-
Notifications
You must be signed in to change notification settings - Fork 430
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5225 from nojnhuh/prow-mp-ci-version-patch
translate machine-pool-ci-version KubeadmConfig merge patch to JSON patch
- Loading branch information
Showing
3 changed files
with
128 additions
and
116 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
121 changes: 121 additions & 0 deletions
121
...lates/test/ci/prow-machine-pool-ci-version/patches/kubeadm-bootstrap-k8s-ci-binaries.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| - op: add | ||
| path: /spec/files/0 | ||
| value: | ||
| path: /tmp/kubeadm-bootstrap.sh | ||
| owner: "root:root" | ||
| permissions: "0744" | ||
| content: | | ||
| #!/bin/bash | ||
| set -o nounset | ||
| set -o pipefail | ||
| set -o errexit | ||
| [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" | ||
| # This test installs release packages or binaries that are a result of the CI and release builds. | ||
| # It runs '... --version' commands to verify that the binaries are correctly installed | ||
| # and finally uninstalls the packages. | ||
| # For the release packages it tests all versions in the support skew. | ||
| LINE_SEPARATOR="*************************************************" | ||
| echo "$$LINE_SEPARATOR" | ||
| CI_VERSION=${CI_VERSION} | ||
| if [[ "$${CI_VERSION}" != "" ]]; then | ||
| CI_DIR=/tmp/k8s-ci | ||
| mkdir -p $$CI_DIR | ||
| declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") | ||
| declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") | ||
| CONTAINER_EXT="tar" | ||
| echo "* testing CI version $$CI_VERSION" | ||
| # Check for semver | ||
| if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||
| VERSION_WITHOUT_PREFIX="${CI_VERSION#v}" | ||
| DEBIAN_FRONTEND=noninteractive apt-get install -y apt-transport-https curl | ||
| curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg | ||
| echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list | ||
| apt-get update | ||
| # replace . with \. | ||
| VERSION_REGEX="${VERSION_WITHOUT_PREFIX//./\\.}" | ||
| PACKAGE_VERSION="$(apt-cache madison kubelet|grep $${VERSION_REGEX}- | head -n1 | cut -d '|' -f 2 | tr -d '[:space:]')" | ||
| for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do | ||
| echo "* installing package: $$CI_PACKAGE $${PACKAGE_VERSION}" | ||
| DEBIAN_FRONTEND=noninteractive apt-get install -y $$CI_PACKAGE=$$PACKAGE_VERSION | ||
| done | ||
| else | ||
| CI_URL="https://storage.googleapis.com/k8s-release-dev/ci/$${CI_VERSION}/bin/linux/amd64" | ||
| fi | ||
| for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do | ||
| echo "* downloading binary: $$CI_URL/$$CI_PACKAGE" | ||
| wget --inet4-only "$$CI_URL/$$CI_PACKAGE" -nv -O "$$CI_DIR/$$CI_PACKAGE" | ||
| chmod +x "$$CI_DIR/$$CI_PACKAGE" | ||
| mv "$$CI_DIR/$$CI_PACKAGE" "/usr/bin/$$CI_PACKAGE" | ||
| done | ||
| IMAGE_REGISTRY_PREFIX=registry.k8s.io | ||
| for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do | ||
| echo "* downloading package: $$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" | ||
| wget --inet4-only "$$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" -nv -O "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" | ||
| $${SUDO} ctr -n k8s.io images import "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" || echo "* ignoring expected 'ctr images import' result" | ||
| $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER:"$${CI_VERSION//+/_}" | ||
| $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" gcr.io/k8s-staging-ci-images/$$CI_CONTAINER:"$${CI_VERSION//+/_}" | ||
| done | ||
| fi | ||
| systemctl restart kubelet | ||
| fi | ||
| echo "* checking binary versions" | ||
| echo "ctr version: " $(ctr version) | ||
| echo "kubeadm version: " $(kubeadm version -o=short) | ||
| echo "kubectl version: " $(kubectl version --client=true) | ||
| echo "kubelet version: " $(kubelet --version) | ||
| echo "$$LINE_SEPARATOR" | ||
| - op: add | ||
| path: /spec/files/0 | ||
| value: | ||
| path: /tmp/oot-cred-provider.sh | ||
| owner: "root:root" | ||
| permissions: "0744" | ||
| content: | | ||
| #!/bin/bash | ||
| set -o nounset | ||
| set -o pipefail | ||
| set -o errexit | ||
| [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" | ||
| # Run the az login command with managed identity | ||
| if az login --identity > /dev/null 2>&1; then | ||
| echo "Logged in Azure with managed identity" | ||
| echo "Use OOT credential provider" | ||
| mkdir -p /var/lib/kubelet/credential-provider | ||
| az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login | ||
| chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider | ||
| az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login | ||
| chmod 644 /var/lib/kubelet/credential-provider-config.yaml | ||
| else | ||
| echo "Using curl to download the OOT credential provider" | ||
| mkdir -p /var/lib/kubelet/credential-provider | ||
| curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" | ||
| chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider | ||
| curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" | ||
| chmod 644 /var/lib/kubelet/credential-provider-config.yaml | ||
| fi | ||
| - op: test | ||
| path: /spec/preKubeadmCommands | ||
| value: null | ||
| - op: add | ||
| path: /spec/preKubeadmCommands | ||
| value: [] | ||
| - op: add | ||
| path: /spec/preKubeadmCommands/- | ||
| value: | ||
| bash -c /tmp/oot-cred-provider.sh | ||
| - op: add | ||
| path: /spec/preKubeadmCommands/- | ||
| value: | ||
| bash -c /tmp/kubeadm-bootstrap.sh | ||
| - op: add | ||
| path: /spec/joinConfiguration/nodeRegistration/kubeletExtraArgs/image-credential-provider-bin-dir | ||
| value: | ||
| /var/lib/kubelet/credential-provider | ||
| - op: add | ||
| path: /spec/joinConfiguration/nodeRegistration/kubeletExtraArgs/image-credential-provider-config | ||
| value: | ||
| /var/lib/kubelet/credential-provider-config.yaml |
116 changes: 0 additions & 116 deletions
116
templates/test/ci/prow-machine-pool-ci-version/patches/machine-pool-ci-version.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters