feat: First steps of V1.28 based on Alpine 3.19
This commit is contained in:
parent
a2acb94732
commit
bfba223c17
12
Dockerfile
12
Dockerfile
@ -1,13 +1,11 @@
|
||||
FROM alpine:3.18
|
||||
ARG ALPINE="v3.18"
|
||||
FROM alpine:3.19
|
||||
ARG ALPINE="v3.19"
|
||||
ARG BUILDUSER=alpine
|
||||
|
||||
RUN echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \
|
||||
echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/community" >> /etc/apk/repositories && \
|
||||
echo "@edge-main http://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
|
||||
echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
|
||||
echo "@kubezero https://cdn.zero-downtime.net/alpine/${ALPINE}/kubezero" >> /etc/apk/repositories && \
|
||||
wget -q -O /etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub
|
||||
echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
|
||||
|
||||
RUN apk -U --no-cache upgrade && \
|
||||
apk --no-cache add \
|
||||
@ -24,7 +22,9 @@ RUN adduser -D $BUILDUSER && \
|
||||
install -d -g abuild -m 775 /var/cache/distfiles && \
|
||||
install -d -g abuild -m 775 /packages && \
|
||||
echo -e "$BUILDUSER:1:999\n$BUILDUSER:1001:64535" > /etc/subuid && \
|
||||
echo -e "$BUILDUSER:1:999\n$BUILDUSER:1001:64535" > /etc/subgid
|
||||
echo -e "$BUILDUSER:1:999\n$BUILDUSER:1001:64535" > /etc/subgid && \
|
||||
echo "@kubezero https://cdn.zero-downtime.net/alpine/${ALPINE}/kubezero" >> /etc/apk/repositories && \
|
||||
wget -q -O /etc/apk/keys/stefan@zero-downtime.net-61bb6bfb.rsa.pub https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub
|
||||
|
||||
COPY abuilder aarch64-toolchain.sh /usr/bin/
|
||||
|
||||
|
2
Makefile
2
Makefile
@ -4,7 +4,7 @@ REGION := us-east-1
|
||||
|
||||
include .ci/podman.mk
|
||||
|
||||
BUILDER := v3.18.4
|
||||
BUILDER := v3.19.1
|
||||
PKG := '*'
|
||||
CF_DIST := E11OFTOA3L8IVY
|
||||
|
||||
|
2
abuilder
2
abuilder
@ -11,7 +11,7 @@ if [ "$1" = 'aarch64-toolchain' ]; then
|
||||
else
|
||||
# Set ENV for cross compile for aarch64
|
||||
if [ "$2" = "cross-arm64" ]; then
|
||||
ALPINE="v3.18"
|
||||
ALPINE="v3.19"
|
||||
TARGET_ARCH=aarch64
|
||||
SUDO_APK=abuild-apk
|
||||
APORTS=/home/alpine/aports
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=aws-iam-authenticator
|
||||
pkgver=0.6.10
|
||||
pkgver=0.6.11
|
||||
pkgrel=0
|
||||
pkgdesc="AWS aws-iam-authenticator"
|
||||
url="https://github.com/kubernetes-sigs/aws-iam-authenticator"
|
||||
@ -20,5 +20,5 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
2b5da6dfbec1f5483ead8da280de8dd719b71157a9bfa4751c015dbc77a4f4c01a59486015cd2231ffb4232a0bf4a35ef843007605dd0b9fffd51ca0208f8fda aws-iam-authenticator-0.6.10.tar.gz
|
||||
6d78fbe95d6e36a7a3835b4df257e96fff3ab53fe4abd8ef525c24aebaf8727e2a6016107024bebe031b2e24295172190407ca892d1b3478329c62cdd9fe553f aws-iam-authenticator-0.6.11.tar.gz
|
||||
"
|
||||
|
@ -3,7 +3,7 @@
|
||||
# Contributor: TBK <alpine@jjtc.eu>
|
||||
# Maintainer: ungleich <foss@ungleich.ch>
|
||||
pkgname=cri-o
|
||||
pkgver=1.26.4
|
||||
pkgver=1.27.1
|
||||
pkgrel=0
|
||||
pkgdesc="OCI-based implementation of Kubernetes Container Runtime Interface"
|
||||
url="https://github.com/cri-o/cri-o/"
|
||||
@ -14,8 +14,8 @@ license="Apache-2.0"
|
||||
options="net chmod-clean !check"
|
||||
depends="
|
||||
cni-plugins
|
||||
conntrack-tools
|
||||
conmon
|
||||
conntrack-tools
|
||||
containers-common
|
||||
iproute2
|
||||
iptables
|
||||
@ -33,6 +33,7 @@ makedepends="
|
||||
libselinux-dev
|
||||
lvm2-dev
|
||||
ostree-dev
|
||||
sqlite-dev
|
||||
tzdata
|
||||
"
|
||||
checkdepends="bats cri-tools jq parallel sudo conmon"
|
||||
@ -40,9 +41,10 @@ subpackages="
|
||||
$pkgname-doc
|
||||
$pkgname-bash-completion
|
||||
$pkgname-zsh-completion
|
||||
$pkgname-fish-completion
|
||||
$pkgname-openrc
|
||||
"
|
||||
#$pkgname-fish-completion
|
||||
|
||||
source="
|
||||
$pkgname-$pkgver.tar.gz::https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz
|
||||
crio.conf
|
||||
@ -70,7 +72,7 @@ export GOBIN="$GOPATH/bin"
|
||||
|
||||
build() {
|
||||
# https://github.com/cri-o/cri-o/blob/master/install.md#build-tags
|
||||
make BUILDTAGS="seccomp selinux apparmor containers_image_openpgp containers_image_ostree_stub"
|
||||
make BUILDTAGS="libsqlite3 seccomp selinux apparmor containers_image_openpgp containers_image_ostree_stub"
|
||||
}
|
||||
|
||||
check() {
|
||||
@ -78,11 +80,17 @@ check() {
|
||||
}
|
||||
|
||||
package() {
|
||||
make DESTDIR="$pkgdir" PREFIX=/usr CRICTL_CONFIG_DIR="/etc/crio" OCIUMOUNTINSTALLDIR="/etc/crio" install
|
||||
make \
|
||||
DESTDIR="$pkgdir" \
|
||||
PREFIX=/usr \
|
||||
CRICTL_CONFIG_DIR="/etc/crio" \
|
||||
OCIUMOUNTINSTALLDIR="/etc/crio" \
|
||||
FISHINSTALLDIR=/usr/share/fish/vendor_completions.d \
|
||||
install.bin-nobuild install.man-nobuild install.completions install.config-nobuild
|
||||
|
||||
# We want it in etc so apk does not overwrite it
|
||||
mkdir -p "$pkgdir"/usr/share/oci-umount/oci-umount.d/
|
||||
ln -sf /etc/crio/crio-umount.conf "$pkgdir"/usr/share/oci-umount/oci-umount.d/crio-umount.conf
|
||||
ln -sf ../../../../etc/crio/crio-umount.conf "$pkgdir"/usr/share/oci-umount/oci-umount.d/crio-umount.conf
|
||||
|
||||
# The CNI plugins are recommended to be installed as examples
|
||||
install -Dm644 contrib/cni/*.conflist -t "$pkgdir"/usr/share/doc/cri-o/examples/cni/
|
||||
@ -95,9 +103,9 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
99bf6b438da236491fcc33ddaa28aeb381fc40c04138918be98fca1117132c5616598e4d758a6852071a67e4884895494b091c9206490a964a559723f77b84e7 cri-o-1.26.4.tar.gz
|
||||
27fb79141dd60c1744df8761a4d43603256f7f06e32d2f9c76be62b95dcf62924c7501d0461efabb013ae397c16030b6a2b037eeaae7a5daec7c28943f71bc7e cri-o-1.27.1.tar.gz
|
||||
1f60719677295c9c5c615eb25d9159bde0af68a132eee67747f57fe76642d457c98c896c6189f85637d7b4ac24ba55fd9eaeb1699f43c3c5077b645f72a479fb crio.conf
|
||||
cfc4c144931400023e6642fa0b9880f0e3c09c187542905ca56044cedafb5e1f1d49708e4352233abee4e02181155c02fc9688bf93202fc8d80dfc1ffc90699b crio.initd
|
||||
e9149cc2ddd24328c5290d3aea895c01e2798e066897535384f615a556496acdd52a603a0f4ac3c4c70bd5c363592f23c8b4d1987bf738300112fc62e1def555 crio.initd
|
||||
1115228546a696eeebeb6d4b3e5c3152af0c99a2559097fc5829d8b416d979c457b4b1789e0120054babf57f585d3f63cbe49949d40417ae7aab613184bf4516 crio.logrotated
|
||||
0a567dfa431ab1e53f2a351689be8d588a60cc5fcdbda403ec4f8b6ab9b1c18ad425f6c47f9a5ab1491e3a61a269dc4efa6a59e91e7521fa2b6bb165074aa8e0 cni-plugins-path.patch
|
||||
f9577aa7b1c90c6809010e9e406e65092251b6e82f6a0adbc3633290aa35f2a21895e1a8b6ba4b6375dcad3e02629b49a34ab16387e1c36eeb32c8f4dac74706 makefile-fix-install.patch
|
||||
|
@ -16,6 +16,7 @@ start_stop_daemon_args="-N 1 \
|
||||
|
||||
depend() {
|
||||
need net
|
||||
use dns
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
|
@ -1,11 +1,11 @@
|
||||
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
|
||||
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
|
||||
pkgname=cri-tools
|
||||
pkgver=1.26.1
|
||||
pkgrel=1
|
||||
pkgver=1.27.1
|
||||
pkgrel=0
|
||||
pkgdesc="CLI tool for Kubelet Container Runtime Interface (CRI)"
|
||||
url="https://github.com/kubernetes-sigs/cri-tools"
|
||||
arch="x86_64 aarch64 ppc64le s390x armv7 x86"
|
||||
arch="all !armhf"
|
||||
license="Apache-2.0"
|
||||
makedepends="go"
|
||||
options="!check" # no check available
|
||||
@ -27,5 +27,5 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
1900b5d22a20ab1f01c13832be4dcf1e9845b64afb3cdcb6169752bbb20a6e69dcbb6ccc8d31b9d4bf091bf81aa04b9979544586763ea985499f229e7ab2a39d cri-tools-1.26.1.tar.gz
|
||||
7e4349fa9a0a16d27fbde363a26978fe6e65a326d29b344f13cd2b43009f12f8cdf14fd9557ac29beb913d4258160e0fa4108d40378dd1216ff631922e40392e cri-tools-1.27.1.tar.gz
|
||||
"
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=ecr-credential-provider
|
||||
pkgver=1.26.1
|
||||
pkgver=1.27.1
|
||||
pkgrel=0
|
||||
pkgdesc="AWS Kubernetes ecr-credential-provider"
|
||||
url="https://github.com/kubernetes/cloud-provider-aws"
|
||||
@ -24,5 +24,5 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
59ec934a93b94290b0dce830a53301957842d8d45118471bb6eaa142b06dc37ed7f32e4c4a83f1f5341b0dda6745cfa7d8ebbac6d31378e3288857808f2aef71 ecr-credential-provider-1.26.1.tar.gz
|
||||
d7a28f4fb3cb2a1e7ee8d94405e3268608562af0ac509b51c32fcca19353eb68c87b023bd7dae1e84a76d9e856e4951cbc8a2260bab358d1eb492e47caedd29d ecr-credential-provider-1.27.1.tar.gz
|
||||
"
|
||||
|
@ -1,13 +1,16 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=falco-kernel
|
||||
pkgver=0.36.2
|
||||
_flavor=lts
|
||||
_extra_flavors=virt
|
||||
|
||||
pkgver=0.37.1
|
||||
pkgrel=0
|
||||
pkgname=falco-kernel-$_flavor
|
||||
pkgdesc="Falco kernel module"
|
||||
url="https://github.com/falcosecurity/falco"
|
||||
arch="x86_64 aarch64"
|
||||
license="AGPL-3.0"
|
||||
makedepends="cmake linux-virt-dev linux-headers"
|
||||
makedepends="cmake linux-$_flavor-dev linux-headers"
|
||||
# protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev jsoncpp-dev re2-dev"
|
||||
# perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev"
|
||||
options="!check"
|
||||
@ -17,34 +20,52 @@ source="
|
||||
"
|
||||
builddir="$srcdir/falco-$pkgver"
|
||||
|
||||
prepare() {
|
||||
[[ -d build ]] || mkdir build
|
||||
}
|
||||
for f in $_extra_flavors; do
|
||||
makedepends="$makedepends linux-$f-dev"
|
||||
subpackages="$subpackages falco-kernel-$f:_extra"
|
||||
done
|
||||
|
||||
build() {
|
||||
# Hack running the build inside a container other uname -r returns host kernel
|
||||
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
|
||||
for flavor in $_flavor $_extra_flavors; do
|
||||
mkdir -p $srcdir/falco-$pkgver/build-$flavor
|
||||
|
||||
cd build
|
||||
cmake .. \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DFALCO_VERSION=$pkgver \
|
||||
-DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DUSE_BUNDLED_DEPS=On \
|
||||
-DMUSL_OPTIMIZED_BUILD=On
|
||||
# Hack running the build inside a container other uname -r returns host kernel
|
||||
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-"$flavor"))
|
||||
|
||||
KERNELDIR=/lib/modules/$KERNEL_VERSION/build make driver
|
||||
cd $srcdir/falco-$pkgver/build-$flavor
|
||||
cmake .. \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DFALCO_VERSION=$pkgver \
|
||||
-DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DUSE_BUNDLED_DEPS=On \
|
||||
-DMUSL_OPTIMIZED_BUILD=On
|
||||
|
||||
KERNELDIR=/lib/modules/$KERNEL_VERSION/build make driver
|
||||
done
|
||||
}
|
||||
|
||||
_package() {
|
||||
local flavor=$1
|
||||
local _out=$2
|
||||
|
||||
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-"$flavor"))
|
||||
depends="linux-$flavor~$(echo $KERNEL_VERSION | sed -e 's/-.*$//')"
|
||||
|
||||
cd $srcdir/falco-$pkgver/build-$flavor
|
||||
mkdir -p "$_out"/lib/modules/$KERNEL_VERSION/kernel
|
||||
gzip -9 -c driver/falco.ko > "$_out"/lib/modules/$KERNEL_VERSION/kernel/falco.ko.gz
|
||||
}
|
||||
|
||||
package() {
|
||||
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
|
||||
depends="linux-virt~$(echo $KERNEL_VERSION | sed -e 's/-.*$//')"
|
||||
_package $_flavor $pkgdir
|
||||
}
|
||||
|
||||
cd $srcdir/falco-$pkgver/build
|
||||
mkdir -p "$pkgdir"/lib/modules/$KERNEL_VERSION/kernel
|
||||
gzip -9 -c driver/falco.ko > "$pkgdir"/lib/modules/$KERNEL_VERSION/kernel/falco.ko.gz
|
||||
_extra() {
|
||||
flavor=${subpkgname##*-}
|
||||
|
||||
_package $flavor $subpkgdir
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
dc648d9b0a625a02320ff0235bbf4f4940e7ba40c684a8a1f972d34f0a3447b4a34e665d7fbc0ee1ec9a014f65f81a304dc76b4ec804fc7b4e448f330b9474af falco-0.35.1.tar.gz
|
||||
257d526c4d3eadbe2c79852221fdb8076f94e421aa66753628770ae7384137b4672064cbe1ba0a4d88d14e8a7d08e2521d5bd82a312c4b1442d8ea6fbbbb2f28 falco-0.37.1.tar.gz
|
||||
"
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=falco
|
||||
pkgver=0.36.2
|
||||
pkgver=0.37.1
|
||||
pkgrel=0
|
||||
pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud"
|
||||
url="https://github.com/falcosecurity/falco"
|
||||
@ -11,10 +11,16 @@ makedepends="cmake linux-headers bash perl autoconf elfutils-dev libtool argp-st
|
||||
musl-fts-dev
|
||||
musl-libintl
|
||||
musl-legacy-error
|
||||
musl-obstack-dev
|
||||
"
|
||||
musl-obstack-dev "
|
||||
# protobuf-dev
|
||||
# c-ares-dev
|
||||
# openssl-dev
|
||||
# curl-dev
|
||||
# grpc-dev
|
||||
# yaml-cpp-dev
|
||||
# "
|
||||
options="!check"
|
||||
depends="falco-kernel~$pkgver"
|
||||
#depends="falco-kernel~$pkgver"
|
||||
|
||||
# Original config
|
||||
# https://raw.githubusercontent.com/falcosecurity/rules/main/rules/falco_rules.yaml
|
||||
@ -40,13 +46,15 @@ build() {
|
||||
-DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DFALCO_ETC_DIR=/etc/falco \
|
||||
-DUSE_BUNDLED_DEPS=On \
|
||||
-DMINIMAL_BUILD=On \
|
||||
-DUSE_DYNAMIC_LIBELF=Off \
|
||||
-DMUSL_OPTIMIZED_BUILD=On \
|
||||
-DBUILD_DRIVER=Off \
|
||||
-DBUILD_BPF=Off \
|
||||
-DBUILD_LIBSCAP_MODERN_BPF=Off \
|
||||
..
|
||||
|
||||
make falco
|
||||
make falco || bash
|
||||
}
|
||||
|
||||
package() {
|
||||
@ -65,7 +73,7 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
a3fef235ab4f3121bd0400827712652530ec417498c44ada8b6bf565f7631d035673b53dad94ea6ae9c854d45202ed71b2771f19e0c92eea3fc3503e5b75b02e falco-0.36.2.tar.gz
|
||||
257d526c4d3eadbe2c79852221fdb8076f94e421aa66753628770ae7384137b4672064cbe1ba0a4d88d14e8a7d08e2521d5bd82a312c4b1442d8ea6fbbbb2f28 falco-0.37.1.tar.gz
|
||||
b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08 falco.patch
|
||||
487b8b64d2399fd7b706be29e3722983bcdfde3ab5cf0f78b2e9fe1055a4ad958976f591e739491e25a06d7cdf6894c1e153e892a87b83c7a962e23c9a104528 rules.patch
|
||||
"
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=fluent-bit
|
||||
pkgver=2.1.10
|
||||
pkgver=2.2.2
|
||||
pkgrel=0
|
||||
pkgdesc="Fast and Lightweight Log processor and forwarder"
|
||||
url="https://fluentbit.io/"
|
||||
@ -101,9 +101,9 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
55caefa81cdeaf293b727829383c6eaa75bc2f8b8c61ebe15e1478c66033921fde6e50c39fc8c39a7d2d93d03892f709daf4d1b6caacf586133de5268de10299 fluent-bit-2.1.10.tar.gz
|
||||
681c1db0256d0b50d986194597b700f790726a1394b3ad92c92a26c95d04bf2b65203e94ef2aeb0f0b3403870748ec0ebbec2cd49548857fbadc5c745581452f fluent-bit-2.2.2.tar.gz
|
||||
f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949 fluent-bit.confd
|
||||
e17bad6abd597da620fdb930e3f18612a828dd956abf87ce850e2660b83db4d9ab7d373ab3a9bf1d07f605b5077998234ce4774007c0197cfbfdad465ca6b47a fluent-bit.initd
|
||||
8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f fluent-bit.initd
|
||||
6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0 chunkio-static-lib-fts.patch
|
||||
e3308a8377fb8ba496415b7a31e9e022e5aa9965d27a0c33ea5166a29049b72cb364bbcdf9d8611ef3407b0968f9bd4adff12cdb39728bbebd382710e5bc75d0 exclude-luajit.patch
|
||||
d61f30344af997f126486fa5b34cd3fbfe88bfc9aea394a8c60d0206f4db8db998eadf637a3a581b89512411c1e7980c414e236e455d5e2b889d20a556ee6577 xsi-strerror.patch
|
||||
|
@ -7,5 +7,5 @@ command_args="$fluentbit_opts"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
after firewall cloudbender
|
||||
after firewall
|
||||
}
|
||||
|
@ -5,12 +5,11 @@
|
||||
# Contributor: Dave <dj.2dixx@gmail.com>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=kubernetes
|
||||
pkgver=1.26.8
|
||||
pkgver=1.27.8
|
||||
pkgrel=0
|
||||
pkgdesc="Container Cluster Manager"
|
||||
url="https://kubernetes.io/"
|
||||
# ppc64le: failed to build
|
||||
arch="x86_64 aarch64 armv7 x86"
|
||||
arch="all !armhf !riscv64"
|
||||
license="Apache-2.0"
|
||||
options="!check chmod-clean net" # Tests hang
|
||||
|
||||
@ -72,18 +71,16 @@ _services="kube-apiserver kube-controller-manager kube-proxy kube-scheduler"
|
||||
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
|
||||
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
|
||||
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
|
||||
export FORCE_HOST_GO="y"
|
||||
|
||||
build() {
|
||||
hack/update-codegen.sh
|
||||
for _pkgs in $_agent $_cli $_services ; do
|
||||
make -j1 GOFLAGS="-buildmode=pie -v -tags=providerless" GOLDFLAGS="-extldflags=-static" WHAT=cmd/$_pkgs
|
||||
make -j1 GOFLAGS="$GOFLAGS -buildmode=pie -v -tags=providerless" GOLDFLAGS="-extldflags=-static" WHAT=cmd/$_pkgs
|
||||
done
|
||||
}
|
||||
|
||||
package() {
|
||||
for bin in $_agent $_cli $_services; do
|
||||
install -Dm755 _output/local/bin/linux/*/$bin "$pkgdir"/usr/bin/$bin
|
||||
install -Dm755 _output/local/go/bin/$bin "$pkgdir"/usr/bin/$bin
|
||||
done
|
||||
mkdir -p "$pkgdir"/etc/kubernetes
|
||||
}
|
||||
@ -208,7 +205,7 @@ _do_zshcomp() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
38649d4c8a85e236a8ceffe5bba5146cf1a4eb9191534707dd39443303f99d830e95dc4e9be0febfb2a8bd4d0b57f13b5cb883b51fea57306f1f2ceff2052d69 kubernetes-1.26.8.tar.gz
|
||||
ddc14d21ba470d24d115de67cdb801c742f04124101ff0e2741170971fdf6bcf0a75ef82807d63394dd8b06dc186a86cccf93a7aab4f9e49b922b981ce5ed8aa kubernetes-1.27.8.tar.gz
|
||||
5427c2e653504cfd5b0bcaf195d4734ee40947ddfebc9f155cd96dddccfc27692c29d94af4ac99f1018925b52995c593b584c5d7a82df2f185ebce1a9e463c40 make-e2e_node-run-over-distro-bins.patch
|
||||
94d07edfe7ca52b12e85dd9e29f4c9edcd144abc8d120fb71e2a0507f064afd4bac5dde30da7673a35bdd842b79a4770a03a1f3946bfae361c01dd4dc4903c64 make-test-cmd-run-over-hyperkube-based-kubectl.patch
|
||||
e690daff2adb1013c92124f32e71f8ed9a18c611ae6ae5fcb5ce9674768dbf9d911a05d7e4028488cda886e63b82e8ac0606d14389a05844c1b5538a33dd09d1 kube-apiserver.initd
|
||||
@ -223,7 +220,7 @@ d7e022ee22da191bda7382f87cb293d9c9d115a3df0c2054bf918279eb866f99c6d5c21e4c98eae8
|
||||
561bef5633ba4b9021720624443d9c279a561e5fabea76e5d0fbee2e7ad8999029a2511a45895fbec8448026212a3c5b4c197b248a6afa7f8bd945f705524ea7 kube-scheduler.initd
|
||||
af88b382ab75657d0ff13c3f8f6d924cef9f2df7807a9a27daa63495981801bc4b607998f65c0758c11a7e070e43c24f7184ba7720711109c74b1c4d57919e34 kube-scheduler.confd
|
||||
3692da349dd6ed0f5acc09d7b95ac562ffecb103e2270bebdfe4a7808d48dada9d2debff262d85b11c47f9ca3f0c20000712d03629ed813ff08a3e02d69267e6 kube-scheduler.logrotated
|
||||
7cb03bde52820c3ce8b10df1a16cf0b46b39d185e01b4d312400f70bba5875992ec71166539d3820cf59ddbabeb48dec7ae8185820646fae3f851c4cd144fe69 kubelet.initd
|
||||
372cdf2fbb24a229ed7b3450b54197c006928cb8d2fd756f2713e1e6961849c7aaa35b20b14fb75d1a12ef1e35258048738aa22b5f9783af8fa0a31dfd1b5bbd kubelet.initd
|
||||
44eb973de8ee8e0c5a77d76ab0e105fe0ae892be1ff86c238a5449b43f83cab6f844575b6c3218f08c5ff077e9f828f5aef72425c1d77546cce2e0136e8a8da8 kubelet.confd
|
||||
941f4a7579dcf78da2d323ac69195e95eba6600e6fcefe9231447f11c9867a7aa57b4189ee1fefb10eab19c89665ea2e7696b539c92e99fbcde905d2ff85be58 kubelet.logrotated
|
||||
"
|
||||
|
@ -24,5 +24,6 @@ pidfile="${KUBELET_PIDFILE:-/run/${RC_SVCNAME}.pid}"
|
||||
|
||||
depend() {
|
||||
after net cloudbender
|
||||
need cgroups crio
|
||||
need cgroups
|
||||
want containerd crio
|
||||
}
|
||||
|
@ -1,11 +1,11 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=kubezero
|
||||
pkgver=1.26
|
||||
pkgver=1.27
|
||||
pkgrel=0
|
||||
pkgdesc="KubeZero release package"
|
||||
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/kubezero"
|
||||
arch="noarch"
|
||||
arch="x86_64"
|
||||
license="AGPL-3.0"
|
||||
depends="
|
||||
podman
|
||||
@ -15,7 +15,7 @@ depends="
|
||||
kubelet~$pkgver
|
||||
kubectl~$pkgver
|
||||
ecr-credential-provider~$pkgver
|
||||
aws-iam-authenticator~0.6.10
|
||||
aws-iam-authenticator~0.6.11
|
||||
"
|
||||
options="!check"
|
||||
#install="$pkgname.post-install"
|
||||
@ -24,20 +24,26 @@ subpackages="
|
||||
$pkgname-imagecache
|
||||
"
|
||||
|
||||
IMAGES="
|
||||
quay.io/cilium/cilium:v1.14.4
|
||||
ghcr.io/k8snetworkplumbingwg/multus-cni:v3.9.3
|
||||
"
|
||||
|
||||
#multus_version="4.0.2"
|
||||
|
||||
source="
|
||||
shared-sys-fs.start
|
||||
evictLocalNode.sh
|
||||
credential-provider.yaml
|
||||
kubelet.monit
|
||||
crio.monit
|
||||
crio.conf
|
||||
"
|
||||
#multus-"$multus_version".tar.gz::https://github.com/k8snetworkplumbingwg/multus-cni/releases/download/v"$multus_version"/multus-cni_"$multus_version"_linux_amd64.tar.gz
|
||||
|
||||
IMAGES="
|
||||
quay.io/cilium/cilium:v1.13.5
|
||||
ghcr.io/k8snetworkplumbingwg/multus-cni:v3.9.3
|
||||
"
|
||||
|
||||
# get multus and cilium binaries and drop them in /usr/libexec/cni
|
||||
build() {
|
||||
# pre loaded images
|
||||
for i in $IMAGES; do
|
||||
IMAGE_NAME=$(echo $i | sed -e 's/.*\///' -e 's/:.*//')
|
||||
podman --storage-driver vfs pull $i
|
||||
@ -52,10 +58,15 @@ package() {
|
||||
mkdir -p $pkgdir/etc/kubernetes/manifests
|
||||
install -Dm644 "$srcdir"/credential-provider.yaml "$pkgdir/etc/kubernetes/credential-provider.yaml"
|
||||
|
||||
install -Dm644 "$srcdir"/kubelet.monit "$pkgdir/etc/monit.d/kubelet.conf"
|
||||
|
||||
# crio settings
|
||||
install -Dm644 "$srcdir"/crio.conf "$pkgdir/etc/crio/crio.conf.d/01-kubezero.conf"
|
||||
|
||||
# monit
|
||||
install -Dm644 "$srcdir"/kubelet.monit "$pkgdir/etc/monit.d/kubelet.conf"
|
||||
install -Dm644 "$srcdir"/crio.monit "$pkgdir/etc/monit.d/crio.conf"
|
||||
|
||||
# multus
|
||||
#install -Dm755 "$srcdir"/multus-cni_"$multus_version"_linux_amd64/multus $pkgdir/usr/libexec/cni/multus
|
||||
}
|
||||
|
||||
# Preload container images all nodes need to speed up boot time and reduce data transfer
|
||||
@ -71,7 +82,8 @@ imagecache() {
|
||||
sha512sums="
|
||||
ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc58de8bf577059e6f19b417655b5301ef8c32deff67a29dff shared-sys-fs.start
|
||||
fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593 evictLocalNode.sh
|
||||
716ec3404d7016bce57d663f750a18db3ede07c1ba7a2908f9f01f41c5ca8fe4e7232ded27bc2bccd705b11ae5cd26574322a8eacefcf8c102bba0f8e4995e59 credential-provider.yaml
|
||||
92499ec9a8b3634c42b16c01d27f1c1bb650bcc074a2c8d9d16cfe2ea08942948989c6aae79bd2df562ff17df11bbc329e0971f15c4e64f944457825dee7aa79 credential-provider.yaml
|
||||
8b81eb0fb66e6a739965db6af6a31c443e8f612c06146bd51107372abd833b527423299ee11b27e011f46cfbee11415234b3fa0dea695dbbb06711e0ad58f08d kubelet.monit
|
||||
e801df9ede6065395db75154735ca9368882d4225452a33f2b54b98cd0c4f3ceb730762d8745c6aea350a3a50a1df0c79ab46f422f94e9a40e621528e9d82055 crio.monit
|
||||
064fc245b7ffd67834a2f5fd13cb0bcb5f4a5caf79b8113b3669bf1d0e1a4af2042e69f8f496991de76d621fd01bc7e67de37c59f034584d12622c6af96376ff crio.conf
|
||||
"
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: kubelet.config.k8s.io/v1alpha1
|
||||
apiVersion: kubelet.config.k8s.io/v1
|
||||
kind: CredentialProviderConfig
|
||||
providers:
|
||||
- name: ecr-credential-provider
|
||||
@ -9,4 +9,4 @@ providers:
|
||||
- "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"
|
||||
- "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"
|
||||
defaultCacheDuration: "12h"
|
||||
apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
|
||||
apiVersion: credentialprovider.kubelet.k8s.io/v1
|
||||
|
4
kubezero/kubezero/crio.monit
Normal file
4
kubezero/kubezero/crio.monit
Normal file
@ -0,0 +1,4 @@
|
||||
check process crio pidfile /run/crio.pid
|
||||
start program = "/sbin/rc-service crio start"
|
||||
stop program = "/sbin/rc-service crio stop"
|
||||
restart program = "/sbin/rc-service crio restart"
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=zdt-base
|
||||
pkgver=0.3.18
|
||||
pkgver=0.3.19
|
||||
pkgrel=0
|
||||
pkgdesc="ZeroDownTime Alpine additions and customizations"
|
||||
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
|
||||
@ -31,6 +31,7 @@ source="
|
||||
route53.py
|
||||
get_iam_sshkeys.py
|
||||
uniq_hostname.py
|
||||
write_parameters.py
|
||||
"
|
||||
|
||||
build() {
|
||||
@ -83,19 +84,20 @@ aws() {
|
||||
install -Dm755 "$srcdir"/route53.py "$subpkgdir"/usr/sbin/route53.py
|
||||
install -Dm755 "$srcdir"/uniq_hostname.py "$subpkgdir"/usr/sbin/uniq_hostname.py
|
||||
install -Dm755 "$srcdir"/get_iam_sshkeys.py "$subpkgdir"/usr/sbin/get_iam_sshkeys.py
|
||||
install -Dm755 "$srcdir"/write_parameters.py "$subpkgdir"/usr/sbin/write_parameters.py
|
||||
|
||||
# Cloudbender SNS integration
|
||||
install -Dm755 "$srcdir"/monit_alert.sh.aws "$pkgdir"/usr/bin/monit_alert.sh
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
a870cc7657757770fb573a0fb5df61887d1b9d2a6a57b3ee8be93a7dfb34df6a1d489cd5572ab273dfe896b97faad7e7479571f993a3e13cfefe24c4720bcbf4 common.sh
|
||||
2ddef702aae2783335c8b2836daa00a279d253c33b27170a0979d283d06d7ac666750fa026d2d2eed5759e7d6fd54ea898971fabe1e343ee1d09ffed42cf6355 common.sh
|
||||
7f6a69a77d6a4a3c34928609108b7939cd43a892d72fb14bebc1d935cd66eda3bd625d15eebb4d6026715b36b12919fcaf863ed5f65ffdc0e2de9fc1b969cb3e boot.sh
|
||||
ee19dcc0b46bdff8581c2661cda69fd8a3fa2de4dd30d96a4ce438b2536043a9f0bc57a6b0d4056e2715a2663a89bc1b07ec33798d5430a2046a65069a327cda cloudbender-early.init
|
||||
df610d896c6b2821925df8d65ab44a0008b31e5b738172076234ae7645e8ef7e25d710c43f9b3999fb3f0303ccd81b57327c2e7694e1fc3f790abdbc77e0a097 cloudbender.init
|
||||
b9479835d8667fa99f8b1b140f969f0464a9bb3c60c7d19b57e306cfe82357d453932791e446caded71fddd379161ae8328367f1ee75ae3afc1b85e12294b621 zdt-sysctl.conf
|
||||
eb7d5b6f92f500dbaba04a915cdd8d66e90456ca86bed86b3a9243f0c25577a9aa42c2ba28c3cad9dda6e6f2d14363411d78eff35656c7c60a6a8646f43dcba5 cloudbender-early.init
|
||||
336a211e6708432f185c911d0c990209c5af79f289d5cc331e0542e258e0309616e1386efd660d5439928562feaf3559970f66e950f9ce6e5aaf20c334596143 cloudbender.init
|
||||
06102e56c847637f705d0b29b05b07fbbb2bda9ba69f0a7fe1d716126d3b1c7922fb0df159199809908fa0dc143209775edb1dd5976faa84244dbcaa45f00364 zdt-sysctl.conf
|
||||
76e6a4f309f31bfa07de2d3b1faebe5670722752e18157b69d6e868cbe9e85eda393aed0728b0347a01a810eee442844c78259f86ff71e3136a013f4cbfaaea4 ps_mem.py
|
||||
5376f4bf8356ce9249c45e78085073245181e8742c7b4be47c71dcd97a611ae125a7dfd3060502bdd591560af070334f89fe60dbc09c008926149c538ab0560a syslog-ng.conf
|
||||
44b2dcf90709a51e4d804d4bb22eb866aa678089647b33b253a48fe29861e4ae85312b23f8a7ab8a20ed184bd6f341e9b919f3d1586f1c0d9c350b8206b29e04 syslog-ng.conf
|
||||
484bdcf001b71ce5feed26935db437c613c059790b99f3f5a3e788b129f3e22ba096843585309993446a88c0ab5d60fd0fa530ef3cfb6de1fd34ffc828172329 syslog-ng.logrotate.conf
|
||||
e86eed7dd2f4507b04050b869927b471e8de26bc7d97e7064850478323380a0580a92de302509901ea531d6e3fa79afcbf24997ef13cd0496bb3ee719ad674ee syslog-ng.apparmor
|
||||
f8c052c7ec12c71937c7b8bc05d8374c588f345e303b30eda9c8612dff8f8f34a87a433648a3e9b85b278196ece198533b29680a303ff6478171d43f8e095189 dhcpcd-mtu.hook
|
||||
@ -107,4 +109,5 @@ c3e72cd92936b03f2b9eab5e97e9a12fcddcdf2c943342e42e7702e2d2407e00859c62dc9b4de337
|
||||
816049360aa442f9e9aa4d6525795913cfe3dc7c6c14dc4ccad59c0880500f9d42f198edc442fe036bc84ba2690d9c5bc8ae622341d8276b3f14947db6b879b1 route53.py
|
||||
7da28446762a36a6737c5b30becbce78775bd943b4d0c5ef938a50f49b4f51f66708434aa79004c19d16c56c83f54c8d6d68e1502ebc250c73f8aae12bed83c0 get_iam_sshkeys.py
|
||||
ae1941fc45e61fa8d211f5ef7eff2dd01510a6d364c4302cab267812321a10e7434ecc8d8c9263d8671ce5604d04d6531601bf42886a55fb6aec7f321651e1dc uniq_hostname.py
|
||||
ee4264337d86ad99ba6cf9ec3017986c804ac208c0beb5fc8651345bd277bb6de03e7c3a8c1b751767647be48f9d45ac47a7d14cf040d9c827780984394e826d write_parameters.py
|
||||
"
|
||||
|
@ -1,7 +1,8 @@
|
||||
#!/sbin/openrc-run
|
||||
# vim:set ts=8 noet ft=sh:
|
||||
|
||||
description="CloudBender early tasks (no network / metadata available yet)"
|
||||
# no network / metadata available yet
|
||||
description="CloudBender early tasks"
|
||||
|
||||
depend() {
|
||||
need fsck root
|
||||
|
@ -13,6 +13,8 @@ depend() {
|
||||
start() {
|
||||
source /usr/lib/cloudbender/common.sh
|
||||
|
||||
ebegin "CloudBender"
|
||||
|
||||
get_meta_data
|
||||
import_meta_data
|
||||
|
||||
@ -34,6 +36,7 @@ start() {
|
||||
|
||||
register_service_dns
|
||||
|
||||
is_enabled $PROMETHEUS_ENABLED && setup_prometheus $PROMETHEUS_ALLOW
|
||||
is_enabled $LOGGING_ENABLED && setup_fluentbit $LOGGING_HOST
|
||||
|
||||
# cleanup previous reboot logs
|
||||
@ -50,7 +53,7 @@ stop() {
|
||||
|
||||
unmount_volumes "$VOLUMES"
|
||||
|
||||
[ -n "$DEBUG" ] && [ -r /tmp/shutdown.log ] && SHUTDOWNLOG="$(cat /tmp/shutdown.log)"
|
||||
is_enabled $ZDT_CLOUDBENDER_DEBUG && [ -r /tmp/shutdown.log ] && SHUTDOWNLOG="$(cat /tmp/shutdown.log)"
|
||||
|
||||
[ -n "$RC_REBOOT" ] && ACTION="rebooting" || ACTION="terminated"
|
||||
[ -z "$DISABLE_SCALING_EVENTS" ] && /var/lib/cloud/sns_alarm.sh "Instance $ACTION" "" Info "$SHUTDOWNLOG"
|
||||
|
@ -10,6 +10,17 @@ _imds() {
|
||||
"http://$IMDS_ENDPOINT/$IMDS_URI/$1$IMDS_QUERY"
|
||||
}
|
||||
|
||||
# boolean flags
|
||||
is_enabled() {
|
||||
local flag=$(echo "$1" | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
[ "$flag" == 1 -o "$flag" == "true" ] && return 0
|
||||
[ "$flag" == 0 -o "$flag" == "false" -o "$flag" == "none" -o -z "$flag" ] && return 1
|
||||
|
||||
log -t user-data warn "Unknown value for boolean option: $flag - assuming False"
|
||||
return 1
|
||||
}
|
||||
|
||||
# Todo: This should go into a yaml file
|
||||
query_imds() {
|
||||
MAC=$(_imds meta-data/mac)
|
||||
@ -71,12 +82,8 @@ import_meta_data() {
|
||||
export AWS_DEFAULT_REGION=$REGION
|
||||
export AWS_DEFAULT_OUTPUT=text
|
||||
|
||||
# some basic logic
|
||||
if [ "$DEBUG" == "None" -o "$DEBUG" == "False" ]; then
|
||||
unset DEBUG
|
||||
|
||||
LAUNCH_HOOK="CloudBenderLaunchHook"
|
||||
fi
|
||||
# Enabled LaunchHooks if not DEBUG
|
||||
is_enabled $ZDT_CLOUDBENDER_DEBUG || LAUNCH_HOOK="CloudBenderLaunchHook"
|
||||
|
||||
# Workaround for current CFN ASG_<parameter> hack
|
||||
_key=$(echo $AWS_CLOUDFORMATION_LOGICAL_ID | tr '[:lower:]' '[:upper:]')
|
||||
@ -102,14 +109,14 @@ setup_instance() {
|
||||
|
||||
add_once /etc/hosts "${IP_ADDRESS} ${_META_HOSTNAME} ${HOSTNAME}"
|
||||
|
||||
# Set system wide default region for boto3
|
||||
echo "export AWS_DEFAULT_REGION=$REGION" > /etc/profile.d/aws.sh
|
||||
|
||||
# workaround for dhcpcd / openresolv to omit search domain if equal to domain breaking DNS resolution of shortnames for eg. etcd and kube-apiserver
|
||||
add_once /etc/resolv.conf "search $DOMAIN_NAME"
|
||||
|
||||
case "$CLOUD" in
|
||||
aws)
|
||||
# Set system wide default region for boto3
|
||||
echo "export AWS_DEFAULT_REGION=$REGION" > /etc/profile.d/aws.sh
|
||||
|
||||
setup_sns_alarms
|
||||
;;
|
||||
*)
|
||||
@ -139,7 +146,7 @@ configure_sshd() {
|
||||
sed -i -e 's,^[\s#]*AuthorizedKeysCommand\s.*,AuthorizedKeysCommand /usr/sbin/get_iam_sshkeys.py --user %u --group '$group' --iamRole "'$role'",' /etc/ssh/sshd_config
|
||||
sed -i -e 's,^[\s#]*AuthorizedKeysCommandUser\s.*,AuthorizedKeysCommandUser nobody,' /etc/ssh/sshd_config
|
||||
|
||||
ebegin "added $group to SSH admin keys"
|
||||
einfo "added $group to SSH admin keys"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
@ -294,7 +301,7 @@ mount_volumes() {
|
||||
mkdir -p $volPath
|
||||
mount -t xfs -o noatime $volDevice $volPath
|
||||
|
||||
ebegin "mounting $volDevice at $volPath"
|
||||
einfo "mounting $volDevice at $volPath"
|
||||
done
|
||||
}
|
||||
|
||||
@ -311,17 +318,6 @@ unmount_volumes() {
|
||||
# msg used for sns event, last one wins
|
||||
msg() { MSG="$@"; log -t user-data info "$@"; }
|
||||
|
||||
# boolean flags
|
||||
is_enabled() {
|
||||
local flag=$(echo "$1" | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
[ "$flag" == 1 -o "$flag" == "true" ] && return 0
|
||||
[ "$flag" == 0 -o "$flag" == "false" -o -z "$flag" ] && return 1
|
||||
|
||||
log -t user-data warn "Unknown value for boolean option: $flag - assuming False"
|
||||
return 1
|
||||
}
|
||||
|
||||
# Generic retry command wrapper, incl. timeout of 30s
|
||||
# $1 = number of tries; 0 = forever
|
||||
# $2 = number of seconds to sleep between tries
|
||||
@ -373,6 +369,29 @@ asg_heartbeat() {
|
||||
[ -n "$LAUNCH_HOOK" ] && aws autoscaling record-lifecycle-action-heartbeat --instance-id $INSTANCE_ID --lifecycle-hook-name $LAUNCH_HOOK --auto-scaling-group-name $AWS_AUTOSCALING_GROUPNAME || true
|
||||
}
|
||||
|
||||
# upload various useful logs to s3 if configured
|
||||
upload_debug_logs(){
|
||||
[ -z $ZDT_CLOUDBENDER_DEBUG_REMOTELOGS ] && return 0
|
||||
|
||||
local s3Url="$ZDT_CLOUDBENDER_DEBUG_REMOTELOGS/$INSTANCE_ID/$(date +'%Y%m%d-%H%M%Z')"
|
||||
local _tmp=$(mktemp -d)
|
||||
|
||||
ps -ef > ${_tmp}/process.list
|
||||
cp /var/log/messages \
|
||||
/var/log/rc.log \
|
||||
/var/log/user-data.log \
|
||||
/etc/cloudbender.conf \
|
||||
/var/lib/cloud/meta-data \
|
||||
/var/log/kubelet/kubelet.log \
|
||||
/var/log/crio/crio.log \
|
||||
$_tmp
|
||||
|
||||
tar cfz /tmp/debuglogs.tgz -C $_tmp .
|
||||
aws s3 cp /tmp/debuglogs.tgz $s3Url/debuglogs.tgz
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
setup_sns_alarms() {
|
||||
# store SNS message json template
|
||||
cat <<EOF > /var/lib/cloud/sns_alarm.json
|
||||
@ -434,7 +453,7 @@ exit_trap() {
|
||||
MSG="$ERR_CMD"
|
||||
fi
|
||||
|
||||
if [ -n "$DEBUG" ]; then
|
||||
if [ -n "$ZDT_CLOUDBENDER_DEBUG" ]; then
|
||||
SUBJECT="$SUBJECT Instance kept running for debug."
|
||||
else
|
||||
SUBJECT="$SUBJECT Instance terminated by ASG lifecycle hook."
|
||||
@ -462,8 +481,10 @@ exit_trap() {
|
||||
end_uptime=$(awk '{print $1}' < /proc/uptime)
|
||||
log -t user-data info "Exiting user-data. Duration: $(echo "$end_uptime-$start_uptime" | bc) seconds"
|
||||
|
||||
# Shutdown / poweroff if we ran into error and not DEBUG
|
||||
[ $ERR_CODE -ne 0 -a -z "$DEBUG" ] && poweroff
|
||||
# if we ran into error, either upload debug files or poweroff
|
||||
if [ $ERR_CODE -ne 0 ]; then
|
||||
is_enabled $ZDT_CLOUDBENDER_DEBUG && upload_debug_logs || poweroff
|
||||
fi
|
||||
|
||||
exit 0
|
||||
}
|
||||
@ -575,6 +596,8 @@ EOF
|
||||
|
||||
# Short cut our public IP to private one to allow talking to our own service name
|
||||
add_once /etc/hosts "${IP_ADDRESS} ${SERVICENAME}.${DNSZONE}"
|
||||
|
||||
log -t user-data info "Registered $_IP with ${SERVICENAME}.$DNSZONE"
|
||||
fi
|
||||
}
|
||||
|
||||
@ -646,17 +669,17 @@ register_routes() {
|
||||
}
|
||||
|
||||
|
||||
setup_nat() {
|
||||
local mode=$1
|
||||
setup_prometheus() {
|
||||
rc-update add node-exporter default
|
||||
rc-service node-exporter start
|
||||
|
||||
# Masquerade all outgoing traffic
|
||||
iptables -t nat -A POSTROUTING -o $DEFAULT_GW_INTERFACE -s ${VPC_CIDR_RANGE} -j MASQUERADE
|
||||
log -t user-data info "Enabled and started Prometheus node-exporter"
|
||||
}
|
||||
|
||||
|
||||
setup_fluentbit() {
|
||||
local key="cloudbender"
|
||||
local host="$1"
|
||||
local host="${1:-fluentd}"
|
||||
|
||||
if [[ "$host" =~ "@" ]]; then
|
||||
key=${host%%@*}
|
||||
@ -693,4 +716,9 @@ EOF
|
||||
|
||||
## TODO:
|
||||
# Add parameter parsing for custom logfile tailing
|
||||
|
||||
rc-update add fluent-bit default
|
||||
rc-service fluent-bit start
|
||||
|
||||
log -t user-data info "Enabled and started fluent-bit logging agent sending logs to $host"
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
# syslog-ng, format all json into messages
|
||||
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.23/administration-guide/63#TOPIC-1268643
|
||||
|
||||
@version: 4.1
|
||||
@version: 4.5
|
||||
@include "scl.conf"
|
||||
|
||||
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
|
||||
@ -15,8 +15,9 @@ destination d_mesg { file("/var/log/messages" template("$(format-json time=\"$UN
|
||||
|
||||
# filter ipvs loggging each SYN to closed port
|
||||
# IPVS: rr: TCP 10.52.82.199:31021 - no destination available
|
||||
filter f_drop_ipvs { not (facility(kern) and match("IPVS: rr:.*no destination available" value("MESSAGE"))); };
|
||||
# filter f_drop_ipvs { not (facility(kern) and match("IPVS: rr:.*no destination available" value("MESSAGE"))); };
|
||||
# "message":"net_ratelimit: 16 callbacks suppressed"
|
||||
filter f_drop_ipvs_ratelimit { not (facility(kern) and match("net_ratelimit:.*callbacks suppressed" value("MESSAGE"))); };
|
||||
# filter f_drop_ipvs_ratelimit { not (facility(kern) and match("net_ratelimit:.*callbacks suppressed" value("MESSAGE"))); };
|
||||
# log { source(s_sys); filter(f_drop_ipvs); filter(f_drop_ipvs_ratelimit); destination(d_mesg); };
|
||||
|
||||
log { source(s_sys); filter(f_drop_ipvs); filter(f_drop_ipvs_ratelimit); destination(d_mesg); };
|
||||
log { source(s_sys); destination(d_mesg); };
|
||||
|
63
kubezero/zdt-base/write_parameters.py
Normal file
63
kubezero/zdt-base/write_parameters.py
Normal file
@ -0,0 +1,63 @@
|
||||
#!/usr/bin/python3
|
||||
import os
|
||||
import boto3
|
||||
import argparse
|
||||
|
||||
parser = argparse.ArgumentParser(
|
||||
description="Get SSM parameters beyond <path> and write to files")
|
||||
parser.add_argument(
|
||||
"--path",
|
||||
dest="path",
|
||||
action="store",
|
||||
required=True,
|
||||
help="SSM parameter path")
|
||||
parser.add_argument(
|
||||
"--root",
|
||||
dest="root",
|
||||
action="store",
|
||||
required=True,
|
||||
help="root filesystem path to create files")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
session = boto3.Session()
|
||||
awsSSMClient = session.client('ssm')
|
||||
|
||||
|
||||
def get_parameters_by_path(nextToken=None):
|
||||
params = {
|
||||
'Path': args.path,
|
||||
'Recursive': True,
|
||||
'WithDecryption': True
|
||||
}
|
||||
if nextToken is not None:
|
||||
params['NextToken'] = nextToken
|
||||
return awsSSMClient.get_parameters_by_path(**params)
|
||||
|
||||
|
||||
def getParameters():
|
||||
nextToken = None
|
||||
while True:
|
||||
response = get_parameters_by_path(nextToken)
|
||||
parameters = response['Parameters']
|
||||
if len(parameters) == 0:
|
||||
break
|
||||
for parameter in parameters:
|
||||
yield parameter
|
||||
if 'NextToken' not in response:
|
||||
break
|
||||
nextToken = response['NextToken']
|
||||
|
||||
|
||||
for parameter in getParameters():
|
||||
file_name = os.path.join(
|
||||
args.root, parameter["Name"].removeprefix(
|
||||
args.path).lstrip("/"))
|
||||
|
||||
os.makedirs(os.path.dirname(file_name), mode=0o755, exist_ok=True)
|
||||
|
||||
#print(f'{file_name}={parameter["Value"]}')
|
||||
|
||||
with open(file_name, "w") as file:
|
||||
file.write(parameter["Value"])
|
@ -13,3 +13,4 @@ net.ipv4.ip_forward_use_pmtu = 0
|
||||
kernel.panic = 10
|
||||
kernel.panic_on_oops = 1
|
||||
vm.oom_dump_tasks = 0
|
||||
vm.max_map_count=262144
|
||||
|
Loading…
Reference in New Issue
Block a user