From 8e751258c6faed650470a6b2706e9373d2859024 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Fri, 20 Sep 2024 16:00:53 +0200 Subject: [PATCH 1/6] Use pkgs.k8s.io repos instead of kubic --- manifests/install/cni_plugins.pp | 22 ++++++---- manifests/install/container_runtime.pp | 27 +++++-------- manifests/repo.pp | 56 ++++++++++---------------- 3 files changed, 47 insertions(+), 58 deletions(-) diff --git a/manifests/install/cni_plugins.pp b/manifests/install/cni_plugins.pp index 50715a9..9b1448a 100644 --- a/manifests/install/cni_plugins.pp +++ b/manifests/install/cni_plugins.pp @@ -8,10 +8,11 @@ # @param download_url_template template string for the cni_plugins download url # class k8s::install::cni_plugins ( - K8s::Ensure $ensure = $k8s::ensure, - String[1] $version = 'v1.2.0', - String[1] $method = $k8s::native_packaging, - String[1] $download_url_template = 'https://github.com/containernetworking/plugins/releases/download/%{version}/cni-plugins-linux-%{arch}-%{version}.tgz', + K8s::Ensure $ensure = $k8s::ensure, + String[1] $version = 'v1.2.0', + String[1] $method = $k8s::native_packaging, + String[1] $download_url_template = 'https://github.com/containernetworking/plugins/releases/download/%{version}/cni-plugins-linux-%{arch}-%{version}.tgz', + Optional[String[1]] $package_name = undef, ) { file { default: @@ -43,17 +44,22 @@ require => File['/opt/cni/bin'], } } - 'package':{ - ensure_packages(['containernetworking-plugins',]) + 'package': { + if $k8s::manage_repo { + $_package_name = pick($package_name, 'kubernetes-cni') + } else { + $_package_name = pick($package_name, 'containernetworking-plugins') + } + ensure_packages([$_package_name,]) file { '/opt/cni/bin': ensure => link, target => '/usr/lib/cni', - require => Package['containernetworking-plugins'], + require => Package[$_package_name], } if $k8s::manage_repo { - Class['k8s::repo'] -> Package['containernetworking-plugins'] + Class['k8s::repo'] -> Package[$_package_name] } } default: { diff --git a/manifests/install/container_runtime.pp b/manifests/install/container_runtime.pp index d2b4273..95e26b9 100644 --- a/manifests/install/container_runtime.pp +++ b/manifests/install/container_runtime.pp @@ -22,19 +22,12 @@ case $container_manager { 'crio': { if fact('os.family') == 'Debian' { - $_crio_version = $k8s_version.split('\.')[0, 2].join('.') - if versioncmp($_crio_version, '1.17') < 0 { - $pkg = pick($crio_package, "cri-o-${_crio_version}") - } else { - $pkg = pick($crio_package, 'cri-o') - } - - # This is needed by cri-o, but it is not a dependency of the package + # This is required for cri-o, but it is not guaranteed to be a dependency of the package package { 'runc': ensure => $runc_version, } - # Avoid a potential issue with some CRI-o versions + # Avoid a potential packaging issue file { ['/usr/lib/cri-o-runc/sbin', '/usr/lib/cri-o-runc']: ensure => directory, } @@ -44,9 +37,8 @@ target => '/usr/sbin/runc', replace => false, } - } else { - $pkg = pick($crio_package, 'cri-o') } + $pkg = pick($crio_package, 'cri-o') file { '/usr/libexec/crio/conmon': ensure => link, @@ -60,11 +52,14 @@ require => Package['k8s container manager'], } - file_line { 'K8s crio cgroup manager': - path => '/etc/crio/crio.conf', - line => 'cgroup_manager = "systemd"', - match => '^cgroup_manager', - require => Package['k8s container manager'], + file { [ '/etc/crio', '/etc/crio/crio.conf.d']: + ensure => directory; + } + file { 'K8s crio cgroup manager': + path => '/etc/crio/crio.conf.d/10-systemd.conf', + content => "[crio.runtime]\ncgroup_manager = \"systemd\"", + # TODO + # notify => Service[crio], } } 'containerd': { diff --git a/manifests/repo.pp b/manifests/repo.pp index 7d3ed19..91c8573 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -7,68 +7,56 @@ class k8s::repo ( Boolean $manage_container_manager = $k8s::manage_container_manager, K8s::Container_runtimes $container_manager = $k8s::container_manager, - String[1] $crio_version = $k8s::version.split('\.')[0, 2].join('.'), + String[1] $major_version = $k8s::version.split('\.')[0, 2].join('.'), ) { case fact('os.family') { 'Debian': { - case fact('os.name') { - 'Debian': { - if versioncmp($crio_version, '1.19') >= 0 { - $release_name = "Debian_${fact('os.release.major')}" - } else { - $release_name = 'Debian_Testing' - } - } - 'Ubuntu': { - $release_name = "xUbuntu_${fact('os.release.full')}" - } - 'Raspbian': { - $release_name = "Raspbian_${fact('os.release.full')}" - } - default: {} - } - - $libcontainers_url = "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/${release_name}" - $crio_url = "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/${crio_version}/${release_name}" + $core_url = "https://pkgs.k8s.io/core:/stable:/v${major_version}/deb" + $crio_url = "https://pkgs.k8s.io/addons:/cri-o:/stable:/v${major_version}/deb" - apt::source { 'libcontainers:stable': - location => $libcontainers_url, + apt::source { 'k8s-core': + location => $core_url, repos => '/', release => '', key => { - id => '2472D6D0D2F66AF87ABA8DA34D64390375060AA4', - source => "${libcontainers_url}/Release.key", + name => 'k8s-core-apt-keyring.asc', + source => "${core_url}/Release.key", }, } if $manage_container_manager and $container_manager == 'crio' { - apt::source { 'libcontainers:stable:cri-o': + apt::source { 'k8s-crio': location => $crio_url, repos => '/', release => '', key => { - id => '2472D6D0D2F66AF87ABA8DA34D64390375060AA4', + name => 'k8s-crio-apt-keyring.asc', source => "${crio_url}/Release.key", }, } + ~> exec { 'Fix conmon upgrade collision': + command => 'dpkg --no-triggers --force depends -r conmon', + onlyif => 'dpkg -S /usr/libexec/crio/conmon | grep "conmon:"', + refreshonly => true, + path => fact('path'), + } } } 'RedHat': { - $release_name = if versioncmp(fact('os.release.major'), '7') == 1 { "CentOS_${fact('os.release.major')}_Stream" } else { "CentOS_${fact('os.release.major')}" } - $libcontainers_url = "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/${release_name}/" - $crio_url = "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/${crio_version}/${release_name}/" + $core_url = "https://pkgs.k8s.io/core:/stable:/v${major_version}/rpm" + $crio_url = "https://pkgs.k8s.io/addons:/cri-o:/stable:/v${major_version}/rpm" - yumrepo { 'libcontainers:stable': - descr => 'Stable releases of libcontainers', - baseurl => $libcontainers_url, + yumrepo { 'k8s-core': + descr => 'Stable releases of Kubernetes', + baseurl => $core_url, gpgcheck => 1, - gpgkey => "${libcontainers_url}repodata/repomd.xml.key", + gpgkey => "${core_url}repodata/repomd.xml.key", } if $manage_container_manager { case $container_manager { 'crio': { - yumrepo { 'libcontainers:stable:cri-o': + yumrepo { 'k8s-crio': descr => 'Stable releases of CRI-o', baseurl => $crio_url, gpgcheck => 1, From ac51139fa34acf218d5825549a488aaf89d0db2e Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Fri, 20 Sep 2024 16:18:26 +0200 Subject: [PATCH 2/6] Update REFERENCE.md --- REFERENCE.md | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 7e91836..df49694 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -503,6 +503,7 @@ The following parameters are available in the `k8s::install::cni_plugins` class: * [`method`](#-k8s--install--cni_plugins--method) * [`version`](#-k8s--install--cni_plugins--version) * [`download_url_template`](#-k8s--install--cni_plugins--download_url_template) +* [`package_name`](#-k8s--install--cni_plugins--package_name) ##### `ensure` @@ -536,6 +537,14 @@ template string for the cni_plugins download url Default value: `'https://github.com/containernetworking/plugins/releases/download/%{version}/cni-plugins-linux-%{arch}-%{version}.tgz'` +##### `package_name` + +Data type: `Optional[String[1]]` + + + +Default value: `undef` + ### `k8s::install::container_runtime` Class: k8s::install::container_runtime @@ -1252,6 +1261,7 @@ The following parameters are available in the `k8s::repo` class: * [`container_manager`](#-k8s--repo--container_manager) * [`crio_version`](#-k8s--repo--crio_version) * [`manage_container_manager`](#-k8s--repo--manage_container_manager) +* [`major_version`](#-k8s--repo--major_version) ##### `container_manager` @@ -1263,12 +1273,8 @@ Default value: `$k8s::container_manager` ##### `crio_version` -Data type: `String[1]` - version o cri-o -Default value: `$k8s::version.split('\.')[0, 2].join('.')` - ##### `manage_container_manager` Data type: `Boolean` @@ -1277,6 +1283,14 @@ whether to add cri-o repository or not Default value: `$k8s::manage_container_manager` +##### `major_version` + +Data type: `String[1]` + + + +Default value: `$k8s::version.split('\.')[0, 2].join('.')` + ### `k8s::server` Sets up a Kubernetes server instance From d7713e71f81fea43a30209d14e5c7333a88163c3 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Fri, 20 Sep 2024 16:25:07 +0200 Subject: [PATCH 3/6] Fix whitespace issues --- manifests/install/container_runtime.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/install/container_runtime.pp b/manifests/install/container_runtime.pp index 95e26b9..9c1eca2 100644 --- a/manifests/install/container_runtime.pp +++ b/manifests/install/container_runtime.pp @@ -52,13 +52,13 @@ require => Package['k8s container manager'], } - file { [ '/etc/crio', '/etc/crio/crio.conf.d']: + file { ['/etc/crio', '/etc/crio/crio.conf.d']: ensure => directory; } file { 'K8s crio cgroup manager': - path => '/etc/crio/crio.conf.d/10-systemd.conf', - content => "[crio.runtime]\ncgroup_manager = \"systemd\"", - # TODO + path => '/etc/crio/crio.conf.d/10-systemd.conf', + content => "[crio.runtime]\ncgroup_manager = \"systemd\"", + # TODO - Necessary/wanted to force it? # notify => Service[crio], } } From 579b05c024b8f922c46087e1bf46be94ce521381 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Mon, 23 Sep 2024 10:28:47 +0200 Subject: [PATCH 4/6] Remove old repos, to avoid collisions --- manifests/repo.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifests/repo.pp b/manifests/repo.pp index 91c8573..7e13098 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -14,6 +14,9 @@ $core_url = "https://pkgs.k8s.io/core:/stable:/v${major_version}/deb" $crio_url = "https://pkgs.k8s.io/addons:/cri-o:/stable:/v${major_version}/deb" + apt::source { 'libcontainers:stable': + ensure => absent, + } apt::source { 'k8s-core': location => $core_url, repos => '/', @@ -25,6 +28,9 @@ } if $manage_container_manager and $container_manager == 'crio' { + apt::source { 'libcontainers:stable:cri-o': + ensure => absent, + } apt::source { 'k8s-crio': location => $crio_url, repos => '/', @@ -46,6 +52,9 @@ $core_url = "https://pkgs.k8s.io/core:/stable:/v${major_version}/rpm" $crio_url = "https://pkgs.k8s.io/addons:/cri-o:/stable:/v${major_version}/rpm" + yumrepo { 'libcontainers:stable': + ensure => absent, + } yumrepo { 'k8s-core': descr => 'Stable releases of Kubernetes', baseurl => $core_url, @@ -56,6 +65,9 @@ if $manage_container_manager { case $container_manager { 'crio': { + yumrepo { 'libcontainers:stable:cri-o': + ensure => absent, + } yumrepo { 'k8s-crio': descr => 'Stable releases of CRI-o', baseurl => $crio_url, From 56500e488e0f5b8d752e0912c82805b4501bf43e Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Mon, 23 Sep 2024 10:47:22 +0200 Subject: [PATCH 5/6] Fix the CNI plugin install procedure --- manifests/install/cni_plugins.pp | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/manifests/install/cni_plugins.pp b/manifests/install/cni_plugins.pp index 9b1448a..1005bd2 100644 --- a/manifests/install/cni_plugins.pp +++ b/manifests/install/cni_plugins.pp @@ -45,18 +45,28 @@ } } 'package': { - if $k8s::manage_repo { + if $k8s::manage_repo or $package_name == 'kubernetes-cni' { $_package_name = pick($package_name, 'kubernetes-cni') } else { - $_package_name = pick($package_name, 'containernetworking-plugins') - } - ensure_packages([$_package_name,]) + if fact('os.family') == 'suse' { + $_package_name = pick($package_name, 'cni-plugins') + } else { + $_package_name = pick($package_name, 'containernetworking-plugins') + } - file { '/opt/cni/bin': - ensure => link, - target => '/usr/lib/cni', - require => Package[$_package_name], + if fact('os.family') == 'RedHat' { + $_target = '/usr/libexec/cni' + } else { + $_target = '/usr/lib/cni' + } + + file { '/opt/cni/bin': + ensure => link, + target => $_target, + require => Package[$_package_name], + } } + ensure_packages([$_package_name,]) if $k8s::manage_repo { Class['k8s::repo'] -> Package[$_package_name] From a8b90353dd84ce70ae0e4bbf3febe67c49e1640e Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Mon, 23 Sep 2024 10:47:47 +0200 Subject: [PATCH 6/6] Update documentation strings --- REFERENCE.md | 94 +++++++++++--------------- manifests/install/cni_plugins.pp | 13 ++-- manifests/install/container_runtime.pp | 18 ++--- manifests/repo.pp | 4 +- 4 files changed, 55 insertions(+), 74 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index df49694..5909ef9 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -7,8 +7,8 @@ ### Classes * [`k8s`](#k8s): Sets up a Kubernetes instance - either as a node or as a server -* [`k8s::install::cni_plugins`](#k8s--install--cni_plugins): manages the installation of the cni plugins -* [`k8s::install::container_runtime`](#k8s--install--container_runtime): manages the installation of cri +* [`k8s::install::cni_plugins`](#k8s--install--cni_plugins): Manages the installation of CNI plugins +* [`k8s::install::container_runtime`](#k8s--install--container_runtime): Manages the installation of a container runtime / CRI * [`k8s::install::crictl`](#k8s--install--crictl): installs the crictl debugging tool * [`k8s::install::kubeadm`](#k8s--install--kubeadm): Installs the kubeadm binary * [`k8s::install::kubectl`](#k8s--install--kubectl): Installs the kubectl binary @@ -493,7 +493,7 @@ Default value: `'1.28.14'` ### `k8s::install::cni_plugins` -Class: k8s::install::cni_plugins +Manages the installation of CNI plugins #### Parameters @@ -509,7 +509,7 @@ The following parameters are available in the `k8s::install::cni_plugins` class: Data type: `K8s::Ensure` -set ensure for installation or deinstallation +Set ensure for installation or deinstallation Default value: `$k8s::ensure` @@ -517,7 +517,7 @@ Default value: `$k8s::ensure` Data type: `String[1]` -installation method +The installation method to use Default value: `$k8s::native_packaging` @@ -525,7 +525,7 @@ Default value: `$k8s::native_packaging` Data type: `String[1]` -sets the version to use +The version of CNI plugins to install - if applicable Default value: `'v1.2.0'` @@ -533,7 +533,7 @@ Default value: `'v1.2.0'` Data type: `String[1]` -template string for the cni_plugins download url +Template string for the cni_plugins download url Default value: `'https://github.com/containernetworking/plugins/releases/download/%{version}/cni-plugins-linux-%{arch}-%{version}.tgz'` @@ -541,82 +541,73 @@ Default value: `'https://github.com/containernetworking/plugins/releases/downloa Data type: `Optional[String[1]]` - +Package name for the CNI plugins, will use OS default if omitted Default value: `undef` ### `k8s::install::container_runtime` -Class: k8s::install::container_runtime +Manages the installation of a container runtime / CRI #### Parameters The following parameters are available in the `k8s::install::container_runtime` class: +* [`manage_repo`](#-k8s--install--container_runtime--manage_repo) * [`container_manager`](#-k8s--install--container_runtime--container_manager) -* [`containerd_package`](#-k8s--install--container_runtime--containerd_package) * [`crio_package`](#-k8s--install--container_runtime--crio_package) -* [`k8s_version`](#-k8s--install--container_runtime--k8s_version) -* [`manage_repo`](#-k8s--install--container_runtime--manage_repo) -* [`package_ensure`](#-k8s--install--container_runtime--package_ensure) +* [`containerd_package`](#-k8s--install--container_runtime--containerd_package) * [`runc_version`](#-k8s--install--container_runtime--runc_version) +* [`package_ensure`](#-k8s--install--container_runtime--package_ensure) -##### `container_manager` +##### `manage_repo` -Data type: `K8s::Container_runtimes` +Data type: `Boolean` -set the cri to use +Whether to manage the repo or not -Default value: `$k8s::container_manager` +Default value: `$k8s::manage_repo` -##### `containerd_package` +##### `container_manager` -Data type: `Optional[String[1]]` +Data type: `K8s::Container_runtimes` -the containerd package anme +The CRI implementation to install -Default value: `$k8s::containerd_package` +Default value: `$k8s::container_manager` ##### `crio_package` Data type: `Optional[String[1]]` -cri-o the package name +The CRI-o package name Default value: `$k8s::crio_package` -##### `k8s_version` +##### `containerd_package` -Data type: `String[1]` +Data type: `Optional[String[1]]` -the k8s version +The containerd package name -Default value: `$k8s::version` +Default value: `$k8s::containerd_package` -##### `manage_repo` +##### `runc_version` -Data type: `Boolean` +Data type: `String[1]` -whether to manage the repo or not +The runc version -Default value: `$k8s::manage_repo` +Default value: `$k8s::runc_version` ##### `package_ensure` Data type: `String[1]` -the ensure value to set on the cri package +The ensure value to set on the cri package Default value: `installed` -##### `runc_version` - -Data type: `String[1]` - -the runc version - -Default value: `$k8s::runc_version` - ### `k8s::install::crictl` Class: k8s::install::crictl @@ -1258,36 +1249,31 @@ Handles repositories for the container runtime The following parameters are available in the `k8s::repo` class: -* [`container_manager`](#-k8s--repo--container_manager) -* [`crio_version`](#-k8s--repo--crio_version) * [`manage_container_manager`](#-k8s--repo--manage_container_manager) +* [`container_manager`](#-k8s--repo--container_manager) * [`major_version`](#-k8s--repo--major_version) -##### `container_manager` - -Data type: `K8s::Container_runtimes` - -The name of the container manager +##### `manage_container_manager` -Default value: `$k8s::container_manager` +Data type: `Boolean` -##### `crio_version` +Whether to add the CRI-o repository or not -version o cri-o +Default value: `$k8s::manage_container_manager` -##### `manage_container_manager` +##### `container_manager` -Data type: `Boolean` +Data type: `K8s::Container_runtimes` -whether to add cri-o repository or not +The name of the container manager -Default value: `$k8s::manage_container_manager` +Default value: `$k8s::container_manager` ##### `major_version` Data type: `String[1]` - +The major version of Kubernetes to deploy repos for Default value: `$k8s::version.split('\.')[0, 2].join('.')` diff --git a/manifests/install/cni_plugins.pp b/manifests/install/cni_plugins.pp index 1005bd2..4b0f96c 100644 --- a/manifests/install/cni_plugins.pp +++ b/manifests/install/cni_plugins.pp @@ -1,11 +1,10 @@ -# Class: k8s::install::cni_plugins +# @summary Manages the installation of CNI plugins # -# @summary manages the installation of the cni plugins -# -# @param ensure set ensure for installation or deinstallation -# @param method installation method -# @param version sets the version to use -# @param download_url_template template string for the cni_plugins download url +# @param ensure Set ensure for installation or deinstallation +# @param method The installation method to use +# @param version The version of CNI plugins to install - if applicable +# @param download_url_template Template string for the cni_plugins download url +# @param package_name Package name for the CNI plugins, will use OS default if omitted # class k8s::install::cni_plugins ( K8s::Ensure $ensure = $k8s::ensure, diff --git a/manifests/install/container_runtime.pp b/manifests/install/container_runtime.pp index 9c1eca2..48dda32 100644 --- a/manifests/install/container_runtime.pp +++ b/manifests/install/container_runtime.pp @@ -1,21 +1,17 @@ -# Class: k8s::install::container_runtime +# @summary Manages the installation of a container runtime / CRI # -# @summary manages the installation of cri -# -# @param container_manager set the cri to use -# @param containerd_package the containerd package anme -# @param crio_package cri-o the package name -# @param k8s_version the k8s version -# @param manage_repo whether to manage the repo or not -# @param package_ensure the ensure value to set on the cri package -# @param runc_version the runc version +# @param manage_repo Whether to manage the repo or not +# @param container_manager The CRI implementation to install +# @param crio_package The CRI-o package name +# @param containerd_package The containerd package name +# @param runc_version The runc version +# @param package_ensure The ensure value to set on the cri package # class k8s::install::container_runtime ( Boolean $manage_repo = $k8s::manage_repo, K8s::Container_runtimes $container_manager = $k8s::container_manager, Optional[String[1]] $crio_package = $k8s::crio_package, Optional[String[1]] $containerd_package = $k8s::containerd_package, - String[1] $k8s_version = $k8s::version, String[1] $runc_version = $k8s::runc_version, String[1] $package_ensure = installed, ) { diff --git a/manifests/repo.pp b/manifests/repo.pp index 7e13098..9953247 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,8 +1,8 @@ # @summary Handles repositories for the container runtime # +# @param manage_container_manager Whether to add the CRI-o repository or not # @param container_manager The name of the container manager -# @param crio_version version o cri-o -# @param manage_container_manager whether to add cri-o repository or not +# @param major_version The major version of Kubernetes to deploy repos for # class k8s::repo ( Boolean $manage_container_manager = $k8s::manage_container_manager,