support sealer-v0.9.0 auto build

Author: Stevent-fei

Diff for: auto-build.sh

@@ -41,7 +41,7 @@ for i in "$@"; do
 ### Options
   --k8s-version         set the kubernetes k8s_version of the Clusterimage, k8s_version must be greater than 1.13
   -c, --cri             cri can be set to docker or containerd between kubernetes 1.20-1.24 versions
-  -n, --buildName       set build image name, default is 'registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:${k8s_version}'
+  -n, --buildName       set build image name, default is 'docker.io/sealerio/kubernetes:${k8s_version}'
   --platform            set the build mirror platform, the default is linux/amd64,linux/arm64
   --push                push clusterimage after building the clusterimage. The image name must contain the full name of the repository, and use -u and -p to specify the username and password.
   -u, --username        specify the user's username for pushing the Clusterimage
@@ -63,15 +63,15 @@ for i in "$@"; do
   esac
 done
 
-version_compare() { printf '%s\n%s\n' "$2" "$1" | sort -V -C; } ## version_vompare $a $b:  a>=b
+version_compare() { printf '%s\n%s\n' "$2" "$1" | sort -V -C; } ## version_compare $a $b:  a>=b
 
 ARCH=$(case "$(uname -m)" in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo "unsupported architecture" "$(uname -m)" && exit 1 ;; esac)
 
 if [ "$k8s_version" = "" ]; then echo "pls use --k8s-version to set Clusterimage kubernetes version" && exit 1; else echo "$k8s_version" | grep "v" || k8s_version="v${k8s_version}"; fi
 #cri=$([[ -n "$cri" ]] && echo "$cri" || echo docker)
 cri=$( (version_compare "$k8s_version" "v1.24.0" && echo "containerd") || ([[ -n "$cri" ]] && echo "$cri" || echo "docker"))
 if [[ -z "$buildName" ]]; then
-  buildName="registry.cn-qingdao.aliyuncs.com/sealer-io/kubernetes:${k8s_version}"
+  buildName="docker.io/sealerio/kubernetes:${k8s_version}"
   if [[ "$cri" == "containerd" ]] && ! version_compare "$k8s_version" "v1.24.0"; then buildName=${buildName}-containerd; fi
 fi
 platform=$(if [[ -z "$platform" ]]; then echo "linux/arm64,linux/amd64"; else echo "$platform"; fi)
@@ -87,22 +87,25 @@ sudo chmod +x version.sh download.sh && export kube_install_version="$k8s_versio
 ./download.sh "${cri}"
 
 sudo chmod +x amd64/bin/kube* && sudo chmod +x arm64/bin/kube*
-sudo wget "https://sealer.oss-cn-beijing.aliyuncs.com/sealers/sealer-v0.8.5-linux-${ARCH}.tar.gz" && sudo tar -xvf "sealer-v0.8.5-linux-${ARCH}.tar.gz"
+
+sudo wget https://github.com/sealerio/sealer/releases/download/v0.9.0/sealer-v0.9.0-linux-amd64.tar.gz && tar -xvf sealer-v0.9.0-linux-amd64.tar.gz -C /usr/bin
 sudo sed -i "s/v1.19.8/$k8s_version/g" rootfs/etc/kubeadm.yml ##change k8s_version
+sudo sed -i "s/v1.19.8/$k8s_version/g" rootfs/etc/kubeadm.yml.tmpl ##change k8s_version
 if [[ "$cri" == "containerd" ]]; then sudo sed -i "s/\/var\/run\/dockershim.sock/\/run\/containerd\/containerd.sock/g" rootfs/etc/kubeadm.yml; fi
+if [[ "$cri" == "containerd" ]]; then sudo sed -i "s/\/var\/run\/dockershim.sock/\/run\/containerd\/containerd.sock/g" rootfs/etc/kubeadm.yml.tmpl; fi
 sudo sed -i "s/kubeadm.k8s.io\/v1beta2/$kubeadmApiVersion/g" rootfs/etc/kubeadm.yml
+sudo sed -i "s/kubeadm.k8s.io\/v1beta2/$kubeadmApiVersion/g" rootfs/etc/kubeadm.yml.tmpl
 sudo ./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml"
+sudo mkdir -p rootfs/manifests
 sudo ./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml" 2>/dev/null | sed "/WARNING/d" >>imageList
-if [ "$(sudo ./"${ARCH}"/bin/kubeadm config images list --config rootfs/etc/kubeadm.yml 2>/dev/null | grep -c "coredns/coredns")" -gt 0 ]; then sudo sed -i "s/#imageRepository/imageRepository/g" rootfs/etc/kubeadm.yml; fi
-sudo sed -i "s/k8s.gcr.io/sea.hub:5000/g" rootfs/etc/kubeadm.yml
+if [ "$(sudo ./"${ARCH}"/bin/kubeadm config images list --config rootfs/etc/kubeadm.yml 2>/dev/null | grep -c "coredns/coredns")" -gt 0 ]; then sudo sed -i "s/#imageRepository/imageRepository/g" rootfs/etc/kubeadm.yml.tmpl; fi
+sudo sed -i "s/k8s.gcr.io/sea.hub:5000/g" rootfs/etc/kubeadm.yml.tmpl
 pauseImage=$(./"${ARCH}"/bin/kubeadm config images list --config "rootfs/etc/kubeadm.yml" 2>/dev/null | sed "/WARNING/d" | grep pause)
 if [ -f "rootfs/etc/dump-config.toml" ]; then sudo sed -i "s/sea.hub:5000\/pause:3.6/$(echo "$pauseImage" | sed 's/\//\\\//g')/g" rootfs/etc/dump-config.toml; fi
-sudo sed -i "s/v1.19.8/${k8s_version}/g" {arm64,amd64}/etc/Metadata
-##linux/arm64,linux/amd64
-sudo ./sealer build -t "${buildName}" -f Kubefile --platform "${platform}" .
+sudo sealer build -t "docker.io/sealerio/kubernetes:${k8s_version}" -f Kubefile
 if [[ "$push" == "true" ]]; then
   if [[ -n "$username" ]] && [[ -n "$password" ]]; then
-    sudo ./sealer login "$(echo "$buildName" | cut -d "/" -f1)" -u "${username}" -p "${password}"
+    sudo sealer login "$(echo "docker.io" | cut -d "/" -f1)" -u "${username}" -p "${password}"
   fi
-  sudo ./sealer push "${buildName}"
+  sudo sealer push "docker.io/sealerio/kubernetes:${k8s_version}"
 fi

Diff for: context/Kubefile

@@ -1,4 +1,8 @@
 FROM scratch
-COPY rootfs/* .
-COPY ${ARCH}/* . 
+COPY rootfs .
+COPY amd64 .
 COPY imageList manifests
+COPY tigera-operator.yaml applications/tigera-operator.yaml
+COPY custom-resources.yaml applications/custom-resources.yaml
+APP calico local://calico.sh
+LAUNCH ["calico"]

Diff for: context/amd64/cri/docker.tar.gz

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+kubectl apply -f applications/tigera-operator.yaml
+kubectl apply -f applications/custom-resources.yaml

Diff for: context/amd64/etc/Metadata

@@ -0,0 +1,53 @@
+#!/bin/bash
+# shellcheck disable=SC1091
+# Copyright © 2021 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -x
+set -e
+
+rootfs=$(dirname "$(pwd)")
+image_dir="$rootfs/images"
+lib_dir="${rootfs}/lib"
+dump_config_dir="$rootfs/etc/dump-config.toml"
+
+command_exists() {
+  command -v "$@" >/dev/null 2>&1
+}
+
+server_load_images() {
+  for image in "$image_dir"/*; do
+    if [ -f "${image}" ]; then
+      ${1} load -i "${image}"
+    fi
+  done
+}
+
+##cri is containerd
+if ! command_exists containerd; then
+  tar zxvf ../cri/cri-*.tar.gz -C /
+  cd "$lib_dir" && source install_libseccomp.sh
+fi
+systemctl daemon-reload
+systemctl enable containerd.service
+systemctl restart containerd.service
+
+sed -i "s/sea.hub/${2:-sea.hub}/g" "$dump_config_dir"
+sed -i "s/5000/${3:-5000}/g" "$dump_config_dir"
+mkdir -p /etc/containerd
+containerd --config "$dump_config_dir" config dump >/etc/containerd/config.toml
+systemctl restart containerd.service
+load_image_server="nerdctl"
+
+server_load_images "${load_image_server}"

Diff for: context/arm64/cri/docker.tar.gz

@@ -27,10 +27,6 @@ rm -f /usr/bin/containerd-shim-runc-v2
 rm -f /usr/bin/crictl
 rm -f /usr/bin/ctr
 
-systemctl disable kubelet
-rm -f /usr/bin/kubeadm
-rm -f /usr/bin/kubectl
-rm -f /usr/bin/kubelet
 rm -f /usr/bin/rootlesskit
 rm -f /usr/bin/rootlesskit-docker-proxy
 rm -f /usr/bin/runc
@@ -40,14 +36,9 @@ rm -f /usr/bin/containerd-rootless.sh
 rm -f /usr/bin/nerdctl
 rm -f /usr/bin/seautil
 
-rm -f /etc/sysctl.d/k8s.conf
 rm -f /etc/crictl.yaml
-rm -f /etc/systemd/system/kubelet.service
-rm -rf /etc/systemd/system/kubelet.service.d
 rm -rf /etc/ld.so.conf.d/containerd.conf
-rm -rf /var/lib/kubelet/
 rm -rf /var/lib/containerd
 rm -rf /var/lib/nerdctl
-rm -f /var/lib/kubelet/config.yaml
 rm -rf /opt/containerd
-systemctl daemon-reload
+

Diff for: context/arm64/etc/Metadata

@@ -0,0 +1,28 @@
+# This section includes base Calico installation configuration.
+# For more information, see: https://projectcalico.docs.tigera.io/v3.22/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  registry: sea.hub:5000
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+    - blockSize: 26
+      cidr: 100.64.0.0/10
+      encapsulation: VXLANCrossSubnet
+      natOutgoing: Enabled
+      nodeSelector: all()
+
+---
+
+# This section configures the Calico API server.
+# For more information, see: https://projectcalico.docs.tigera.io/v3.22/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer 
+metadata: 
+  name: default 
+spec: {}
+

Diff for: context/calico.sh

@@ -1,21 +1,19 @@
 {
+  "experimental": true,
+  "oom-score-adjust": -1000,
   "max-concurrent-downloads": 20,
   "log-driver": "json-file",
   "log-level": "warn",
   "log-opts": {
     "max-size": "10m",
     "max-file": "3"
   },
-  "mirror-registries": [
-    {
-      "domain": "*",
-      "mirrors": [
-        "https://sea.hub:5000"
-      ]
-    }
-  ],
   "exec-opts": [
     "native.cgroupdriver=systemd"
   ],
+  "insecure-registries": ["0.0.0.0/0", "::/0"],
+  "storage-driver": "overlay2",
+  "storage-opts":["overlay2.override_kernel_check=true"],
+  "live-restore": true,
   "data-root": "/var/lib/docker"
-}
+}

Diff for: context/containerd/rootfs/scripts/containerd.sh

@@ -16,10 +16,13 @@
 set -x
 set -e
 
-scripts_path=$(cd `dirname $0`; pwd)
+# shellcheck disable=SC2046
+# shellcheck disable=SC2006
+scripts_path=$(cd `dirname "$0"`; pwd)
 image_dir="$scripts_path/../images"
-DOCKER_VERSION="19.03.14-sealer"
+DOCKER_VERSION="19.03.15"
 
+# shellcheck disable=SC1091
 get_distribution() {
   lsb_dist=""
   # Every system that we officially support has /etc/os-release
@@ -31,6 +34,10 @@ get_distribution() {
   echo "$lsb_dist"
 }
 
+utils_command_exists() {
+    command -v "$@" > /dev/null 2>&1
+}
+
 disable_selinux() {
   if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
     sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
@@ -46,6 +53,7 @@ load_images() {
   done
 }
 
+# shellcheck disable=SC2006
 check_docker_valid() {
   if ! docker info 2>&1; then
     panic "docker is not healthy: $(docker info 2>&1), please check"
@@ -57,8 +65,14 @@ check_docker_valid() {
   fi
 }
 
+# shellcheck disable=SC2145
+utils_info()
+{
+    echo -e "\033[1;32m$@\033[0m"
+}
+
 storage=${1:-/var/lib/docker}
-mkdir -p $storage
+mkdir -p "$storage"
 if ! utils_command_exists docker; then
   lsb_dist=$(get_distribution)
   lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
@@ -101,8 +115,8 @@ if ! utils_command_exists docker; then
   systemctl enable docker.service
   systemctl restart docker.service
   cp "${scripts_path}"/../etc/daemon.json /etc/docker
-  mkdir -p /root/.docker/
-  cp "${scripts_path}"/../etc/docker-cli-config.json /root/.docker/config.json
+  #mkdir -p /root/.docker/
+  #cp "${scripts_path}"/../etc/docker-cli-config.json /root/.docker/config.json
   if [[ -n $1 && -n $2 ]]; then
     sed -i "s/sea.hub:5000/$2:$3/g" /etc/docker/daemon.json
   fi
@@ -113,4 +127,5 @@ systemctl daemon-reload
 systemctl restart docker.service
 check_docker_valid
 
-load_images
+load_images
+bash "${scripts_path}"/init-kube.sh

Diff for: context/containerd/rootfs/scripts/clean.sh renamed to context/containerd/rootfs/scripts/uninstall-containerd.sh

@@ -4,11 +4,10 @@ systemctl stop docker
 ip link delete docker0 type bridge || true
 rm -rf /lib/systemd/system/docker.service
 rm -rf /usr/lib/systemd/system/docker.service
-rm -rf /etc/docker/daemon.json
+rm -rf /etc/docker
 systemctl daemon-reload
 
 rm -f /usr/bin/conntrack
-rm -f /usr/bin/kubelet-pre-start.sh
 rm -f /usr/bin/containerd
 rm -f /usr/bin/containerd-shim
 rm -f /usr/bin/containerd-shim-runc-v2
@@ -18,19 +17,11 @@ rm -f /usr/bin/docker
 rm -f /usr/bin/docker-init
 rm -f /usr/bin/docker-proxy
 rm -f /usr/bin/dockerd
-rm -f /usr/bin/kubeadm
-rm -f /usr/bin/kubectl
-rm -f /usr/bin/kubelet
 rm -f /usr/bin/rootlesskit
 rm -f /usr/bin/rootlesskit-docker-proxy
 rm -f /usr/bin/runc
 rm -f /usr/bin/vpnkit
 rm -f /usr/bin/containerd-rootless-setuptool.sh
 rm -f /usr/bin/containerd-rootless.sh
 rm -f /usr/bin/nerdctl
-
-rm -f /etc/sysctl.d/k8s.conf
-rm -f /etc/systemd/system/kubelet.service
-rm -rf /etc/systemd/system/kubelet.service.d
-rm -rf /var/lib/kubelet/
-rm -f /var/lib/kubelet/config.yaml
+rm -f /usr/bin/seautil