diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf index df1a1449f1..3f33f8737d 100644 --- a/modules/bootkube/assets.tf +++ b/modules/bootkube/assets.tf @@ -50,11 +50,12 @@ resource "template_dir" "bootkube" { destination_dir = "./generated/manifests" vars { - hyperkube_image = "${var.container_images["hyperkube"]}" - pod_checkpointer_image = "${var.container_images["pod_checkpointer"]}" - kubedns_image = "${var.container_images["kubedns"]}" - kubednsmasq_image = "${var.container_images["kubednsmasq"]}" - kubedns_sidecar_image = "${var.container_images["kubedns_sidecar"]}" + kube_version_operator_image = "${var.container_images["kube_version_operator"]}" + hyperkube_image = "${var.container_images["hyperkube"]}" + pod_checkpointer_image = "${var.container_images["pod_checkpointer"]}" + kubedns_image = "${var.container_images["kubedns"]}" + kubednsmasq_image = "${var.container_images["kubednsmasq"]}" + kubedns_sidecar_image = "${var.container_images["kubedns_sidecar"]}" # Choose the etcd endpoints to use. # 1. If experimental mode is enabled (self-hosted etcd), then use diff --git a/modules/tectonic/resources/manifests/updater/app-version-kind.yaml b/modules/bootkube/resources/manifests/app-version-kind.yaml similarity index 100% rename from modules/tectonic/resources/manifests/updater/app-version-kind.yaml rename to modules/bootkube/resources/manifests/app-version-kind.yaml diff --git a/modules/bootkube/resources/manifests/cluster-config.yaml b/modules/bootkube/resources/manifests/cluster-config.yaml index 7f56023b43..a181003385 100644 --- a/modules/bootkube/resources/manifests/cluster-config.yaml +++ b/modules/bootkube/resources/manifests/cluster-config.yaml @@ -22,3 +22,4 @@ data: service_cidr: ${service_cidr} inititalConfig: | initial_master_count: ${master_count} + initial_cluster_version: ${kubernetes_version} diff --git a/modules/bootkube/resources/manifests/kube-apiserver.yaml b/modules/bootkube/resources/manifests/kube-apiserver.yaml deleted file mode 100644 index c827d9a0ee..0000000000 --- a/modules/bootkube/resources/manifests/kube-apiserver.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: "extensions/v1beta1" -kind: DaemonSet -metadata: - name: kube-apiserver - namespace: kube-system - labels: - tier: control-plane - k8s-app: kube-apiserver - tectonic-operators.coreos.com/managed-by: kube-version-operator -spec: - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - tier: control-plane - k8s-app: kube-apiserver - tectonic-operators.coreos.com/managed-by: kube-version-operator - annotations: - checkpointer.alpha.coreos.com/checkpoint: "true" - scheduler.alpha.kubernetes.io/critical-pod: "" - spec: - containers: - - name: kube-apiserver - image: ${hyperkube_image} - command: - - /usr/bin/flock - - /var/lock/api-server.lock - - /hyperkube - - apiserver - - --bind-address=0.0.0.0 - - --secure-port=443 - - --insecure-port=0 - - --advertise-address=${advertise_address} - - --etcd-servers=${etcd_servers} - ${etcd_ca_flag} - ${etcd_cert_flag} - ${etcd_key_flag} - - --etcd-quorum-read=true - - --storage-backend=etcd3 - - --allow-privileged=true - - --service-cluster-ip-range=${service_cidr} - - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota - - --tls-ca-file=/etc/kubernetes/secrets/ca.crt - - --tls-cert-file=/etc/kubernetes/secrets/apiserver.crt - - --tls-private-key-file=/etc/kubernetes/secrets/apiserver.key - - --kubelet-client-certificate=/etc/kubernetes/secrets/apiserver.crt - - --kubelet-client-key=/etc/kubernetes/secrets/apiserver.key - - --service-account-key-file=/etc/kubernetes/secrets/service-account.pub - - --client-ca-file=/etc/kubernetes/secrets/ca.crt - - --authorization-mode=RBAC - - --anonymous-auth=${anonymous_auth} - - --oidc-issuer-url=${oidc_issuer_url} - - --oidc-client-id=${oidc_client_id} - - --oidc-username-claim=${oidc_username_claim} - - --oidc-groups-claim=${oidc_groups_claim} - - --oidc-ca-file=/etc/kubernetes/secrets/oidc-ca.crt - - --cloud-provider=${cloud_provider} - ${cloud_provider_config_flag} - - --audit-log-path=/var/log/kubernetes/kube-apiserver-audit.log - - --audit-log-maxage=30 - - --audit-log-maxbackup=3 - - --audit-log-maxsize=100 - volumeMounts: - - mountPath: /etc/ssl/certs - name: ssl-certs-host - readOnly: true - - mountPath: /etc/kubernetes/secrets - name: secrets - readOnly: true - - mountPath: /etc/kubernetes/cloud - name: cloud-config - readOnly: true - - mountPath: /var/lock - name: var-lock - readOnly: false - - mountPath: /var/log/kubernetes - name: var-log-kubernetes - readOnly: false - hostNetwork: true - tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - nodeSelector: - node-role.kubernetes.io/master: "" - volumes: - - name: ssl-certs-host - hostPath: - path: /usr/share/ca-certificates - - name: secrets - secret: - secretName: kube-apiserver - - name: cloud-config - secret: - secretName: kube-cloud-cfg - - name: var-lock - hostPath: - path: /var/lock - - name: var-log-kubernetes - hostPath: - path: /var/log/kubernetes diff --git a/modules/bootkube/resources/manifests/kube-controller-manager.yaml b/modules/bootkube/resources/manifests/kube-controller-manager.yaml deleted file mode 100644 index b1b3449301..0000000000 --- a/modules/bootkube/resources/manifests/kube-controller-manager.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: kube-controller-manager - namespace: kube-system - labels: - tier: control-plane - k8s-app: kube-controller-manager - tectonic-operators.coreos.com/managed-by: kube-version-operator -spec: - replicas: ${master_count} - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - selector: - matchLabels: - tier: control-plane - k8s-app: kube-controller-manager - template: - metadata: - labels: - tier: control-plane - k8s-app: kube-controller-manager - pod-anti-affinity: kube-controller-manager-${kubernetes_version} - tectonic-operators.coreos.com/managed-by: kube-version-operator - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - pod-anti-affinity: kube-controller-manager-${kubernetes_version} - namespaces: - - kube-system - topologyKey: kubernetes.io/hostname - containers: - - name: kube-controller-manager - image: ${hyperkube_image} - command: - - ./hyperkube - - controller-manager - - --allocate-node-cidrs=true - - --configure-cloud-routes=false - - --cluster-cidr=${cluster_cidr} - - --root-ca-file=/etc/kubernetes/secrets/ca.crt - - --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key - - --leader-elect=true - - --node-monitor-grace-period=${node_monitor_grace_period} - - --pod-eviction-timeout=${pod_eviction_timeout} - - --cloud-provider=${cloud_provider} - ${cloud_provider_config_flag} - livenessProbe: - httpGet: - path: /healthz - port: 10252 # Note: Using default port. Update if --port option is set differently. - initialDelaySeconds: 15 - timeoutSeconds: 15 - volumeMounts: - - name: secrets - mountPath: /etc/kubernetes/secrets - readOnly: true - - mountPath: /etc/kubernetes/cloud - name: cloud-config - readOnly: true - - name: ssl-host - mountPath: /etc/ssl/certs - readOnly: true - nodeSelector: - node-role.kubernetes.io/master: "" - securityContext: - runAsNonRoot: true - runAsUser: 65534 - tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - volumes: - - name: secrets - secret: - secretName: kube-controller-manager - - name: cloud-config - secret: - secretName: kube-cloud-cfg - - name: ssl-host - hostPath: - path: /usr/share/ca-certificates - dnsPolicy: Default # Don't use cluster DNS. diff --git a/modules/bootkube/resources/manifests/kube-proxy.yaml b/modules/bootkube/resources/manifests/kube-proxy.yaml deleted file mode 100644 index a434d08a40..0000000000 --- a/modules/bootkube/resources/manifests/kube-proxy.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: "extensions/v1beta1" -kind: DaemonSet -metadata: - name: kube-proxy - namespace: kube-system - labels: - tier: node - k8s-app: kube-proxy - tectonic-operators.coreos.com/managed-by: kube-version-operator -spec: - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - tier: node - k8s-app: kube-proxy - tectonic-operators.coreos.com/managed-by: kube-version-operator - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - spec: - containers: - - name: kube-proxy - image: ${hyperkube_image} - command: - - ./hyperkube - - proxy - - --kubeconfig=/etc/kubernetes/kubeconfig - - --proxy-mode=iptables - - --hostname-override=$(NODE_NAME) - - --cluster-cidr=${cluster_cidr} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /etc/ssl/certs - name: ssl-certs-host - readOnly: true - - name: etc-kubernetes - mountPath: /etc/kubernetes - readOnly: true - hostNetwork: true - tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - volumes: - - hostPath: - path: /usr/share/ca-certificates - name: ssl-certs-host - - name: etc-kubernetes - hostPath: - path: /etc/kubernetes - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate diff --git a/modules/bootkube/resources/manifests/kube-scheduler.yaml b/modules/bootkube/resources/manifests/kube-scheduler.yaml deleted file mode 100644 index 925d431f0c..0000000000 --- a/modules/bootkube/resources/manifests/kube-scheduler.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: kube-scheduler - namespace: kube-system - labels: - tier: control-plane - k8s-app: kube-scheduler - tectonic-operators.coreos.com/managed-by: kube-version-operator -spec: - replicas: ${master_count} - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - selector: - matchLabels: - tier: control-plane - k8s-app: kube-scheduler - template: - metadata: - labels: - tier: control-plane - k8s-app: kube-scheduler - pod-anti-affinity: kube-scheduler-${kubernetes_version} - tectonic-operators.coreos.com/managed-by: kube-version-operator - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - pod-anti-affinity: kube-scheduler-${kubernetes_version} - namespaces: - - kube-system - topologyKey: kubernetes.io/hostname - containers: - - name: kube-scheduler - image: ${hyperkube_image} - command: - - ./hyperkube - - scheduler - - --leader-elect=true - livenessProbe: - httpGet: - path: /healthz - port: 10251 # Note: Using default port. Update if --port option is set differently. - initialDelaySeconds: 15 - timeoutSeconds: 15 - nodeSelector: - node-role.kubernetes.io/master: "" - securityContext: - runAsNonRoot: true - runAsUser: 65534 - tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" diff --git a/modules/tectonic/resources/manifests/updater/operators/kube-version-operator.yaml b/modules/bootkube/resources/manifests/kube-version-operator.yaml similarity index 100% rename from modules/tectonic/resources/manifests/updater/operators/kube-version-operator.yaml rename to modules/bootkube/resources/manifests/kube-version-operator.yaml diff --git a/modules/tectonic/assets.tf b/modules/tectonic/assets.tf index 2f9751f1a7..1ecc4be3ad 100644 --- a/modules/tectonic/assets.tf +++ b/modules/tectonic/assets.tf @@ -15,7 +15,6 @@ resource "template_dir" "tectonic" { heapster_image = "${var.container_images["heapster"]}" identity_image = "${var.container_images["identity"]}" ingress_controller_image = "${var.container_images["ingress_controller"]}" - kube_version_operator_image = "${var.container_images["kube_version_operator"]}" node_agent_image = "${var.container_images["node_agent"]}" etcd_operator_image = "${var.container_images["etcd_operator"]}" stats_emitter_image = "${var.container_images["stats_emitter"]}" diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml deleted file mode 100644 index f05d0cd2a9..0000000000 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: tco.coreos.com/v1 -kind: AppVersion -metadata: - name: kubernetes - namespace: tectonic-system - labels: - managed-by-channel-operator: "true" -spec: - desiredVersion: ${kubernetes_version} - paused: false -status: - currentVersion: ${kubernetes_version} - paused: false diff --git a/modules/tectonic/resources/tectonic.sh b/modules/tectonic/resources/tectonic.sh index 2187f3b281..85d9766f2b 100755 --- a/modules/tectonic/resources/tectonic.sh +++ b/modules/tectonic/resources/tectonic.sh @@ -183,14 +183,12 @@ kubectl create -f updater/tectonic-monitoring-config.yaml wait_for_crd tectonic-system channeloperatorconfigs.tco.coreos.com kubectl create -f updater/tectonic-channel-operator-config.yaml -kubectl create -f updater/operators/kube-version-operator.yaml kubectl create -f updater/operators/tectonic-channel-operator.yaml kubectl create -f updater/operators/tectonic-prometheus-operator.yaml kubectl create -f updater/operators/tectonic-cluo-operator.yaml wait_for_crd tectonic-system appversions.tco.coreos.com kubectl create -f updater/app_versions/app-version-tectonic-cluster.yaml -kubectl create -f updater/app_versions/app-version-kubernetes.yaml kubectl create -f updater/app_versions/app-version-tectonic-monitoring.yaml kubectl create -f updater/app_versions/app-version-tectonic-cluo.yaml