CKS: Support Ciilum and new dashboard

Usage:

    cd scripts/util/
    ./create-kubernetes-binaries-iso.sh ./ 1.34.1 1.8.0 1.34.0 \
    ./cks-config-cilium.yaml \
    ./cks-config-dashboard.yaml \
    cks-1.34.1-cilium-1.18.1

Refer to
https://docs.cloudstack.apache.org/en/latest/plugins/cloudstack-kubernetes-service.html#kubernetes-supported-versions

dashboard: https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard/7.13.0
cilium: https://artifacthub.io/packages/helm/cilium/cilium/1.18.1

Author: weizhouapache

plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml

@@ -111,6 +111,7 @@ write_files:
         echo "Installing binaries from ${BINARIES_DIR}"
         mkdir -p /opt/cni/bin
         tar -f "${BINARIES_DIR}/cni/cni-plugins-"*64.tgz -C /opt/cni/bin -xz
+        chown -R root:root /opt/cni/bin/
 
         mkdir -p /opt/bin
         tar -f "${BINARIES_DIR}/cri-tools/crictl-linux-"*64.tar.gz -C /opt/bin -xz
@@ -178,6 +179,7 @@ write_files:
         echo "Warning: ${BINARIES_DIR} not found. Will get binaries and docker images from Internet."
         mkdir -p /opt/cni/bin
         curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
+        chown -R root:root /opt/cni/bin/
 
         mkdir -p /opt/bin
         curl -L "https://github.com/kubernetes-incubator/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz
@@ -278,6 +280,13 @@ write_files:
       ExecStartPre=/usr/bin/curl -k https://{{ k8s_control_node.join_ip }}:6443/version
       ExecStart=/opt/bin/deploy-kube-system
 
+  - path: /etc/crictl.yaml
+    permissions: '0700'
+    owner: root:root
+    content: |
+      runtime-endpoint: unix:///var/run/containerd/containerd.sock
+      image-endpoint: unix:///var/run/containerd/containerd.sock
+
 runcmd:
   - chown -R cloud:cloud /home/cloud/.ssh
   - containerd config default > /etc/containerd/config.toml

plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml

@@ -132,6 +132,7 @@ write_files:
         echo "Installing binaries from ${BINARIES_DIR}"
         mkdir -p /opt/cni/bin
         tar -f "${BINARIES_DIR}/cni/cni-plugins-"*64.tgz -C /opt/cni/bin -xz
+        chown -R root:root /opt/cni/bin/
 
         mkdir -p /opt/bin
         tar -f "${BINARIES_DIR}/cri-tools/crictl-linux-"*64.tar.gz -C /opt/bin -xz
@@ -201,6 +202,7 @@ write_files:
         echo "Warning: ${BINARIES_DIR} not found. Will get binaries and docker images from Internet."
         mkdir -p /opt/cni/bin
         curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
+        chown -R root:root /opt/cni/bin/
 
         mkdir -p /opt/bin
         curl -L "https://github.com/kubernetes-incubator/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz
@@ -264,6 +266,51 @@ write_files:
         bindPort: {{ k8s.api_server_port }}
       certificateKey: {{ k8s_control.certificate_key }}
 
+  - path: /opt/bin/cks-config.py
+    permissions: '0700'
+    owner: root:root
+    content: |
+      #!/usr/bin/env python3
+      import os
+      import subprocess
+      import sys
+      import yaml
+
+      CKS_CONFIG = "#cks-config"
+      KUBECTL_APPLY = "/opt/bin/kubectl apply -f"
+
+      def main(argv):
+        if len(argv) < 1:
+          print("YAML file is required")
+          sys.exit(1)
+        yaml_file=argv[0]
+        if not os.path.exists(yaml_file):
+          print("YAML file does not exist")
+          sys.exit(1)
+        with open(yaml_file) as f:
+          head_line = f.readline().strip('\n')
+          if head_line != CKS_CONFIG:
+            command = "%s %s" % (KUBECTL_APPLY, yaml_file)
+            run_command(command)
+            sys.exit(0)
+
+        print("Applying CKS config file")
+        content = yaml.safe_load(open(yaml_file))
+        commands = content["commands"]
+        if commands:
+          for command in commands:
+            run_command(command)
+
+      def run_command(command):
+        try:
+          print("Executing command: %s" % command)
+          subprocess.check_output(command, shell=True, timeout=600)
+        except subprocess.CalledProcessError as e:
+          print("Error: %s " % e)
+          sys.exit(1)
+
+      if __name__ == "__main__":
+        main(sys.argv[1:])
 
   - path: /opt/bin/deploy-kube-system
     permissions: '0700'
@@ -324,9 +371,9 @@ write_files:
         ### Network, dashboard configs available offline ###
         echo "Offline configs are available!"
         if [[ ${EXTERNAL_CNI_PLUGIN} == false ]]; then
-          /opt/bin/kubectl apply -f ${K8S_CONFIG_SCRIPTS_COPY_DIR}/network.yaml
+          /opt/bin/cks-config.py ${K8S_CONFIG_SCRIPTS_COPY_DIR}/network.yaml
         fi
-        /opt/bin/kubectl apply -f ${K8S_CONFIG_SCRIPTS_COPY_DIR}/dashboard.yaml
+        /opt/bin/cks-config.py ${K8S_CONFIG_SCRIPTS_COPY_DIR}/dashboard.yaml
         rm -rf "${K8S_CONFIG_SCRIPTS_COPY_DIR}"
       else
         /opt/bin/kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(/opt/bin/kubectl version | base64 | tr -d '\n')"
@@ -374,6 +421,13 @@ write_files:
       Restart=on-failure
       ExecStart=/opt/bin/deploy-kube-system
 
+  - path: /etc/crictl.yaml
+    permissions: '0700'
+    owner: root:root
+    content: |
+      runtime-endpoint: unix:///var/run/containerd/containerd.sock
+      image-endpoint: unix:///var/run/containerd/containerd.sock
+
 runcmd:
   - chown -R cloud:cloud /home/cloud/.ssh
   - containerd config default > /etc/containerd/config.toml

plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml

@@ -126,6 +126,7 @@ write_files:
         echo "Installing binaries from ${BINARIES_DIR}"
         mkdir -p /opt/cni/bin
         tar -f "${BINARIES_DIR}/cni/cni-plugins-"*64.tgz -C /opt/cni/bin -xz
+        chown -R root:root /opt/cni/bin/
 
         mkdir -p /opt/bin
         tar -f "${BINARIES_DIR}/cri-tools/crictl-linux-"*64.tar.gz -C /opt/bin -xz
@@ -193,6 +194,7 @@ write_files:
         echo "Warning: ${BINARIES_DIR} not found. Will get binaries and docker images from Internet."
         mkdir -p /opt/cni/bin
         curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
+        chown -R root:root /opt/cni/bin/
 
         mkdir -p /opt/bin
         curl -L "https://github.com/kubernetes-incubator/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz
@@ -289,6 +291,13 @@ write_files:
       ExecStartPre=/usr/bin/curl -k https://{{ k8s_control_node.join_ip }}:6443/version
       ExecStart=/opt/bin/deploy-kube-system
 
+  - path: /etc/crictl.yaml
+    permissions: '0700'
+    owner: root:root
+    content: |
+      runtime-endpoint: unix:///var/run/containerd/containerd.sock
+      image-endpoint: unix:///var/run/containerd/containerd.sock
+
 runcmd:
   - chown -R cloud:cloud /home/cloud/.ssh
   - containerd config default > /etc/containerd/config.toml

scripts/util/cks-config-cilium.yaml

@@ -0,0 +1,9 @@
+#cks-config
+images:
+  - quay.io/cilium/cilium:v1.18.1
+  - quay.io/cilium/operator-generic:v1.18.1
+  - quay.io/cilium/cilium-envoy:v1.34.4-1754895458-68cffdfa568b6b226d70a7ef81fc65dda3b890bf
+commands:
+  - curl -L https://github.com/cilium/cilium-cli/releases/download/v0.18.6/cilium-linux-amd64.tar.gz | tar -C /usr/bin -xz
+  - sleep 1 && cilium install --version 1.18.1 --wait
+  - sleep 1 && cilium status --wait

scripts/util/cks-config-dashboard.yaml

@@ -0,0 +1,11 @@
+#cks-config
+images:
+  - kubernetesui/dashboard-api:1.13.0
+  - kubernetesui/dashboard-auth:1.3.0
+  - kubernetesui/dashboard-metrics-scraper:1.2.2
+  - kubernetesui/dashboard-web:1.7.0
+  - library/kong:3.8
+commands:
+  - curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash -s -- --version v3.19.0
+  - helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
+  - helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard --version 7.13.0

scripts/util/create-kubernetes-binaries-iso.sh

@@ -19,7 +19,7 @@
 set -e
 
 if [ $# -lt 6 ]; then
-    echo "Invalid input. Valid usage: ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG BUILD_NAME [ARCH] [ETCD_VERSION]"
+    echo "Invalid input. Valid usage: ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG BUILD_NAME [ARCH] [ETCD_VERSION]"
     echo "eg: ./create-kubernetes-binaries-iso.sh ./ 1.11.4 0.7.1 1.11.1 https://github.com/weaveworks/weave/releases/download/latest_release/weave-daemonset-k8s-1.11.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml setup-v1.11.4 amd64"
     exit 1
 fi
@@ -94,12 +94,20 @@ fi
 NETWORK_CONFIG_URL="${5}"
 echo "Downloading network config ${NETWORK_CONFIG_URL}"
 network_conf_file="${working_dir}/network.yaml"
-curl -sSL ${NETWORK_CONFIG_URL} -o ${network_conf_file}
+if [ -f "$NETWORK_CONFIG_URL" ];then
+  cp "${NETWORK_CONFIG_URL}" ${network_conf_file}
+else
+  curl -sSL ${NETWORK_CONFIG_URL} -o ${network_conf_file}
+fi
 
 DASHBORAD_CONFIG_URL="${6}"
 echo "Downloading dashboard config ${DASHBORAD_CONFIG_URL}"
 dashboard_conf_file="${working_dir}/dashboard.yaml"
-curl -sSL ${DASHBORAD_CONFIG_URL} -o ${dashboard_conf_file}
+if [ -f "$DASHBORAD_CONFIG_URL" ];then
+  cp "${DASHBORAD_CONFIG_URL}" ${dashboard_conf_file}
+else
+  curl -sSL ${DASHBORAD_CONFIG_URL} -o ${dashboard_conf_file}
+fi
 
 # TODO : Change the url once merged
 AUTOSCALER_URL="https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/cloudstack/examples/cluster-autoscaler-standard.yaml"
@@ -132,8 +140,15 @@ output=`${k8s_dir}/kubeadm config images list --kubernetes-version=${RELEASE}`
 # Don't forget about the yaml images !
 for i in ${network_conf_file} ${dashboard_conf_file}
 do
-  images=`grep "image:" $i | cut -d ':' -f2- | tr -d ' ' | tr -d "'"`
-  output=`printf "%s\n" ${output} ${images}`
+  if grep "^#cks-config" $i;then
+    images=$(python3 -c "import sys, yaml; [print(x) for x in yaml.safe_load(sys.stdin)['images']]" < $i)
+    for image in ${images}; do
+      output=`printf "%s\n" ${output} ${image}`
+    done
+  else
+    images=`grep "image:" $i | cut -d ':' -f2- | tr -d ' ' | tr -d "'"`
+    output=`printf "%s\n" ${output} ${images}`
+  fi
 done
 
 # Don't forget about the other image !
@@ -145,7 +160,7 @@ output=`printf "%s\n" ${output} ${provider_image}`
 
 while read -r line; do
     echo "Downloading image $line ---"
-    if [[ $line == kubernetesui* ]] || [[ $line == apache* ]] || [[ $line == weaveworks* ]]; then
+    if [[ $line == kubernetesui* ]] || [[ $line == apache* ]] || [[ $line == weaveworks* ]] || [[ $line == library* ]]; then
       line="docker.io/${line}"
     fi
     sudo ctr image pull "$line"