k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/jobs/e2e_node/crio/templates/crio_cgroupsv2_userns.yaml

k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/jobs/e2e_node/crio/templates/crio_cgroupsv2_userns.yaml (about)

     1  ---
     2  variant: fcos
     3  version: 1.4.0
     4  kernel_arguments:
     5    should_not_exist:
     6      - mitigations=auto,nosmt
     7  storage:
     8    files:
     9      - path: /etc/zincati/config.d/90-disable-auto-updates.toml
    10        contents:
    11          local: 90-disable-auto-updates.toml
    12        mode: 0644
    13      - path: /root/kubelet-e2e.te
    14        contents:
    15          local: kubelet-e2e.te
    16        mode: 0644
    17      - path: /etc/crio/crio.conf.d/crio.conf
    18        contents:
    19          local: crio.conf
    20        mode: 0644
    21      - path: /etc/sysctl.d/99-e2e-sysctl.conf
    22        contents:
    23          local: 99-e2e-sysctl.conf
    24        mode: 0644
    25      - path: /etc/ssh-key-secret/ssh-public
    26        contents:
    27          # base64 encoded "GCE_SSH_PUBLIC_KEY_FILE_CONTENT"
    28          source: data:text/plain;base64,R0NFX1NTSF9QVUJMSUNfS0VZX0ZJTEVfQ09OVEVOVA==
    29        mode: 0644
    30      # Note: this ignition file assumes FCOS has shadow-utils installed.
    31      # As of the time of writing this, it does.
    32      - path: /etc/subuid
    33        contents:
    34          local: 50-subid.toml
    35        mode: 0644
    36      - path: /etc/subgid
    37        contents:
    38          local: 50-subid.toml
    39        mode: 0644
    40      # Note: This also assumes the crun handler is enabled in the base crio.conf,
    41      # crun is installed, and the version of crun supports the `crun features` command.
    42      # All of this is true at the time of writing.
    43      # TODO(haircommander): This can be removed when runc 1.2.0 is released
    44      - path: /etc/crio/crio.conf.d/99-crun.conf
    45        contents:
    46          local: crun.conf
    47  systemd:
    48    units:
    49      - name: configure-sysctl.service
    50        enabled: true
    51        contents: |
    52          [Unit]
    53          Description=Configure required sysctls.
    54  
    55          [Service]
    56          Type=oneshot
    57          ExecStart=/usr/lib/systemd/systemd-sysctl
    58  
    59          [Install]
    60          WantedBy=multi-user.target
    61      - name: tools-install.service
    62        enabled: true
    63        contents: |
    64          [Unit]
    65          Description=Download and install required tools.
    66          Before=crio-install.service
    67          After=NetworkManager-wait-online.service
    68  
    69          [Service]
    70          Type=oneshot
    71          ExecStart=rpm-ostree install \
    72            -y \
    73            --apply-live \
    74            --allow-inactive \
    75            dbus-tools \
    76            checkpolicy
    77  
    78          [Install]
    79          WantedBy=multi-user.target
    80      - name: selinux-install.service
    81        enabled: true
    82        contents: |
    83          [Unit]
    84          Description=Setup SELinux policy
    85          After=tools-install.service
    86  
    87          [Service]
    88          Type=oneshot
    89          ExecStartPre=setenforce 1
    90          ExecStartPre=checkmodule -M -m -o /root/kubelet-e2e.mod /root/kubelet-e2e.te
    91          ExecStartPre=semodule_package -o /root/kubelet-e2e.pp -m /root/kubelet-e2e.mod
    92          ExecStartPre=semodule -i /root/kubelet-e2e.pp
    93          ExecStartPre=mkdir -p /var/lib/kubelet
    94          ExecStart=chcon -R -u system_u -r object_r -t var_lib_t /var/lib/kubelet
    95  
    96          [Install]
    97          WantedBy=multi-user.target
    98      - name: crio-install.service
    99        enabled: true
   100        contents: |
   101          [Unit]
   102          Description=Download and install crio binaries and configurations.
   103          After=selinux-install.service
   104  
   105          [Service]
   106          Type=oneshot
   107          Environment="SCRIPT_COMMIT=3e02ed6de9f516af9d8884c06ee3d709b2fa413d"
   108          Environment="CRIO_COMMIT=v1.30.0"
   109  
   110          ExecStartPre=mount /tmp /tmp -o remount,exec,suid
   111          ExecStartPre=mount -o remount,rw /dev/sda4 /usr
   112          ExecStartPre=bash -c '\
   113            curl --fail --retry 5 --retry-delay 3 --silent --show-error \
   114              https://raw.githubusercontent.com/cri-o/packaging/$SCRIPT_COMMIT/get |\
   115                bash -s -- -t $CRIO_COMMIT'
   116          ExecStartPre=rm -f /etc/cni/net.d/87-podman-bridge.conflist
   117          ExecStartPre=rm -f /etc/crio/crio.conf.d/10-crio.conf
   118          ExecStart=systemctl enable --now crio.service
   119  
   120          [Install]
   121          WantedBy=multi-user.target
   122      - name: authorized-key.service
   123        enabled: true
   124        contents: |
   125          [Unit]
   126          Description=Copy authorized keys
   127          Before=crio-install.service
   128          After=NetworkManager-wait-online.service
   129  
   130          [Service]
   131          Type=oneshot
   132          ExecStart=/bin/sh -c '\
   133            /usr/bin/mkdir -m 0700 -p /home/core/.ssh && \
   134            /usr/bin/cat /etc/ssh-key-secret/ssh-public \
   135              >> /home/core/.ssh/authorized_keys && \
   136            /usr/bin/chown -R core:core /home/core/.ssh && \
   137            /usr/bin/chmod 0600 /home/core/.ssh/authorized_keys'
   138  
   139          [Install]
   140          WantedBy=multi-user.target
   141  passwd:
   142    users:
   143      - name: kubelet