Add scripts/manifests for new daemonset kubeadm approach

kubeadm/flannel/Dockerfile

@@ -0,0 +1,23 @@
+ARG servercoreTag="ltsc2019"
+ARG cniVersion="0.8.5"
+
+FROM mcr.microsoft.com/windows/servercore:${servercoreTag}
+SHELL ["powershell", "-NoLogo", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+
+ARG cniVersion
+
+# Stuck on a prerelease flannel until https://github.com/coreos/flannel/issues/1231 is resolved
+RUN mkdir -force C:\k\flannel; \
+  pushd C:\k\flannel; \
+  curl.exe -LO https://github.com/benmoss/flannel/releases/download/v0.12.0-rc1/flanneld.exe
+
+RUN mkdir C:\cni; \
+  pushd C:\cni; \
+  curl.exe -Lo cni.tgz https://github.com/containernetworking/plugins/releases/download/v${env:cniVersion}/cni-plugins-windows-amd64-v${env:cniVersion}.tgz; \
+  tar -xf cni.tgz; \
+  rm cni.tgz
+
+RUN mkdir C:\utils; \
+  curl.exe -Lo C:\utils\wins.exe https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe; \
+  curl.exe -Lo C:\utils\yq.exe https://github.com/mikefarah/yq/releases/download/2.4.1/yq_windows_amd64.exe; \
+  "[Environment]::SetEnvironmentVariable('PATH', $env:PATH + ';C:\utils', [EnvironmentVariableTarget]::Machine)"

kubeadm/flannel/flannel-host-gw.yml

@@ -0,0 +1,171 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kube-flannel-windows-cfg
+  namespace: kube-system
+  labels:
+    tier: node
+    app: flannel
+data:
+  run.ps1: |
+    $ErrorActionPreference = "Stop";
+
+    mkdir -force /host/etc/cni/net.d
+    mkdir -force /host/etc/kube-flannel
+    mkdir -force /host/opt/cni/bin
+    mkdir -force /host/k/flannel
+    mkdir -force /host/k/flannel/var/run/secrets/kubernetes.io/serviceaccount
+
+    $cniJson = get-content /etc/kube-flannel-windows/cni-conf.json | ConvertFrom-Json
+    $serviceSubnet = yq r /etc/kubeadm-config/ClusterConfiguration networking.serviceSubnet
+    $podSubnet = yq r /etc/kubeadm-config/ClusterConfiguration networking.podSubnet
+    $networkJson = wins cli net get | convertfrom-json
+
+    $cniJson.delegate.policies[0].Value.ExceptionList = $serviceSubnet, $podSubnet, $networkJson.SubnetCIDR
+    $cniJson.delegate.policies[1].Value.DestinationPrefix = $serviceSubnet
+    $cniJson.delegate.policies[2].Value.DestinationPrefix = $networkJson.AddressCIDR
+    Set-Content -Path /host/etc/cni/net.d/10-flannel.conf ($cniJson | ConvertTo-Json -depth 100)
+
+    cp -force /etc/kube-flannel/net-conf.json /host/etc/kube-flannel
+    cp -force -recurse /cni/* /host/opt/cni/bin
+    cp -force /k/flannel/flanneld.exe /host/k/flannel/flanneld.exe
+    cp -force /kube-proxy/kubeconfig.conf /host/k/flannel/kubeconfig.yml
+    cp -force /var/run/secrets/kubernetes.io/serviceaccount/* /host/k/flannel/var/run/secrets/kubernetes.io/serviceaccount/
+    wins cli process run --path /k/flannel/flanneld.exe --args "--kube-subnet-mgr --kubeconfig-file /k/flannel/kubeconfig.yml" --envs "POD_NAME=$env:POD_NAME POD_NAMESPACE=$env:POD_NAMESPACE"
+  cni-conf.json: |
+    {
+      "name": "cbr0",
+      "cniVersion": "0.3.0",
+      "type": "flannel",
+      "capabilities": {
+        "dns": true
+      },
+      "delegate": {
+        "type": "win-bridge",
+        "hairpinMode": true,
+        "isDefaultGateway": true,
+        "policies": [
+          {
+            "Name": "EndpointPolicy",
+            "Value": {
+              "Type": "OutBoundNAT",
+              "ExceptionList": []
+            }
+          },
+          {
+            "Name": "EndpointPolicy",
+            "Value": {
+              "Type": "ROUTE",
+              "DestinationPrefix": "",
+              "NeedEncap": true
+            }
+          },
+          {
+            "Name": "EndpointPolicy",
+            "Value": {
+              "Type": "ROUTE",
+              "DestinationPrefix": "",
+              "NeedEncap": true
+            }
+          }
+        ]
+      }
+    }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-flannel-ds-windows-amd64
+  labels:
+    tier: node
+    app: flannel
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app: flannel
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: flannel
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: beta.kubernetes.io/os
+                    operator: In
+                    values:
+                      - windows
+                  - key: beta.kubernetes.io/arch
+                    operator: In
+                    values:
+                      - amd64
+      hostNetwork: true
+      serviceAccountName: flannel
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: kube-flannel
+        image: sigwindowstools/flannel:0.12.0-rc1
+        command:
+        - powershell
+        args:
+        - -file
+        - /etc/kube-flannel-windows/run.ps1
+        volumeMounts:
+        - name: wins
+          mountPath: \\.\pipe\rancher_wins
+        - name: host
+          mountPath: /host
+        - name: kube-proxy
+          mountPath: /kube-proxy
+        - name: cni
+          mountPath: /etc/cni/net.d
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+        - name: flannel-windows-cfg
+          mountPath: /etc/kube-flannel-windows/
+        - name: kubeadm-config
+          mountPath: /etc/kubeadm-config/
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+      volumes:
+      - name: opt
+        hostPath:
+          path: /opt
+      - name: host
+        hostPath:
+          path: /
+      - name: cni
+        hostPath:
+          path: /etc
+      - name: flannel-cfg
+        configMap:
+          name: kube-flannel-cfg
+      - name: flannel-windows-cfg
+        configMap:
+          name: kube-flannel-windows-cfg
+      - name: kube-proxy
+        configMap:
+          name: kube-proxy
+      - name: kubeadm-config
+        configMap:
+          name: kubeadm-config
+      - name: wins
+        hostPath:
+          path: \\.\pipe\rancher_wins
+          type: null

kubeadm/flannel/flannel-overlay.yml

@@ -0,0 +1,160 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kube-flannel-windows-cfg
+  namespace: kube-system
+  labels:
+    tier: node
+    app: flannel
+data:
+  run.ps1: |
+    $ErrorActionPreference = "Stop";
+
+    mkdir -force /host/etc/cni/net.d
+    mkdir -force /host/etc/kube-flannel
+    mkdir -force /host/opt/cni/bin
+    mkdir -force /host/k/flannel
+    mkdir -force /host/k/flannel/var/run/secrets/kubernetes.io/serviceaccount
+
+    $cniJson = get-content /etc/kube-flannel-windows/cni-conf.json | ConvertFrom-Json
+    $serviceSubnet = yq r /etc/kubeadm-config/ClusterConfiguration networking.serviceSubnet
+    $podSubnet = yq r /etc/kubeadm-config/ClusterConfiguration networking.podSubnet
+    $networkJson = wins cli net get | convertfrom-json
+
+    $cniJson.delegate.policies[0].Value.ExceptionList = $serviceSubnet, $podSubnet
+    $cniJson.delegate.policies[1].Value.DestinationPrefix = $serviceSubnet
+    Set-Content -Path /host/etc/cni/net.d/10-flannel.conf ($cniJson | ConvertTo-Json -depth 100)
+
+    cp -force /etc/kube-flannel/net-conf.json /host/etc/kube-flannel
+    cp -force -recurse /cni/* /host/opt/cni/bin
+    cp -force /k/flannel/flanneld.exe /host/k/flannel/flanneld.exe
+    cp -force /kube-proxy/kubeconfig.conf /host/k/flannel/kubeconfig.yml
+    cp -force /var/run/secrets/kubernetes.io/serviceaccount/* /host/k/flannel/var/run/secrets/kubernetes.io/serviceaccount/
+    wins cli process run --path /k/flannel/flanneld.exe --args "--kube-subnet-mgr --kubeconfig-file /k/flannel/kubeconfig.yml" --envs "POD_NAME=$env:POD_NAME POD_NAMESPACE=$env:POD_NAMESPACE"
+  cni-conf.json: |
+    {
+      "name": "flannel.4096",
+      "cniVersion": "0.3.0",
+      "type": "flannel",
+      "capabilities": {
+        "dns": true
+      },
+      "delegate": {
+        "type": "win-overlay",
+        "policies": [
+          {
+            "Name": "EndpointPolicy",
+            "Value": {
+              "Type": "OutBoundNAT",
+              "ExceptionList": []
+            }
+          },
+          {
+            "Name": "EndpointPolicy",
+            "Value": {
+              "Type": "ROUTE",
+              "DestinationPrefix": "",
+              "NeedEncap": true
+            }
+          }
+        ]
+      }
+    }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-flannel-ds-windows-amd64
+  labels:
+    tier: node
+    app: flannel
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app: flannel
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: flannel
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: beta.kubernetes.io/os
+                    operator: In
+                    values:
+                      - windows
+                  - key: beta.kubernetes.io/arch
+                    operator: In
+                    values:
+                      - amd64
+      hostNetwork: true
+      serviceAccountName: flannel
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      containers:
+      - name: kube-flannel
+        image: sigwindowstools/flannel:0.12.0-rc1
+        command:
+        - powershell
+        args:
+        - -file
+        - /etc/kube-flannel-windows/run.ps1
+        volumeMounts:
+        - name: wins
+          mountPath: \\.\pipe\rancher_wins
+        - name: host
+          mountPath: /host
+        - name: kube-proxy
+          mountPath: /kube-proxy
+        - name: cni
+          mountPath: /etc/cni/net.d
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+        - name: flannel-windows-cfg
+          mountPath: /etc/kube-flannel-windows/
+        - name: kubeadm-config
+          mountPath: /etc/kubeadm-config/
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+      volumes:
+      - name: opt
+        hostPath:
+          path: /opt
+      - name: host
+        hostPath:
+          path: /
+      - name: cni
+        hostPath:
+          path: /etc
+      - name: flannel-cfg
+        configMap:
+          name: kube-flannel-cfg
+      - name: flannel-windows-cfg
+        configMap:
+          name: kube-flannel-windows-cfg
+      - name: kube-proxy
+        configMap:
+          name: kube-proxy
+      - name: kubeadm-config
+        configMap:
+          name: kubeadm-config
+      - name: wins
+        hostPath:
+          path: \\.\pipe\rancher_wins
+          type: null

kubeadm/kube-proxy/Dockerfile

@@ -0,0 +1,16 @@
+ARG k8sVersion="v1.17.3"
+ARG servercoreTag="ltsc2019"
+
+FROM mcr.microsoft.com/windows/servercore:${servercoreTag}
+SHELL ["powershell", "-NoLogo", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+
+ARG k8sVersion
+
+RUN mkdir -force C:\k\kube-proxy; \
+  pushd C:\k\kube-proxy; \
+  curl.exe -LO https://dl.k8s.io/${env:k8sVersion}/bin/windows/amd64/kube-proxy.exe
+
+RUN mkdir C:\utils; \
+  curl.exe -Lo C:\utils\wins.exe https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe; \
+  curl.exe -Lo C:\utils\yq.exe https://github.com/mikefarah/yq/releases/download/2.4.1/yq_windows_amd64.exe; \
+  "[Environment]::SetEnvironmentVariable('PATH', $env:PATH + ';C:\utils', [EnvironmentVariableTarget]::Machine)"