Prepare for initial release

Author: ibuildthecloud

.dockerignore

@@ -1,10 +1,9 @@
 ./bin
+./build
+./pkg/data/zz_generated_bindata.go
+./package/data.tar.gz
 ./.vagrant
 ./.dapper
 ./data-dir
 ./dist
 ./.trash-cache
-./image/root
-./image/agent
-./image/go_build_agent
-./image/main.squashfs

.gitignore

@@ -13,6 +13,7 @@
 /image/go_build_agent
 /image/main.squashfs
 /package/k3s
+/package/data.tar.gz
 /pkg/data/zz_generated_bindata.go
 __pycache__
 /tests/.pytest_cache/

Dockerfile.dapper

@@ -1,19 +1,21 @@
-FROM golang:1.11-alpine3.8
+FROM golang:1.11.4-alpine3.8
+# FROM arm=golang@sha256:fe81149b4e7f07ecb558fd16cdbcdb11e739846a046e38cc6e170aa39a67e7ec arm64=golang@sha256:da9c2d140ed4bf911ef8f6d9437912b80497c256ef2235c65836eac83d1c0ce7
 
 RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers zlib-dev tar zip squashfs-tools npm coreutils \
     python3 py3-pip python3-dev openssl-dev libffi-dev libseccomp libseccomp-dev make
 RUN pip3 install 'tox==3.6.0'
 RUN apk -U --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/main/ add sqlite-dev sqlite-static
 RUN go get -d golang.org/x/lint/golint && \
     git -C /go/src/golang.org/x/lint/golint checkout -b current 06c8688daad7faa9da5a0c2f163a3d14aac986ca && \
-    go install golang.org/x/lint/golint && \
-    rm -rf /go/src /go/pkg
+    go install golang.org/x/lint/golint
 RUN go get -d github.com/alecthomas/gometalinter && \
     git -C /go/src/github.com/alecthomas/gometalinter checkout -b current v2.0.11 && \
     go install github.com/alecthomas/gometalinter && \
-    gometalinter --install && \
-    rm -rf /go/src /go/pkg
+    gometalinter --install
+RUN rm -rf /go/src /go/pkg
 
+ARG DAPPER_HOST_ARCH
+ENV ARCH $DAPPER_HOST_ARCH
 ENV DAPPER_RUN_ARGS --privileged
 ENV DAPPER_ENV REPO TAG DRONE_TAG IMAGE_NAME
 ENV DAPPER_SOURCE /go/src/github.com/rancher/k3s/

cmd/k3s/main.go

@@ -72,13 +72,13 @@ func getAssetAndDir(dataDir string) (string, string) {
 }
 
 func extract(asset, dir string) error {
-	logrus.Infof("Asset dir %s", dir)
+	logrus.Debugf("Asset dir %s", dir)
 
 	if _, err := os.Stat(dir); err == nil {
 		return nil
 	}
 
-	logrus.Infof("Staging to dir %s", dir)
+	logrus.Infof("Preparing data dir %s", dir)
 
 	content, err := data.Asset(asset)
 	if err != nil {

docker-compose.yml

@@ -0,0 +1,28 @@
+version: '3'
+services:
+  server:
+    image: rancher/k3s:fa08d60-dirty-amd64
+    command: server --disable-agent
+    environment:
+    - K3S_CLUSTER_SECRET=somethingtotallyrandom
+    - K3S_KUBECONFIG_OUTPUT=/output/kubeconfig.yaml
+    - K3S_KUBECONFIG_MODE=666
+    volumes:
+    - k3s-server:/var/lib/rancher/k3s
+    # This is just so that we get the kubeconfig file out
+    - .:/output
+    ports:
+    - 6443:6443
+
+  node:
+    image: rancher/k3s:fa08d60-dirty-amd64
+    tmpfs:
+    - /run
+    - /var/run
+    privileged: true
+    environment:
+    - K3S_URL=https://server:6443
+    - K3S_CLUSTER_SECRET=somethingtotallyrandom
+
+volumes:
+  k3s-server: {}

manifests/coredns.yaml

@@ -0,0 +1,175 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - services
+  - pods
+  - namespaces
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:coredns
+subjects:
+- kind: ServiceAccount
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          upstream
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        prometheus :9153
+        proxy . 1.1.1.1
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: coredns
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/name: "CoreDNS"
+spec:
+  #replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      k8s-app: kube-dns
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns
+    spec:
+      serviceAccountName: coredns
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+      containers:
+      - name: coredns
+        image: coredns/coredns:1.3.0
+        imagePullPolicy: IfNotPresent
+        resources:
+          limits:
+            memory: 170Mi
+          requests:
+            cpu: 100m
+            memory: 70Mi
+        args: [ "-conf", "/etc/coredns/Corefile" ]
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/coredns
+          readOnly: true
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        - containerPort: 9153
+          name: metrics
+          protocol: TCP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 5
+      dnsPolicy: Default
+      volumes:
+        - name: config-volume
+          configMap:
+            name: coredns
+            items:
+            - key: Corefile
+              path: Corefile
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-dns
+  namespace: kube-system
+  annotations:
+    prometheus.io/port: "9153"
+    prometheus.io/scrape: "true"
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    kubernetes.io/name: "CoreDNS"
+spec:
+  selector:
+    k8s-app: kube-dns
+  clusterIP: 10.43.0.10
+  ports:
+  - name: dns
+    port: 53
+    protocol: UDP
+  - name: dns-tcp
+    port: 53
+    protocol: TCP
+  - name: metrics
+    port: 9153
+    protocol: TCP

pkg/agent/config/config.go

@@ -12,8 +12,6 @@ import (
 	"path/filepath"
 	"time"
 
-	"k8s.io/kubernetes/pkg/kubelet/apis/deviceplugin/v1beta1"
-
 	"github.com/pkg/errors"
 	"github.com/rancher/k3s/pkg/cli/cmds"
 	"github.com/rancher/k3s/pkg/daemons/config"
@@ -22,6 +20,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/json"
 	"k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/client-go/util/cert"
+	"k8s.io/kubernetes/pkg/kubelet/apis/deviceplugin/v1beta1"
 )
 
 func Get(ctx context.Context, agent cmds.Agent) *config.Node {

pkg/agent/run.go

@@ -6,8 +6,6 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/sirupsen/logrus"
-
 	"github.com/rancher/k3s/pkg/agent/config"
 	"github.com/rancher/k3s/pkg/agent/containerd"
 	"github.com/rancher/k3s/pkg/agent/flannel"
@@ -17,6 +15,7 @@ import (
 	"github.com/rancher/k3s/pkg/cli/cmds"
 	"github.com/rancher/k3s/pkg/daemons/agent"
 	"github.com/rancher/norman/pkg/clientaccess"
+	"github.com/sirupsen/logrus"
 )
 
 func run(ctx context.Context, cfg cmds.Agent) error {
@@ -65,6 +64,10 @@ func run(ctx context.Context, cfg cmds.Agent) error {
 func Run(ctx context.Context, cfg cmds.Agent) error {
 	cfg.DataDir = filepath.Join(cfg.DataDir, "agent")
 
+	if cfg.ClusterSecret != "" {
+		cfg.Token = "K10node:" + cfg.ClusterSecret
+	}
+
 	for {
 		tmpFile, err := clientaccess.AgentAccessInfoToTempKubeConfig("", cfg.ServerURL, cfg.Token)
 		if err != nil {

pkg/cli/agent/agent.go

@@ -17,7 +17,7 @@ func Run(ctx *cli.Context) error {
 		return fmt.Errorf("agent must be ran as root")
 	}
 
-	if cmds.AgentConfig.Token == "" {
+	if cmds.AgentConfig.Token == "" && cmds.AgentConfig.ClusterSecret == "" {
 		return fmt.Errorf("--token is required")
 	}
 

pkg/cli/cmds/agent.go

@@ -8,14 +8,15 @@ import (
 )
 
 type Agent struct {
-	Token     string
-	ServerURL string
-	DataDir   string
-	NodeIP    string
-	NodeName  string
-	Docker    bool
-	NoFlannel bool
-	Debug     bool
+	Token         string
+	ServerURL     string
+	DataDir       string
+	NodeIP        string
+	NodeName      string
+	ClusterSecret string
+	Docker        bool
+	NoFlannel     bool
+	Debug         bool
 	AgentShared
 }
 
@@ -74,6 +75,12 @@ func NewAgentCommand(action func(ctx *cli.Context) error) cli.Command {
 				Usage:       "Disable embedded flannel",
 				Destination: &AgentConfig.NoFlannel,
 			},
+			cli.StringFlag{
+				Name:        "cluster-secret",
+				Usage:       "Shared secret used to bootstrap a cluster",
+				Destination: &AgentConfig.ClusterSecret,
+				EnvVar:      "K3S_CLUSTER_SECRET",
+			},
 			NodeNameFlag,
 			NodeIPFlag,
 		},