diff --git a/Dockerfile.machine-config-operator b/Dockerfile.machine-config-operator index 094c173e75..401e117a6b 100644 --- a/Dockerfile.machine-config-operator +++ b/Dockerfile.machine-config-operator @@ -6,5 +6,6 @@ RUN WHAT=machine-config-operator ./hack/build-go.sh FROM scratch COPY --from=build-env /go/src/github.com/openshift/machine-config-operator/_output/linux/amd64/machine-config-operator /bin/machine-config-operator +COPY install /manifests ENTRYPOINT ["/bin/machine-config-operator"] diff --git a/cmd/machine-config-controller/bootstrap.go b/cmd/machine-config-controller/bootstrap.go index bc5dcb2309..315bb7d378 100644 --- a/cmd/machine-config-controller/bootstrap.go +++ b/cmd/machine-config-controller/bootstrap.go @@ -12,7 +12,7 @@ import ( var ( bootstrapCmd = &cobra.Command{ - Use: "boostrap", + Use: "bootstrap", Short: "Starts Machine Config Controller in bootstrap mode", Long: "", Run: runbootstrapCmd, @@ -27,7 +27,7 @@ var ( func init() { rootCmd.AddCommand(bootstrapCmd) bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.destinationDir, "dest-dir", "", "The destination dir where MCC writes the generated machineconfigs and machineconfigpools.") - bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.manifestsDir, "mainfest-dir", "", "The dir where MCC reads the controllerconfig, machineconfigpools and user-defined machineconfigs.") + bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.manifestsDir, "manifest-dir", "", "The dir where MCC reads the controllerconfig, machineconfigpools and user-defined machineconfigs.") } diff --git a/install/.gitkeep b/install/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/install/00_namespace.yaml b/install/00_namespace.yaml new file mode 100644 index 0000000000..83c8515e59 --- /dev/null +++ b/install/00_namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-machine-config-operator + labels: + name: openshift-machine-config-operator + openshift.io/run-level: "1" diff --git a/install/mcoconfig.crd.yaml b/install/01_mcoconfig.crd.yaml similarity index 100% rename from install/mcoconfig.crd.yaml rename to install/01_mcoconfig.crd.yaml diff --git a/install/mco.images.yaml b/install/02_images.configmap.yaml similarity index 100% rename from install/mco.images.yaml rename to install/02_images.configmap.yaml diff --git a/install/03_rbac.yaml b/install/03_rbac.yaml new file mode 100644 index 0000000000..cd69091915 --- /dev/null +++ b/install/03_rbac.yaml @@ -0,0 +1,13 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: default-account-openshift-machine-config-operator +subjects: +- kind: ServiceAccount + name: default + namespace: openshift-machine-config-operator +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/install/04_deployment.yaml b/install/04_deployment.yaml new file mode 100644 index 0000000000..10343fe915 --- /dev/null +++ b/install/04_deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: machine-config-operator + namespace: openshift-machine-config-operator + labels: + k8s-app: machine-config-operator +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: machine-config-operator + template: + metadata: + labels: + k8s-app: machine-config-operator + spec: + containers: + - name: machine-config-operator + image: ${machine_config_operator_image} + args: + - "start" + - "--images-json=/etc/mco/images/images.json" + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 20m + memory: 50Mi + volumeMounts: + - name: root-ca + mountPath: /etc/ssl/kubernetes/ca.crt + - name: etcd-ca + mountPath: /etc/ssl/etcd/ca.crt + - name: images + mountPath: /etc/mco/images + nodeSelector: + node-role.kubernetes.io/master: "" + restartPolicy: Always + securityContext: + runAsNonRoot: true + runAsUser: 65534 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + volumes: + - name: images + configMap: + name: machine-config-operator-images + - name: etcd-ca + hostPath: + path: /etc/ssl/etcd/ca.crt + - name: root-ca + hostPath: + path: /etc/kubernetes/ca.crt diff --git a/manifests/bootstrap-pod.yaml b/manifests/bootstrap-pod.yaml new file mode 100644 index 0000000000..ac99993b14 --- /dev/null +++ b/manifests/bootstrap-pod.yaml @@ -0,0 +1,65 @@ +apiVersion: v1 +kind: Pod +metadata: + name: bootstrap-machine-config-operator + namespace: {{.TargetNamespace}} +spec: + initContainers: + - name: machine-config-controller + image: {{.Images.MachineConfigController}} + args: + - "bootstrap" + - "--manifest-dir=/etc/mcc/bootstrap/manifests" + - "--dest-dir=/etc/mcc/bootstrap/server" + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 20m + memory: 50Mi + securityContext: + privileged: true + volumeMounts: + - name: bootstrap-manifests + mountPath: /etc/mcc/bootstrap/manifests + - name: server-basedir + mountPath: /etc/mcc/bootstrap/server + containers: + - name: machine-config-server + image: {{.Images.MachineConfigServer}} + args: + - "bootstrap" + volumeMounts: + - name: certs + mountPath: /etc/ssl/mcs + - name: etc-kubernetes + mountPath: /etc/kubernetes/kubeconfig + - name: server-basedir + mountPath: /etc/mcs/bootstrap + - name: etcd-certs + mountPath: /etc/ssl/etcd + securityContext: + privileged: true + hostNetwork: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + restartPolicy: Always + volumes: + - name: certs + hostPath: + path: /etc/ssl/mcs + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes/kubeconfig + - name: server-basedir + hostPath: + path: /etc/mcs/bootstrap + - name: etcd-certs + hostPath: + path: /etc/ssl/etcd + - name: bootstrap-manifests + hostPath: + path: /etc/mcc/bootstrap/manifests diff --git a/manifests/etcd.machineconfigpool.yaml b/manifests/etcd.machineconfigpool.yaml deleted file mode 100644 index 108f667d35..0000000000 --- a/manifests/etcd.machineconfigpool.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfigPool -metadata: - name: etcd -spec: - machineConfigSelector: - matchLabels: - "machineconfiguration.openshift.io/role": "etcd" - machineSelector: - matchLabels: - node-role.kubernetes.io/etcd: "" \ No newline at end of file diff --git a/manifests/machineconfigcontroller/bootstrap-pod.yaml b/manifests/machineconfigcontroller/bootstrap-pod.yaml deleted file mode 100644 index 13eaed1823..0000000000 --- a/manifests/machineconfigcontroller/bootstrap-pod.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: bootstrap-machine-config-controller -spec: - containers: - - name: machine-config-controller - image: {{.Images.MachineConfigController}} - args: - - "bootstrap" - - "--manifest-dir=/etc/mcc/bootstrap/manifests" - - "--dest-dir=/etc/mcc/bootstrap/server" - resources: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 20m - memory: 50Mi - securityContext: - privileged: true - volumeMounts: - - name: bootstrap-manifests - mountPath: /etc/mcc/bootstrap/manifests - - name: bootstrap-server - mountPath: /etc/mcc/bootstrap/server - restartPolicy: OnFailure - hostNetwork: true - volumes: - - name: bootstrap-manifests - hostPath: - path: /etc/mcc/bootstrap/manifests - - name: bootstrap-server - hostPath: - path: /etc/mcs/bootstrap diff --git a/manifests/machineconfigdaemon/daemonset.yaml b/manifests/machineconfigdaemon/daemonset.yaml index cf0ac57a2d..ad91722d6f 100644 --- a/manifests/machineconfigdaemon/daemonset.yaml +++ b/manifests/machineconfigdaemon/daemonset.yaml @@ -14,28 +14,30 @@ spec: k8s-app: machine-config-daemon spec: containers: - - name: machine-config-daemon - image: {{.Images.MachineConfigDaemon}} - args: - - "start" - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /var/run/dbus - name: var-run-dbus - - mountPath: /run/systemd - name: run-systemd - - mountPath: /etc/ssl/certs - name: etc-ssl-certs - readOnly: true - - mountPath: /etc/machine-config-daemon - name: etc-mcd - readOnly: true - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName + - name: machine-config-daemon + image: {{.Images.MachineConfigDaemon}} + args: + - "start" + securityContext: + privileged: true + volumeMounts: + - mountPath: /rootfs + name: rootfs + - mountPath: /var/run/dbus + name: var-run-dbus + - mountPath: /run/systemd + name: run-systemd + - mountPath: /etc/ssl/certs + name: etc-ssl-certs + readOnly: true + - mountPath: /etc/machine-config-daemon + name: etc-mcd + readOnly: true + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName serviceAccountName: machine-config-daemon tolerations: - key: node-role.kubernetes.io/master diff --git a/manifests/machineconfigserver/bootstrap-pod.yaml b/manifests/machineconfigserver/bootstrap-pod.yaml deleted file mode 100644 index 7f07dcaeca..0000000000 --- a/manifests/machineconfigserver/bootstrap-pod.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: bootstrap-machine-config-server - namespace: {{.TargetNamespace}} -spec: - containers: - - name: machine-config-server - image: {{.Images.MachineConfigServer}} - args: - - "bootstrap" - volumeMounts: - - name: certs - mountPath: /etc/ssl/mcs - - name: etc-kubernetes - mountPath: /etc/kubernetes/kubeconfig - - name: server-basedir - mountPath: /etc/mcs/boostrap - - name: etcd-certs - mountPath: /etc/ssl/etcd - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - restartPolicy: Always - volumes: - - name: certs - hostPath: - path: /etc/ssl/mcs - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes/kubeconfig - - name: server-basedir - hostPath: - path: /etc/mcs/boostrap - - name: etcd-certs - hostPath: - path: /etc/ssl/etcd diff --git a/manifests/machineconfigserver/clusterrole.yaml b/manifests/machineconfigserver/clusterrole.yaml index 30dd43b628..a5bf7e869f 100644 --- a/manifests/machineconfigserver/clusterrole.yaml +++ b/manifests/machineconfigserver/clusterrole.yaml @@ -5,5 +5,5 @@ metadata: namespace: {{.TargetNamespace}} rules: - apiGroups: ["machineconfiguration.openshift.io"] - resources: ["machineconfigs"] + resources: ["machineconfigs", "machineconfigpools"] verbs: ["*"] diff --git a/manifests/machineconfigserver/daemonset.yaml b/manifests/machineconfigserver/daemonset.yaml index 206bb52af4..ea3aba60ea 100644 --- a/manifests/machineconfigserver/daemonset.yaml +++ b/manifests/machineconfigserver/daemonset.yaml @@ -14,16 +14,16 @@ spec: k8s-app: machine-config-server spec: containers: - - name: machine-config-server - image: {{.Images.MachineConfigServer}} - args: - - "start" - - "--apiserver-url=https://{{.ControllerConfig.ClusterName}}-api.{{.ControllerConfig.BaseDomain}}:6443" - volumeMounts: - - name: certs - mountPath: /etc/ssl/mcs - - name: node-bootstrap-token - mountPath: /etc/mcs/bootstrap-token + - name: machine-config-server + image: {{.Images.MachineConfigServer}} + args: + - "start" + - "--apiserver-url=https://{{.ControllerConfig.ClusterName}}-api.{{.ControllerConfig.BaseDomain}}:6443" + volumeMounts: + - name: certs + mountPath: /etc/ssl/mcs + - name: node-bootstrap-token + mountPath: /etc/mcs/bootstrap-token hostNetwork: true nodeSelector: node-role.kubernetes.io/master: "" diff --git a/manifests/machineconfigserver/node-bootstrapper-token.yaml b/manifests/machineconfigserver/node-bootstrapper-token.yaml index ee981ab43a..3dd5c99c55 100644 --- a/manifests/machineconfigserver/node-bootstrapper-token.yaml +++ b/manifests/machineconfigserver/node-bootstrapper-token.yaml @@ -5,4 +5,4 @@ metadata: kubernetes.io/service-account.name: node-bootstrapper name: node-bootstrapper-token namespace: {{.TargetNamespace}} - type: kubernetes.io/service-account-token +type: kubernetes.io/service-account-token diff --git a/pkg/controller/bootstrap/bootstrap.go b/pkg/controller/bootstrap/bootstrap.go index 218e551a85..747bdbb6c7 100644 --- a/pkg/controller/bootstrap/bootstrap.go +++ b/pkg/controller/bootstrap/bootstrap.go @@ -73,6 +73,9 @@ func (b *Bootstrap) Run(destDir string) error { } } + if cconfig == nil { + return fmt.Errorf("error: no controllerconfig found in dir: %q", destDir) + } iconfigs, err := template.RunBootstrap(b.templatesDir, cconfig) if err != nil { return err @@ -100,7 +103,7 @@ func (b *Bootstrap) Run(destDir string) error { } configdir := filepath.Join(destDir, "machine-configs") - if err := os.MkdirAll(poolsdir, 0664); err != nil { + if err := os.MkdirAll(configdir, 0664); err != nil { return err } for _, c := range gconfigs { diff --git a/pkg/controller/template/test_data/templates/aws/master/files/-etc-coreos-update.conf b/pkg/controller/template/test_data/templates/aws/master/files/-etc-coreos-update.conf deleted file mode 100644 index 2a17718d73..0000000000 --- a/pkg/controller/template/test_data/templates/aws/master/files/-etc-coreos-update.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,GROUP%3Dstable%0ASERVER%3Dhttp%3A%2F%2Flocalhost%3A32003%2Fv1%2Fupdate%0A - verification: {} -filesystem: root -mode: 420 -path: /etc/coreos/update.conf diff --git a/pkg/controller/template/test_data/templates/aws/master/files/-etc-sysctl.d-10-max-user-watches.conf b/pkg/controller/template/test_data/templates/aws/master/files/-etc-sysctl.d-10-max-user-watches.conf deleted file mode 100644 index 325252da24..0000000000 --- a/pkg/controller/template/test_data/templates/aws/master/files/-etc-sysctl.d-10-max-user-watches.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,fs.inotify.max_user_watches%3D16184 - verification: {} -filesystem: root -mode: 420 -path: /etc/sysctl.d/10-max-user-watches.conf diff --git a/pkg/controller/template/test_data/templates/aws/master/units/docker.service b/pkg/controller/template/test_data/templates/aws/master/units/docker.service deleted file mode 100644 index 74fb8cdad7..0000000000 --- a/pkg/controller/template/test_data/templates/aws/master/units/docker.service +++ /dev/null @@ -1,7 +0,0 @@ -dropins: -- contents: | - [Service] - Environment="DOCKER_OPTS=--log-opt max-size=50m --log-opt max-file=3 - name: 10-dockeropts.conf -enabled: true -name: docker.service diff --git a/pkg/controller/template/test_data/templates/aws/master/units/kubelet-workaround.service b/pkg/controller/template/test_data/templates/aws/master/units/kubelet-workaround.service deleted file mode 100644 index 295ff0ec28..0000000000 --- a/pkg/controller/template/test_data/templates/aws/master/units/kubelet-workaround.service +++ /dev/null @@ -1,12 +0,0 @@ -contents: | - [Service] - ExecStart=/usr/bin/env bash -c \ - " \ - if grep rhcos /etc/os-release > /dev/null; \ - then \ - echo CGROUP_DRIVER_FLAG=--cgroup-driver=systemd > /etc/kubernetes/kubelet-workaround; \ - mount -o remount,rw /sys/fs/cgroup; \ - ln --symbolic /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuacct,cpu; \ - fi \ - " -name: kubelet-workaround.service diff --git a/pkg/controller/template/test_data/templates/aws/master/units/kubelet.service b/pkg/controller/template/test_data/templates/aws/master/units/kubelet.service index 7724d815a0..9d37d800c1 100644 --- a/pkg/controller/template/test_data/templates/aws/master/units/kubelet.service +++ b/pkg/controller/template/test_data/templates/aws/master/units/kubelet.service @@ -2,10 +2,9 @@ contents: | [Unit] Description=Kubernetes Kubelet Wants=rpc-statd.service - Requires=docker.service kubelet-workaround.service - After=docker.service kubelet-workaround.service [Service] + ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests EnvironmentFile=-/etc/kubernetes/kubelet-workaround ExecStart=/usr/bin/hyperkube \ @@ -29,7 +28,7 @@ contents: | \ --anonymous-auth=false \ --register-with-taints=node-role.kubernetes.io/master=:NoSchedule \ - $CGROUP_DRIVER_FLAG \ + --cgroup-driver=systemd \ Restart=always RestartSec=10 diff --git a/pkg/controller/template/test_data/templates/aws/master/units/locksmith.service b/pkg/controller/template/test_data/templates/aws/master/units/locksmith.service deleted file mode 100644 index ac6309a7e2..0000000000 --- a/pkg/controller/template/test_data/templates/aws/master/units/locksmith.service +++ /dev/null @@ -1,2 +0,0 @@ -mask: true -name: locksmith.service diff --git a/pkg/controller/template/test_data/templates/aws/worker/files/-etc-coreos-update.conf b/pkg/controller/template/test_data/templates/aws/worker/files/-etc-coreos-update.conf deleted file mode 100644 index 2a17718d73..0000000000 --- a/pkg/controller/template/test_data/templates/aws/worker/files/-etc-coreos-update.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,GROUP%3Dstable%0ASERVER%3Dhttp%3A%2F%2Flocalhost%3A32003%2Fv1%2Fupdate%0A - verification: {} -filesystem: root -mode: 420 -path: /etc/coreos/update.conf diff --git a/pkg/controller/template/test_data/templates/aws/worker/files/-etc-sysctl.d-10-max-user-watches.conf b/pkg/controller/template/test_data/templates/aws/worker/files/-etc-sysctl.d-10-max-user-watches.conf deleted file mode 100644 index 325252da24..0000000000 --- a/pkg/controller/template/test_data/templates/aws/worker/files/-etc-sysctl.d-10-max-user-watches.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,fs.inotify.max_user_watches%3D16184 - verification: {} -filesystem: root -mode: 420 -path: /etc/sysctl.d/10-max-user-watches.conf diff --git a/pkg/controller/template/test_data/templates/aws/worker/units/docker.service b/pkg/controller/template/test_data/templates/aws/worker/units/docker.service deleted file mode 100644 index 74fb8cdad7..0000000000 --- a/pkg/controller/template/test_data/templates/aws/worker/units/docker.service +++ /dev/null @@ -1,7 +0,0 @@ -dropins: -- contents: | - [Service] - Environment="DOCKER_OPTS=--log-opt max-size=50m --log-opt max-file=3 - name: 10-dockeropts.conf -enabled: true -name: docker.service diff --git a/pkg/controller/template/test_data/templates/aws/worker/units/kubelet-workaround.service b/pkg/controller/template/test_data/templates/aws/worker/units/kubelet-workaround.service deleted file mode 100644 index 295ff0ec28..0000000000 --- a/pkg/controller/template/test_data/templates/aws/worker/units/kubelet-workaround.service +++ /dev/null @@ -1,12 +0,0 @@ -contents: | - [Service] - ExecStart=/usr/bin/env bash -c \ - " \ - if grep rhcos /etc/os-release > /dev/null; \ - then \ - echo CGROUP_DRIVER_FLAG=--cgroup-driver=systemd > /etc/kubernetes/kubelet-workaround; \ - mount -o remount,rw /sys/fs/cgroup; \ - ln --symbolic /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuacct,cpu; \ - fi \ - " -name: kubelet-workaround.service diff --git a/pkg/controller/template/test_data/templates/aws/worker/units/kubelet.service b/pkg/controller/template/test_data/templates/aws/worker/units/kubelet.service index 563cf80b6d..d15147e225 100644 --- a/pkg/controller/template/test_data/templates/aws/worker/units/kubelet.service +++ b/pkg/controller/template/test_data/templates/aws/worker/units/kubelet.service @@ -2,10 +2,9 @@ contents: | [Unit] Description=Kubernetes Kubelet Wants=rpc-statd.service - Requires=docker.service kubelet-workaround.service - After=docker.service kubelet-workaround.service [Service] + ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests EnvironmentFile=-/etc/kubernetes/kubelet-workaround ExecStart=/usr/bin/hyperkube \ @@ -28,7 +27,7 @@ contents: | --cloud-provider=aws \ \ --anonymous-auth=false \ - $CGROUP_DRIVER_FLAG \ + --cgroup-driver=systemd \ Restart=always RestartSec=10 diff --git a/pkg/controller/template/test_data/templates/aws/worker/units/locksmith.service b/pkg/controller/template/test_data/templates/aws/worker/units/locksmith.service deleted file mode 100644 index ac6309a7e2..0000000000 --- a/pkg/controller/template/test_data/templates/aws/worker/units/locksmith.service +++ /dev/null @@ -1,2 +0,0 @@ -mask: true -name: locksmith.service diff --git a/pkg/controller/template/test_data/templates/libvirt/master/files/-etc-coreos-update.conf b/pkg/controller/template/test_data/templates/libvirt/master/files/-etc-coreos-update.conf deleted file mode 100644 index 2a17718d73..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/master/files/-etc-coreos-update.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,GROUP%3Dstable%0ASERVER%3Dhttp%3A%2F%2Flocalhost%3A32003%2Fv1%2Fupdate%0A - verification: {} -filesystem: root -mode: 420 -path: /etc/coreos/update.conf diff --git a/pkg/controller/template/test_data/templates/libvirt/master/files/-etc-sysctl.d-10-max-user-watches.conf b/pkg/controller/template/test_data/templates/libvirt/master/files/-etc-sysctl.d-10-max-user-watches.conf deleted file mode 100644 index 325252da24..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/master/files/-etc-sysctl.d-10-max-user-watches.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,fs.inotify.max_user_watches%3D16184 - verification: {} -filesystem: root -mode: 420 -path: /etc/sysctl.d/10-max-user-watches.conf diff --git a/pkg/controller/template/test_data/templates/libvirt/master/units/docker.service b/pkg/controller/template/test_data/templates/libvirt/master/units/docker.service deleted file mode 100644 index 74fb8cdad7..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/master/units/docker.service +++ /dev/null @@ -1,7 +0,0 @@ -dropins: -- contents: | - [Service] - Environment="DOCKER_OPTS=--log-opt max-size=50m --log-opt max-file=3 - name: 10-dockeropts.conf -enabled: true -name: docker.service diff --git a/pkg/controller/template/test_data/templates/libvirt/master/units/kubelet-workaround.service b/pkg/controller/template/test_data/templates/libvirt/master/units/kubelet-workaround.service deleted file mode 100644 index 295ff0ec28..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/master/units/kubelet-workaround.service +++ /dev/null @@ -1,12 +0,0 @@ -contents: | - [Service] - ExecStart=/usr/bin/env bash -c \ - " \ - if grep rhcos /etc/os-release > /dev/null; \ - then \ - echo CGROUP_DRIVER_FLAG=--cgroup-driver=systemd > /etc/kubernetes/kubelet-workaround; \ - mount -o remount,rw /sys/fs/cgroup; \ - ln --symbolic /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuacct,cpu; \ - fi \ - " -name: kubelet-workaround.service diff --git a/pkg/controller/template/test_data/templates/libvirt/master/units/kubelet.service b/pkg/controller/template/test_data/templates/libvirt/master/units/kubelet.service index c2e997e89f..06b106f3f9 100644 --- a/pkg/controller/template/test_data/templates/libvirt/master/units/kubelet.service +++ b/pkg/controller/template/test_data/templates/libvirt/master/units/kubelet.service @@ -2,10 +2,9 @@ contents: | [Unit] Description=Kubernetes Kubelet Wants=rpc-statd.service - Requires=docker.service kubelet-workaround.service - After=docker.service kubelet-workaround.service [Service] + ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests EnvironmentFile=-/etc/kubernetes/kubelet-workaround ExecStart=/usr/bin/hyperkube \ @@ -29,7 +28,7 @@ contents: | \ --anonymous-auth=false \ --register-with-taints=node-role.kubernetes.io/master=:NoSchedule \ - $CGROUP_DRIVER_FLAG \ + --cgroup-driver=systemd \ Restart=always RestartSec=10 diff --git a/pkg/controller/template/test_data/templates/libvirt/master/units/locksmith.service b/pkg/controller/template/test_data/templates/libvirt/master/units/locksmith.service deleted file mode 100644 index ac6309a7e2..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/master/units/locksmith.service +++ /dev/null @@ -1,2 +0,0 @@ -mask: true -name: locksmith.service diff --git a/pkg/controller/template/test_data/templates/libvirt/worker/files/-etc-coreos-update.conf b/pkg/controller/template/test_data/templates/libvirt/worker/files/-etc-coreos-update.conf deleted file mode 100644 index 2a17718d73..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/worker/files/-etc-coreos-update.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,GROUP%3Dstable%0ASERVER%3Dhttp%3A%2F%2Flocalhost%3A32003%2Fv1%2Fupdate%0A - verification: {} -filesystem: root -mode: 420 -path: /etc/coreos/update.conf diff --git a/pkg/controller/template/test_data/templates/libvirt/worker/files/-etc-sysctl.d-10-max-user-watches.conf b/pkg/controller/template/test_data/templates/libvirt/worker/files/-etc-sysctl.d-10-max-user-watches.conf deleted file mode 100644 index 325252da24..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/worker/files/-etc-sysctl.d-10-max-user-watches.conf +++ /dev/null @@ -1,6 +0,0 @@ -contents: - source: data:,fs.inotify.max_user_watches%3D16184 - verification: {} -filesystem: root -mode: 420 -path: /etc/sysctl.d/10-max-user-watches.conf diff --git a/pkg/controller/template/test_data/templates/libvirt/worker/units/docker.service b/pkg/controller/template/test_data/templates/libvirt/worker/units/docker.service deleted file mode 100644 index 74fb8cdad7..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/worker/units/docker.service +++ /dev/null @@ -1,7 +0,0 @@ -dropins: -- contents: | - [Service] - Environment="DOCKER_OPTS=--log-opt max-size=50m --log-opt max-file=3 - name: 10-dockeropts.conf -enabled: true -name: docker.service diff --git a/pkg/controller/template/test_data/templates/libvirt/worker/units/kubelet-workaround.service b/pkg/controller/template/test_data/templates/libvirt/worker/units/kubelet-workaround.service deleted file mode 100644 index 295ff0ec28..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/worker/units/kubelet-workaround.service +++ /dev/null @@ -1,12 +0,0 @@ -contents: | - [Service] - ExecStart=/usr/bin/env bash -c \ - " \ - if grep rhcos /etc/os-release > /dev/null; \ - then \ - echo CGROUP_DRIVER_FLAG=--cgroup-driver=systemd > /etc/kubernetes/kubelet-workaround; \ - mount -o remount,rw /sys/fs/cgroup; \ - ln --symbolic /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuacct,cpu; \ - fi \ - " -name: kubelet-workaround.service diff --git a/pkg/controller/template/test_data/templates/libvirt/worker/units/kubelet.service b/pkg/controller/template/test_data/templates/libvirt/worker/units/kubelet.service index 3177a10978..fe43c17131 100644 --- a/pkg/controller/template/test_data/templates/libvirt/worker/units/kubelet.service +++ b/pkg/controller/template/test_data/templates/libvirt/worker/units/kubelet.service @@ -2,10 +2,9 @@ contents: | [Unit] Description=Kubernetes Kubelet Wants=rpc-statd.service - Requires=docker.service kubelet-workaround.service - After=docker.service kubelet-workaround.service [Service] + ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests EnvironmentFile=-/etc/kubernetes/kubelet-workaround ExecStart=/usr/bin/hyperkube \ @@ -28,7 +27,7 @@ contents: | --cloud-provider= \ \ --anonymous-auth=false \ - $CGROUP_DRIVER_FLAG \ + --cgroup-driver=systemd \ Restart=always RestartSec=10 diff --git a/pkg/controller/template/test_data/templates/libvirt/worker/units/locksmith.service b/pkg/controller/template/test_data/templates/libvirt/worker/units/locksmith.service deleted file mode 100644 index ac6309a7e2..0000000000 --- a/pkg/controller/template/test_data/templates/libvirt/worker/units/locksmith.service +++ /dev/null @@ -1,2 +0,0 @@ -mask: true -name: locksmith.service diff --git a/pkg/operator/assets/bindata.go b/pkg/operator/assets/bindata.go index 3360871166..757b4cab9d 100644 --- a/pkg/operator/assets/bindata.go +++ b/pkg/operator/assets/bindata.go @@ -1,29 +1,27 @@ // Code generated by go-bindata. // sources: -// manifests/controllerconfig.crd.yaml -// manifests/etcd.machineconfigpool.yaml -// manifests/machineconfig.crd.yaml -// manifests/machineconfigcontroller/bootstrap-pod.yaml -// manifests/machineconfigcontroller/clusterrole.yaml -// manifests/machineconfigcontroller/clusterrolebinding.yaml -// manifests/machineconfigcontroller/controllerconfig.yaml -// manifests/machineconfigcontroller/deployment.yaml -// manifests/machineconfigcontroller/sa.yaml -// manifests/machineconfigdaemon/clusterrole.yaml -// manifests/machineconfigdaemon/clusterrolebinding.yaml -// manifests/machineconfigdaemon/daemonset.yaml -// manifests/machineconfigdaemon/sa.yaml -// manifests/machineconfigpool.crd.yaml -// manifests/machineconfigserver/bootstrap-pod.yaml -// manifests/machineconfigserver/clusterrole.yaml -// manifests/machineconfigserver/clusterrolebinding.yaml -// manifests/machineconfigserver/daemonset.yaml -// manifests/machineconfigserver/node-bootstrapper-sa.yaml -// manifests/machineconfigserver/node-bootstrapper-token.yaml -// manifests/machineconfigserver/sa.yaml -// manifests/master.machineconfigpool.yaml -// manifests/scc.yaml -// manifests/worker.machineconfigpool.yaml +// ../manifests/bootstrap-pod.yaml +// ../manifests/controllerconfig.crd.yaml +// ../manifests/machineconfig.crd.yaml +// ../manifests/machineconfigcontroller/clusterrole.yaml +// ../manifests/machineconfigcontroller/clusterrolebinding.yaml +// ../manifests/machineconfigcontroller/controllerconfig.yaml +// ../manifests/machineconfigcontroller/deployment.yaml +// ../manifests/machineconfigcontroller/sa.yaml +// ../manifests/machineconfigdaemon/clusterrole.yaml +// ../manifests/machineconfigdaemon/clusterrolebinding.yaml +// ../manifests/machineconfigdaemon/daemonset.yaml +// ../manifests/machineconfigdaemon/sa.yaml +// ../manifests/machineconfigpool.crd.yaml +// ../manifests/machineconfigserver/clusterrole.yaml +// ../manifests/machineconfigserver/clusterrolebinding.yaml +// ../manifests/machineconfigserver/daemonset.yaml +// ../manifests/machineconfigserver/node-bootstrapper-sa.yaml +// ../manifests/machineconfigserver/node-bootstrapper-token.yaml +// ../manifests/machineconfigserver/sa.yaml +// ../manifests/master.machineconfigpool.yaml +// ../manifests/scc.yaml +// ../manifests/worker.machineconfigpool.yaml // DO NOT EDIT! package assets @@ -67,6 +65,88 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } +var _manifestsBootstrapPodYaml = []byte(`apiVersion: v1 +kind: Pod +metadata: + name: bootstrap-machine-config-operator + namespace: {{.TargetNamespace}} +spec: + initContainers: + - name: machine-config-controller + image: {{.Images.MachineConfigController}} + args: + - "bootstrap" + - "--manifest-dir=/etc/mcc/bootstrap/manifests" + - "--dest-dir=/etc/mcc/bootstrap/server" + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 20m + memory: 50Mi + securityContext: + privileged: true + volumeMounts: + - name: bootstrap-manifests + mountPath: /etc/mcc/bootstrap/manifests + - name: server-basedir + mountPath: /etc/mcc/bootstrap/server + containers: + - name: machine-config-server + image: {{.Images.MachineConfigServer}} + args: + - "bootstrap" + volumeMounts: + - name: certs + mountPath: /etc/ssl/mcs + - name: etc-kubernetes + mountPath: /etc/kubernetes/kubeconfig + - name: server-basedir + mountPath: /etc/mcs/bootstrap + - name: etcd-certs + mountPath: /etc/ssl/etcd + securityContext: + privileged: true + hostNetwork: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + restartPolicy: Always + volumes: + - name: certs + hostPath: + path: /etc/ssl/mcs + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes/kubeconfig + - name: server-basedir + hostPath: + path: /etc/mcs/bootstrap + - name: etcd-certs + hostPath: + path: /etc/ssl/etcd + - name: bootstrap-manifests + hostPath: + path: /etc/mcc/bootstrap/manifests +`) + +func manifestsBootstrapPodYamlBytes() ([]byte, error) { + return _manifestsBootstrapPodYaml, nil +} + +func manifestsBootstrapPodYaml() (*asset, error) { + bytes, err := manifestsBootstrapPodYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "manifests/bootstrap-pod.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _manifestsControllerconfigCrdYaml = []byte(`apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -108,33 +188,6 @@ func manifestsControllerconfigCrdYaml() (*asset, error) { return a, nil } -var _manifestsEtcdMachineconfigpoolYaml = []byte(`apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfigPool -metadata: - name: etcd -spec: - machineConfigSelector: - matchLabels: - "machineconfiguration.openshift.io/role": "etcd" - machineSelector: - matchLabels: - node-role.kubernetes.io/etcd: ""`) - -func manifestsEtcdMachineconfigpoolYamlBytes() ([]byte, error) { - return _manifestsEtcdMachineconfigpoolYaml, nil -} - -func manifestsEtcdMachineconfigpoolYaml() (*asset, error) { - bytes, err := manifestsEtcdMachineconfigpoolYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/etcd.machineconfigpool.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _manifestsMachineconfigCrdYaml = []byte(`apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -176,58 +229,6 @@ func manifestsMachineconfigCrdYaml() (*asset, error) { return a, nil } -var _manifestsMachineconfigcontrollerBootstrapPodYaml = []byte(`apiVersion: v1 -kind: Pod -metadata: - name: bootstrap-machine-config-controller -spec: - containers: - - name: machine-config-controller - image: {{.Images.MachineConfigController}} - args: - - "bootstrap" - - "--manifest-dir=/etc/mcc/bootstrap/manifests" - - "--dest-dir=/etc/mcc/bootstrap/server" - resources: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 20m - memory: 50Mi - securityContext: - privileged: true - volumeMounts: - - name: bootstrap-manifests - mountPath: /etc/mcc/bootstrap/manifests - - name: bootstrap-server - mountPath: /etc/mcc/bootstrap/server - restartPolicy: OnFailure - hostNetwork: true - volumes: - - name: bootstrap-manifests - hostPath: - path: /etc/mcc/bootstrap/manifests - - name: bootstrap-server - hostPath: - path: /etc/mcs/bootstrap -`) - -func manifestsMachineconfigcontrollerBootstrapPodYamlBytes() ([]byte, error) { - return _manifestsMachineconfigcontrollerBootstrapPodYaml, nil -} - -func manifestsMachineconfigcontrollerBootstrapPodYaml() (*asset, error) { - bytes, err := manifestsMachineconfigcontrollerBootstrapPodYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigcontroller/bootstrap-pod.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _manifestsMachineconfigcontrollerClusterroleYaml = []byte(`apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -467,28 +468,30 @@ spec: k8s-app: machine-config-daemon spec: containers: - - name: machine-config-daemon - image: {{.Images.MachineConfigDaemon}} - args: - - "start" - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /var/run/dbus - name: var-run-dbus - - mountPath: /run/systemd - name: run-systemd - - mountPath: /etc/ssl/certs - name: etc-ssl-certs - readOnly: true - - mountPath: /etc/machine-config-daemon - name: etc-mcd - readOnly: true - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName + - name: machine-config-daemon + image: {{.Images.MachineConfigDaemon}} + args: + - "start" + securityContext: + privileged: true + volumeMounts: + - mountPath: /rootfs + name: rootfs + - mountPath: /var/run/dbus + name: var-run-dbus + - mountPath: /run/systemd + name: run-systemd + - mountPath: /etc/ssl/certs + name: etc-ssl-certs + readOnly: true + - mountPath: /etc/machine-config-daemon + name: etc-mcd + readOnly: true + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName serviceAccountName: machine-config-daemon tolerations: - key: node-role.kubernetes.io/master @@ -595,62 +598,6 @@ func manifestsMachineconfigpoolCrdYaml() (*asset, error) { return a, nil } -var _manifestsMachineconfigserverBootstrapPodYaml = []byte(`apiVersion: v1 -kind: Pod -metadata: - name: bootstrap-machine-config-server - namespace: {{.TargetNamespace}} -spec: - containers: - - name: machine-config-server - image: {{.Images.MachineConfigServer}} - args: - - "bootstrap" - volumeMounts: - - name: certs - mountPath: /etc/ssl/mcs - - name: etc-kubernetes - mountPath: /etc/kubernetes/kubeconfig - - name: server-basedir - mountPath: /etc/mcs/boostrap - - name: etcd-certs - mountPath: /etc/ssl/etcd - hostNetwork: true - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - restartPolicy: Always - volumes: - - name: certs - hostPath: - path: /etc/ssl/mcs - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes/kubeconfig - - name: server-basedir - hostPath: - path: /etc/mcs/boostrap - - name: etcd-certs - hostPath: - path: /etc/ssl/etcd -`) - -func manifestsMachineconfigserverBootstrapPodYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverBootstrapPodYaml, nil -} - -func manifestsMachineconfigserverBootstrapPodYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverBootstrapPodYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigserver/bootstrap-pod.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _manifestsMachineconfigserverClusterroleYaml = []byte(`apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -658,7 +605,7 @@ metadata: namespace: {{.TargetNamespace}} rules: - apiGroups: ["machineconfiguration.openshift.io"] - resources: ["machineconfigs"] + resources: ["machineconfigs", "machineconfigpools"] verbs: ["*"] `) @@ -722,16 +669,16 @@ spec: k8s-app: machine-config-server spec: containers: - - name: machine-config-server - image: {{.Images.MachineConfigServer}} - args: - - "start" - - "--apiserver-url=https://{{.ControllerConfig.ClusterName}}-api.{{.ControllerConfig.BaseDomain}}:6443" - volumeMounts: - - name: certs - mountPath: /etc/ssl/mcs - - name: node-bootstrap-token - mountPath: /etc/mcs/bootstrap-token + - name: machine-config-server + image: {{.Images.MachineConfigServer}} + args: + - "start" + - "--apiserver-url=https://{{.ControllerConfig.ClusterName}}-api.{{.ControllerConfig.BaseDomain}}:6443" + volumeMounts: + - name: certs + mountPath: /etc/ssl/mcs + - name: node-bootstrap-token + mountPath: /etc/mcs/bootstrap-token hostNetwork: true nodeSelector: node-role.kubernetes.io/master: "" @@ -793,7 +740,7 @@ metadata: kubernetes.io/service-account.name: node-bootstrapper name: node-bootstrapper-token namespace: {{.TargetNamespace}} - type: kubernetes.io/service-account-token +type: kubernetes.io/service-account-token `) func manifestsMachineconfigserverNodeBootstrapperTokenYamlBytes() ([]byte, error) { @@ -985,10 +932,9 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. var _bindata = map[string]func() (*asset, error){ + "manifests/bootstrap-pod.yaml": manifestsBootstrapPodYaml, "manifests/controllerconfig.crd.yaml": manifestsControllerconfigCrdYaml, - "manifests/etcd.machineconfigpool.yaml": manifestsEtcdMachineconfigpoolYaml, "manifests/machineconfig.crd.yaml": manifestsMachineconfigCrdYaml, - "manifests/machineconfigcontroller/bootstrap-pod.yaml": manifestsMachineconfigcontrollerBootstrapPodYaml, "manifests/machineconfigcontroller/clusterrole.yaml": manifestsMachineconfigcontrollerClusterroleYaml, "manifests/machineconfigcontroller/clusterrolebinding.yaml": manifestsMachineconfigcontrollerClusterrolebindingYaml, "manifests/machineconfigcontroller/controllerconfig.yaml": manifestsMachineconfigcontrollerControllerconfigYaml, @@ -999,7 +945,6 @@ var _bindata = map[string]func() (*asset, error){ "manifests/machineconfigdaemon/daemonset.yaml": manifestsMachineconfigdaemonDaemonsetYaml, "manifests/machineconfigdaemon/sa.yaml": manifestsMachineconfigdaemonSaYaml, "manifests/machineconfigpool.crd.yaml": manifestsMachineconfigpoolCrdYaml, - "manifests/machineconfigserver/bootstrap-pod.yaml": manifestsMachineconfigserverBootstrapPodYaml, "manifests/machineconfigserver/clusterrole.yaml": manifestsMachineconfigserverClusterroleYaml, "manifests/machineconfigserver/clusterrolebinding.yaml": manifestsMachineconfigserverClusterrolebindingYaml, "manifests/machineconfigserver/daemonset.yaml": manifestsMachineconfigserverDaemonsetYaml, @@ -1052,11 +997,10 @@ type bintree struct { } var _bintree = &bintree{nil, map[string]*bintree{ "manifests": &bintree{nil, map[string]*bintree{ + "bootstrap-pod.yaml": &bintree{manifestsBootstrapPodYaml, map[string]*bintree{}}, "controllerconfig.crd.yaml": &bintree{manifestsControllerconfigCrdYaml, map[string]*bintree{}}, - "etcd.machineconfigpool.yaml": &bintree{manifestsEtcdMachineconfigpoolYaml, map[string]*bintree{}}, "machineconfig.crd.yaml": &bintree{manifestsMachineconfigCrdYaml, map[string]*bintree{}}, "machineconfigcontroller": &bintree{nil, map[string]*bintree{ - "bootstrap-pod.yaml": &bintree{manifestsMachineconfigcontrollerBootstrapPodYaml, map[string]*bintree{}}, "clusterrole.yaml": &bintree{manifestsMachineconfigcontrollerClusterroleYaml, map[string]*bintree{}}, "clusterrolebinding.yaml": &bintree{manifestsMachineconfigcontrollerClusterrolebindingYaml, map[string]*bintree{}}, "controllerconfig.yaml": &bintree{manifestsMachineconfigcontrollerControllerconfigYaml, map[string]*bintree{}}, @@ -1071,7 +1015,6 @@ var _bintree = &bintree{nil, map[string]*bintree{ }}, "machineconfigpool.crd.yaml": &bintree{manifestsMachineconfigpoolCrdYaml, map[string]*bintree{}}, "machineconfigserver": &bintree{nil, map[string]*bintree{ - "bootstrap-pod.yaml": &bintree{manifestsMachineconfigserverBootstrapPodYaml, map[string]*bintree{}}, "clusterrole.yaml": &bintree{manifestsMachineconfigserverClusterroleYaml, map[string]*bintree{}}, "clusterrolebinding.yaml": &bintree{manifestsMachineconfigserverClusterrolebindingYaml, map[string]*bintree{}}, "daemonset.yaml": &bintree{manifestsMachineconfigserverDaemonsetYaml, map[string]*bintree{}}, diff --git a/pkg/operator/bootstrap.go b/pkg/operator/bootstrap.go index ad2779bfba..30f1b66647 100644 --- a/pkg/operator/bootstrap.go +++ b/pkg/operator/bootstrap.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "io/ioutil" + "os" "path/filepath" "github.com/golang/glog" @@ -61,31 +62,16 @@ func RenderBootstrap( filename string }{{ name: "manifests/machineconfigcontroller/controllerconfig.yaml", - filename: "machineconfigcontroller-controllerconfig.yaml", - }, { - name: "manifests/machineconfigcontroller/bootstrap-pod.yaml", - filename: "machineconfigcontroller-bootstrap-pod.yaml", + filename: "manifests/machineconfigcontroller-controllerconfig.yaml", }, { name: "manifests/master.machineconfigpool.yaml", - filename: "master.machineconfigpool.yaml", + filename: "manifests/master.machineconfigpool.yaml", }, { name: "manifests/worker.machineconfigpool.yaml", - filename: "worker.machineconfigpool.yaml", - }, { - name: "manifests/etcd.machineconfigpool.yaml", - filename: "etcd.machineconfigpool.yaml", - }, { - name: "manifests/machineconfigserver/bootstrap-pod.yaml", - filename: "machineconfigserver-bootstrap-pod.yaml", - }, { - name: "manifests/controllerconfig.crd.yaml", - filename: "controllerconfig.crd.yaml", + filename: "manifests/worker.machineconfigpool.yaml", }, { - name: "manifests/machineconfig.crd.yaml", - filename: "machineconfig.crd.yaml", - }, { - name: "manifests/machineconfigpool.crd.yaml", - filename: "machineconfigpool.crd.yaml", + name: "manifests/bootstrap-pod.yaml", + filename: "machineconfigoperator-bootstrap-pod.yaml", }} for _, m := range manifests { glog.Info(m) @@ -95,6 +81,10 @@ func RenderBootstrap( } path := filepath.Join(destinationDir, m.filename) + dirname := filepath.Dir(path) + if err := os.MkdirAll(dirname, 0655); err != nil { + return err + } if err := ioutil.WriteFile(path, b, 0655); err != nil { return err } diff --git a/pkg/server/api.go b/pkg/server/api.go index 01237df255..bca0cb1c85 100644 --- a/pkg/server/api.go +++ b/pkg/server/api.go @@ -97,6 +97,7 @@ func (sh *APIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { conf, err := sh.server.GetConfig(cr) if err != nil { w.WriteHeader(http.StatusInternalServerError) + glog.Errorf("couldn't get config for req: %v, error: %v", cr, err) return } if conf == nil && err == nil { @@ -107,5 +108,6 @@ func (sh *APIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { encoder := json.NewEncoder(w) if err := encoder.Encode(conf); err != nil { w.WriteHeader(http.StatusInternalServerError) + glog.Errorf("couldn't encode the config for req: %v, error: %v", cr, err) } } diff --git a/pkg/server/bootstrap_server.go b/pkg/server/bootstrap_server.go index f78c8ff4ff..3ec5634e4a 100644 --- a/pkg/server/bootstrap_server.go +++ b/pkg/server/bootstrap_server.go @@ -7,8 +7,8 @@ import ( "path" ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + yaml "github.com/ghodss/yaml" "github.com/golang/glog" - yaml "gopkg.in/yaml.v2" clientcmd "k8s.io/client-go/tools/clientcmd/api/v1" "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" @@ -61,6 +61,7 @@ func (bsc *bootstrapServer) GetConfig(cr poolRequest) (*ignv2_2types.Config, err // 1. Read the Machine Config Pool object. fileName := path.Join(bsc.serverBaseDir, "machine-pools", cr.machinePool+".yaml") + glog.Infof("reading file %q", fileName) data, err := ioutil.ReadFile(fileName) if os.IsNotExist(err) { glog.Errorf("could not find file: %s", fileName) @@ -80,8 +81,10 @@ func (bsc *bootstrapServer) GetConfig(cr poolRequest) (*ignv2_2types.Config, err // 2. Read the Machine Config object. fileName = path.Join(bsc.serverBaseDir, "machine-configs", currConf+".yaml") + glog.Infof("reading file %q", fileName) data, err = ioutil.ReadFile(fileName) if os.IsNotExist(err) { + glog.Errorf("could not find file: %s", fileName) return nil, nil } if err != nil { diff --git a/pkg/server/cluster_server.go b/pkg/server/cluster_server.go index 245dd5ed89..09653cbbd7 100644 --- a/pkg/server/cluster_server.go +++ b/pkg/server/cluster_server.go @@ -6,7 +6,7 @@ import ( "path/filepath" ignv2_2types "github.com/coreos/ignition/config/v2_2/types" - yaml "gopkg.in/yaml.v2" + yaml "github.com/ghodss/yaml" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" rest "k8s.io/client-go/rest" diff --git a/pkg/server/server_test.go b/pkg/server/server_test.go index bc5e09176a..fc36c23d4e 100644 --- a/pkg/server/server_test.go +++ b/pkg/server/server_test.go @@ -9,10 +9,10 @@ import ( "testing" ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + yaml "github.com/ghodss/yaml" "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" "github.com/openshift/machine-config-operator/pkg/daemon" "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned/fake" - yaml "gopkg.in/yaml.v2" ) const ( diff --git a/pkg/server/testdata/machine-configs/test-config.yaml b/pkg/server/testdata/machine-configs/test-config.yaml index 82e518e1ec..7c8579cac1 100644 --- a/pkg/server/testdata/machine-configs/test-config.yaml +++ b/pkg/server/testdata/machine-configs/test-config.yaml @@ -1,6 +1,6 @@ -typemeta: - kind: MachineConfig -objectmeta: +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: name: test-config spec: config: diff --git a/pkg/server/testdata/machine-pools/test-pool.yaml b/pkg/server/testdata/machine-pools/test-pool.yaml index 9692740559..c0b674fce5 100644 --- a/pkg/server/testdata/machine-pools/test-pool.yaml +++ b/pkg/server/testdata/machine-pools/test-pool.yaml @@ -1,32 +1,21 @@ -typemeta: - kind: MachineConfigPool - apiversion: "" -objectmeta: +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfigPool +metadata: + creationTimestamp: null name: test-pool - generatename: "" - selflink: "" - uid: "" - resourceversion: "" - generation: 0 - creationtimestamp: "0001-01-01T00:00:00Z" - deletiontimestamp: null - deletiongraceperiodseconds: null - labels: {} - annotations: {} - ownerreferences: [] - initializers: null - finalizers: [] - clustername: "" spec: - machineconfigselector: null - machineselector: null + machineConfigSelector: + matchLabels: + machineconfiguration.openshift.io/role: test + machineSelector: + matchLabels: + node-role.kubernetes.io/test: "" + maxUnavailable: null paused: false - maxunavailable: null status: - observedgeneration: 0 - currentmachineconfig: test-config - machinecount: 0 - updatedmachinecount: 0 - readymachinecount: 0 - unavailablemachinecount: 0 - conditions: [] + conditions: null + currentMachineConfig: test-config + machineCount: 0 + readyMachineCount: 0 + unavailableMachineCount: 0 + updatedMachineCount: 0 diff --git a/templates/_base/master/files/max-user-watches.yaml b/templates/_base/master/files/max-user-watches.yaml deleted file mode 100644 index 77bab175ea..0000000000 --- a/templates/_base/master/files/max-user-watches.yaml +++ /dev/null @@ -1,5 +0,0 @@ -filesystem: "root" -path: "/etc/sysctl.d/10-max-user-watches.conf" -mode: 0644 -contents: - inline: fs.inotify.max_user_watches=16184 diff --git a/templates/_base/master/files/update.yaml b/templates/_base/master/files/update.yaml deleted file mode 100644 index d12d917926..0000000000 --- a/templates/_base/master/files/update.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# This configuration file is specific to Container Linux. It instructs the -# update-engine component to search for updates within the cluster instead of -# contacting the public update servers. - -filesystem: "root" -mode: 0644 -path: "/etc/coreos/update.conf" -contents: - inline: | - GROUP=stable - SERVER=http://localhost:32003/v1/update diff --git a/templates/_base/master/units/dockeropts.yaml b/templates/_base/master/units/dockeropts.yaml deleted file mode 100644 index 4596f0b557..0000000000 --- a/templates/_base/master/units/dockeropts.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: "docker.service" -enabled: true -dropins: - - name: "10-dockeropts.conf" - contents: | - [Service] - Environment="DOCKER_OPTS=--log-opt max-size=50m --log-opt max-file=3 diff --git a/templates/_base/master/units/kubelet-workaround.yaml b/templates/_base/master/units/kubelet-workaround.yaml deleted file mode 100644 index ec775d852c..0000000000 --- a/templates/_base/master/units/kubelet-workaround.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# XXX: This is a complete hack in order to support both Container Linux and -# RHCOS. Please remove this as soon as possible. - -name: "kubelet-workaround.service" -contents: | - [Service] - ExecStart=/usr/bin/env bash -c \ - " \ - if grep rhcos /etc/os-release > /dev/null; \ - then \ - echo CGROUP_DRIVER_FLAG=--cgroup-driver=systemd > /etc/kubernetes/kubelet-workaround; \ - mount -o remount,rw /sys/fs/cgroup; \ - ln --symbolic /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuacct,cpu; \ - fi \ - " diff --git a/templates/_base/master/units/kubelet.yaml b/templates/_base/master/units/kubelet.yaml index 959ae889ff..5d6fcb89d5 100644 --- a/templates/_base/master/units/kubelet.yaml +++ b/templates/_base/master/units/kubelet.yaml @@ -4,10 +4,9 @@ contents: | [Unit] Description=Kubernetes Kubelet Wants=rpc-statd.service - Requires=docker.service kubelet-workaround.service - After=docker.service kubelet-workaround.service [Service] + ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests EnvironmentFile=-/etc/kubernetes/kubelet-workaround ExecStart=/usr/bin/hyperkube \ @@ -31,7 +30,7 @@ contents: | {{.CloudProviderConfig}} \ --anonymous-auth=false \ --register-with-taints=node-role.kubernetes.io/master=:NoSchedule \ - $CGROUP_DRIVER_FLAG \ + --cgroup-driver=systemd \ Restart=always RestartSec=10 diff --git a/templates/_base/master/units/locksmith.yaml b/templates/_base/master/units/locksmith.yaml deleted file mode 100644 index 20e81c8d3d..0000000000 --- a/templates/_base/master/units/locksmith.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# This configuration file is specific to Container Linux. It instructs systemd -# to mask Locksmith, which is normally responsible for rebooting the system. It -# is disabled because the Node Agent will assume responsibility for rebooting -# the system (among other things). - -name: "locksmith.service" -mask: true diff --git a/templates/_base/worker/files/max-user-watches.yaml b/templates/_base/worker/files/max-user-watches.yaml deleted file mode 100644 index 77bab175ea..0000000000 --- a/templates/_base/worker/files/max-user-watches.yaml +++ /dev/null @@ -1,5 +0,0 @@ -filesystem: "root" -path: "/etc/sysctl.d/10-max-user-watches.conf" -mode: 0644 -contents: - inline: fs.inotify.max_user_watches=16184 diff --git a/templates/_base/worker/files/update.yaml b/templates/_base/worker/files/update.yaml deleted file mode 100644 index d12d917926..0000000000 --- a/templates/_base/worker/files/update.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# This configuration file is specific to Container Linux. It instructs the -# update-engine component to search for updates within the cluster instead of -# contacting the public update servers. - -filesystem: "root" -mode: 0644 -path: "/etc/coreos/update.conf" -contents: - inline: | - GROUP=stable - SERVER=http://localhost:32003/v1/update diff --git a/templates/_base/worker/units/dockeropts.yaml b/templates/_base/worker/units/dockeropts.yaml deleted file mode 100644 index 4596f0b557..0000000000 --- a/templates/_base/worker/units/dockeropts.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: "docker.service" -enabled: true -dropins: - - name: "10-dockeropts.conf" - contents: | - [Service] - Environment="DOCKER_OPTS=--log-opt max-size=50m --log-opt max-file=3 diff --git a/templates/_base/worker/units/kubelet-workaround.yaml b/templates/_base/worker/units/kubelet-workaround.yaml deleted file mode 100644 index ec775d852c..0000000000 --- a/templates/_base/worker/units/kubelet-workaround.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# XXX: This is a complete hack in order to support both Container Linux and -# RHCOS. Please remove this as soon as possible. - -name: "kubelet-workaround.service" -contents: | - [Service] - ExecStart=/usr/bin/env bash -c \ - " \ - if grep rhcos /etc/os-release > /dev/null; \ - then \ - echo CGROUP_DRIVER_FLAG=--cgroup-driver=systemd > /etc/kubernetes/kubelet-workaround; \ - mount -o remount,rw /sys/fs/cgroup; \ - ln --symbolic /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuacct,cpu; \ - fi \ - " diff --git a/templates/_base/worker/units/kubelet.yaml b/templates/_base/worker/units/kubelet.yaml index b6f225762c..41b816f4f4 100644 --- a/templates/_base/worker/units/kubelet.yaml +++ b/templates/_base/worker/units/kubelet.yaml @@ -4,10 +4,9 @@ contents: | [Unit] Description=Kubernetes Kubelet Wants=rpc-statd.service - Requires=docker.service kubelet-workaround.service - After=docker.service kubelet-workaround.service [Service] + ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests EnvironmentFile=-/etc/kubernetes/kubelet-workaround ExecStart=/usr/bin/hyperkube \ @@ -30,7 +29,7 @@ contents: | --cloud-provider={{cloudProvider .}} \ {{.CloudProviderConfig}} \ --anonymous-auth=false \ - $CGROUP_DRIVER_FLAG \ + --cgroup-driver=systemd \ Restart=always RestartSec=10 diff --git a/templates/_base/worker/units/locksmith.yaml b/templates/_base/worker/units/locksmith.yaml deleted file mode 100644 index 20e81c8d3d..0000000000 --- a/templates/_base/worker/units/locksmith.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# This configuration file is specific to Container Linux. It instructs systemd -# to mask Locksmith, which is normally responsible for rebooting the system. It -# is disabled because the Node Agent will assume responsibility for rebooting -# the system (among other things). - -name: "locksmith.service" -mask: true