Update kubernetes to 1.14

Also enable external storage provisioners like Ceph RBD.
Added eudev needed for detecting device mounts. Without it tools like
rbd will timeout waiting for a message on /run/udev/control.

Signed-off-by: Bastiaan Schaap <[email protected]>

Author: bjwschaap

.gitignore

@@ -1,6 +1,8 @@
 *.iso
+*.tar
 kube-*-kernel
 kube-*-cmdline
 kube-*-initrd.img
 kube-*-state
 kube-weave.yaml
+kube-calico.yaml

Makefile

@@ -1,13 +1,15 @@
 KUBE_RUNTIME ?= docker
 KUBE_NETWORK ?= weave
+KUBE_VERSION ?= 1.14
+KUBE_NETWORK_WEAVE ?= v2.5.2
+KUBE_NETWORK_CALICO ?= v3.8
 
-KUBE_NETWORK_WEAVE ?= v2.2.1
-
-ifeq ($(shell uname -s),Darwin)
-KUBE_FORMATS ?= iso-efi
-else
-KUBE_FORMATS ?= iso-bios
-endif
+# ifeq ($(shell uname -s),Darwin)
+# KUBE_FORMATS ?= iso-efi
+# else
+#KUBE_FORMATS ?= iso-bios
+# endif
+KUBE_FORMATS ?= tar-kernel-initrd
 
 KUBE_FORMAT_ARGS := $(patsubst %,-format %,$(KUBE_FORMATS))
 
@@ -25,7 +27,12 @@ node: yml/kube.yml yml/$(KUBE_RUNTIME).yml yml/$(KUBE_NETWORK).yml $(KUBE_EXTRA_
 yml/weave.yml: kube-weave.yaml
 
 kube-weave.yaml:
-	curl -L -o $@ https://cloud.weave.works/k8s/v1.8/net?v=$(KUBE_NETWORK_WEAVE)
+	curl -L -o $@ https://cloud.weave.works/k8s/v$(KUBE_VERSION)/net?v=$(KUBE_NETWORK_WEAVE)
+
+yml/calico.yml: kube-calico.yaml
+
+kube-calico.yaml:
+	curl -L -o $@ https://docs.projectcalico.org/${KUBE_NETWORK_CALICO}/manifests/calico.yaml
 
 .PHONY: update-hashes
 update-hashes:

pkg/cri-containerd/Dockerfile

@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 RUN \
   apk add \

pkg/eudev/Dockerfile

@@ -0,0 +1,22 @@
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS mirror
+
+RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
+
+RUN apk add --no-cache --initdb -p /out \
+    alpine-baselayout \
+    busybox \
+    ca-certificates \
+    tini \
+    eudev \
+    && true
+
+# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
+RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
+
+FROM scratch
+WORKDIR /
+ENTRYPOINT []
+COPY --from=mirror /out /
+COPY etc/ /etc/
+COPY usr/ /usr/
+CMD ["/sbin/tini", "/usr/bin/udevd.sh"]

pkg/eudev/build.yml

@@ -0,0 +1,22 @@
+org: linuxkit
+image: eudev
+network: true
+arches:
+  - amd64
+config:
+  binds:
+  - /dev:/dev
+  - /run:/run:rshared,rbind
+  - /var:/var:rshared,rbind
+  capabilities:
+  - all
+  rootfsPropagation: shared
+  pid: host
+  runtime:
+    mkdir:
+    - /run/udev
+    mounts:
+    - type: bind
+      source: /run/udev
+      destination: /run/udev
+      options: ["rw","bind"]

pkg/eudev/etc/udev/udev.conf

@@ -0,0 +1,3 @@
+# see udev.conf(5) for details
+
+udev_log="info"

pkg/eudev/usr/bin/udevd.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+udevadm hwdb --update
+exec /sbin/udevd

pkg/kube-e2e-test/Dockerfile

@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 # When changing kubernetes_version remember to also update:
 # - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level

pkg/kubelet/Dockerfile

@@ -1,11 +1,11 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 # When changing kubernetes_version remember to also update:
 # - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level
 # - pkg/e2e-test/Dockerfile
-ENV kubernetes_version v1.10.3
-ENV cni_version        v0.7.1
-ENV critools_version   v1.0.0-alpha.0
+ENV kubernetes_version v1.14.4
+ENV cni_version        v0.8.1
+ENV critools_version   v1.15.0
 
 RUN apk add -U --no-cache \
   bash \
@@ -19,6 +19,7 @@ RUN apk add -U --no-cache \
   linux-headers \
   make \
   rsync \
+  py-prettytable \
   && true
 
 ENV GOPATH=/go PATH=$PATH:/go/bin
@@ -54,7 +55,7 @@ RUN set -e;  \
         git fetch origin "CNI_BRANCH"; \
     fi; \
     git checkout -q $CNI_COMMIT
-RUN ./build.sh
+RUN ./build_linux.sh
 
 ### critools
 
@@ -94,6 +95,12 @@ RUN apk add --no-cache --initdb -p /out \
     socat \
     util-linux \
     nfs-utils \
+    ceph-common \
+    rbd-nbd \
+    py-prettytable \
+    e2fsprogs \
+    xfsprogs \
+    btrfs-progs \
     && true
 
 RUN cp $GOPATH/src/github.com/kubernetes/kubernetes/_output/bin/kubelet /out/usr/bin/kubelet
@@ -116,4 +123,5 @@ FROM scratch
 WORKDIR /
 ENTRYPOINT ["/usr/bin/kubelet.sh"]
 COPY --from=build /out /
+COPY --from=docker:18.03.0-ce /usr/local/bin/docker /usr/local/bin/docker
 ENV KUBECONFIG "/etc/kubernetes/admin.conf"

pkg/kubelet/build.yml

@@ -36,6 +36,7 @@ config:
     - /var/lib/cni/bin
     - /var/lib/kubelet-plugins
     - /var/lib/nfs/statd/sm
+    - /run/udev
     mounts:
     - type: bind
       source: /var/lib/cni/bin
@@ -45,3 +46,7 @@ config:
       source: /var/lib/cni/conf
       destination: /etc/cni/net.d
       options: ["rw","bind"]
+    - type: bind
+      source: /run/udev
+      destination: /run/udev
+      options: ["rw","bind"]

pkg/kubelet/kubelet.sh

@@ -2,6 +2,10 @@
 # Kubelet outputs only to stderr, so arrange for everything we do to go there too
 exec 1>&2
 
+# Need to remount the CNI plugins mount, because it's noexec when no disk
+# is present in the host (tmpfs)
+mount -o remount,exec /opt/cni/bin
+
 if [ -e /etc/kubelet.sh.conf ] ; then
     . /etc/kubelet.sh.conf
 fi
@@ -79,7 +83,18 @@ else
         "enforceNodeAllocatable": [],
         "kubeReservedCgroup": "podruntime",
         "systemReservedCgroup": "systemreserved",
-        "cgroupRoot": "kubepods"
+        "cgroupRoot": "kubepods",
+        "authentication": {
+            "x509": {
+                "clientCAFile": "/etc/kubernetes/pki/ca.crt"
+            },
+            "anonymous": {
+                "enabled": true
+            }
+        },
+        "authorization": {
+            "mode": "AlwaysAllow"
+        }
     }
 EOF
 fi
@@ -98,9 +113,7 @@ exec kubelet \
           --config=/run/config/kubelet-config.json \
           --kubeconfig=/etc/kubernetes/kubelet.conf \
           --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-          --allow-privileged=true \
           --network-plugin=cni \
           --cni-conf-dir=/etc/cni/net.d \
           --cni-bin-dir=/opt/cni/bin \
-          --cadvisor-port=0 \
           $KUBELET_ARGS $@

pkg/kubernetes-docker-image-cache-common/Dockerfile

@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out \
@@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
 FROM scratch
 WORKDIR /
 COPY --from=build /out /
-COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker
+COPY --from=docker:18.03.0-ce /usr/local/bin/docker /usr/local/bin/docker
 COPY dl/*.tar /images/
 ENTRYPOINT [ "/bin/sh", "-c" ]
-CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
+CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]

pkg/kubernetes-docker-image-cache-common/images.lst

@@ -1,7 +1,5 @@
 # autogenerated by:
 #    ./scripts/mk-image-cache-lst common
-gcr.io/google_containers/kube-proxy-amd64:v1.10.3@sha256:568df575bb2e630abfd4a4754a23a8af7b13c3f4a526796af01021eda3ff7a30
-gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.8@sha256:23df717980b4aa08d2da6c4cfa327f1b730d92ec9cf740959d2d5911830d82fb
-gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.8@sha256:6d8e0da4fb46e9ea2034a3f4cab0e095618a2ead78720c12e791342738e5f85d
-gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8@sha256:93c827f018cf3322f1ff2aa80324a0306048b0a69bc274e423071fb0d2d29d8b
-gcr.io/google_containers/pause-amd64:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610
+gcr.io/google_containers/kube-proxy:v1.14.4@sha256:a8d90a206f775e09927af8567b076d7a14caa1a451be16b1cf1933a972e8aad4
+gcr.io/google_containers/coredns:1.3.1@sha256:02382353821b12c21b062c59184e227e001079bb13ebd01f9d3270ba0fcbf1e4
+gcr.io/google_containers/pause:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610

pkg/kubernetes-docker-image-cache-control-plane/Dockerfile

@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out \
@@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
 FROM scratch
 WORKDIR /
 COPY --from=build /out /
-COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker
+COPY --from=docker:18.03.0-ce /usr/local/bin/docker /usr/local/bin/docker
 COPY dl/*.tar /images/
 ENTRYPOINT [ "/bin/sh", "-c" ]
-CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
+CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]

pkg/kubernetes-docker-image-cache-control-plane/images.lst

@@ -1,6 +1,7 @@
 # autogenerated by:
 #    ./scripts/mk-image-cache-lst control-plane
-gcr.io/google_containers/kube-apiserver-amd64:v1.10.3@sha256:a6c4b6b2429d0a15d30a546226e01b1164118e022ad40f3ece2f95126f1580f5
-gcr.io/google_containers/kube-controller-manager-amd64:v1.10.3@sha256:98a3a7dc4c6c60dbeb0273302d697edaa89bd10fceed87ad5144c0b0acc5cced
-gcr.io/google_containers/kube-scheduler-amd64:v1.10.3@sha256:4770e1f1eef2229138e45a2b813c927e971da9c40256a7e2321ccf825af56916
-gcr.io/google_containers/etcd-amd64:3.1.12@sha256:68235934469f3bc58917bcf7018bf0d3b72129e6303b0bef28186d96b2259317
+gcr.io/google_containers/kube-apiserver:v1.14.4@sha256:be78c5871964d5f7a6716670a3e40fc0815e8a7391b31a60d261b8d40e663e34
+gcr.io/google_containers/kube-proxy:v1.14.4@sha256:a8d90a206f775e09927af8567b076d7a14caa1a451be16b1cf1933a972e8aad4
+gcr.io/google_containers/kube-controller-manager:v1.14.4@sha256:8c990c920d141979a35d3da73dac38415ba5946ecff48bdf1a4455271090ffaf
+gcr.io/google_containers/kube-scheduler:v1.14.4@sha256:5463ae2574811dc07f8c8bf70b8ebce8c021e630d5f176ad0d0bfeebea504d8b
+gcr.io/google_containers/etcd:3.3.10-1@sha256:02cd751eef4f7dcea7986e58d51903dab39baf4606f636b50891f30190abce2c

scripts/mk-image-cache-lst

@@ -3,23 +3,21 @@ repo=gcr.io/google_containers
 # When changing kubernetes_version remember to also update:
 # - pkg/kubelet/Dockerfile
 # - pkg/e2e-test/Dockerfile
-kubernetes_version=v1.10.3
-kube_dns_version=1.14.8
+kubernetes_version=v1.14.4
+coredns_version=1.3.1
 pause_version=3.1
-etcd_version=3.1.12
+etcd_version=3.3.10-1
 
 common="
-	kube-proxy-amd64:$kubernetes_version
-	k8s-dns-sidecar-amd64:$kube_dns_version
-	k8s-dns-kube-dns-amd64:$kube_dns_version
-	k8s-dns-dnsmasq-nanny-amd64:$kube_dns_version
-	pause-amd64:$pause_version"
+	kube-proxy:$kubernetes_version
+	coredns:$coredns_version
+	pause:$pause_version"
 
 control="
-	kube-apiserver-amd64:$kubernetes_version
-	kube-controller-manager-amd64:$kubernetes_version
-	kube-scheduler-amd64:$kubernetes_version
-	etcd-amd64:$etcd_version"
+	kube-apiserver:$kubernetes_version
+	kube-controller-manager:$kubernetes_version
+	kube-scheduler:$kubernetes_version
+	etcd:$etcd_version"
 
 oi() {
 	local i="$1"

yml/calico.yml

@@ -0,0 +1,3 @@
+files:
+  - path: /etc/kubeadm/kube-system.init/50-calico.yaml
+    source: kube-calico.yaml

yml/docker-master.yml

@@ -1,4 +1,4 @@
 services:
   - name: kubernetes-docker-image-cache-control-plane
-    image: linuxkit/kubernetes-docker-image-cache-control-plane:698faae3de953d7fc0f009360bcfce98497afe76
+    image: linuxkit/kubernetes-docker-image-cache-control-plane:698faae3de953d7fc0f009360bcfce98497afe76-dirty
     cgroupsPath: podruntime/control-cache

yml/docker.yml

@@ -26,7 +26,7 @@ services:
       mkdir: ["/var/lib/kubeadm", "/var/lib/cni/conf", "/var/lib/cni/bin", "/var/lib/kubelet-plugins"]
     cgroupsPath: podruntime/docker
   - name: kubernetes-docker-image-cache-common
-    image: linuxkit/kubernetes-docker-image-cache-common:2da947148638cbbef869215cdb0e572c0402833c
+    image: linuxkit/kubernetes-docker-image-cache-common:2da947148638cbbef869215cdb0e572c0402833c-dirty
     cgroupsPath: podruntime/common-cache
 files:
   - path: /etc/kubelet.sh.conf