GA

Dockerfile

@@ -19,9 +19,8 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM centos/systemd:latest
 WORKDIR /
 COPY --from=builder /workspace/manager .
-USER 65532:65532
 
 ENTRYPOINT ["/manager"]

Makefile

@@ -1,6 +1,6 @@
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= docker.io/warmmetal/kube-systemd-controller:v0.1.0
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 
@@ -49,6 +49,9 @@ undeploy:
 manifests: controller-gen
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
+dump-manifest: manifests kustomize
+	$(KUSTOMIZE) build config/default > config/samples/install.yaml
+
 # Run go fmt against code
 fmt:
 	go fmt ./...
@@ -62,8 +65,8 @@ generate: controller-gen
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 # Build the docker image
-docker-build: test
-	docker build -t ${IMG} .
+docker-build:
+	kubectl dev build -t ${IMG} .
 
 # Push the docker image
 docker-push:

PROJECT

@@ -2,4 +2,10 @@ domain: systemd.warmmetal.tech
 layout: go.kubebuilder.io/v3
 projectName: kube-systemd
 repo: github.com/warm-metal/kube-systemd
+resources:
+- api:
+    crdVersion: v1
+  group: core
+  kind: Unit
+  version: v1
 version: 3-alpha

README.md

@@ -0,0 +1,108 @@
+# KubeSystemd
+
+**kube-systemd** is a controller to help manage systemd services on each Node in clusters.
+
+With clusters like minikube on hyberkit, which boot always from an ISO, 
+**kube-systemd** could save configurations of systemd services and apply them after nodes started.
+
+**kube-systemd** introduces CRD Unit to save all configurations.
+
+```yaml
+type Unit struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   UnitSpec   `json:"spec,omitempty"`
+	Status UnitStatus `json:"status,omitempty"`
+}
+
+type UnitSpec struct {
+	// Path defines the absolute path on the host of the unit.
+	Path string `json:"path,omitempty"`
+
+	// Definition specifies the unit definition. If set, it is written to the unit configuration which Path defines.
+	// Or, the original unit on the host will be used.
+	// +optional
+	Definition string `json:"definition,omitempty"`
+
+	// Config specifies config files and contents on the host with respect to the systemd unit.
+	// The key is the absolute path of the configuration file. And, the value is the file content.
+	// +optional
+	Config map[string]string `json:"config,omitempty"`
+}
+```
+
+## Install
+```shell script
+kubectl apply -f https://raw.githubusercontent.com/warm-metal/kube-systemd/master/config/samples/install.yaml
+```
+
+## Demo
+
+We can create a unit to modify NTP server configuration in a minikube cluster to make sure the cluster clock is always
+synchronized to the NTP server.
+
+```yaml
+apiVersion: core.systemd.warmmetal.tech/v1
+kind: Unit
+metadata:
+  name: systemd-timesyncd.service
+spec:
+  path: "/lib/systemd/system/systemd-timesyncd.service"
+  config:
+    "/etc/systemd/timesyncd.conf": |
+      [Time]
+      NTP=ntp1.aliyun.com
+```
+
+After the unit executed, we could see that its status changed.
+That is, `status.execTimestamp` is updated to the time last executed.
+If errors raised, the `status.error` would be also updated. 
+
+```yaml
+apiVersion: core.systemd.warmmetal.tech/v1
+kind: Unit
+metadata:
+  annotations:
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"core.systemd.warmmetal.tech/v1","kind":"Unit","metadata":{"annotations":{},"name":"systemd-timesyncd.service"},"spec":{"config":{"/etc/systemd/timesyncd.conf":"[Time]\nNTP=ntp1.aliyun.com\n"},"path":"/lib/systemd/system/systemd-timesyncd.service"}}
+  creationTimestamp: "2021-03-10T08:52:30Z"
+  generation: 1
+  managedFields:
+  - apiVersion: core.systemd.warmmetal.tech/v1
+    fieldsType: FieldsV1
+    fieldsV1:
+      f:metadata:
+        f:annotations:
+          .: {}
+          f:kubectl.kubernetes.io/last-applied-configuration: {}
+      f:spec:
+        .: {}
+        f:config:
+          .: {}
+          f:/etc/systemd/timesyncd.conf: {}
+        f:path: {}
+    manager: kubectl-client-side-apply
+    operation: Update
+    time: "2021-03-10T08:52:30Z"
+  - apiVersion: core.systemd.warmmetal.tech/v1
+    fieldsType: FieldsV1
+    fieldsV1:
+      f:status:
+        .: {}
+        f:execTimestamp: {}
+    manager: manager
+    operation: Update
+    time: "2021-03-10T08:52:30Z"
+  name: systemd-timesyncd.service
+  resourceVersion: "208241"
+  uid: ad1d4311-b26b-4261-8551-f81f659fa2d3
+spec:
+  config:
+    /etc/systemd/timesyncd.conf: |
+      [Time]
+      NTP=ntp1.aliyun.com
+  path: /lib/systemd/system/systemd-timesyncd.service
+status:
+  execTimestamp: "2021-03-10T09:08:46Z"
+```

api/v1/unit_types.go

@@ -28,18 +28,37 @@ type UnitSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	// Foo is an example field of Unit. Edit unit_types.go to remove/update
-	Foo string `json:"foo,omitempty"`
+	// Path defines the absolute path on the host of the unit.
+	Path string `json:"path,omitempty"`
+
+	// Definition specifies the unit definition. If set, it is written to the unit configuration which Path defines.
+	// Or, the original unit on the host will be used.
+	// +optional
+	Definition string `json:"definition,omitempty"`
+
+	// Config specifies config files and contents on the host with respect to the systemd unit.
+	// The key is the absolute path of the configuration file. And, the value is the file content.
+	// +optional
+	Config map[string]string `json:"config,omitempty"`
 }
 
 // UnitStatus defines the observed state of Unit
 type UnitStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
+
+	// Timestamp of the last execution
+	// +optional
+	ExecTimestamp metav1.Time `json:"execTimestamp,omitempty"`
+
+	// Specify Errors on reconcile
+	// +optional
+	Error string `json:"error,omitempty"`
 }
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
+//+kubebuilder:resource:scope=Cluster
 
 // Unit is the Schema for the units API
 type Unit struct {

config/crd/bases/core.systemd.warmmetal.tech_units.yaml

@@ -0,0 +1,76 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
+  name: units.core.systemd.warmmetal.tech
+spec:
+  group: core.systemd.warmmetal.tech
+  names:
+    kind: Unit
+    listKind: UnitList
+    plural: units
+    singular: unit
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: Unit is the Schema for the units API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: UnitSpec defines the desired state of Unit
+            properties:
+              config:
+                additionalProperties:
+                  type: string
+                description: Config specifies config files and contents on the host
+                  with respect to the systemd unit. The key is the absolute path of
+                  the configuration file. And, the value is the file content.
+                type: object
+              definition:
+                description: Definition specifies the unit definition. If set, it
+                  is written to the unit configuration which Path defines. Or, the
+                  original unit on the host will be used.
+                type: string
+              path:
+                description: Path defines the absolute path on the host of the unit.
+                type: string
+            type: object
+          status:
+            description: UnitStatus defines the observed state of Unit
+            properties:
+              error:
+                description: Specify Errors on reconcile
+                type: string
+              execTimestamp:
+                description: Timestamp of the last execution
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/default/manager_auth_proxy_patch.yaml

@@ -1,7 +1,7 @@
 # This patch inject a sidecar container which is a HTTP proxy for the
 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
   name: controller-manager
   namespace: system
@@ -23,4 +23,3 @@ spec:
         args:
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
-        - "--leader-elect"

config/default/manager_config_patch.yaml

@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
   name: controller-manager
   namespace: system

config/manager/kustomization.yaml

@@ -5,6 +5,12 @@ generatorOptions:
   disableNameSuffixHash: true
 
 configMapGenerator:
-- name: manager-config
-  files:
+- files:
   - controller_manager_config.yaml
+  name: manager-config
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: docker.io/warmmetal/kube-systemd-controller
+  newTag: v0.1.0