Skip to content

Commit

Permalink
update to 1.27.3
Browse files Browse the repository at this point in the history
Signed-off-by: Anurag <81210977+kranurag7@users.noreply.github.com>
  • Loading branch information
kranurag7 authored and guettli committed Dec 6, 2023
1 parent 82b5a12 commit 4790a16
Show file tree
Hide file tree
Showing 10 changed files with 376 additions and 6 deletions.
2 changes: 1 addition & 1 deletion Tiltfile
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ settings = {
"HCLOUD_REGION": "fsn1",
"CONTROL_PLANE_MACHINE_COUNT": "3",
"WORKER_MACHINE_COUNT": "3",
"KUBERNETES_VERSION": "v1.25.2",
"KUBERNETES_VERSION": "v1.27.3",
"HCLOUD_IMAGE_NAME": "test-image",
"HCLOUD_CONTROL_PLANE_MACHINE_TYPE": "cpx31",
"HCLOUD_WORKER_MACHINE_TYPE": "cpx31",
Expand Down
2 changes: 1 addition & 1 deletion hack/kind-dev.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ set -o errexit
set -o pipefail
set -x

K8S_VERSION=v1.25.2
K8S_VERSION=v1.27.3

REPO_ROOT=$(git rev-parse --show-toplevel)
cd "${REPO_ROOT}" || exit 1
Expand Down
53 changes: 53 additions & 0 deletions templates/node-image/1.27.3-ubuntu-22-04-containerd/image.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"variables": {
"hcloud_token": "{{env `HCLOUD_TOKEN`}}",
"scripts": "{{template_dir}}/scripts",
"os": "ubuntu-22.04",
"arch": "amd64",
"image-name": "1.27.3-ubuntu-22.04-containerd",
"version": "{{isotime \"2006-01-02-1504\"}}"
},
"sensitive-variables": ["hcloud_token"],
"builders": [
{
"type": "hcloud",
"token": "{{user `hcloud_token`}}",
"image": "{{user `os`}}",
"location": "fsn1",
"server_type": "cx21",
"ssh_username": "root",
"snapshot_name": "{{user `image-name`}}-{{user `version`}}",
"snapshot_labels": {
"caph-image-name": "{{user `image-name`}}-{{user `version`}}"
}
}
],
"provisioners": [
{
"type": "shell",
"environment_vars": [
"PACKER_OS_IMAGE={{user `os`}}",
"PACKER_ARCH={{user `arch`}}"
],
"scripts": [
"{{user `scripts`}}/base.sh",
"{{user `scripts`}}/cilium-requirements.sh",
"{{user `scripts`}}/cri.sh",
"{{user `scripts`}}/kubernetes.sh",
"{{user `scripts`}}/cleanup.sh"
]
}
],
"post-processors": [
[
{
"output": "manifest.json",
"strip_path": false,
"type": "manifest",
"custom_data": {
"snapshot_label": "{{user `image-name`}}-{{user `version`}}"
}
}
]
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/bin/sh
# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

PACKER=$1
shift
export HCLOUD_TOKEN=test
exec $PACKER validate "$@"
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
#!/bin/bash

# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

echo '--> Starting Base Installation.'
# Set locale
localectl set-locale LANG=en_US.UTF-8
localectl set-locale LANGUAGE=en_US.UTF-8

# update all packages
apt-get update -y

# install basic tooling
apt-get -y install \
at jq unzip wget socat mtr logrotate apt-transport-https

# Install yq
YQ_VERSION=v4.20.1 #https://github.com/mikefarah/yq
YQ_BINARY=yq_linux_${PACKER_ARCH}
wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY} -O /usr/bin/yq &&\
chmod +x /usr/bin/yq

echo '--> Starting Base Configuration.'

## disable swap
sed -i '/swap/d' /etc/fstab

echo '--> Starting Logrotate.'
# Content from: https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh#L509

cat > /etc/logrotate.d/allvarlogs <<"EOF"
/var/log/*.log {
rotate 5
copytruncate
missingok
notifempty
compress
maxsize 25M
daily
dateext
dateformat -%Y%m%d-%s
create 0644 root root
}
EOF

cat > /etc/logrotate.d/allpodlogs <<"EOF"
/var/log/pods/*/*.log {
rotate 3
copytruncate
missingok
notifempty
compress
maxsize 5M
daily
dateext
dateformat -%Y%m%d-%s
create 0644 root root
}
EOF

Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/bin/bash

# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

echo '--> Starting cilium requirements.'
# mount bpfs for cilium
cat > /etc/systemd/system/sys-fs-bpf.mount <<EOF
[Unit]
Description=Cilium BPF mounts
Documentation=https://docs.cilium.io/
DefaultDependencies=no
Before=local-fs.target umount.target
After=swap.target
[Mount]
What=bpffs
Where=/sys/fs/bpf
Type=bpf
Options=rw,nosuid,nodev,noexec,relatime,mode=700
[Install]
WantedBy=multi-user.target
EOF

systemctl enable sys-fs-bpf.mount

# Cilium 1.9 Requirements
# Set up required sysctl params, these persist across reboots.
cat > /etc/sysctl.d/99-cilium.conf <<EOF
net.ipv4.conf.lxc*.rp_filter = 0
EOF

# Cilium 1.13 Requirements
# https://docs.cilium.io/en/v1.13/operations/system_requirements/#systemd-based-distributions
cat > /etc/systemd/networkd.conf <<EOF
[Network]
ManageForeignRoutes=no
ManageForeignRoutingPolicyRules=no
EOF
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
#!/bin/bash

# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

echo '--> Starting Cleanup.'
# Ensure we don't leave SSH host keys
rm -rf /etc/ssh/ssh_host_*

# Performs cleanup of temporary files for the currently enabled repositories.
apt-get -y autoremove
apt-get -y clean all
98 changes: 98 additions & 0 deletions templates/node-image/1.27.3-ubuntu-22-04-containerd/scripts/cri.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
#!/bin/bash

# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

echo '--> Starting CRI Script.'
# Prerequisites
cat <<'EOF' | tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

# Setting up sysctl properties
echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf
echo fs.inotify.max_user_instances=8192 | sudo tee -a /etc/sysctl.conf
echo vm.max_map_count=524288 | sudo tee -a /etc/sysctl.conf

# Set up required sysctl params, these persist across reboots.
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<'EOF'
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

# Required by protectedKernelDefaults=true
cat > /etc/sysctl.d/99-kubelet.conf <<'EOF'
vm.overcommit_memory=1
kernel.panic=10
kernel.panic_on_oops=1
EOF

# Apply sysctl params without reboot
sysctl --system

CRUN=1.6 # https://github.com/containers/crun/releases
CONTAINERD=1.6.8 # https://github.com/containerd/containerd/releases

# Install containerd
wget https://github.com/containerd/containerd/releases/download/v${CONTAINERD}/cri-containerd-cni-${CONTAINERD}-linux-${PACKER_ARCH}.tar.gz
wget https://github.com/containerd/containerd/releases/download/v${CONTAINERD}/cri-containerd-cni-${CONTAINERD}-linux-${PACKER_ARCH}.tar.gz.sha256sum
sha256sum --check cri-containerd-cni-${CONTAINERD}-linux-${PACKER_ARCH}.tar.gz.sha256sum
tar --no-overwrite-dir -C / -xzf cri-containerd-cni-${CONTAINERD}-linux-${PACKER_ARCH}.tar.gz

# Cleanup
rm -f cri-containerd-cni-${CONTAINERD}-linux-${PACKER_ARCH}.tar.gz cri-containerd-cni-${CONTAINERD}-linux-${PACKER_ARCH}.tar.gz.sha256sum

# Install crun
wget https://github.com/containers/crun/releases/download/$CRUN/crun-$CRUN-linux-${PACKER_ARCH} -O /usr/local/sbin/crun && chmod +x /usr/local/sbin/crun

mkdir -p /etc/containerd

cat <<'EOF' | sudo tee /etc/containerd/config.toml
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.crun.options]
BinaryName = "crun"
Root = "/usr/local/sbin"
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "crun"
[plugins."io.containerd.runtime.v1.linux"]
runtime = "crun"
runtime_root = "/usr/local/sbin"
EOF

rm -f /etc/cni/net.d/10-containerd-net.conflist

# Sets permission accordingly to CIS Benchmark
chmod -R 644 /etc/cni
chown -R root:root /etc/cni

# enable systemd service after next boot
systemctl daemon-reload
systemctl enable containerd
systemctl start containerd
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
#!/bin/bash

# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -o errexit
set -o nounset
set -o pipefail

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.27/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update

# Check actual version: https://github.com/kubernetes/kubernetes/releases
KUBERNETES_VERSION=1.27.3 # https://kubernetes.io/releases/#release-history

apt-get install -y kubelet=$KUBERNETES_VERSION-1.1 kubeadm=$KUBERNETES_VERSION-1.1 kubectl=$KUBERNETES_VERSION-1.1 bash-completion
apt-mark hold kubelet kubectl kubeadm

systemctl enable kubelet

kubeadm config images pull --kubernetes-version $KUBERNETES_VERSION

# enable completion
echo 'source <(kubectl completion bash)' >>~/.bashrc

# set the kubeadm default path for kubeconfig
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >>~/.bashrc


Loading

0 comments on commit 4790a16

Please sign in to comment.