Add CLI flags to override images and kubelet binary

Signed-off-by: Brad Davidson <[email protected]>
rancher · Nov 23, 2020 · 2fb6ad5 · 2fb6ad5
1 parent b63f92a
commit 2fb6ad5
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 31 deletions.
diff --git a/pkg/cli/cmds/root.go b/pkg/cli/cmds/root.go
@@ -24,7 +24,49 @@ var (
 			Name:        "system-default-registry",
 			Usage:       "(image) Private registry to be used for all system Docker images",
 			EnvVar:      "RKE2_SYSTEM_DEFAULT_REGISTRY",
-			Destination: &config.SystemDefaultRegistry,
+			Destination: &config.Images.SystemDefaultRegistry,
+		},
+		&cli.StringFlag{
+			Name:        "kube-apiserver-image",
+			Usage:       "(image) Override image to use for kube-apiserver",
+			EnvVar:      "RKE2_KUBE_APISERVER_IMAGE",
+			Destination: &config.Images.KubeAPIServer,
+		},
+		&cli.StringFlag{
+			Name:        "kube-controller-manager-image",
+			Usage:       "(image) Override image to use for kube-controller-manager",
+			EnvVar:      "RKE2_KUBE_CONTROLLER_MANAGER_IMAGE",
+			Destination: &config.Images.KubeControllManager,
+		},
+		&cli.StringFlag{
+			Name:        "kube-scheduler-image",
+			Usage:       "(image) Override image to use for kube-scheduler",
+			EnvVar:      "RKE2_KUBE_SCHEDULER_IMAGE",
+			Destination: &config.Images.KubeScheduler,
+		},
+		&cli.StringFlag{
+			Name:        "pause-image",
+			Usage:       "(image) Override image to use for pause",
+			EnvVar:      "RKE2_PAUSE_IMAGE",
+			Destination: &config.Images.Pause,
+		},
+		&cli.StringFlag{
+			Name:        "runtime-image",
+			Usage:       "(image) Override image to use for runtime binaries (containerd, kubectl, crictl, etc)",
+			EnvVar:      "RKE2_RUNTIME_IMAGE",
+			Destination: &config.Images.Runtime,
+		},
+		&cli.StringFlag{
+			Name:        "etcd-image",
+			Usage:       "(image) Override image to use for etcd",
+			EnvVar:      "RKE2_ETCD_IMAGE",
+			Destination: &config.Images.ETCD,
+		},
+		&cli.StringFlag{
+			Name:        "kubelet-path",
+			Usage:       "(agent/node) Override kubelet binary path",
+			EnvVar:      "RKE2_KUBELET_PATH",
+			Destination: &config.KubeletPath,
 		},
 		&cli.StringFlag{
 			Name:        "cloud-provider-name",
@@ -46,7 +88,7 @@ var (
 		},
 		&cli.StringFlag{
 			Name:        "audit-policy-file",
-			Usage:       "Path to the file that defines the audit policy configuration",
+			Usage:       "(security) Path to the file that defines the audit policy configuration",
 			EnvVar:      "RKE2_AUDIT_POLICY_FILE",
 			Destination: &config.AuditPolicyFile,
 		},

diff --git a/pkg/images/images.go b/pkg/images/images.go
@@ -15,14 +15,6 @@ const (
 )
 
 var (
-	// These environment variables are primarily intended for developer use
-	apiServer         = os.Getenv("RKE2_KUBE_APISERVER_IMAGE")
-	controllerManager = os.Getenv("RKE2_KUBE_CONTROLLER_MANAGER_IMAGE")
-	scheduler         = os.Getenv("RKE2_KUBE_SCHEDULER_IMAGE")
-	pause             = os.Getenv("RKE2_PAUSE_IMAGE")
-	runtime           = os.Getenv("RKE2_RUNTIME_IMAGE")
-	etcd              = os.Getenv("RKE2_ETCD_IMAGE")
-
 	KubernetesVersion = "v1.18.12"     // make sure this matches what is in the scripts/version.sh script
 	PauseVersion      = "3.2"          // make sure this matches what is in the scripts/build-images script
 	EtcdVersion       = "v3.4.13-k3s1" // make sure this matches what is in the scripts/build-images script
@@ -48,17 +40,14 @@ func override(defaultValue string, overrideValue string) string {
 	return defaultValue
 }
 
-// New constructs a new image list, honoring the systemDefaultRegistry value if it is not empty.
-func New(systemDefaultRegistry string) Images {
-	return Images{
-		SystemDefaultRegistry: systemDefaultRegistry,
-		Runtime:               override(override(dockerRegistry, systemDefaultRegistry)+"/rancher/"+RuntimeImageName+":"+strings.ReplaceAll(version.Version, "+", "-"), runtime),
-		KubeAPIServer:         override(override(dockerRegistry, systemDefaultRegistry)+"/rancher/hardened-kubernetes:"+KubernetesVersion, apiServer),
-		KubeControllManager:   override(override(dockerRegistry, systemDefaultRegistry)+"/rancher/hardened-kubernetes:"+KubernetesVersion, controllerManager),
-		KubeScheduler:         override(override(dockerRegistry, systemDefaultRegistry)+"/rancher/hardened-kubernetes:"+KubernetesVersion, scheduler),
-		ETCD:                  override(override(dockerRegistry, systemDefaultRegistry)+"/rancher/hardened-etcd:"+EtcdVersion, etcd),
-		Pause:                 override(override(dockerRegistry, systemDefaultRegistry)+"/rancher/pause:"+PauseVersion, pause),
-	}
+// SetDefaults updates the image list, honoring the SystemDefaultRegistry and Image overrides if they are not empty.
+func (i *Images) SetDefaults() {
+	i.Runtime = override(override(dockerRegistry, i.SystemDefaultRegistry)+"/rancher/"+RuntimeImageName+":"+strings.ReplaceAll(version.Version, "+", "-"), i.Runtime)
+	i.KubeAPIServer = override(override(dockerRegistry, i.SystemDefaultRegistry)+"/rancher/hardened-kubernetes:"+KubernetesVersion, i.KubeAPIServer)
+	i.KubeControllManager = override(override(dockerRegistry, i.SystemDefaultRegistry)+"/rancher/hardened-kubernetes:"+KubernetesVersion, i.KubeControllManager)
+	i.KubeScheduler = override(override(dockerRegistry, i.SystemDefaultRegistry)+"/rancher/hardened-kubernetes:"+KubernetesVersion, i.KubeScheduler)
+	i.ETCD = override(override(dockerRegistry, i.SystemDefaultRegistry)+"/rancher/hardened-etcd:"+EtcdVersion, i.ETCD)
+	i.Pause = override(override(dockerRegistry, i.SystemDefaultRegistry)+"/rancher/pause:"+PauseVersion, i.Pause)
 }
 
 // Pull checks for preloaded images in dir. If they are available, nothing is done.

diff --git a/pkg/podexecutor/staticpod.go b/pkg/podexecutor/staticpod.go
@@ -43,6 +43,7 @@ type StaticPodConfig struct {
 	CISMode         bool
 	DataDir         string
 	AuditPolicyFile string
+	KubeletPath     string
 }
 
 type CloudProviderConfig struct {
@@ -59,7 +60,7 @@ func (s *StaticPodConfig) Kubelet(args []string) error {
 	}
 	go func() {
 		for {
-			cmd := exec.Command("kubelet", args...)
+			cmd := exec.Command(s.KubeletPath, args...)
 			cmd.Stdout = os.Stdout
 			cmd.Stderr = os.Stderr
 			addDeathSig(cmd)
@@ -74,7 +75,7 @@ func (s *StaticPodConfig) Kubelet(args []string) error {
 	return nil
 }
 
-// KubeProxy panics if used. KubeProxy is not supported in RKE2.
+// KubeProxy panics if used. KubeProxy for RKE2 is provided by a packaged component (rke2-kube-proxy Helm chart).
 func (s *StaticPodConfig) KubeProxy(args []string) error {
 	panic("kube-proxy unsupported")
 }

diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go
@@ -22,10 +22,11 @@ import (
 )
 
 type Config struct {
-	SystemDefaultRegistry string
-	CloudProviderName     string
-	CloudProviderConfig   string
-	AuditPolicyFile       string
+	CloudProviderName   string
+	CloudProviderConfig string
+	AuditPolicyFile     string
+	KubeletPath         string
+	Images              images.Images
 }
 
 var cisMode bool
@@ -78,12 +79,12 @@ func setup(clx *cli.Context, cfg Config) error {
 		auditPolicyFile = defaultAuditPolicyFile
 	}
 
-	images := images.New(cfg.SystemDefaultRegistry)
-	if err := defaults.Set(clx, images, dataDir); err != nil {
+	cfg.Images.SetDefaults()
+	if err := defaults.Set(clx, cfg.Images, dataDir); err != nil {
 		return err
 	}
 
-	execPath, err := bootstrap.Stage(dataDir, images)
+	execPath, err := bootstrap.Stage(dataDir, cfg.Images)
 	if err != nil {
 		return err
 	}
@@ -114,14 +115,19 @@ func setup(clx *cli.Context, cfg Config) error {
 		}
 	}
 
+	if cfg.KubeletPath == "" {
+		cfg.KubeletPath = "kubelet"
+	}
+
 	sp := podexecutor.StaticPodConfig{
-		Images:          images,
+		Images:          cfg.Images,
 		ImagesDir:       agentImagesDir,
 		ManifestsDir:    agentManifestsDir,
 		CISMode:         cisMode,
 		CloudProvider:   cpConfig,
 		DataDir:         dataDir,
 		AuditPolicyFile: auditPolicyFile,
+		KubeletPath:     cfg.KubeletPath,
 	}
 	executor.Set(&sp)