Skip to content

Commit

Permalink
Osm enhancements (#90)
Browse files Browse the repository at this point in the history 
* Improvements for default OSP's

* Remove templatization of docker version and use hard-coded values instead

* Remove templatization for containerd version in favor of hardcoded values
  • Loading branch information
@ahmedwaleedmalik
ahmedwaleedmalik committed Dec 7, 2021
1 parent 49330e3 commit d72b8f7
Show file tree
Hide file tree
Showing 12 changed files with 112 additions and 137 deletions.
6 changes: 0 additions & 6 deletions cmd/osm-controller/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ type options struct {
pauseImage string
initialTaints string
cniVersion string
containerdVersion string
criToolsVersion string
nodeHTTPProxy string
nodeNoProxy string
Expand Down Expand Up @@ -79,7 +78,6 @@ func main() {
flag.StringVar(&opt.pauseImage, "pause-image", "", "pause image to use in Kubelet.")
flag.StringVar(&opt.initialTaints, "initial-taints", "", "taints to use when creating the node.")
flag.StringVar(&opt.cniVersion, "cni-version", "", "CNI version to use in the cluster.")
flag.StringVar(&opt.containerdVersion, "containerd-version", "", "Containerd version to use in the cluster.")
flag.StringVar(&opt.criToolsVersion, "cri-tools-version", "", "cri-tools version to install in the machine")
flag.StringVar(&opt.nodeHTTPProxy, "node-http-proxy", "", "If set, it configures the 'HTTP_PROXY' & 'HTTPS_PROXY' environment variable on the nodes.")
flag.StringVar(&opt.nodeNoProxy, "node-no-proxy", ".svc,.cluster.local,localhost,127.0.0.1", "If set, it configures the 'NO_PROXY' environment variable on the nodes.")
Expand All @@ -98,9 +96,6 @@ func main() {
if len(opt.cniVersion) == 0 {
klog.Fatal("-cni-version is required")
}
if len(opt.containerdVersion) == 0 {
klog.Fatal("-containerd-version is required")
}
if len(opt.criToolsVersion) == 0 {
klog.Fatal("-cri-tools-version is required")
}
Expand Down Expand Up @@ -160,7 +155,6 @@ func main() {
opt.pauseImage,
opt.initialTaints,
opt.cniVersion,
opt.containerdVersion,
opt.criToolsVersion,
opt.nodeHTTPProxy,
opt.nodeNoProxy,
Expand Down
30 changes: 19 additions & 11 deletions examples/osp-amzn-linux.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ spec:
EOF
yum install -y \
containerd-{{ .ContainerdVersion }}* \
containerd-1.4* \
yum-plugin-versionlock
yum versionlock add containerd
Expand All @@ -90,10 +90,8 @@ spec:
EOF
yum install -y \
{{- if .ContainerdVersion }}
containerd-{{ .ContainerdVersion }}* \
{{- end }}
docker-{{ .DockerVersion }}* \
containerd-1.4* \
docker-19.03* \
yum-plugin-versionlock
yum versionlock add docker containerd
Expand Down Expand Up @@ -182,8 +180,6 @@ spec:
chmod +x /opt/bin/health-monitor.sh
fi
configureProxyScript: |-
{{- if .HTTPProxy }}
cat <<EOF | tee -a /etc/environment
Expand Down Expand Up @@ -255,8 +251,6 @@ spec:
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
- path: "/opt/bin/setup"
permissions: 0755
content:
Expand Down Expand Up @@ -407,8 +401,12 @@ spec:
exit 1
fi
# get the full hostname
# get the full hostname
FULL_HOSTNAME=$(hostname -f)
# if /etc/hostname is not empty then use the hostname from there
if [ -s /etc/hostname ]; then
FULL_HOSTNAME=$(cat /etc/hostname)
fi
# write the nodeip_env file
# we need the line below because flatcar has the same string "coreos" in that file
Expand Down Expand Up @@ -502,6 +500,16 @@ spec:
cpu: 200m
ephemeral-storage: 1Gi
memory: 200Mi
tlsCipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
volumePluginDir: /var/lib/kubelet/volumeplugins
- path: /etc/systemd/system/kubelet-healthcheck.service
Expand All @@ -518,4 +526,4 @@ spec:
ExecStart=/opt/bin/health-monitor.sh kubelet
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target
12 changes: 11 additions & 1 deletion examples/osp-centos.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ spec:
EnvironmentFile=-/etc/environment
EOF
yum install -y containerd.io-{{ .ContainerdVersion }}* yum-plugin-versionlock
yum install -y containerd.io-1.4* yum-plugin-versionlock
yum versionlock add containerd.io
systemctl daemon-reload
Expand Down Expand Up @@ -520,6 +520,16 @@ spec:
cpu: 200m
ephemeral-storage: 1Gi
memory: 200Mi
tlsCipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
volumePluginDir: /var/lib/kubelet/volumeplugins
- path: /etc/systemd/system/kubelet-healthcheck.service
Expand Down
12 changes: 11 additions & 1 deletion examples/osp-rhel.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ spec:
EnvironmentFile=-/etc/environment
EOF
yum install -y containerd.io-{{ .ContainerdVersion }}* yum-plugin-versionlock
yum install -y containerd.io-1.4* yum-plugin-versionlock
yum versionlock add containerd.io
systemctl daemon-reload
Expand Down Expand Up @@ -520,6 +520,16 @@ spec:
cpu: 200m
ephemeral-storage: 1Gi
memory: 200Mi
tlsCipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
volumePluginDir: /var/lib/kubelet/volumeplugins
- path: /etc/systemd/system/kubelet-healthcheck.service
Expand Down
22 changes: 16 additions & 6 deletions examples/osp-ubuntu.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ spec:
EnvironmentFile=-/etc/environment
EOF
apt-get install -y --allow-downgrades containerd.io={{ .ContainerdVersion }}*
apt-get install -y --allow-downgrades containerd.io=1.4*
apt-mark hold containerd.io
systemctl daemon-reload
Expand Down Expand Up @@ -102,11 +102,11 @@ spec:
EnvironmentFile=-/etc/environment
EOF
apt-get install -y \
containerd.io=1.4.3* \
docker-ce=5:19.03.13* \
docker-ce-cli=5:19.03.13*
apt-mark hold docker-ce docker-ce-cli containerd.io
apt-get install --allow-downgrades -y \
containerd.io=1.4* \
docker-ce-cli=5:19.03* \
docker-ce=5:19.03*
apt-mark hold docker-ce* containerd.io
systemctl daemon-reload
systemctl enable --now docker
Expand Down Expand Up @@ -544,6 +544,16 @@ spec:
cpu: 200m
ephemeral-storage: 1Gi
memory: 200Mi
tlsCipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
volumePluginDir: /var/lib/kubelet/volumeplugins
- path: /etc/systemd/system/kubelet-healthcheck.service
Expand Down
1 change: 0 additions & 1 deletion hack/run-operating-system-manager.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,4 @@ $(dirname $0)/../_build/osm-controller \
-namespace=cloud-init-settings \
-worker-count=50 \
-cni-version=v0.8.7 \
-containerd-version=1.4 \
-cri-tools-version=v1.22.0
4 changes: 0 additions & 4 deletions pkg/controllers/osc/osc_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ type Reconciler struct {
clusterDNSIPs []net.IP
kubeconfig string
cniVersion string
containerdVersion string
criToolVersion string
nodeHTTPProxy string
nodeNoProxy string
Expand All @@ -85,7 +84,6 @@ func Add(
pauseImage string,
initialTaints string,
cniVersion string,
containerdVersion string,
criToolsVersion string,
nodeHTTPProxy string,
nodeNoProxy string,
Expand All @@ -104,7 +102,6 @@ func Add(
initialTaints: initialTaints,
externalCloudProvider: externalCloudProvider,
cniVersion: cniVersion,
containerdVersion: containerdVersion,
nodeHTTPProxy: nodeHTTPProxy,
nodeNoProxy: nodeNoProxy,
podCIDR: podCIDR,
Expand Down Expand Up @@ -197,7 +194,6 @@ func (r *Reconciler) reconcileOperatingSystemConfigs(ctx context.Context, md *cl
r.pauseImage,
r.initialTaints,
r.cniVersion,
r.containerdVersion,
r.criToolVersion,
r.nodeHTTPProxy,
r.nodeNoProxy,
Expand Down
97 changes: 45 additions & 52 deletions pkg/controllers/osc/osc_reconciler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,12 @@ func init() {
}

type testConfig struct {
namespace string
clusterAddress string
containerRuntime string
containerdVersion string
cniVersion string
kubeVersion string
clusterDNSIPs []net.IP
namespace string
clusterAddress string
containerRuntime string
cniVersion string
kubeVersion string
clusterDNSIPs []net.IP
}

func TestReconciler_Reconcile(t *testing.T) {
Expand All @@ -101,13 +100,12 @@ func TestReconciler_Reconcile(t *testing.T) {
mdName: "ubuntu-20.04-aws",
secretFile: "secret-ubuntu-20.04-aws-containerd.yaml",
config: testConfig{
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "containerd",
cniVersion: "v0.8.7",
containerdVersion: "1.4",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "containerd",
cniVersion: "v0.8.7",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
},
cloudProvider: "aws",
cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"zone": "eu-central-1b", "vpc": "e-123f", "subnetID": "test-subnet"}`)},
Expand All @@ -122,13 +120,12 @@ func TestReconciler_Reconcile(t *testing.T) {
mdName: "ubuntu-20.04-aws",
secretFile: "secret-ubuntu-20.04-aws-docker.yaml",
config: testConfig{
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "docker",
cniVersion: "v0.8.7",
containerdVersion: "1.4",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "docker",
cniVersion: "v0.8.7",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
},
cloudProvider: "aws",
cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"zone": "eu-central-1b", "vpc": "e-123f", "subnetID": "test-subnet"}`)},
Expand All @@ -143,13 +140,12 @@ func TestReconciler_Reconcile(t *testing.T) {
mdName: "flatcar-aws-containerd",
secretFile: "secret-flatcar-aws-containerd.yaml",
config: testConfig{
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "containerd",
cniVersion: "v0.8.7",
containerdVersion: "1.4",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "containerd",
cniVersion: "v0.8.7",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
},
cloudProvider: "aws",
cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"zone": "eu-central-1b", "vpc": "e-123f", "subnetID": "test-subnet"}`)},
Expand All @@ -164,13 +160,12 @@ func TestReconciler_Reconcile(t *testing.T) {
mdName: "flatcar-aws-docker",
secretFile: "secret-flatcar-aws-docker.yaml",
config: testConfig{
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "docker",
cniVersion: "v0.8.7",
containerdVersion: "1.4",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "docker",
cniVersion: "v0.8.7",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
},
cloudProvider: "aws",
cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"cloud-config-key": "cloud-config-value"}`)},
Expand All @@ -185,13 +180,12 @@ func TestReconciler_Reconcile(t *testing.T) {
mdName: "osp-rhel-aws",
secretFile: "secret-rhel-8.x-containerd.yaml",
config: testConfig{
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "containerd",
cniVersion: "v0.8.7",
containerdVersion: "1.4",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
namespace: "cloud-init-settings",
clusterAddress: "http://127.0.0.1/configs",
containerRuntime: "containerd",
cniVersion: "v0.8.7",
kubeVersion: "1.22.1",
clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)},
},
cloudProvider: "aws",
cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"zone": "eu-central-1b", "vpc": "e-123f", "subnetID": "test-subnet"}`)},
Expand Down Expand Up @@ -437,15 +431,14 @@ func loadFile(obj runtime.Object, name string) error {

func buildReconciler(fakeClient client.Client, config testConfig) Reconciler {
return Reconciler{
Client: fakeClient,
log: testUtil.DefaultLogger,
generator: generator.NewDefaultCloudConfigGenerator(""),
namespace: config.namespace,
clusterAddress: config.clusterAddress,
kubeconfig: kubeconfigPath,
containerRuntime: config.containerRuntime,
containerdVersion: config.containerdVersion,
cniVersion: config.cniVersion,
clusterDNSIPs: config.clusterDNSIPs,
Client: fakeClient,
log: testUtil.DefaultLogger,
generator: generator.NewDefaultCloudConfigGenerator(""),
namespace: config.namespace,
clusterAddress: config.clusterAddress,
kubeconfig: kubeconfigPath,
containerRuntime: config.containerRuntime,
cniVersion: config.cniVersion,
clusterDNSIPs: config.clusterDNSIPs,
}
}

0 comments on commit d72b8f7

Please sign in to comment.