-
-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: k0s remove isolated controllers support and ansible prepare pla…
…ybook (#1205) Signed-off-by: Devin Buhl <devin@buhl.casa>
- Loading branch information
Showing
11 changed files
with
145 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 4 additions & 2 deletions
6
bootstrap/templates/kubernetes/k0s/resources/containerd/spegel.toml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,8 @@ | ||
| #% if bootstrap_distribution == 'k0s' and spegel.enabled | default(false) %# | ||
| [plugins."io.containerd.grpc.v1.cri".containerd] | ||
| discard_unpacked_layers = false | ||
| [plugins."io.containerd.grpc.v1.cri".registry] | ||
| config_path = "/var/lib/k0s/containerd/certs.d" | ||
| [plugins."io.containerd.grpc.v1.cri".containerd] | ||
| discard_unpacked_layers = false | ||
| [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] | ||
| discard_unpacked_layers = false | ||
| #% endif %# |
2 changes: 1 addition & 1 deletion
2
bootstrap/templates/kubernetes/k0s/resources/containerd/unprivileged-ports.toml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
60 changes: 60 additions & 0 deletions
60
bootstrap/templates/kubernetes/k0s/resources/hooks/apply-system.sh.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| #% if bootstrap_distribution == 'k0s' %# | ||
| #!/usr/bin/env bash | ||
|
|
||
| [ $(id -u) -eq 0 ] || exec sudo $0 $@ | ||
|
|
||
| # Prepare | ||
| sudo apt-get update -y | ||
|
|
||
| # Timezone | ||
| timedatectl set-timezone "#{ bootstrap_timezone }#" | ||
|
|
||
| # Install Packages | ||
| apt-get install -y --no-install-recommends \ | ||
| apt-transport-https ca-certificates conntrack curl dirmngr gdisk gnupg hdparm htop \ | ||
| iptables iputils-ping ipvsadm libseccomp2 lm-sensors neofetch net-tools nfs-common \ | ||
| nvme-cli open-iscsi parted psmisc python3 python3-apt python3-kubernetes python3-yaml \ | ||
| smartmontools socat software-properties-common unzip util-linux | ||
|
|
||
| # Update DNS | ||
| chattr -i /etc/resolv.conf | ||
| rm -f /etc/resolv.conf | ||
| cat <<EOF > /etc/resolv.conf | ||
| search . | ||
| nameserver #{ bootstrap_dns_server | default('1.1.1.1', true) }# | ||
| EOF | ||
| chattr +i /etc/resolv.conf | ||
|
|
||
| # Kernel Modules | ||
| for module in br_netfilter ceph ip_vs ip_vs_rr nbd overlay rbd; do | ||
| if ! test -f /etc/modules-load.d/$module.conf; then | ||
| echo $module > /etc/modules-load.d/$module.conf | ||
| fi | ||
| done | ||
| systemctl restart systemd-modules-load.service | ||
|
|
||
| # Sysctls | ||
| cat <<EOF > /etc/sysctl.d/99-kubernetes.conf | ||
| fs.inotify.max_queued_events: 65536 | ||
| fs.inotify.max_user_watches: 524288 | ||
| fs.inotify.max_user_instances: 8192 | ||
| EOF | ||
| sysctl -p /etc/sysctl.d/99-kubernetes.conf | ||
|
|
||
| # Disable swap | ||
| swapoff -a | ||
|
|
||
| # Disable AppArmor | ||
| if systemctl is-enabled apparmor.service; then | ||
| systemctl mask apparmor.service | ||
| fi | ||
|
|
||
| # Neofetch | ||
| cat <<EOF > /etc/profile.d/neofetch.sh | ||
| neofetch --config none | ||
| EOF | ||
| chmod 755 /etc/profile.d/neofetch.sh | ||
|
|
||
| # Ensure k0s containerd directory exists | ||
| mkdir -p /etc/k0s/containerd.d | ||
| #% endif %# |
40 changes: 40 additions & 0 deletions
40
bootstrap/templates/kubernetes/k0s/resources/hooks/reset-cilium.sh.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| #% if bootstrap_distribution == 'k0s' %# | ||
| #!/usr/bin/env bash | ||
|
|
||
| [ $(id -u) -eq 0 ] || exec sudo $0 $@ | ||
|
|
||
| remove_interfaces() { | ||
| ip link show 2>/dev/null | grep 'cilium' | while read ignore iface ignore; do | ||
| iface=${iface%%@*} | ||
| [ -z "$iface" ] || ip link delete $iface | ||
| done | ||
| } | ||
|
|
||
| reset_iptables() { | ||
| iptables -t nat -F | ||
| iptables -t mangle -F | ||
| iptables -t filter -F | ||
| iptables -t raw -F | ||
| iptables -X | ||
| ip6tables -t nat -F | ||
| ip6tables -t mangle -F | ||
| ip6tables -t filter -F | ||
| ip6tables -t raw -F | ||
| ip6tables -X | ||
| } | ||
|
|
||
| do_unmount_and_remove() { | ||
| set +x | ||
| while read -r _ path _; do | ||
| case "$path" in $1*) echo "$path" ;; esac | ||
| done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount -f "$0" && rm -rf "$0"' | ||
| set -x | ||
| } | ||
|
|
||
| do_unmount_and_remove '/run/netns/cni-' | ||
| ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete | ||
| remove_interfaces | ||
| reset_iptables | ||
| rm -rf /var/lib/cni | ||
| rm -rf /etc/cni/net.d | ||
| #% endif %# |
11 changes: 11 additions & 0 deletions
11
bootstrap/templates/kubernetes/k0s/resources/hooks/reset-system.sh.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| #% if bootstrap_distribution == 'k0s' %# | ||
| #!/usr/bin/env bash | ||
|
|
||
| [ $(id -u) -eq 0 ] || exec sudo $0 $@ | ||
|
|
||
| # Remove local storage data | ||
| rm -rf "#{ bootstrap_local_storage_path }#" | ||
|
|
||
| # Reboot | ||
| (sleep 10 && systemctl reboot)& | ||
| #% endif %# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters