diff --git a/apps/system-update/Makefile b/apps/system-update/Makefile deleted file mode 100644 index f1e32fbde..000000000 --- a/apps/system-update/Makefile +++ /dev/null @@ -1,2 +0,0 @@ -include ../../Makefile.common - diff --git a/apps/system-update/jsonnet/jsonnetfile.json b/apps/system-update/jsonnet/jsonnetfile.json deleted file mode 100644 index 1fcb7d06f..000000000 --- a/apps/system-update/jsonnet/jsonnetfile.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "version": 1, - "dependencies": [ - { - "source": { - "git": { - "remote": "https://github.com/thaum-xyz/jsonnet-libs", - "subdir": "apps/kured" - } - }, - "version": "main" - } - ], - "legacyImports": true - } - \ No newline at end of file diff --git a/apps/system-update/jsonnet/jsonnetfile.lock.json b/apps/system-update/jsonnet/jsonnetfile.lock.json deleted file mode 100644 index 8f76c50da..000000000 --- a/apps/system-update/jsonnet/jsonnetfile.lock.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "version": 1, - "dependencies": [ - { - "source": { - "git": { - "remote": "https://github.com/thaum-xyz/jsonnet-libs.git", - "subdir": "apps/kured" - } - }, - "version": "7ecf9952e47693db49ddbf2796b7422519c8cda9", - "sum": "N+btTyfxN8p6tg06eESAiTVVa+u1kL9ySsGlTRyicWQ=" - } - ], - "legacyImports": false -} diff --git a/apps/system-update/jsonnet/kured.libsonnet b/apps/system-update/jsonnet/kured.libsonnet deleted file mode 100644 index 1869734b5..000000000 --- a/apps/system-update/jsonnet/kured.libsonnet +++ /dev/null @@ -1,193 +0,0 @@ -local defaults = { - local defaults = self, - name: 'kured', - namespace: error 'must provide namespace', - version: error 'must provide version', - image: error 'must provide image', - resources: { - //requests: { cpu: '200m', memory: '800Mi' }, - //limits: { cpu: '400m', memory: '1600Mi' }, - }, - commonLabels:: { - 'app.kubernetes.io/name': 'kured', - 'app.kubernetes.io/version': defaults.version, - 'app.kubernetes.io/part-of': 'kured', - }, - selectorLabels:: { - [labelName]: defaults.commonLabels[labelName] - for labelName in std.objectFields(defaults.commonLabels) - if !std.setMember(labelName, ['app.kubernetes.io/version']) - }, - args: [], -}; - -function(params) { - local k = self, - _config:: defaults + params, - _metadata:: { - name: k._config.name, - namespace: k._config.namespace, - labels: k._config.commonLabels, - }, - // Safety check - //assert std.isObject(k._config.resources), - - // RBAC - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - automountServiceAccountToken: true, - metadata: k._metadata, - }, - - clusterRole: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: k._metadata, - rules: [ - { - apiGroups: [''], - resources: ['nodes'], - verbs: ['get', 'patch'], - }, - { - apiGroups: [''], - resources: ['pods'], - verbs: ['list', 'delete', 'get'], - }, - { - apiGroups: ['apps'], - resources: ['daemonsets'], - verbs: ['get'], - }, - { - apiGroups: [''], - resources: ['pods/eviction'], - verbs: ['create'], - }, - ], - }, - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: k._metadata, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: k.clusterRole.metadata.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: k.serviceAccount.metadata.name, - namespace: k.serviceAccount.metadata.namespace, - }], - }, - role: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', - metadata: k._metadata, - rules: [{ - apiGroups: ['apps'], - resources: ['daemonsets'], - resourceNames: ['kured'], - verbs: ['update'], - }], - }, - roleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: k._metadata, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: k.role.metadata.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: k.serviceAccount.metadata.name, - namespace: k.serviceAccount.metadata.namespace, - }], - }, - - // APPLICATION - daemonSet: { - local c = { - name: k._metadata.name, - image: k._config.image, - imagePullPolicy: 'IfNotPresent', - securityContext: { - privileged: true, // Give permission to nsenter /proc/1/ns/mnt - }, - command: ['/usr/bin/kured'], - args: [ - '--ds-name=' + k.daemonSet.metadata.name, - '--ds-namespace=' + k._metadata.namespace, - ] + k._config.args, - env: [{ - // Pass in the name of the node on which this pod is scheduled - // for use with drain/uncordon operations and lock acquisition - name: 'KURED_NODE_ID', - valueFrom: { - fieldRef: { - fieldPath: 'spec.nodeName', - }, - }, - }], - ports: [{ - containerPort: 8080, - name: 'metrics', - }], - resources: k._config.resources, - }, - - apiVersion: 'apps/v1', - kind: 'DaemonSet', - metadata: k._metadata { - annotations: { - 'ignore-check.kube-linter.io/privileged-container': 'kured needs priv container to work', - }, - }, - spec: { - selector: { - matchLabels: k._config.selectorLabels, - }, - updateStrategy: { - type: 'RollingUpdate', - }, - template: { - metadata: k._metadata, - spec: { - serviceAccountName: k.serviceAccount.metadata.name, - tolerations: [ - { - key: 'node-role.kubernetes.io/master', - effect: 'NoSchedule', - }, - { - key: 'node-role.kubernetes.io/control-plane', - operator: 'Exists', - }, - ], - hostPID: true, - restartPolicy: 'Always', - containers: [c], - }, - }, - }, - }, - - // Monitoring - podMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PodMonitor', - metadata: k._metadata, - spec: { - podMetricsEndpoints: [{ - port: k.daemonSet.spec.template.spec.containers[0].ports[0].name, - }], - selector: { - matchLabels: k._config.selectorLabels, - }, - }, - }, -} diff --git a/apps/system-update/jsonnet/main.jsonnet b/apps/system-update/jsonnet/main.jsonnet deleted file mode 100644 index f9946ad3e..000000000 --- a/apps/system-update/jsonnet/main.jsonnet +++ /dev/null @@ -1,16 +0,0 @@ -local kured = import 'kured.libsonnet'; - -local configYAML = (importstr '../settings.yaml'); - -// Join multiple configuration sources -local config = std.parseYaml(configYAML)[0]; - -local all = { - kured: kured(config.kured), -}; - -{ - [component + '/' + resource + '.yaml']: std.manifestYamlDoc(all[component][resource]) - for component in std.objectFields(all) - for resource in std.objectFields(all[component]) -} diff --git a/apps/system-update/manifests/kured/clusterRole.yaml b/apps/system-update/manifests/kured/clusterRole.yaml deleted file mode 100644 index a5f5bea68..000000000 --- a/apps/system-update/manifests/kured/clusterRole.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - get -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create diff --git a/apps/system-update/manifests/kured/clusterRoleBinding.yaml b/apps/system-update/manifests/kured/clusterRoleBinding.yaml deleted file mode 100644 index 4aa6c7622..000000000 --- a/apps/system-update/manifests/kured/clusterRoleBinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kured -subjects: -- kind: ServiceAccount - name: kured - namespace: system-update diff --git a/apps/system-update/manifests/kured/daemonSet.yaml b/apps/system-update/manifests/kured/daemonSet.yaml deleted file mode 100644 index 3bf87cb60..000000000 --- a/apps/system-update/manifests/kured/daemonSet.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - annotations: - ignore-check.kube-linter.io/privileged-container: kured needs priv container to - work - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update -spec: - selector: - matchLabels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - template: - metadata: - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update - spec: - containers: - - args: - - --ds-name=kured - - --ds-namespace=system-update - - --drain-timeout=15m - - --reboot-days=mo,we,th - - --period=2h - - --start-time=07:00:00 - - --end-time=12:00:00 - command: - - /usr/bin/kured - env: - - name: KURED_NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: ghcr.io/kubereboot/kured:1.13.2 - imagePullPolicy: IfNotPresent - name: kured - ports: - - containerPort: 8080 - name: metrics - resources: - limits: - cpu: 60m - memory: 30Mi - requests: - cpu: 14m - memory: 23Mi - securityContext: - privileged: true - hostPID: true - restartPolicy: Always - serviceAccountName: kured - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - key: node-role.kubernetes.io/control-plane - operator: Exists - updateStrategy: - type: RollingUpdate diff --git a/apps/system-update/manifests/kured/podMonitor.yaml b/apps/system-update/manifests/kured/podMonitor.yaml deleted file mode 100644 index d993ee576..000000000 --- a/apps/system-update/manifests/kured/podMonitor.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update -spec: - podMetricsEndpoints: - - port: metrics - selector: - matchLabels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured diff --git a/apps/system-update/manifests/kured/role.yaml b/apps/system-update/manifests/kured/role.yaml deleted file mode 100644 index afb563544..000000000 --- a/apps/system-update/manifests/kured/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update -rules: -- apiGroups: - - apps - resourceNames: - - kured - resources: - - daemonsets - verbs: - - update diff --git a/apps/system-update/manifests/kured/roleBinding.yaml b/apps/system-update/manifests/kured/roleBinding.yaml deleted file mode 100644 index 7df0b9e1c..000000000 --- a/apps/system-update/manifests/kured/roleBinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kured -subjects: -- kind: ServiceAccount - name: kured - namespace: system-update diff --git a/apps/system-update/manifests/kured/serviceAccount.yaml b/apps/system-update/manifests/kured/serviceAccount.yaml deleted file mode 100644 index 50a048e92..000000000 --- a/apps/system-update/manifests/kured/serviceAccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: kured - app.kubernetes.io/part-of: kured - app.kubernetes.io/version: 1.13.2 - name: kured - namespace: system-update diff --git a/apps/system-update/settings.yaml b/apps/system-update/settings.yaml deleted file mode 100644 index a8f5de945..000000000 --- a/apps/system-update/settings.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -kured: - version: "1.15.1" # application-version-from-github: weaveworks/kured - image: "ghcr.io/kubereboot/kured:1.15.1" # application-image-from-github: weaveworks/kured - namespace: "system-update" - args: - - "--drain-timeout=15m" - - "--lock-release-delay=60m" - - "--reboot-days=we,th" - - "--start-time=07:00:00" - - "--end-time=12:00:00" - resources: - requests: - cpu: 14m - memory: 23Mi - limits: - cpu: 60m - memory: 30Mi