os.MkdirAll(dir, 0750) - if err != nil { + if err := os.Rename(kubeadmConfig, timestampedOldConfig); err != nil { return err } - - err = file.Overwrite(filename, certificateAutoApproverRbacUpdateTemplate()) - if err != nil { + if err := os.Rename(kubeadmMigratedConfig, kubeadmConfig); err != nil { return err } - cmd := runner.Cmd(out, cmdKubectl, "apply", "-f", filename) - cmd.Env = append(os.Environ(), "KUBECONFIG="+kubeConfig) - _, err = cmd.CombinedOutputAsync() - return err + return nil } diff --git a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/kubeadm_v1beta2.yaml.go b/cmd/pke/app/phases/kubeadm/upgrade/controlplane/kubeadm_v1beta2.yaml.go deleted file mode 100644 index 479a6fbe..00000000 --- a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/kubeadm_v1beta2.yaml.go +++ /dev/null @@ -1,107 +0,0 @@ -// Copyright © 2019 Banzai Cloud -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controlplane - -// kubeadmConfigV1Beta2Template is a generated function returning the template as a string. -func kubeadmConfigV1Beta2Template() string { - var tmpl = "apiVersion: kubeadm.k8s.io/v1beta2\n" + - "kind: InitConfiguration\n" + - "{{ if .APIServerAdvertiseAddress }}\n" + - "localAPIEndpoint:\n" + - " advertiseAddress: \"{{ .APIServerAdvertiseAddress }}\"\n" + - " bindPort: {{ .APIServerBindPort }}{{end}}\n" + - "---\n" + - "apiVersion: kubeadm.k8s.io/v1beta2\n" + - "kind: ClusterConfiguration\n" + - "clusterName: \"{{ .KubeadmConfig.ClusterName }}\"\n" + - "imageRepository: {{ .KubeadmConfig.ImageRepository }}\n" + - "{{ if .KubeadmConfig.UseHyperKubeImage }}useHyperKubeImage: true{{end}}\n" + - "kubernetesVersion: \"{{ .KubeadmConfig.KubernetesVersion }}\"\n" + - "networking:\n" + - " serviceSubnet: \"{{ .KubeadmConfig.Networking.ServiceSubnet }}\"\n" + - " podSubnet: \"{{ .KubeadmConfig.Networking.PodSubnet }}\"\n" + - " dnsDomain: \"cluster.local\"\n" + - "{{ if .KubeadmConfig.ControlPlaneEndpoint }}controlPlaneEndpoint: \"{{ .KubeadmConfig.ControlPlaneEndpoint }}\"{{end}}\n" + - "certificatesDir: \"/etc/kubernetes/pki\"\n" + - "apiServer:\n" + - " {{ if .KubeadmConfig.APIServer.CertSANs }}\n" + - " certSANs:\n" + - " {{range $k, $san := .KubeadmConfig.APIServer.CertSANs}} - \"{{ $san }}\"\n" + - " {{end}}{{end}}\n" + - " extraArgs:\n" + - " profiling: \"false\"\n" + - " enable-admission-plugins: \"{{ .KubeadmConfig.APIServer.ExtraArgs.EnableAdmissionPlugins }}\"\n" + - " disable-admission-plugins: \"{{ .KubeadmConfig.APIServer.ExtraArgs.DisableAdmissionPlugins }}\"\n" + - " admission-control-config-file: \"{{ .KubeadmConfig.APIServer.ExtraArgs.AdmissionControlConfigFile }}\"\n" + - " audit-log-path: \"{{ .KubeadmConfig.APIServer.ExtraArgs.AuditLogPath }}\"\n" + - " audit-log-maxage: \"30\"\n" + - " audit-log-maxbackup: \"10\"\n" + - " audit-log-maxsize: \"100\"\n" + - " {{ if .KubeadmConfig.APIServer.ExtraArgs.AuditPolicyFile }}audit-policy-file: \"{{ .KubeadmConfig.APIServer.ExtraArgs.AuditPolicyFile }}\"{{ end }}\n" + - " {{ if .KubeadmConfig.APIServer.ExtraArgs.EtcdPrefix }}etcd-prefix: \"{{ .KubeadmConfig.APIServer.ExtraArgs.EtcdPrefix }}\"{{end}}\n" + - " service-account-lookup: \"true\"\n" + - " kubelet-certificate-authority: \"{{ .KubeadmConfig.APIServer.ExtraArgs.KubeletCertificateAuthority }}\"\n" + - " tls-cipher-suites: \"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256\"\n" + - " encryption-provider-config: \"/etc/kubernetes/admission-control/encryption-provider-config.yaml\"\n" + - " {{ if (and .KubeadmConfig.APIServer.ExtraArgs.OIDCIssuerURL .KubeadmConfig.APIServer.ExtraArgs.OIDCClientID) }}\n" + - " oidc-issuer-url: \"{{ .KubeadmConfig.APIServer.ExtraArgs.OIDCIssuerURL }}\"\n" + - " oidc-client-id: \"{{ .KubeadmConfig.APIServer.ExtraArgs.OIDCClientID }}\"\n" + - " oidc-username-claim: \"email\"\n" + - " oidc-username-prefix: \"oidc:\"\n" + - " oidc-groups-claim: \"groups\"{{end}}\n" + - " {{ if .KubeadmConfig.APIServer.ExtraArgs.CloudProvider }}cloud-provider: \"{{ .KubeadmConfig.APIServer.ExtraArgs.CloudProvider }}\"\n" + - " {{ if .KubeadmConfig.APIServer.ExtraArgs.CloudConfig }}cloud-config: {{ .KubeadmConfig.APIServer.ExtraArgs.CloudConfig }}{{end}}{{end}}\n" + - " extraVolumes:\n" + - " {{range $k, $volume := .KubeadmConfig.APIServer.ExtraVolumes }}\n" + - " - name: {{ $volume.Name }}\n" + - " hostPath: {{ $volume.HostPath }}\n" + - " mountPath: {{ $volume.MountPath }}\n" + - " pathType: {{ $volume.PathType }}\n" + - " readOnly: {{ $volume.ReadOnly }}{{end}}\n" + - "scheduler:\n" + - " extraArgs:\n" + - " profiling: \"false\"\n" + - "controllerManager:\n" + - " extraArgs:\n" + - " cluster-name: \"{{ .KubeadmConfig.ControllerManager.ExtraArgs.ClusterName }}\"\n" + - " profiling: \"false\"\n" + - " terminated-pod-gc-threshold: \"10\"\n" + - " feature-gates: \"RotateKubeletServerCertificate=true\"\n" + - " {{ if .KubeadmConfig.ControllerManager.ExtraArgs.ClusterSigningCertFile }}cluster-signing-cert-file: {{ .KubeadmConfig.ControllerManager.ExtraArgs.ClusterSigningCertFile }}{{end}}\n" + - " {{ if .KubeadmConfig.ControllerManager.ExtraArgs.CloudProvider }}cloud-provider: \"{{ .KubeadmConfig.ControllerManager.ExtraArgs.CloudProvider }}\"\n" + - " {{ if .KubeadmConfig.ControllerManager.ExtraArgs.CloudConfig }}cloud-config: \"{{ .KubeadmConfig.ControllerManager.ExtraArgs.CloudConfig }}\"\n" + - " extraVolumes:\n" + - " {{range $k, $volume := .KubeadmConfig.ControllerManager.ExtraVolumes }}\n" + - " - name: {{ $volume.Name }}\n" + - " hostPath: {{ $volume.HostPath }}\n" + - " mountPath: {{ $volume.MountPath }}\n" + - " pathType: {{ $volume.PathType }}\n" + - " readOnly: {{ $volume.ReadOnly }}{{end}}{{end}}{{end}}\n" + - "etcd:\n" + - " {{ if .KubeadmConfig.Etcd.External.Endpoints }}\n" + - " external:\n" + - " endpoints:\n" + - " {{range $k, $endpoint := .KubeadmConfig.Etcd.External.Endpoints }}\n" + - " - caFile: {{ $endpoint.CAFile }}\n" + - " certFile: {{ $endpoint.CertFile }}\n" + - " keyFile: {{ $endpoint.KeyFile }}{{end}}\n" + - " {{else}}\n" + - " local:\n" + - " extraArgs:\n" + - " peer-auto-tls: \"false\"\n" + - " {{end}}\n" + - "" - return tmpl -} diff --git a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/kubeadm_v1beta2.yaml.tmpl b/cmd/pke/app/phases/kubeadm/upgrade/controlplane/kubeadm_v1beta2.yaml.tmpl deleted file mode 100644 index b0fdcba8..00000000 --- a/cmd/pke/app/phases/kubeadm/upgrade/controlplane/kubeadm_v1beta2.yaml.tmpl +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: kubeadm.k8s.io/v1beta2 -kind: InitConfiguration -{{ if .APIServerAdvertiseAddress }} -localAPIEndpoint: - advertiseAddress: "{{ .APIServerAdvertiseAddress }}" - bindPort: {{ .APIServerBindPort }}{{end}} ---- -apiVersion: kubeadm.k8s.io/v1beta2 -kind: ClusterConfiguration -clusterName: "{{ .KubeadmConfig.ClusterName }}" -imageRepository: {{ .KubeadmConfig.ImageRepository }} -{{ if .KubeadmConfig.UseHyperKubeImage }}useHyperKubeImage: true{{end}} -kubernetesVersion: "{{ .KubeadmConfig.KubernetesVersion }}" -networking: - serviceSubnet: "{{ .KubeadmConfig.Networking.ServiceSubnet }}" - podSubnet: "{{ .KubeadmConfig.Networking.PodSubnet }}" - dnsDomain: "cluster.local" -{{ if .KubeadmConfig.ControlPlaneEndpoint }}controlPlaneEndpoint: "{{ .KubeadmConfig.ControlPlaneEndpoint }}"{{end}} -certificatesDir: "/etc/kubernetes/pki" -apiServer: - {{ if .KubeadmConfig.APIServer.CertSANs }} - certSANs: - {{range $k, $san := .KubeadmConfig.APIServer.CertSANs}} - "{{ $san }}" - {{end}}{{end}} - extraArgs: - profiling: "false" - enable-admission-plugins: "{{ .KubeadmConfig.APIServer.ExtraArgs.EnableAdmissionPlugins }}" - disable-admission-plugins: "{{ .KubeadmConfig.APIServer.ExtraArgs.DisableAdmissionPlugins }}" - admission-control-config-file: "{{ .KubeadmConfig.APIServer.ExtraArgs.AdmissionControlConfigFile }}" - audit-log-path: "{{ .KubeadmConfig.APIServer.ExtraArgs.AuditLogPath }}" - audit-log-maxage: "30" - audit-log-maxbackup: "10" - audit-log-maxsize: "100" - {{ if .KubeadmConfig.APIServer.ExtraArgs.AuditPolicyFile }}audit-policy-file: "{{ .KubeadmConfig.APIServer.ExtraArgs.AuditPolicyFile }}"{{ end }} - {{ if .KubeadmConfig.APIServer.ExtraArgs.EtcdPrefix }}etcd-prefix: "{{ .KubeadmConfig.APIServer.ExtraArgs.EtcdPrefix }}"{{end}} - service-account-lookup: "true" - kubelet-certificate-authority: "{{ .KubeadmConfig.APIServer.ExtraArgs.KubeletCertificateAuthority }}" - tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" - encryption-provider-config: "/etc/kubernetes/admission-control/encryption-provider-config.yaml" - {{ if (and .KubeadmConfig.APIServer.ExtraArgs.OIDCIssuerURL .KubeadmConfig.APIServer.ExtraArgs.OIDCClientID) }} - oidc-issuer-url: "{{ .KubeadmConfig.APIServer.ExtraArgs.OIDCIssuerURL }}" - oidc-client-id: "{{ .KubeadmConfig.APIServer.ExtraArgs.OIDCClientID }}" - oidc-username-claim: "email" - oidc-username-prefix: "oidc:" - oidc-groups-claim: "groups"{{end}} - {{ if .KubeadmConfig.APIServer.ExtraArgs.CloudProvider }}cloud-provider: "{{ .KubeadmConfig.APIServer.ExtraArgs.CloudProvider }}" - {{ if .KubeadmConfig.APIServer.ExtraArgs.CloudConfig }}cloud-config: {{ .KubeadmConfig.APIServer.ExtraArgs.CloudConfig }}{{end}}{{end}} - extraVolumes: - {{range $k, $volume := .KubeadmConfig.APIServer.ExtraVolumes }} - - name: {{ $volume.Name }} - hostPath: {{ $volume.HostPath }} - mountPath: {{ $volume.MountPath }} - pathType: {{ $volume.PathType }} - readOnly: {{ $volume.ReadOnly }}{{end}} -scheduler: - extraArgs: - profiling: "false" -controllerManager: - extraArgs: - cluster-name: "{{ .KubeadmConfig.ControllerManager.ExtraArgs.ClusterName }}" - profiling: "false" - terminated-pod-gc-threshold: "10" - feature-gates: "RotateKubeletServerCertificate=true" - {{ if .KubeadmConfig.ControllerManager.ExtraArgs.ClusterSigningCertFile }}cluster-signing-cert-file: {{ .KubeadmConfig.ControllerManager.ExtraArgs.ClusterSigningCertFile }}{{end}} - {{ if .KubeadmConfig.ControllerManager.ExtraArgs.CloudProvider }}cloud-provider: "{{ .KubeadmConfig.ControllerManager.ExtraArgs.CloudProvider }}" - {{ if .KubeadmConfig.ControllerManager.ExtraArgs.CloudConfig }}cloud-config: "{{ .KubeadmConfig.ControllerManager.ExtraArgs.CloudConfig }}" - extraVolumes: - {{range $k, $volume := .KubeadmConfig.ControllerManager.ExtraVolumes }} - - name: {{ $volume.Name }} - hostPath: {{ $volume.HostPath }} - mountPath: {{ $volume.MountPath }} - pathType: {{ $volume.PathType }} - readOnly: {{ $volume.ReadOnly }}{{end}}{{end}}{{end}} -etcd: - {{ if .KubeadmConfig.Etcd.External.Endpoints }} - external: - endpoints: - {{range $k, $endpoint := .KubeadmConfig.Etcd.External.Endpoints }} - - caFile: {{ $endpoint.CAFile }} - certFile: {{ $endpoint.CertFile }} - keyFile: {{ $endpoint.KeyFile }}{{end}} - {{else}} - local: - extraArgs: - peer-auto-tls: "false" - {{end}} diff --git a/cmd/pke/app/phases/kubeadm/version/version.go b/cmd/pke/app/phases/kubeadm/version/version.go index 2b052c60..8f95d9f3 100644 --- a/cmd/pke/app/phases/kubeadm/version/version.go +++ b/cmd/pke/app/phases/kubeadm/version/version.go @@ -32,7 +32,7 @@ const ( use = "kubernetes-version" short = "Check Kubernetes version is supported or not" - constraint = "1.19.x-0 || 1.20.x-0 || 1.21.x-0" + constraint = "1.19.x-0 || 1.20.x-0 || 1.21.x-0 || 1.22.x-0 || 1.23.x-0" ) var _ phases.Runnable = (*Version)(nil) diff --git a/cmd/pke/app/phases/kubeadm/version/version_test.go b/cmd/pke/app/phases/kubeadm/version/version_test.go index 3bc53acf..4a9c8e28 100644 --- a/cmd/pke/app/phases/kubeadm/version/version_test.go +++ b/cmd/pke/app/phases/kubeadm/version/version_test.go @@ -26,13 +26,7 @@ func TestValidVersion(t *testing.T) { valid bool }{ {"0.0.1", false}, - {"1.12.0", false}, - {"1.12.6", false}, - {"1.13.0", false}, - {"1.13.1", false}, - {"1.14.0", false}, {"1.14.1", false}, - {"v1.14.1-beta.0", false}, {"v1.15.0", false}, {"v1.16.0", false}, {"v1.17.0", false}, @@ -40,7 +34,9 @@ func TestValidVersion(t *testing.T) { {"v1.19.0", true}, {"v1.20.0", true}, {"v1.21.0", true}, - {"v1.22.0", false}, + {"v1.22.0", true}, + {"v1.23.0", true}, + {"v1.24.0-beta.0", false}, } for _, tc := range testCases { diff --git a/cmd/pke/app/phases/runtime/container/containerd_config.toml.go b/cmd/pke/app/phases/runtime/container/containerd_config.toml.go index d953077c..33968cfa 100644 --- a/cmd/pke/app/phases/runtime/container/containerd_config.toml.go +++ b/cmd/pke/app/phases/runtime/container/containerd_config.toml.go @@ -17,7 +17,10 @@ package container // containerdConfigTemplate is a generated function returning the template as a string. func containerdConfigTemplate() string { var tmpl = "[plugins.cri]\n" + + "{{ if ne .ImageRepository \"banzaicloud\" }}\n" + "sandbox_image = \"{{ .ImageRepository }}/pause:3.1\"\n" + - "" + "{{ else }}\n" + + "sandbox_image = \"k8s.gcr.io/pause:3.6\"\n" + + "{{ end }}" return tmpl } diff --git a/cmd/pke/app/phases/runtime/container/containerd_config.toml.tmpl b/cmd/pke/app/phases/runtime/container/containerd_config.toml.tmpl index c4b687fe..bf86d924 100644 --- a/cmd/pke/app/phases/runtime/container/containerd_config.toml.tmpl +++ b/cmd/pke/app/phases/runtime/container/containerd_config.toml.tmpl @@ -1,2 +1,6 @@ [plugins.cri] +{{ if ne .ImageRepository "banzaicloud" }} sandbox_image = "{{ .ImageRepository }}/pause:3.1" +{{ else }} +sandbox_image = "k8s.gcr.io/pause:3.6" +{{ end }} \ No newline at end of file diff --git a/cmd/pke/app/phases/runtime/container/containerd_linux.go b/cmd/pke/app/phases/runtime/container/containerd_linux.go index 1ccc66c4..b5591d2b 100644 --- a/cmd/pke/app/phases/runtime/container/containerd_linux.go +++ b/cmd/pke/app/phases/runtime/container/containerd_linux.go @@ -28,9 +28,9 @@ import ( ) const ( - containerdVersion = "1.3.3" - containerdSHA256 = "24ce7ad6b489fb25d07d2a3bb50e443fcce1ac3318f8cc0831e00668c2c9fd86" - containerdURL = "https://storage.googleapis.com/cri-containerd-release/cri-containerd-%s.linux-amd64.tar.gz" + containerdVersion = "1.5.9" + containerdSHA256 = "f64c8e3b736b370c963b08c33ac70f030fc311bc48fcfd00461465af2fff3488" + containerdURL = "https://github.com/containerd/containerd/releases/download/v%s/cri-containerd-cni-%s-linux-amd64.tar.gz" containerdVersionPath = "/opt/containerd/cluster/version" containerdConf = "/etc/containerd/config.toml" @@ -108,18 +108,20 @@ func installContainerd(out io.Writer, imageRepository string) error { return errors.Wrapf(err, "unable to create temporary file: %q", f.Name()) } defer func() { _ = f.Close() }() - // export CONTAINERD_VERSION="1.3.3" - // export CONTAINERD_SHA256="24ce7ad6b489fb25d07d2a3bb50e443fcce1ac3318f8cc0831e00668c2c9fd86" - // wget https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz - dl := fmt.Sprintf(containerdURL, containerdVersion) + // export CONTAINERD_VERSION="1.5.9" + // export CONTAINERD_SHA256="f64c8e3b736b370c963b08c33ac70f030fc311bc48fcfd00461465af2fff3488" + // wget https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz + dl := fmt.Sprintf(containerdURL, containerdVersion, containerdVersion) u, err := url.Parse(dl) if err != nil { return errors.Wrapf(err, "failed to parse url: %q", dl) } _, _ = fmt.Fprintf(out, "wget %q -O %s\n", u.String(), f.Name()) + if err = file.Download(u, f.Name()); err != nil { return errors.Wrapf(err, "unable to download containerd. url: %q", u.String()) } + // echo "${CONTAINERD_SHA256} cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz" | sha256sum --check - _, _ = fmt.Fprintf(out, "echo \"%s %s\" | sha256sum --check -\n", containerdSHA256, f.Name()) err = file.SHA256File(f.Name(), containerdSHA256) diff --git a/cmd/pke/app/util/file/download.go b/cmd/pke/app/util/file/download.go index 2a859f13..9df23da3 100644 --- a/cmd/pke/app/util/file/download.go +++ b/cmd/pke/app/util/file/download.go @@ -24,25 +24,35 @@ import ( "os" "emperror.dev/errors" + retry "github.com/avast/retry-go" ) func Download(u *url.URL, f string) error { - resp, err := http.Get(u.String()) - if err != nil { - return err - } - if resp.StatusCode != http.StatusOK { - return errors.Errorf("unhandled http status code: %d", resp.StatusCode) - } - defer func() { _ = resp.Body.Close() }() + err := retry.Do( + func() error { + resp, err := http.Get(u.String()) + if err != nil { + return err + } + if resp.StatusCode != http.StatusOK { + return errors.Errorf("unhandled http status code: %d", resp.StatusCode) + } + defer func() { _ = resp.Body.Close() }() - out, err := os.Create(f) - if err != nil { - return err - } - defer func() { _ = out.Close() }() + out, err := os.Create(f) + if err != nil { + return err + } + defer func() { _ = out.Close() }() + + _, err = io.Copy(out, resp.Body) + if err != nil { + return err + } - _, err = io.Copy(out, resp.Body) + return nil + }, + ) if err != nil { return err } diff --git a/cmd/pke/docs/pke_install_master.md b/cmd/pke/docs/pke_install_master.md index 276077b9..5ed14c32 100644 --- a/cmd/pke/docs/pke_install_master.md +++ b/cmd/pke/docs/pke_install_master.md @@ -56,7 +56,7 @@ pke install master [flags] --kubernetes-oidc-issuer-url string URL of the OIDC provider which allows the API server to discover public signing keys --kubernetes-pod-network-cidr string range of IP addresses for the pod network (default "10.20.0.0/16") --kubernetes-service-cidr string range of IP address for service VIPs (default "10.10.0.0/16") - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --lb-range string Advertise the specified IPv4 range via ARP and allocate addresses for LoadBalancer Services (non-cloud only, example: 192.168.0.100-192.168.0.110) --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate @@ -78,7 +78,6 @@ pke install master [flags] --vsphere-username string The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret) --with-plugin-psp Enable PodSecurityPolicy admission plugin --without-audit-log Disable apiserver audit log - --without-plugin-deny-escalating-exec Disable DenyEscalatingExec admission plugin ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_master_kubernetes-controlplane.md b/cmd/pke/docs/pke_install_master_kubernetes-controlplane.md index 0493f7ca..5236d70f 100644 --- a/cmd/pke/docs/pke_install_master_kubernetes-controlplane.md +++ b/cmd/pke/docs/pke_install_master_kubernetes-controlplane.md @@ -56,7 +56,7 @@ pke install master kubernetes-controlplane [flags] --kubernetes-oidc-issuer-url string URL of the OIDC provider which allows the API server to discover public signing keys --kubernetes-pod-network-cidr string range of IP addresses for the pod network (default "10.20.0.0/16") --kubernetes-service-cidr string range of IP address for service VIPs (default "10.10.0.0/16") - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --lb-range string Advertise the specified IPv4 range via ARP and allocate addresses for LoadBalancer Services (non-cloud only, example: 192.168.0.100-192.168.0.110) --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate @@ -78,7 +78,6 @@ pke install master kubernetes-controlplane [flags] --vsphere-username string The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret) --with-plugin-psp Enable PodSecurityPolicy admission plugin --without-audit-log Disable apiserver audit log - --without-plugin-deny-escalating-exec Disable DenyEscalatingExec admission plugin ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_master_kubernetes-runtime.md b/cmd/pke/docs/pke_install_master_kubernetes-runtime.md index 29097ce8..07c05d32 100644 --- a/cmd/pke/docs/pke_install_master_kubernetes-runtime.md +++ b/cmd/pke/docs/pke_install_master_kubernetes-runtime.md @@ -18,7 +18,7 @@ pke install master kubernetes-runtime [flags] ``` -h, --help help for kubernetes-runtime - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_master_kubernetes-version.md b/cmd/pke/docs/pke_install_master_kubernetes-version.md index 448c4799..873b4494 100644 --- a/cmd/pke/docs/pke_install_master_kubernetes-version.md +++ b/cmd/pke/docs/pke_install_master_kubernetes-version.md @@ -18,7 +18,7 @@ pke install master kubernetes-version [flags] ``` -h, --help help for kubernetes-version - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_master_pipeline-certificates.md b/cmd/pke/docs/pke_install_master_pipeline-certificates.md index 570be1b2..fa4167b8 100644 --- a/cmd/pke/docs/pke_install_master_pipeline-certificates.md +++ b/cmd/pke/docs/pke_install_master_pipeline-certificates.md @@ -18,7 +18,7 @@ pke install master pipeline-certificates [flags] ``` -h, --help help for pipeline-certificates - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate --pipeline-org-id int32 Organization ID to use with Pipeline API diff --git a/cmd/pke/docs/pke_install_single.md b/cmd/pke/docs/pke_install_single.md index 6af93dd5..1ac02351 100644 --- a/cmd/pke/docs/pke_install_single.md +++ b/cmd/pke/docs/pke_install_single.md @@ -56,7 +56,7 @@ pke install single [flags] --kubernetes-oidc-issuer-url string URL of the OIDC provider which allows the API server to discover public signing keys --kubernetes-pod-network-cidr string range of IP addresses for the pod network (default "10.20.0.0/16") --kubernetes-service-cidr string range of IP address for service VIPs (default "10.10.0.0/16") - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --lb-range string Advertise the specified IPv4 range via ARP and allocate addresses for LoadBalancer Services (non-cloud only, example: 192.168.0.100-192.168.0.110) --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate @@ -78,7 +78,6 @@ pke install single [flags] --vsphere-username string The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret) --with-plugin-psp Enable PodSecurityPolicy admission plugin --without-audit-log Disable apiserver audit log - --without-plugin-deny-escalating-exec Disable DenyEscalatingExec admission plugin ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_single_kubernetes-controlplane.md b/cmd/pke/docs/pke_install_single_kubernetes-controlplane.md index 558ec420..c6e9fabe 100644 --- a/cmd/pke/docs/pke_install_single_kubernetes-controlplane.md +++ b/cmd/pke/docs/pke_install_single_kubernetes-controlplane.md @@ -56,7 +56,7 @@ pke install single kubernetes-controlplane [flags] --kubernetes-oidc-issuer-url string URL of the OIDC provider which allows the API server to discover public signing keys --kubernetes-pod-network-cidr string range of IP addresses for the pod network (default "10.20.0.0/16") --kubernetes-service-cidr string range of IP address for service VIPs (default "10.10.0.0/16") - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --lb-range string Advertise the specified IPv4 range via ARP and allocate addresses for LoadBalancer Services (non-cloud only, example: 192.168.0.100-192.168.0.110) --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate @@ -78,7 +78,6 @@ pke install single kubernetes-controlplane [flags] --vsphere-username string The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret) --with-plugin-psp Enable PodSecurityPolicy admission plugin --without-audit-log Disable apiserver audit log - --without-plugin-deny-escalating-exec Disable DenyEscalatingExec admission plugin ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_single_kubernetes-runtime.md b/cmd/pke/docs/pke_install_single_kubernetes-runtime.md index d496d356..1bc1a98b 100644 --- a/cmd/pke/docs/pke_install_single_kubernetes-runtime.md +++ b/cmd/pke/docs/pke_install_single_kubernetes-runtime.md @@ -18,7 +18,7 @@ pke install single kubernetes-runtime [flags] ``` -h, --help help for kubernetes-runtime - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_single_kubernetes-version.md b/cmd/pke/docs/pke_install_single_kubernetes-version.md index 8a87acf9..78f290b3 100644 --- a/cmd/pke/docs/pke_install_single_kubernetes-version.md +++ b/cmd/pke/docs/pke_install_single_kubernetes-version.md @@ -18,7 +18,7 @@ pke install single kubernetes-version [flags] ``` -h, --help help for kubernetes-version - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_single_pipeline-certificates.md b/cmd/pke/docs/pke_install_single_pipeline-certificates.md index 8cc55306..0c9e7a6c 100644 --- a/cmd/pke/docs/pke_install_single_pipeline-certificates.md +++ b/cmd/pke/docs/pke_install_single_pipeline-certificates.md @@ -18,7 +18,7 @@ pke install single pipeline-certificates [flags] ``` -h, --help help for pipeline-certificates - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate --pipeline-org-id int32 Organization ID to use with Pipeline API diff --git a/cmd/pke/docs/pke_install_worker.md b/cmd/pke/docs/pke_install_worker.md index 242f4cc9..e2f0ba6a 100644 --- a/cmd/pke/docs/pke_install_worker.md +++ b/cmd/pke/docs/pke_install_worker.md @@ -35,7 +35,7 @@ pke install worker [flags] --kubernetes-node-labels strings Specifies the labels the Node should be registered with --kubernetes-node-token string PKE join token --kubernetes-pod-network-cidr string range of IP addresses for the pod network on the current node - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate --pipeline-nodepool string name of the nodepool the node belongs to diff --git a/cmd/pke/docs/pke_install_worker_kubernetes-node.md b/cmd/pke/docs/pke_install_worker_kubernetes-node.md index 99b83203..8eb307ae 100644 --- a/cmd/pke/docs/pke_install_worker_kubernetes-node.md +++ b/cmd/pke/docs/pke_install_worker_kubernetes-node.md @@ -33,7 +33,7 @@ pke install worker kubernetes-node [flags] --kubernetes-node-labels strings Specifies the labels the Node should be registered with --kubernetes-node-token string PKE join token --kubernetes-pod-network-cidr string range of IP addresses for the pod network on the current node - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --pipeline-cluster-id int32 Cluster ID to use with Pipeline API --pipeline-insecure If the Pipeline API should not verify the API's certificate --pipeline-nodepool string name of the nodepool the node belongs to diff --git a/cmd/pke/docs/pke_install_worker_kubernetes-runtime.md b/cmd/pke/docs/pke_install_worker_kubernetes-runtime.md index 751ede03..b7e9f90d 100644 --- a/cmd/pke/docs/pke_install_worker_kubernetes-runtime.md +++ b/cmd/pke/docs/pke_install_worker_kubernetes-runtime.md @@ -18,7 +18,7 @@ pke install worker kubernetes-runtime [flags] ``` -h, --help help for kubernetes-runtime - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_install_worker_kubernetes-version.md b/cmd/pke/docs/pke_install_worker_kubernetes-version.md index f2840d28..7e1cf28d 100644 --- a/cmd/pke/docs/pke_install_worker_kubernetes-version.md +++ b/cmd/pke/docs/pke_install_worker_kubernetes-version.md @@ -18,7 +18,7 @@ pke install worker kubernetes-version [flags] ``` -h, --help help for kubernetes-version - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_machine-image.md b/cmd/pke/docs/pke_machine-image.md index 3462be5a..15b7a6e3 100644 --- a/cmd/pke/docs/pke_machine-image.md +++ b/cmd/pke/docs/pke_machine-image.md @@ -20,7 +20,7 @@ pke machine-image [flags] -h, --help help for machine-image --image-repository string Prefix for image repository (default "banzaicloud") --kubernetes-container-runtime string Kubernetes container runtime (default "containerd") - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --use-image-repo-for-k8s Use defined image repository for K8s Images as well ``` diff --git a/cmd/pke/docs/pke_machine-image_image-pull.md b/cmd/pke/docs/pke_machine-image_image-pull.md index e1c159f7..b35645f4 100644 --- a/cmd/pke/docs/pke_machine-image_image-pull.md +++ b/cmd/pke/docs/pke_machine-image_image-pull.md @@ -19,7 +19,7 @@ pke machine-image image-pull [flags] ``` -h, --help help for image-pull --image-repository string Prefix for image repository (default "banzaicloud") - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") --use-image-repo-for-k8s Use defined image repository for K8s Images as well ``` diff --git a/cmd/pke/docs/pke_machine-image_kubernetes-runtime.md b/cmd/pke/docs/pke_machine-image_kubernetes-runtime.md index 72ec9fd5..3b8e5682 100644 --- a/cmd/pke/docs/pke_machine-image_kubernetes-runtime.md +++ b/cmd/pke/docs/pke_machine-image_kubernetes-runtime.md @@ -18,7 +18,7 @@ pke machine-image kubernetes-runtime [flags] ``` -h, --help help for kubernetes-runtime - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_machine-image_kubernetes-version.md b/cmd/pke/docs/pke_machine-image_kubernetes-version.md index 0c3277d1..01623488 100644 --- a/cmd/pke/docs/pke_machine-image_kubernetes-version.md +++ b/cmd/pke/docs/pke_machine-image_kubernetes-version.md @@ -18,7 +18,7 @@ pke machine-image kubernetes-version [flags] ``` -h, --help help for kubernetes-version - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_machine-image_write-config.md b/cmd/pke/docs/pke_machine-image_write-config.md index ea350c54..30f4e535 100644 --- a/cmd/pke/docs/pke_machine-image_write-config.md +++ b/cmd/pke/docs/pke_machine-image_write-config.md @@ -19,7 +19,7 @@ pke machine-image write-config [flags] ``` -h, --help help for write-config --kubernetes-container-runtime string Kubernetes container runtime (default "containerd") - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_upgrade_master.md b/cmd/pke/docs/pke_upgrade_master.md index 163814fb..56e06680 100644 --- a/cmd/pke/docs/pke_upgrade_master.md +++ b/cmd/pke/docs/pke_upgrade_master.md @@ -19,7 +19,7 @@ pke upgrade master [flags] ``` -h, --help help for master --kubernetes-additional-control-plane Treat node as additional control plane - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_upgrade_master_kubernetes-controlplane.md b/cmd/pke/docs/pke_upgrade_master_kubernetes-controlplane.md index e87facad..b958066b 100644 --- a/cmd/pke/docs/pke_upgrade_master_kubernetes-controlplane.md +++ b/cmd/pke/docs/pke_upgrade_master_kubernetes-controlplane.md @@ -19,7 +19,7 @@ pke upgrade master kubernetes-controlplane [flags] ``` -h, --help help for kubernetes-controlplane --kubernetes-additional-control-plane Treat node as additional control plane - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_upgrade_master_kubernetes-version.md b/cmd/pke/docs/pke_upgrade_master_kubernetes-version.md index a33d1d63..6ce188f4 100644 --- a/cmd/pke/docs/pke_upgrade_master_kubernetes-version.md +++ b/cmd/pke/docs/pke_upgrade_master_kubernetes-version.md @@ -18,7 +18,7 @@ pke upgrade master kubernetes-version [flags] ``` -h, --help help for kubernetes-version - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_upgrade_worker.md b/cmd/pke/docs/pke_upgrade_worker.md index c81c5c87..7ba03600 100644 --- a/cmd/pke/docs/pke_upgrade_worker.md +++ b/cmd/pke/docs/pke_upgrade_worker.md @@ -18,7 +18,7 @@ pke upgrade worker [flags] ``` -h, --help help for worker - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_upgrade_worker_kubernetes-node.md b/cmd/pke/docs/pke_upgrade_worker_kubernetes-node.md index 599cea49..bd3f5743 100644 --- a/cmd/pke/docs/pke_upgrade_worker_kubernetes-node.md +++ b/cmd/pke/docs/pke_upgrade_worker_kubernetes-node.md @@ -18,7 +18,7 @@ pke upgrade worker kubernetes-node [flags] ``` -h, --help help for kubernetes-node - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/cmd/pke/docs/pke_upgrade_worker_kubernetes-version.md b/cmd/pke/docs/pke_upgrade_worker_kubernetes-version.md index 85b68a40..3187363a 100644 --- a/cmd/pke/docs/pke_upgrade_worker_kubernetes-version.md +++ b/cmd/pke/docs/pke_upgrade_worker_kubernetes-version.md @@ -18,7 +18,7 @@ pke upgrade worker kubernetes-version [flags] ``` -h, --help help for kubernetes-version - --kubernetes-version string Kubernetes version (default "1.19.10") + --kubernetes-version string Kubernetes version (default "1.22.1") ``` ### SEE ALSO diff --git a/go.mod b/go.mod index 4da0c5e6..816a7c43 100644 --- a/go.mod +++ b/go.mod @@ -7,19 +7,24 @@ require ( github.com/Masterminds/semver v1.4.2 github.com/PuerkitoBio/rehttp v0.0.0-20180310210549-11cf6ea5d3e9 github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6 + github.com/avast/retry-go v3.0.0+incompatible github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 // indirect github.com/benbjohnson/clock v0.0.0-20161215174838-7dc76406b6d3 // indirect github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/dustin/go-humanize v1.0.0 // indirect github.com/ghodss/yaml v1.0.0 + github.com/golang/protobuf v1.4.2 // indirect github.com/goph/emperror v0.17.1 + github.com/kr/pretty v0.2.0 // indirect github.com/lestrrat-go/backoff v0.0.0-20190107202757-0bc2a4274cd0 github.com/pbnjay/memory v0.0.0-20190104145345-974d429e7ae4 + github.com/pkg/errors v0.9.1 // indirect github.com/spf13/cobra v0.0.5 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.4.0 + golang.org/x/net v0.0.0-20200707034311-ab3426394381 // indirect golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 + google.golang.org/protobuf v1.24.0 // indirect + gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/yaml.v2 v2.2.8 - k8s.io/api v0.19.4 - sigs.k8s.io/yaml v1.2.0 ) diff --git a/go.sum b/go.sum index b35cc6b4..e1d63fb1 100644 --- a/go.sum +++ b/go.sum @@ -5,15 +5,14 @@ emperror.dev/errors v0.4.3/go.mod h1:cA5SMsyzo+KXq997DKGK+lTV1DGx5TXLQUNtYe9p2p0 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/rehttp v0.0.0-20180310210549-11cf6ea5d3e9 h1:VE0eMvNSQI72dADsq4gm5KpNPmt97WgqneTfaS5MWrs= github.com/PuerkitoBio/rehttp v0.0.0-20180310210549-11cf6ea5d3e9/go.mod h1:ItsOiHl4XeMOV3rzbZqQRjLc3QQxbE6391/9iNG7rE8= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/airbrake/gobrake v3.6.1+incompatible/go.mod h1:wM4gu3Cn0W0K7GUuVWnlXZU11AGBXMILnrdOU8Kn00o= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6 h1:uZuxRZCz65cG1o6K/xUqImNcYKtmk9ylqaH0itMSvzA= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0= +github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY= github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48= github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA= github.com/benbjohnson/clock v0.0.0-20161215174838-7dc76406b6d3 h1:wOysYcIdqv3WnvwqFFzrYCFALPED7qkUGaLXu359GSc= @@ -35,37 +34,19 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -79,24 +60,13 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/goph/emperror v0.17.1 h1:6lOybhIvG/BB6VGoWfdv30FVZeZFBBZ9VvgzGXLVkyY= github.com/goph/emperror v0.17.1/go.mod h1:+ZbQ+fUNO/6FNiUo0ujtMjhgad9Xa6fQL9KhH4LNHic= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= @@ -107,29 +77,15 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/lestrrat-go/backoff v0.0.0-20190107202757-0bc2a4274cd0 h1:42NOlmEjGA3qZ1qSWc/QVFo0DuVXG1zewVXFMZj+ZLs= github.com/lestrrat-go/backoff v0.0.0-20190107202757-0bc2a4274cd0/go.mod h1:CNQaGVRTtvkLlWshyDozYy79pBflEOWskqCMSxLTfQ0= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/pbnjay/memory v0.0.0-20190104145345-974d429e7ae4 h1:MfIUBZ1bz7TgvQLVa/yPJZOGeKEgs6eTKUjz3zB4B+U= github.com/pbnjay/memory v0.0.0-20190104145345-974d429e7ae4/go.mod h1:RMU2gJXhratVxBDTFeOdNhd540tG57lt9FIUV0YLvIQ= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -145,7 +101,6 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -153,7 +108,6 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -177,7 +131,6 @@ golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -193,15 +146,8 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -231,8 +177,6 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -240,17 +184,3 @@ gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.19.4 h1:I+1I4cgJYuCDgiLNjKx7SLmIbwgj9w7N7Zr5vSIdwpo= -k8s.io/api v0.19.4/go.mod h1:SbtJ2aHCItirzdJ36YslycFNzWADYH3tgOhvBEFtZAk= -k8s.io/apimachinery v0.19.4 h1:+ZoddM7nbzrDCp0T3SWnyxqf8cbWPT2fkZImoyvHUG0= -k8s.io/apimachinery v0.19.4/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= -k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.2.0 h1:XRvcwJozkgZ1UQJmfMGpvRthQHOvihEhYtDfAaxMz/A= -k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= -sigs.k8s.io/structured-merge-diff/v4 v4.0.1 h1:YXTMot5Qz/X1iBRJhAt+vI+HVttY0WkSqqhKxQ0xVbA= -sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/ubuntu-multi-upgrade.sh b/ubuntu-multi-upgrade.sh index 989e62b0..e2fd2393 100755 --- a/ubuntu-multi-upgrade.sh +++ b/ubuntu-multi-upgrade.sh @@ -3,7 +3,7 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.21.0}" +KUBERNETES_VERSION="${1:-v1.23.3}" # upgrade first master node echo "" diff --git a/ubuntu-multi.sh b/ubuntu-multi.sh index a9281f9c..b1b3e700 100755 --- a/ubuntu-multi.sh +++ b/ubuntu-multi.sh @@ -6,7 +6,7 @@ jq --version || (echo "Please install jq command line tool. https://stedolan.git # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.20.6}" +KUBERNETES_VERSION="${1:-v1.22.6}" # install first master node echo "" diff --git a/ubuntu-single-docker-upgrade.sh b/ubuntu-single-docker-upgrade.sh index 64c7bb5f..d1c01164 100755 --- a/ubuntu-single-docker-upgrade.sh +++ b/ubuntu-single-docker-upgrade.sh @@ -3,7 +3,7 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${2:-v1.19.10}" +KUBERNETES_VERSION="${2:-v1.22.6}" UBUNTU_VERSION=${1:-focal} vagrant ssh ubuntu-docker-${UBUNTU_VERSION} -c "sudo /banzaicloud/pke upgrade master --kubernetes-version='$KUBERNETES_VERSION'" diff --git a/ubuntu-single-docker.sh b/ubuntu-single-docker.sh index 674fad35..4fada971 100755 --- a/ubuntu-single-docker.sh +++ b/ubuntu-single-docker.sh @@ -3,7 +3,7 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${2:-v1.19.10}" +KUBERNETES_VERSION="${2:-v1.22.3}" UBUNTU_VERSION=${1:-focal} vagrant up ubuntu-docker-${UBUNTU_VERSION} diff --git a/ubuntu-single-upgrade.sh b/ubuntu-single-upgrade.sh index 66fb308f..286f44ea 100755 --- a/ubuntu-single-upgrade.sh +++ b/ubuntu-single-upgrade.sh @@ -3,6 +3,6 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.20.6}" +KUBERNETES_VERSION="${1:-v1.23.3}" vagrant ssh ubuntu1 -c "sudo /banzaicloud/pke upgrade master --kubernetes-version='$KUBERNETES_VERSION'" diff --git a/ubuntu-single.sh b/ubuntu-single.sh index f78dd182..97e0e6b4 100755 --- a/ubuntu-single.sh +++ b/ubuntu-single.sh @@ -3,7 +3,7 @@ # build latest pke tool GOOS=linux make pke -KUBERNETES_VERSION="${1:-v1.20.6}" +KUBERNETES_VERSION="${1:-v1.22.6}" vagrant up ubuntu1 vagrant ssh ubuntu1 -c "sudo /scripts/pke-single.sh '$KUBERNETES_VERSION' '192.168.64.21:6443'"