orange-cloudfoundry · poblin-orange · Sep 25, 2023 · Sep 8, 2023 · Sep 21, 2023 · Sep 21, 2023
diff --git a/.final_builds/jobs/k3s-agent/index.yml b/.final_builds/jobs/k3s-agent/index.yml
@@ -1,4 +1,8 @@
 builds:
+  00d45c30a3864145493441a9abd51adea13259cdc2b7fbf58c181fe3af07aad0:
+    version: 00d45c30a3864145493441a9abd51adea13259cdc2b7fbf58c181fe3af07aad0
+    blobstore_id: 11d4e78c-20ec-49b6-7429-8bf3438f176a
+    sha1: sha256:72230e8faa1cbb0e6306f029c15035269ab149374fa2af972616fd3e4a7e3f3a
   0c978853dadd9b7ea459d1e9971934e8a780e9aa123f97bc5bc346f77aeeac8b:
     version: 0c978853dadd9b7ea459d1e9971934e8a780e9aa123f97bc5bc346f77aeeac8b
     blobstore_id: 5de3e01f-3c7d-426f-7ca6-d1f53e59fbb7

diff --git a/.final_builds/jobs/k3s-server/index.yml b/.final_builds/jobs/k3s-server/index.yml
@@ -139,6 +139,10 @@ builds:
     version: e2d4607b2ca54abbad5540e320dcb6b419260b3991b3b7d4906dbd8fe5210b2f
     blobstore_id: a0d4c35d-9470-41b6-6d8d-d0764f01904a
     sha1: sha256:7ed71d98c9b295204ff4b1efba0448456cc45ae714212db6f69e3f6b9dc558c2
+  f0c1c870f0147270aaa1208af13a3c6a0777514f8be93a4523dda1cab144ec77:
+    version: f0c1c870f0147270aaa1208af13a3c6a0777514f8be93a4523dda1cab144ec77
+    blobstore_id: fa53f10d-0a0b-4e9d-6f63-3c30187e7f6e
+    sha1: sha256:364a57becb76f57d87447aa9bf1d7399bd45048d806af0366ed3a76920883c78
   f9169af1999c76bfa76c57eab2f3eda0da5fec0205e6ae85d5104309f33a3c55:
     version: f9169af1999c76bfa76c57eab2f3eda0da5fec0205e6ae85d5104309f33a3c55
     blobstore_id: 276b6c37-a547-47f7-6761-8d04c4e4480f

diff --git a/.final_builds/packages/k3s-images/index.yml b/.final_builds/packages/k3s-images/index.yml
@@ -87,6 +87,10 @@ builds:
     version: e758dece4a82c66f1f1c0b9f9b3991ff2fe639510be32869b12cdf52baad484c
     blobstore_id: b5b74474-218d-4e41-5a57-12d44f4d9ef6
     sha1: sha256:69475239e32a6ee4bcd036fa2b066548111dac6e2031c3b2e03e1f858a73534b
+  ee54d82c584dc843cc3d741749812b26b8b654cdfeb14a50a4bc841cd38c890b:
+    version: ee54d82c584dc843cc3d741749812b26b8b654cdfeb14a50a4bc841cd38c890b
+    blobstore_id: 6fcd517b-f914-4909-75f0-d32bf392fa98
+    sha1: sha256:63e77a6226b02ec64d6dc44b3fc5796a76e40d4056d72d4710c759c00e098b3d
   f478de74d2582634ab54f245138e002e4f399dfedd5308661669647ce908b035:
     version: f478de74d2582634ab54f245138e002e4f399dfedd5308661669647ce908b035
     blobstore_id: 29726908-787c-4d5b-6452-7563626f3e89

diff --git a/.final_builds/packages/k3s/index.yml b/.final_builds/packages/k3s/index.yml
@@ -31,6 +31,10 @@ builds:
     version: 66afbb171ed384172a7c7bef2e151757e322eca525452fb143e02a637137db13
     blobstore_id: 68dcfe9a-84f7-4adf-583f-514ce18d099e
     sha1: sha256:3924d14155d3a605ae33d3075ca54a2ae720dfeeee7c11cef435a88c02994dd1
+  68ae280a60d525fde827d29f607ded3cba04b62ab7d8a0f823a982214a601ef3:
+    version: 68ae280a60d525fde827d29f607ded3cba04b62ab7d8a0f823a982214a601ef3
+    blobstore_id: 90db38cb-f236-4f3b-5d1b-e369ad007ff4
+    sha1: sha256:579cfa090faeed6a6063c592b149538d6d9732dbeb33d0cf222035d96a46ba1f
   76970f0fa8bbbadd2a1b95ac15fedfd009643d04ae2ae06b81730e5a30c283cf:
     version: 76970f0fa8bbbadd2a1b95ac15fedfd009643d04ae2ae06b81730e5a30c283cf
     blobstore_id: ce8192c4-a351-4193-52c3-5647c54d9cdc

diff --git a/config/blobs.yml b/config/blobs.yml
@@ -1,20 +1,20 @@
 k3s-images/k3s-airgap-images-amd64.tar:
-  size: 577078272
-  object_id: b4f1fd65-eba3-4543-58d0-c69c6f8c2094
-  sha: sha256:3fb8a7439df846bf5c5d465c1735f660b280cc136e21b1bcbbc057925903087c
+  size: 578331648
+  object_id: 14dd5380-0960-4609-5422-45585a668699
+  sha: sha256:d904e6a25da9918c2d162512def7642b5c00a7b2a163c6acaf3eec84a5140e48
 k3s/k3s:
-  size: 70012928
-  object_id: 01ce8f9f-939e-4d5e-6cbb-f7b79febcb04
-  sha: sha256:ce756bf1aaf664c0ed7163d2802572293315c5b6018fb451a0bf36926a884c2d
+  size: 70373376
+  object_id: bdc4adda-fe02-478b-6c03-850b92748494
+  sha: sha256:16029d70086c36804ef4c1c9e146a9cb81823f769f28988a7e26e6a11f296523
 k9s/k9s:
   size: 60559360
-  object_id: 9884345f-8da7-4d5d-5e90-ae60c0bf6814
+  object_id: b5f2d910-9208-488c-6412-1cf46944ec2d
   sha: sha256:da2a3716809fd22e8ce814719bab7044f1fac54e13f726fc327f6accd5f839a6
 kubectl/kubectl:
   size: 45752320
-  object_id: 34d557ba-4d78-4d0d-647e-04d7d9012ed7
+  object_id: 1d507727-f764-4644-799e-f2bfb33ddaa4
   sha: sha256:7e13f33b7379b6c25c3ae055e4389eb3eef168e563f37b5c5f1be672e46b686e
 nerdctl/nerdctl:
   size: 24952832
-  object_id: 3639d163-1353-436f-49bd-2bf0125b9f40
+  object_id: b45548f7-efab-451b-6760-5ed99dfccbd6
   sha: sha256:07ce98d7c0975bd6e86fdf36e6826dd99fa183c84f65aab9d4f709659cbf04cc
diff --git a/jobs/k3s-agent/spec b/jobs/k3s-agent/spec
@@ -19,13 +19,12 @@ templates:
   bin/setup-user-env.erb: bin/setup-user-env
   bin/k3s-killall.sh: bin/k3s-killall.sh
 
-
   config/registries.yaml.erb: config/registries.yaml
   config/registry.ca.erb: config/registry.ca
   config/registry.cert.erb: config/registry.cert
   config/registry.key.erb: config/registry.key 
   config/token.csv.erb: config/token.csv
-  
+
   config/kubelet-config.yaml.erb: config/kubelet-config.yaml
 
 # Documentation https://bosh.io/docs/links.html
@@ -35,13 +34,11 @@ consumes:
   type: k3s-server
   optional: false
 
-
 provides:
 - name: k3s-agent
   type: k3s-agent
 
 properties:
-
   containerd_registry:
     description: containerd registry configuration
 
@@ -60,14 +57,24 @@ properties:
   k3s.v:
     description: "(logging) Number for the log level verbosity (default: 0)"
     default: 0
+
   k3s.bind-address value:
     description: "(listener) k3s bind address (default: 0.0.0.0)"
     default: 0.0.0.0
 
   k3s.token:
     description: (cluster) Shared secret used to join a server or agent to a cluster [$K3S_TOKEN]
-
-## additional label and taints (added to k3s and bosh default labels) 
+
+# Disable harware options on VxLAN interface
+  k3s.disable-vxlan-hardware-options:
+    description: Disable VxLAN harware options on private interface
+    default:
+      - tx-udp_tnl-segmentation
+      - tx-udp_tnl-csum-segmentation
+#     - tx-checksum-ip-generic
+
+
+# additional label and taints (added to k3s and bosh default labels)
   k3s.node-labels:
     description: (agent/node) Registering and starting kubelet with set of labels format is key=value
     default: []
@@ -78,17 +85,16 @@ properties:
   k3s.set-provider-id-prefix:
     description: If set, the default provider id (k3s://<instance>-<index> will be set as kubelet arg as <prefix>://<instance>-<index>
 
-
-## drain options
+# drain options
   k3s.drain.kubeconfig:
     description: bosh drain for agents need a k3s kubeconfig. If set, the drain will occur and use this kubeconfig
 
   k3s.drain.delete-emptydir-data:
-    description:  continue even if there are pods using emptyDir (local data that will be deleted when the node is drained).
+    description: continue even if there are pods using emptyDir (local data that will be deleted when the node is drained).
     default: true
 
   k3s.drain.disable-eviction: 
-    description: force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, use with caution
+    description: Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, use with caution
     default: false
 
   k3s.drain.grace-period:
@@ -99,7 +105,6 @@ properties:
     description: Ignore DaemonSet-managed pods.
     default: true 
 
-
   k3s.drain.skip-wait-for-delete-timeout:
     description: If pod DeletionTimestamp older than N seconds, skip waiting for the pod. Seconds must be greater than 0 to skip.
     default: 0
@@ -121,37 +126,31 @@ properties:
     description: if set, the bosh post-stop script wont leverage k3s-killall.sh script
     default: false 
 
-
-#token-file
+# token-file
   k3s.token-file-content:
     description: token-file content. see https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file
 
-## args
-
+# args
   k3s.kubelet-args:
     description: (agent/flags) Customized flag for kubelet process
     default: []
 
-
   k3s.kube-proxy-arg:
     description: (agent/flags) Customized flag for kube-proxy process
     default: []
 
   k3s.master_vip_api:
     description: externaly defined vip ip for HA k3s (enables multi master instance groups). This is used for public api access, tls-san, and agents to server communication
 
-#kubelet config
+# kubelet config
   k3s.kubelet-config-file:
     description: content of kubelet config file, to enable eg GraceFull Node Shutdown
     default: |
       apiVersion: kubelet.config.k8s.io/v1beta1
       kind: KubeletConfiguration
-
       shutdownGracePeriod: 30s
       shutdownGracePeriodCriticalPods: 10s
 
   k3s.containerd_additional_env_vars:
     description: additional env vars to set for containerd (the key will be prefixed with CONTAINERD_, and set in k3s launch context
     default: []
-
-
diff --git a/jobs/k3s-agent/templates/bin/ctl.erb b/jobs/k3s-agent/templates/bin/ctl.erb
@@ -96,7 +96,7 @@ export FLAGS="$FLAGS --node-external-ip=<%= spec.networks.marshal_dump.values.la
 export FLAGS="$FLAGS --kubelet-arg=config=/var/vcap/jobs/k3s-agent/config/kubelet-config.yaml"
 <% end %>
 
-
+export FLAGS="$FLAGS --prefer-bundled-bin"
 
     ulimit -n 1048576    # open files
     ulimit -u unlimited  # num processes

diff --git a/jobs/k3s-agent/templates/bin/pre-start.erb b/jobs/k3s-agent/templates/bin/pre-start.erb
@@ -1,14 +1,54 @@
-#!/bin/sh
-export JOB_DIR=/var/vcap/jobs/k3s-agent
+#!/bin/bash
+
+
+export JOB_DIR="/var/vcap/jobs/k3s-agent"
 /var/vcap/packages/k3s/k3s check-config
 
 # Setup ssh env vars
 ${JOB_DIR}/bin/setup-user-env
 
-
-#prepare a persistent directory so /etc/rancher/node paswword file is kept on bosh recreate
+# Prepare a persistent directory so /etc/rancher/node paswword file is kept on bosh recreate
 mkdir -p /etc
 mkdir -p /var/vcap/store/k3s-node/etc/rancher
-ln -sf  /var/vcap/store/k3s-node/etc/rancher /etc/rancher
+ln -sf /var/vcap/store/k3s-node/etc/rancher /etc/rancher
+
+set -e
+# Set overlay IP
+OVERLAY_IP="<%= spec.ip %>"
+<% if spec.ip != spec.networks.marshal_dump.values.first.ip %>
+  OVERLAY_IP="<%= spec.networks.marshal_dump.values.last.ip %>"
+<% end %>
+<% if spec.ip != spec.networks.marshal_dump.values.last.ip %>
+  OVERLAY_IP="<%= spec.networks.marshal_dump.values.first.ip %>"
+<% end %>
+
+# Disable VxLAN harware options on private interface
+# (see: https://github.com/orange-cloudfoundry/paas-templates/issues/2062)
+INTERFACE="$(ip --brief address show | grep "${OVERLAY_IP}" | awk '{print $1}')"
+
+#clean previous patch services
+! rm -f /etc/systemd/system/ethtool-patch-*.service
+
+<% p('k3s.disable-vxlan-hardware-options').each do |option| %>
+ #--- Disable hardware option on private interface
+OPTION="<%= option %>"
+if [ "${OPTION}" != "" ] ; then
+serviceFile="ethtool-patch-${INTERFACE}-${OPTION}.service"
+cat > /etc/systemd/system/${serviceFile} << EOF
+[Unit]
+Description=Turn off ${OPTION} on ${INTERFACE}
+After=sys-subsystem-net-devices-${INTERFACE}.device
+[Install]
+WantedBy=sys-subsystem-net-devices-${INTERFACE}.device
+[Service]
+Type=oneshot
+ExecStart=/sbin/ethtool -K ${INTERFACE} ${OPTION} off
+EOF
+
+#--- Start service
+/usr/bin/systemctl enable ${serviceFile}
+/usr/bin/systemctl start ${serviceFile}
+fi
+<% end %>
 
-exit 0
+exit 0