cluster-api-bootstrap-provider-kubeadm-ignition

command module
v0.3.5-0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2020 License: Apache-2.0 Imports: 23 Imported by: 0

README

Cluster API bootstrap provider kubeadm-ignition

Build Status FOSSA Status

What is the Cluster API bootstrap provider kubeadm?

Cluster API bootstrap provider Kubeadm (CABPK) is a component of Cluster API that is responsible of generating a cloud-init script to turn a Machine into a Kubernetes Node; this implementation uses kubeadm for kubernetes bootstrap.

What is the Cluster API bootstrap provider kubeadm-ignition?

a bootstraper provider which generates ignition config files for ignition based linux distributions. (Fedora Container linux )

Resources

How does CABPK work?

CABPK is integrated into cluster-api-manager. Assuming you've set of CAPI and the Docker Manager, create a Cluster object and its corresponding DockerCluster infrastructure object.

kind: DockerCluster
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
metadata:
  name: my-cluster-docker
---
kind: Cluster
apiVersion: cluster.x-k8s.io/v1alpha3
metadata:
  name: my-cluster
spec:
  infrastructureRef:
    kind: DockerCluster
    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
    name: my-cluster-docker

Now you can start creating machines by defining a Machine, its corresponding DockerMachine object, and the KubeadmConfig bootstrap object.

kind: KubeadmConfig
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
metadata:
  name: my-control-plane1-config
spec:
  initConfiguration:
    nodeRegistration:
      kubeletExtraArgs:
        eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
  clusterConfiguration:
    controllerManager:
      extraArgs:
        enable-hostpath-provisioner: "true"
---
kind: DockerMachine
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
metadata:
  name: my-control-plane1-docker
---
kind: Machine
apiVersion: cluster.x-k8s.io/v1alpha3
metadata:
  name: my-control-plane1
  labels:
    cluster.x-k8s.io/cluster-name: my-cluster
    cluster.x-k8s.io/control-plane: "true"
    set: controlplane
spec:
  bootstrap:
    configRef:
      kind: KubeadmConfig
      apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
      name: my-control-plane1-config
  infrastructureRef:
    kind: DockerMachine
    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
    name: my-control-plane1-docker
  version: "v1.14.2"

CABPK's main responsibility is to convert a KubeadmConfig bootstrap object into a cloud-init script that is going to turn a Machine into a Kubernetes Node using kubeadm.

The cloud-init script will be saved into the KubeadmConfig.Status.BootstrapData and then the infrastructure provider (CAPD in this example) will pick up this value and proceed with the machine creation and the actual bootstrap.

KubeadmConfig objects

The KubeadmConfig object allows full control of Kubeadm init/join operations by exposing raw InitConfiguration, ClusterConfiguration and JoinConfiguration objects.

CABPK will fill in some values if they are left empty with sensible defaults:

KubeadmConfig field Default
clusterConfiguration.KubernetesVersion Machine.Spec.Version [1]
clusterConfiguration.clusterName Cluster.metadata.name
clusterConfiguration.controlPlaneEndpoint Cluster.status.apiEndpoints[0]
clusterConfiguration.networking.dnsDomain Cluster.spec.clusterNetwork.serviceDomain
clusterConfiguration.networking.serviceSubnet Cluster.spec.clusterNetwork.service.cidrBlocks[0]
clusterConfiguration.networking.podSubnet Cluster.spec.clusterNetwork.pods.cidrBlocks[0]
joinConfiguration.discovery a short lived BootstrapToken generated by CABPK

IMPORTANT! overriding above defaults could lead to broken Clusters.

[1] if both clusterConfiguration.KubernetesVersion and Machine.Spec.Version are empty, the latest Kubernetes version will be installed (as defined by the default kubeadm behavior).

Examples

Valid combinations of configuration objects are:

  • at least one of InitConfiguration and ClusterConfiguration for the first control plane node only
  • JoinConfiguration for worker nodes and additional control plane nodes

Bootstrap control plane node:

kind: KubeadmConfig
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
metadata:
  name: my-control-plane1-config
spec:
  initConfiguration:
    nodeRegistration:
      kubeletExtraArgs:
        eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
  clusterConfiguration:
    controllerManager:
      extraArgs:
        enable-hostpath-provisioner: "true"

Additional control plane nodes:

kind: KubeadmConfig
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
metadata:
  name: my-control-plane2-config
spec:
  joinConfiguration:
    nodeRegistration:
      kubeletExtraArgs:
        eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
    controlPlane: {}

worker nodes:

kind: KubeadmConfig
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
metadata:
  name: my-worker1-config
spec:
  joinConfiguration:
    nodeRegistration:
      kubeletExtraArgs:
        eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
Bootstrap Orchestration

CABPK supports multiple control plane machines initing at the same time. The generation of cloud-init scripts of different machines is orchestrated in order to ensure a cluster bootstrap process that will be compliant with the correct Kubeadm init/join sequence. More in detail:

  1. cloud-config-data generation starts only after Cluster.InfrastructureReady flag is set to true.
  2. at this stage, cloud-config-data will be generated for the first control plane machine even if multiple control plane machines are ready (kubeadm init).
  3. after Cluster.metadata.Annotations[cluster.x-k8s.io/control-plane-ready] is set to true, the cloud-config-data for all the other machines are generated (kubeadm join/join —control-plane).
Certificate Management

The user can choose two approaches for certificate management:

  1. provide required certificate authorities (CAs) to use for kubeadm init/kubeadm join --control-plane; such CAs should be provided as a Secrets objects in the management cluster.
  2. let CABPK to generate the necessary Secrets objects with a self-signed certificate authority for kubeadm

TODO: Add more info about certificate secrets

What is s3's role here?

We upload generated user data to s3 bucket to ensure that secret stored in user data will not be exposed to user who has read access to ec2 instance And, it is also a part of work around which address ec2's user data size limit.

In order to remove connection between specific disk image and k8s node version, we choose to download k8s binaries at boot time. And binary artifacts are stored in s3 too.

binary artifacts are stored in s3 bucket. Please refer to k8s artifact autosync

If a version template which contains url of binaries doesn't exist, the kubernetes version is not supported.

additional parameters

manager-bootstrap-credentials: create a secret resource which stores aws ak/sk pairs

args: --ignition-userdata-bucket bucket name --ignition-userdata-dir generated userdata location --ignition-template-dir template location

Please refer to deploy.yaml

Additional Features

The KubeadmConfig object supports customizing the content of the config-data:

  • KubeadmConfig.Files specifies additional files to be created on the machine
  • KubeadmConfig.PreKubeadmCommands specifies a list of commands to be executed before kubeadm init/join
  • KubeadmConfig.PostKubeadmCommands same as above, but after kubeadm init/join

License

FOSSA Status

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL