Fix kamaji to use default kubelet-config

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-02-05 08:17:59 +00:00 · 2024-08-12 20:22:32 +02:00
17 changed files with 88 additions and 41 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/manifests/cozystack-installer.yaml
+++ b/manifests/cozystack-installer.yaml
@@ -68,7 +68,7 @@ spec:
      serviceAccountName: cozystack
      containers:
      - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.11.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.10.1"
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
@@ -87,7 +87,7 @@ spec:
            fieldRef:
              fieldPath: metadata.name
      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.11.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.10.1"
        command:
        - /usr/bin/darkhttpd
        - /cozystack/assets
--- a/packages/apps/ferretdb/Chart.yaml
+++ b/packages/apps/ferretdb/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.1.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0@sha256:73d8a2a3024cc523ff552ac94826ee57bc2795f81412eb46b432bd6003d0930f
+ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0@sha256:f77d5b63f1ed9dfda4725696d9170130939219a2465260b6ba941947460de2da
--- a/packages/apps/kafka/Chart.yaml
+++ b/packages/apps/kafka/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.3
+version: 0.2.2

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:00bcac18e2a342ab16a767e2f43827fa9f3b34bd6694e65b737b18e5a8ed93c2
+ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:81caf89efe252ae2ca1990d08a3a314552d70ff36bcd4022b173c7150fbec805
--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.1
+version: 0.4.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -2,15 +2,13 @@ bucket 0.1.0 HEAD
 clickhouse 0.1.0 ca79f72
 clickhouse 0.2.0 7cd7de73
 clickhouse 0.2.1 HEAD
-ferretdb 0.1.0 4ffa8615
-ferretdb 0.1.1 HEAD
+ferretdb 0.1.0 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 HEAD
 kafka 0.1.0 760f86d2
 kafka 0.2.0 a2cc83d
 kafka 0.2.1 3ac17018
-kafka 0.2.2 d0758692
-kafka 0.2.3 HEAD
+kafka 0.2.2 HEAD
 kubernetes 0.1.0 f642698
 kubernetes 0.2.0 7cd7de73
 kubernetes 0.3.0 7caccec1
@@ -29,8 +27,7 @@ postgres 0.1.0 f642698
 postgres 0.2.0 7cd7de73
 postgres 0.2.1 4a97e297
 postgres 0.3.0 995dea6f
-postgres 0.4.0 ec283c33
-postgres 0.4.1 HEAD
+postgres 0.4.0 HEAD
 rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 HEAD
 redis 0.1.1 f642698
--- a/packages/core/installer/Makefile
+++ b/packages/core/installer/Makefile
@@ -52,7 +52,6 @@ image-matchbox:
 		--metadata-file images/matchbox.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	rm -f images/matchbox.json

 assets: talos-iso talos-nocloud

--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.11.0@sha256:e8ce3a6655b548b803f6de0b837abe25afc25989a4e0d12f0b8a8ba0f0c4e290
+  image: ghcr.io/aenix-io/cozystack/cozystack:latest@sha256:d4335fc42d14bfca9ff768bad7d48e771bb0cbe9b1aa1141e20535b2d0d8909e
--- a/packages/extra/monitoring/Chart.yaml
+++ b/packages/extra/monitoring/Chart.yaml
@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.2.1
+version: 1.2.0
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -8,6 +8,5 @@ ingress 1.1.0 838bee5d
 ingress 1.2.0 HEAD
 monitoring 1.0.0 f642698
 monitoring 1.1.0 15478a88
-monitoring 1.2.0 c9e0d63b
-monitoring 1.2.1 HEAD
+monitoring 1.2.0 HEAD
 seaweedfs 0.1.0 HEAD
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -33,11 +33,11 @@ kubeapps:
    image:
      registry: ghcr.io/aenix-io/cozystack
      repository: dashboard
-      tag: v0.11.0
-      digest: sha256:0500f323d31d7f953e5e5e3ddf6001ec02feb5253f035f5a30ab21680a3886ed
+      tag: latest
+      digest: sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb
  kubeappsapis:
    image:
      registry: ghcr.io/aenix-io/cozystack
      repository: kubeapps-apis
-      tag: v0.11.0
-      digest: ""
+      tag: latest
+      digest: sha256:bf3210e54a4522bd53487673c3da80383c09019e44874298d9b96423064ed226
--- a/packages/system/kamaji/images/kamaji/Dockerfile
+++ b/packages/system/kamaji/images/kamaji/Dockerfile
@@ -10,6 +10,7 @@ RUN curl -sSL https://github.com/clastix/kamaji/archive/refs/tags/v1.0.0.tar.gz

 COPY patches /patches
 RUN git apply /patches/enable-gc.diff
+RUN go mod tidy

 RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build \
    -ldflags "-X github.com/clastix/kamaji/internal.GitRepo=$GIT_REPO -X github.com/clastix/kamaji/internal.GitTag=$GIT_LAST_TAG -X github.com/clastix/kamaji/internal.GitCommit=$GIT_HEAD_COMMIT -X github.com/clastix/kamaji/internal.GitDirty=$GIT_MODIFIED -X github.com/clastix/kamaji/internal.BuildTime=$BUILD_DATE" \
--- a/packages/system/kamaji/images/kamaji/patches/enable-gc.diff
+++ b/packages/system/kamaji/images/kamaji/patches/enable-gc.diff
@@ -1,11 +1,47 @@
 diff --git a/internal/kubeadm/uploadconfig.go b/internal/kubeadm/uploadconfig.go
-index 0dc9e71..e516390 100644
+index 0dc9e71..158f54f 100644
 --- a/internal/kubeadm/uploadconfig.go
 +++ b/internal/kubeadm/uploadconfig.go
-@@ -98,21 +98,15 @@ func getKubeletConfigmapContent(kubeletConfiguration KubeletConfiguration) ([]by
- 				CacheUnauthorizedTTL: zeroDuration,
- 			},
- 		},
+@@ -17,7 +17,7 @@ import (
+ 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/uploadconfig"
+ 	"k8s.io/kubernetes/cmd/kubeadm/app/util/apiclient"
+ 	"k8s.io/kubernetes/pkg/apis/rbac"
+-	pointer "k8s.io/utils/ptr"
+	kubeletv1beta1 "k8s.io/kubernetes/pkg/kubelet/apis/config/v1beta1"
+ 
+ 	"github.com/clastix/kamaji/internal/utilities"
+ )
+@@ -72,58 +72,16 @@ func UploadKubeletConfig(client kubernetes.Interface, config *Configuration) ([]
+ }
+ 
+ func getKubeletConfigmapContent(kubeletConfiguration KubeletConfiguration) ([]byte, error) {
+-	zeroDuration := metav1.Duration{Duration: 0}
+	var kc kubelettypes.KubeletConfiguration
+ 
+-	kc := kubelettypes.KubeletConfiguration{
+-		TypeMeta: metav1.TypeMeta{
+-			Kind:       "KubeletConfiguration",
+-			APIVersion: "kubelet.config.k8s.io/v1beta1",
+-		},
+-		Authentication: kubelettypes.KubeletAuthentication{
+-			Anonymous: kubelettypes.KubeletAnonymousAuthentication{
+-				Enabled: pointer.To(false),
+-			},
+-			Webhook: kubelettypes.KubeletWebhookAuthentication{
+-				Enabled:  pointer.To(true),
+-				CacheTTL: zeroDuration,
+-			},
+-			X509: kubelettypes.KubeletX509Authentication{
+-				ClientCAFile: "/etc/kubernetes/pki/ca.crt",
+-			},
+-		},
+-		Authorization: kubelettypes.KubeletAuthorization{
+-			Mode: kubelettypes.KubeletAuthorizationModeWebhook,
+-			Webhook: kubelettypes.KubeletWebhookAuthorization{
+-				CacheAuthorizedTTL:   zeroDuration,
+-				CacheUnauthorizedTTL: zeroDuration,
+-			},
+-		},
 -		CgroupDriver:              kubeletConfiguration.TenantControlPlaneCgroupDriver,
 -		ClusterDNS:                kubeletConfiguration.TenantControlPlaneDNSServiceIPs,
 -		ClusterDomain:             kubeletConfiguration.TenantControlPlaneDomain,
@@ -15,16 +51,31 @@ index 0dc9e71..e516390 100644
 -			"nodefs.available":  "0%",
 -			"nodefs.inodesFree": "0%",
 -		},
-+		CgroupDriver:                     kubeletConfiguration.TenantControlPlaneCgroupDriver,
-+		ClusterDNS:                       kubeletConfiguration.TenantControlPlaneDNSServiceIPs,
-+		ClusterDomain:                    kubeletConfiguration.TenantControlPlaneDomain,
-+		CPUManagerReconcilePeriod:        zeroDuration,
- 		EvictionPressureTransitionPeriod: zeroDuration,
- 		FileCheckFrequency:               zeroDuration,
- 		HealthzBindAddress:               "127.0.0.1",
- 		HealthzPort:                      pointer.To(int32(10248)),
- 		HTTPCheckFrequency:               zeroDuration,
+-		EvictionPressureTransitionPeriod: zeroDuration,
+-		FileCheckFrequency:               zeroDuration,
+-		HealthzBindAddress:               "127.0.0.1",
+-		HealthzPort:                      pointer.To(int32(10248)),
+-		HTTPCheckFrequency:               zeroDuration,
 -		ImageGCHighThresholdPercent:      pointer.To(int32(100)),
- 		NodeStatusUpdateFrequency:        zeroDuration,
- 		NodeStatusReportFrequency:        zeroDuration,
- 		RotateCertificates:               true,
+-		NodeStatusUpdateFrequency:        zeroDuration,
+-		NodeStatusReportFrequency:        zeroDuration,
+-		RotateCertificates:               true,
+-		RuntimeRequestTimeout:            zeroDuration,
+-		ShutdownGracePeriod:              zeroDuration,
+-		ShutdownGracePeriodCriticalPods:  zeroDuration,
+-		StaticPodPath:                    "/etc/kubernetes/manifests",
+-		StreamingConnectionIdleTimeout:   zeroDuration,
+-		SyncFrequency:                    zeroDuration,
+-		VolumeStatsAggPeriod:             zeroDuration,
+-	}
+	kubeletv1beta1.SetDefaults_KubeletConfiguration(&kc)
+
+	kc.Authentication.X509.ClientCAFile = "/etc/kubernetes/pki/ca.crt"
+	kc.CgroupDriver = kubeletConfiguration.TenantControlPlaneCgroupDriver
+	kc.ClusterDNS = kubeletConfiguration.TenantControlPlaneDNSServiceIPs
+	kc.ClusterDomain = kubeletConfiguration.TenantControlPlaneDomain
+	kc.RotateCertificates = true
+	kc.StaticPodPath = "/etc/kubernetes/manifests"
+ 
+ 	return utilities.EncodeToYaml(&kc)
+ }
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -3,5 +3,5 @@ kamaji:
    deploy: false
  image:
    pullPolicy: IfNotPresent
-    tag: v0.11.0@sha256:34a5758a02b5d3e8fc33cad672e849f3bfcc149672893ad4584bc716245332af
+    tag: latest@sha256:f7e4036ed809176dafc671953a5c95a652dc7d637a67470142e625103f91ca3d
    repository: ghcr.io/aenix-io/cozystack/kamaji
--- a/packages/system/kubeovn/values.yaml
+++ b/packages/system/kubeovn/values.yaml
@@ -22,4 +22,4 @@ global:
  images:
    kubeovn:
      repository: kubeovn
-      tag: v1.13.0@sha256:f26d060fbd17e21eabab32927dcd99c16bdc3337d5ec6942f36c5791c1bbfde7
+      tag: latest@sha256:e2911bbab12ab6deb8d8cfab4234c6bbca8d3efe7529ee87c39cd72e3142eac3