-
Notifications
You must be signed in to change notification settings - Fork 207
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
clean up more manifest.json dependencies
- Loading branch information
1 parent
4736745
commit 042f15d
Showing
1,971 changed files
with
29,838 additions
and
30,708 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1,10 @@ | ||
| [Unit] | ||
| Description=Kubelet | ||
| ConditionPathExists=/usr/local/bin/kubelet | ||
| Wants=network-online.target containerd.service | ||
| After=network-online.target containerd.service | ||
| Description=Apply MIG configuration on Nvidia A100 GPU | ||
|
|
||
| [Service] | ||
| Restart=always | ||
| RestartSec=2 | ||
| EnvironmentFile=/etc/default/kubelet | ||
| SuccessExitStatus=143 | ||
| ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh | ||
| ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh | ||
| ExecStartPre=/bin/mkdir -p /var/lib/kubelet | ||
| ExecStartPre=/bin/mkdir -p /var/lib/cni | ||
| ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" | ||
| ExecStartPre=/bin/mount --make-shared /var/lib/kubelet | ||
|
|
||
| ExecStartPre=-/sbin/ebtables -t nat --list | ||
| ExecStartPre=-/sbin/iptables -t nat --numeric --list | ||
|
|
||
| ExecStart=/usr/local/bin/kubelet \ | ||
| --enable-server \ | ||
| --node-labels="${KUBELET_NODE_LABELS}" \ | ||
| --v=2 \ | ||
| --volume-plugin-dir=/etc/kubernetes/volumeplugins \ | ||
| $KUBELET_TLS_BOOTSTRAP_FLAGS \ | ||
| $KUBELET_CONFIG_FILE_FLAGS \ | ||
| $KUBELET_CONTAINERD_FLAGS \ | ||
| $KUBELET_CONTAINER_RUNTIME_FLAG \ | ||
| $KUBELET_CGROUP_FLAGS \ | ||
| $KUBELET_FLAGS | ||
| Restart=on-failure | ||
| ExecStartPre=/usr/bin/nvidia-smi -mig 1 | ||
| ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} | ||
|
|
||
| [Install] | ||
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,27 @@ | ||
| [Unit] | ||
| Description=Apply MIG configuration on Nvidia A100 GPU | ||
| #!/bin/bash | ||
|
|
||
| [Service] | ||
| Restart=on-failure | ||
| ExecStartPre=/usr/bin/nvidia-smi -mig 1 | ||
| ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} | ||
|
|
||
| [Install] | ||
| WantedBy=multi-user.target | ||
| #NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version | ||
| #TODO: Use mig-parted library to do the partition after the above issue is fixed | ||
| MIG_PROFILE=${1} | ||
| case ${MIG_PROFILE} in | ||
| "MIG1g") | ||
| nvidia-smi mig -cgi 19,19,19,19,19,19,19 | ||
| ;; | ||
| "MIG2g") | ||
| nvidia-smi mig -cgi 14,14,14 | ||
| ;; | ||
| "MIG3g") | ||
| nvidia-smi mig -cgi 9,9 | ||
| ;; | ||
| "MIG4g") | ||
| nvidia-smi mig -cgi 5 | ||
| ;; | ||
| "MIG7g") | ||
| nvidia-smi mig -cgi 0 | ||
| ;; | ||
| *) | ||
| echo "not a valid GPU instance profile" | ||
| exit 1 | ||
| ;; | ||
| esac | ||
| nvidia-smi mig -cci |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| set -o nounset | ||
| set -e | ||
|
|
||
| source /opt/azure/containers/provision_source_distro.sh | ||
|
|
||
| unattended_upgrade() { | ||
| retries=10 | ||
| for i in $(seq 1 $retries); do | ||
| unattended-upgrade -v && break | ||
| if [ $i -eq $retries ]; then | ||
| return 1 | ||
| else sleep 5 | ||
| fi | ||
| done | ||
| echo Executed unattended upgrade $i times | ||
| } | ||
|
|
||
| cfg_has_option() { | ||
| file=$1 | ||
| option=$2 | ||
| line=$(sed -n "/^$option:/ p" "$file") | ||
| [ -n "$line" ] | ||
| } | ||
|
|
||
| cfg_set_option() { | ||
| file=$1 | ||
| option=$2 | ||
| value=$3 | ||
| if ! cfg_has_option "$file" "$option"; then | ||
| echo "$option: $value" >> "$file" | ||
| else | ||
| sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" | ||
| fi | ||
| } | ||
|
|
||
| KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" | ||
|
|
||
| source_list_path=/etc/apt/sources.list | ||
| source_list_backup_path=/etc/apt/sources.list.backup | ||
| cloud_cfg_path=/etc/cloud/cloud.cfg | ||
|
|
||
| while [ ! -f /var/lib/kubelet/kubeconfig ]; do | ||
| echo 'Waiting for TLS bootstrapping' | ||
| sleep 3 | ||
| done | ||
|
|
||
| node_name=$(hostname) | ||
| if [ -z "${node_name}" ]; then | ||
| echo "cannot get node name" | ||
| exit 1 | ||
| fi | ||
|
|
||
| node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') | ||
|
|
||
| golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") | ||
| if [ -z "${golden_timestamp}" ]; then | ||
| echo "golden timestamp is not set, skip live patching" | ||
| exit 0 | ||
| fi | ||
| echo "golden timestamp is: ${golden_timestamp}" | ||
|
|
||
| current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") | ||
| if [ -n "${current_timestamp}" ]; then | ||
| echo "current timestamp is: ${current_timestamp}" | ||
|
|
||
| if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then | ||
| echo "golden and current timestamp is the same, nothing to patch" | ||
| exit 0 | ||
| fi | ||
| fi | ||
|
|
||
| old_source_list=$(cat ${source_list_path}) | ||
| sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} | ||
| sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} | ||
| option=apt_preserve_sources_list | ||
| option_value=true | ||
| cfg_set_option ${cloud_cfg_path} ${option} ${option_value} | ||
|
|
||
| new_source_list=$(cat ${source_list_path}) | ||
| if [[ "${old_source_list}" != "${new_source_list}" ]]; then | ||
| echo "$old_source_list" > ${source_list_backup_path} | ||
| echo "/etc/apt/sources.list is updated:" | ||
| diff ${source_list_backup_path} ${source_list_path} || true | ||
| fi | ||
|
|
||
| if ! apt_get_update; then | ||
| echo "apt_get_update failed" | ||
| exit 1 | ||
| fi | ||
| if ! unattended_upgrade; then | ||
| echo "unattended_upgrade failed" | ||
| exit 1 | ||
| fi | ||
|
|
||
| $KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} | ||
|
|
||
| echo snapshot update completed successfully |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,99 +1,6 @@ | ||
| #!/usr/bin/env bash | ||
| [Unit] | ||
| Description=Snapshot Update Service | ||
|
|
||
| set -o nounset | ||
| set -e | ||
|
|
||
| source /opt/azure/containers/provision_source_distro.sh | ||
|
|
||
| unattended_upgrade() { | ||
| retries=10 | ||
| for i in $(seq 1 $retries); do | ||
| unattended-upgrade -v && break | ||
| if [ $i -eq $retries ]; then | ||
| return 1 | ||
| else sleep 5 | ||
| fi | ||
| done | ||
| echo Executed unattended upgrade $i times | ||
| } | ||
|
|
||
| cfg_has_option() { | ||
| file=$1 | ||
| option=$2 | ||
| line=$(sed -n "/^$option:/ p" "$file") | ||
| [ -n "$line" ] | ||
| } | ||
|
|
||
| cfg_set_option() { | ||
| file=$1 | ||
| option=$2 | ||
| value=$3 | ||
| if ! cfg_has_option "$file" "$option"; then | ||
| echo "$option: $value" >> "$file" | ||
| else | ||
| sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" | ||
| fi | ||
| } | ||
|
|
||
| KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" | ||
|
|
||
| source_list_path=/etc/apt/sources.list | ||
| source_list_backup_path=/etc/apt/sources.list.backup | ||
| cloud_cfg_path=/etc/cloud/cloud.cfg | ||
|
|
||
| while [ ! -f /var/lib/kubelet/kubeconfig ]; do | ||
| echo 'Waiting for TLS bootstrapping' | ||
| sleep 3 | ||
| done | ||
|
|
||
| node_name=$(hostname) | ||
| if [ -z "${node_name}" ]; then | ||
| echo "cannot get node name" | ||
| exit 1 | ||
| fi | ||
|
|
||
| node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') | ||
|
|
||
| golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") | ||
| if [ -z "${golden_timestamp}" ]; then | ||
| echo "golden timestamp is not set, skip live patching" | ||
| exit 0 | ||
| fi | ||
| echo "golden timestamp is: ${golden_timestamp}" | ||
|
|
||
| current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") | ||
| if [ -n "${current_timestamp}" ]; then | ||
| echo "current timestamp is: ${current_timestamp}" | ||
|
|
||
| if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then | ||
| echo "golden and current timestamp is the same, nothing to patch" | ||
| exit 0 | ||
| fi | ||
| fi | ||
|
|
||
| old_source_list=$(cat ${source_list_path}) | ||
| sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} | ||
| sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} | ||
| option=apt_preserve_sources_list | ||
| option_value=true | ||
| cfg_set_option ${cloud_cfg_path} ${option} ${option_value} | ||
|
|
||
| new_source_list=$(cat ${source_list_path}) | ||
| if [[ "${old_source_list}" != "${new_source_list}" ]]; then | ||
| echo "$old_source_list" > ${source_list_backup_path} | ||
| echo "/etc/apt/sources.list is updated:" | ||
| diff ${source_list_backup_path} ${source_list_path} || true | ||
| fi | ||
|
|
||
| if ! apt_get_update; then | ||
| echo "apt_get_update failed" | ||
| exit 1 | ||
| fi | ||
| if ! unattended_upgrade; then | ||
| echo "unattended_upgrade failed" | ||
| exit 1 | ||
| fi | ||
|
|
||
| $KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} | ||
|
|
||
| echo snapshot update completed successfully | ||
| [Service] | ||
| Type=oneshot | ||
| ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,9 @@ | ||
| [Unit] | ||
| Description=Snapshot Update Service | ||
| Description=Runs snapshot update script periodically | ||
|
|
||
| [Service] | ||
| Type=oneshot | ||
| ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh | ||
| [Timer] | ||
| OnBootSec=10min | ||
| OnUnitActiveSec=10min | ||
|
|
||
| [Install] | ||
| WantedBy=multi-user.target |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| #!/usr/bin/env bash | ||
| set -o errexit | ||
| set -o nounset | ||
| set -o pipefail | ||
| set -x | ||
|
|
||
| # | ||
|
|
||
| MOUNT_POINT="/mnt/aks" | ||
|
|
||
| KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" | ||
| KUBELET_DIR="/var/lib/kubelet" | ||
|
|
||
| mkdir -p "${MOUNT_POINT}" | ||
|
|
||
| SENTINEL_FILE="/opt/azure/containers/bind-sentinel" | ||
| if [ ! -e "$SENTINEL_FILE" ]; then | ||
| mv "$KUBELET_DIR" "$MOUNT_POINT" | ||
| touch "$SENTINEL_FILE" | ||
| fi | ||
|
|
||
| mkdir -p "${KUBELET_DIR}" | ||
| mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" | ||
| chmod a+w "${KUBELET_DIR}" |
Oops, something went wrong.