feat: switch kube-proxy to ipvs

2022-01-28 17:23:17 +01:00 · 2022-01-28 17:23:17 +01:00 · 4abbf3d55a
commit 4abbf3d55a
parent 86c8170655
5 changed files with 15 additions and 42 deletions
--- a/containers/admin/v1.21/kubeadm/templates/KubeProxyConfiguration.yaml
+++ b/containers/admin/v1.21/kubeadm/templates/KubeProxyConfiguration.yaml
@ -2,4 +2,4 @@ apiVersion: kubeproxy.config.k8s.io/v1alpha1
 kind: KubeProxyConfiguration
 # kube-proxy doesnt really support setting dynamic bind-address via config, replaced by cilium long-term anyways
 metricsBindAddress: "0.0.0.0:10249"
-mode: ""
+mode: "ipvs"
--- a/containers/admin/v1.21/kubeadm/templates/KubeletConfiguration.yaml
+++ b/containers/admin/v1.21/kubeadm/templates/KubeletConfiguration.yaml
@ -11,7 +11,7 @@ hairpinMode: hairpin-veth
 resolvConf: /run/systemd/resolve/resolv.conf
 {{- end }}
 protectKernelDefaults: {{ .Values.protectKernelDefaults }}
-eventRecordQPS: 0
+#eventRecordQPS: 0
 # Breaks kubelet at boot time
 # tlsCertFile: /var/lib/kubelet/pki/kubelet.crt
 # tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key
--- a/containers/admin/v1.21/kubezero.sh
+++ b/containers/admin/v1.21/kubezero.sh
@ -10,6 +10,8 @@ fi
 export WORKDIR=/tmp/kubezero
 export HOSTFS=/host
 export VERSION=v1.21
 export NETWORK_VERSION=0.1.7
 export ADDONS_VERSION=0.4.1
 export KUBECONFIG="${HOSTFS}/root/.kube/config"
@ -145,13 +147,13 @@ if [ "$1" == 'upgrade' ]; then
  # network
  yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-  helm template kubezero/kubezero-network --version 0.1.3 --include-crds --namespace kube-system --name-template network \
+  helm template kubezero/kubezero-network --version $NETWORK_VERSION --namespace kube-system --include-crds --name-template network \
-    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
  # addons
  yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-  helm template kubezero/kubezero-addons --version 0.2.4 --include-crds --namespace kube-system --name-template addons \
+  helm template kubezero/kubezero-addons --version $ADDONS_VERSION --namespace kube-system --include-crds --name-template addons \
-    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+    -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
  ######################
@ -179,6 +181,9 @@ elif [[ "$1" == 'node-upgrade' ]]; then
  echo "Migrating kubezero.yaml"
  yq -i eval '.api.etcdServers = .api.allEtcdEndpoints | .network.multus.enabled = "true"' ${HOSTFS}/etc/kubernetes/kubezero.yaml
  # remove old aws-node-termination-handler config, first new controller will do the right thing
  yq -i eval 'del(.addons.aws-node-termination-handler)' ${HOSTFS}/etc/kubernetes/kubezero.yaml
  # AWS
  if [ -f ${HOSTFS}/etc/cloudbender/clusterBackup.passphrase ]; then
    if [ -f ${HOSTFS}/usr/local/sbin/backup_control_plane.sh ]; then
@ -288,13 +293,13 @@ elif [[ "$1" =~ "^(bootstrap|recover|join)$" ]]; then
    # network
    yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-    helm template kubezero/kubezero-network --version 0.1.3 --include-crds --namespace kube-system --name-template network \
+    helm template kubezero/kubezero-network --version $NETWORK_VERSION --namespace kube-system --include-crds --name-template network \
-      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
    # addons
    yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml
-    helm template kubezero/kubezero-addons --version 0.2.4 --include-crds --namespace kube-system --name-template addons \
+    helm template kubezero/kubezero-addons --version $ADDONS_VERSION --namespace kube-system --include-crds --name-template addons \
-      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply -f - $LOG
+      -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG
  fi
  post_kubeadm
--- a/containers/awsController/Dockerfile
+++ b/containers/awsController/Dockerfile
@ -1,9 +0,0 @@
 ARG SHELL_OPERATOR_VERSION
 FROM flant/shell-operator:v${SHELL_OPERATOR_VERSION}
 RUN apk upgrade -U -a && \
    apk --no-cache add \
      aws-cli
 ADD hooks /hooks
--- a/containers/awsController/Makefile
+++ b/containers/awsController/Makefile
@ -1,23 +0,0 @@
 SHELL_OPERATOR_VERSION ?= 1.0.6
 REGISTRY := public.ecr.aws/zero-downtime
 REPOSITORY := kubezero-controller
 TAG := $(REPOSITORY):v$(SHELL_OPERATOR_VERSION)-aws
 .PHONY: build push clean scan
 all: build push
 build:
 	podman build --rm --squash-all --build-arg SHELL_OPERATOR_VERSION=$(SHELL_OPERATOR_VERSION) -t $(TAG) .
 push:
 	aws ecr-public get-login-password --region us-east-1 | podman login --username AWS --password-stdin $(REGISTRY)
 	podman tag $(TAG) $(REGISTRY)/$(TAG)
 	podman push $(REGISTRY)/$(TAG)
 clean:
 	podman image prune -f
 scan:
 	podman system service&
 	sleep 5; trivy $(TAG)