From dcf776c541118559d154a4ce2bc5432af7968c7b Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Wed, 7 Aug 2024 10:48:08 +0200 Subject: [PATCH] fix kamaji garbage collection Signed-off-by: Andrei Kvapil --- Makefile | 1 + packages/system/kamaji/Makefile | 17 +++++++++++ .../system/kamaji/images/kamaji/Dockerfile | 25 ++++++++++++++++ .../images/kamaji/patches/enable-gc.diff | 30 +++++++++++++++++++ packages/system/kamaji/values.yaml | 4 +++ 5 files changed, 77 insertions(+) create mode 100644 packages/system/kamaji/images/kamaji/Dockerfile create mode 100644 packages/system/kamaji/images/kamaji/patches/enable-gc.diff diff --git a/Makefile b/Makefile index 10a78ae7d..e424e6d5c 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ build: make -C packages/system/cilium image make -C packages/system/kubeovn image make -C packages/system/dashboard image + make -C packages/system/kamaji image make -C packages/core/installer image make manifests diff --git a/packages/system/kamaji/Makefile b/packages/system/kamaji/Makefile index bc4af6e98..7968b5774 100644 --- a/packages/system/kamaji/Makefile +++ b/packages/system/kamaji/Makefile @@ -1,6 +1,7 @@ export NAME=kamaji export NAMESPACE=cozy-$(NAME) +include ../../../scripts/common-envs.mk include ../../../scripts/package-system.mk update: @@ -8,3 +9,19 @@ update: helm repo add clastix https://clastix.github.io/charts helm repo update clastix helm pull clastix/kamaji --untar --untardir charts + +image: + docker buildx build images/kamaji \ + --provenance false \ + --tag $(REGISTRY)/kamaji:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/kamaji:latest \ + --cache-to type=inline \ + --metadata-file images/kamaji.json \ + --push=$(PUSH) \ + --label "org.opencontainers.image.source=https://github.com/aenix-io/cozystack" + --load=$(LOAD) + REPOSITORY="$(REGISTRY)/kamaji" \ + yq -i '.kamaji.image.repository = strenv(REPOSITORY)' values.yaml + TAG=$(TAG)@$$(yq e '."containerimage.digest"' images/kamaji.json -o json -r) \ + yq -i '.kamaji.image.tag = strenv(TAG)' values.yaml + rm -f images/kamaji.json diff --git a/packages/system/kamaji/images/kamaji/Dockerfile b/packages/system/kamaji/images/kamaji/Dockerfile new file mode 100644 index 000000000..966226d7b --- /dev/null +++ b/packages/system/kamaji/images/kamaji/Dockerfile @@ -0,0 +1,25 @@ +# Build the manager binary +FROM golang:1.22 as builder + +ARG VERSION=v1.0.0 +ARG TARGETOS TARGETARCH + +WORKDIR /workspace + +RUN curl -sSL https://github.com/clastix/kamaji/archive/refs/tags/v1.0.0.tar.gz | tar -xzvf- --strip=1 + +COPY patches /patches +RUN git apply /patches/enable-gc.diff + +RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build \ + -ldflags "-X github.com/clastix/kamaji/internal.GitRepo=$GIT_REPO -X github.com/clastix/kamaji/internal.GitTag=$GIT_LAST_TAG -X github.com/clastix/kamaji/internal.GitCommit=$GIT_HEAD_COMMIT -X github.com/clastix/kamaji/internal.GitDirty=$GIT_MODIFIED -X github.com/clastix/kamaji/internal.BuildTime=$BUILD_DATE" \ + -a -o kamaji main.go + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY --from=builder /workspace/kamaji . +USER 65532:65532 + +ENTRYPOINT ["/kamaji"] diff --git a/packages/system/kamaji/images/kamaji/patches/enable-gc.diff b/packages/system/kamaji/images/kamaji/patches/enable-gc.diff new file mode 100644 index 000000000..20159f538 --- /dev/null +++ b/packages/system/kamaji/images/kamaji/patches/enable-gc.diff @@ -0,0 +1,30 @@ +diff --git a/internal/kubeadm/uploadconfig.go b/internal/kubeadm/uploadconfig.go +index 0dc9e71..e516390 100644 +--- a/internal/kubeadm/uploadconfig.go ++++ b/internal/kubeadm/uploadconfig.go +@@ -98,21 +98,15 @@ func getKubeletConfigmapContent(kubeletConfiguration KubeletConfiguration) ([]by + CacheUnauthorizedTTL: zeroDuration, + }, + }, +- CgroupDriver: kubeletConfiguration.TenantControlPlaneCgroupDriver, +- ClusterDNS: kubeletConfiguration.TenantControlPlaneDNSServiceIPs, +- ClusterDomain: kubeletConfiguration.TenantControlPlaneDomain, +- CPUManagerReconcilePeriod: zeroDuration, +- EvictionHard: map[string]string{ +- "imagefs.available": "0%", +- "nodefs.available": "0%", +- "nodefs.inodesFree": "0%", +- }, ++ CgroupDriver: kubeletConfiguration.TenantControlPlaneCgroupDriver, ++ ClusterDNS: kubeletConfiguration.TenantControlPlaneDNSServiceIPs, ++ ClusterDomain: kubeletConfiguration.TenantControlPlaneDomain, ++ CPUManagerReconcilePeriod: zeroDuration, + EvictionPressureTransitionPeriod: zeroDuration, + FileCheckFrequency: zeroDuration, + HealthzBindAddress: "127.0.0.1", + HealthzPort: pointer.To(int32(10248)), + HTTPCheckFrequency: zeroDuration, +- ImageGCHighThresholdPercent: pointer.To(int32(100)), + NodeStatusUpdateFrequency: zeroDuration, + NodeStatusReportFrequency: zeroDuration, + RotateCertificates: true, diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 2ef13714d..10d2e86f4 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -1,3 +1,7 @@ kamaji: etcd: deploy: false + image: + pullPolicy: IfNotPresent + tag: latest@sha256:f7e4036ed809176dafc671953a5c95a652dc7d637a67470142e625103f91ca3d + repository: ghcr.io/aenix-io/cozystack/kamaji