From ed3550dce173f4e146de1ad64fe147b76d47c6b6 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Thu, 21 Nov 2019 23:00:25 -0800 Subject: [PATCH] Update systemd services for the v0.17.x hyperkube * Binary asset locations within the upstream hyperkube image changed https://github.com/kubernetes/kubernetes/pull/84662 * Fix Container Linux and Flatcar Linux kubelet.service (rkt-fly with fairly dated CoreOS kubelet-wrapper) * Fix Fedora CoreOS kubelet.service (podman) * Fix Fedora CoreOS bootstrap.service * Fix delete-node kubectl usage for workers where nodes may delete themselves on shutdown (e.g. preemptible instances) --- aws/container-linux/kubernetes/cl/controller.yaml.tmpl | 1 + aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl | 4 +++- aws/fedora-coreos/kubernetes/fcc/controller.yaml | 6 +++--- aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml | 2 +- azure/container-linux/kubernetes/cl/controller.yaml.tmpl | 1 + .../container-linux/kubernetes/workers/cl/worker.yaml.tmpl | 4 +++- .../container-linux/kubernetes/cl/controller.yaml.tmpl | 1 + bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl | 1 + bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml | 6 +++--- bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml | 2 +- .../container-linux/kubernetes/cl/controller.yaml.tmpl | 1 + .../container-linux/kubernetes/cl/worker.yaml.tmpl | 4 +++- .../container-linux/kubernetes/cl/controller.yaml.tmpl | 1 + .../container-linux/kubernetes/workers/cl/worker.yaml.tmpl | 4 +++- 14 files changed, 26 insertions(+), 12 deletions(-) diff --git a/aws/container-linux/kubernetes/cl/controller.yaml.tmpl b/aws/container-linux/kubernetes/cl/controller.yaml.tmpl index 53229485..9240653c 100644 --- a/aws/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/aws/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -137,6 +137,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /opt/bootstrap/layout filesystem: root mode: 0544 diff --git a/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl b/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl index 8e0ee0fb..6a36c8ce 100644 --- a/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/aws/container-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -99,6 +99,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: @@ -119,7 +120,8 @@ storage: docker://k8s.gcr.io/hyperkube:v1.17.0 \ --net=host \ --dns=host \ - --exec=/kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) + -- \ + kubectl --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) passwd: users: - name: core diff --git a/aws/fedora-coreos/kubernetes/fcc/controller.yaml b/aws/fedora-coreos/kubernetes/fcc/controller.yaml index e21f14c1..f19ba8dd 100644 --- a/aws/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/aws/fedora-coreos/kubernetes/fcc/controller.yaml @@ -80,7 +80,7 @@ systemd: --volume /var/run:/var/run \ --volume /var/run/lock:/var/run/lock:z \ --volume /opt/cni/bin:/opt/cni/bin:z \ - k8s.gcr.io/hyperkube:v1.17.0 /hyperkube kubelet \ + k8s.gcr.io/hyperkube:v1.17.0 kubelet \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -122,8 +122,8 @@ systemd: --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ - k8s.gcr.io/hyperkube:v1.17.0 \ - /apply + --entrypoint=/apply \ + k8s.gcr.io/hyperkube:v1.17.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml index fa7505cd..d987c870 100644 --- a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -50,7 +50,7 @@ systemd: --volume /var/run:/var/run \ --volume /var/run/lock:/var/run/lock:z \ --volume /opt/cni/bin:/opt/cni/bin:z \ - k8s.gcr.io/hyperkube:v1.17.0 /hyperkube kubelet \ + k8s.gcr.io/hyperkube:v1.17.0 kubelet \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ diff --git a/azure/container-linux/kubernetes/cl/controller.yaml.tmpl b/azure/container-linux/kubernetes/cl/controller.yaml.tmpl index 8c54985d..80f53cd3 100644 --- a/azure/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/azure/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -135,6 +135,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /opt/bootstrap/layout filesystem: root mode: 0544 diff --git a/azure/container-linux/kubernetes/workers/cl/worker.yaml.tmpl b/azure/container-linux/kubernetes/workers/cl/worker.yaml.tmpl index a1275450..d29ecb36 100644 --- a/azure/container-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/azure/container-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -97,6 +97,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: @@ -117,7 +118,8 @@ storage: docker://k8s.gcr.io/hyperkube:v1.17.0 \ --net=host \ --dns=host \ - --exec=/kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname | tr '[:upper:]' '[:lower:]') + -- \ + kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname | tr '[:upper:]' '[:lower:]') passwd: users: - name: core diff --git a/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl index 8869eb23..ddc943f9 100644 --- a/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -144,6 +144,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /etc/hostname filesystem: root mode: 0644 diff --git a/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl index a7ac5eec..efe18ddc 100644 --- a/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl @@ -92,6 +92,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /etc/hostname filesystem: root mode: 0644 diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml index bec262a4..196d364c 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml @@ -81,7 +81,7 @@ systemd: --volume /opt/cni/bin:/opt/cni/bin:z \ --volume /etc/iscsi:/etc/iscsi \ --volume /sbin/iscsiadm:/sbin/iscsiadm \ - k8s.gcr.io/hyperkube:v1.17.0 /hyperkube kubelet \ + k8s.gcr.io/hyperkube:v1.17.0 kubelet \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -133,8 +133,8 @@ systemd: --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ - k8s.gcr.io/hyperkube:v1.17.0 \ - /apply + --entrypoint=/apply \ + k8s.gcr.io/hyperkube:v1.17.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml index f10ccae4..600be9c4 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml @@ -51,7 +51,7 @@ systemd: --volume /opt/cni/bin:/opt/cni/bin:z \ --volume /etc/iscsi:/etc/iscsi \ --volume /sbin/iscsiadm:/sbin/iscsiadm \ - k8s.gcr.io/hyperkube:v1.17.0 /hyperkube kubelet \ + k8s.gcr.io/hyperkube:v1.17.0 kubelet \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ diff --git a/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl b/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl index bd0f97f1..d51f24fe 100644 --- a/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -141,6 +141,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /opt/bootstrap/layout filesystem: root mode: 0544 diff --git a/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl b/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl index 5891b719..4ae4603e 100644 --- a/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl +++ b/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl @@ -100,6 +100,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: @@ -120,4 +121,5 @@ storage: docker://k8s.gcr.io/hyperkube:v1.17.0 \ --net=host \ --dns=host \ - --exec=/kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) + -- \ + kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) diff --git a/google-cloud/container-linux/kubernetes/cl/controller.yaml.tmpl b/google-cloud/container-linux/kubernetes/cl/controller.yaml.tmpl index 75aa1be6..b2baaa04 100644 --- a/google-cloud/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/google-cloud/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -136,6 +136,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /opt/bootstrap/layout filesystem: root mode: 0544 diff --git a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl index 4186ccd5..4d4bae02 100644 --- a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -98,6 +98,7 @@ storage: inline: | KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube KUBELET_IMAGE_TAG=v1.17.0 + KUBELET_IMAGE_ARGS="--exec=/usr/local/bin/kubelet" - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: @@ -118,7 +119,8 @@ storage: docker://k8s.gcr.io/hyperkube:v1.17.0 \ --net=host \ --dns=host \ - --exec=/kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) + -- \ + kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) passwd: users: - name: core