Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add aws-k8s-1.17 variant with Kubernetes 1.17 #973

Merged
merged 1 commit into from
Jul 8, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
continue-on-error: ${{ matrix.supported }}
strategy:
matrix:
variant: [aws-k8s-1.15, aws-k8s-1.16]
variant: [aws-k8s-1.15, aws-k8s-1.16, aws-k8s-1.17]
arch: [x86_64, aarch64]
supported: [true]
include:
Expand Down
7 changes: 7 additions & 0 deletions packages/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions packages/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ members = [
"kmod",
"kubernetes-1.15",
"kubernetes-1.16",
"kubernetes-1.17",
"libacl",
"libattr",
"libaudit",
Expand Down
1 change: 1 addition & 0 deletions packages/kubernetes-1.17/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/*.patch.bz2
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
From 43460991812f41748d2ebbb846e3d956b40b26ae Mon Sep 17 00:00:00 2001
From: Ben Cressey <[email protected]>
Date: Sat, 18 May 2019 16:57:12 +0000
Subject: [PATCH 1/4] always set relevant variables for cross compiling

Signed-off-by: Ben Cressey <[email protected]>
---
hack/lib/golang.sh | 52 ++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index e9c3b066..14c15994 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -394,29 +394,37 @@ kube::golang::set_platform_envs() {
export GOOS=${platform%/*}
export GOARCH=${platform##*/}

- # Do not set CC when building natively on a platform, only if cross-compiling from linux/amd64
- if [[ $(kube::golang::host_platform) == "linux/amd64" ]]; then
- # Dynamic CGO linking for other server architectures than linux/amd64 goes here
- # If you want to include support for more server platforms than these, add arch-specific gcc names here
- case "${platform}" in
- "linux/arm")
- export CGO_ENABLED=1
- export CC=arm-linux-gnueabihf-gcc
- ;;
- "linux/arm64")
- export CGO_ENABLED=1
- export CC=aarch64-linux-gnu-gcc
- ;;
- "linux/ppc64le")
- export CGO_ENABLED=1
- export CC=powerpc64le-linux-gnu-gcc
- ;;
- "linux/s390x")
- export CGO_ENABLED=1
- export CC=s390x-linux-gnu-gcc
- ;;
- esac
+ # Apply standard values for CGO_ENABLED and CC unless KUBE_BUILD_PLATFORMS is set.
+ if [ -z "${KUBE_BUILD_PLATFORMS}" ] ; then
+ export CGO_ENABLED=0
+ export CC=gcc
+ return
fi
+
+ # Dynamic CGO linking for other server architectures goes here
+ # If you want to include support for more server platforms than these, add arch-specific gcc names here
+ case "${platform}" in
+ "linux/amd64")
+ export CGO_ENABLED=1
+ export CC=x86_64-bottlerocket-linux-gnu-gcc
+ ;;
+ "linux/arm")
+ export CGO_ENABLED=1
+ export CC=arm-bottlerocket-linux-gnueabihf-gcc
+ ;;
+ "linux/arm64")
+ export CGO_ENABLED=1
+ export CC=aarch64-bottlerocket-linux-gnu-gcc
+ ;;
+ "linux/ppc64le")
+ export CGO_ENABLED=1
+ export CC=powerpc64le-bottlerocket-linux-gnu-gcc
+ ;;
+ "linux/s390x")
+ export CGO_ENABLED=1
+ export CC=s390x-bottlerocket-linux-gnu-gcc
+ ;;
+ esac
}

kube::golang::unset_platform_envs() {
--
2.21.0

26 changes: 26 additions & 0 deletions packages/kubernetes-1.17/0002-do-not-omit-debug-info.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
From 8a067b93f1d6dabf4fe0c0c9c94dbad6f078e10b Mon Sep 17 00:00:00 2001
From: Ben Cressey <[email protected]>
Date: Fri, 20 Sep 2019 00:33:47 +0000
Subject: [PATCH 2/4] do not omit debug info

Signed-off-by: Ben Cressey <[email protected]>
---
hack/lib/golang.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index 14c15994..1547bad5 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -790,7 +790,7 @@ kube::golang::build_binaries() {
# Disable SC2153 for this, as it will throw a warning that the local
# variable goldflags will exist, and it suggest changing it to this.
# shellcheck disable=SC2153
- goldflags="${GOLDFLAGS=-s -w} $(kube::version::ldflags)"
+ goldflags="${GOLDFLAGS:-} $(kube::version::ldflags)"
goasmflags="-trimpath=${KUBE_ROOT}"
gogcflags="${GOGCFLAGS:-} -trimpath=${KUBE_ROOT}"

--
2.21.0

Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
From 33cb415ae50c5fb48d37842247261b466093d1ae Mon Sep 17 00:00:00 2001
From: Ben Cressey <[email protected]>
Date: Tue, 5 Nov 2019 14:23:38 +0000
Subject: [PATCH 3/4] enable PIE for platform binaries

Signed-off-by: Ben Cressey <[email protected]>
---
hack/lib/golang.sh | 1 +
1 file changed, 1 insertion(+)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index 1547bad5..f07418a0 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -715,6 +715,7 @@ kube::golang::build_binaries_for_platform() {

if [[ "${#nonstatics[@]}" != 0 ]]; then
build_args=(
+ -buildmode pie
${goflags:+"${goflags[@]}"}
-gcflags "${gogcflags:-}"
-asmflags "${goasmflags:-}"
--
2.21.0

Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
From 03c21553cbd554761302f49f4e3e5c1d78a209cc Mon Sep 17 00:00:00 2001
From: Ben Cressey <[email protected]>
Date: Tue, 17 Mar 2020 20:14:31 +0000
Subject: [PATCH 4/4] override SELinux label for kubelet plugins

Signed-off-by: Ben Cressey <[email protected]>
---
pkg/kubelet/config/defaults.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/kubelet/config/defaults.go b/pkg/kubelet/config/defaults.go
index 6c1e4ebf..1bce6b86 100644
--- a/pkg/kubelet/config/defaults.go
+++ b/pkg/kubelet/config/defaults.go
@@ -26,5 +26,5 @@ const (
DefaultKubeletContainersDirName = "containers"
DefaultKubeletPluginContainersDirName = "plugin-containers"
DefaultKubeletPodResourcesDirName = "pod-resources"
- KubeletPluginsDirSELinuxLabel = "system_u:object_r:container_file_t:s0"
+ KubeletPluginsDirSELinuxLabel = "system_u:object_r:local_t:s0"
)
--
2.21.0

29 changes: 29 additions & 0 deletions packages/kubernetes-1.17/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[package]
# "." is not allowed in crate names, but we want a friendlier name for the
# directory and spec file, so we override it below.
name = "kubernetes-1_17"
version = "0.1.0"
edition = "2018"
publish = false
build = "build.rs"

[package.metadata.build-package]
package-name = "kubernetes-1.17"

[lib]
path = "pkg.rs"

[[package.metadata.build-package.external-files]]
url = "https://github.com/kubernetes/kubernetes/archive/v1.17.8/kubernetes-1.17.8.tar.gz"
sha512 = "0bf42da5162d91afe7be4cc9e2ca989e22d768b82b0e7b9d2ddc6bac9583fa73f22f4b755fd9cdd215d4c5023b5a349efc3f3b1a944048a329ba657b05b95f0b"

# This is a large patch, so we don't want to check it into the repo. It's like
# https://github.com/kubernetes/kubernetes/commit/a94346bef9806a135ebcfda03672966c336c1c17
# but applies to 1.17.8 without further context changes.
[[package.metadata.build-package.external-files]]
path = "aws-sdk-go-1.28.2_k8s-1.17.8.patch.bz2"
url = "file:///aws-sdk-go-1.28.2_k8s-1.17.8.patch.bz2"
sha512 = "bb98ec01b9e0aa843b8a33bf753277ff323f88061a00bc18404a488231fc6cc39208ad43b9c39338bb0a4f1e1b2751d6a2e71f86240d8694bf711a6a531f74d1"

[build-dependencies]
glibc = { path = "../glibc" }
9 changes: 9 additions & 0 deletions packages/kubernetes-1.17/build.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
use std::process::{exit, Command};

fn main() -> Result<(), std::io::Error> {
let ret = Command::new("buildsys").arg("build-package").status()?;
if !ret.success() {
exit(1);
}
Ok(())
}
55 changes: 55 additions & 0 deletions packages/kubernetes-1.17/clarify.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
[clarify."github.com/JeffAshton/win_pdh"]
expression = "BSD-3-Clause"
license-files = [
{ path = "LICENSE", hash = 0xb221dcc9 },
]

[clarify."github.com/daviddengcn/go-colortext"]
expression = "BSD-3-Clause AND MIT"
license-files = [
{ path = "LICENSE", hash = 0x9769fae1 },
]

[clarify."github.com/ghodss/yaml"]
expression = "MIT AND BSD-3-Clause"
license-files = [
{ path = "LICENSE", hash = 0xcdf3ae00 },
]

[clarify."github.com/heketi/heketi"]
# kubernetes only uses code that is under LGPLv3+/Apache 2.0, not the code that is GPLv2+/LGPLv3+
expression = "LGPL-3.0-or-later OR Apache-2.0"
license-files = [
{ path = "LICENSE", hash = 0x3c4b96d1 },
{ path = "LICENSE-APACHE2", hash = 0x438c8616 },
{ path = "COPYING-LGPLV3", hash = 0xf0bccb3a },
]
skip-files = [ "COPYING-GPLV2" ]

[clarify."github.com/go-bindata/go-bindata"]
expression = "CC0-1.0"
license-files = [
{ path = "LICENSE", hash = 0x393fafd6 },
]

[clarify."github.com/miekg/dns"]
expression = "BSD-3-Clause"
license-files = [
{ path = "COPYRIGHT", hash = 0xe41dd36c },
{ path = "LICENSE", hash = 0xbd510d7b },
]

[clarify."sigs.k8s.io/yaml"]
expression = "MIT AND BSD-3-Clause"
license-files = [
{ path = "LICENSE", hash = 0xcdf3ae00 },
]

[clarify."honnef.co/go/tools"]
expression = "MIT AND BSD-3-Clause AND Apache-2.0"
license-files = [
{ path = "LICENSE", hash = 0xad378ed2 },
{ path = "LICENSE-THIRD-PARTY", hash = 0x546425eb },
{ path = "lint/LICENSE", hash = 0xc6b58232 },
{ path = "ssa/LICENSE", hash = 0xe656fb62 },
]
34 changes: 34 additions & 0 deletions packages/kubernetes-1.17/kubelet-config
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: "/etc/kubernetes/pki/ca.crt"
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
clusterDomain: cluster.local
clusterDNS:
- {{settings.kubernetes.cluster-dns-ip}}
resolvConf: "/etc/resolv.conf"
hairpinMode: hairpin-veth
cgroupDriver: systemd
cgroupRoot: "/"
runtimeRequestTimeout: 15m
featureGates:
RotateKubeletServerCertificate: true
CSIMigration: false
serializeImagePulls: false
serverTLSBootstrap: true
configMapAndSecretChangeDetectionStrategy: Cache
tlsCipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
MaxPods: {{default 110 settings.kubernetes.max-pods}}
4 changes: 4 additions & 0 deletions packages/kubernetes-1.17/kubelet-env
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
NODE_IP={{settings.kubernetes.node-ip}}
NODE_LABELS={{join_map "=" "," "no-fail-if-missing" settings.kubernetes.node-labels}}
NODE_TAINTS={{join_map "=" "," "no-fail-if-missing" settings.kubernetes.node-taints}}
POD_INFRA_CONTAINER_IMAGE={{settings.kubernetes.pod-infra-container-image}}
24 changes: 24 additions & 0 deletions packages/kubernetes-1.17/kubelet-kubeconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: "/etc/kubernetes/pki/ca.crt"
server: "{{settings.kubernetes.api-server}}"
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubelet
name: kubelet
current-context: kubelet
users:
- name: kubelet
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: "/usr/bin/aws-iam-authenticator"
args:
- token
- "-i"
- "{{settings.kubernetes.cluster-name}}"
43 changes: 43 additions & 0 deletions packages/kubernetes-1.17/kubelet.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
[Unit]
Description=Kubelet
Documentation=https://github.com/kubernetes/kubernetes
After=containerd.service configured.target
Wants=configured.target
BindsTo=containerd.service

[Service]
Type=notify
EnvironmentFile=/etc/kubernetes/kubelet/env
ExecStartPre=/sbin/iptables -P FORWARD ACCEPT
# Pull the pause container image before starting `kubelet` so `containerd/cri` wouldn't have to
ExecStartPre=/usr/bin/host-ctr -source ${POD_INFRA_CONTAINER_IMAGE} \
-pull-image-only \
-containerd-socket /run/dockershim.sock \
-namespace k8s.io
ExecStart=/usr/bin/kubelet \
--cloud-provider aws \
--config /etc/kubernetes/kubelet/config \
--kubeconfig /etc/kubernetes/kubelet/kubeconfig \
--container-runtime=remote \
--container-runtime-endpoint=unix:///run/dockershim.sock \
--containerd=/run/dockershim.sock \
--network-plugin cni \
--root-dir /var/lib/kubelet \
--cert-dir /var/lib/kubelet/pki \
--volume-plugin-dir /var/lib/kubelet/plugins/volume/exec \
--node-ip ${NODE_IP} \
--node-labels "${NODE_LABELS}" \
--register-with-taints "${NODE_TAINTS}" \
--pod-infra-container-image ${POD_INFRA_CONTAINER_IMAGE}

Restart=on-failure
RestartForceExitStatus=SIGPIPE
RestartSec=5
Delegate=yes
KillMode=process
CPUAccounting=true
MemoryAccounting=true

[Install]
WantedBy=multi-user.target
RequiredBy=mark-successful-boot.service
Loading