mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-20 14:01:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

flatcar-eks: add missing mkdir and update to latest versions

Browse Source 
The bootstrapping script relies on /etc/docker existing, but this
directory doesn't exist on vanilla Flatcar. Add the missing call to
mkdir -p /etc/docker before the directory gets used.

Also, update the upstream files to their latest version.
This commit is contained in:
Margarita Manterola 2021-02-02 14:11:13 +01:00
parent e900e5d6ea
commit 017f65df7e
3 changed files with 96 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.patch vendored
View File

@ -1,6 +1,6 @@
--- orig/bootstrap.sh 2021-01-21 15:07:34.749539965 +0100 --- orig/bootstrap.sh 2021-02-02 14:04:27.121358890 +0100
+++ flatcar/bootstrap.sh 2021-01-22 12:21:58.080452841 +0100 +++ flatcar/bootstrap.sh 2021-02-02 14:07:15.175175277 +0100
@@ -202,6 +202,9 @@ @@ -268,6 +268,9 @@
exit 1 exit 1
fi fi
@ -8,9 +8,9 @@
+mkdir -p /etc/eks +mkdir -p /etc/eks
+echo "CLUSTER_NAME=\"${CLUSTER_NAME}\"" > /etc/eks/cluster.conf +echo "CLUSTER_NAME=\"${CLUSTER_NAME}\"" > /etc/eks/cluster.conf
TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" "http://169.254.169.254/latest/api/token") TOKEN=$(get_token)
AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | jq .region -r) AWS_DEFAULT_REGION=$(get_meta_data 'latest/dynamic/instance-identity/document' | jq .region -r)
@@ -218,7 +221,8 @@ @@ -284,7 +287,8 @@
PAUSE_CONTAINER="$PAUSE_CONTAINER_IMAGE:$PAUSE_CONTAINER_VERSION" PAUSE_CONTAINER="$PAUSE_CONTAINER_IMAGE:$PAUSE_CONTAINER_VERSION"
### kubelet kubeconfig ### kubelet kubeconfig
@ -20,7 +20,7 @@
CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki
CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt
mkdir -p $CA_CERTIFICATE_DIRECTORY mkdir -p $CA_CERTIFICATE_DIRECTORY
@@ -258,9 +262,9 @@ @@ -324,9 +328,9 @@
echo $B64_CLUSTER_CA | base64 -d > $CA_CERTIFICATE_FILE_PATH echo $B64_CLUSTER_CA | base64 -d > $CA_CERTIFICATE_FILE_PATH
@ -33,7 +33,7 @@
### kubelet.service configuration ### kubelet.service configuration
if [[ -z "${DNS_CLUSTER_IP}" ]]; then if [[ -z "${DNS_CLUSTER_IP}" ]]; then
@@ -279,7 +283,7 @@ @@ -345,7 +349,7 @@
DNS_CLUSTER_IP="${DNS_CLUSTER_IP}" DNS_CLUSTER_IP="${DNS_CLUSTER_IP}"
fi fi
@ -41,8 +41,8 @@
+KUBELET_CONFIG=/usr/share/oem/eks/kubelet-config.json +KUBELET_CONFIG=/usr/share/oem/eks/kubelet-config.json
echo "$(jq ".clusterDNS=[\"$DNS_CLUSTER_IP\"]" $KUBELET_CONFIG)" > $KUBELET_CONFIG echo "$(jq ".clusterDNS=[\"$DNS_CLUSTER_IP\"]" $KUBELET_CONFIG)" > $KUBELET_CONFIG
INTERNAL_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/local-ipv4) INTERNAL_IP=$(get_meta_data 'latest/meta-data/local-ipv4')
@@ -291,7 +295,7 @@ @@ -357,7 +361,7 @@
# with this formula when scheduling pods: Allocatable = Capacity - Reserved - Eviction Threshold. # with this formula when scheduling pods: Allocatable = Capacity - Reserved - Eviction Threshold.
#calculate the max number of pods per instance type #calculate the max number of pods per instance type
@ -51,7 +51,7 @@
set +o pipefail set +o pipefail
MAX_PODS=$(cat $MAX_PODS_FILE | awk "/^${INSTANCE_TYPE:-unset}/"' { print $2 }') MAX_PODS=$(cat $MAX_PODS_FILE | awk "/^${INSTANCE_TYPE:-unset}/"' { print $2 }')
set -o pipefail set -o pipefail
@@ -316,6 +320,8 @@ @@ -382,6 +386,8 @@
fi fi
fi fi
@ -60,12 +60,13 @@
mkdir -p /etc/systemd/system/kubelet.service.d mkdir -p /etc/systemd/system/kubelet.service.d
cat <<EOF > /etc/systemd/system/kubelet.service.d/10-kubelet-args.conf cat <<EOF > /etc/systemd/system/kubelet.service.d/10-kubelet-args.conf
@@ -330,10 +336,15 @@ @@ -396,10 +402,16 @@
EOF EOF
fi fi
+ +
# Replace with custom docker config contents. # Replace with custom docker config contents.
+mkdir -p /etc/docker
if [[ -n "$DOCKER_CONFIG_JSON" ]]; then if [[ -n "$DOCKER_CONFIG_JSON" ]]; then
echo "$DOCKER_CONFIG_JSON" > /etc/docker/daemon.json echo "$DOCKER_CONFIG_JSON" > /etc/docker/daemon.json
systemctl restart docker systemctl restart docker
@ -76,7 +77,7 @@
fi fi
if [[ "$ENABLE_DOCKER_BRIDGE" = "true" ]]; then if [[ "$ENABLE_DOCKER_BRIDGE" = "true" ]]; then
@@ -343,7 +354,19 @@ @@ -409,7 +421,19 @@
systemctl restart docker systemctl restart docker
fi fi

80
sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.sh vendored
View File

@ -134,6 +134,72 @@ function get_pause_container_account_for_region () {
esac esac
} }
function _get_token() {
local token_result=
local http_result=
token_result=$(curl -s -w "\n%{http_code}" -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" "http://169.254.169.254/latest/api/token")
http_result=$(echo "$token_result" | tail -n 1)
if [[ "$http_result" != "200" ]]
then
echo -e "Failed to get token:\n$token_result"
return 1
else
echo "$token_result" | head -n 1
return 0
fi
}
function get_token() {
local token=
local retries=20
local result=1
while [[ retries -gt 0 && $result -ne 0 ]]
do
retries=$[$retries-1]
token=$(_get_token)
result=$?
[[ $result != 0 ]] && sleep 5
done
[[ $result == 0 ]] && echo "$token"
return $result
}
function _get_meta_data() {
local path=$1
local metadata_result=
metadata_result=$(curl -s -w "\n%{http_code}" -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/$path)
http_result=$(echo "$metadata_result" | tail -n 1)
if [[ "$http_result" != "200" ]]
then
echo -e "Failed to get metadata:\n$metadata_result\nhttp://169.254.169.254/$path\n$TOKEN"
return 1
else
local lines=$(echo "$metadata_result" | wc -l)
echo "$metadata_result" | head -n $(( lines - 1 ))
return 0
fi
}
function get_meta_data() {
local metadata=
local path=$1
local retries=20
local result=1
while [[ retries -gt 0 && $result -ne 0 ]]
do
retries=$[$retries-1]
metadata=$(_get_meta_data $path)
result=$?
[[ $result != 0 ]] && TOKEN=$(get_token)
done
[[ $result == 0 ]] && echo "$metadata"
return $result
}
# Helper function which calculates the amount of the given resource (either CPU or memory) # Helper function which calculates the amount of the given resource (either CPU or memory)
# to reserve in a given resource range, specified by a start and end of the range and a percentage # to reserve in a given resource range, specified by a start and end of the range and a percentage
# of the resource to reserve. Note that we return zero if the start of the resource range is # of the resource to reserve. Note that we return zero if the start of the resource range is
@ -203,9 +269,9 @@ if [ -z "$CLUSTER_NAME" ]; then
fi fi
TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" "http://169.254.169.254/latest/api/token") TOKEN=$(get_token)
AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | jq .region -r) AWS_DEFAULT_REGION=$(get_meta_data 'latest/dynamic/instance-identity/document' | jq .region -r)
AWS_SERVICES_DOMAIN=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/2018-09-24/meta-data/services/domain) AWS_SERVICES_DOMAIN=$(get_meta_data '2018-09-24/meta-data/services/domain')
MACHINE=$(uname -m) MACHINE=$(uname -m)
if [[ "$MACHINE" != "x86_64" && "$MACHINE" != "aarch64" ]]; then if [[ "$MACHINE" != "x86_64" && "$MACHINE" != "aarch64" ]]; then
@ -268,8 +334,8 @@ if [[ -z "${DNS_CLUSTER_IP}" ]]; then
#Sets the DNS Cluster IP address that would be chosen from the serviceIpv4Cidr. (x.y.z.10) #Sets the DNS Cluster IP address that would be chosen from the serviceIpv4Cidr. (x.y.z.10)
DNS_CLUSTER_IP=${SERVICE_IPV4_CIDR%.*}.10 DNS_CLUSTER_IP=${SERVICE_IPV4_CIDR%.*}.10
else else
MAC=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/ -s | head -n 1 | sed 's/\/$//') MAC=$(get_meta_data 'latest/meta-data/network/interfaces/macs/' | head -n 1 | sed 's/\/$//')
TEN_RANGE=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC/vpc-ipv4-cidr-blocks | grep -c '^10\..*' || true ) TEN_RANGE=$(get_meta_data "latest/meta-data/network/interfaces/macs/$MAC/vpc-ipv4-cidr-blocks" | grep -c '^10\..*' || true )
DNS_CLUSTER_IP=10.100.0.10 DNS_CLUSTER_IP=10.100.0.10
if [[ "$TEN_RANGE" != "0" ]]; then if [[ "$TEN_RANGE" != "0" ]]; then
DNS_CLUSTER_IP=172.20.0.10 DNS_CLUSTER_IP=172.20.0.10
@ -282,8 +348,8 @@ fi
KUBELET_CONFIG=/etc/kubernetes/kubelet/kubelet-config.json KUBELET_CONFIG=/etc/kubernetes/kubelet/kubelet-config.json
echo "$(jq ".clusterDNS=[\"$DNS_CLUSTER_IP\"]" $KUBELET_CONFIG)" > $KUBELET_CONFIG echo "$(jq ".clusterDNS=[\"$DNS_CLUSTER_IP\"]" $KUBELET_CONFIG)" > $KUBELET_CONFIG
INTERNAL_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/local-ipv4) INTERNAL_IP=$(get_meta_data 'latest/meta-data/local-ipv4')
INSTANCE_TYPE=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/instance-type) INSTANCE_TYPE=$(get_meta_data 'latest/meta-data/instance-type')
# Sets kubeReserved and evictionHard in /etc/kubernetes/kubelet/kubelet-config.json for worker nodes. The following two function # Sets kubeReserved and evictionHard in /etc/kubernetes/kubelet/kubelet-config.json for worker nodes. The following two function
# calls calculate the CPU and memory resources to reserve for kubeReserved based on the instance type of the worker node. # calls calculate the CPU and memory resources to reserve for kubeReserved based on the instance type of the worker node.

10
sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/eni-max-pods.txt vendored
View File

@ -11,7 +11,7 @@
# express or implied. See the License for the specific language governing # express or implied. See the License for the specific language governing
# permissions and limitations under the License. # permissions and limitations under the License.
# #
# This file was generated at 2020-12-12T18:33:04-03:00 # This file was generated at 2021-01-13T12:54:18-08:00
# #
# Mapping is calculated from AWS EC2 API using the following formula: # Mapping is calculated from AWS EC2 API using the following formula:
# * First IP on each ENI is not used for pods # * First IP on each ENI is not used for pods
@ -100,6 +100,14 @@ c6gd.large 29
c6gd.medium 8 c6gd.medium 8
c6gd.metal 737 c6gd.metal 737
c6gd.xlarge 58 c6gd.xlarge 58
c6gn.12xlarge 234
c6gn.16xlarge 737
c6gn.2xlarge 58
c6gn.4xlarge 234
c6gn.8xlarge 234
c6gn.large 29
c6gn.medium 8
c6gn.xlarge 58
cc2.8xlarge 234 cc2.8xlarge 234
cr1.8xlarge 234 cr1.8xlarge 234
d2.2xlarge 58 d2.2xlarge 58