Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

imagebuilder: Add stretch images for 1.16 and 1.17 #127

Merged
merged 1 commit into from
Feb 12, 2020
Merged

imagebuilder: Add stretch images for 1.16 and 1.17 #127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions images/kube-deploy/imagebuilder/aws-1.16-stretch.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Cloud: aws
TemplatePath: templates/1.16-stretch.yml
Tags:
k8s.io/kernel: "4.9"
k8s.io/version: "1.16"
k8s.io/family: "default"
k8s.io/distro: "debian"
k8s.io/ssh-user: "admin"
# Ensure the image is repeatable - really we should be locking to a tag
BootstrapVZRepo: https://github.com/justinsb/bootstrap-vz.git
BootstrapVZBranch: image18
11 changes: 11 additions & 0 deletions images/kube-deploy/imagebuilder/aws-1.17-stretch.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Cloud: aws
TemplatePath: templates/1.17-stretch.yml
Tags:
k8s.io/kernel: "4.9"
k8s.io/version: "1.17"
k8s.io/family: "default"
k8s.io/distro: "debian"
k8s.io/ssh-user: "admin"
# Ensure the image is repeatable - really we should be locking to a tag
BootstrapVZRepo: https://github.com/justinsb/bootstrap-vz.git
BootstrapVZBranch: image18
196 changes: 196 additions & 0 deletions images/kube-deploy/imagebuilder/templates/1.16-stretch.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
---
{{ if eq .Cloud "aws" }}
name: k8s-1.16-debian-{system.release}-{system.architecture}-{provider.virtualization}-ebs-{%Y}-{%m}-{%d}
{{ else }}
name: k8s-1.16-debian-{system.release}-{system.architecture}-{%Y}-{%m}-{%d}
{{ end }}
provider:
{{ if eq .Cloud "aws" }}
name: ec2
virtualization: hvm
enhanced_networking: simple
{{ else if eq .Cloud "gce" }}
name: gce
gcs_destination: {{ .GCSDestination }}
gce_project: {{ .Project }}
{{ else }}
name: {{ .Cloud }}
{{ end }}
description: Kubernetes 1.16 Base Image - Debian {system.release} {system.architecture}
bootstrapper:
workspace: /target
# tarball speeds up development, but for prod builds we want to be 100% sure...
# tarball: true
# todo: switch to variant: minbase
system:
release: stretch
architecture: amd64
bootloader: grub
charmap: UTF-8
locale: en_US
timezone: UTC
volume:
{{ if eq .Cloud "aws" }}
backing: ebs
{{ else if eq .Cloud "gce" }}
backing: raw
{{ end }}
partitions:
type: gpt
root:
filesystem: ext4
# We create the FS with more inodes... docker is pretty inode hungry
format_command: [ 'mkfs.{fs}', '-i', '4096', '{device_path}' ]
size: 8GiB
packages:
{{ if eq .Cloud "aws" }}
mirror: http://cloudfront.debian.net/debian
{{ end }}
install:
# Important utils for administration
# if minbase - openssh-server

# Ensure systemd scripts run on shutdown
- acpi-support

# these packages are generally useful
# (and are the ones from the GCE image)
- rsync
- screen
- vim

# needed for docker
- iptables
- libapparmor1
- libltdl7

# Handy utilities
- htop
- tcpdump
- iotop
- ethtool
- sysstat

# needed for setfacl below
- acl

{{ if eq .Cloud "aws" }}
# these packages are included in the official AWS image
- python-boto
- python3-boto
- apt-transport-https
- lvm2
- ncurses-term
- parted
- cloud-init
- cloud-utils
- gdisk
- systemd
- systemd-sysv

# these packages are included in the official image, but we remove them
# awscli : we install from pip instead
{{ end }}

# These packages would otherwise be installed during first boot
- aufs-tools
- curl
- python-yaml
- git
- nfs-common
- bridge-utils
- logrotate
- socat
- python-apt
- apt-transport-https
- unattended-upgrades
- lvm2
- btrfs-tools

{{ if eq .Cloud "aws" }}
# So we can install the latest awscli
- python-pip
{{ end }}

plugins:
{{ if eq .Cloud "gce" }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest using 169.254.169.123 (Amazon Time Sync Service) on AWS per https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html. Then we can close kubernetes/kops#4021.

{{ if eq .Cloud "aws" }}
  ntp:
    servers:
    - 169.254.169.123
{{ else if eq .Cloud "gce" }}
  ntp:
    servers:
    - metadata.google.internal
{{ else }}
  ntp: {}
{{ end }}

ntp:
servers:
- metadata.google.internal
{{ else }}
ntp: {}
{{ end }}

{{ if eq .Cloud "aws" }}
cloud_init:
metadata_sources: Ec2
username: admin
enable_modules:
cloud_init_modules:
- {module: growpart, position: 4}
{{ end }}

commands:
commands:
{{ if eq .Cloud "aws" }}
# Install awscli through python-pip
- [ 'chroot', '{root}', 'pip', 'install', 'awscli' ]
{{ end }}

# We don't enable unattended upgrades - nodeup can always add it
# but if we add it now, there's a race to turn it off
# cloud-init depends on unattended-upgrades, so we can't just remove it
# Instead we turn them off; we turn them on later
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "APT::Periodic::Update-Package-Lists \"0\";" > /etc/apt/apt.conf.d/20auto-upgrades' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "APT::Periodic::Unattended-Upgrade \"0\"; " >> /etc/apt/apt.conf.d/20auto-upgrades' ]
# - [ 'chroot', '{root}', 'apt-get', 'remove', '--yes', 'unattended-upgrades' ]

# Install docker
- [ 'wget', 'https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/containerd.io_1.2.10-3_amd64.deb', '-O', '{root}/tmp/containerd.deb' ]
- [ '/bin/sh', '-c', 'cd {root}/tmp; echo "186f2f2c570f37b363102e6b879073db6dec671d containerd.deb" | shasum -c -' ]
- [ 'wget', 'https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce-cli_18.09.9~3-0~debian-stretch_amd64.deb', '-O', '{root}/tmp/docker-cli.deb' ]
- [ '/bin/sh', '-c', 'cd {root}/tmp; echo "88f8f3103d2e5011e2f1a73b9e6dbf03d6e6698a docker-cli.deb" | shasum -c -' ]
- [ 'wget', 'https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce_18.09.9~3-0~debian-stretch_amd64.deb', '-O', '{root}/tmp/docker.deb' ]
- [ '/bin/sh', '-c', 'cd {root}/tmp; echo "9d564b56f5531a08e24c8c7724445d128742572e docker.deb" | shasum -c -' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'DEBIAN_FRONTEND=noninteractive dpkg --install /tmp/containerd.deb' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'DEBIAN_FRONTEND=noninteractive dpkg --install /tmp/docker-cli.deb' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'DEBIAN_FRONTEND=noninteractive dpkg --install /tmp/docker.deb' ]
- [ 'rm', '{root}/tmp/containerd.deb', '{root}/tmp/docker-cli.deb', '{root}/tmp/docker.deb' ]

# We perform a full replacement of some grub conf variables:
# GRUB_CMDLINE_LINUX_DEFAULT (add memory cgroup)
# GRUB_TIMEOUT (remove boot delay)
# (but leave the old versions commented out for people to see)
- [ 'chroot', '{root}', 'touch', '/etc/default/grub' ]
- [ 'chroot', '{root}', 'sed', '-i', 's/^GRUB_CMDLINE_LINUX_DEFAULT=/#GRUB_CMDLINE_LINUX_DEFAULT=/g', '/etc/default/grub' ]
- [ 'chroot', '{root}', 'sed', '-i', 's/^GRUB_TIMEOUT=/#GRUB_TIMEOUT=/g', '/etc/default/grub' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "# kubernetes image changes" >> /etc/default/grub' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "GRUB_CMDLINE_LINUX_DEFAULT=\"cgroup_enable=memory oops=panic panic=10 console=ttyS0 nvme_core.io_timeout=255\"" >> /etc/default/grub' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "GRUB_TIMEOUT=0" >> /etc/default/grub' ]
- [ 'chroot', '{root}', 'update-grub2' ]

# Update everything to latest versions
- [ 'chroot', '{root}', 'apt-get', 'update' ]
- [ 'chroot', '{root}', 'apt-get', 'dist-upgrade', '--yes' ]

# Cleanup packages
- [ 'chroot', '{root}', 'apt-get', 'autoremove', '--yes' ]

# Remove machine-id, so that we regenerate next boot
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "" > /etc/machine-id' ]

# Ensure we have cleaned up all our SSH keys
- [ 'chroot', '{root}', 'bin/sh', '-c', 'shred --remove /etc/ssh/ssh_host_*_key' ]
- [ 'chroot', '{root}', 'bin/sh', '-c', 'shred --remove /etc/ssh/ssh_host_*_key.pub' ]
# Workaround bootstrap-vz bug where it errors if all keys are removed
- [ 'chroot', '{root}', 'bin/sh', '-c', 'touch /etc/ssh/ssh_host_rsa_key.pub' ]

# journald requires machine-id, so add a PreStart
- [ 'chroot', '{root}', 'mkdir', '-p', '/etc/systemd/system/debian-fixup.service.d/' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "[Service]" > /etc/systemd/system/debian-fixup.service.d/10-machineid.conf' ]
- [ 'chroot', '{root}', '/bin/sh', '-c', 'echo "ExecStartPre=/bin/systemd-machine-id-setup" >> /etc/systemd/system/debian-fixup.service.d/10-machineid.conf' ]

# Make sure journald is persistent
# From /usr/share/doc/systemd/README.Debian
- [ 'chroot', '{root}', 'install', '-d', '-g', 'systemd-journal', '/var/log/journal' ]
- [ 'chroot', '{root}', 'setfacl', '-R', '-nm', 'g:adm:rx,d:g:adm:rx', '/var/log/journal' ]
Loading