k8s static pods support

README.md

@@ -304,6 +304,10 @@ The following settings can be optionally set to customize the node labels and ta
 The following settings are optional and allow you to further configure your cluster.
 * `settings.kubernetes.cluster-domain`: The DNS domain for this cluster, allowing all Kubernetes-run containers to search this domain before the host's search domains.  Defaults to `cluster.local`.
 
+You can also optionally specify static pods for your node with the following settings.
+* `settings.kubernetes.static-pods.<custom identifier>.manifest`: A base64-encoded pod manifest.
+* `settings.kubernetes.static-pods.<custom identifier>.enabled`: Whether the static pod is enabled.
+
 The following settings are set for you automatically by [pluto](sources/api/) based on runtime instance information, but you can override them if you know what you're doing!
 * `settings.kubernetes.max-pods`: The maximum number of pods that can be scheduled on this node (limited by number of available IPv4 addresses)
 * `settings.kubernetes.cluster-dns-ip`: The CIDR block of the primary network interface.

Release.toml

@@ -20,5 +20,5 @@ version = "1.0.5"
     "migrate_v1.0.5_add-proxy-restart.lz4",
     "migrate_v1.0.5_add-proxy-services.lz4"
 ]
-"(1.0.5, 1.0.6)" = ["migrate_v1.0.6_metricdog-init.lz4"]
+"(1.0.5, 1.0.6)" = ["migrate_v1.0.6_metricdog-init.lz4", "migrate_v1.0.6_add-static-pods.lz4"]
 

packages/kubernetes-1.15/kubelet-config

@@ -31,3 +31,4 @@ configMapAndSecretChangeDetectionStrategy: Cache
 tlsCipherSuites:
 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 maxPods: {{default 110 settings.kubernetes.max-pods}}
+staticPodPath: "/etc/kubernetes/static-pods/"

packages/kubernetes-1.15/kubernetes-1.15.spec

@@ -20,6 +20,7 @@ Source2: kubelet-env
 Source3: kubelet-config
 Source4: kubelet-kubeconfig
 Source5: kubernetes-ca-crt
+Source6: kubernetes-tmpfiles.conf
 Source1000: clarify.toml
 Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
 
@@ -79,6 +80,9 @@ install -m 0644 %{S:3} %{buildroot}%{_cross_templatedir}/kubelet-config
 install -m 0644 %{S:4} %{buildroot}%{_cross_templatedir}/kubelet-kubeconfig
 install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 
+install -d %{buildroot}%{_cross_tmpfilesdir}
+install -p -m 0644 %{S:6} %{buildroot}%{_cross_tmpfilesdir}/kubernetes.conf
+
 %cross_scan_attribution --clarify %{S:1000} go-vendor vendor
 
 %files -n %{_cross_os}kubelet-1.15
@@ -92,5 +96,6 @@ install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 %{_cross_templatedir}/kubelet-config
 %{_cross_templatedir}/kubelet-kubeconfig
 %{_cross_templatedir}/kubernetes-ca-crt
+%{_cross_tmpfilesdir}/kubernetes.conf
 
 %changelog

packages/kubernetes-1.15/kubernetes-tmpfiles.conf

@@ -0,0 +1,2 @@
+d /etc/kubernetes/static-pods - - - -
+L /etc/kubernetes/manifests - - - - static-pods

packages/kubernetes-1.16/kubelet-config

@@ -31,3 +31,4 @@ configMapAndSecretChangeDetectionStrategy: Cache
 tlsCipherSuites:
 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 maxPods: {{default 110 settings.kubernetes.max-pods}}
+staticPodPath: "/etc/kubernetes/static-pods/"

packages/kubernetes-1.16/kubernetes-1.16.spec

@@ -20,6 +20,7 @@ Source2: kubelet-env
 Source3: kubelet-config
 Source4: kubelet-kubeconfig
 Source5: kubernetes-ca-crt
+Source6: kubernetes-tmpfiles.conf
 Source1000: clarify.toml
 Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
 
@@ -75,6 +76,9 @@ install -m 0644 %{S:3} %{buildroot}%{_cross_templatedir}/kubelet-config
 install -m 0644 %{S:4} %{buildroot}%{_cross_templatedir}/kubelet-kubeconfig
 install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 
+install -d %{buildroot}%{_cross_tmpfilesdir}
+install -p -m 0644 %{S:6} %{buildroot}%{_cross_tmpfilesdir}/kubernetes.conf
+
 %cross_scan_attribution --clarify %{S:1000} go-vendor vendor
 
 %files -n %{_cross_os}kubelet-1.16
@@ -88,5 +92,6 @@ install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 %{_cross_templatedir}/kubelet-config
 %{_cross_templatedir}/kubelet-kubeconfig
 %{_cross_templatedir}/kubernetes-ca-crt
+%{_cross_tmpfilesdir}/kubernetes.conf
 
 %changelog

packages/kubernetes-1.16/kubernetes-tmpfiles.conf

@@ -0,0 +1,2 @@
+d /etc/kubernetes/static-pods - - - -
+L /etc/kubernetes/manifests - - - - static-pods

packages/kubernetes-1.17/kubelet-config

@@ -32,3 +32,4 @@ configMapAndSecretChangeDetectionStrategy: Cache
 tlsCipherSuites:
 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 maxPods: {{default 110 settings.kubernetes.max-pods}}
+staticPodPath: "/etc/kubernetes/static-pods/"

packages/kubernetes-1.17/kubernetes-1.17.spec

@@ -20,6 +20,7 @@ Source2: kubelet-env
 Source3: kubelet-config
 Source4: kubelet-kubeconfig
 Source5: kubernetes-ca-crt
+Source6: kubernetes-tmpfiles.conf
 Source1000: clarify.toml
 Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
 
@@ -75,6 +76,9 @@ install -m 0644 %{S:3} %{buildroot}%{_cross_templatedir}/kubelet-config
 install -m 0644 %{S:4} %{buildroot}%{_cross_templatedir}/kubelet-kubeconfig
 install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 
+install -d %{buildroot}%{_cross_tmpfilesdir}
+install -p -m 0644 %{S:6} %{buildroot}%{_cross_tmpfilesdir}/kubernetes.conf
+
 %cross_scan_attribution --clarify %{S:1000} go-vendor vendor
 
 %files -n %{_cross_os}kubelet-1.17
@@ -88,5 +92,6 @@ install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 %{_cross_templatedir}/kubelet-config
 %{_cross_templatedir}/kubelet-kubeconfig
 %{_cross_templatedir}/kubernetes-ca-crt
+%{_cross_tmpfilesdir}/kubernetes.conf
 
 %changelog

packages/kubernetes-1.17/kubernetes-tmpfiles.conf

@@ -0,0 +1,2 @@
+d /etc/kubernetes/static-pods - - - -
+L /etc/kubernetes/manifests - - - - static-pods

packages/kubernetes-1.18/kubelet-config

@@ -32,3 +32,4 @@ configMapAndSecretChangeDetectionStrategy: Cache
 tlsCipherSuites:
 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 maxPods: {{default 110 settings.kubernetes.max-pods}}
+staticPodPath: "/etc/kubernetes/static-pods/"

packages/kubernetes-1.18/kubernetes-1.18.spec

@@ -20,6 +20,7 @@ Source2: kubelet-env
 Source3: kubelet-config
 Source4: kubelet-kubeconfig
 Source5: kubernetes-ca-crt
+Source6: kubernetes-tmpfiles.conf
 Source1000: clarify.toml
 Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
 
@@ -72,6 +73,9 @@ install -m 0644 %{S:3} %{buildroot}%{_cross_templatedir}/kubelet-config
 install -m 0644 %{S:4} %{buildroot}%{_cross_templatedir}/kubelet-kubeconfig
 install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 
+install -d %{buildroot}%{_cross_tmpfilesdir}
+install -p -m 0644 %{S:6} %{buildroot}%{_cross_tmpfilesdir}/kubernetes.conf
+
 %cross_scan_attribution --clarify %{S:1000} go-vendor vendor
 
 %files -n %{_cross_os}kubelet-1.18
@@ -85,5 +89,6 @@ install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 %{_cross_templatedir}/kubelet-config
 %{_cross_templatedir}/kubelet-kubeconfig
 %{_cross_templatedir}/kubernetes-ca-crt
+%{_cross_tmpfilesdir}/kubernetes.conf
 
 %changelog

packages/kubernetes-1.18/kubernetes-tmpfiles.conf

@@ -0,0 +1,2 @@
+d /etc/kubernetes/static-pods - - - -
+L /etc/kubernetes/manifests - - - - static-pods

packages/kubernetes-1.19/kubelet-config

@@ -33,3 +33,4 @@ tlsCipherSuites:
 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 volumePluginDir: "/var/lib/kubelet/plugins/volume/exec"
 maxPods: {{default 110 settings.kubernetes.max-pods}}
+staticPodPath: "/etc/kubernetes/static-pods/"

packages/kubernetes-1.19/kubernetes-1.19.spec

@@ -20,6 +20,7 @@ Source2: kubelet-env
 Source3: kubelet-config
 Source4: kubelet-kubeconfig
 Source5: kubernetes-ca-crt
+Source6: kubernetes-tmpfiles.conf
 Source1000: clarify.toml
 Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch
 
@@ -69,6 +70,9 @@ install -m 0644 %{S:3} %{buildroot}%{_cross_templatedir}/kubelet-config
 install -m 0644 %{S:4} %{buildroot}%{_cross_templatedir}/kubelet-kubeconfig
 install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 
+install -d %{buildroot}%{_cross_tmpfilesdir}
+install -p -m 0644 %{S:6} %{buildroot}%{_cross_tmpfilesdir}/kubernetes.conf
+
 %cross_scan_attribution --clarify %{S:1000} go-vendor vendor
 
 %files -n %{_cross_os}kubelet-1.19
@@ -82,5 +86,6 @@ install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt
 %{_cross_templatedir}/kubelet-config
 %{_cross_templatedir}/kubelet-kubeconfig
 %{_cross_templatedir}/kubernetes-ca-crt
+%{_cross_tmpfilesdir}/kubernetes.conf
 
 %changelog

packages/kubernetes-1.19/kubernetes-tmpfiles.conf

@@ -0,0 +1,2 @@
+d /etc/kubernetes/static-pods - - - -
+L /etc/kubernetes/manifests - - - - static-pods

packages/os/os.spec

@@ -1,4 +1,5 @@
 %global _cross_first_party 1
+%global _is_k8s_variant %(if echo %{_cross_variant} | grep -q "k8s"; then echo 1; else echo 0; fi)
 %undefine _debugsource_packages
 
 Name: %{_cross_os}os
@@ -73,7 +74,9 @@ Requires: %{_cross_os}apiserver = %{version}-%{release}
 Summary: Updates settings dynamically based on user-specified generators
 Requires: %{_cross_os}apiserver = %{version}-%{release}
 Requires: %{_cross_os}schnauzer = %{version}-%{release}
+%if %{_is_k8s_variant}
 Requires: %{_cross_os}pluto = %{version}-%{release}
+%endif
 Requires: %{_cross_os}bork = %{version}-%{release}
 %description -n %{_cross_os}sundog
 %{summary}.
@@ -94,11 +97,6 @@ Summary: Setting generator for templated settings values.
 %description -n %{_cross_os}schnauzer
 %{summary}.
 
-%package -n %{_cross_os}pluto
-Summary: Dynamic setting generator for kubernetes
-%description -n %{_cross_os}pluto
-%{summary}.
-
 %package -n %{_cross_os}thar-be-settings
 Summary: Applies changed settings to a Bottlerocket system
 Requires: %{_cross_os}apiserver = %{version}-%{release}
@@ -182,6 +180,19 @@ Summary: Settings generator for ECS
 %{summary}.
 %endif
 
+%if %{_is_k8s_variant}
+%package -n %{_cross_os}pluto
+Summary: Dynamic setting generator for kubernetes
+%description -n %{_cross_os}pluto
+%{summary}.
+
+%package -n %{_cross_os}static-pods
+Summary: Manages user-defined K8S static pods
+Requires: %{_cross_os}apiserver = %{version}-%{release}
+%description -n %{_cross_os}static-pods
+%{summary}.
+%endif
+
 %prep
 %setup -T -c
 %cargo_prep
@@ -194,7 +205,6 @@ mkdir bin
     -p netdog \
     -p sundog \
     -p schnauzer \
-    -p pluto \
     -p bork \
     -p thar-be-settings \
     -p thar-be-updates \
@@ -212,6 +222,10 @@ mkdir bin
     -p corndog \
 %if "%{_cross_variant}" == "aws-ecs-1"
     -p ecs-settings-applier \
+%endif
+%if %{_is_k8s_variant}
+    -p pluto \
+    -p static-pods \
 %endif
     %{nil}
 
@@ -234,7 +248,7 @@ done
 install -d %{buildroot}%{_cross_bindir}
 for p in \
   apiserver \
-  early-boot-config netdog sundog schnauzer pluto bork corndog \
+  early-boot-config netdog sundog schnauzer bork corndog \
   thar-be-settings thar-be-updates servicedog host-containers \
   storewolf settings-committer \
   migrator \
@@ -243,6 +257,9 @@ for p in \
 %if "%{_cross_variant}" == "aws-ecs-1"
   ecs-settings-applier \
 %endif
+%if %{_is_k8s_variant}
+  pluto static-pods \
+%endif
 ; do
   install -p -m 0755 ${HOME}/.cache/%{__cargo_target}/release/${p} %{buildroot}%{_cross_bindir}
 done
@@ -277,8 +294,10 @@ install -d %{buildroot}%{_cross_datadir}/bottlerocket
 install -d %{buildroot}%{_cross_sysusersdir}
 install -p -m 0644 %{S:2} %{buildroot}%{_cross_sysusersdir}/api.conf
 
+%if %{_is_k8s_variant}
 install -d %{buildroot}%{_cross_datadir}/eks
 install -p -m 0644 %{S:3} %{buildroot}%{_cross_datadir}/eks
+%endif
 
 install -d %{buildroot}%{_cross_datadir}/updog
 install -p -m 0644 %{_cross_repo_root_json} %{buildroot}%{_cross_datadir}/updog
@@ -332,11 +351,6 @@ install -p -m 0644 %{S:300} %{buildroot}%{_cross_udevrulesdir}/80-ephemeral-stor
 %files -n %{_cross_os}schnauzer
 %{_cross_bindir}/schnauzer
 
-%files -n %{_cross_os}pluto
-%{_cross_bindir}/pluto
-%dir %{_cross_datadir}/eks
-%{_cross_datadir}/eks/eni-max-pods
-
 %files -n %{_cross_os}bork
 %{_cross_bindir}/bork
 
@@ -403,4 +417,14 @@ install -p -m 0644 %{S:300} %{buildroot}%{_cross_udevrulesdir}/80-ephemeral-stor
 %{_cross_bindir}/ecs-settings-applier
 %endif
 
+%if %{_is_k8s_variant}
+%files -n %{_cross_os}pluto
+%{_cross_bindir}/pluto
+%dir %{_cross_datadir}/eks
+%{_cross_datadir}/eks/eni-max-pods
+
+%files -n %{_cross_os}static-pods
+%{_cross_bindir}/static-pods
+%endif
+
 %changelog

packages/release/release.spec

@@ -63,7 +63,6 @@ Requires: %{_cross_os}selinux-policy
 Requires: %{_cross_os}policycoreutils
 Requires: %{_cross_os}signpost
 Requires: %{_cross_os}sundog
-Requires: %{_cross_os}pluto
 Requires: %{_cross_os}storewolf
 Requires: %{_cross_os}host-containers
 Requires: %{_cross_os}settings-committer

sources/Cargo.toml

@@ -13,6 +13,7 @@ members = [
     "api/pluto",
     "api/servicedog",
     "api/host-containers",
+    "api/static-pods",
     "api/storewolf",
     "api/thar-be-settings",
     "api/thar-be-updates",
@@ -38,6 +39,7 @@ members = [
     "api/migration/migrations/v1.0.5/add-proxy-restart",
     "api/migration/migrations/v1.0.5/add-proxy-services",
     "api/migration/migrations/v1.0.6/metricdog-init",
+    "api/migration/migrations/v1.0.6/add-static-pods",
 
     "bottlerocket-release",
 

sources/api/migration/migrations/v1.0.6/add-static-pods/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "add-static-pods"
+version = "0.1.0"
+authors = ["Erikson Tung <etung@amazon.com>"]
+license = "Apache-2.0 OR MIT"
+edition = "2018"
+publish = false
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[dependencies]
+migration-helpers = { path = "../../../migration-helpers" }