From: "Joakim Roubert" <joakim.roubert@axis.com>
To: <meta-virtualization@lists.yoctoproject.org>
Subject: Re: [meta-virtualization][PATCH] Adding k3s recipe
Date: Mon, 28 Sep 2020 15:48:58 +0200 [thread overview]
Message-ID: <c381ef59-ef51-840e-626e-ddb3e5706757@axis.com> (raw)
In-Reply-To: <16380B0CA000AB98.28124@lists.yoctoproject.org>
Signed-off-by: Joakim Roubert <joakimr@axis.com>
---
recipes-containers/k3s/README.md | 26 +++++
...01-Finding-host-local-in-usr-libexec.patch | 27 +++++
.../k3s/k3s/cni-containerd-net.conf | 24 +++++
recipes-containers/k3s/k3s/k3s-agent | 100 ++++++++++++++++++
recipes-containers/k3s/k3s/k3s-agent.service | 26 +++++
recipes-containers/k3s/k3s/k3s-clean | 25 +++++
recipes-containers/k3s/k3s/k3s.service | 27 +++++
recipes-containers/k3s/k3s_git.bb | 75 +++++++++++++
8 files changed, 330 insertions(+)
create mode 100644 recipes-containers/k3s/README.md
create mode 100644
recipes-containers/k3s/k3s/0001-Finding-host-local-in-usr-libexec.patch
create mode 100644 recipes-containers/k3s/k3s/cni-containerd-net.conf
create mode 100755 recipes-containers/k3s/k3s/k3s-agent
create mode 100644 recipes-containers/k3s/k3s/k3s-agent.service
create mode 100755 recipes-containers/k3s/k3s/k3s-clean
create mode 100644 recipes-containers/k3s/k3s/k3s.service
create mode 100644 recipes-containers/k3s/k3s_git.bb
diff --git a/recipes-containers/k3s/README.md
b/recipes-containers/k3s/README.md
new file mode 100644
index 0000000..8a0a994
--- /dev/null
+++ b/recipes-containers/k3s/README.md
@@ -0,0 +1,26 @@
+# k3s: Lightweight Kubernetes
+
+Rancher's [k3s](https://k3s.io/), available under
+[Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0), provides
+lightweight Kubernetes suitable for small/edge devices. There are use cases
+where the
+[installation procedures provided by
Rancher](https://rancher.com/docs/k3s/latest/en/installation/)
+are not ideal but a bitbake-built version is what is needed. And only a few
+mods to the [k3s source code](https://github.com/rancher/k3s) is needed to
+accomplish that.
+
+## CNI
+By default, K3s will run with flannel as the CNI, using VXLAN as the
default
+backend. It is both possible to change the flannel backend and to
change from
+flannel to another CNI.
+
+Please see
https://rancher.com/docs/k3s/latest/en/installation/network-options/
+for further k3s networking details.
+
+## Configure and run a k3s agent
+The convenience script `k3s-agent` can be used to set up a k3s agent
(service):
+
+ k3s-agent -t <token> -s https://<master>:6443
+
+(Here `<token>` is found in `/var/lib/rancher/k3s/server/node-token` at the
+k3s master.)
diff --git
a/recipes-containers/k3s/k3s/0001-Finding-host-local-in-usr-libexec.patch
b/recipes-containers/k3s/k3s/0001-Finding-host-local-in-usr-libexec.patch
new file mode 100644
index 0000000..8205d73
--- /dev/null
+++
b/recipes-containers/k3s/k3s/0001-Finding-host-local-in-usr-libexec.patch
@@ -0,0 +1,27 @@
+From 4faf68d68c97cfd10947e1152f711acc59f39647 Mon Sep 17 00:00:00 2001
+From: Erik Jansson <erikja@axis.com>
+Date: Wed, 16 Oct 2019 15:07:48 +0200
+Subject: [PATCH] Finding host-local in /usr/libexec
+
+Upstream-status: Inappropriate [embedded specific]
+Signed-off-by: <erikja@axis.com>
+---
+ pkg/agent/config/config.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go
+index b4296f360a..6af9dab895 100644
+--- a/pkg/agent/config/config.go
++++ b/pkg/agent/config/config.go
+@@ -308,7 +308,7 @@ func get(envInfo *cmds.Agent) (*config.Node, error) {
+ return nil, err
+ }
+
+- hostLocal, err := exec.LookPath("host-local")
++ hostLocal, err := exec.LookPath("/usr/libexec/cni/host-local")
+ if err != nil {
+ return nil, errors.Wrapf(err, "failed to find host-local")
+ }
+--
+2.11.0
+
diff --git a/recipes-containers/k3s/k3s/cni-containerd-net.conf
b/recipes-containers/k3s/k3s/cni-containerd-net.conf
new file mode 100644
index 0000000..ca434d6
--- /dev/null
+++ b/recipes-containers/k3s/k3s/cni-containerd-net.conf
@@ -0,0 +1,24 @@
+{
+ "cniVersion": "0.4.0",
+ "name": "containerd-net",
+ "plugins": [
+ {
+ "type": "bridge",
+ "bridge": "cni0",
+ "isGateway": true,
+ "ipMasq": true,
+ "promiscMode": true,
+ "ipam": {
+ "type": "host-local",
+ "subnet": "10.88.0.0/16",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ]
+ }
+ },
+ {
+ "type": "portmap",
+ "capabilities": {"portMappings": true}
+ }
+ ]
+}
diff --git a/recipes-containers/k3s/k3s/k3s-agent
b/recipes-containers/k3s/k3s/k3s-agent
new file mode 100755
index 0000000..1bb4c78
--- /dev/null
+++ b/recipes-containers/k3s/k3s/k3s-agent
@@ -0,0 +1,100 @@
+#!/bin/sh -eu
+# SPDX-License-Identifier: Apache-2.0
+
+ENV_CONF=/etc/systemd/system/k3s-agent.service.d/10-env.conf
+
+usage() {
+ echo "
+USAGE:
+ ${0##*/} [OPTIONS]
+OPTIONS:
+ --token value, -t value Token to use for authentication
[\$K3S_TOKEN]
+ --token-file value Token file to use for
authentication [\$K3S_TOKEN_FILE]
+ --server value, -s value Server to connect to [\$K3S_URL]
+ --node-name value Node name [\$K3S_NODE_NAME]
+ --resolv-conf value Kubelet resolv.conf file
[\$K3S_RESOLV_CONF]
+ --cluster-secret value Shared secret used to bootstrap
a cluster [\$K3S_CLUSTER_SECRET]
+ -h print this
+"
+}
+
+[ $# -gt 0 ] || {
+ usage
+ exit
+}
+
+case $1 in
+ -*)
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
+esac
+
+rm -f $ENV_CONF
+mkdir -p ${ENV_CONF%/*}
+echo [Service] > $ENV_CONF
+
+while getopts "t:s:-:h" opt; do
+ case $opt in
+ h)
+ usage
+ exit
+ ;;
+ t)
+ VAR_NAME=K3S_TOKEN
+ ;;
+ s)
+ VAR_NAME=K3S_URL
+ ;;
+ -)
+ [ $# -ge $OPTIND ] || {
+ usage
+ exit 1
+ }
+ opt=$OPTARG
+ eval OPTARG='$'$OPTIND
+ OPTIND=$(($OPTIND + 1))
+ case $opt in
+ token)
+ VAR_NAME=K3S_TOKEN
+ ;;
+ token-file)
+ VAR_NAME=K3S_TOKEN_FILE
+ ;;
+ server)
+ VAR_NAME=K3S_URL
+ ;;
+ node-name)
+ VAR_NAME=K3S_NODE_NAME
+ ;;
+ resolv-conf)
+ VAR_NAME=K3S_RESOLV_CONF
+ ;;
+ cluster-secret)
+ VAR_NAME=K3S_CLUSTER_SECRET
+ ;;
+ help)
+ usage
+ exit
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
+ esac
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
+ esac
+ echo Environment=$VAR_NAME=$OPTARG >> $ENV_CONF
+done
+
+chmod 0644 $ENV_CONF
+rm -rf /var/lib/rancher/k3s/agent
+systemctl daemon-reload
+systemctl restart k3s-agent
+systemctl enable k3s-agent.service
diff --git a/recipes-containers/k3s/k3s/k3s-agent.service
b/recipes-containers/k3s/k3s/k3s-agent.service
new file mode 100644
index 0000000..9f9016d
--- /dev/null
+++ b/recipes-containers/k3s/k3s/k3s-agent.service
@@ -0,0 +1,26 @@
+# Derived from the k3s install.sh's create_systemd_service_file() function
+[Unit]
+Description=Lightweight Kubernetes Agent
+Documentation=https://k3s.io
+Requires=containerd.service
+After=containerd.service
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=notify
+KillMode=control-group
+Delegate=yes
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+TimeoutStartSec=0
+Restart=always
+RestartSec=5s
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/local/bin/k3s agent
+ExecStopPost=/usr/local/bin/k3s-clean
+
diff --git a/recipes-containers/k3s/k3s/k3s-clean
b/recipes-containers/k3s/k3s/k3s-clean
new file mode 100755
index 0000000..8eff829
--- /dev/null
+++ b/recipes-containers/k3s/k3s/k3s-clean
@@ -0,0 +1,25 @@
+#!/bin/sh -eu
+# SPDX-License-Identifier: Apache-2.0
+do_unmount() {
+ [ $# -eq 2 ] || return
+ local mounts=
+ while read ignore mount ignore; do
+ case $mount in
+ $1/*|$2/*)
+ mounts="$mount $mounts"
+ ;;
+ esac
+ done </proc/self/mounts
+ [ -z "$mounts" ] || umount $mounts
+}
+
+do_unmount /run/k3s /var/lib/rancher/k3s
+
+ip link show | grep 'master cni0' | while read ignore iface ignore; do
+ iface=${iface%%@*}
+ [ -z "$iface" ] || ip link delete $iface
+done
+
+ip link delete cni0
+ip link delete flannel.1
+rm -rf /var/lib/cni/
diff --git a/recipes-containers/k3s/k3s/k3s.service
b/recipes-containers/k3s/k3s/k3s.service
new file mode 100644
index 0000000..34c7a80
--- /dev/null
+++ b/recipes-containers/k3s/k3s/k3s.service
@@ -0,0 +1,27 @@
+# Derived from the k3s install.sh's create_systemd_service_file() function
+[Unit]
+Description=Lightweight Kubernetes
+Documentation=https://k3s.io
+Requires=containerd.service
+After=containerd.service
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=notify
+KillMode=process
+Delegate=yes
+# Having non-zero Limit*s causes performance problems due to accounting
overhead
+# in the kernel. We recommend using cgroups to do container-local
accounting.
+LimitNOFILE=1048576
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+TimeoutStartSec=0
+Restart=always
+RestartSec=5s
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/local/bin/k3s server
+
diff --git a/recipes-containers/k3s/k3s_git.bb
b/recipes-containers/k3s/k3s_git.bb
new file mode 100644
index 0000000..cfc2c64
--- /dev/null
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -0,0 +1,75 @@
+SUMMARY = "Production-Grade Container Scheduling and Management"
+DESCRIPTION = "Lightweight Kubernetes, intended to be a fully compliant
Kubernetes."
+HOMEPAGE = "https://k3s.io/"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM =
"file://${S}/src/import/LICENSE;md5=2ee41112a44fe7014dce33e26468ba93"
+PV = "v1.18.9+k3s1-dirty"
+
+SRC_URI = "git://github.com/rancher/k3s.git;branch=release-1.18;name=k3s \
+ file://k3s.service \
+ file://k3s-agent.service \
+ file://k3s-agent \
+ file://k3s-clean \
+ file://cni-containerd-net.conf \
+
file://0001-Finding-host-local-in-usr-libexec.patch;patchdir=src/import \
+ "
+SRC_URI[k3s.md5sum] = "363d3a08dc0b72ba6e6577964f6e94a5"
+SRCREV_k3s = "630bebf94b9dce6b8cd3d402644ed023b3af8f90"
+
+inherit go
+inherit goarch
+inherit systemd
+
+PACKAGECONFIG = ""
+PACKAGECONFIG[upx] = ",,upx-native"
+GO_IMPORT = "import"
+GO_BUILD_LDFLAGS = "-X github.com/rancher/k3s/pkg/version.Version=${PV} \
+ -X
github.com/rancher/k3s/pkg/version.GitCommit=${@d.getVar('SRCREV_k3s',
d, 1)[:8]} \
+ -w -s \
+ "
+BIN_PREFIX ?= "${exec_prefix}/local"
+
+do_compile() {
+ export
GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
+ export CGO_ENABLED="1"
+ export GOFLAGS="-mod=vendor"
+ cd ${S}/src/import
+ ${GO} build -tags providerless -ldflags "${GO_BUILD_LDFLAGS}"
-o ./dist/artifacts/k3s ./cmd/server/main.go
+ # Use UPX if it is enabled (and thus exists) to compress binary
+ if command -v upx > /dev/null 2>&1; then
+ upx -9 ./dist/artifacts/k3s
+ fi
+}
+do_install() {
+ install -d "${D}${BIN_PREFIX}/bin"
+ install -m 755 "${S}/src/import/dist/artifacts/k3s"
"${D}${BIN_PREFIX}/bin"
+ ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/crictl"
+ ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/ctr"
+ ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/kubectl"
+ install -m 755 "${WORKDIR}/k3s-clean" "${D}${BIN_PREFIX}/bin"
+ install -D -m 0644 "${WORKDIR}/cni-containerd-net.conf"
"${D}/${sysconfdir}/cni/net.d/10-containerd-net.conf"
+ if
${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -D -m 0644 "${WORKDIR}/k3s.service"
"${D}${systemd_system_unitdir}/k3s.service"
+ install -D -m 0644 "${WORKDIR}/k3s-agent.service"
"${D}${systemd_system_unitdir}/k3s-agent.service"
+ sed -i
"s#\(Exec\)\(.*\)=\(.*\)\(k3s\)#\1\2=${BIN_PREFIX}/bin/\4#g"
"${D}${systemd_system_unitdir}/k3s.service"
"${D}${systemd_system_unitdir}/k3s-agent.service"
+ install -m 755 "${WORKDIR}/k3s-agent"
"${D}${BIN_PREFIX}/bin"
+ fi
+}
+
+PACKAGES =+ "${PN}-server ${PN}-agent"
+
+SYSTEMD_PACKAGES =
"${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}-server
${PN}-agent','',d)}"
+SYSTEMD_SERVICE_${PN}-server =
"${@bb.utils.contains('DISTRO_FEATURES','systemd','k3s.service','',d)}"
+SYSTEMD_SERVICE_${PN}-agent =
"${@bb.utils.contains('DISTRO_FEATURES','systemd','k3s-agent.service','',d)}"
+SYSTEMD_AUTO_ENABLE_${PN}-agent = "disable"
+
+FILES_${PN}-agent = "${BIN_PREFIX}/bin/k3s-agent"
+
+RDEPENDS_${PN} = "cni conntrack-tools coreutils findutils iproute2
ipset virtual/containerd"
+RDEPENDS_${PN}-server = "${PN}"
+RDEPENDS_${PN}-agent = "${PN}"
+
+RCONFLICTS_${PN} = "kubectl"
+
+INHIBIT_PACKAGE_STRIP = "1"
+INSANE_SKIP_${PN} += "ldflags already-stripped"
--
2.20.1
next prev parent reply other threads:[~2020-09-28 13:49 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200821205529.29901-1-erik.jansson@axis.com>
2020-09-21 8:38 ` [meta-virtualization][PATCH] Adding k3s recipe Joakim Roubert
2020-09-21 11:11 ` Bruce Ashfield
2020-09-21 13:15 ` Joakim Roubert
2020-09-24 14:02 ` Bruce Ashfield
2020-09-24 14:46 ` Joakim Roubert
2020-09-24 15:41 ` Bruce Ashfield
2020-09-25 6:20 ` Joakim Roubert
2020-09-25 13:12 ` Bruce Ashfield
2020-09-25 13:50 ` Joakim Roubert
[not found] ` <16380B0CA000AB98.28124@lists.yoctoproject.org>
2020-09-28 13:48 ` Joakim Roubert [this message]
2020-09-29 19:58 ` Bruce Ashfield
2020-09-30 8:12 ` Joakim Roubert
[not found] ` <1639818C3E50A226.8589@lists.yoctoproject.org>
2020-09-30 8:14 ` Joakim Roubert
2020-10-01 10:32 ` Joakim Roubert
[not found] ` <1639D7B9311FC65C.18704@lists.yoctoproject.org>
2020-10-01 10:32 ` Joakim Roubert
2020-10-14 16:38 ` Bruce Ashfield
2020-10-15 11:40 ` Joakim Roubert
2020-10-15 11:47 ` [meta-virtualization][PATCH v4] " Joakim Roubert
2020-10-15 15:02 ` Bruce Ashfield
2020-10-20 11:14 ` [meta-virtualization][PATCH v5] " Joakim Roubert
2020-10-21 3:10 ` Bruce Ashfield
2020-10-21 6:00 ` Joakim Roubert
2020-10-26 15:46 ` Bruce Ashfield
2020-10-28 8:32 ` Joakim Roubert
2020-11-06 21:20 ` Bruce Ashfield
2020-11-09 7:48 ` Joakim Roubert
2020-11-09 9:26 ` Lance.Yang
2020-11-09 13:45 ` Bruce Ashfield
2020-11-10 8:45 ` Lance Yang
2020-11-09 13:44 ` Bruce Ashfield
2020-11-10 6:43 ` Lance Yang
2020-11-10 12:46 ` Bruce Ashfield
[not found] ` <16462648E2B320A8.24110@lists.yoctoproject.org>
2020-11-10 13:17 ` Bruce Ashfield
2020-11-12 7:30 ` Lance Yang
2020-11-12 13:38 ` Bruce Ashfield
2020-11-12 14:26 ` [meta-virtualization][PATCH] k3s: Update README.md Joakim Roubert
2020-11-17 12:39 ` [meta-virtualization][PATCH] k3s: Bump to v1.19.3+k3s3 Joakim Roubert
2020-11-17 13:27 ` Bruce Ashfield
2020-11-17 13:31 ` Joakim Roubert
2020-11-17 13:40 ` Bruce Ashfield
2020-11-17 13:50 ` Joakim Roubert
2020-11-17 14:15 ` Bruce Ashfield
[not found] ` <16485135E3A12798.28066@lists.yoctoproject.org>
2020-11-17 14:19 ` Bruce Ashfield
2020-11-17 14:27 ` Joakim Roubert
2020-11-17 14:41 ` Bruce Ashfield
[not found] ` <1648529A6FD37D30.5807@lists.yoctoproject.org>
2020-11-17 19:39 ` Bruce Ashfield
2020-11-18 18:27 ` Joakim Roubert
2020-11-18 20:38 ` Bruce Ashfield
2020-12-11 6:31 ` Lance Yang
2020-12-11 13:43 ` Bruce Ashfield
2020-12-15 9:56 ` Lance Yang
2020-12-15 18:58 ` Bruce Ashfield
2020-12-18 14:23 ` Joakim Roubert
2020-12-22 16:15 ` Bruce Ashfield
2021-01-04 7:12 ` Joakim Roubert
2021-01-04 13:40 ` Bruce Ashfield
[not found] ` <16570B29E8680DE8.14857@lists.yoctoproject.org>
2021-01-05 13:58 ` Bruce Ashfield
[not found] ` <16484BFA14ED0B17.5807@lists.yoctoproject.org>
2020-11-17 13:05 ` Joakim Roubert
2020-11-12 13:43 ` [meta-virtualization][PATCH v5] Adding k3s recipe Joakim Roubert
2020-11-13 5:48 ` Lance Yang
2020-11-13 6:20 ` Bruce Ashfield
2020-11-12 13:40 ` Joakim Roubert
[not found] ` <164627F27D18DB55.10479@lists.yoctoproject.org>
2020-11-10 13:34 ` Bruce Ashfield
2020-11-11 10:06 ` Lance Yang
2020-11-11 13:40 ` Bruce Ashfield
2020-11-12 7:04 ` Lance Yang
2020-11-12 13:40 ` Bruce Ashfield
2020-11-12 14:07 ` Lance Yang
2020-11-17 14:13 ` Joakim Roubert
2021-03-13 19:30 ` Bruce Ashfield
2021-03-14 4:32 ` Yocto
2021-03-15 9:46 ` Joakim Roubert
2020-10-13 12:22 ` [meta-virtualization][PATCH] " Bruce Ashfield
2020-08-21 20:59 Erik Jansson
2020-08-21 21:11 ` Bruce Ashfield
2020-08-30 8:17 ` [PATCH] " Robert Berger
2020-08-30 15:40 ` [meta-virtualization] " Bruce Ashfield
2020-09-02 5:51 ` Joakim Roubert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c381ef59-ef51-840e-626e-ddb3e5706757@axis.com \
--to=joakim.roubert@axis.com \
--cc=meta-virtualization@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.