feat: kubeadm for v1.20.1

2021-05-28 17:16:36 +02:00 · 2021-05-28 17:16:36 +02:00 · 7e61463b21
commit 7e61463b21
parent 94165efff3
13 changed files with 70 additions and 26 deletions
--- a/charts/kubeadm/.helmignore
+++ b/charts/kubeadm/.helmignore
@ -1,2 +1,2 @@
-*.sh
 *.md
+*.md.gotmpl
--- a/charts/kubeadm/Chart.yaml
+++ b/charts/kubeadm/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubeadm
 description: KubeZero Kubeadm golden config
 type: application
-version: 1.20.0
+version: 1.20.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
--- a/charts/kubeadm/README.md.gotmpl
+++ b/charts/kubeadm/README.md.gotmpl
@ -35,3 +35,7 @@ Installs the Istio control plane
 - https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration

 - https://github.com/awslabs/amazon-eks-ami
+
+### Etcd
+- https://itnext.io/breaking-down-and-fixing-etcd-cluster-d81e35b9260d
+
--- a/charts/kubeadm/scripts/minor.sh
+++ b/charts/kubeadm/scripts/minor.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Minor uppgrade from 1.19!"
--- a/charts/kubeadm/scripts/patch.sh
+++ b/charts/kubeadm/scripts/patch.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Patch upgrade within 1.20"
--- a/charts/kubeadm/templates/ClusterConfiguration.yaml
+++ b/charts/kubeadm/templates/ClusterConfiguration.yaml
@ -2,40 +2,61 @@ apiVersion: kubeadm.k8s.io/v1beta2
 kind: ClusterConfiguration
 metadata:
  name: kubezero-clusterconfiguration
-kubernetesVersion: {{ .Values.clusterVersion }}
+kubernetesVersion: {{ .Chart.Version }}
 clusterName: {{ .Values.clusterName }}
-controlPlaneEndpoint: {{ .Values.apiEndpoint }}
+controlPlaneEndpoint: {{ .Values.api.endpoint }}
 networking:
  podSubnet: 10.244.0.0/16
 etcd:
  local:
    extraArgs:
+      #name: {{ .Values.etcd.nodeName }}
+      ### DNS discovery
+      #discovery-srv: {{ .Values.domain }}
+      #discovery-srv-name: {{ .Values.clusterName }}
+      #initial-cluster:
+      ### Regular
+      #{{- if .Values.etcd.initialCluster }}
+      #initial-cluster: {{ .Values.etcd.initialCluster }}
+      #{{- end }}
+      #initial-advertise-peer-urls: "https://{{ .Values.etcd.nodeName }}:2380"
+      #advertise-client-urls: "https://{{ .Values.etcd.nodeName }}:2379"
+      initial-cluster-token: etcd-{{ .Values.clusterName }}
      listen-metrics-urls: "http://{{ .Values.listenAddress }}:2381"
      logger: "zap"
      # log-level: "warn"
-      {{- with .Values.etcdExtraArgs }}
+      {{- with .Values.etcd.extraArgs }}
      {{- toYaml . | nindent 6 }}
      {{- end }}
+    # These will only be used to create the etcd certs but removed for Init/Join kudeadm calls allowing us to sneak in aliases for etcd nodes
+    serverCertSANs:
+    - "{{ .Values.etcd.nodeName }}"
+    - "{{ .Values.etcd.nodeName }}.{{ .Values.domain }}"
+    - "{{ .Values.domain }}"
+    peerCertSANs:
+    - "{{ .Values.etcd.nodeName }}"
+    - "{{ .Values.etcd.nodeName }}.{{ .Values.domain }}"
+    - "{{ .Values.domain }}"
 controllerManager:
  extraArgs:
    profiling: "false"
    bind-address: {{ .Values.listenAddress }}
    terminated-pod-gc-threshold: "300"
-    leader-elect: {{ .Values.clusterHighAvailable | quote }}
+    leader-elect: {{ .Values.highAvailable | quote }}
    logging-format: json
    feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
 scheduler:
  extraArgs:
    profiling: "false"
    bind-address: {{ .Values.listenAddress }}
-    leader-elect: {{ .Values.clusterHighAvailable | quote }}
+    leader-elect: {{ .Values.highAvailable | quote }}
    logging-format: json
    feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
 apiServer:
  certSANs:
-  - {{ regexSplit ":" .Values.apiEndpoint -1 | first }}
+  -  {{ regexSplit ":" .Values.api.endpoint -1 | first }}
  extraArgs:
-    etcd-servers: {{ .Values.allEtcdEndpoints }}
+    etcd-servers: {{ ternary .Values.api.allEtcdEndpoints "https://127.0.0.1:2379" .Values.highAvailable }}
    profiling: "false"
    audit-log-path: "/var/log/kubernetes/audit.log"
    audit-policy-file: /etc/kubernetes/apiserver/audit-policy.yaml
@ -50,11 +71,11 @@ apiServer:
    {{- end }}
    feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
    enable-admission-plugins: NodeRestriction,EventRateLimit
-    {{- if .Values.clusterHighAvailable }}
+    {{- if .Values.highAvailable }}
    goaway-chance: ".001"
    {{- end }}
    logging-format: json
-    {{- with .Values.apiExtraArgs }}
+    {{- with .Values.api.extraArgs }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  extraVolumes:
--- a/charts/kubeadm/templates/InitConfiguration.yaml
+++ b/charts/kubeadm/templates/InitConfiguration.yaml
@ -3,10 +3,11 @@ kind: InitConfiguration
 metadata:
  name: kubezero-initconfiguration
 localAPIEndpoint:
-  bindPort: {{ regexSplit ":" .Values.apiEndpoint -1 | last }}
+  bindPort: {{ .Values.api.listenPort }}
 nodeRegistration:
  ignorePreflightErrors:
  - Swap
  - DirAvailable--var-lib-etcd
+  - KubeletVersion
  kubeletExtraArgs:
    node-labels: {{ .Values.nodeLabels | quote }}
--- a/charts/kubeadm/templates/JoinConfiguration.yaml
+++ b/charts/kubeadm/templates/JoinConfiguration.yaml
@ -5,12 +5,13 @@ discovery:
    kubeConfigPath: /root/.kube/config
 controlPlane:
  localAPIEndpoint:
-    advertiseAddress: IP_ADDRESS
-    bindPort: {{ regexSplit ":" .Values.apiEndpoint -1 | last }}
+    advertiseAddress: {{ .Values.serviceIp }}
+    bindPort: {{ .Values.api.listenPort }}
 nodeRegistration:
  ignorePreflightErrors:
  - DirAvailable--var-lib-etcd
  - FileAvailable--etc-kubernetes-pki-ca.crt
  - Swap
+  - KubeletVersion
  kubeletExtraArgs:
    node-labels: {{ .Values.nodeLabels | quote }}
--- a/charts/kubeadm/templates/admin-kubectl.yaml
+++ b/charts/kubeadm/templates/admin-kubectl.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Config
 clusters:
 - cluster:
-    server: https://{{ .Values.apiEndpoint }}
+    server: https://{{ .Values.api.endpoint }}
  name: {{ .Values.clusterName }}
 contexts:
 - context:
--- a/charts/kubeadm/templates/patches/coredns0.yaml
+++ b/charts/kubeadm/templates/patches/coredns0.yaml
@ -1,5 +1,5 @@
 spec:
-  replicas: {{ ternary 3 1 .Values.clusterHighAvailable }}
+  replicas: {{ ternary 3 1 .Values.highAvailable }}
  template:
    spec:
      containers:
--- a/charts/kubeadm/templates/patches/etcd0.yaml
+++ b/charts/kubeadm/templates/patches/etcd0.yaml
@ -5,3 +5,4 @@ spec:
      requests:
        cpu: 200m
        memory: 192Mi
+        ephemeral-storage: 1Gi
--- a/charts/kubeadm/templates/resources/02-aws-iam-authenticator-mappings.yaml
+++ b/charts/kubeadm/templates/resources/02-aws-iam-authenticator-mappings.yaml
@ -5,7 +5,7 @@ kind: IAMIdentityMapping
 metadata:
  name: kubezero-worker-nodes
 spec:
-  arn: {{ .Values.WorkerNodeRole }}
+  arn: {{ .Values.workerNodeRole }}
  username: system:node:{{ "{{" }}EC2PrivateDNSName{{ "}}" }}
  groups:
  # For now use masters, define properly with 1.20
--- a/charts/kubeadm/values.yaml
+++ b/charts/kubeadm/values.yaml
@ -1,16 +1,26 @@
-clusterVersion: 1.19.0
-listenAddress: 0.0.0.0
 clusterName: pleasechangeme
-apiEndpoint: kube-api.changeme.org:6443
-etcdExtraArgs: {}
-apiExtraArgs: {}
-clusterHighAvailable: false
-allEtcdEndpoints: ""
+domain: changeme.org
+
+serviceIp: set_via_cmdline
+
+api:
+  endpoint: kube-api.changeme.org:6443
+  listenPort: 6443
+  allEtcdEndpoints: ""
+  extraArgs: {}
+
+etcd:
+  nodeName: set_via_cmdline
+  extraArgs: {}
+
+highAvailable: false
+listenAddress: 0.0.0.0
+
 # supported values aws,bare-metal
 platform: "aws"
 # Set to false for openrc, eg. on Gentoo or Alpine
 systemd: true
 protectKernelDefaults: true

-WorkerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
-KubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
+workerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
+kubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"