The extraction of the monolithic hyperkube binary from its container
image to be used as kubelet was last relevant in Kubernetes 1.16. Since
then, the hyperkube image has been deprecated, the structure of the
image has been changed, and it has ultimately been eliminated in
Kubernetes 1.19.
This change cleans up promenade accordingly.
Reverts the following commits:
* 886007b New CLI option to extract hyperkube
* 32a6c15 hyperkube image in promenade init
* 955deed New source for hyperkube binary definition
Change-Id: Ib62ecdf1af13abe8202a4ba4f86c39b9042ed13f
This converts the etc configmap to be a secret, whic provides
additional obfuscation against accidental inspection of secrets.
Change-Id: Ifd522a786eb751e7fad35d3f9ee17ec2bb87e010
Use hyperkube image for promenade init container.
It's purpose is to extract and cache hyperkube binary from image.
This binary will be used in promenade-api container as a backup plan.
Init container stores binary in a shared volume where
promenade-api container can use it. It will use it when
promenade config has no docker endpoint to call docker API
from promenade source code.
See https://review.opendev.org/657953 for reference.
Change-Id: I7edcb1acbe0d864324a4341c682bbcb9b110c4eb
Now it's possible to use hyperkube Docker image to extract hyperkube binary.
Use case for this feature is kubelet/kubectl delivery in one binary(hyperkube)
which is built into Docker image. Promenade will extract hyperkube from Docker image,
create symlinks for kubelet/kubectl pointed to hyperkube. To do so promenade container
need to be configured to use Docker on the host where this container will be created.
This is happening only for script generation for genesis node. Later when promenade
will be started as a service pod inside ucp cluster it will generate scripts for joining nodes
by using cached hyperkube from /tmp.
Old way to delivery kubelet from tarball is still supported.
Configuration for the new method.
Need to export environment variables to properly configure Docker in Docker.
Docker socket should be provided as a mounted file inside promenade.
Also need to set temporary permissions for this socket during the build scripts stage.
Example:
DOCKER_SOCK="/var/run/docker.sock"
sudo chmod o+rw $DOCKER_SOCK
export DOCKER_HOST="unix:/${DOCKER_SOCK}"
export PROMENADE_TMP="abs_path_tmp_dir_on_host"
export PROMENADE_TMP_LOCAL="tmp_dir_inside_container"
After genesis scripts generation Docker socket permission should be turned back:
sudo chmod o-rw $DOCKER_SOCK
Change-Id: Ida22ea934fc551fec34df162d8147c8b9e630330
Daemonset update strategy defaults to OnDelete in v1beta1, whereas
it defaults to RollingUpdate in v1, which seems prefereable.
This also adds helm-toolkit based labels at the controller level
to match standard usage such as for example by armada as wait labels.
This change has been tested using the promenade resiliency gate.
Change-Id: I9fd1bc4caedc0a6717b779e5333640ca8dc78b7e
This adds a security context to the promenade chart, which
changes the pod's user from root to the nobody user instead
This also adds the container security context to set
allowPrivilegeEscalation to false and readOnlyRootFilesystem to true
Change-Id: I269d034f6f8a1c14f2897bb375e899abc99e0c01
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. This can be used, for example, to force an
artificial manifest change in CICD scenarios, for upgradability
testing purposes.
Change-Id: I8d0ffac306258f940c63799e86e7e26b5c2c5add
This removes the reliance on coredns for APIserver discovery, allowing
a simpler configuration that is compatible with corednx 1.0.x
Change-Id: Ia3b7b5627c16ec47af6b0d6d5e8dee2674e9b1ee
* Add ability to fetch design from Deckhand
* Add functional testing for Deckhand design_ref integration
* Update complete example to work with changes to Ceph chart
Change-Id: Ice25a27b340e68a8ab38a23021cd91e032ca537b
We are getting the following error [0] when we try to deploy the
Promenade Helm Chart with Armada. The problem occurs after [1] was
merged. Note that [1] is the updates for RBAC changes.
This p.s. is meant to correct that behavior
[0] StatusCode.UNKNOWN, error validating "": error validating data: found invalid field rules for v1.Job
[1] https://review.gerrithub.io/#/c/393196/
Change-Id: I6917a0176841046e60b24066f72cb0931c034a0b