plugins/scheduler-k3s/scheduler_k3s.go

package scheduler_k3s

import (
	"embed"
	"sync"

	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
	traefikv1alpha1 "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikio/v1alpha1"
	appsv1 "k8s.io/api/apps/v1"
	batchv1 "k8s.io/api/batch/v1"
	corev1 "k8s.io/api/core/v1"
	"k8s.io/apimachinery/pkg/runtime"
	"k8s.io/apimachinery/pkg/runtime/serializer"
	kjson "k8s.io/apimachinery/pkg/runtime/serializer/json"
)

var (
	// DefaultProperties is a map of all valid k3s properties with corresponding default property values
	DefaultProperties = map[string]string{
		"deploy-timeout":      "",
		"letsencrypt-server":  "",
		"image-pull-secrets":  "",
		"namespace":           "",
		"rollback-on-failure": "",
	}

	// GlobalProperties is a map of all valid global k3s properties
	GlobalProperties = map[string]bool{
		"deploy-timeout":         true,
		"image-pull-secrets":     true,
		"letsencrypt-server":     true,
		"letsencrypt-email-prod": true,
		"letsencrypt-email-stag": true,
		"namespace":              true,
		"network-interface":      true,
		"proxy":                  true,
		"rollback-on-failure":    true,
		"token":                  true,
	}
)

const KubeConfigPath = "/etc/rancher/k3s/k3s.yaml"

const RegistryConfigPath = "/etc/rancher/k3s/registries.yaml"

const GlobalProcessType = "--global"

var (
	runtimeScheme  = runtime.NewScheme()
	codecs         = serializer.NewCodecFactory(runtimeScheme)
	deserializer   = codecs.UniversalDeserializer()
	jsonSerializer = kjson.NewSerializerWithOptions(kjson.DefaultMetaFactory, runtimeScheme, runtimeScheme, kjson.SerializerOptions{})
)

var k8sNativeSchemeOnce sync.Once

type Manifest struct {
	Name    string
	Version string
	Path    string
}

var KubernetesManifests = []Manifest{
	{
		Name:    "system-upgrader",
		Version: "0.13.2",
		Path:    "https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/system-upgrade-controller.yaml",
	},
}

type HelmChart struct {
	ChartPath       string
	CreateNamespace bool
	Namespace       string
	Path            string
	ReleaseName     string
	RepoURL         string
	Version         string
}

var HelmCharts = []HelmChart{
	{
		ChartPath:       "cert-manager",
		CreateNamespace: true,
		Namespace:       "cert-manager",
		ReleaseName:     "cert-manager",
		RepoURL:         "https://charts.jetstack.io",
		Version:         "v1.13.3",
	},
	{
		ChartPath:       "longhorn",
		CreateNamespace: true,
		Namespace:       "longhorn-system",
		ReleaseName:     "longhorn",
		RepoURL:         "https://charts.longhorn.io",
		Version:         "1.5.3",
	},
	{
		ChartPath:       "traefik",
		CreateNamespace: true,
		Namespace:       "traefik",
		ReleaseName:     "traefik",
		RepoURL:         "https://helm.traefik.io/traefik",
		Version:         "26.0.0",
	},
	{
		ChartPath:       "ingress-nginx",
		CreateNamespace: true,
		Namespace:       "ingress-nginx",
		ReleaseName:     "ingress-nginx",
		RepoURL:         "https://kubernetes.github.io/ingress-nginx",
		Version:         "4.7.5",
	},
}

type HelmRepository struct {
	Name string
	URL  string
}

var HelmRepositories = []HelmRepository{
	{
		Name: "jetstack",
		URL:  "https://charts.jetstack.io",
	},
	{
		Name: "longhorn",
		URL:  "https://charts.longhorn.io",
	},
	{
		Name: "traefik",
		URL:  "https://helm.traefik.io/traefik",
	},
}

var ServerLabels = map[string]string{
	"svccontroller.k3s.cattle.io/enablelb": "true",
}

var WorkerLabels = map[string]string{
	"node-role.kubernetes.io/role": "worker",
}

//go:embed templates/*
var templates embed.FS

func init() {
	k8sNativeSchemeOnce.Do(func() {
		_ = appsv1.AddToScheme(runtimeScheme)
		_ = batchv1.AddToScheme(runtimeScheme)
		_ = certmanagerv1.AddToScheme(runtimeScheme)
		_ = corev1.AddToScheme(runtimeScheme)
		_ = traefikv1alpha1.AddToScheme(runtimeScheme)
	})
}
feat: create skeleton of k3s plugin 2023-12-19 00:17:56 -05:00			`package scheduler_k3s`

feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`import (`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`"embed"`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`"sync"`

feat: create tls certificate if tls is enabled and the app has domains 2024-01-22 07:18:20 -05:00			`certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`traefikv1alpha1 "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikio/v1alpha1"`
			`appsv1 "k8s.io/api/apps/v1"`
feat: implement run and run:detached This utilizes a Kubernetes Job to start a pod in order to take advantage of completed Job cleanup in Kubernetes. It also properly handles interactivity by ensuring the container has a TTY. Note that there is currently no provision for parsing docker arguments and translating them into their Kubernetes equivalents. 2024-01-18 05:28:07 -05:00			`batchv1 "k8s.io/api/batch/v1"`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`corev1 "k8s.io/api/core/v1"`
			`"k8s.io/apimachinery/pkg/runtime"`
			`"k8s.io/apimachinery/pkg/runtime/serializer"`
			`kjson "k8s.io/apimachinery/pkg/runtime/serializer/json"`
			`)`

feat: create skeleton of k3s plugin 2023-12-19 00:17:56 -05:00			`var (`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`// DefaultProperties is a map of all valid k3s properties with corresponding default property values`
			`DefaultProperties = map[string]string{`
feat: add support for global properties 2024-01-22 08:01:11 -05:00			`"deploy-timeout": "",`
			`"letsencrypt-server": "",`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`"image-pull-secrets": "",`
feat: add support for global properties 2024-01-22 08:01:11 -05:00			`"namespace": "",`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`"rollback-on-failure": "",`
			`}`
feat: create skeleton of k3s plugin 2023-12-19 00:17:56 -05:00
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`// GlobalProperties is a map of all valid global k3s properties`
feat: create skeleton of k3s plugin 2023-12-19 00:17:56 -05:00			`GlobalProperties = map[string]bool{`
feat: add support for global properties 2024-01-22 08:01:11 -05:00			`"deploy-timeout": true,`
			`"image-pull-secrets": true,`
fix: allow setting letsencrypt-server globally 2024-01-22 21:15:21 -05:00			`"letsencrypt-server": true,`
feat: add support for global properties 2024-01-22 08:01:11 -05:00			`"letsencrypt-email-prod": true,`
			`"letsencrypt-email-stag": true,`
			`"namespace": true,`
			`"network-interface": true,`
feat: add ability to install nginx instead of traefik 2024-01-30 10:20:12 -05:00			`"proxy": true,`
feat: add support for global properties 2024-01-22 08:01:11 -05:00			`"rollback-on-failure": true,`
			`"token": true,`
feat: create skeleton of k3s plugin 2023-12-19 00:17:56 -05:00			`}`
			`)`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00
			`const KubeConfigPath = "/etc/rancher/k3s/k3s.yaml"`

refactor: move registry path to const 2024-01-18 18:55:03 -05:00			`const RegistryConfigPath = "/etc/rancher/k3s/registries.yaml"`

feat: add support for specifying annotations As the command contains a colon, it must be handled in the commands binary as opposed to subcommands. Also include a simple bats test. 2024-02-06 05:16:20 -05:00			`const GlobalProcessType = "--global"`

feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`var (`
			`runtimeScheme = runtime.NewScheme()`
			`codecs = serializer.NewCodecFactory(runtimeScheme)`
			`deserializer = codecs.UniversalDeserializer()`
			`jsonSerializer = kjson.NewSerializerWithOptions(kjson.DefaultMetaFactory, runtimeScheme, runtimeScheme, kjson.SerializerOptions{})`
			`)`

			`var k8sNativeSchemeOnce sync.Once`

refactor: place all required manifests in a single location This will make it easier for us to apply the installs. 2024-01-22 01:25:01 -05:00			`type Manifest struct {`
			`Name string`
			`Version string`
			`Path string`
			`}`

fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`var KubernetesManifests = []Manifest{`
refactor: place all required manifests in a single location This will make it easier for us to apply the installs. 2024-01-22 01:25:01 -05:00			`{`
			`Name: "system-upgrader",`
			`Version: "0.13.2",`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`Path: "https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/system-upgrade-controller.yaml",`
refactor: place all required manifests in a single location This will make it easier for us to apply the installs. 2024-01-22 01:25:01 -05:00			`},`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`}`

			`type HelmChart struct {`
			`ChartPath string`
			`CreateNamespace bool`
feat: add ability to install nginx instead of traefik 2024-01-30 10:20:12 -05:00			`Namespace string`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`Path string`
feat: add ability to install nginx instead of traefik 2024-01-30 10:20:12 -05:00			`ReleaseName string`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`RepoURL string`
feat: add ability to install nginx instead of traefik 2024-01-30 10:20:12 -05:00			`Version string`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`}`

			`var HelmCharts = []HelmChart{`
feat: install cert-manager 2024-01-22 01:30:41 -05:00			`{`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`ChartPath: "cert-manager",`
			`CreateNamespace: true,`
			`Namespace: "cert-manager",`
			`ReleaseName: "cert-manager",`
			`RepoURL: "https://charts.jetstack.io",`
			`Version: "v1.13.3",`
			`},`
			`{`
			`ChartPath: "longhorn",`
			`CreateNamespace: true,`
			`Namespace: "longhorn-system",`
			`ReleaseName: "longhorn",`
			`RepoURL: "https://charts.longhorn.io",`
			`Version: "1.5.3",`
feat: install cert-manager 2024-01-22 01:30:41 -05:00			`},`
refactor: install traefik via helm chart directly to avoid issues where traefik silently fails installation 2024-01-24 03:58:39 -05:00			`{`
			`ChartPath: "traefik",`
			`CreateNamespace: true,`
			`Namespace: "traefik",`
			`ReleaseName: "traefik",`
			`RepoURL: "https://helm.traefik.io/traefik",`
			`Version: "26.0.0",`
			`},`
feat: add ability to install nginx instead of traefik 2024-01-30 10:20:12 -05:00			`{`
			`ChartPath: "ingress-nginx",`
			`CreateNamespace: true,`
			`Namespace: "ingress-nginx",`
			`ReleaseName: "ingress-nginx",`
			`RepoURL: "https://kubernetes.github.io/ingress-nginx",`
			`Version: "4.7.5",`
			`},`
refactor: place all required manifests in a single location This will make it easier for us to apply the installs. 2024-01-22 01:25:01 -05:00			`}`

fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`type HelmRepository struct {`
			`Name string`
			`URL string`
			`}`

			`var HelmRepositories = []HelmRepository{`
			`{`
			`Name: "jetstack",`
			`URL: "https://charts.jetstack.io",`
			`},`
			`{`
			`Name: "longhorn",`
			`URL: "https://charts.longhorn.io",`
			`},`
refactor: install traefik via helm chart directly to avoid issues where traefik silently fails installation 2024-01-24 03:58:39 -05:00			`{`
			`Name: "traefik",`
			`URL: "https://helm.traefik.io/traefik",`
			`},`
fix: ensure critical addons come up when the node is tainted Rather than taint on `node-role.kubernetes.io/master=true:NoSchedule`, we check for `CriticalAddonsOnly=true:NoSchedule` and taint on that. 2024-01-22 05:12:49 -05:00			`}`

			`var ServerLabels = map[string]string{`
			`"svccontroller.k3s.cattle.io/enablelb": "true",`
			`}`

			`var WorkerLabels = map[string]string{`
			`"node-role.kubernetes.io/role": "worker",`
			`}`

			`//go:embed templates/*`
			`var templates embed.FS`

feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`func init() {`
			`k8sNativeSchemeOnce.Do(func() {`
			`_ = appsv1.AddToScheme(runtimeScheme)`
feat: implement run and run:detached This utilizes a Kubernetes Job to start a pod in order to take advantage of completed Job cleanup in Kubernetes. It also properly handles interactivity by ensuring the container has a TTY. Note that there is currently no provision for parsing docker arguments and translating them into their Kubernetes equivalents. 2024-01-18 05:28:07 -05:00			`_ = batchv1.AddToScheme(runtimeScheme)`
feat: create tls certificate if tls is enabled and the app has domains 2024-01-22 07:18:20 -05:00			`_ = certmanagerv1.AddToScheme(runtimeScheme)`
feat: implement most of deployments The big feature missing from deployments today is healthchecks, which require extra parsing of the app.json format since the healthchecks there aren't immediately serializable to kubernetes deployment healthchecks. Other smaller missing functionality from the existing OSS kubernetes scheduler are: - The ability to set custom pod annotations - The ability to set custom deployment annotations - The ability to mount volumes Exposing these pieces of functionality will come at a later date, if at all. 2024-01-17 18:06:18 -05:00			`_ = corev1.AddToScheme(runtimeScheme)`
			`_ = traefikv1alpha1.AddToScheme(runtimeScheme)`
			`})`
			`}`