Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sync code with upstream #10

Merged
merged 78 commits into from
May 13, 2020
Merged

sync code with upstream #10

Show file tree
Hide file tree
Changes from 75 commits
Commits
Show all changes
78 commits
Select commit Hold shift + click to select a range
e4fe057
Moving log collector script to Amazon eks ami repo (#243)
nithu0115 Jun 25, 2019
400dd58
Update eks-log-collector.sh URL on readme
huribeir Jun 27, 2019
ca61cc2
remove kubectl dependency (#295)
M00nF1sh Jul 1, 2019
a40bd46
Added CHANGELOG for v20190701
micahhausler Jul 2, 2019
41f4dd9
Install ec2-instance-connect
wongma7 Jul 10, 2019
1f83c10
refactor packer variables
M00nF1sh Jul 15, 2019
8bbf269
Add c5.12xlarge and c5.24xlarge instances
Jun 20, 2019
f409acd
Add new m5 and r5 instances
Jun 30, 2019
ccae017
Fix t3a.small limit
Jul 25, 2019
2b9b501
add support for ap-east-1 region (#305)
M00nF1sh Jul 30, 2019
19ff806
2107 allow private ssh when building (#303)
houdinisparks Jul 31, 2019
0468404
change the amiName pattern to use minor version (#307)
M00nF1sh Jul 31, 2019
389f4ba
update S3_URL_BASE environment variable in install-worker.sh
blakeroberts-wk Aug 13, 2019
471c9e8
v20190814 release (#316)
M00nF1sh Aug 16, 2019
c4e03c1
Update list of instance types (#320)
Aug 23, 2019
5335ea8
add support for me-south-1 region (#322)
josselin-c Aug 27, 2019
c1ae2f3
Adding new directory and file for 1.14 and above by removing --allow-…
bhks Sep 5, 2019
b85ef2f
Add Change log for AMI Release v20190906 (#329)
M00nF1sh Sep 10, 2019
d9147f1
sync nodegroup template to latest available (#335)
M00nF1sh Sep 17, 2019
ade31b0
Add support for g4 instance family
Sep 20, 2019
0f11f6c
Add G4DN instance family to node group template
Jeffwan Sep 26, 2019
8fece4f
Add change log for AMI Release v20190927 (#345)
Jeffwan Sep 30, 2019
c47e0c0
Add 1.14 to the EKS Makefile and update older versions (#336)
willthames Oct 8, 2019
39eaa20
Add support for m5n/m5dn/r5n/r5dn instances
Jeffwan Oct 14, 2019
b1d4bc5
Remove snowflake for kubelet secret-polling config (#352)
shyamjvs Oct 17, 2019
9d5ed53
Set a minimum evictionHard and kubeReserved
wongma7 Oct 10, 2019
1b59c53
Output the autoscaling group name
dwaynebailey Oct 21, 2019
17706d5
#361 - custom pause container image support (#362)
ajohnstone Oct 22, 2019
d4eca99
Set kubeReserved dynamically and evictionHard statically (#367)
natherz97 Nov 12, 2019
da2d05a
Updating Docker version (#373)
natherz97 Nov 12, 2019
c7528b5
Remove the ec2-net-utils package (#368)
Kausheel Nov 13, 2019
593691e
Make 'kube-bench' happy.
bmcustodio Nov 14, 2019
81ac166
add support for c5d.12x/c5d.24x/c5d.metal
ajayk Nov 7, 2019
c61b6e7
Adding new instance types (m6g) (#378)
srini-ram Dec 11, 2019
388317a
Revert "Make 'kube-bench' happy." since there are changes being conce…
Dec 11, 2019
4353bbf
Fixed setting of DNS_CLUSTER_IP in bootstrap.sh (#226)
drewhemm Jan 7, 2020
7b33664
Support docker-in-docker by only returning the oldest dockerd process
sophomeric Jan 8, 2020
6c5c5a1
TLS Ciphersuite: restrict to TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Nov 28, 2019
b425e43
Script for collecting window and ubuntu worker logs (#354)
arun-amzn Jan 10, 2020
b5c3f95
add ability to specify aws_region & binary_bucket_region & source_ami…
M00nF1sh Jan 16, 2020
7695621
adding support for china regions (#398)
M00nF1sh Jan 21, 2020
128a714
kubelet.service should wait for iptables lock (#401)
jpvowen Jan 22, 2020
2edc668
fix tls suit to be recommended by cis bench (#403)
M00nF1sh Jan 22, 2020
f80c682
Fix retries in bootstrap.sh
aackerman Jan 23, 2020
9a8d80a
update binaries to use latest ones (#408)
M00nF1sh Jan 27, 2020
3bb08b6
validate_yum (#411)
M00nF1sh Jan 29, 2020
e8f2a2e
add ability to use precreated security group (#412)
M00nF1sh Jan 29, 2020
126dad8
add scripts folder (#413)
M00nF1sh Jan 31, 2020
2c0d751
Remove invalid target 1.11 (#421)
sayboras Feb 20, 2020
1b3642c
Update install-worker.sh and eks-worker-al2.json (#402)
zadowsmash Feb 23, 2020
7a53fbb
Remove mutating calls and ignore collection of unknown logs
nithu0115 Mar 6, 2020
b98cec2
Added 1.15 support and removed --allow-privileged flag from all EKS s…
abeer91 Mar 10, 2020
729dcb5
Fix URL for 1.15 binaries (#429)
willthames Mar 11, 2020
6585196
Fixed amazon-eks-nodegroup.yaml lint issues
Mar 21, 2020
14e8526
Consistent Docker GID version in Image (#430)
Mar 24, 2020
b576e9e
Move compressed file to /var/log (#436)
Mar 24, 2020
5110560
Force create the group id (#437)
Mar 25, 2020
ff69078
Fix useradd to run with privileges
dkhandeshi Mar 26, 2020
4e0e916
Removing dependency on Authenticator binary (#440)
abeer91 Mar 27, 2020
b56a25d
Reducing memory allocated in kubeReserved (#419)
natherz97 Apr 8, 2020
d6e021b
Revert "Removing dependency on Authenticator binary (#440)" (#446)
abeer91 Apr 8, 2020
fcf6ea5
Adding support to upgrade kernel while building AMI (#447)
abeer91 Apr 8, 2020
5a5046d
fix(amazon-eks-nodegroup): add ec2 service principals for isolated re…
cmdallas Apr 14, 2020
09a8fbe
Add inf1 instance family in EKS AMI packer configuration
regulusv Mar 27, 2020
8c61db5
Removed AssociatePublicIpAddress setting from NodeLaunchCongig and ad…
vishalkg Apr 15, 2020
a27a0e4
Add a flag that allows CNI packages to be pulled from S3 instead of G…
abeer91 Apr 29, 2020
7d4aae8
update source AMI owner and ECR repo for govcloud (#458)
heybronson Apr 29, 2020
035e956
updated ipamd information files extension to json (#451)
saiteja313 Apr 29, 2020
0327997
Adding 1.16 to Makefile (#459)
abeer91 Apr 30, 2020
82a4066
downgrade
May 6, 2020
795ecd4
Add a new manifest containing the AMI name (#471)
saurav-agarwalla May 12, 2020
65238a6
Merge branch 'master' of github.com:OpenGov/amazon-eks-ami into bugger
May 12, 2020
17b00bd
sync code with upstream
May 12, 2020
8062e2e
changelog updated
May 12, 2020
0ffb66b
added udev setting
May 13, 2020
187da12
small updates
May 13, 2020
57d7aa0
some fix
May 13, 2020
8bd90e5
added udev again
May 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
manifest.json
*.swp
.idea

22 changes: 15 additions & 7 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
PACKER_BINARY ?= packer
PACKER_VARIABLES := aws_region ami_name binary_bucket_name binary_bucket_region kubernetes_version kubernetes_build_date docker_version cni_version cni_plugin_version source_ami_id source_ami_owners arch instance_type security_group_id additional_yum_repos og_image_version ami_regions
PACKER_VARIABLES := aws_region ami_name binary_bucket_name binary_bucket_region kubernetes_version kubernetes_build_date docker_version cni_version cni_plugin_version source_ami_id source_ami_owners arch instance_type security_group_id additional_yum_repos pull_cni_from_github og_image_version ami_regions

K8S_VERSION_PARTS := $(subst ., ,$(kubernetes_version))
K8S_VERSION_MINOR := $(word 1,${K8S_VERSION_PARTS}).$(word 2,${K8S_VERSION_PARTS})
kubernetes_build_date ?= 2020-04-16
aws_region ?= $(AWS_DEFAULT_REGION)
binary_bucket_region ?= $(AWS_DEFAULT_REGION)
ami_name ?= og-amazon-eks-node-$(K8S_VERSION_MINOR)-v$(shell date +'%Y%m%d%H%M%S')
ami_name ?= og-amazon-eks-node-$(K8S_VERSION_MINOR)-v$(shell date +'%Y%m%d')
arch ?= x86_64
ifeq ($(arch), arm64)
instance_type ?= a1.large
Expand All @@ -18,6 +18,10 @@ ifeq ($(aws_region), cn-northwest-1)
source_ami_owners ?= 141808717104
endif

ifeq ($(aws_region), us-gov-west-1)
source_ami_owners ?= 045324592363
endif

T_RED := \e[0;31m
T_GREEN := \e[0;32m
T_YELLOW := \e[0;33m
Expand All @@ -39,16 +43,20 @@ k8s: validate

.PHONY: 1.12
1.12:
$(MAKE) k8s kubernetes_version=1.12.10 kubernetes_build_date=2020-01-22
$(MAKE) k8s kubernetes_version=1.12.10 kubernetes_build_date=2020-04-17 pull_cni_from_github=true

.PHONY: 1.13
1.13:
$(MAKE) k8s kubernetes_version=1.13.12 kubernetes_build_date=2020-01-22
$(MAKE) k8s kubernetes_version=1.13.12 kubernetes_build_date=2020-04-16 pull_cni_from_github=true

.PHONY: 1.14
1.14:
$(MAKE) k8s kubernetes_version=1.14.9 kubernetes_build_date=2020-04-16
$(MAKE) k8s kubernetes_version=1.14.9 kubernetes_build_date=2020-04-16 pull_cni_from_github=true

.PHONY: 1.15
1.15:
$(MAKE) k8s kubernetes_version=1.15.11 kkubernetes_build_date=2020-04-16
$(MAKE) k8s kubernetes_version=1.15.11 kubernetes_build_date=2020-04-16 pull_cni_from_github=true

.PHONY: 1.16
1.16:
$(MAKE) k8s kubernetes_version=1.16.8 kubernetes_build_date=2020-04-16 pull_cni_from_github=true
4 changes: 4 additions & 0 deletions OG-CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

1.5.0 - 05/12/2020
-----------------------
- Sync code with upstream

1.4.2 - 05/06/2020
-----------------------
- downgraded docker version to 18.09.9ce-2.amzn2
Expand Down
9 changes: 8 additions & 1 deletion eks-worker-al2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,13 @@
"cni_plugin_version": "v0.7.5",
"og_image_version": "1.2.0",
"ami_regions": "us-west-2,us-east-1",
"pull_cni_from_github": "true",

"source_ami_id": "",
"source_ami_owners": "137112412989",
"source_ami_filter_name": "amzn2-ami-minimal-hvm-*",
"arch": null,
"instance_type": "m4.large",
"instance_type": null,
"ami_description": "EKS Kubernetes Worker AMI with AmazonLinux2 image",

"ssh_interface": "",
Expand Down Expand Up @@ -140,6 +141,7 @@
"DOCKER_VERSION={{user `docker_version`}}",
"CNI_VERSION={{user `cni_version`}}",
"CNI_PLUGIN_VERSION={{user `cni_plugin_version`}}",
"PULL_CNI_FROM_GITHUB={{user `pull_cni_from_github`}}",
"AWS_ACCESS_KEY_ID={{user `aws_access_key_id`}}",
"AWS_SECRET_ACCESS_KEY={{user `aws_secret_access_key`}}",
"AWS_SESSION_TOKEN={{user `aws_session_token`}}"
Expand All @@ -164,6 +166,11 @@
"type": "manifest",
"output": "manifest.json",
"strip_path": true
},
{
"type": "manifest",
"output": "{{user `ami_name`}}-manifest.json",
"strip_path": true
}
]
}
4 changes: 4 additions & 0 deletions files/bootstrap.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,10 @@ function get_pause_container_account_for_region () {
echo "${PAUSE_CONTAINER_ACCOUNT:-918309763551}";;
cn-northwest-1)
echo "${PAUSE_CONTAINER_ACCOUNT:-961992271922}";;
us-gov-west-1)
echo "${PAUSE_CONTAINER_ACCOUNT:-013241004608}";;
us-gov-east-1)
echo "${PAUSE_CONTAINER_ACCOUNT:-151742754352}";;
*)
echo "${PAUSE_CONTAINER_ACCOUNT:-602401143452}";;
esac
Expand Down
4 changes: 2 additions & 2 deletions log-collector-script/linux/eks-log-collector.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -408,15 +408,15 @@ get_ipamd_info() {
if [[ "${ignore_introspection}" == "false" ]]; then
try "collect L-IPAMD introspectioon information"
for entry in ${IPAMD_DATA[*]}; do
curl --max-time 3 --silent http://localhost:61679/v1/"${entry}" >> "${COLLECT_DIR}"/ipamd/"${entry}".txt
curl --max-time 3 --silent http://localhost:61679/v1/"${entry}" >> "${COLLECT_DIR}"/ipamd/"${entry}".json
done
else
echo "Ignoring IPAM introspection stats as mentioned"| tee -a "${COLLECT_DIR}"/ipamd/ipam_introspection_ignore.txt
fi

if [[ "${ignore_metrics}" == "false" ]]; then
try "collect L-IPAMD prometheus metrics"
curl --max-time 3 --silent http://localhost:61678/metrics > "${COLLECT_DIR}"/ipamd/metrics.txt 2>&1
curl --max-time 3 --silent http://localhost:61678/metrics > "${COLLECT_DIR}"/ipamd/metrics.json 2>&1
else
echo "Ignoring Prometheus Metrics collection as mentioned"| tee -a "${COLLECT_DIR}"/ipamd/ipam_metrics_ignore.txt
fi
Expand Down
1 change: 0 additions & 1 deletion log-collector-script/windows/eks-ssm-content.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,4 +79,3 @@
}
]
}

51 changes: 39 additions & 12 deletions scripts/install-worker.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ validate_env_set CNI_VERSION
validate_env_set CNI_PLUGIN_VERSION
validate_env_set KUBERNETES_VERSION
validate_env_set KUBERNETES_BUILD_DATE
validate_env_set PULL_CNI_FROM_GITHUB

################################################################################
### Machine Architecture #######################################################
Expand Down Expand Up @@ -80,6 +81,9 @@ rm install
# Remove the ec2-net-utils package, if it's installed. This package interferes with the route setup on the instance.
if yum list installed | grep ec2-net-utils; then sudo yum remove ec2-net-utils -y -q; fi

# Remove the ec2-net-utils package, if it's installed. This package interferes with the route setup on the instance.
if yum list installed | grep ec2-net-utils; then sudo yum remove ec2-net-utils -y -q; fi

################################################################################
### Time #######################################################################
################################################################################
Expand Down Expand Up @@ -158,18 +162,6 @@ sudo mkdir -p /var/lib/kubernetes
sudo mkdir -p /var/lib/kubelet
sudo mkdir -p /opt/cni/bin

wget https://github.com/containernetworking/cni/releases/download/${CNI_VERSION}/cni-${ARCH}-${CNI_VERSION}.tgz
wget https://github.com/containernetworking/cni/releases/download/${CNI_VERSION}/cni-${ARCH}-${CNI_VERSION}.tgz.sha512
sudo sha512sum -c cni-${ARCH}-${CNI_VERSION}.tgz.sha512
sudo tar -xvf cni-${ARCH}-${CNI_VERSION}.tgz -C /opt/cni/bin
rm cni-${ARCH}-${CNI_VERSION}.tgz cni-${ARCH}-${CNI_VERSION}.tgz.sha512

wget https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz
wget https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz.sha512
sudo sha512sum -c cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz.sha512
sudo tar -xvf cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz -C /opt/cni/bin
rm cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz.sha512

echo "Downloading binaries from: s3://$BINARY_BUCKET_NAME"
S3_DOMAIN="amazonaws.com"
if [ "$BINARY_BUCKET_REGION" = "cn-north-1" ] || [ "$BINARY_BUCKET_REGION" = "cn-northwest-1" ]; then
Expand All @@ -196,6 +188,41 @@ for binary in ${BINARIES[*]} ; do
sudo chmod +x $binary
sudo mv $binary /usr/bin/
done

if [ "$PULL_CNI_FROM_GITHUB" = "true" ]; then
echo "Downloading CNI assets from Github"
wget https://github.com/containernetworking/cni/releases/download/${CNI_VERSION}/cni-${ARCH}-${CNI_VERSION}.tgz
wget https://github.com/containernetworking/cni/releases/download/${CNI_VERSION}/cni-${ARCH}-${CNI_VERSION}.tgz.sha512

wget https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz
wget https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz.sha512
sudo sha512sum -c cni-${ARCH}-${CNI_VERSION}.tgz.sha512
sudo sha512sum -c cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz.sha512
rm cni-${ARCH}-${CNI_VERSION}.tgz.sha512
rm cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz.sha512
else
CNI_BINARIES=(
cni-${ARCH}-${CNI_VERSION}.tgz
cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz
)
for binary in ${CNI_BINARIES[*]} ; do
if [[ ! -z "$AWS_ACCESS_KEY_ID" ]]; then
echo "AWS cli present - using it to copy binaries from s3."
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary .
aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/$binary.sha256 .
sudo sha256sum -c $binary.sha256
else
echo "AWS cli missing - using wget to fetch cni binaries from s3. Note: This won't work for private bucket."
sudo wget $S3_URL_BASE/$binary
sudo wget $S3_URL_BASE/$binary.sha256
fi
done
fi
sudo tar -xvf cni-${ARCH}-${CNI_VERSION}.tgz -C /opt/cni/bin
sudo tar -xvf cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz -C /opt/cni/bin
rm cni-${ARCH}-${CNI_VERSION}.tgz
rm cni-plugins-${ARCH}-${CNI_PLUGIN_VERSION}.tgz

sudo rm *.sha256

KUBERNETES_MINOR_VERSION=${KUBERNETES_VERSION%.*}
Expand Down
2 changes: 1 addition & 1 deletion scripts/upgrade_kernel.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ set -o errexit
#sudo yum update -y kernel
#sudo amazon-linux-extras install kernel-ng
sudo yum -y install kernel-4.14.133-113.112.amzn2.x86_64
sudo grubby --set-default /boot/vmlinuz-4.14.133-113.112.amzn2.x86_64
sudo grubby --set-default /boot/vmlinuz-4.14.133-113.112.amzn2.x86_64 --args="ro console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 nvme_core.io_timeout=4294967295 rd.emergency=poweroff rd.shell=0 LANG=en_US.UTF-7 KEYTABLE=us udev.event-timeout=300"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets undo installing the specific kernel, lte it install the latest version available by default since we now know that that was not the issue;

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure how i pass this value then :-). udev.event-timeout=300

echo "rebooting... now"
sudo reboot