|
1 | | -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 |
2 | | -kind: KubeadmConfig |
3 | | -metadata: |
4 | | - name: ${CLUSTER_NAME}-mp-0 |
5 | | -spec: |
6 | | - joinConfiguration: |
7 | | - nodeRegistration: |
8 | | - kubeletExtraArgs: |
9 | | - cloud-provider: external |
10 | | - image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider |
11 | | - image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml |
12 | | - preKubeadmCommands: |
13 | | - - bash -c /tmp/oot-cred-provider.sh |
14 | | - - bash -c /tmp/kubeadm-bootstrap.sh |
15 | | - files: |
16 | | - - path: /tmp/oot-cred-provider.sh |
17 | | - owner: "root:root" |
18 | | - permissions: "0744" |
19 | | - content: | |
20 | | - #!/bin/bash |
21 | | -
|
22 | | - set -o nounset |
23 | | - set -o pipefail |
24 | | - set -o errexit |
25 | | - [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" |
26 | | - |
27 | | - # Run the az login command with managed identity |
28 | | - if az login --identity > /dev/null 2>&1; then |
29 | | - echo "Logged in Azure with managed identity" |
30 | | - echo "Use OOT credential provider" |
31 | | - mkdir -p /var/lib/kubelet/credential-provider |
32 | | - az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login |
33 | | - chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider |
34 | | - az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login |
35 | | - chmod 644 /var/lib/kubelet/credential-provider-config.yaml |
36 | | - else |
37 | | - echo "Using curl to download the OOT credential provider" |
38 | | - mkdir -p /var/lib/kubelet/credential-provider |
39 | | - curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" |
40 | | - chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider |
41 | | - curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" |
42 | | - chmod 644 /var/lib/kubelet/credential-provider-config.yaml |
43 | | - fi |
44 | | - - path: /tmp/kubeadm-bootstrap.sh |
45 | | - owner: "root:root" |
46 | | - permissions: "0744" |
47 | | - content: | |
48 | | - #!/bin/bash |
49 | | -
|
50 | | - set -o nounset |
51 | | - set -o pipefail |
52 | | - set -o errexit |
53 | | - [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" |
54 | | -
|
55 | | - # This test installs release packages or binaries that are a result of the CI and release builds. |
56 | | - # It runs '... --version' commands to verify that the binaries are correctly installed |
57 | | - # and finally uninstalls the packages. |
58 | | - # For the release packages it tests all versions in the support skew. |
59 | | - LINE_SEPARATOR="*************************************************" |
60 | | - echo "$$LINE_SEPARATOR" |
61 | | - CI_VERSION=${CI_VERSION} |
62 | | - if [[ "$${CI_VERSION}" != "" ]]; then |
63 | | - CI_DIR=/tmp/k8s-ci |
64 | | - mkdir -p $$CI_DIR |
65 | | - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") |
66 | | - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") |
67 | | - CONTAINER_EXT="tar" |
68 | | - echo "* testing CI version $$CI_VERSION" |
69 | | - # Check for semver |
70 | | - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then |
71 | | - VERSION_WITHOUT_PREFIX="${CI_VERSION#v}" |
72 | | - DEBIAN_FRONTEND=noninteractive apt-get install -y apt-transport-https curl |
73 | | - curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg |
74 | | - echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list |
75 | | - apt-get update |
76 | | - # replace . with \. |
77 | | - VERSION_REGEX="${VERSION_WITHOUT_PREFIX//./\\.}" |
78 | | - PACKAGE_VERSION="$(apt-cache madison kubelet|grep $${VERSION_REGEX}- | head -n1 | cut -d '|' -f 2 | tr -d '[:space:]')" |
79 | | - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do |
80 | | - echo "* installing package: $$CI_PACKAGE $${PACKAGE_VERSION}" |
81 | | - DEBIAN_FRONTEND=noninteractive apt-get install -y $$CI_PACKAGE=$$PACKAGE_VERSION |
82 | | - done |
83 | | - else |
84 | | - CI_URL="https://storage.googleapis.com/k8s-release-dev/ci/$${CI_VERSION}/bin/linux/amd64" |
85 | | - fi |
86 | | - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do |
87 | | - echo "* downloading binary: $$CI_URL/$$CI_PACKAGE" |
88 | | - wget --inet4-only "$$CI_URL/$$CI_PACKAGE" -nv -O "$$CI_DIR/$$CI_PACKAGE" |
89 | | - chmod +x "$$CI_DIR/$$CI_PACKAGE" |
90 | | - mv "$$CI_DIR/$$CI_PACKAGE" "/usr/bin/$$CI_PACKAGE" |
91 | | - done |
92 | | - IMAGE_REGISTRY_PREFIX=registry.k8s.io |
93 | | - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do |
94 | | - echo "* downloading package: $$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" |
95 | | - wget --inet4-only "$$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" -nv -O "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" |
96 | | - $${SUDO} ctr -n k8s.io images import "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" || echo "* ignoring expected 'ctr images import' result" |
97 | | - $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER:"$${CI_VERSION//+/_}" |
98 | | - $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" gcr.io/k8s-staging-ci-images/$$CI_CONTAINER:"$${CI_VERSION//+/_}" |
99 | | - done |
100 | | - fi |
101 | | - systemctl restart kubelet |
102 | | - fi |
103 | | - echo "* checking binary versions" |
104 | | - echo "ctr version: " $(ctr version) |
105 | | - echo "kubeadm version: " $(kubeadm version -o=short) |
106 | | - echo "kubectl version: " $(kubectl version --client=true) |
107 | | - echo "kubelet version: " $(kubelet --version) |
108 | | - echo "$$LINE_SEPARATOR" |
109 | | - - path: /etc/kubernetes/azure.json |
110 | | - owner: "root:root" |
111 | | - permissions: "0644" |
112 | | - contentFrom: |
113 | | - secret: |
114 | | - key: worker-node-azure.json |
115 | | - name: ${CLUSTER_NAME}-mp-0-azure-json |
116 | | ---- |
117 | 1 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 |
118 | 2 | kind: AzureMachinePool |
119 | 3 | metadata: |
|
0 commit comments