wip: eksd images

.github/workflows/capmvm-eksd-manual.yml

@@ -0,0 +1,25 @@
+name: Build and release capmvm eks-d images
+
+on:
+  workflow_dispatch:
+    branches: [main]
+
+defaults:
+  run:
+    working-directory: capmvm/eksd/1.20
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login to container registry
+        uses: docker/#-action@v1.10.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        run: |
+          make build
+          make push

capmvm/eksd/1.20/10-kubeadm.conf

@@ -0,0 +1,11 @@
+# Note: This dropin only works with kubeadm and kubelet v1.11+
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
+# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
+EnvironmentFile=-/etc/default/kubelet
+ExecStart=
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

capmvm/eksd/1.20/Dockerfile

@@ -0,0 +1,54 @@
+FROM ghcr.io/weaveworks/flintlock-ubuntu-base:20.04
+
+
+ARG ARCH="amd64"
+ARG CONTAINERD_VERSION=1.5.9
+
+RUN apt-get update && apt-get install -y \
+        wget \
+        apt-transport-https \
+        ca-certificates \
+        gnupg2 \
+        software-properties-common \
+        libseccomp2 \
+        ebtables \
+        ethtool \
+        socat \
+        conntrack \
+        iptables \
+        locales \
+        jq
+
+#### Let iptables see bridged traffic ###
+RUN echo "overlay \n\
+br_netfilter" >> /etc/modules-load.d/containerd.conf
+
+# Setup required sysctl params, these persist across reboots.
+RUN echo "net.bridge.bridge-nf-call-iptables  = 1 \n\
+net.ipv4.ip_forward                 = 1 \n\
+net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.d/99-kubernetes-cri.conf
+
+# Apply sysctl params without reboot
+RUN sysctl --system
+
+# Install Containerd
+RUN wget https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-${ARCH}.tar.gz
+RUN tar --no-overwrite-dir -C / -xzf cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz && rm -f cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz
+
+### Add apt repos
+# Kubeadm, Kubelet, and Kubectl for EKS-D 1.20
+RUN curl -fsSLo /usr/bin/kubelet https://distro.eks.amazonaws.com/kubernetes-1-20/releases/10/artifacts/kubernetes/v1.20.11/bin/linux/amd64/kubelet && chmod +x /usr/bin/kubelet
+RUN curl -fsSLo /usr/bin/kubeadm https://distro.eks.amazonaws.com/kubernetes-1-20/releases/10/artifacts/kubernetes/v1.20.11/bin/linux/amd64/kubeadm && chmod +x /usr/bin/kubeadm
+RUN curl -fsSLo /usr/bin/kubectl https://distro.eks.amazonaws.com/kubernetes-1-20/releases/10/artifacts/kubernetes/v1.20.11/bin/linux/amd64/kubectl && chmod +x /usr/bin/kubectl
+
+RUN mkdir -p /etc/kubernetes/manifests
+
+RUN mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml
+RUN systemctl enable containerd
+
+COPY kubelet.service /lib/systemd/system/
+
+RUN mkdir -p /etc/systemd/system/kubelet.service.d/
+COPY 10-kubeadm.conf /etc/systemd/system/kubelet.service.d/
+
+RUN systemctl enable kubelet

capmvm/eksd/1.20/Makefile

@@ -0,0 +1,17 @@
+DOCKER := docker
+
+REGISTRY?=ghcr.io/weaveworks
+IMAGE_NAME?=$(REGISTRY)/capmvm-kubernetes
+RELEASE?=v1.20.11-eks-1-20-10# RELEASE follows the EKS-D release
+CONTAINERD_VERSION?=1.5.9
+TAG?=$(shell git rev-parse --short HEAD)
+
+build:
+	$(DOCKER) build -t $(IMAGE_NAME):$(RELEASE) \
+		--build-arg KUBERNETES_VERSION=$(RELEASE) \
+		--build-arg CONTAINERD_VERSION=$(CONTAINERD_VERSION) .
+	$(DOCKER) tag $(IMAGE_NAME):$(RELEASE) $(IMAGE_NAME):$(TAG)
+
+push:
+	$(DOCKER) push $(IMAGE_NAME):$(RELEASE)
+	$(DOCKER) push $(IMAGE_NAME):$(TAG)

capmvm/eksd/1.20/README.md

@@ -0,0 +1,15 @@
+# EKS-D v1.20
+
+Uses manifest from here: https://distro.eks.amazonaws.com/kubernetes-1-20/kubernetes-1-20-eks-10.yaml
+
+
+Kubelet:
+https://distro.eks.amazonaws.com/kubernetes-1-20/releases/10/artifacts/kubernetes/v1.20.11/bin/linux/amd64/kubelet
+
+Kubeadm:
+https://distro.eks.amazonaws.com/kubernetes-1-20/releases/10/artifacts/kubernetes/v1.20.11/bin/linux/amd64/kubeadm
+
+Kubectl:
+https://distro.eks.amazonaws.com/kubernetes-1-20/releases/10/artifacts/kubernetes/v1.20.11/bin/linux/amd64/kubectl
+
+TODO: use the manifest to download/verify dependencies

capmvm/eksd/1.20/kubelet.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=kubelet: The Kubernetes Node Agent
+Documentation=https://kubernetes.io/docs/home/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart=/usr/bin/kubelet
+Restart=always
+StartLimitInterval=0
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target