From 9b64fdceb1364ea0478e21bcdd82633a75c8a7b4 Mon Sep 17 00:00:00 2001 From: Sparks Song Date: Tue, 8 Oct 2024 21:36:20 +0000 Subject: [PATCH] kubelet: use mode 644 for kubelete-exec-start-conf --- Release.toml | 5 +++- Twoliter.toml | 2 +- sources/Cargo.lock | 7 ++++++ sources/Cargo.toml | 1 + .../kubernetes-service-config/Cargo.toml | 15 +++++++++++ .../kubernetes-service-config/src/main.rs | 25 +++++++++++++++++++ .../shared-defaults/kubernetes-services.toml | 2 +- 7 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 sources/settings-migrations/v1.25.0/kubernetes-service-config/Cargo.toml create mode 100644 sources/settings-migrations/v1.25.0/kubernetes-service-config/src/main.rs diff --git a/Release.toml b/Release.toml index c8850bd759a..14699c4316f 100644 --- a/Release.toml +++ b/Release.toml @@ -1,4 +1,4 @@ -version = "1.24.1" +version = "1.25.0" [migrations] "(0.3.1, 0.3.2)" = ["migrate_v0.3.2_admin-container-v0-5-0.lz4"] @@ -357,3 +357,6 @@ version = "1.24.1" "migrate_v1.24.1_aws-control-container-v0-7-16.lz4", "migrate_v1.24.1_public-control-container-v0-7-16.lz4", ] +"(1.24.1, 1.25.0)" = [ + "migrate_v1.25.0_kubernetes-service-config.lz4", +] diff --git a/Twoliter.toml b/Twoliter.toml index 391c70aff6c..cafd9b315ff 100644 --- a/Twoliter.toml +++ b/Twoliter.toml @@ -1,5 +1,5 @@ schema-version = 1 -release-version = "1.24.1" +release-version = "1.25.0" [vendor.bottlerocket] registry = "public.ecr.aws/bottlerocket" diff --git a/sources/Cargo.lock b/sources/Cargo.lock index 1b88727775f..f57b223fd0b 100644 --- a/sources/Cargo.lock +++ b/sources/Cargo.lock @@ -1303,6 +1303,13 @@ dependencies = [ "migration-helpers", ] +[[package]] +name = "kubernetes-service-config" +version = "0.1.0" +dependencies = [ + "migration-helpers", +] + [[package]] name = "lazy_static" version = "1.4.0" diff --git a/sources/Cargo.toml b/sources/Cargo.toml index 91e50f55257..daa67445750 100644 --- a/sources/Cargo.toml +++ b/sources/Cargo.toml @@ -59,6 +59,7 @@ members = [ "settings-migrations/v1.24.1/public-admin-container-v0-11-12", "settings-migrations/v1.24.1/aws-control-container-v0-7-16", "settings-migrations/v1.24.1/public-control-container-v0-7-16", + "settings-migrations/v1.25.0/kubernetes-service-config", "settings-plugins/aws-dev", "settings-plugins/aws-ecs-1", diff --git a/sources/settings-migrations/v1.25.0/kubernetes-service-config/Cargo.toml b/sources/settings-migrations/v1.25.0/kubernetes-service-config/Cargo.toml new file mode 100644 index 00000000000..3bf26771847 --- /dev/null +++ b/sources/settings-migrations/v1.25.0/kubernetes-service-config/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "kubernetes-service-config" +version = "0.1.0" +authors = ["Sparks Song "] +license = "Apache-2.0 OR MIT" +edition = "2021" +publish = false +# Don't rebuild crate just because of changes to README. +exclude = ["README.md"] + + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +migration-helpers.workspace = true diff --git a/sources/settings-migrations/v1.25.0/kubernetes-service-config/src/main.rs b/sources/settings-migrations/v1.25.0/kubernetes-service-config/src/main.rs new file mode 100644 index 00000000000..3622e45a3e0 --- /dev/null +++ b/sources/settings-migrations/v1.25.0/kubernetes-service-config/src/main.rs @@ -0,0 +1,25 @@ +use migration_helpers::common_migrations::ReplaceStringMigration; +use migration_helpers::{migrate, Result}; +use std::process; + +const OLD_MODE: &str = "0600"; +const NEW_MODE: &str = "0644"; + +/// We changed the version of configuration mode +fn run() -> Result<()> { + migrate(ReplaceStringMigration { + setting: "configuration-files.kubelet-exec-start-conf.mode", + old_val: OLD_MODE, + new_val: NEW_MODE, + }) +} + +// Returning a Result from main makes it print a Debug representation of the error, but with Snafu +// we have nice Display representations of the error, so we wrap "main" (run) and print any error. +// https://github.com/shepmaster/snafu/issues/110 +fn main() { + if let Err(e) = run() { + eprintln!("{}", e); + process::exit(1); + } +} diff --git a/sources/shared-defaults/kubernetes-services.toml b/sources/shared-defaults/kubernetes-services.toml index fd206df1bb0..43a8aec27d2 100644 --- a/sources/shared-defaults/kubernetes-services.toml +++ b/sources/shared-defaults/kubernetes-services.toml @@ -50,7 +50,7 @@ template-path = "/usr/share/templates/kubelet-server-key" [configuration-files.kubelet-exec-start-conf] path = "/etc/systemd/system/kubelet.service.d/exec-start.conf" template-path = "/usr/share/templates/kubelet-exec-start-conf" -mode = "0600" +mode = "0644" [configuration-files.credential-provider-config-yaml] path = "/etc/kubernetes/kubelet/credential-provider-config.yaml"