diff --git a/pkg/userdata/centos/testdata/kubelet-v1.10-aws.golden b/pkg/userdata/centos/testdata/kubelet-v1.10-aws.golden index 496695b35..752fe597b 100644 --- a/pkg/userdata/centos/testdata/kubelet-v1.10-aws.golden +++ b/pkg/userdata/centos/testdata/kubelet-v1.10-aws.golden @@ -62,7 +62,7 @@ write_files: {aws-config:true} - path: "/usr/local/bin/setup" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -83,14 +83,31 @@ write_files: systemctl enable --now docker systemctl enable --now kubelet - kubeadm join \ - --token my-token \ - --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ - --ignore-preflight-errors=CRI \ - server:443 + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then + kubeadm join \ + --token my-token \ + --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ + --ignore-preflight-errors=CRI \ + server:443 + fi + + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service - path: "/usr/local/bin/supervise.sh" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -112,5 +129,31 @@ write_files: RemainAfterExit=true ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/centos/testdata/kubelet-v1.11-aws.golden b/pkg/userdata/centos/testdata/kubelet-v1.11-aws.golden index 64a99d5d0..15b16ac3f 100644 --- a/pkg/userdata/centos/testdata/kubelet-v1.11-aws.golden +++ b/pkg/userdata/centos/testdata/kubelet-v1.11-aws.golden @@ -58,7 +58,7 @@ write_files: {aws-config:true} - path: "/usr/local/bin/setup" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -79,14 +79,31 @@ write_files: systemctl enable --now docker systemctl enable --now kubelet - kubeadm join \ - --token my-token \ - --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ - --ignore-preflight-errors=CRI \ - server:443 + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then + kubeadm join \ + --token my-token \ + --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ + --ignore-preflight-errors=CRI \ + server:443 + fi + + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service - path: "/usr/local/bin/supervise.sh" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -108,5 +125,31 @@ write_files: RemainAfterExit=true ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/centos/testdata/kubelet-v1.12-aws.golden b/pkg/userdata/centos/testdata/kubelet-v1.12-aws.golden index 96c70ecbc..137e1db24 100644 --- a/pkg/userdata/centos/testdata/kubelet-v1.12-aws.golden +++ b/pkg/userdata/centos/testdata/kubelet-v1.12-aws.golden @@ -58,7 +58,7 @@ write_files: {aws-config:true} - path: "/usr/local/bin/setup" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -79,14 +79,31 @@ write_files: systemctl enable --now docker systemctl enable --now kubelet - kubeadm join \ - --token my-token \ - --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ - --ignore-preflight-errors=CRI \ - server:443 + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then + kubeadm join \ + --token my-token \ + --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ + --ignore-preflight-errors=CRI \ + server:443 + fi + + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service - path: "/usr/local/bin/supervise.sh" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -108,5 +125,31 @@ write_files: RemainAfterExit=true ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/centos/testdata/kubelet-v1.9-aws.golden b/pkg/userdata/centos/testdata/kubelet-v1.9-aws.golden index 1e826649e..71c578729 100644 --- a/pkg/userdata/centos/testdata/kubelet-v1.9-aws.golden +++ b/pkg/userdata/centos/testdata/kubelet-v1.9-aws.golden @@ -62,7 +62,7 @@ write_files: {aws-config:true} - path: "/usr/local/bin/setup" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -83,14 +83,31 @@ write_files: systemctl enable --now docker systemctl enable --now kubelet - kubeadm join \ - --token my-token \ - --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ - --ignore-preflight-errors=CRI \ - server:443 + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then + kubeadm join \ + --token my-token \ + --discovery-token-ca-cert-hash sha256:6caecce9fedcb55d4953d61a27dc6997361a2f226ad86d7e6004dde7526fc4b1 \ + --ignore-preflight-errors=CRI \ + server:443 + fi + + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service - path: "/usr/local/bin/supervise.sh" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -112,5 +129,31 @@ write_files: RemainAfterExit=true ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/centos/userdata.go b/pkg/userdata/centos/userdata.go index e01883da4..f6e3ca2b1 100644 --- a/pkg/userdata/centos/userdata.go +++ b/pkg/userdata/centos/userdata.go @@ -209,7 +209,7 @@ write_files: {{ if ne .CloudConfig "" }}{{ .CloudConfig | indent 4 }}{{ end }} - path: "/usr/local/bin/setup" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -230,16 +230,33 @@ write_files: systemctl enable --now docker systemctl enable --now kubelet - kubeadm join \ - --token {{ .BoostrapToken }} \ - --discovery-token-ca-cert-hash sha256:{{ .KubeadmCACertHash }} \ - {{- if semverCompare ">=1.9.X" .KubeletVersion }} - --ignore-preflight-errors=CRI \ - {{- end }} - {{ .ServerAddr }} + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then + kubeadm join \ + --token {{ .BoostrapToken }} \ + --discovery-token-ca-cert-hash sha256:{{ .KubeadmCACertHash }} \ + {{- if semverCompare ">=1.9.X" .KubeletVersion }} + --ignore-preflight-errors=CRI \ + {{- end }} + {{ .ServerAddr }} + fi + + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service - path: "/usr/local/bin/supervise.sh" - permissions: "0777" + permissions: "0755" content: | #!/bin/bash set -xeuo pipefail @@ -261,6 +278,32 @@ write_files: RemainAfterExit=true ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service ` diff --git a/pkg/userdata/coreos/testdata/auto-update-openstack-kubelet-v-version-prefix.golden b/pkg/userdata/coreos/testdata/auto-update-openstack-kubelet-v-version-prefix.golden index 432161cd6..3c638dd59 100644 --- a/pkg/userdata/coreos/testdata/auto-update-openstack-kubelet-v-version-prefix.golden +++ b/pkg/userdata/coreos/testdata/auto-update-openstack-kubelet-v-version-prefix.golden @@ -153,6 +153,17 @@ "verification": {} }, "mode": 420 + }, + { + "filesystem": "root", + "group": {}, + "path": "/opt/bin/download-healthcheck-script.sh", + "user": {}, + "contents": { + "source": "data:,%23!%2Fusr%2Fbin%2Fenv%20bash%0Aset%20-xeuo%20pipefail%0Auntil%20%5B%5B%20-x%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5D%5D%3B%20do%0A%20%20curl%20-Lfo%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5C%0A%20%20%20%20https%3A%2F%2Fraw.githubusercontent.com%2Fkubermatic%2Fmachine-controller%2F8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e%2Fpkg%2Fuserdata%2Fscripts%2Fhealth-monitor.sh%0A%20%20chmod%20%2Bx%20%2Fopt%2Fbin%2Fhealth-monitor.sh%0Adone%0A", + "verification": {} + }, + "mode": 755 } ] }, @@ -162,6 +173,21 @@ "enabled": true, "name": "docker.service" }, + { + "contents": "[Unit]\nRequires=network-online.target\nAfter=network-online.target\n[Service]\nType=oneshot\nExecStart=/opt/bin/download-healthcheck-script.sh\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "download-healthcheck-script.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service kubelet.service\nAfter=download-healthcheck-script.service kubelet.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh kubelet\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "kubelet-healthcheck.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service docker.service\nAfter=download-healthcheck-script.service docker.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh container-runtime\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "docker-healthcheck.service" + }, { "contents": "[Unit]\nDescription=Kubernetes Kubelet\nRequires=docker.service\nAfter=docker.service\n[Service]\nTimeoutStartSec=5min\nEnvironment=KUBELET_IMAGE=docker://k8s.gcr.io/hyperkube-amd64:v1.9.2\nEnvironment=\"RKT_RUN_ARGS=--uuid-file-save=/var/cache/kubelet-pod.uuid \\\n --insecure-options=image \\\n --volume=resolv,kind=host,source=/etc/resolv.conf \\\n --mount volume=resolv,target=/etc/resolv.conf \\\n --volume cni-bin,kind=host,source=/opt/cni/bin \\\n --mount volume=cni-bin,target=/opt/cni/bin \\\n --volume cni-conf,kind=host,source=/etc/cni/net.d \\\n --mount volume=cni-conf,target=/etc/cni/net.d \\\n --volume etc-kubernetes,kind=host,source=/etc/kubernetes \\\n --mount volume=etc-kubernetes,target=/etc/kubernetes \\\n --volume var-log,kind=host,source=/var/log \\\n --mount volume=var-log,target=/var/log \\\n --volume var-lib-calico,kind=host,source=/var/lib/calico \\\n --mount volume=var-lib-calico,target=/var/lib/calico\"\nExecStartPre=/bin/mkdir -p /var/lib/calico\nExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests\nExecStartPre=/bin/mkdir -p /etc/cni/net.d\nExecStartPre=/bin/mkdir -p /opt/cni/bin\nExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/cache/kubelet-pod.uuid\nExecStart=/usr/lib/coreos/kubelet-wrapper \\\n --container-runtime=docker \\\n --allow-privileged=true \\\n --cni-bin-dir=/opt/cni/bin \\\n --cni-conf-dir=/etc/cni/net.d \\\n --cluster-dns=10.10.10.10 \\\n --cluster-domain=cluster.local \\\n --authentication-token-webhook=true \\\n --hostname-override=node1 \\\n --network-plugin=cni \\\n --cloud-provider=openstack \\\n --cloud-config=/etc/kubernetes/cloud-config \\\n --cert-dir=/etc/kubernetes/ \\\n --pod-manifest-path=/etc/kubernetes/manifests \\\n --resolv-conf=/etc/resolv.conf \\\n --rotate-certificates=true \\\n --kubeconfig=/etc/kubernetes/kubeconfig \\\n --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \\\n --lock-file=/var/run/lock/kubelet.lock \\\n --exit-on-lock-contention \\\n --read-only-port=0 \\\n --protect-kernel-defaults=true \\\n --authorization-mode=Webhook \\\n --anonymous-auth=false \\\n --client-ca-file=/etc/kubernetes/ca.crt\nExecStop=-/usr/bin/rkt stop --uuid-file=/var/cache/kubelet-pod.uuid\nRestart=always\nRestartSec=10\n[Install]\nWantedBy=multi-user.target\n", "dropins": [ diff --git a/pkg/userdata/coreos/testdata/v1.10.3-auto-update-openstack-multiple-dns.golden b/pkg/userdata/coreos/testdata/v1.10.3-auto-update-openstack-multiple-dns.golden index faddcda21..08bf7e004 100644 --- a/pkg/userdata/coreos/testdata/v1.10.3-auto-update-openstack-multiple-dns.golden +++ b/pkg/userdata/coreos/testdata/v1.10.3-auto-update-openstack-multiple-dns.golden @@ -153,6 +153,17 @@ "verification": {} }, "mode": 420 + }, + { + "filesystem": "root", + "group": {}, + "path": "/opt/bin/download-healthcheck-script.sh", + "user": {}, + "contents": { + "source": "data:,%23!%2Fusr%2Fbin%2Fenv%20bash%0Aset%20-xeuo%20pipefail%0Auntil%20%5B%5B%20-x%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5D%5D%3B%20do%0A%20%20curl%20-Lfo%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5C%0A%20%20%20%20https%3A%2F%2Fraw.githubusercontent.com%2Fkubermatic%2Fmachine-controller%2F8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e%2Fpkg%2Fuserdata%2Fscripts%2Fhealth-monitor.sh%0A%20%20chmod%20%2Bx%20%2Fopt%2Fbin%2Fhealth-monitor.sh%0Adone%0A", + "verification": {} + }, + "mode": 755 } ] }, @@ -162,6 +173,21 @@ "enabled": true, "name": "docker.service" }, + { + "contents": "[Unit]\nRequires=network-online.target\nAfter=network-online.target\n[Service]\nType=oneshot\nExecStart=/opt/bin/download-healthcheck-script.sh\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "download-healthcheck-script.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service kubelet.service\nAfter=download-healthcheck-script.service kubelet.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh kubelet\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "kubelet-healthcheck.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service docker.service\nAfter=download-healthcheck-script.service docker.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh container-runtime\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "docker-healthcheck.service" + }, { "contents": "[Unit]\nDescription=Kubernetes Kubelet\nRequires=docker.service\nAfter=docker.service\n[Service]\nTimeoutStartSec=5min\nEnvironment=KUBELET_IMAGE=docker://k8s.gcr.io/hyperkube-amd64:v1.10.3\nEnvironment=\"RKT_RUN_ARGS=--uuid-file-save=/var/cache/kubelet-pod.uuid \\\n --insecure-options=image \\\n --volume=resolv,kind=host,source=/etc/resolv.conf \\\n --mount volume=resolv,target=/etc/resolv.conf \\\n --volume cni-bin,kind=host,source=/opt/cni/bin \\\n --mount volume=cni-bin,target=/opt/cni/bin \\\n --volume cni-conf,kind=host,source=/etc/cni/net.d \\\n --mount volume=cni-conf,target=/etc/cni/net.d \\\n --volume etc-kubernetes,kind=host,source=/etc/kubernetes \\\n --mount volume=etc-kubernetes,target=/etc/kubernetes \\\n --volume var-log,kind=host,source=/var/log \\\n --mount volume=var-log,target=/var/log \\\n --volume var-lib-calico,kind=host,source=/var/lib/calico \\\n --mount volume=var-lib-calico,target=/var/lib/calico\"\nExecStartPre=/bin/mkdir -p /var/lib/calico\nExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests\nExecStartPre=/bin/mkdir -p /etc/cni/net.d\nExecStartPre=/bin/mkdir -p /opt/cni/bin\nExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/cache/kubelet-pod.uuid\nExecStart=/usr/lib/coreos/kubelet-wrapper \\\n --container-runtime=docker \\\n --allow-privileged=true \\\n --cni-bin-dir=/opt/cni/bin \\\n --cni-conf-dir=/etc/cni/net.d \\\n --cluster-dns=10.10.10.10,10.10.10.11,10.10.10.12 \\\n --cluster-domain=cluster.local \\\n --authentication-token-webhook=true \\\n --hostname-override=node1 \\\n --network-plugin=cni \\\n --cloud-provider=openstack \\\n --cloud-config=/etc/kubernetes/cloud-config \\\n --cert-dir=/etc/kubernetes/ \\\n --pod-manifest-path=/etc/kubernetes/manifests \\\n --resolv-conf=/etc/resolv.conf \\\n --rotate-certificates=true \\\n --kubeconfig=/etc/kubernetes/kubeconfig \\\n --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \\\n --lock-file=/var/run/lock/kubelet.lock \\\n --exit-on-lock-contention \\\n --read-only-port=0 \\\n --protect-kernel-defaults=true \\\n --authorization-mode=Webhook \\\n --anonymous-auth=false \\\n --client-ca-file=/etc/kubernetes/ca.crt\nExecStop=-/usr/bin/rkt stop --uuid-file=/var/cache/kubelet-pod.uuid\nRestart=always\nRestartSec=10\n[Install]\nWantedBy=multi-user.target\n", "dropins": [ diff --git a/pkg/userdata/coreos/testdata/v1.11.2-vsphere-static-ipconfig.golden b/pkg/userdata/coreos/testdata/v1.11.2-vsphere-static-ipconfig.golden index 00e0f0f6f..dd2e2ae85 100644 --- a/pkg/userdata/coreos/testdata/v1.11.2-vsphere-static-ipconfig.golden +++ b/pkg/userdata/coreos/testdata/v1.11.2-vsphere-static-ipconfig.golden @@ -160,6 +160,17 @@ "verification": {} }, "mode": 420 + }, + { + "filesystem": "root", + "group": {}, + "path": "/opt/bin/download-healthcheck-script.sh", + "user": {}, + "contents": { + "source": "data:,%23!%2Fusr%2Fbin%2Fenv%20bash%0Aset%20-xeuo%20pipefail%0Auntil%20%5B%5B%20-x%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5D%5D%3B%20do%0A%20%20curl%20-Lfo%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5C%0A%20%20%20%20https%3A%2F%2Fraw.githubusercontent.com%2Fkubermatic%2Fmachine-controller%2F8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e%2Fpkg%2Fuserdata%2Fscripts%2Fhealth-monitor.sh%0A%20%20chmod%20%2Bx%20%2Fopt%2Fbin%2Fhealth-monitor.sh%0Adone%0A", + "verification": {} + }, + "mode": 755 } ] }, @@ -177,6 +188,21 @@ "enabled": true, "name": "docker.service" }, + { + "contents": "[Unit]\nRequires=network-online.target\nAfter=network-online.target\n[Service]\nType=oneshot\nExecStart=/opt/bin/download-healthcheck-script.sh\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "download-healthcheck-script.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service kubelet.service\nAfter=download-healthcheck-script.service kubelet.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh kubelet\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "kubelet-healthcheck.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service docker.service\nAfter=download-healthcheck-script.service docker.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh container-runtime\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "docker-healthcheck.service" + }, { "contents": "[Unit]\nDescription=Kubernetes Kubelet\nRequires=docker.service\nAfter=docker.service\n[Service]\nTimeoutStartSec=5min\nEnvironment=KUBELET_IMAGE=docker://k8s.gcr.io/hyperkube-amd64:v1.11.2\nEnvironment=\"RKT_RUN_ARGS=--uuid-file-save=/var/cache/kubelet-pod.uuid \\\n --insecure-options=image \\\n --volume=resolv,kind=host,source=/etc/resolv.conf \\\n --mount volume=resolv,target=/etc/resolv.conf \\\n --volume cni-bin,kind=host,source=/opt/cni/bin \\\n --mount volume=cni-bin,target=/opt/cni/bin \\\n --volume cni-conf,kind=host,source=/etc/cni/net.d \\\n --mount volume=cni-conf,target=/etc/cni/net.d \\\n --volume etc-kubernetes,kind=host,source=/etc/kubernetes \\\n --mount volume=etc-kubernetes,target=/etc/kubernetes \\\n --volume var-log,kind=host,source=/var/log \\\n --mount volume=var-log,target=/var/log \\\n --volume var-lib-calico,kind=host,source=/var/lib/calico \\\n --mount volume=var-lib-calico,target=/var/lib/calico\"\nExecStartPre=/bin/mkdir -p /var/lib/calico\nExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests\nExecStartPre=/bin/mkdir -p /etc/cni/net.d\nExecStartPre=/bin/mkdir -p /opt/cni/bin\nExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/cache/kubelet-pod.uuid\nExecStart=/usr/lib/coreos/kubelet-wrapper \\\n --container-runtime=docker \\\n --allow-privileged=true \\\n --cni-bin-dir=/opt/cni/bin \\\n --cni-conf-dir=/etc/cni/net.d \\\n --cluster-dns=10.10.10.10 \\\n --cluster-domain=cluster.local \\\n --authentication-token-webhook=true \\\n --hostname-override=node1 \\\n --network-plugin=cni \\\n --cloud-provider=vsphere \\\n --cloud-config=/etc/kubernetes/cloud-config \\\n --cert-dir=/etc/kubernetes/ \\\n --pod-manifest-path=/etc/kubernetes/manifests \\\n --resolv-conf=/etc/resolv.conf \\\n --rotate-certificates=true \\\n --kubeconfig=/etc/kubernetes/kubeconfig \\\n --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \\\n --lock-file=/var/run/lock/kubelet.lock \\\n --exit-on-lock-contention \\\n --read-only-port=0 \\\n --protect-kernel-defaults=true \\\n --authorization-mode=Webhook \\\n --anonymous-auth=false \\\n --client-ca-file=/etc/kubernetes/ca.crt\nExecStop=-/usr/bin/rkt stop --uuid-file=/var/cache/kubelet-pod.uuid\nRestart=always\nRestartSec=10\n[Install]\nWantedBy=multi-user.target\n", "dropins": [ diff --git a/pkg/userdata/coreos/testdata/v1.12.0-vsphere-overwrite-cloudconfig.golden b/pkg/userdata/coreos/testdata/v1.12.0-vsphere-overwrite-cloudconfig.golden index 573c01f6d..3c36cf346 100644 --- a/pkg/userdata/coreos/testdata/v1.12.0-vsphere-overwrite-cloudconfig.golden +++ b/pkg/userdata/coreos/testdata/v1.12.0-vsphere-overwrite-cloudconfig.golden @@ -149,6 +149,17 @@ "verification": {} }, "mode": 420 + }, + { + "filesystem": "root", + "group": {}, + "path": "/opt/bin/download-healthcheck-script.sh", + "user": {}, + "contents": { + "source": "data:,%23!%2Fusr%2Fbin%2Fenv%20bash%0Aset%20-xeuo%20pipefail%0Auntil%20%5B%5B%20-x%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5D%5D%3B%20do%0A%20%20curl%20-Lfo%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5C%0A%20%20%20%20https%3A%2F%2Fraw.githubusercontent.com%2Fkubermatic%2Fmachine-controller%2F8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e%2Fpkg%2Fuserdata%2Fscripts%2Fhealth-monitor.sh%0A%20%20chmod%20%2Bx%20%2Fopt%2Fbin%2Fhealth-monitor.sh%0Adone%0A", + "verification": {} + }, + "mode": 755 } ] }, @@ -166,6 +177,21 @@ "enabled": true, "name": "docker.service" }, + { + "contents": "[Unit]\nRequires=network-online.target\nAfter=network-online.target\n[Service]\nType=oneshot\nExecStart=/opt/bin/download-healthcheck-script.sh\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "download-healthcheck-script.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service kubelet.service\nAfter=download-healthcheck-script.service kubelet.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh kubelet\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "kubelet-healthcheck.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service docker.service\nAfter=download-healthcheck-script.service docker.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh container-runtime\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "docker-healthcheck.service" + }, { "contents": "[Unit]\nDescription=Kubernetes Kubelet\nRequires=docker.service\nAfter=docker.service\n[Service]\nTimeoutStartSec=5min\nEnvironment=KUBELET_IMAGE=docker://k8s.gcr.io/hyperkube-amd64:v1.12.0\nEnvironment=\"RKT_RUN_ARGS=--uuid-file-save=/var/cache/kubelet-pod.uuid \\\n --insecure-options=image \\\n --volume=resolv,kind=host,source=/etc/resolv.conf \\\n --mount volume=resolv,target=/etc/resolv.conf \\\n --volume cni-bin,kind=host,source=/opt/cni/bin \\\n --mount volume=cni-bin,target=/opt/cni/bin \\\n --volume cni-conf,kind=host,source=/etc/cni/net.d \\\n --mount volume=cni-conf,target=/etc/cni/net.d \\\n --volume etc-kubernetes,kind=host,source=/etc/kubernetes \\\n --mount volume=etc-kubernetes,target=/etc/kubernetes \\\n --volume var-log,kind=host,source=/var/log \\\n --mount volume=var-log,target=/var/log \\\n --volume var-lib-calico,kind=host,source=/var/lib/calico \\\n --mount volume=var-lib-calico,target=/var/lib/calico\"\nExecStartPre=/bin/mkdir -p /var/lib/calico\nExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests\nExecStartPre=/bin/mkdir -p /etc/cni/net.d\nExecStartPre=/bin/mkdir -p /opt/cni/bin\nExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/cache/kubelet-pod.uuid\nExecStart=/usr/lib/coreos/kubelet-wrapper \\\n --container-runtime=docker \\\n --allow-privileged=true \\\n --cni-bin-dir=/opt/cni/bin \\\n --cni-conf-dir=/etc/cni/net.d \\\n --cluster-dns=10.10.10.10 \\\n --cluster-domain=cluster.local \\\n --authentication-token-webhook=true \\\n --hostname-override=node1 \\\n --network-plugin=cni \\\n --cloud-provider=vsphere \\\n --cloud-config=/etc/kubernetes/cloud-config \\\n --cert-dir=/etc/kubernetes/ \\\n --pod-manifest-path=/etc/kubernetes/manifests \\\n --resolv-conf=/etc/resolv.conf \\\n --rotate-certificates=true \\\n --kubeconfig=/etc/kubernetes/kubeconfig \\\n --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \\\n --lock-file=/var/run/lock/kubelet.lock \\\n --exit-on-lock-contention \\\n --read-only-port=0 \\\n --protect-kernel-defaults=true \\\n --authorization-mode=Webhook \\\n --anonymous-auth=false \\\n --client-ca-file=/etc/kubernetes/ca.crt\nExecStop=-/usr/bin/rkt stop --uuid-file=/var/cache/kubelet-pod.uuid\nRestart=always\nRestartSec=10\n[Install]\nWantedBy=multi-user.target\n", "dropins": [ diff --git a/pkg/userdata/coreos/testdata/v1.9.2-disable-auto-update-aws.golden b/pkg/userdata/coreos/testdata/v1.9.2-disable-auto-update-aws.golden index 03c291c09..af2cea382 100644 --- a/pkg/userdata/coreos/testdata/v1.9.2-disable-auto-update-aws.golden +++ b/pkg/userdata/coreos/testdata/v1.9.2-disable-auto-update-aws.golden @@ -153,6 +153,17 @@ "verification": {} }, "mode": 420 + }, + { + "filesystem": "root", + "group": {}, + "path": "/opt/bin/download-healthcheck-script.sh", + "user": {}, + "contents": { + "source": "data:,%23!%2Fusr%2Fbin%2Fenv%20bash%0Aset%20-xeuo%20pipefail%0Auntil%20%5B%5B%20-x%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5D%5D%3B%20do%0A%20%20curl%20-Lfo%20%2Fopt%2Fbin%2Fhealth-monitor.sh%20%5C%0A%20%20%20%20https%3A%2F%2Fraw.githubusercontent.com%2Fkubermatic%2Fmachine-controller%2F8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e%2Fpkg%2Fuserdata%2Fscripts%2Fhealth-monitor.sh%0A%20%20chmod%20%2Bx%20%2Fopt%2Fbin%2Fhealth-monitor.sh%0Adone%0A", + "verification": {} + }, + "mode": 755 } ] }, @@ -170,6 +181,21 @@ "enabled": true, "name": "docker.service" }, + { + "contents": "[Unit]\nRequires=network-online.target\nAfter=network-online.target\n[Service]\nType=oneshot\nExecStart=/opt/bin/download-healthcheck-script.sh\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "download-healthcheck-script.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service kubelet.service\nAfter=download-healthcheck-script.service kubelet.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh kubelet\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "kubelet-healthcheck.service" + }, + { + "contents": "[Unit]\nRequires=download-healthcheck-script.service docker.service\nAfter=download-healthcheck-script.service docker.service\n\n[Service]\nExecStart=/opt/bin/health-monitor.sh container-runtime\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "docker-healthcheck.service" + }, { "contents": "[Unit]\nDescription=Kubernetes Kubelet\nRequires=docker.service\nAfter=docker.service\n[Service]\nTimeoutStartSec=5min\nEnvironment=KUBELET_IMAGE=docker://k8s.gcr.io/hyperkube-amd64:v1.9.2\nEnvironment=\"RKT_RUN_ARGS=--uuid-file-save=/var/cache/kubelet-pod.uuid \\\n --insecure-options=image \\\n --volume=resolv,kind=host,source=/etc/resolv.conf \\\n --mount volume=resolv,target=/etc/resolv.conf \\\n --volume cni-bin,kind=host,source=/opt/cni/bin \\\n --mount volume=cni-bin,target=/opt/cni/bin \\\n --volume cni-conf,kind=host,source=/etc/cni/net.d \\\n --mount volume=cni-conf,target=/etc/cni/net.d \\\n --volume etc-kubernetes,kind=host,source=/etc/kubernetes \\\n --mount volume=etc-kubernetes,target=/etc/kubernetes \\\n --volume var-log,kind=host,source=/var/log \\\n --mount volume=var-log,target=/var/log \\\n --volume var-lib-calico,kind=host,source=/var/lib/calico \\\n --mount volume=var-lib-calico,target=/var/lib/calico\"\nExecStartPre=/bin/mkdir -p /var/lib/calico\nExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests\nExecStartPre=/bin/mkdir -p /etc/cni/net.d\nExecStartPre=/bin/mkdir -p /opt/cni/bin\nExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/cache/kubelet-pod.uuid\nExecStart=/usr/lib/coreos/kubelet-wrapper \\\n --container-runtime=docker \\\n --allow-privileged=true \\\n --cni-bin-dir=/opt/cni/bin \\\n --cni-conf-dir=/etc/cni/net.d \\\n --cluster-dns=10.10.10.10 \\\n --cluster-domain=cluster.local \\\n --authentication-token-webhook=true \\\n --hostname-override=node1 \\\n --network-plugin=cni \\\n --cloud-provider=aws \\\n --cloud-config=/etc/kubernetes/cloud-config \\\n --cert-dir=/etc/kubernetes/ \\\n --pod-manifest-path=/etc/kubernetes/manifests \\\n --resolv-conf=/etc/resolv.conf \\\n --rotate-certificates=true \\\n --kubeconfig=/etc/kubernetes/kubeconfig \\\n --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \\\n --lock-file=/var/run/lock/kubelet.lock \\\n --exit-on-lock-contention \\\n --read-only-port=0 \\\n --protect-kernel-defaults=true \\\n --authorization-mode=Webhook \\\n --anonymous-auth=false \\\n --client-ca-file=/etc/kubernetes/ca.crt\nExecStop=-/usr/bin/rkt stop --uuid-file=/var/cache/kubelet-pod.uuid\nRestart=always\nRestartSec=10\n[Install]\nWantedBy=multi-user.target\n", "dropins": [ diff --git a/pkg/userdata/coreos/userdata.go b/pkg/userdata/coreos/userdata.go index 17334f53d..305afb277 100644 --- a/pkg/userdata/coreos/userdata.go +++ b/pkg/userdata/coreos/userdata.go @@ -175,6 +175,45 @@ systemd: - name: docker.service enabled: true + - name: download-healthcheck-script.service + enabled: true + contents: | + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + ExecStart=/opt/bin/download-healthcheck-script.sh + [Install] + WantedBy=multi-user.target + + + - name: kubelet-healthcheck.service + enabled: true + contents: | + [Unit] + Requires=download-healthcheck-script.service kubelet.service + After=download-healthcheck-script.service kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + + - name: docker-healthcheck.service + enabled: true + contents: | + [Unit] + Requires=download-healthcheck-script.service docker.service + After=download-healthcheck-script.service docker.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + - name: kubelet.service enabled: true dropins: @@ -345,4 +384,17 @@ storage: inline: | [Service] Environment=DOCKER_OPTS=--storage-driver=overlay2 + + - path: /opt/bin/download-healthcheck-script.sh + filesystem: root + mode: 755 + contents: + inline: | + #!/usr/bin/env bash + set -xeuo pipefail + until [[ -x /opt/bin/health-monitor.sh ]]; do + curl -Lfo /opt/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /opt/bin/health-monitor.sh + done ` diff --git a/pkg/userdata/ubuntu/testdata/1.11-aws.golden b/pkg/userdata/ubuntu/testdata/1.11-aws.golden index e4a5090b3..9ddfebc9c 100644 --- a/pkg/userdata/ubuntu/testdata/1.11-aws.golden +++ b/pkg/userdata/ubuntu/testdata/1.11-aws.golden @@ -98,6 +98,12 @@ write_files: systemctl enable --now docker systemctl enable kubelet + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then kubeadm join \ --token my-token \ @@ -106,6 +112,9 @@ write_files: server:443 fi + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service + - path: "/opt/kubernetes.asc" permissions: "0400" content: | @@ -232,11 +241,37 @@ write_files: ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup - path: /etc/systemd/system/docker.service.d/10-storage.conf - permission: "0644" + permissions: "0644" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --storage-driver=overlay2 +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/ubuntu/testdata/1.9.2-dist-upgrade-on-boot-aws.golden b/pkg/userdata/ubuntu/testdata/1.9.2-dist-upgrade-on-boot-aws.golden index 709e560b8..ff0984858 100644 --- a/pkg/userdata/ubuntu/testdata/1.9.2-dist-upgrade-on-boot-aws.golden +++ b/pkg/userdata/ubuntu/testdata/1.9.2-dist-upgrade-on-boot-aws.golden @@ -99,6 +99,12 @@ write_files: systemctl enable --now docker systemctl enable kubelet + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then kubeadm join \ --token my-token \ @@ -107,6 +113,9 @@ write_files: server:443 fi + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service + - path: "/opt/kubernetes.asc" permissions: "0400" content: | @@ -240,11 +249,37 @@ write_files: ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup - path: /etc/systemd/system/docker.service.d/10-storage.conf - permission: "0644" + permissions: "0644" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --storage-driver=overlay2 +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/ubuntu/testdata/1.9.2-openstack-multiple-dns.golden b/pkg/userdata/ubuntu/testdata/1.9.2-openstack-multiple-dns.golden index e2a3d7740..b5b2948e5 100644 --- a/pkg/userdata/ubuntu/testdata/1.9.2-openstack-multiple-dns.golden +++ b/pkg/userdata/ubuntu/testdata/1.9.2-openstack-multiple-dns.golden @@ -99,6 +99,12 @@ write_files: systemctl enable --now docker systemctl enable kubelet + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then kubeadm join \ --token my-token \ @@ -107,6 +113,9 @@ write_files: server:443 fi + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service + - path: "/opt/kubernetes.asc" permissions: "0400" content: | @@ -240,11 +249,37 @@ write_files: ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup - path: /etc/systemd/system/docker.service.d/10-storage.conf - permission: "0644" + permissions: "0644" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --storage-driver=overlay2 +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/ubuntu/testdata/openstack-kubelet-v-version-prefix.golden b/pkg/userdata/ubuntu/testdata/openstack-kubelet-v-version-prefix.golden index 2cef07e49..7e98523a2 100644 --- a/pkg/userdata/ubuntu/testdata/openstack-kubelet-v-version-prefix.golden +++ b/pkg/userdata/ubuntu/testdata/openstack-kubelet-v-version-prefix.golden @@ -99,6 +99,12 @@ write_files: systemctl enable --now docker systemctl enable kubelet + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then kubeadm join \ --token my-token \ @@ -107,6 +113,9 @@ write_files: server:443 fi + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service + - path: "/opt/kubernetes.asc" permissions: "0400" content: | @@ -240,11 +249,37 @@ write_files: ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup - path: /etc/systemd/system/docker.service.d/10-storage.conf - permission: "0644" + permissions: "0644" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --storage-driver=overlay2 +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/ubuntu/testdata/openstack-overwrite-cloud-config.golden b/pkg/userdata/ubuntu/testdata/openstack-overwrite-cloud-config.golden index 577cc05c2..48d607674 100644 --- a/pkg/userdata/ubuntu/testdata/openstack-overwrite-cloud-config.golden +++ b/pkg/userdata/ubuntu/testdata/openstack-overwrite-cloud-config.golden @@ -101,6 +101,12 @@ write_files: systemctl enable --now docker systemctl enable kubelet + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then kubeadm join \ --token my-token \ @@ -109,6 +115,9 @@ write_files: server:443 fi + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service + - path: "/opt/kubernetes.asc" permissions: "0400" content: | @@ -242,11 +251,37 @@ write_files: ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup - path: /etc/systemd/system/docker.service.d/10-storage.conf - permission: "0644" + permissions: "0644" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --storage-driver=overlay2 +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service diff --git a/pkg/userdata/ubuntu/userdata.go b/pkg/userdata/ubuntu/userdata.go index 28ce1a2e6..9be9418de 100644 --- a/pkg/userdata/ubuntu/userdata.go +++ b/pkg/userdata/ubuntu/userdata.go @@ -246,6 +246,12 @@ write_files: systemctl enable --now docker systemctl enable kubelet + if [[ ! -x /usr/local/bin/health-monitor.sh ]]; then + curl -Lfo /usr/local/bin/health-monitor.sh \ + https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh + chmod +x /usr/local/bin/health-monitor.sh + fi + if ! [[ -e /etc/kubernetes/pki/ca.crt ]]; then kubeadm join \ --token {{ .BoostrapToken }} \ @@ -256,6 +262,9 @@ write_files: {{ .ServerAddr }} fi + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl enable --now --no-block docker-healthcheck.service + - path: "/opt/kubernetes.asc" permissions: "0400" content: | @@ -393,12 +402,38 @@ write_files: ExecStart=/usr/local/bin/supervise.sh /usr/local/bin/setup - path: /etc/systemd/system/docker.service.d/10-storage.conf - permission: "0644" + permissions: "0644" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --storage-driver=overlay2 +- path: /etc/systemd/system/kubelet-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + +- path: /etc/systemd/system/docker-healthcheck.service + permissions: "0644" + content: | + [Unit] + Requires=docker.service + After=docker.service + + [Service] + ExecStart=/usr/local/bin/health-monitor.sh container-runtime + + [Install] + WantedBy=multi-user.target + runcmd: - systemctl enable --now setup.service `