From 300f79dc4e6e8a2f9d42c74b6b63fc2f22d8421f Mon Sep 17 00:00:00 2001 From: Adam Stokes Date: Thu, 4 May 2017 13:56:45 -0400 Subject: [PATCH 1/3] openstack-novalxd/k8s: remove unneeded lxd profile additions With LXD 2.13 defining these capabilities are no longer needed. Signed-off-by: Adam Stokes --- canonical-kubernetes/steps/lxd-profile.yaml | 10 ---------- kubernetes-core/steps/lxd-profile.yaml | 10 ---------- openstack-novalxd/steps/lxd-profile.yaml | 1 - 3 files changed, 21 deletions(-) diff --git a/canonical-kubernetes/steps/lxd-profile.yaml b/canonical-kubernetes/steps/lxd-profile.yaml index 730630b..80ba926 100644 --- a/canonical-kubernetes/steps/lxd-profile.yaml +++ b/canonical-kubernetes/steps/lxd-profile.yaml @@ -3,21 +3,11 @@ config: boot.autostart: "true" linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay raw.lxc: | - lxc.aa_profile=unconfined lxc.mount.auto=proc:rw sys:rw - lxc.cap.drop= security.nesting: "true" security.privileged: "true" description: "" devices: - aadisable: - path: /sys/module/nf_conntrack/parameters/hashsize - source: /dev/null - type: disk - aadisable1: - path: /sys/module/apparmor/parameters/enabled - source: /dev/null - type: disk root: path: / pool: conjureup diff --git a/kubernetes-core/steps/lxd-profile.yaml b/kubernetes-core/steps/lxd-profile.yaml index 730630b..80ba926 100644 --- a/kubernetes-core/steps/lxd-profile.yaml +++ b/kubernetes-core/steps/lxd-profile.yaml @@ -3,21 +3,11 @@ config: boot.autostart: "true" linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay raw.lxc: | - lxc.aa_profile=unconfined lxc.mount.auto=proc:rw sys:rw - lxc.cap.drop= security.nesting: "true" security.privileged: "true" description: "" devices: - aadisable: - path: /sys/module/nf_conntrack/parameters/hashsize - source: /dev/null - type: disk - aadisable1: - path: /sys/module/apparmor/parameters/enabled - source: /dev/null - type: disk root: path: / pool: conjureup diff --git a/openstack-novalxd/steps/lxd-profile.yaml b/openstack-novalxd/steps/lxd-profile.yaml index adc99a2..a89a071 100644 --- a/openstack-novalxd/steps/lxd-profile.yaml +++ b/openstack-novalxd/steps/lxd-profile.yaml @@ -5,7 +5,6 @@ config: security.privileged: "true" linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables,netlink_diag raw.lxc : | - lxc.aa_profile=unconfined lxc.mount.auto=sys:rw devices: eth0: From 9ce7561c835c8c12083b7ec1c1af26cb607d9a09 Mon Sep 17 00:00:00 2001 From: Adam Stokes Date: Fri, 5 May 2017 17:52:14 -0400 Subject: [PATCH 2/3] Revert "openstack-novalxd/k8s: remove unneeded lxd profile additions" This reverts commit 300f79dc4e6e8a2f9d42c74b6b63fc2f22d8421f. --- canonical-kubernetes/steps/lxd-profile.yaml | 10 ++++++++++ kubernetes-core/steps/lxd-profile.yaml | 10 ++++++++++ openstack-novalxd/steps/lxd-profile.yaml | 1 + 3 files changed, 21 insertions(+) diff --git a/canonical-kubernetes/steps/lxd-profile.yaml b/canonical-kubernetes/steps/lxd-profile.yaml index 80ba926..730630b 100644 --- a/canonical-kubernetes/steps/lxd-profile.yaml +++ b/canonical-kubernetes/steps/lxd-profile.yaml @@ -3,11 +3,21 @@ config: boot.autostart: "true" linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay raw.lxc: | + lxc.aa_profile=unconfined lxc.mount.auto=proc:rw sys:rw + lxc.cap.drop= security.nesting: "true" security.privileged: "true" description: "" devices: + aadisable: + path: /sys/module/nf_conntrack/parameters/hashsize + source: /dev/null + type: disk + aadisable1: + path: /sys/module/apparmor/parameters/enabled + source: /dev/null + type: disk root: path: / pool: conjureup diff --git a/kubernetes-core/steps/lxd-profile.yaml b/kubernetes-core/steps/lxd-profile.yaml index 80ba926..730630b 100644 --- a/kubernetes-core/steps/lxd-profile.yaml +++ b/kubernetes-core/steps/lxd-profile.yaml @@ -3,11 +3,21 @@ config: boot.autostart: "true" linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay raw.lxc: | + lxc.aa_profile=unconfined lxc.mount.auto=proc:rw sys:rw + lxc.cap.drop= security.nesting: "true" security.privileged: "true" description: "" devices: + aadisable: + path: /sys/module/nf_conntrack/parameters/hashsize + source: /dev/null + type: disk + aadisable1: + path: /sys/module/apparmor/parameters/enabled + source: /dev/null + type: disk root: path: / pool: conjureup diff --git a/openstack-novalxd/steps/lxd-profile.yaml b/openstack-novalxd/steps/lxd-profile.yaml index a89a071..adc99a2 100644 --- a/openstack-novalxd/steps/lxd-profile.yaml +++ b/openstack-novalxd/steps/lxd-profile.yaml @@ -5,6 +5,7 @@ config: security.privileged: "true" linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables,netlink_diag raw.lxc : | + lxc.aa_profile=unconfined lxc.mount.auto=sys:rw devices: eth0: From fdc36819602c705e6734f2c10767cb14c929536f Mon Sep 17 00:00:00 2001 From: Konstantinos Tsakalozos Date: Tue, 9 May 2017 14:47:25 +0300 Subject: [PATCH 3/3] Adding kubefed to the clients distributed with k8s (#68) --- canonical-kubernetes/steps/step-01_get-kubectl | 7 ++++++- canonical-kubernetes/steps/step-01_get-kubectl.yaml | 2 +- kubernetes-core/steps/step-01_get-kubectl | 7 ++++++- kubernetes-core/steps/step-01_get-kubectl.yaml | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/canonical-kubernetes/steps/step-01_get-kubectl b/canonical-kubernetes/steps/step-01_get-kubectl index b5e147f..4b015c5 100755 --- a/canonical-kubernetes/steps/step-01_get-kubectl +++ b/canonical-kubernetes/steps/step-01_get-kubectl @@ -11,11 +11,16 @@ cmd_to_run="~/bin/kubectl.$JUJU_MODEL" juju scp -m $JUJU_CONTROLLER:$JUJU_MODEL kubernetes-master/0:config ~/.kube/config.$JUJU_MODEL if [[ $(uname -s) = "Darwin" ]]; then - curl -sLO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl + repo=https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/ + curl -sLO $repo/kubectl chmod +x kubectl mv kubectl /usr/local/bin/kubectl + curl -sLO $repo/kubefed + chmod +x kubefed + mv kubefed /usr/local/bin/kubefed else sudo snap install kubectl --classic 1>&2 + sudo snap install kubefed --classic 1>&2 fi echo "kubectl --kubeconfig=$HOME/.kube/config.$JUJU_MODEL \$@" > $HOME/bin/kubectl.$JUJU_MODEL diff --git a/canonical-kubernetes/steps/step-01_get-kubectl.yaml b/canonical-kubernetes/steps/step-01_get-kubectl.yaml index acd5225..ab5a44c 100644 --- a/canonical-kubernetes/steps/step-01_get-kubectl.yaml +++ b/canonical-kubernetes/steps/step-01_get-kubectl.yaml @@ -1,4 +1,4 @@ title: Kubernetes Cluster Controller -description: Download the kubectl client program to your local host +description: Download the kubectl and kubefed client programs to your local host viewable: True sudo: True diff --git a/kubernetes-core/steps/step-01_get-kubectl b/kubernetes-core/steps/step-01_get-kubectl index b5e147f..4b015c5 100755 --- a/kubernetes-core/steps/step-01_get-kubectl +++ b/kubernetes-core/steps/step-01_get-kubectl @@ -11,11 +11,16 @@ cmd_to_run="~/bin/kubectl.$JUJU_MODEL" juju scp -m $JUJU_CONTROLLER:$JUJU_MODEL kubernetes-master/0:config ~/.kube/config.$JUJU_MODEL if [[ $(uname -s) = "Darwin" ]]; then - curl -sLO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl + repo=https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/ + curl -sLO $repo/kubectl chmod +x kubectl mv kubectl /usr/local/bin/kubectl + curl -sLO $repo/kubefed + chmod +x kubefed + mv kubefed /usr/local/bin/kubefed else sudo snap install kubectl --classic 1>&2 + sudo snap install kubefed --classic 1>&2 fi echo "kubectl --kubeconfig=$HOME/.kube/config.$JUJU_MODEL \$@" > $HOME/bin/kubectl.$JUJU_MODEL diff --git a/kubernetes-core/steps/step-01_get-kubectl.yaml b/kubernetes-core/steps/step-01_get-kubectl.yaml index acd5225..ab5a44c 100644 --- a/kubernetes-core/steps/step-01_get-kubectl.yaml +++ b/kubernetes-core/steps/step-01_get-kubectl.yaml @@ -1,4 +1,4 @@ title: Kubernetes Cluster Controller -description: Download the kubectl client program to your local host +description: Download the kubectl and kubefed client programs to your local host viewable: True sudo: True