e96713115f
This PS is to install libyaml and cfssl from apt instead of building it from source. Also we upgrade the Helm version to 3.17.3 because of CVE. In order to decrease the image size *-dev libs are installed only when needed to build/install Python packages. Change-Id: Ia83805799f46f5b20008f0a9393ab508078926e4
118 lines
3.0 KiB
YAML
118 lines
3.0 KiB
YAML
---
|
|
schema: promenade/HostSystem/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: host-system
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
data:
|
|
systemd_units:
|
|
kube-cgroup:
|
|
enable: true
|
|
files:
|
|
- path: /opt/kubernetes/bin/kubelet
|
|
tar_url: https://dl.k8s.io/v1.32.1/kubernetes-node-linux-amd64.tar.gz
|
|
tar_path: kubernetes/node/bin/kubelet
|
|
mode: 0555
|
|
- path: /usr/local/bin/kubectl
|
|
tar_url: https://dl.k8s.io/v1.32.1/kubernetes-node-linux-amd64.tar.gz
|
|
tar_path: kubernetes/node/bin/kubectl
|
|
mode: 0555
|
|
- path: /etc/systemd/system/kube-cgroup.service
|
|
content: |
|
|
[Unit]
|
|
Description=Create and tune cgroup for Kubernetes Pods
|
|
Requires=network-online.target
|
|
Before=kubelet.service
|
|
|
|
[Service]
|
|
Delegate=yes
|
|
ExecStart=/usr/local/sbin/kube-cgroup.sh
|
|
|
|
[Install]
|
|
RequiredBy=kubelet.service
|
|
mode: 0444
|
|
- path: /usr/local/sbin/kube-cgroup.sh
|
|
mode: 0744
|
|
content: |-
|
|
#!/bin/bash
|
|
|
|
set -x
|
|
|
|
KUBE_CGROUP=${KUBE_CGROUP:-"kube_whitelist"}
|
|
SYSTEMD_ABSPATH="/sys/fs/cgroup/systemd/$KUBE_CGROUP"
|
|
CPUSET_ABSPATH="/sys/fs/cgroup/cpuset/$KUBE_CGROUP"
|
|
CPU_ABSPATH="/sys/fs/cgroup/cpu/$KUBE_CGROUP"
|
|
MEM_ABSPATH="/sys/fs/cgroup/memory/$KUBE_CGROUP"
|
|
PIDS_ABSPATH="/sys/fs/cgroup/pids/$KUBE_CGROUP"
|
|
|
|
for cg in $SYSTEMD_ABSPATH $CPUSET_ABSPATH $CPU_ABSPATH $MEM_ABSPATH $PIDS_ABSPATH
|
|
do
|
|
mkdir -p "$cg"
|
|
done
|
|
- path: /etc/logrotate.d/json-logrotate
|
|
mode: 0444
|
|
content: |-
|
|
/var/lib/docker/containers/*/*-json.log
|
|
{
|
|
compress
|
|
copytruncate
|
|
create 0644 root root
|
|
daily
|
|
dateext
|
|
dateformat -%Y%m%d-%s
|
|
maxsize 10M
|
|
missingok
|
|
notifempty
|
|
su root root
|
|
rotate 1
|
|
}
|
|
- path: /etc/profile.d/kubeconfig.sh
|
|
mode: 0744
|
|
content: |-
|
|
export KUBECONFIG=/etc/kubernetes/admin/kubeconfig.yaml
|
|
- path: /etc/containerd/config.toml
|
|
mode: 0400
|
|
content: |-
|
|
version = 2
|
|
[plugins."io.containerd.grpc.v1.cri"]
|
|
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
|
|
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry:5000"]
|
|
endpoint = ["http://registry:5000"]
|
|
images:
|
|
monitoring_image: &busybox busybox:1.28.3
|
|
haproxy: haproxy:2.4
|
|
helm:
|
|
helm: lachlanevenson/k8s-helm:v3.17.3
|
|
packages:
|
|
common:
|
|
additional:
|
|
- ceph-common
|
|
- curl
|
|
- jq
|
|
- chrony
|
|
required:
|
|
socat: socat
|
|
genesis:
|
|
additional:
|
|
- ceph-common
|
|
- curl
|
|
- jq
|
|
- chrony
|
|
required:
|
|
socat: socat
|
|
join:
|
|
additional:
|
|
- ceph-common
|
|
- curl
|
|
- jq
|
|
- chrony
|
|
required:
|
|
socat: socat
|
|
validation:
|
|
pod_logs:
|
|
image: *busybox
|
|
...
|