feat: switch kube-proxy to ipvs

2022-01-28 17:23:17 +01:00 · 2022-01-28 17:23:17 +01:00 · 4abbf3d55a
commit 4abbf3d55a
parent 86c8170655
5 changed files with 15 additions and 42 deletions
--- a/containers/admin/v1.21/kubeadm/templates/KubeProxyConfiguration.yaml
+++ b/containers/admin/v1.21/kubeadm/templates/KubeProxyConfiguration.yaml
@ -2,4 +2,4 @@ apiVersion: kubeproxy.config.k8s.io/v1alpha1
 kind: KubeProxyConfiguration
 # kube-proxy doesnt really support setting dynamic bind-address via config, replaced by cilium long-term anyways
 metricsBindAddress: "0.0.0.0:10249"
-mode: ""
+mode: "ipvs"
--- a/containers/admin/v1.21/kubeadm/templates/KubeletConfiguration.yaml
+++ b/containers/admin/v1.21/kubeadm/templates/KubeletConfiguration.yaml
@ -11,7 +11,7 @@ hairpinMode: hairpin-veth
 resolvConf: /run/systemd/resolve/resolv.conf
 {{- end }}
 protectKernelDefaults: {{ .Values.protectKernelDefaults }}
-eventRecordQPS: 0
+#eventRecordQPS: 0
 # Breaks kubelet at boot time
 # tlsCertFile: /var/lib/kubelet/pki/kubelet.crt
 # tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key
--- a/containers/admin/v1.21/kubezero.sh
+++ b/containers/admin/v1.21/kubezero.sh
@ -10,6 +10,8 @@ fi
 export WORKDIR=/tmp/kubezero
 export HOSTFS=/host
 export VERSION=v1.21
+export NETWORK_VERSION=0.1.7
+export ADDONS_VERSION=0.4.1

 export KUBECONFIG="${HOSTFS}/root/.kube/config"

@ -145,13 +147,13 @@ if [ "$1" == 'upgrade' ]; then

  # network
  yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-  helm template kubezero/kubezero-network --version 0.1.3 --include-crds --namespace kube-system --name-template network \
-    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+  helm template kubezero/kubezero-network --version $NETWORK_VERSION --namespace kube-system --include-crds --name-template network \
+    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG

  # addons
  yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-  helm template kubezero/kubezero-addons --version 0.2.4 --include-crds --namespace kube-system --name-template addons \
-    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+  helm template kubezero/kubezero-addons --version $ADDONS_VERSION --namespace kube-system --include-crds --name-template addons \
+    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG

  ######################

@ -179,6 +181,9 @@ elif [[ "$1" == 'node-upgrade' ]]; then
  echo "Migrating kubezero.yaml"
  yq -i eval '.api.etcdServers = .api.allEtcdEndpoints | .network.multus.enabled = "true"' ${HOSTFS}/etc/kubernetes/kubezero.yaml

+  # remove old aws-node-termination-handler config, first new controller will do the right thing
+  yq -i eval 'del(.addons.aws-node-termination-handler)' ${HOSTFS}/etc/kubernetes/kubezero.yaml
+
  # AWS
  if [ -f ${HOSTFS}/etc/cloudbender/clusterBackup.passphrase ]; then
    if [ -f ${HOSTFS}/usr/local/sbin/backup_control_plane.sh ]; then
@ -288,13 +293,13 @@ elif [[ "$1" =~ "^(bootstrap|recover|join)$" ]]; then

    # network
    yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-    helm template kubezero/kubezero-network --version 0.1.3 --include-crds --namespace kube-system --name-template network \
-      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+    helm template kubezero/kubezero-network --version $NETWORK_VERSION --namespace kube-system --include-crds --name-template network \
+      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG

    # addons
    yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-    helm template kubezero/kubezero-addons --version 0.2.4 --include-crds --namespace kube-system --name-template addons \
-      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+    helm template kubezero/kubezero-addons --version $ADDONS_VERSION --namespace kube-system --include-crds --name-template addons \
+      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
  fi

  post_kubeadm
--- a/containers/awsController/Dockerfile
+++ b/containers/awsController/Dockerfile
@ -1,9 +0,0 @@
-ARG SHELL_OPERATOR_VERSION
-
-FROM flant/shell-operator:v${SHELL_OPERATOR_VERSION}
-
-RUN apk upgrade -U -a && \
-    apk --no-cache add \
-      aws-cli
-
-ADD hooks /hooks
--- a/containers/awsController/Makefile
+++ b/containers/awsController/Makefile
@ -1,23 +0,0 @@
-SHELL_OPERATOR_VERSION ?= 1.0.6
-REGISTRY := public.ecr.aws/zero-downtime
-REPOSITORY := kubezero-controller
-TAG := $(REPOSITORY):v$(SHELL_OPERATOR_VERSION)-aws
-
-.PHONY: build push clean scan
-
-all: build push
-
-build:
-	podman build --rm --squash-all --build-arg SHELL_OPERATOR_VERSION=$(SHELL_OPERATOR_VERSION) -t $(TAG) .
-
-push:
-	aws ecr-public get-login-password --region us-east-1 | podman login --username AWS --password-stdin $(REGISTRY)
-	podman tag $(TAG) $(REGISTRY)/$(TAG)
-	podman push $(REGISTRY)/$(TAG)
-
-clean:
-	podman image prune -f
-
-scan:
-	podman system service&
-	sleep 5; trivy $(TAG)