Since after v3.5.6 etcd-io switched to a
distroless base image. Etcd anchor pods
are now using etcd-utility and etcd is
running a sidecar for health checks.
Change-Id: I198dca1209097de4d60a53a7568f0c4790679599
This change allows the HostSystem and Genesis document to specify direct
URLs to files (for example, kubelet and kubectl) that are to be written
to the deployed hosts.
Change-Id: I1828d4a9e654537448631434b26b5becc4d2d717
This adds a parameter to the genesis schema
to configure the tiller storage [0] type. For backward
compatibility, by default the parameter is not passed
to tiller, thus relying on the upstream default, which
is 'configmap'.
[0]: https://helm.sh/docs/using_helm/#tiller-s-release-information
Change-Id: I045f8b57f695385b1a502a8f13f61a58d400784e
To be able to run with the nobody user, an init container
is used in the haproxy-anchor pod to change the ownership and
permissions of '/host/etc/promenade/haproxy'. Security conext
was included in 'etc/kubernetes/manifests/haproxy.yaml' and
'promenade/schemas/Genesis.yaml' schema was updated to included
run_as_user property for haproxy pod.
Change-Id: Id248face0be43c417284ceb781997634a9c4dd5e
This change has been tested by the promenade resiliency gate.
This adds configuration for which ports to use for the tiller container
in the bootstrap-armada pod, and changes the defaults to be outside of
`net.ipv4.ip_local_port_range`, since the apiserver container in this pod
dynamically selects ports in that range to connect to etcd, which can
cause conflicts. See [0] for an example.
By default, since we're no longer using the standard tiller ports, this
does mean that we cannot connect to this tiller instance (before it's
replaced by the chart-based instance) via the helm CLI, until it supports
overriding the tiller port to connect to, however this should be
relatively soon [1].
[0]: https://github.com/helm/helm/issues/4886
[1]: https://github.com/helm/helm/pull/5590
Change-Id: Ief11411f079db27489e6974c028f6b7a16bb67bf
- Currently the auxiliary etcd instances remove themselves
after a single non-genesis member joins the cluster. This
leaves the cluster susceptible to non-recoverable disruption
until a 3rd member joins. This change makes the auxiliary control
script wait for a configurable number of non-auxiliary members to
join before removing the auxiliary members.
Change-Id: Ib4968b533e8433e3c40a845d086c7078e807c3e2
Adds an optional external_ip parameter to the prom join script API,
and to the Genesis and KubernetesNode schema.
This is used to populate the host's IP address in its /etc/hosts
file if present, according to normal hosts conventions.
If the value is not passed to prom-join or is absent from a
Genesis or KubernetesNode document, then the hosts file defaults
to the current loopback IP for the hostname (business as usual).
Change-Id: I58dc219923b18aaf9c83453b896ce509664d8766
This change accomplishes 2 primary things:
1. It generalizes work to enable the EventRateLimit admission plugin.
2. It restructures the anchor so that during an upgrade an "old" anchor
does not try to coordinate the injection of "new" data from
configmaps/secrets.
It also includes these ancillary changes:
* Clean up apiserver argument specification in the chart.
* De-duplicate and realign apiserver arguments in bootstrapping templates.
It has the side effects of:
* Adding a new field, ".apiserver.arguments" to the Genesis config,
which will be the preferred way to configure bootstrapping apiservers
going forward (in lieu of command_prefix).
Change-Id: I33cfe80ee8e29cd79e479a7985e3c098a2288fda
- During the genesis or join operation when /etc/hosts and
/etc/resolv.conf are controlled by Promeande, we need to
support including a domain name. This can be configured
by YAML definition or by the join-script API. To support
backward compatability use a default of 'local' when no
domain is specified.
Testing: `./tools/gate.sh resiliency` has passed locally
Change-Id: Ia0d300912d3ec25eb7f1cb9c580eaa40b5b4addb
This avoids possible issues when the configuration of the bootstrapping
apiserver differs from the chart's configuration. Issues were
specifically seen when overriding the node port range, but this opens up
additional configuration also.
Change-Id: I2a3fc5847e850c8055c099bac50782debbbabbf4
* Freeze busybox version for log validation.
* Move static labels to dynamic in remaining places.
* Stop using node-role.kubernetes.io/master= label.
* Update older coredns image usage.
* Add content to plaeholder file to avoid warning.
* Add external DNS check to DNS validation check.
Change-Id: I9d0665a940ab055e6426aeca9c8e2be269e6b13a
This change includes several interconnected features:
* Migration to Deckhand-based configuration. This is integrated here,
because new configuration data were needed, so it would have been
wasted effort to either implement it in the old format or to update
the old configuration data to Dechkand format.
* Failing faster with stronger validation. Migration to Deckhand
configuration was a good opportunity to add schema validation, which
is a requirement in the near term anyway. Additionally, rendering
all templates up front adds an additional layer of "fail-fast".
* Separation of certificate generation and configuration assembly into
different commands. Combined with Deckhand substitution, this creates
a much clearer distinction between Promenade configuration and
deployable secrets.
* Migration of components to charts. This is a key step that will
enable support for dynamic node management. Additionally, this paves
the way for significant configurability in component deployment.
* Version of kubelet is configurable & controlled via download url.
* Restructuring templates to be more intuitive. Many of the templates
require changes or deletion due to the migration to charts.
* Installation of pre-configured useful tools on hosts, including calicoctl.
* DNS is now provided by coredns, which is highly configurable.
Change-Id: I9f2d8da6346f4308be5083a54764ce6035a2e10c