-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Deploy new epoxy-extension-server + setup_k8s.sh related changes (#236)
* Replaces old epoxy extension services with new server The token-server and bmc-store-password ePoxy extensions are now replaced by a new ePoxy "extension server." Instead of individual extension container images, they are now all combined into a single binary and container image that listens on a single port. * Uses date string versions for images not in mlab-oti See long comment in change set for details * Deploys a single ePoxy extension server Previously there were separate token-server and bmc-store-password containers and systemd units. These have now been combined into a single extension server that listens on a single port. * Fixes nameing violation for virtual images * Installs apparmor package flannel was failing to start on sandbox nodes, causing the node to be ina NotReady state because networking was not ready. The pod description had this event: "Error: failed to create containerd container: get apparmor_parser version: exec: "apparmor_parser": executable file not found in $PATH" This appears to be related to some changes going on in containerd: containerd/containerd#8087 * Fixes a syntax error in mount-data-api.sh * Fixes ordering of control plane services The create-control-plane.service is supposed to run _after_ mount-data-api, but that ordering was broken because the name of the service changed and I failed to update the "After" block with the new name. * Don't fail the build when cluster vesion not available If the query to the live cluster for its version fails, then don't bother doing any version checking. The live cluster may not even exist, and possibly needs the images from this build so that it can be created. * Redundant check for working cluster before init Adds an additional, redundant check for the existence of /etc/kubernetes/admin.conf before initializing the cluster. A bug in our config caused the service unit to run even though that file existed, and kubeadm overwrote numerous things before finally erroring out. Can't hurt to add the additional check in this file. For nodes joining the cluster, wait for 90s (up from 60s) before trying to join to give the primary control plane node time to finish setting everything up. I discovered that 60s was not quite enough, and nodes joining the control plane might get a connection refused from the primary API endpoint. * Don't mkdir /etc/kubernetes/manifests on API machines On control plane machines, /etc/kubernetes is supposed to be a symlink to /mnt/cluster-data/kubernetes. When /etc/kubernetes already exists as a regular dir, then ln creates a symlink inside /etc/kubernetes, breaking the configuration and breakage of the create-control-plane service. Anyway, on control plane nodes that directory will be created automatically by kubeadm. * Makes setup_k8s.sh parse allocate_k8s_token v2 data ePoxy extension allocate_k8s_token V2 returns all the data needed to join the cluster. This commit removes all templating from setup_k8s.sh and moves it into the physical image filesystem. It is now a static script which can fetch everything it needs from allocate_k8s_token V2. * Makes setup_k8s.sh executable * Refactors the join-cluster.sh script Previously, the script assumed that all VMs were going to be part of a MIG. We have decided to have a hybrid approach with both MIGs and standard VMs, which required a few changes. Additionally, configure the script to the V2 allocate_k8s_token ePoxy extension, which returns all the data needed to join the cluster, not just the token. This also required some refactoring of the code.
- Loading branch information
Showing
14 changed files
with
149 additions
and
132 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 0 additions & 18 deletions
18
configs/virtual_ubuntu/etc/systemd/system/bmc-store-password.service
This file was deleted.
Oops, something went wrong.
2 changes: 1 addition & 1 deletion
2
configs/virtual_ubuntu/etc/systemd/system/create-control-plane.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
configs/virtual_ubuntu/etc/systemd/system/epoxy-extension-server.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
[Unit] | ||
Description=ePoxy extension server | ||
After=docker.service mount-data-api.service | ||
Requires=docker.service mount-data-api.service | ||
|
||
# Run the ePoxy extension server (supporting the ePoxy Extension API). | ||
# | ||
# Mount /opt/bin so that the container has access to kubeadm, and | ||
# /etc/kubernetes so that kubeadm has access to admin.conf" | ||
[Service] | ||
TimeoutStartSec=120 | ||
Restart=always | ||
ExecStartPre=-/usr/bin/docker stop %N | ||
ExecStartPre=-/usr/bin/docker rm %N | ||
ExecStart=/usr/bin/docker run --publish 8800:8800 \ | ||
--volume /etc/kubernetes:/etc/kubernetes:ro \ | ||
--volume /opt/bin:/opt/bin:ro \ | ||
--name %N -- \ | ||
measurementlab/epoxy-extensions:v0.4.0 \ | ||
-bin-dir /opt/bin | ||
ExecStop=/usr/bin/docker stop %N | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
28 changes: 0 additions & 28 deletions
28
configs/virtual_ubuntu/etc/systemd/system/token-server.service
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.