suse-edge · atanasdinov · Jul 1, 2024 · Jun 26, 2024 · Jun 26, 2024 · Jun 27, 2024
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -5,6 +5,7 @@
 ## General
 
 * Added the ability to automatically copy files into the built images filesystem
+* Kubernetes manifests are now applied in a systemd service
 
 ## API
 

diff --git a/pkg/combustion/kubernetes_test.go b/pkg/combustion/kubernetes_test.go
@@ -782,8 +782,8 @@ func TestConfigureKubernetes_SuccessfulRKE2ServerWithManifests(t *testing.T) {
 	assert.Contains(t, contents, "export INSTALL_RKE2_ARTIFACT_PATH=$ARTEFACTS_DIR/kubernetes/install")
 	assert.Contains(t, contents, "sh $ARTEFACTS_DIR/kubernetes/install-k8s.sh")
 	assert.Contains(t, contents, "systemctl enable rke2-server.service")
-	assert.Contains(t, contents, "mkdir -p /var/lib/rancher/rke2/server/manifests/")
-	assert.Contains(t, contents, "cp $ARTEFACTS_DIR/kubernetes/manifests/* /var/lib/rancher/rke2/server/manifests/")
+	assert.Contains(t, contents, "mkdir -p /opt/eib-k8s/manifests")
+	assert.Contains(t, contents, "cp $ARTEFACTS_DIR/kubernetes/manifests/* /opt/eib-k8s/manifests/")
 	assert.Contains(t, contents, "cp $ARTEFACTS_DIR/kubernetes/registries.yaml /etc/rancher/rke2/registries.yaml")
 
 	// Config file assertions

diff --git a/pkg/combustion/templates/k3s-multi-node-installer.sh.tpl b/pkg/combustion/templates/k3s-multi-node-installer.sh.tpl
@@ -27,19 +27,43 @@ mount /var
 mkdir -p /var/lib/rancher/k3s/agent/images/
 cp {{ .imagesPath }}/* /var/lib/rancher/k3s/agent/images/
 
+umount /var
+
 CONFIGFILE={{ .configFilePath }}/$NODETYPE.yaml
 
 if [ "$HOSTNAME" = {{ .initialiser }} ]; then
-    CONFIGFILE={{ .configFilePath }}/{{ .initialiserConfigFile }}
-
-    {{- if .manifestsPath }}
-    mkdir -p /var/lib/rancher/k3s/server/manifests/
-    cp {{ .manifestsPath }}/* /var/lib/rancher/k3s/server/manifests/
-    {{- end }}
+CONFIGFILE={{ .configFilePath }}/{{ .initialiserConfigFile }}
+
+{{ if .manifestsPath }}
+mkdir -p /opt/eib-k8s/manifests
+cp {{ .manifestsPath }}/* /opt/eib-k8s/manifests/
+
+cat <<- EOF > /etc/systemd/system/kubernetes-resources-install.service
+[Unit]
+Description=Kubernetes Resources Install
+Requires=k3s.service
+After=k3s.service
+ConditionPathExists=/opt/bin/kubectl
+ConditionPathExists=/etc/rancher/k3s/k3s.yaml
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=oneshot
+Restart=on-failure
+RestartSec=60
+ExecStart=/opt/bin/kubectl apply -f /opt/eib-k8s/manifests --kubeconfig=/etc/rancher/k3s/k3s.yaml
+# Disable the service and clean up
+ExecStartPost=/bin/sh -c "systemctl disable kubernetes-resources-install.service"
+ExecStartPost=rm -f /etc/systemd/system/kubernetes-resources-install.service
+ExecStartPost=rm -rf /opt/eib-k8s
+EOF
+
+systemctl enable kubernetes-resources-install.service
+{{- end }}
 fi
 
-umount /var
-
 {{- if and .apiVIP .apiHost }}
 echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}

diff --git a/pkg/combustion/templates/k3s-single-node-installer.sh.tpl b/pkg/combustion/templates/k3s-single-node-installer.sh.tpl
@@ -6,13 +6,37 @@ mount /var
 mkdir -p /var/lib/rancher/k3s/agent/images/
 cp {{ .imagesPath }}/* /var/lib/rancher/k3s/agent/images/
 
+umount /var
+
 {{- if .manifestsPath }}
-mkdir -p /var/lib/rancher/k3s/server/manifests/
-cp {{ .manifestsPath }}/* /var/lib/rancher/k3s/server/manifests/
+mkdir -p /opt/eib-k8s/manifests
+cp {{ .manifestsPath }}/* /opt/eib-k8s/manifests/
+
+cat <<- EOF > /etc/systemd/system/kubernetes-resources-install.service
+[Unit]
+Description=Kubernetes Resources Install
+Requires=k3s.service
+After=k3s.service
+ConditionPathExists=/opt/bin/kubectl
+ConditionPathExists=/etc/rancher/k3s/k3s.yaml
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=oneshot
+Restart=on-failure
+RestartSec=60
+ExecStart=/opt/bin/kubectl apply -f /opt/eib-k8s/manifests --kubeconfig=/etc/rancher/k3s/k3s.yaml
+# Disable the service and clean up
+ExecStartPost=/bin/sh -c "systemctl disable kubernetes-resources-install.service"
+ExecStartPost=rm -f /etc/systemd/system/kubernetes-resources-install.service
+ExecStartPost=rm -rf /opt/eib-k8s
+EOF
+
+systemctl enable kubernetes-resources-install.service
 {{- end }}
 
-umount /var
-
 {{- if and .apiVIP .apiHost }}
 echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}

diff --git a/pkg/combustion/templates/rke2-multi-node-installer.sh.tpl b/pkg/combustion/templates/rke2-multi-node-installer.sh.tpl
@@ -27,19 +27,45 @@ mount /var
 mkdir -p /var/lib/rancher/rke2/agent/images/
 cp {{ .imagesPath }}/* /var/lib/rancher/rke2/agent/images/
 
+umount /var
+
 CONFIGFILE={{ .configFilePath }}/$NODETYPE.yaml
 
 if [ "$HOSTNAME" = {{ .initialiser }} ]; then
-    CONFIGFILE={{ .configFilePath }}/{{ .initialiserConfigFile }}
-
-    {{- if .manifestsPath }}
-    mkdir -p /var/lib/rancher/rke2/server/manifests/
-    cp {{ .manifestsPath }}/* /var/lib/rancher/rke2/server/manifests/
-    {{- end }}
+CONFIGFILE={{ .configFilePath }}/{{ .initialiserConfigFile }}
+
+{{ if .manifestsPath }}
+mkdir -p /opt/eib-k8s/manifests
+cp {{ .manifestsPath }}/* /opt/eib-k8s/manifests/
+
+cat <<- EOF > /etc/systemd/system/kubernetes-resources-install.service
+[Unit]
+Description=Kubernetes Resources Install
+Requires=rke2-server.service
+After=rke2-server.service
+ConditionPathExists=/var/lib/rancher/rke2/bin/kubectl
+ConditionPathExists=/etc/rancher/rke2/rke2.yaml
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=oneshot
+Restart=on-failure
+RestartSec=60
+# Copy kubectl in order to avoid SELinux permission issues
+ExecStartPre=cp /var/lib/rancher/rke2/bin/kubectl /opt/eib-k8s/kubectl
+ExecStart=/opt/eib-k8s/kubectl apply -f /opt/eib-k8s/manifests --kubeconfig /etc/rancher/rke2/rke2.yaml
+# Disable the service and clean up
+ExecStartPost=/bin/sh -c "systemctl disable kubernetes-resources-install.service"
+ExecStartPost=rm -f /etc/systemd/system/kubernetes-resources-install.service
+ExecStartPost=rm -rf /opt/eib-k8s
+EOF
+
+systemctl enable kubernetes-resources-install.service
+{{- end }}
 fi
 
-umount /var
-
 {{- if .apiHost }}
 echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}

diff --git a/pkg/combustion/templates/rke2-single-node-installer.sh.tpl b/pkg/combustion/templates/rke2-single-node-installer.sh.tpl
@@ -6,13 +6,39 @@ mount /var
 mkdir -p /var/lib/rancher/rke2/agent/images/
 cp {{ .imagesPath }}/* /var/lib/rancher/rke2/agent/images/
 
+umount /var
+
 {{- if .manifestsPath }}
-mkdir -p /var/lib/rancher/rke2/server/manifests/
-cp {{ .manifestsPath }}/* /var/lib/rancher/rke2/server/manifests/
+mkdir -p /opt/eib-k8s/manifests
+cp {{ .manifestsPath }}/* /opt/eib-k8s/manifests/
+
+cat <<- EOF > /etc/systemd/system/kubernetes-resources-install.service
+[Unit]
+Description=Kubernetes Resources Install
+Requires=rke2-server.service
+After=rke2-server.service
+ConditionPathExists=/var/lib/rancher/rke2/bin/kubectl
+ConditionPathExists=/etc/rancher/rke2/rke2.yaml
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=oneshot
+Restart=on-failure
+RestartSec=60
+# Copy kubectl in order to avoid SELinux permission issues
+ExecStartPre=cp /var/lib/rancher/rke2/bin/kubectl /opt/eib-k8s/kubectl
+ExecStart=/opt/eib-k8s/kubectl apply -f /opt/eib-k8s/manifests --kubeconfig /etc/rancher/rke2/rke2.yaml
+# Disable the service and clean up
+ExecStartPost=/bin/sh -c "systemctl disable kubernetes-resources-install.service"
+ExecStartPost=rm -f /etc/systemd/system/kubernetes-resources-install.service
+ExecStartPost=rm -rf /opt/eib-k8s
+EOF
+
+systemctl enable kubernetes-resources-install.service
 {{- end }}
 
-umount /var
-
 {{- if and .apiVIP .apiHost }}
 echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,7 @@ @@
     ## General
     * Added the ability to automatically copy files into the built images filesystem
+    * Kubernetes manifests are now applied in a systemd service
     ## API
@@ Expand Down @@