diff --git a/.drone.yml b/.drone.yml index b7d903c39..eede09836 100644 --- a/.drone.yml +++ b/.drone.yml @@ -11,13 +11,29 @@ pipeline: - ./build/drone/create_release.sh when: event: tag - build_xenial: + build_ubuntu_oss: + image: ubuntu:xenial + environment: + - CPPFLAGS=-P + commands: + - ./build/drone/ubuntu_oss.sh + when: + event: tag + release_binary: + image: plugins/s3 + secrets: [ aws_access_key_id, aws_secret_access_key ] + bucket: pharos-cluster-binaries + region: eu-west-1 + source: "pharos-cluster-oss-linux-amd64-${DRONE_TAG##v}" + target: / + when: + event: tag + build_ubuntu: image: ubuntu:xenial - secrets: [ github_token ] environment: - CPPFLAGS=-P commands: - - ./build/drone/ubuntu_xenial.sh + - ./build/drone/ubuntu.sh when: event: tag release_binary: diff --git a/.travis.yml b/.travis.yml index 9b1dfb276..c2cb835ca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,22 @@ stages: if: tag IS present jobs: include: + - stage: publish binary + script: ./build/travis/macos_oss.sh + rvm: 2.4 + os: osx + deploy: + provider: s3 + access_key_id: + secure: "OHjLg4bzJBUdwmw42XK5s/+5tHUy7SO32/NzV5qCETIw+lr0lEhHIUeGUDGEqsMKvB3X1rIyFhhYJcRUCkJHfDUM2uRyIxYl/HUNNHCnZttwBHsn517Wt8sSzx5mSHuqXl54hoI47vvx0yfKrvW70/AF0aNufEde5tQePzsgghZ0FIPKx29CiG0QAufTgJ3B3tXJtDywDXO6kyQmmpjSTO+Rne8YEx4MvyoGH1DhHiiSsggSMrYUy80mZP967AvQ6cCQNS7d9A1ThNjJVNGQ9jzTGW8vWRsvI1Y5583sWwAwVbKSYtcaO2t5IC1q62PnYu9xVyy6D5QZ4uJ4jQk8at00348nj059CosNEE9IdqRaTJi5TIiX9H1nU8y3P/c/2dYpsQIKch0Ji/cQhl4RCe+QQuOpCzggElf8GeD/tg9GJFhX+uPPWFJMl4zvrH5EascRm+PHJsr7UFL0Lv4Q0x85qdCa/0Oh1XA+f+WaLpSkUUiLUUB27+2dLupD3VyuSZ0IferiDHHgIG0teXoSvI6hgSBg85ZYZKls72seTuGG0icrn+U/iz+7ywtaaS5yVmrelUiYq4ElZr3N9SPaWUxUGXo734B60AIJ9dPQQJY8e+TJ2jjX3OCAd//Z3Kh2+O+nbcHUUMY4OfUVp4wcRy2LKlNqPC5DevZij2uVmKM=" + secret_access_key: + secure: "HCnQTlTJ3jo4oX2ZLXZUUWHOL7yiV/z2dVNTmiQYGJ8Xsf34zLnwRvPTymq4nA7elCmO0J6G2ub1wqBLZqyYHhbhI//9txPpRJmgFf7C3R0c9j5HRG2lxRJ8PNHuOzT5e2Zx1Aq9Aawy2+zXTuNMnTF0gtXg2tO3oHzs2h99mk5qeoLDAbu1HUd+W7ymalbhw+GH3D6X4mHuv/AUowOJuieIMpg/FPvu0/SXh4/KpSV54hlfSDYIqaBlMDxdAJsoJi/tKBegNMkLeXyaFf9PYF6U83P8RABdBkhinatN0b6EJB21mmaRkfVam4gNhEgB+SobZVelmLLAsTZU9kEkt2V4zBgUYUbNI32ZXMhMFsOZtPfInbGAzqZPmKGRh39yFnN92uQjxWJXocGFrk43K3d2lviAntP05+xPpBjO4CDXuC8mqyRZf6vg/Cysu3OuxrUGMru0EHePG6DZDcH8yNq7GcBbarA5+w+hupnfHD8SoRtnSuyPdyPsjGb25vikkgeLN8J8d2FxcUH9NBgeBJXhMcXCKCxmIgCcMtJ1NElip6MktTYMl2nkxDmgpPljUG0QL95fVq88jwWhyxTvpASJvUSDbq0AUWNP5xJ4R+4vlWkSkVrtLhn4IaJ4ou6PATmgzyaw+0EG4JeAT2TfP8z6ILv5NNb/4YThwg08fVA=" + bucket: "pharos-cluster-binaries" + region: "eu-west-1" + local-dir: upload + skip_cleanup: true + on: + all_branches: true - stage: publish binary script: ./build/travis/macos.sh rvm: 2.4 diff --git a/LICENSE b/LICENSE index 67b10810d..20fab0ea7 100644 --- a/LICENSE +++ b/LICENSE @@ -1,201 +1,13 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018 Kontena Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file +Source code in this repository is variously licensed under the Apache License +Version 2.0, an Apache compatible license, or the Kontena License. Outside of +the "non-oss" folder, source code in a given file is licensed under the Apache +License Version 2.0, unless otherwise noted at the beginning of the file or a +LICENSE file present in the directory subtree declares a separate license. +Within the "non-oss" folder, source code in a given file is licensed under the +Kontena License, unless otherwise noted at the beginning of the file or a +LICENSE file present in the directory subtree declares a separate license. + +The build produces two sets of binaries - one set that falls under the Kontena +License and another set that falls under Apache License Version 2.0. The +binaries that contain `-oss` in the artifact name are licensed under the Apache +License Version 2.0. \ No newline at end of file diff --git a/README.md b/README.md index e818c28e0..873ba69ea 100644 --- a/README.md +++ b/README.md @@ -13,14 +13,4 @@ Pharos Cluster is a [Kontena Pharos](https://pharos.sh) (Kubernetes distribution ## Contributing -Bug reports and pull requests are welcome on GitHub at https://github.com/kontena/pharos-cluster. - -## License - -Copyright (c) 2018 Kontena, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. +Bug reports and pull requests are welcome on GitHub at https://github.com/kontena/pharos-cluster. \ No newline at end of file diff --git a/build/drone/ubuntu_xenial.sh b/build/drone/ubuntu.sh old mode 100755 new mode 100644 similarity index 57% rename from build/drone/ubuntu_xenial.sh rename to build/drone/ubuntu.sh index f8fc997ef..e3d940acc --- a/build/drone/ubuntu_xenial.sh +++ b/build/drone/ubuntu.sh @@ -13,13 +13,3 @@ package="pharos-cluster-linux-amd64-${version}" sudo mkdir /__enclose_io_memfs__ rubyc -o $package -d /__enclose_io_memfs__ pharos-cluster ./$package version - -# ship to github -curl -sL https://github.com/aktau/github-release/releases/download/v0.7.2/linux-amd64-github-release.tar.bz2 | tar -xjO > /usr/local/bin/github-release -chmod +x /usr/local/bin/github-release -/usr/local/bin/github-release upload \ - --user kontena \ - --repo pharos-cluster \ - --tag $DRONE_TAG \ - --name $package \ - --file ./$package diff --git a/build/drone/ubuntu_oss.sh b/build/drone/ubuntu_oss.sh new file mode 100755 index 000000000..b0059508f --- /dev/null +++ b/build/drone/ubuntu_oss.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +set -ue + +rm -rf non-oss/* + +# build binary +apt-get update -y +apt-get install -y -q squashfs-tools build-essential ruby bison ruby-dev git-core texinfo curl +curl -sL https://dl.bintray.com/kontena/ruby-packer/0.5.0-dev/rubyc-linux-amd64.gz | gunzip > /usr/local/bin/rubyc +chmod +x /usr/local/bin/rubyc +gem install bundler +version=${DRONE_TAG#"v"} +package="pharos-cluster-oss-linux-amd64-${version}" +sudo mkdir /__enclose_io_memfs__ +rubyc -o $package -d /__enclose_io_memfs__ pharos-cluster +./$package version diff --git a/build/travis/macos.sh b/build/travis/macos.sh old mode 100755 new mode 100644 index c64c3e6d7..2519897ce --- a/build/travis/macos.sh +++ b/build/travis/macos.sh @@ -10,15 +10,6 @@ package="pharos-cluster-darwin-amd64-${version}" rubyc -o $package pharos-cluster ./$package version -# ship to github -curl -sL https://github.com/aktau/github-release/releases/download/v0.7.2/darwin-amd64-github-release.tar.bz2 | tar -xjO > /usr/local/bin/github-release -chmod +x /usr/local/bin/github-release -/usr/local/bin/github-release upload \ - --user kontena \ - --repo pharos-cluster \ - --tag $TRAVIS_TAG \ - --name $package \ - --file ./$package - +rm -rf upload/ mkdir -p upload mv $package upload/ \ No newline at end of file diff --git a/build/travis/macos_oss.sh b/build/travis/macos_oss.sh new file mode 100755 index 000000000..e90419b82 --- /dev/null +++ b/build/travis/macos_oss.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +set -ue + +rm -rf non-oss/* + +brew install squashfs +curl -sL https://dl.bintray.com/kontena/ruby-packer/0.5.0-dev/rubyc-darwin-amd64.gz | gunzip > /usr/local/bin/rubyc +chmod +x /usr/local/bin/rubyc +version=${TRAVIS_TAG#"v"} +package="pharos-cluster-oss-darwin-amd64-${version}" +rubyc -o $package pharos-cluster +./$package version + +rm -rf upload/ +mkdir -p upload +mv $package upload/ \ No newline at end of file diff --git a/lib/pharos/addon.rb b/lib/pharos/addon.rb index c6ac43f5f..752a3e255 100644 --- a/lib/pharos/addon.rb +++ b/lib/pharos/addon.rb @@ -94,6 +94,14 @@ def config? !@config.nil? end + def enable! + @enabled = true + end + + def enabled? + !!@enabled + end + def custom_type(&block) Class.new(Pharos::Addons::Struct, &block) end diff --git a/lib/pharos/addon_manager.rb b/lib/pharos/addon_manager.rb index 0fbafd610..0957020ae 100644 --- a/lib/pharos/addon_manager.rb +++ b/lib/pharos/addon_manager.rb @@ -30,6 +30,16 @@ def self.load_addons(*dirs) def initialize(config, cluster_context) @config = config @cluster_context = cluster_context + enable_default_addons + end + + def enable_default_addons + addon_classes.each do |addon| + if addon.enabled? + configs[addon.addon_name] ||= {} + configs[addon.addon_name]['enabled'] = true + end + end end def configs diff --git a/lib/pharos/cluster_manager.rb b/lib/pharos/cluster_manager.rb index 8cced794e..09da1addb 100644 --- a/lib/pharos/cluster_manager.rb +++ b/lib/pharos/cluster_manager.rb @@ -37,10 +37,14 @@ def addon_manager # load phases/addons def load - Pharos::PhaseManager.load_phases(__dir__ + '/phases/') + Pharos::PhaseManager.load_phases( + File.join(__dir__, 'phases'), + File.join(__dir__, '..', '..', 'non-oss', 'phases') + ) addon_dirs = [ File.join(__dir__, '..', '..', 'addons'), - File.join(Dir.pwd, 'addons') + File.join(Dir.pwd, 'addons'), + File.join(__dir__, '..', '..', 'non-oss', 'addons') ] + @config.addon_paths.map { |d| File.join(Dir.pwd, d) } addon_dirs.keep_if { |dir| File.exist?(dir) } addon_dirs = addon_dirs.map { |dir| Pathname.new(dir).realpath.to_s }.uniq @@ -74,6 +78,7 @@ def apply_phases # ca etc config files master_hosts = sorted_master_hosts + apply_phase(Phases::ValidateVersion, [master_hosts.first], master: master_hosts.first, ssh: true, parallel: false) apply_phase(Phases::MigrateMaster, master_hosts, ssh: true, parallel: true) apply_phase(Phases::ConfigureHost, config.hosts, ssh: true, parallel: true) apply_phase(Phases::ConfigureClient, [master_hosts.first], ssh: true, master: master_hosts.first, parallel: false, optional: true) diff --git a/lib/pharos/phases/migrate_master.rb b/lib/pharos/phases/migrate_master.rb index 41b002e53..e6ce35c0b 100644 --- a/lib/pharos/phases/migrate_master.rb +++ b/lib/pharos/phases/migrate_master.rb @@ -5,22 +5,7 @@ module Phases class MigrateMaster < Pharos::Phase title "Migrate master" - def call - if migrate_1_1_to_1_2? - migrate_1_1_to_1_2 - else - logger.info { 'Nothing to migrate.' } - end - end - - def migrate_1_1_to_1_2? - @ssh.file('/etc/systemd/system/kubelet.service.d/5-pharos.conf').exist? - end - - def migrate_1_1_to_1_2 - logger.info { 'Migrating from 1.1 to 1.2 ...' } - @ssh.file('/etc/systemd/system/kubelet.service.d/5-pharos.conf').unlink - end + def call; end end end end diff --git a/lib/pharos/phases/migrate_worker.rb b/lib/pharos/phases/migrate_worker.rb index b77558649..15067dcec 100644 --- a/lib/pharos/phases/migrate_worker.rb +++ b/lib/pharos/phases/migrate_worker.rb @@ -5,46 +5,7 @@ module Phases class MigrateWorker < Pharos::Phase title "Migrate worker" - def call - if migrate_1_1_to_1_2? - migrate_1_1_to_1_2 - elsif migrate_1_3? - migrate_1_3 - else - logger.info { 'Nothing to migrate.' } - end - end - - def migrate_1_1_to_1_2? - @ssh.file('/etc/systemd/system/kubelet.service.d/5-pharos.conf').exist? - end - - def migrate_1_1_to_1_2 - logger.info { 'Migrating from 1.1 to 1.2 ...' } - @ssh.file('/etc/systemd/system/kubelet.service.d/5-pharos.conf').unlink - end - - def migrate_1_3? - return false unless @ssh.file('/etc/kubernetes/kubelet.conf').exist? - return false if @ssh.file('/var/lib/kubelet/config.yaml').exist? - - true - end - - def migrate_1_3 - logger.info { 'Upgrade kubelet config' } - - # use the new version of kubeadm to write out /var/lib/kubelet/config.yaml for new kubelet version to be installed - # the kube master must be running, which is the case for upgrades - host_configurer.upgrade_kubeadm(Pharos::KUBEADM_VERSION) - - @ssh.exec!("sudo /usr/local/bin/pharos-kubeadm-#{Pharos::KUBEADM_VERSION} upgrade node config --kubelet-version=v#{Pharos::KUBE_VERSION}") - - kubeadm_flags = @ssh.file("/var/lib/kubelet/kubeadm-flags.env") - return if kubeadm_flags.exist? - - kubeadm_flags.write('KUBELET_KUBEADM_ARGS=--cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d --network-plugin=cni') - end + def call; end end end end diff --git a/lib/pharos/phases/validate_version.rb b/lib/pharos/phases/validate_version.rb new file mode 100644 index 000000000..5649b5e7c --- /dev/null +++ b/lib/pharos/phases/validate_version.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +module Pharos + module Phases + class ValidateVersion < Pharos::Phase + title "Validate cluster version" + + REMOTE_KUBECONFIG = "/etc/kubernetes/admin.conf" + + def call + return unless kubeconfig? + + cluster_context['kubeconfig'] = kubeconfig + config_map = previous_config_map + if config_map + validate_version(config_map.data['pharos-version']) + else + logger.info { 'No version detected' } + end + end + + # @param cluster_version [String] + def validate_version(cluster_version) + cluster_major, cluster_minor, cluster_patch = cluster_version.split('.') + major, minor, patch = Pharos::VERSION.split('.') + unless cluster_major == major && cluster_minor == minor + raise "Upgrade path not supported" + end + + if cluster_patch.to_i <= patch.to_i + raise "Downgrade not supported" + end + + logger.info { "Valid cluster version detected: #{cluster_version}" } + end + + # @return [String] + def kubeconfig? + @ssh.file(REMOTE_KUBECONFIG).exist? + end + + # @return [String] + def read_kubeconfig + @ssh.file(REMOTE_KUBECONFIG).read + end + + # @return [Hash] + def kubeconfig + logger.debug { "Fetching kubectl config ..." } + config = Pharos::Kube::Config.new(read_kubeconfig) + config.update_server_address(@host.api_address) + + logger.debug { "New config: #{config}" } + config.to_h + end + + # @return [K8s::Resource, nil] + def previous_config_map + kube_client.api('v1').resource('configmaps', namespace: 'kube-system').get('pharos-config') + rescue K8s::Error::NotFound + nil + end + end + end +end diff --git a/lib/pharos/version.rb b/lib/pharos/version.rb index 151af58d1..563db8cf3 100644 --- a/lib/pharos/version.rb +++ b/lib/pharos/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Pharos - VERSION = "1.3.2" + VERSION = "2.0.0-dev" end diff --git a/licenses/APACHE-2.0.txt b/licenses/APACHE-2.0.txt new file mode 100644 index 000000000..67b10810d --- /dev/null +++ b/licenses/APACHE-2.0.txt @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018 Kontena Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/licenses/KONTENA.md b/licenses/KONTENA.md new file mode 100644 index 000000000..2c18487b4 --- /dev/null +++ b/licenses/KONTENA.md @@ -0,0 +1,35 @@ +# KONTENA LICENSE AGREEMENT + +PLEASE READ CAREFULLY THIS KONTENA LICENSE AGREEMENT ("AGREEMENT"), WHICH CONSTITUTES A LEGALLY BINDING AGREEMENT BETWEEN KONTENA INC (“KONTENA”) AND YOU, OR THE LEGAL ENTITY ON BEHALF OF WHOM YOU ARE ACTING (AS APPLICABLE, “YOU”). THIS AGREEMENT GOVERNS THE TERMS AND CONDITIONS FOR USING SOFTWARE THAT IS PROVIDED BY KONTENA AND DISTRIBUTED TOGETHER WITH THIS AGREEMENT ("KONTENA SOFTWARE"). BY INSTALLING OR USING KONTENA SOFTWARE GOVERNED BY THIS AGREEMENT, YOU AGREE ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE WITH TERMS AND CONDITIONS DETAILED IN THIS AGREEMENT, YOU MAY NOT INSTALL OR USE KONTENA SOFTWARE GOVERNED BY THIS AGREEMENT. IF YOU ARE INSTALLING OR USING THE SOFTWARE ON BEHALF OF A LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE ACTUAL AUTHORITY TO AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT ON BEHALF OF SUCH ENTITY. + +Posted Date: September 20, 2018 + +1. LICENSES, RESTRICTIONS AND THIRD-PARTY OPEN SOURCE SOFTWARE + + 1.1. End User License. Subject to the terms and conditions of Section 1.3 of this Agreement, Kontena hereby grants to You, AT NO CHARGE and for so long as you are not in breach of any provision of this Agreement, a limited, non-exclusive, non-transferable, fully paid up, royalty free, right and license, without the right to grant or authorize sublicenses, to: (i) install and use Kontena Software including Non-OSS Software; (ii) use environments and configurations that are created as end result of using the Kontena Software (“Runtime Environments”); and (iii) permit Contractors and Your Affiliates to use the Kontena Software and Runtime Environments as set forth in (i) and (ii) above, provided that such use by Contractors must be solely for Your benefit and/or the benefit of Your Affiliates, and You shall be responsible for all acts and omissions of such Contractors and Affiliates in connection with their use of the Kontena Software and Runtime Environments that are contrary to the terms and conditions of this Agreement. + + 1.2. Non-OSS Software License. Kontena Software and Runtime Environments may contain functionality and features that are compiled from source code that is not licensed under Apache 2.0 open source software license (“Non-OSS Software”). Such software is provided and identified by a license referring to this Agreement. Subject to the terms and conditions of Section 1.1 and 1.3 of this Agreement, Kontena hereby grants to You, AT NO CHARGE and for so long as you are not in breach of any provision of this Agreement, a limited, non-exclusive, non-transferable, fully paid up royalty free right and license to use the source code of Non-OSS Software to modify and compile custom version of Kontena Software that is used to create a custom Runtime Environments, provided You (i) do not hack Kontena Software licensing mechanism, and (ii) use the custom Kontena Software and Runtime Environments only for Your own testing purposes, not in any production capacity, on a temporary or permanent basis. Notwithstanding the foregoing, You may maintain a copy of the Non-OSS Software source code and that copy may be publicly accessible, provided that you include this Agreement with Your copy of the repository. + + 1.3. License Restrictions. Except as expressly set forth in Sections 1.1, and 1.2 of this Agreement, no other licenses are granted to You under this Agreement, by implication, estoppel or otherwise. Without limiting other conditions in this Agreement, the grant of rights under this Agreement will not include, and the End User License does not grant to You (i) the right to use Kontena Software, Runtime Environments or Non-OSS Software (collectively, “Kontena Products”) in Production Environments without valid Subscription. For purposes of the foregoing, “Production Environments” means any use of Kontena Products in any capacity beyond evaluation purposes. For avoidance of doubt, testing and development environments are considered as Production Environments. “Subscription” means a paid service provided by Kontena to You and covers the use of Kontena Software in Production Environments and related support (if applicable); (ii) reverse engineer any parts of Kontena Products, except and only to the extent any such restriction is prohibited by applicable law, (iii) except as expressly permitted in this Agreement, prepare derivative works from, modify, copy or use the Kontena Products in any manner; (iv) transfer, sell, rent, lease, distribute, sublicense, loan or otherwise transfer, Kontena Products, in whole or in part, to any third party; (v) circumvent the limitations on use of Kontena Products, or (vi) alter or remove any Kontena trademarks, trade names, logos and notices present on the Kontena Products or documentation as originally provided by Kontena. If You have any question as to whether a specific license restriction described in here applies to You, or are interested in obtaining Subscription for using Kontena Products in Production Environments, please contact sales@kontena.io. + + 1.4. Third Party Open Source Software. The Kontena Products may contain or be provided with third party open source libraries, components, utilities and other open source software (collectively, "Open Source Software"), which Open Source Software may have applicable license terms as identified on a website designated by Kontena. Notwithstanding anything to the contrary herein, use of the Open Source Software shall be subject to the license terms and conditions applicable to such Open Source Software, to the extent required by the applicable licensor (which terms shall not restrict the license rights granted to You hereunder, but may contain additional rights). To the extent any condition of this Agreement conflicts with any license to the Open Source Software, the Open Source Software license will govern with respect to such Open Source Software only. Kontena may also separately provide you with certain open source software that is licensed by Kontena. Your use of such Kontena open source software will not be governed by this Agreement, but by the applicable open source license terms. + + 1.5. Reservation of Rights. Kontena and owns all right, title and interest in and to the Kontena Products. + +2. TERMINATION + + 2.1. Termination. This Agreement will automatically terminate, whether or not You receive notice of such Termination from Kontena, if You breach any of its provisions. + + 2.2. Post Termination. Upon any termination of this Agreement, for any reason, You shall promptly cease the use of the Kontena Products, and cease use of any custom Kontena Software and Runtime Environments. For the avoidance of doubt, termination of this Agreement will not affect Your right to use software provided to you under Apache License Version 2.0. + + 2.3. Survival. Sections 1.3, 1.5, 2.3, 3 and 4 shall survive any termination or expiration of this Agreement. + +3. DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY + + 3.1. Disclaimer of Warranties. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE KONTENA SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, AND KONTENA AND ITS LICENSORS MAKE NO WARRANTIES WHETHER EXPRESSED, IMPLIED OR STATUTORY REGARDING OR RELATING TO THE KONTENA SOFTWARE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, KONTENA AND ITS LICENSORS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT WITH RESPECT TO THE KONTENA SOFTWARE, AND WITH RESPECT TO THE USE OF THE FOREGOING. FURTHER, KONTENA DOES NOT WARRANT RESULTS OF USE OR THAT THE KONTENA SOFTWARE WILL BE ERROR FREE OR THAT THE USE OF THE KONTENA SOFTWARE WILL BE UNINTERRUPTED. + + 3.2. Limitation of Liability. IN NO EVENT SHALL KONTENA OR ITS LICENSORS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT OR INDIRECT DAMAGES, INCLUDING, WITHOUT LIMITATION, FOR ANY LOSS OF PROFITS, LOSS OF USE, BUSINESS INTERRUPTION, LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, IN CONNECTION WITH OR ARISING OUT OF THE USE OR INABILITY TO USE THE KONTENA SOFTWARE, OR THE PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF KONTENA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +4. MISCELLANEOUS + + This Agreement completely and exclusively states the entire agreement of the parties regarding the subject matter herein, and it supersedes, and its terms govern, all prior proposals, agreements, or other communications between the parties, oral or written, regarding such subject matter. This Agreement may be modified by Kontena from time to time, and any such modifications will be effective upon the "Posted Date" set forth at the top of the modified Agreement. If any provision hereof is held unenforceable, this Agreement will continue without said provision and be interpreted to reflect the original intent of the parties. This Agreement and any non-contractual obligation arising out of or in connection with it, is governed exclusively by laws of Finland. This Agreement shall not be governed by the 1980 UN Convention on Contracts for the International Sale of Goods. All disputes arising out of or in connection with this Agreement, including its existence and validity, shall be resolved by the courts with jurisdiction in Helsinki, Finland. The parties hereby irrevocably waive any and all claims and defenses either might otherwise have in any such action or proceeding in any of such courts based upon any alleged lack of personal jurisdiction, improper venue, forum non conveniens or any similar claim or defense. A breach or threatened breach, by You of Section 1 may cause irreparable harm for which damages at law may not provide adequate relief, and therefore Kontena shall be entitled to seek injunctive relief without being required to post a bond. You may not assign this Agreement (including by operation of law in connection with a merger or acquisition), in whole or in part to any third party without the prior written consent of Kontena, which may be withheld or granted by Kontena in its sole and absolute discretion. Any assignment in violation of the preceding sentence is void. Notices to Kontena may also be sent to legal@kontena.io. \ No newline at end of file diff --git a/non-oss/README.md b/non-oss/README.md new file mode 100644 index 000000000..865374dc6 --- /dev/null +++ b/non-oss/README.md @@ -0,0 +1,3 @@ +# Kontena License Functionality + +This directory tree contains files subject to the Kontena License. \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/addon.rb b/non-oss/addons/kontena-lens/addon.rb new file mode 100644 index 000000000..a2ab6a57b --- /dev/null +++ b/non-oss/addons/kontena-lens/addon.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +Pharos.addon 'kontena-lens' do + version '0.1.0-dev' + license 'Kontena License' + + config_schema { + required(:name).filled(:str?) + required(:host).filled(:str?) + required(:email).filled(:str?) + } +end diff --git a/non-oss/addons/kontena-lens/resources/01-namespace.yml b/non-oss/addons/kontena-lens/resources/01-namespace.yml new file mode 100644 index 000000000..987bcce95 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/01-namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kontena-lens \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/02-service-account.yml b/non-oss/addons/kontena-lens/resources/02-service-account.yml new file mode 100644 index 000000000..c6d53b0b0 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/02-service-account.yml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: lens-operator + namespace: kontena-lens \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/03-cluster-role-binding.yml b/non-oss/addons/kontena-lens/resources/03-cluster-role-binding.yml new file mode 100644 index 000000000..e684c1189 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/03-cluster-role-binding.yml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: lens-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: lens-operator + namespace: kontena-lens \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/04-user-management-daemonset.yml b/non-oss/addons/kontena-lens/resources/04-user-management-daemonset.yml new file mode 100644 index 000000000..0657bc03d --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/04-user-management-daemonset.yml @@ -0,0 +1,45 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: user-management + namespace: kontena-lens + labels: + app: user-management +spec: + selector: + matchLabels: + app: user-management + template: + metadata: + labels: + app: user-management + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + nodeSelector: + node-role.kubernetes.io/master: '' + tolerations: + - effect: NoSchedule + operator: Exists + serviceAccountName: lens-operator + containers: + - image: quay.io/kontena/lens-idp:2018.6.1 + name: user-management + imagePullPolicy: Always + env: + - name: KUBERNETES_NAMESPACE + value: kontena-lens + resources: + requests: + memory: "128Mi" + cpu: "20m" + limits: + memory: "256Mi" + cpu: "50m" + livenessProbe: + httpGet: + path: /ping + port: 9999 + scheme: HTTP + initialDelaySeconds: 180 + timeoutSeconds: 5 \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/05-user-management-service.yml b/non-oss/addons/kontena-lens/resources/05-user-management-service.yml new file mode 100644 index 000000000..4f6bfb807 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/05-user-management-service.yml @@ -0,0 +1,11 @@ +kind: Service +apiVersion: v1 +metadata: + name: usermanagement + namespace: kontena-lens +spec: + selector: + app: user-management + ports: + - port: 9999 + targetPort: 9999 diff --git a/non-oss/addons/kontena-lens/resources/06-authenticator-daemonset.yml b/non-oss/addons/kontena-lens/resources/06-authenticator-daemonset.yml new file mode 100644 index 000000000..5009376c3 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/06-authenticator-daemonset.yml @@ -0,0 +1,47 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: user-authenticator + namespace: kontena-lens + labels: + k8s-app: user-authenticator +spec: + selector: + matchLabels: + k8s-app: user-authenticator + template: + metadata: + labels: + k8s-app: user-authenticator + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + nodeSelector: + node-role.kubernetes.io/master: '' + tolerations: + - effect: NoSchedule + operator: Exists + serviceAccountName: lens-operator + containers: + - image: quay.io/kontena/kube-authenticator:latest + name: user-authenticator + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /ping + port: 9292 + scheme: HTTP + initialDelaySeconds: 180 + timeoutSeconds: 5 + env: + - name: KUBERNETES_NAMESPACE + value: kontena-lens + resources: + requests: + memory: "128Mi" + cpu: "20m" + limits: + memory: "256Mi" + cpu: "50m" + hostNetwork: true + restartPolicy: Always \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/07-dashboard-deployment.yml b/non-oss/addons/kontena-lens/resources/07-dashboard-deployment.yml new file mode 100644 index 000000000..0840fa5f5 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/07-dashboard-deployment.yml @@ -0,0 +1,59 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: dashboard + namespace: kontena-lens + labels: + app: dashboard +spec: + selector: + matchLabels: + app: dashboard + template: + metadata: + labels: + app: dashboard + spec: + serviceAccountName: lens-operator + restartPolicy: Always + containers: + - image: quay.io/kontena/lens:latest + name: dashboard + imagePullPolicy: Always + env: + - name: KUBE_KONTENA_URL + value: http://usermanagement:9999 + - name: KUBE_TERMINAL_URL + value: http://localhost:9998 + - name: REDIS_CLIENT_HOST + value: redis + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "200m" + - name: kube-shell + image: quay.io/kontena/kube-shell-gateway:latest + imagePullPolicy: Always + env: + - name: SHELL_DOCKER_IMAGE + value: quay.io/kontena/kubectl:latest + resources: + requests: + memory: "128Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "100m" + livenessProbe: + httpGet: + path: /ping + port: 9998 + scheme: HTTP + initialDelaySeconds: 180 + timeoutSeconds: 5 + command: ["bundle"] + args: ["exec", "puma", "-p", "9998"] + diff --git a/non-oss/addons/kontena-lens/resources/08-dashboard-service.yml b/non-oss/addons/kontena-lens/resources/08-dashboard-service.yml new file mode 100644 index 000000000..be2f6f56d --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/08-dashboard-service.yml @@ -0,0 +1,11 @@ +kind: Service +apiVersion: v1 +metadata: + name: dashboard + namespace: kontena-lens +spec: + selector: + app: dashboard + ports: + - port: 8889 + targetPort: 8889 diff --git a/non-oss/addons/kontena-lens/resources/09-kube-shell-namespace.yml b/non-oss/addons/kontena-lens/resources/09-kube-shell-namespace.yml new file mode 100644 index 000000000..146401613 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/09-kube-shell-namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kube-shell diff --git a/non-oss/addons/kontena-lens/resources/10-redis-deployment.yml b/non-oss/addons/kontena-lens/resources/10-redis-deployment.yml new file mode 100644 index 000000000..58151557d --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/10-redis-deployment.yml @@ -0,0 +1,38 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: redis + namespace: kontena-lens + labels: + app: redis +spec: + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + restartPolicy: Always + containers: + - name: redis + image: docker.io/redis:4-alpine + env: + - name: MASTER + value: "true" + ports: + - containerPort: 6379 + volumeMounts: + - mountPath: /data + name: data + resources: + requests: + memory: "32Mi" + cpu: "20m" + limits: + memory: "64Mi" + cpu: "50m" + volumes: + - name: data + emptyDir: {} \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/11-redis-service.yml b/non-oss/addons/kontena-lens/resources/11-redis-service.yml new file mode 100644 index 000000000..ee4710d43 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/11-redis-service.yml @@ -0,0 +1,11 @@ +kind: Service +apiVersion: v1 +metadata: + name: redis + namespace: kontena-lens +spec: + selector: + app: redis + ports: + - port: 6379 + targetPort: 6379 diff --git a/non-oss/addons/kontena-lens/resources/12-ingress.yml.erb b/non-oss/addons/kontena-lens/resources/12-ingress.yml.erb new file mode 100644 index 000000000..3d6995cc7 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/12-ingress.yml.erb @@ -0,0 +1,20 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: <%= config.name %> + namespace: kontena-lens + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + tls: + - secretName: <%= config.name %>-tls + hosts: + - <%= config.host %> + rules: + - host: <%= config.host %> + http: + paths: + - path: / + backend: + serviceName: dashboard + servicePort: 8889 \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/13-certificate.yml.erb b/non-oss/addons/kontena-lens/resources/13-certificate.yml.erb new file mode 100644 index 000000000..df960c1dc --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/13-certificate.yml.erb @@ -0,0 +1,18 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Certificate +metadata: + name: <%= config.name %> + namespace: kontena-lens +spec: + secretName: <%= config.name %>-tls + issuerRef: + name: letsencrypt + commonName: <%= config.host %> + dnsNames: + - <%= config.host %> + acme: + config: + - http01: + ingressClass: nginx + domains: + - <%= config.host %> \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/14-issuer.yml.erb b/non-oss/addons/kontena-lens/resources/14-issuer.yml.erb new file mode 100644 index 000000000..a846ab66b --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/14-issuer.yml.erb @@ -0,0 +1,16 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Issuer +metadata: + name: letsencrypt + namespace: kontena-lens +spec: + acme: + # The ACME server URL + server: https://acme-v01.api.letsencrypt.org/directory + # Email address used for ACME registration + email: <%= config.email %> + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt + # Enable the HTTP-01 challenge provider + http01: {} \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/cluster_crd.yml b/non-oss/addons/kontena-lens/resources/cluster_crd.yml new file mode 100644 index 000000000..9518ec3c3 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/cluster_crd.yml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + # name must match the spec fields below, and be in the form: . + name: clusters.beta.kontena.io +spec: + # group name to use for REST API: /apis// + group: beta.kontena.io + # version name to use for REST API: /apis// + version: v1 + # either Namespaced or Cluster + scope: Cluster + names: + # plural name to be used in the URL: /apis/// + plural: clusters + # singular name to be used as an alias on the CLI and for display + singular: cluster + # kind is normally the CamelCased singular type. Your resource manifests use this. + kind: Cluster diff --git a/non-oss/addons/kontena-lens/resources/group_crd.yml b/non-oss/addons/kontena-lens/resources/group_crd.yml new file mode 100644 index 000000000..2d8bf2cbf --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/group_crd.yml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + # name must match the spec fields below, and be in the form: . + name: groups.beta.kontena.io +spec: + # group name to use for REST API: /apis// + group: beta.kontena.io + # version name to use for REST API: /apis// + version: v1 + # either Namespaced or Cluster + scope: Cluster + names: + # plural name to be used in the URL: /apis/// + plural: groups + # singular name to be used as an alias on the CLI and for display + singular: group + # kind is normally the CamelCased singular type. Your resource manifests use this. + kind: Group + # shortNames allow shorter string to match your resource on the CLI + shortNames: + - g \ No newline at end of file diff --git a/non-oss/addons/kontena-lens/resources/user_crd.yml b/non-oss/addons/kontena-lens/resources/user_crd.yml new file mode 100644 index 000000000..ed174e243 --- /dev/null +++ b/non-oss/addons/kontena-lens/resources/user_crd.yml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + # name must match the spec fields below, and be in the form: . + name: users.beta.kontena.io +spec: + # group name to use for REST API: /apis// + group: beta.kontena.io + # version name to use for REST API: /apis// + version: v1 + # either Namespaced or Cluster + scope: Cluster + names: + # plural name to be used in the URL: /apis/// + plural: users + # singular name to be used as an alias on the CLI and for display + singular: user + # kind is normally the CamelCased singular type. Your resource manifests use this. + kind: User + # shortNames allow shorter string to match your resource on the CLI + shortNames: + - u \ No newline at end of file diff --git a/non-oss/addons/license-manager/addon.rb b/non-oss/addons/license-manager/addon.rb new file mode 100644 index 000000000..f4611f84b --- /dev/null +++ b/non-oss/addons/license-manager/addon.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +Pharos.addon 'license-manager' do + version Pharos::VERSION + license 'Kontena License' + enable! + + config { + attribute :key, Pharos::Types::String.default('EVALUATION') + } + + config_schema { + optional(:key).filled(:str?) + } +end diff --git a/non-oss/addons/license-manager/resources/secret.yaml.erb b/non-oss/addons/license-manager/resources/secret.yaml.erb new file mode 100644 index 000000000..3368edfe5 --- /dev/null +++ b/non-oss/addons/license-manager/resources/secret.yaml.erb @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pharos-license + namespace: kube-system +type: Opaque +data: + key: <%= Base64.strict_encode64(config.key) %> \ No newline at end of file diff --git a/non-oss/phases/migrate_master.rb b/non-oss/phases/migrate_master.rb new file mode 100644 index 000000000..1e02dc649 --- /dev/null +++ b/non-oss/phases/migrate_master.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module Pharos + module Phases + class MigrateMaster < Pharos::Phase + title "Migrate master" + + def call + logger.info { 'Nothing to migrate.' } + end + end + end +end diff --git a/non-oss/phases/migrate_worker.rb b/non-oss/phases/migrate_worker.rb new file mode 100644 index 000000000..254854210 --- /dev/null +++ b/non-oss/phases/migrate_worker.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module Pharos + module Phases + class MigrateWorker < Pharos::Phase + title "Migrate worker" + + def call + logger.info { 'Nothing to migrate.' } + end + end + end +end diff --git a/non-oss/phases/validate_version.rb b/non-oss/phases/validate_version.rb new file mode 100644 index 000000000..6641db862 --- /dev/null +++ b/non-oss/phases/validate_version.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module Pharos + module Phases + class ValidateVersion < Pharos::Phase + # @param cluster_version [String] + def validate_version(cluster_version) + cluster_major, cluster_minor, cluster_patch = cluster_version.split('.') + major, minor, patch = Pharos::VERSION.split('.') + + if major.to_i < cluster_major.to_i || minor.to_i < cluster_minor.to_i || patch.to_i < cluster_patch.to_i + raise "Downgrade not supported" + end + + logger.info { "Valid cluster version detected: #{cluster_version}" } + end + end + end +end