WIP: build cni and kubelet debian packages

[mikedanese]

To install the kubelet, cni and correct version of docker on Ubuntu 16.04:

$ cat <<EOF > /etc/apt/sources.list.d/k8s.list
deb [arch=amd64] https://apt.dockerproject.org/repo ubuntu-xenial main
deb [arch=amd64] http://ppa.launchpad.net/k8s/ppa/ubuntu xenial main 
EOF
$ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys F76221572C52609D
$ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 738C1654E1DEBDE4
$ apt-get update
$ apt-get install kubelet

@kubernetes/sig-cluster-lifecycle

[vishh]

Woot! Will a dependency on docker engine package be added later?

[mikedanese]

@vishh already added https://github.com/kubernetes/release/pull/35/files#diff-2ef538a1cb3b8e3e5f44640058d99218R13

[mikedanese]

Installing kubelet installs aufs-tools cgroupfs-mount docker-engine k8s-cni kubelet libltdl7. k8s-cni and docker-engine are the direct dependencies.

root@instance-5:/home/mikedanese# apt-get install -y kubelet
The following additional packages will be installed:
  aufs-tools cgroupfs-mount docker-engine k8s-cni libltdl7
Suggested packages:
  mountall
The following NEW packages will be installed:
  aufs-tools cgroupfs-mount docker-engine k8s-cni kubelet libltdl7
0 upgraded, 6 newly installed, 0 to remove and 37 not upgraded.
Need to get 33.9 MB of archives.
After this operation, 229 MB of additional disk space will be used.
Get:1 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial/universe amd64 aufs-tools amd64 1:3.2+20130722-1.1ubuntu1 [92.9 kB]
Get:2 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial/universe amd64 cgroupfs-mount all 1.2 [4,970 B]
Get:3 http://us-central1.gce.archive.ubuntu.com/ubuntu xenial/main amd64 libltdl7 amd64 2.4.6-0.1 [38.3 kB]
Get:4 http://ppa.launchpad.net/k8s/ppa/ubuntu xenial/main amd64 k8s-cni amd64 0.0.1-0 [5,898 kB]
Get:5 https://apt.dockerproject.org/repo ubuntu-xenial/main amd64 docker-engine amd64 1.11.2-0~xenial [14.5 MB]
Get:6 http://ppa.launchpad.net/k8s/ppa/ubuntu xenial/main amd64 kubelet amd64 1.3.0-1 [13.4 MB]
Fetched 33.9 MB in 5s (6,157 kB/s)
Selecting previously unselected package aufs-tools.
(Reading database ... 59822 files and directories currently installed.)
Preparing to unpack .../aufs-tools_1%3a3.2+20130722-1.1ubuntu1_amd64.deb ...
Unpacking aufs-tools (1:3.2+20130722-1.1ubuntu1) ...
Selecting previously unselected package cgroupfs-mount.
Preparing to unpack .../cgroupfs-mount_1.2_all.deb ...
Unpacking cgroupfs-mount (1.2) ...
Selecting previously unselected package libltdl7:amd64.
Preparing to unpack .../libltdl7_2.4.6-0.1_amd64.deb ...
Unpacking libltdl7:amd64 (2.4.6-0.1) ...
Selecting previously unselected package docker-engine.
Preparing to unpack .../docker-engine_1.11.2-0~xenial_amd64.deb ...
Unpacking docker-engine (1.11.2-0~xenial) ...
Selecting previously unselected package k8s-cni.
Preparing to unpack .../k8s-cni_0.0.1-0_amd64.deb ...
Unpacking k8s-cni (0.0.1-0) ...
Selecting previously unselected package kubelet.
Preparing to unpack .../kubelet_1.3.0-1_amd64.deb ...
Unpacking kubelet (1.3.0-1) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu6) ...
Setting up aufs-tools (1:3.2+20130722-1.1ubuntu1) ...
Setting up cgroupfs-mount (1.2) ...
Setting up libltdl7:amd64 (2.4.6-0.1) ...
Setting up docker-engine (1.11.2-0~xenial) ...
Setting up k8s-cni (0.0.1-0) ...
Setting up kubelet (1.3.0-1) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for systemd (229-4ubuntu6) ...
Processing triggers for ureadahead (0.100.0-19) ...

[bgrant0607]

cc @kubernetes/sig-node @kubernetes/release-maintainers

[philips]

probably should go into /usr/share/kubelet/kubelet-wrapper or something.

[errordeveloper]

Or rather /usr/lib/kubelet/, as it's going to be an executable.

[philips]

Overall LGTM. I have maintained debs in the past, nothing glaring.

[roberthbailey]

@mansoorj wants to make sure this will work on ubuntu (which isn't clear given the pr title).

[mikedanese]

This currently only works on ubuntu xenial. I need to expand it to more debian flavors which involves testing an porting systemd to upstart.

[luxas]

Does kubenet only work on GCE?
Is there a convenient way to support other network drivers?

[mikedanese]

This is not related to the kubelet kubenet plugin, (which doesn't just work on GCE, it works everywhere). This is the "name" field of the bridge cni plugin which represents the name of the network.

https://github.com/containernetworking/cni/blob/master/Documentation/bridge.md

The convenient way to support other cni plugins is add a config file that lexically sorts to a higher slot then 99_bridge.conf, e.g. 10_flannel.conf. Bridge plugin seems like a reasonable default

[luxas]

Great! Then my obvious second question is, why don't we use kubenet in ALL deployments if it works everywhere? :)

No more flannel/weave dep then, unless they provide some really important side effect of course.

[mikedanese]

Kubenet doesn't actually provide an overlay. We are working on turning it into a cni plugin. It will be a metaplugin that configures the bridge plugin according to the cidrs passed down by the node controller. This is very usful when running in cloud providers that supported routed networks.

[luxas]

Ah, then my assumption was right (that it didn't contain an overlay)

Seems like I misinterpreted your previous comment then (it clearly would have been to good to be true if kubenet did provide an overlay and worked everywhere)

Converting it into a CNI plugin SGTM

[mikedanese]

I need to look into doing this like bazel does. They are hosting the apt repository on GCS. https://bazel-review.googlesource.com/#/c/3702/

[errordeveloper]

I'd expect this to be EnvironmentFile=/etc/default/kubelet in kubelet.service, unless we think that users should be really allowed to do anything shell permits (like loops, conditions and sourcing other files etc)?

[errordeveloper]

By the way, it looks like this file seems to be missing from the package, and this script will fail, unless user has created it.

[mikedanese]

I think /etc/default files are usually not env files? Is that not true? Lot's of stuff doesn't work in env files, e.g.

DOCKER_OPTS="${DOCKER_OPTS} --dns 8.8.8.8"

Wouldn't work because it requires a bash expansion

[mikedanese]

cc @mansoorj @kelseyhightower

[mikedanese]

I appreciate your comments and will address in a follow up. I'm currently working on infrastructure to get these hosted on GCS and it will help to have this merged. There are definitely improvements to be made to the actual package.

[mikedanese]

Now hosted on gcs

$ cat <<EOF > /etc/apt/sources.list.d/k8s.list
deb [arch=amd64] http://apt.dockerproject.org/repo ubuntu-xenial main
deb http://apt.k8s.io xenial main 
EOF
$ apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys F76221572C52609D 81A45CB679084BD1
$ apt-get update
$ apt-get install kubelet docker-engine=1.11.2-0~xenial

Unfortunately requires version pinning of docker so upgrades might be hard.

[lukemarsden]

Probably harmless but minor annoyance after apt-get update:

N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://apt.k8s.io xenial InRelease' doesn't support architecture 'i386'

[luxas]

@lukemarsden I guess we have to put deb [arch=amd64] http://apt.k8s.io xenial main instead of deb http://apt.k8s.io xenial main