Merge pull request #1904 from zmrow/metal-k8s-variant

variants: Add metal-k8s-1.21 variant

.github/workflows/build.yml

@@ -37,6 +37,9 @@ jobs:
           - variant: metal-dev
             arch: x86_64
             supported: false
+          - variant: metal-k8s-1.21
+            arch: x86_64
+            supported: false
           - variant: vmware-k8s-1.20
             arch: x86_64
             supported: true

sources/logdog/conf/logdog.metal-k8s-1.21.conf

@@ -0,0 +1 @@
+k8s.conf

sources/logdog/conf/logdog.vmware-k8s-1.20.conf

@@ -1 +1 @@
-vmware-k8s.conf
+k8s.conf

sources/logdog/conf/logdog.vmware-k8s-1.21.conf

@@ -1 +1 @@
-vmware-k8s.conf
+k8s.conf

sources/models/README.md

@@ -72,6 +72,11 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and
 * [Model](src/metal-dev/mod.rs)
 * [Default settings](src/metal-dev/defaults.d/)
 
+### metal-k8s-1.21: Metal Kubernetes 1.21
+
+* [Model](src/metal-k8s-1.21/mod.rs)
+* [Default settings](src/metal-k8s-1.21/defaults.d/)
+
 ## This directory
 
 We use `build.rs` to symlink the proper API model source code for Cargo to build.

sources/models/shared-defaults/kubernetes-metal.toml

@@ -0,0 +1,19 @@
+[settings.kubernetes]
+cluster-domain = "cluster.local"
+standalone-mode = false
+authentication-mode = "tls"
+pod-infra-container-image = "public.ecr.aws/eks-distro/kubernetes/pause:3.5"
+server-tls-bootstrap = false
+cloud-provider = "external"
+
+[metadata.settings.kubernetes]
+node-ip.setting-generator = "netdog node-ip"
+affected-services = ["kubernetes"]
+
+# Metrics
+[settings.metrics]
+service-checks = ["apiserver", "chronyd", "containerd", "host-containerd", "kubelet"]
+
+# Network
+[metadata.settings.network]
+affected-services = ["containerd", "kubernetes", "host-containerd", "host-containers"]

sources/models/shared-defaults/public-host-containers.toml

@@ -0,0 +1,14 @@
+# Both containers are disabled by default in off-AWS variants because the user
+# must supply user data in order to use the containers.  The admin container
+# isn't useful without SSH keys/CA certs, and the control container can only be
+# used with hybrid SSM off of AWS.  Users of off-AWS variants might not want to
+# use either of those options.
+[settings.host-containers.admin]
+enabled = false
+superpowered = true
+source = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.7.3"
+
+[settings.host-containers.control]
+enabled = false
+superpowered = false
+source = "public.ecr.aws/bottlerocket/bottlerocket-control:v0.5.4"

sources/models/src/lib.rs

@@ -69,6 +69,11 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and
 * [Model](src/metal-dev/mod.rs)
 * [Default settings](src/metal-dev/defaults.d/)
 
+## metal-k8s-1.21: Metal Kubernetes 1.21
+
+* [Model](src/metal-k8s-1.21/mod.rs)
+* [Default settings](src/metal-k8s-1.21/defaults.d/)
+
 # This directory
 
 We use `build.rs` to symlink the proper API model source code for Cargo to build.

sources/models/src/metal-k8s-1.21/defaults.d/10-defaults.toml

@@ -0,0 +1 @@
+../../../shared-defaults/defaults.toml

sources/models/src/metal-k8s-1.21/defaults.d/20-public-host-containers.toml

@@ -0,0 +1 @@
+../../../shared-defaults/public-host-containers.toml

sources/models/src/metal-k8s-1.21/defaults.d/30-metrics.toml

@@ -0,0 +1 @@
+../../../shared-defaults/metrics.toml

sources/models/src/metal-k8s-1.21/defaults.d/50-kubernetes-metal.toml

@@ -0,0 +1 @@
+../../../shared-defaults/kubernetes-metal.toml

sources/models/src/metal-k8s-1.21/defaults.d/51-kubernetes-containerd.toml

@@ -0,0 +1 @@
+../../../shared-defaults/kubernetes-containerd.toml

sources/models/src/metal-k8s-1.21/defaults.d/52-kubernetes-services.toml

@@ -0,0 +1 @@
+../../../shared-defaults/kubernetes-services.toml

sources/models/src/metal-k8s-1.21/defaults.d/60-lockdown-integrity.toml

@@ -0,0 +1 @@
+../../../shared-defaults/lockdown-integrity.toml

sources/models/src/metal-k8s-1.21/defaults.d/70-public-ntp.toml

@@ -0,0 +1 @@
+../../../shared-defaults/public-ntp.toml

sources/models/src/metal-k8s-1.21/defaults.d/80-oci-hooks.toml

@@ -0,0 +1 @@
+../../../shared-defaults/oci-hooks.toml

sources/models/src/metal-k8s-1.21/mod.rs

@@ -0,0 +1,27 @@
+use model_derive::model;
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+
+use crate::modeled_types::Identifier;
+use crate::{
+    BootstrapContainer, HostContainer, KernelSettings, KubernetesSettings, MetricsSettings,
+    NetworkSettings, NtpSettings, OciHooks, PemCertificate, RegistrySettings, UpdatesSettings,
+};
+
+// Note: we have to use 'rename' here because the top-level Settings structure is the only one
+// that uses its name in serialization; internal structures use the field name that points to it
+#[model(rename = "settings", impl_default = true)]
+struct Settings {
+    motd: String,
+    kubernetes: KubernetesSettings,
+    updates: UpdatesSettings,
+    host_containers: HashMap<Identifier, HostContainer>,
+    bootstrap_containers: HashMap<Identifier, BootstrapContainer>,
+    ntp: NtpSettings,
+    network: NetworkSettings,
+    kernel: KernelSettings,
+    metrics: MetricsSettings,
+    pki: HashMap<Identifier, PemCertificate>,
+    container_registry: RegistrySettings,
+    oci_hooks: OciHooks,
+}

sources/models/src/vmware-k8s-1.21/defaults.d/20-public-host-containers.toml

@@ -0,0 +1 @@
+../../../shared-defaults/public-host-containers.toml

variants/Cargo.toml

@@ -7,6 +7,7 @@ members = [
     "aws-k8s-1.20",
     "aws-k8s-1.21",
     "metal-dev",
+    "metal-k8s-1.21",
     "vmware-dev",
     "vmware-k8s-1.20",
     "vmware-k8s-1.21",

variants/README.md

@@ -96,6 +96,13 @@ This variant is compatible with Kubernetes 1.21, 1.22, and 1.23 clusters.
 The [metal-dev](metal-dev/Cargo.toml) variant has useful packages for local development of the OS and is intended to run bare metal.
 It includes tools for troubleshooting as well as Docker for running containers.
 
+### metal-k8s-1.21: Metal Kubernetes 1.21 node
+
+The [metal-k8s-1.21](metal-k8s-1.21/Cargo.toml) variant includes the packages needed to run a Kubernetes node on bare metal.
+It supports self-hosted clusters.
+
+This variant is compatible with Kubernetes 1.21, 1.22, and 1.23 clusters.
+
 ### Deprecated variants
 
 #### aws-k8s-1.15: Kubernetes 1.15 node

variants/metal-k8s-1.21/Cargo.toml

@@ -0,0 +1,40 @@
+[package]
+# This is the metal-k8s-1.21 variant.  "." is not allowed in crate names, but
+# we don't use this crate name anywhere.
+name = "metal-k8s-1_21"
+version = "0.1.0"
+edition = "2018"
+publish = false
+build = "build.rs"
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[package.metadata.build-variant.image-layout]
+os-image-size-gib = 4
+partition-plan = "unified"
+
+[package.metadata.build-variant]
+image-format = "raw"
+kernel-parameters = [
+    "console=tty0",
+    "console=ttyS1,115200n8",
+    # Only reserve if there are at least 2GB
+    "crashkernel=2G-:256M"
+]
+included-packages = [
+    "cni",
+    "cni-plugins",
+    "kernel-5.10",
+    "kubelet-1.21",
+    "release",
+]
+
+[lib]
+path = "lib.rs"
+
+[build-dependencies]
+cni = { path = "../../packages/cni" }
+cni-plugins = { path = "../../packages/cni-plugins" }
+kernel-5_10 = { path = "../../packages/kernel-5.10" }
+kubernetes-1_21 = { path = "../../packages/kubernetes-1.21" }
+release = { path = "../../packages/release" }

variants/metal-k8s-1.21/build.rs

@@ -0,0 +1,9 @@
+use std::process::{exit, Command};
+
+fn main() -> Result<(), std::io::Error> {
+    let ret = Command::new("buildsys").arg("build-variant").status()?;
+    if !ret.success() {
+        exit(1);
+    }
+    Ok(())
+}

variants/metal-k8s-1.21/lib.rs

@@ -0,0 +1 @@
+// not used