openshift · openshift-merge-robot · Sep 11, 2018 · Sep 10, 2018 · Sep 11, 2018 · Sep 11, 2018
diff --git a/Dockerfile.machine-config-operator b/Dockerfile.machine-config-operator
@@ -6,5 +6,6 @@ RUN WHAT=machine-config-operator ./hack/build-go.sh
 
 FROM scratch
 COPY --from=build-env /go/src/github.com/openshift/machine-config-operator/_output/linux/amd64/machine-config-operator /bin/machine-config-operator
+COPY install /manifests
 
 ENTRYPOINT ["/bin/machine-config-operator"]
diff --git a/cmd/machine-config-controller/bootstrap.go b/cmd/machine-config-controller/bootstrap.go
@@ -12,7 +12,7 @@ import (
 
 var (
 	bootstrapCmd = &cobra.Command{
-		Use:   "boostrap",
+		Use:   "bootstrap",
 		Short: "Starts Machine Config Controller in bootstrap mode",
 		Long:  "",
 		Run:   runbootstrapCmd,
@@ -27,7 +27,7 @@ var (
 func init() {
 	rootCmd.AddCommand(bootstrapCmd)
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.destinationDir, "dest-dir", "", "The destination dir where MCC writes the generated machineconfigs and machineconfigpools.")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.manifestsDir, "mainfest-dir", "", "The dir where MCC reads the controllerconfig, machineconfigpools and user-defined machineconfigs.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.manifestsDir, "manifest-dir", "", "The dir where MCC reads the controllerconfig, machineconfigpools and user-defined machineconfigs.")
 
 }
 

diff --git a/install/.gitkeep b/install/.gitkeep
diff --git a/install/00_namespace.yaml b/install/00_namespace.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-machine-config-operator
+  labels:
+    name: openshift-machine-config-operator
+    openshift.io/run-level: "1"
diff --git a/install/mcoconfig.crd.yaml → install/01_mcoconfig.crd.yaml b/install/mcoconfig.crd.yaml → install/01_mcoconfig.crd.yaml
diff --git a/install/mco.images.yaml → install/02_images.configmap.yaml b/install/mco.images.yaml → install/02_images.configmap.yaml
diff --git a/install/03_rbac.yaml b/install/03_rbac.yaml
@@ -0,0 +1,13 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: default-account-openshift-machine-config-operator
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: openshift-machine-config-operator
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
diff --git a/install/04_deployment.yaml b/install/04_deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: machine-config-operator
+  namespace: openshift-machine-config-operator
+  labels:
+    k8s-app: machine-config-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: machine-config-operator
+  template:
+    metadata:
+      labels:
+        k8s-app: machine-config-operator
+    spec:
+      containers:
+      - name: machine-config-operator
+        image: ${machine_config_operator_image}
+        args:
+        - "start"
+        - "--images-json=/etc/mco/images/images.json"
+        resources:
+          limits:
+            cpu: 20m
+            memory: 50Mi
+          requests:
+            cpu: 20m
+            memory: 50Mi
+        volumeMounts:
+        - name: root-ca
+          mountPath: /etc/ssl/kubernetes/ca.crt
+        - name: etcd-ca
+          mountPath: /etc/ssl/etcd/ca.crt
+        - name: images
+          mountPath: /etc/mco/images
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      restartPolicy: Always
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+      tolerations:
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
+      volumes:
+      - name: images
+        configMap:
+          name: machine-config-operator-images
+      - name: etcd-ca
+        hostPath:
+          path: /etc/ssl/etcd/ca.crt
+      - name: root-ca
+        hostPath:
+          path: /etc/kubernetes/ca.crt
diff --git a/manifests/bootstrap-pod.yaml b/manifests/bootstrap-pod.yaml
@@ -0,0 +1,65 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: bootstrap-machine-config-operator
+  namespace: {{.TargetNamespace}}
+spec:
+  initContainers:
+  - name: machine-config-controller
+    image: {{.Images.MachineConfigController}}
+    args:
+    - "bootstrap"
+    - "--manifest-dir=/etc/mcc/bootstrap/manifests"
+    - "--dest-dir=/etc/mcc/bootstrap/server"
+    resources:
+      limits:
+        cpu: 20m
+        memory: 50Mi
+      requests:
+        cpu: 20m
+        memory: 50Mi
+    securityContext:
+      privileged: true
+    volumeMounts:
+    - name: bootstrap-manifests
+      mountPath: /etc/mcc/bootstrap/manifests
+    - name: server-basedir
+      mountPath: /etc/mcc/bootstrap/server
+  containers:
+  - name: machine-config-server
+    image: {{.Images.MachineConfigServer}}
+    args:
+      - "bootstrap"
+    volumeMounts:
+    - name: certs
+      mountPath: /etc/ssl/mcs
+    - name: etc-kubernetes
+      mountPath: /etc/kubernetes/kubeconfig
+    - name: server-basedir
+      mountPath: /etc/mcs/bootstrap
+    - name:  etcd-certs
+      mountPath: /etc/ssl/etcd
+    securityContext:
+      privileged: true
+  hostNetwork: true
+  tolerations:
+    - key: node-role.kubernetes.io/master
+      operator: Exists
+      effect: NoSchedule
+  restartPolicy: Always
+  volumes:
+  - name: certs
+    hostPath:
+      path: /etc/ssl/mcs
+  - name: etc-kubernetes
+    hostPath:
+      path: /etc/kubernetes/kubeconfig
+  - name: server-basedir
+    hostPath:
+      path: /etc/mcs/bootstrap
+  - name: etcd-certs
+    hostPath:
+      path: /etc/ssl/etcd
+  - name: bootstrap-manifests
+    hostPath:
+      path: /etc/mcc/bootstrap/manifests
diff --git a/manifests/etcd.machineconfigpool.yaml b/manifests/etcd.machineconfigpool.yaml
diff --git a/manifests/machineconfigcontroller/bootstrap-pod.yaml b/manifests/machineconfigcontroller/bootstrap-pod.yaml
diff --git a/manifests/machineconfigdaemon/daemonset.yaml b/manifests/machineconfigdaemon/daemonset.yaml
@@ -14,28 +14,30 @@ spec:
         k8s-app: machine-config-daemon
     spec:
       containers:
-        - name: machine-config-daemon
-          image: {{.Images.MachineConfigDaemon}}
-          args:
-            - "start"
-          volumeMounts:
-            - mountPath: /rootfs
-              name: rootfs
-            - mountPath: /var/run/dbus
-              name: var-run-dbus
-            - mountPath: /run/systemd
-              name: run-systemd
-            - mountPath: /etc/ssl/certs
-              name: etc-ssl-certs
-              readOnly: true
-            - mountPath: /etc/machine-config-daemon
-              name: etc-mcd
-              readOnly: true
-          env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
+      - name: machine-config-daemon
+        image: {{.Images.MachineConfigDaemon}}
+        args:
+          - "start"
+        securityContext:
+          privileged: true
+        volumeMounts:
+          - mountPath: /rootfs
+            name: rootfs
+          - mountPath: /var/run/dbus
+            name: var-run-dbus
+          - mountPath: /run/systemd
+            name: run-systemd
+          - mountPath: /etc/ssl/certs
+            name: etc-ssl-certs
+            readOnly: true
+          - mountPath: /etc/machine-config-daemon
+            name: etc-mcd
+            readOnly: true
+        env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
       serviceAccountName: machine-config-daemon
       tolerations:
         - key: node-role.kubernetes.io/master

diff --git a/manifests/machineconfigserver/bootstrap-pod.yaml b/manifests/machineconfigserver/bootstrap-pod.yaml
diff --git a/manifests/machineconfigserver/clusterrole.yaml b/manifests/machineconfigserver/clusterrole.yaml
@@ -5,5 +5,5 @@ metadata:
   namespace: {{.TargetNamespace}}
 rules:
 - apiGroups: ["machineconfiguration.openshift.io"]
-  resources: ["machineconfigs"]
+  resources: ["machineconfigs", "machineconfigpools"]
   verbs: ["*"]
diff --git a/manifests/machineconfigserver/daemonset.yaml b/manifests/machineconfigserver/daemonset.yaml
@@ -14,16 +14,16 @@ spec:
         k8s-app: machine-config-server
     spec:
       containers:
-        - name: machine-config-server
-          image: {{.Images.MachineConfigServer}}
-          args:
-            - "start"
-            - "--apiserver-url=https://{{.ControllerConfig.ClusterName}}-api.{{.ControllerConfig.BaseDomain}}:6443"
-          volumeMounts:
-          - name: certs
-            mountPath: /etc/ssl/mcs
-          - name: node-bootstrap-token
-            mountPath: /etc/mcs/bootstrap-token
+      - name: machine-config-server
+        image: {{.Images.MachineConfigServer}}
+        args:
+          - "start"
+          - "--apiserver-url=https://{{.ControllerConfig.ClusterName}}-api.{{.ControllerConfig.BaseDomain}}:6443"
+        volumeMounts:
+        - name: certs
+          mountPath: /etc/ssl/mcs
+        - name: node-bootstrap-token
+          mountPath: /etc/mcs/bootstrap-token
       hostNetwork: true
       nodeSelector:
         node-role.kubernetes.io/master: ""

diff --git a/manifests/machineconfigserver/node-bootstrapper-token.yaml b/manifests/machineconfigserver/node-bootstrapper-token.yaml
@@ -5,4 +5,4 @@ metadata:
     kubernetes.io/service-account.name: node-bootstrapper
   name: node-bootstrapper-token
   namespace: {{.TargetNamespace}}
-  type: kubernetes.io/service-account-token
+type: kubernetes.io/service-account-token
diff --git a/pkg/controller/bootstrap/bootstrap.go b/pkg/controller/bootstrap/bootstrap.go
@@ -73,6 +73,9 @@ func (b *Bootstrap) Run(destDir string) error {
 		}
 	}
 
+	if cconfig == nil {
+		return fmt.Errorf("error: no controllerconfig found in dir: %q", destDir)
+	}
 	iconfigs, err := template.RunBootstrap(b.templatesDir, cconfig)
 	if err != nil {
 		return err
@@ -100,7 +103,7 @@ func (b *Bootstrap) Run(destDir string) error {
 	}
 
 	configdir := filepath.Join(destDir, "machine-configs")
-	if err := os.MkdirAll(poolsdir, 0664); err != nil {
+	if err := os.MkdirAll(configdir, 0664); err != nil {
 		return err
 	}
 	for _, c := range gconfigs {

diff --git a/pkg/controller/template/test_data/templates/aws/master/files/-etc-coreos-update.conf b/pkg/controller/template/test_data/templates/aws/master/files/-etc-coreos-update.conf
diff --git a/...ller/template/test_data/templates/aws/master/files/-etc-sysctl.d-10-max-user-watches.conf b/...ller/template/test_data/templates/aws/master/files/-etc-sysctl.d-10-max-user-watches.conf
diff --git a/pkg/controller/template/test_data/templates/aws/master/units/docker.service b/pkg/controller/template/test_data/templates/aws/master/units/docker.service