diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8a9c4cf7adb..c550c771298 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ jobs: continue-on-error: ${{ matrix.supported }} strategy: matrix: - variant: [aws-k8s-1.16, aws-k8s-1.17, aws-k8s-1.18, aws-k8s-1.19, aws-ecs-1] + variant: [aws-k8s-1.16, aws-k8s-1.17, aws-k8s-1.18, aws-k8s-1.19, aws-k8s-1.20, aws-ecs-1] arch: [x86_64, aarch64] supported: [true] include: diff --git a/README.md b/README.md index 2cee842a554..cc53e0520cd 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ The following variants support EKS, as described above: - `aws-k8s-1.17` - `aws-k8s-1.18` - `aws-k8s-1.19` +- `aws-k8s-1.20` We also have a variant designed to work with ECS, currently in preview: diff --git a/packages/kubernetes-1.20/0001-always-set-relevant-variables-for-cross-compiling.patch b/packages/kubernetes-1.20/0001-always-set-relevant-variables-for-cross-compiling.patch new file mode 100644 index 00000000000..a0bff8bc8ef --- /dev/null +++ b/packages/kubernetes-1.20/0001-always-set-relevant-variables-for-cross-compiling.patch @@ -0,0 +1,77 @@ +From f9efa76d8474cfe566179f5d5fa67f4e30b1db88 Mon Sep 17 00:00:00 2001 +From: Ben Cressey +Date: Sat, 18 May 2019 16:57:12 +0000 +Subject: [PATCH] always set relevant variables for cross compiling + +Signed-off-by: Ben Cressey +--- + hack/lib/golang.sh | 52 ++++++++++++++++++++++++++-------------------- + 1 file changed, 30 insertions(+), 22 deletions(-) + +diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh +index bef1d837703..204207e4fd3 100755 +--- a/hack/lib/golang.sh ++++ b/hack/lib/golang.sh +@@ -393,29 +393,37 @@ kube::golang::set_platform_envs() { + export GOOS=${platform%/*} + export GOARCH=${platform##*/} + +- # Do not set CC when building natively on a platform, only if cross-compiling from linux/amd64 +- if [[ $(kube::golang::host_platform) == "linux/amd64" ]]; then +- # Dynamic CGO linking for other server architectures than linux/amd64 goes here +- # If you want to include support for more server platforms than these, add arch-specific gcc names here +- case "${platform}" in +- "linux/arm") +- export CGO_ENABLED=1 +- export CC=${KUBE_LINUX_ARM_CC:-arm-linux-gnueabihf-gcc} +- ;; +- "linux/arm64") +- export CGO_ENABLED=1 +- export CC=${KUBE_LINUX_ARM64_CC:-aarch64-linux-gnu-gcc} +- ;; +- "linux/ppc64le") +- export CGO_ENABLED=1 +- export CC=${KUBE_LINUX_PPC64LE_CC:-powerpc64le-linux-gnu-gcc} +- ;; +- "linux/s390x") +- export CGO_ENABLED=1 +- export CC=${KUBE_LINUX_S390X_CC:-s390x-linux-gnu-gcc} +- ;; +- esac ++ # Apply standard values for CGO_ENABLED and CC unless KUBE_BUILD_PLATFORMS is set. ++ if [ -z "${KUBE_BUILD_PLATFORMS}" ] ; then ++ export CGO_ENABLED=0 ++ export CC=gcc ++ return + fi ++ ++ # Dynamic CGO linking for other server architectures goes here ++ # If you want to include support for more server platforms than these, add arch-specific gcc names here ++ case "${platform}" in ++ "linux/amd64") ++ export CGO_ENABLED=1 ++ export CC=x86_64-bottlerocket-linux-gnu-gcc ++ ;; ++ "linux/arm") ++ export CGO_ENABLED=1 ++ export CC=arm-bottlerocket-linux-gnueabihf-gcc ++ ;; ++ "linux/arm64") ++ export CGO_ENABLED=1 ++ export CC=aarch64-bottlerocket-linux-gnu-gcc ++ ;; ++ "linux/ppc64le") ++ export CGO_ENABLED=1 ++ export CC=powerpc64le-bottlerocket-linux-gnu-gcc ++ ;; ++ "linux/s390x") ++ export CGO_ENABLED=1 ++ export CC=s390x-bottlerocket-linux-gnu-gcc ++ ;; ++ esac + } + + kube::golang::unset_platform_envs() { +-- +2.17.1 + diff --git a/packages/kubernetes-1.20/Cargo.toml b/packages/kubernetes-1.20/Cargo.toml new file mode 100644 index 00000000000..b4942636f2c --- /dev/null +++ b/packages/kubernetes-1.20/Cargo.toml @@ -0,0 +1,28 @@ +[package] +# "." is not allowed in crate names, but we want a friendlier name for the +# directory and spec file, so we override it below. +name = "kubernetes-1_20" +version = "0.1.0" +edition = "2018" +publish = false +build = "build.rs" + +[package.metadata.build-package] +package-name = "kubernetes-1.20" + +[lib] +path = "pkg.rs" + +[[package.metadata.build-package.external-files]] +url = "/~https://github.com/kubernetes/kubernetes/archive/v1.20.6/kubernetes-1.20.6.tar.gz" +sha512 = "b3df8266c597b3e2270e7caea24129ebc8fa258e32e747c1e48ede5ad0244c791f9da39bcaf7c08df8c1b314976742db23ecaa4623ab241f87a80d4834a0948f" + +# RPM BuildRequires +[build-dependencies] +glibc = { path = "../glibc" } + +# RPM Requires +[dependencies] +conntrack-tools = { path = "../conntrack-tools" } +containerd = { path = "../containerd" } +findutils = { path = "../findutils" } diff --git a/packages/kubernetes-1.20/build.rs b/packages/kubernetes-1.20/build.rs new file mode 100644 index 00000000000..cad8999af53 --- /dev/null +++ b/packages/kubernetes-1.20/build.rs @@ -0,0 +1,9 @@ +use std::process::{exit, Command}; + +fn main() -> Result<(), std::io::Error> { + let ret = Command::new("buildsys").arg("build-package").status()?; + if !ret.success() { + exit(1); + } + Ok(()) +} diff --git a/packages/kubernetes-1.20/clarify.toml b/packages/kubernetes-1.20/clarify.toml new file mode 100644 index 00000000000..ce501b3687a --- /dev/null +++ b/packages/kubernetes-1.20/clarify.toml @@ -0,0 +1,62 @@ +[clarify."github.com/JeffAshton/win_pdh"] +expression = "BSD-3-Clause" +license-files = [ + { path = "LICENSE", hash = 0xb221dcc9 }, +] + +[clarify."github.com/daviddengcn/go-colortext"] +expression = "BSD-3-Clause AND MIT" +license-files = [ + { path = "LICENSE", hash = 0x9769fae1 }, +] + +[clarify."github.com/ghodss/yaml"] +expression = "MIT AND BSD-3-Clause" +license-files = [ + { path = "LICENSE", hash = 0xcdf3ae00 }, +] + +[clarify."github.com/heketi/heketi"] +# kubernetes only uses code that is under LGPLv3+/Apache 2.0, not the code that is GPLv2+/LGPLv3+ +expression = "LGPL-3.0-or-later OR Apache-2.0" +license-files = [ + { path = "LICENSE", hash = 0x3c4b96d1 }, + { path = "LICENSE-APACHE2", hash = 0x438c8616 }, + { path = "COPYING-LGPLV3", hash = 0xf0bccb3a }, +] +skip-files = [ "COPYING-GPLV2" ] + +[clarify."github.com/go-bindata/go-bindata"] +expression = "CC0-1.0" +license-files = [ + { path = "LICENSE", hash = 0x393fafd6 }, +] + +[clarify."github.com/miekg/dns"] +expression = "BSD-3-Clause" +license-files = [ + { path = "COPYRIGHT", hash = 0xe41dd36c }, + { path = "LICENSE", hash = 0xbd510d7b }, +] + +[clarify."sigs.k8s.io/yaml"] +expression = "MIT AND BSD-3-Clause" +license-files = [ + { path = "LICENSE", hash = 0xcdf3ae00 }, +] + +[clarify."honnef.co/go/tools"] +expression = "MIT AND BSD-3-Clause AND Apache-2.0" +license-files = [ + { path = "LICENSE", hash = 0xad378ed2 }, + { path = "LICENSE-THIRD-PARTY", hash = 0x546425eb }, + { path = "lint/LICENSE", hash = 0xc6b58232 }, + { path = "ssa/LICENSE", hash = 0xe656fb62 }, +] + +[clarify."github.com/storageos/go-api"] +expression = "MIT AND BSD-2-Clause" +license-files = [ + { path = "LICENCE", hash = 0x67a6861e }, +] +skip-files = ["licence.go", "types/licence.go"] diff --git a/packages/kubernetes-1.20/kubelet-bootstrap-kubeconfig b/packages/kubernetes-1.20/kubelet-bootstrap-kubeconfig new file mode 100644 index 00000000000..27bb33e95fc --- /dev/null +++ b/packages/kubernetes-1.20/kubelet-bootstrap-kubeconfig @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Config +clusters: +- cluster: +{{~#if settings.kubernetes.api-server}} + certificate-authority: "/etc/kubernetes/pki/ca.crt" + server: "{{settings.kubernetes.api-server}}" +{{~/if}} + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: kubelet + name: kubelet +current-context: kubelet +users: +- name: kubelet +{{~#if settings.kubernetes.bootstrap-token}} + user: + token: "{{settings.kubernetes.bootstrap-token}}" +{{~/if}} diff --git a/packages/kubernetes-1.20/kubelet-config b/packages/kubernetes-1.20/kubelet-config new file mode 100644 index 00000000000..5e95633bd20 --- /dev/null +++ b/packages/kubernetes-1.20/kubelet-config @@ -0,0 +1,71 @@ +--- +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +{{~#if settings.kubernetes.standalone-mode}} +address: 127.0.0.1 +authentication: + anonymous: + enabled: true + webhook: + enabled: false +authorization: + mode: AlwaysAllow +{{~else}} +address: 0.0.0.0 +authentication: + anonymous: + enabled: false + webhook: + cacheTTL: 2m0s + enabled: true + x509: + clientCAFile: "/etc/kubernetes/pki/ca.crt" +authorization: + mode: Webhook + webhook: + cacheAuthorizedTTL: 5m0s + cacheUnauthorizedTTL: 30s +{{~/if}} +clusterDomain: {{settings.kubernetes.cluster-domain}} +{{~#if settings.kubernetes.cluster-dns-ip}} +clusterDNS: +- {{settings.kubernetes.cluster-dns-ip}} +{{~/if}} +{{~#if settings.kubernetes.eviction-hard}} +evictionHard: + {{~#each settings.kubernetes.eviction-hard}} + {{@key}}: "{{this}}" + {{~/each}} +{{~/if}} +{{~#if settings.kubernetes.allowed-unsafe-sysctls}} +allowedUnsafeSysctls: {{settings.kubernetes.allowed-unsafe-sysctls}} +{{~/if}} +kubeReserved: + cpu: "{{kube_reserve_cpu settings.kubernetes.kube-reserved.cpu}}" + {{~#if settings.kubernetes.kube-reserved.memory}} + memory: "{{settings.kubernetes.kube-reserved.memory}}" + {{~else}} + {{~#if settings.kubernetes.max-pods}} + memory: "{{kube_reserve_memory settings.kubernetes.max-pods settings.kubernetes.kube-reserved.memory}}" + {{~/if}} + {{~/if}} + ephemeral-storage: "{{default "1Gi" settings.kubernetes.kube-reserved.ephemeral-storage}}" +cpuManagerPolicy: "static" +resolvConf: "/etc/resolv.conf" +hairpinMode: hairpin-veth +readOnlyPort: 0 +cgroupDriver: systemd +cgroupRoot: "/" +runtimeRequestTimeout: 15m +featureGates: + RotateKubeletServerCertificate: true + CSIMigration: false +protectKernelDefaults: true +serializeImagePulls: false +serverTLSBootstrap: {{settings.kubernetes.server-tls-bootstrap}} +configMapAndSecretChangeDetectionStrategy: Cache +tlsCipherSuites: +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +volumePluginDir: "/var/lib/kubelet/plugins/volume/exec" +maxPods: {{default 110 settings.kubernetes.max-pods}} +staticPodPath: "/etc/kubernetes/static-pods/" diff --git a/packages/kubernetes-1.20/kubelet-env b/packages/kubernetes-1.20/kubelet-env new file mode 100644 index 00000000000..e4eb941b1c2 --- /dev/null +++ b/packages/kubernetes-1.20/kubelet-env @@ -0,0 +1,4 @@ +NODE_IP={{settings.kubernetes.node-ip}} +NODE_LABELS={{join_map "=" "," "no-fail-if-missing" settings.kubernetes.node-labels}} +NODE_TAINTS={{join_map "=" "," "no-fail-if-missing" settings.kubernetes.node-taints}} +POD_INFRA_CONTAINER_IMAGE={{settings.kubernetes.pod-infra-container-image}} diff --git a/packages/kubernetes-1.20/kubelet-exec-start-conf b/packages/kubernetes-1.20/kubelet-exec-start-conf new file mode 100644 index 00000000000..ee65537d040 --- /dev/null +++ b/packages/kubernetes-1.20/kubelet-exec-start-conf @@ -0,0 +1,23 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/kubelet \ +{{~#unless settings.kubernetes.standalone-mode}} + --cloud-provider {{default "external" settings.kubernetes.cloud-provider}} \ + --kubeconfig /etc/kubernetes/kubelet/kubeconfig \ +{{~#if (eq settings.kubernetes.authentication-mode "tls")}} + --bootstrap-kubeconfig /etc/kubernetes/kubelet/bootstrap-kubeconfig \ +{{~/if}} +{{~else}} + --cloud-provider "" \ +{{~/unless}} + --config /etc/kubernetes/kubelet/config \ + --container-runtime=remote \ + --container-runtime-endpoint=unix:///run/dockershim.sock \ + --containerd=/run/dockershim.sock \ + --network-plugin cni \ + --root-dir /var/lib/kubelet \ + --cert-dir /var/lib/kubelet/pki \ + --node-ip ${NODE_IP} \ + --node-labels "${NODE_LABELS}" \ + --register-with-taints "${NODE_TAINTS}" \ + --pod-infra-container-image ${POD_INFRA_CONTAINER_IMAGE} diff --git a/packages/kubernetes-1.20/kubelet-kubeconfig b/packages/kubernetes-1.20/kubelet-kubeconfig new file mode 100644 index 00000000000..e5309e732e4 --- /dev/null +++ b/packages/kubernetes-1.20/kubelet-kubeconfig @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: Config +clusters: +- cluster: +{{~#if settings.kubernetes.api-server}} + certificate-authority: "/etc/kubernetes/pki/ca.crt" + server: "{{settings.kubernetes.api-server}}" +{{~/if}} + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: kubelet + name: kubelet +current-context: kubelet +users: +- name: kubelet +{{~#if (eq settings.kubernetes.authentication-mode "aws")}} +{{~#if settings.kubernetes.cluster-name}} + user: + exec: + apiVersion: client.authentication.k8s.io/v1alpha1 + command: "/usr/bin/aws-iam-authenticator" + args: + - token + - "-i" + - "{{settings.kubernetes.cluster-name}}" +{{~/if}} +{{~/if}} +{{~#if (eq settings.kubernetes.authentication-mode "tls")}} + user: + client-certificate: "/var/lib/kubelet/pki/kubelet-client-current.pem" + client-key: "/var/lib/kubelet/pki/kubelet-client-current.pem" +{{~/if}} diff --git a/packages/kubernetes-1.20/kubelet-sysctl.conf b/packages/kubernetes-1.20/kubelet-sysctl.conf new file mode 100644 index 00000000000..922ceccf730 --- /dev/null +++ b/packages/kubernetes-1.20/kubelet-sysctl.conf @@ -0,0 +1,5 @@ +# Overcommit handling mode - 1: Always overcommit +vm.overcommit_memory = 1 + +# This is generally considered a safe ephemeral port range +net.ipv4.ip_local_port_range = 32768 60999 diff --git a/packages/kubernetes-1.20/kubelet.service b/packages/kubernetes-1.20/kubelet.service new file mode 100644 index 00000000000..d9716943d78 --- /dev/null +++ b/packages/kubernetes-1.20/kubelet.service @@ -0,0 +1,31 @@ +[Unit] +Description=Kubelet +Documentation=/~https://github.com/kubernetes/kubernetes +After=containerd.service configured.target +Wants=configured.target +BindsTo=containerd.service + +[Service] +Type=notify +EnvironmentFile=/etc/network/proxy.env +EnvironmentFile=/etc/kubernetes/kubelet/env +ExecStartPre=/sbin/iptables -P FORWARD ACCEPT +# Pull the pause container image before starting `kubelet` so `containerd/cri` wouldn't have to +ExecStartPre=/usr/bin/host-ctr \ + --containerd-socket=/run/dockershim.sock \ + --namespace=k8s.io \ + pull-image \ + --source=${POD_INFRA_CONTAINER_IMAGE} +# Must be overridden by a drop-in file or `kubelet` won't start +ExecStart=/usr/bin/false + +Restart=on-failure +RestartForceExitStatus=SIGPIPE +RestartSec=5 +Delegate=yes +KillMode=process +CPUAccounting=true +MemoryAccounting=true + +[Install] +WantedBy=multi-user.target diff --git a/packages/kubernetes-1.20/kubernetes-1.20.spec b/packages/kubernetes-1.20/kubernetes-1.20.spec new file mode 100644 index 00000000000..4b1688ad58c --- /dev/null +++ b/packages/kubernetes-1.20/kubernetes-1.20.spec @@ -0,0 +1,109 @@ +%global goproject github.com/kubernetes +%global gorepo kubernetes +%global goimport %{goproject}/%{gorepo} + +%global gover 1.20.6 +%global rpmver %{gover} + +%global _dwz_low_mem_die_limit 0 + +Name: %{_cross_os}%{gorepo} +Version: %{rpmver} +Release: 1%{?dist} +Summary: Container cluster management +# base Apache-2.0, third_party Apache-2.0 AND BSD-3-Clause +License: Apache-2.0 AND BSD-3-Clause +URL: https://%{goimport} +Source0: https://%{goimport}/archive/v%{gover}/%{gorepo}-%{gover}.tar.gz +Source1: kubelet.service +Source2: kubelet-env +Source3: kubelet-config +Source4: kubelet-kubeconfig +Source5: kubernetes-ca-crt +Source6: kubelet-exec-start-conf +Source7: kubelet-bootstrap-kubeconfig +Source8: kubernetes-tmpfiles.conf +Source9: kubelet-sysctl.conf +Source1000: clarify.toml +Patch1: 0001-always-set-relevant-variables-for-cross-compiling.patch + +BuildRequires: git +BuildRequires: rsync +BuildRequires: %{_cross_os}glibc-devel + +%description +%{summary}. + +%package -n %{_cross_os}kubelet-1.20 +Summary: Container cluster node agent +Requires: %{_cross_os}conntrack-tools +Requires: %{_cross_os}containerd +Requires: %{_cross_os}findutils + +%description -n %{_cross_os}kubelet-1.20 +%{summary}. + +%prep +%autosetup -Sgit -n %{gorepo}-%{gover} -p1 + +# third_party licenses +# multiarch/qemu-user-static ignored, we're not using it +cp third_party/forked/gonum/graph/LICENSE LICENSE.gonum.graph +cp third_party/forked/shell2junit/LICENSE LICENSE.shell2junit +cp third_party/forked/golang/LICENSE LICENSE.golang +cp third_party/forked/golang/PATENTS PATENTS.golang +cp third_party/intemp/LICENSE LICENSE.intemp + +%build +export KUBE_BUILD_PLATFORMS="linux/%{_cross_go_arch}" +export GOLDFLAGS="-buildmode=pie -linkmode=external" +make WHAT="cmd/kubelet" + +%install +output="./_output/local/bin/linux/%{_cross_go_arch}" +install -d %{buildroot}%{_cross_bindir} +install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir} + +install -d %{buildroot}%{_cross_unitdir} +install -p -m 0644 %{S:1} %{buildroot}%{_cross_unitdir}/kubelet.service + +mkdir -p %{buildroot}%{_cross_templatedir} +install -m 0644 %{S:2} %{buildroot}%{_cross_templatedir}/kubelet-env +install -m 0644 %{S:3} %{buildroot}%{_cross_templatedir}/kubelet-config +install -m 0644 %{S:4} %{buildroot}%{_cross_templatedir}/kubelet-kubeconfig +install -m 0644 %{S:5} %{buildroot}%{_cross_templatedir}/kubernetes-ca-crt +install -m 0644 %{S:6} %{buildroot}%{_cross_templatedir}/kubelet-exec-start-conf +install -m 0644 %{S:7} %{buildroot}%{_cross_templatedir}/kubelet-bootstrap-kubeconfig + +install -d %{buildroot}%{_cross_tmpfilesdir} +install -p -m 0644 %{S:8} %{buildroot}%{_cross_tmpfilesdir}/kubernetes.conf + +install -d %{buildroot}%{_cross_sysctldir} +install -p -m 0644 %{S:9} %{buildroot}%{_cross_sysctldir}/90-kubelet.conf + +install -d %{buildroot}%{_cross_libexecdir}/kubernetes +ln -rs \ + %{buildroot}%{_sharedstatedir}/kubelet/plugins \ + %{buildroot}%{_cross_libexecdir}/kubernetes/kubelet-plugins + +%cross_scan_attribution --clarify %{S:1000} go-vendor vendor + +%files -n %{_cross_os}kubelet-1.20 +%license LICENSE LICENSE.gonum.graph LICENSE.shell2junit LICENSE.golang PATENTS.golang LICENSE.intemp +%{_cross_attribution_file} +%{_cross_attribution_vendor_dir} +%{_cross_bindir}/kubelet +%{_cross_unitdir}/kubelet.service +%dir %{_cross_templatedir} +%{_cross_templatedir}/kubelet-env +%{_cross_templatedir}/kubelet-config +%{_cross_templatedir}/kubelet-kubeconfig +%{_cross_templatedir}/kubelet-bootstrap-kubeconfig +%{_cross_templatedir}/kubelet-exec-start-conf +%{_cross_templatedir}/kubernetes-ca-crt +%{_cross_tmpfilesdir}/kubernetes.conf +%{_cross_sysctldir}/90-kubelet.conf +%dir %{_cross_libexecdir}/kubernetes +%{_cross_libexecdir}/kubernetes/kubelet-plugins + +%changelog diff --git a/packages/kubernetes-1.20/kubernetes-ca-crt b/packages/kubernetes-1.20/kubernetes-ca-crt new file mode 100644 index 00000000000..ab82c485f56 --- /dev/null +++ b/packages/kubernetes-1.20/kubernetes-ca-crt @@ -0,0 +1,3 @@ +{{~#if settings.kubernetes.cluster-certificate~}} +{{base64_decode settings.kubernetes.cluster-certificate}} +{{~/if~}} diff --git a/packages/kubernetes-1.20/kubernetes-tmpfiles.conf b/packages/kubernetes-1.20/kubernetes-tmpfiles.conf new file mode 100644 index 00000000000..7673fd892f3 --- /dev/null +++ b/packages/kubernetes-1.20/kubernetes-tmpfiles.conf @@ -0,0 +1,2 @@ +d /etc/kubernetes/static-pods - - - - +L /etc/kubernetes/manifests - - - - static-pods diff --git a/packages/kubernetes-1.20/pkg.rs b/packages/kubernetes-1.20/pkg.rs new file mode 100644 index 00000000000..d799fb2d44c --- /dev/null +++ b/packages/kubernetes-1.20/pkg.rs @@ -0,0 +1 @@ +// not used diff --git a/sources/logdog/conf/logdog.aws-k8s-1.20.conf b/sources/logdog/conf/logdog.aws-k8s-1.20.conf new file mode 120000 index 00000000000..63115aee60b --- /dev/null +++ b/sources/logdog/conf/logdog.aws-k8s-1.20.conf @@ -0,0 +1 @@ +aws-k8s.conf \ No newline at end of file diff --git a/sources/models/README.md b/sources/models/README.md index 91fc9e623d4..cd035a2ed2c 100644 --- a/sources/models/README.md +++ b/sources/models/README.md @@ -42,6 +42,11 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and * [Model](src/aws-k8s-1.19/mod.rs) * [Default settings](src/aws-k8s-1.19/defaults.d/) +### aws-k8s-1.20: Kubernetes 1.20 + +* [Model](src/aws-k8s-1.19/mod.rs) +* [Default settings](src/aws-k8s-1.20/defaults.d/) + ### aws-ecs-1: Amazon ECS * [Model](src/aws-ecs-1/mod.rs) diff --git a/sources/models/shared-defaults/lockdown-integrity.toml b/sources/models/shared-defaults/lockdown-integrity.toml new file mode 100644 index 00000000000..38266c1ce61 --- /dev/null +++ b/sources/models/shared-defaults/lockdown-integrity.toml @@ -0,0 +1,3 @@ +# Kernel +[settings.kernel] +lockdown = "integrity" diff --git a/sources/models/src/aws-k8s-1.20/defaults.d/10-defaults.toml b/sources/models/src/aws-k8s-1.20/defaults.d/10-defaults.toml new file mode 120000 index 00000000000..a202ba61a4c --- /dev/null +++ b/sources/models/src/aws-k8s-1.20/defaults.d/10-defaults.toml @@ -0,0 +1 @@ +../../../shared-defaults/defaults.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.20/defaults.d/20-aws-host-containers.toml b/sources/models/src/aws-k8s-1.20/defaults.d/20-aws-host-containers.toml new file mode 120000 index 00000000000..4d404d663cd --- /dev/null +++ b/sources/models/src/aws-k8s-1.20/defaults.d/20-aws-host-containers.toml @@ -0,0 +1 @@ +../../../shared-defaults/aws-host-containers.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.20/defaults.d/30-metrics.toml b/sources/models/src/aws-k8s-1.20/defaults.d/30-metrics.toml new file mode 120000 index 00000000000..99f0b2b6980 --- /dev/null +++ b/sources/models/src/aws-k8s-1.20/defaults.d/30-metrics.toml @@ -0,0 +1 @@ +../../../shared-defaults/metrics.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.20/defaults.d/50-aws-k8s.toml b/sources/models/src/aws-k8s-1.20/defaults.d/50-aws-k8s.toml new file mode 120000 index 00000000000..22f1999a45d --- /dev/null +++ b/sources/models/src/aws-k8s-1.20/defaults.d/50-aws-k8s.toml @@ -0,0 +1 @@ +../../aws-k8s-1.19/defaults.d/50-aws-k8s.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.20/defaults.d/51-lockdown-integrity.toml b/sources/models/src/aws-k8s-1.20/defaults.d/51-lockdown-integrity.toml new file mode 120000 index 00000000000..8b4de873a39 --- /dev/null +++ b/sources/models/src/aws-k8s-1.20/defaults.d/51-lockdown-integrity.toml @@ -0,0 +1 @@ +../../../shared-defaults/lockdown-integrity.toml \ No newline at end of file diff --git a/sources/models/src/aws-k8s-1.20/mod.rs b/sources/models/src/aws-k8s-1.20/mod.rs new file mode 120000 index 00000000000..acbab66f074 --- /dev/null +++ b/sources/models/src/aws-k8s-1.20/mod.rs @@ -0,0 +1 @@ +../aws-k8s-1.19/mod.rs \ No newline at end of file diff --git a/sources/models/src/lib.rs b/sources/models/src/lib.rs index 039106fac42..ef2d395ea21 100644 --- a/sources/models/src/lib.rs +++ b/sources/models/src/lib.rs @@ -39,6 +39,11 @@ The `#[model]` attribute on Settings and its sub-structs reduces duplication and * [Model](src/aws-k8s-1.19/mod.rs) * [Default settings](src/aws-k8s-1.19/defaults.d/) +## aws-k8s-1.20: Kubernetes 1.20 + +* [Model](src/aws-k8s-1.19/mod.rs) +* [Default settings](src/aws-k8s-1.20/defaults.d/) + ## aws-ecs-1: Amazon ECS * [Model](src/aws-ecs-1/mod.rs) diff --git a/variants/Cargo.lock b/variants/Cargo.lock index 01e8e1c24bc..bc2970bd911 100644 --- a/variants/Cargo.lock +++ b/variants/Cargo.lock @@ -88,6 +88,17 @@ dependencies = [ "release", ] +[[package]] +name = "aws-k8s-1_20" +version = "0.1.0" +dependencies = [ + "aws-iam-authenticator", + "cni", + "cni-plugins", + "kubernetes-1_20", + "release", +] + [[package]] name = "bash" version = "0.1.0" @@ -338,6 +349,16 @@ dependencies = [ "glibc", ] +[[package]] +name = "kubernetes-1_20" +version = "0.1.0" +dependencies = [ + "conntrack-tools", + "containerd", + "findutils", + "glibc", +] + [[package]] name = "libacl" version = "0.1.0" diff --git a/variants/Cargo.toml b/variants/Cargo.toml index e7c7440abd8..ff42807acc1 100644 --- a/variants/Cargo.toml +++ b/variants/Cargo.toml @@ -6,6 +6,7 @@ members = [ "aws-k8s-1.17", "aws-k8s-1.18", "aws-k8s-1.19", + "aws-k8s-1.20", "vmware-dev", ] diff --git a/variants/README.md b/variants/README.md index a3b53bb4dc9..4212f289798 100644 --- a/variants/README.md +++ b/variants/README.md @@ -52,6 +52,13 @@ It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazo This variant is compatible with Kubernetes 1.19, 1.20, and 1.21 clusters. +### aws-k8s-1.20: Kubernetes 1.20 node + +The [aws-k8s-1.20](aws-k8s-1.20/Cargo.toml) variant includes the packages needed to run a Kubernetes node in AWS. +It supports self-hosted clusters and clusters managed by [EKS](https://aws.amazon.com/eks/). + +This variant is compatible with Kubernetes 1.20, 1.21, and 1.22 clusters. + ### aws-ecs-1: Amazon ECS container instance The [aws-ecs-1](aws-ecs-1/Cargo.toml) variant includes the packages needed to run an [Amazon ECS](https://ecs.aws) diff --git a/variants/aws-k8s-1.20/Cargo.toml b/variants/aws-k8s-1.20/Cargo.toml new file mode 100644 index 00000000000..c89569d34de --- /dev/null +++ b/variants/aws-k8s-1.20/Cargo.toml @@ -0,0 +1,34 @@ +[package] +# This is the aws-k8s-1.20 variant. "." is not allowed in crate names, but we +# don't use this crate name anywhere. +name = "aws-k8s-1_20" +version = "0.1.0" +edition = "2018" +publish = false +build = "build.rs" +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + +[package.metadata.build-variant] +included-packages = [ + "aws-iam-authenticator", + "cni", + "cni-plugins", + "kubelet-1.20", + "release", +] +kernel-parameters = [ + "console=tty0", + "console=ttyS0", + "systemd.unified_cgroup_hierarchy=1", +] + +[lib] +path = "lib.rs" + +[build-dependencies] +"aws-iam-authenticator" = { path = "../../packages/aws-iam-authenticator" } +"cni" = { path = "../../packages/cni" } +"cni-plugins" = { path = "../../packages/cni-plugins" } +"kubernetes-1_20" = { path = "../../packages/kubernetes-1.20" } +"release" = { path = "../../packages/release" } diff --git a/variants/aws-k8s-1.20/build.rs b/variants/aws-k8s-1.20/build.rs new file mode 100644 index 00000000000..d6a90e4df44 --- /dev/null +++ b/variants/aws-k8s-1.20/build.rs @@ -0,0 +1,9 @@ +use std::process::{exit, Command}; + +fn main() -> Result<(), std::io::Error> { + let ret = Command::new("buildsys").arg("build-variant").status()?; + if !ret.success() { + exit(1); + } + Ok(()) +} diff --git a/variants/aws-k8s-1.20/lib.rs b/variants/aws-k8s-1.20/lib.rs new file mode 100644 index 00000000000..d799fb2d44c --- /dev/null +++ b/variants/aws-k8s-1.20/lib.rs @@ -0,0 +1 @@ +// not used