cks: Fix when deployed on a nw without internet access (#6418)

* cks: Fix when deployed on a nw without internet access

* Revert "cks: Fix when deployed on a nw without internet access"

This reverts commit 40e3338.

* cks: Fix issue when creating cluster in nw without internet access

plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node-add.yml

@@ -120,7 +120,7 @@ write_files:
               fi
               retval=0
               set +e
-              ctr image import "${BINARIES_DIR}/docker/$line"
+              ctr -n k8s.io image import "${BINARIES_DIR}/docker/$line"
               retval=$?
               set -e
               if [ $retval -eq 0 ]; then
@@ -139,6 +139,15 @@ write_files:
           mkdir -p /opt/provider
           cp "${BINARIES_DIR}/provider.yaml" /opt/provider/provider.yaml
         fi
+
+        PAUSE_IMAGE=`ctr -n k8s.io images ls -q | grep "pause" | sort | tail -n 1`
+        echo $PAUSE_IMAGE
+        if [ -n "$PAUSE_IMAGE" ]; then
+          sed -i "s|sandbox_image = .*|sandbox_image = \"$PAUSE_IMAGE\"|g" /etc/containerd/config.toml
+        fi
+        systemctl daemon-reload
+        systemctl restart containerd
+
         umount "${ISO_MOUNT_DIR}" && rmdir "${ISO_MOUNT_DIR}"
         if [ "$EJECT_ISO_FROM_OS" = true ] && [ "$iso_drive_path" != "" ]; then
           eject "${iso_drive_path}"
@@ -230,28 +239,17 @@ write_files:
       sed  -i '/\[plugins."io.containerd.grpc.v1.cri".registry.mirrors\]/a '"${registryConfig}"'' /etc/containerd/config.toml
 
       echo "Restarting containerd service"
+      systemctl daemon-reload
       systemctl restart containerd
 
-  - path: /etc/systemd/system/setup-kube-system.service
+  - path: /etc/systemd/system/deploy-kube-system.service
     permissions: '0755'
     owner: root:root
     content: |
       [Unit]
       Requires=containerd.service
       After=containerd.service
 
-      [Service]
-      Type=simple
-      StartLimitInterval=0
-      ExecStart=/opt/bin/setup-kube-system
-
-  - path: /etc/systemd/system/deploy-kube-system.service
-    permissions: '0755'
-    owner: root:root
-    content: |
-      [Unit]
-      After=setup-kube-system.service
-
       [Service]
       Type=simple
       StartLimitInterval=0
@@ -263,10 +261,7 @@ runcmd:
   - chown -R cloud:cloud /home/cloud/.ssh
   - containerd config default > /etc/containerd/config.toml
   - sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
-  - systemctl daemon-reload
-  - systemctl restart containerd
+  - until [ -f /opt/bin/setup-kube-system ]; do sleep 5; done
+  - /opt/bin/setup-kube-system
   - until [ -f /etc/systemd/system/deploy-kube-system.service ]; do sleep 5; done
-  - until [ -f /etc/systemd/system/setup-kube-system.service ]; do sleep 5; done
-  - [ systemctl, start, setup-kube-system ]
-  - [ systemctl, start, deploy-kube-system ]
-
+  - systemctl start deploy-kube-system

plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml

@@ -140,7 +140,7 @@ write_files:
               fi
               retval=0
               set +e
-              ctr image import "${BINARIES_DIR}/docker/$line"
+              ctr -n k8s.io image import "${BINARIES_DIR}/docker/$line"
               retval=$?
               set -e
               if [ $retval -eq 0 ]; then
@@ -161,6 +161,15 @@ write_files:
           mkdir -p /opt/provider
           cp "${BINARIES_DIR}/provider.yaml" /opt/provider/provider.yaml
         fi
+
+        PAUSE_IMAGE=`ctr -n k8s.io images ls -q | grep "pause" | sort | tail -n 1`
+        echo $PAUSE_IMAGE
+        if [ -n "$PAUSE_IMAGE" ]; then
+          sed -i "s|sandbox_image = .*|sandbox_image = \"$PAUSE_IMAGE\"|g" /etc/containerd/config.toml
+        fi
+        systemctl daemon-reload
+        systemctl restart containerd
+
         umount "${ISO_MOUNT_DIR}" && rmdir "${ISO_MOUNT_DIR}"
         if [ "$EJECT_ISO_FROM_OS" = true ] && [ "$iso_drive_path" != "" ]; then
           eject "${iso_drive_path}"
@@ -210,6 +219,22 @@ write_files:
         done
       fi
 
+  - path: /opt/bin/deploy-kube-system
+    permissions: '0700'
+    owner: root:root
+    content: |
+      #!/bin/bash -e
+
+      if [[ -f "/home/cloud/success" ]]; then
+      echo "Already provisioned!"
+      exit 0
+      fi
+
+      if [[ "$PATH" != *:/opt/bin && "$PATH" != *:/opt/bin:* ]]; then
+        export PATH=$PATH:/opt/bin
+      fi
+
+      MAX_SETUP_CRUCIAL_CMD_ATTEMPTS=3
       crucial_cmd_attempts=1
       while true; do
         if (( "$crucial_cmd_attempts" > "$MAX_SETUP_CRUCIAL_CMD_ATTEMPTS" )); then
@@ -227,17 +252,6 @@ write_files:
         crucial_cmd_attempts=$[$crucial_cmd_attempts + 1]
       done
 
-  - path: /opt/bin/deploy-kube-system
-    permissions: '0700'
-    owner: root:root
-    content: |
-      #!/bin/bash -e
-
-      if [[ -f "/home/cloud/success" ]]; then
-      echo "Already provisioned!"
-      exit 0
-      fi
-
       K8S_CONFIG_SCRIPTS_COPY_DIR=/tmp/k8sconfigscripts/
 
       if [[ $(systemctl is-active setup-kube-system) != "inactive" ]]; then
@@ -287,43 +301,29 @@ write_files:
       sed  -i '/\[plugins."io.containerd.grpc.v1.cri".registry.mirrors\]/a '"${registryConfig}"'' /etc/containerd/config.toml
 
       echo "Restarting containerd service"
+      systemctl daemon-reload
       systemctl restart containerd
 
-  - path: /etc/systemd/system/setup-kube-system.service
+  - path: /etc/systemd/system/deploy-kube-system.service
     permissions: '0755'
     owner: root:root
     content: |
       [Unit]
       Requires=containerd.service
       After=containerd.service
 
-      [Service]
-      Type=simple
-      StartLimitInterval=0
-      ExecStart=/opt/bin/setup-kube-system
-
-  - path: /etc/systemd/system/deploy-kube-system.service
-    permissions: '0755'
-    owner: root:root
-    content: |
-      [Unit]
-      After=setup-kube-system.service
-
       [Service]
       Type=simple
       StartLimitInterval=0
       Restart=on-failure
-      ExecStartPre=/usr/bin/curl -k https://127.0.0.1:6443/version
       ExecStart=/opt/bin/deploy-kube-system
 
 runcmd:
   - chown -R cloud:cloud /home/cloud/.ssh
   - containerd config default > /etc/containerd/config.toml
   - sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
-  - systemctl daemon-reload
-  - systemctl restart containerd
+  - until [ -f /opt/bin/setup-kube-system ]; do sleep 5; done
+  - /opt/bin/setup-kube-system
   - until [ -f /etc/systemd/system/deploy-kube-system.service ]; do sleep 5; done
-  - until [ -f /etc/systemd/system/setup-kube-system.service ]; do sleep 5; done
-  - [ systemctl, start, setup-kube-system ]
-  - [ systemctl, start, deploy-kube-system ]
+  - systemctl start deploy-kube-system
 

plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-node.yml

@@ -120,7 +120,7 @@ write_files:
               fi
               retval=0
               set +e
-              ctr image import "${BINARIES_DIR}/docker/$line"
+              ctr -n k8s.io image import "${BINARIES_DIR}/docker/$line"
               retval=$?
               set -e
               if [ $retval -eq 0 ]; then
@@ -139,6 +139,15 @@ write_files:
           mkdir -p /opt/provider
           cp "${BINARIES_DIR}/provider.yaml" /opt/provider/provider.yaml
         fi
+
+        PAUSE_IMAGE=`ctr -n k8s.io images ls -q | grep "pause" | sort | tail -n 1`
+        echo $PAUSE_IMAGE
+        if [ -n "$PAUSE_IMAGE" ]; then
+          sed -i "s|sandbox_image = .*|sandbox_image = \"$PAUSE_IMAGE\"|g" /etc/containerd/config.toml
+        fi
+        systemctl daemon-reload
+        systemctl restart containerd
+
         umount "${ISO_MOUNT_DIR}" && rmdir "${ISO_MOUNT_DIR}"
         if [ "$EJECT_ISO_FROM_OS" = true ] && [ "$iso_drive_path" != "" ]; then
           eject "${iso_drive_path}"
@@ -230,28 +239,17 @@ write_files:
       sed  -i '/\[plugins."io.containerd.grpc.v1.cri".registry.mirrors\]/a '"${registryConfig}"'' /etc/containerd/config.toml
 
       echo "Restarting containerd service"
+      systemctl daemon-reload
       systemctl restart containerd
 
-  - path: /etc/systemd/system/setup-kube-system.service
+  - path: /etc/systemd/system/deploy-kube-system.service
     permissions: '0755'
     owner: root:root
     content: |
       [Unit]
       Requires=containerd.service
       After=containerd.service
 
-      [Service]
-      Type=simple
-      StartLimitInterval=0
-      ExecStart=/opt/bin/setup-kube-system
-
-  - path: /etc/systemd/system/deploy-kube-system.service
-    permissions: '0755'
-    owner: root:root
-    content: |
-      [Unit]
-      After=setup-kube-system.service
-
       [Service]
       Type=simple
       StartLimitInterval=0
@@ -263,9 +261,7 @@ runcmd:
   - chown -R cloud:cloud /home/cloud/.ssh
   - containerd config default > /etc/containerd/config.toml
   - sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
-  - systemctl daemon-reload
-  - systemctl restart containerd
+  - until [ -f /opt/bin/setup-kube-system ]; do sleep 5; done
+  - /opt/bin/setup-kube-system
   - until [ -f /etc/systemd/system/deploy-kube-system.service ]; do sleep 5; done
-  - until [ -f /etc/systemd/system/setup-kube-system.service ]; do sleep 5; done
-  - [ systemctl, start, setup-kube-system ]
-  - [ systemctl, start, deploy-kube-system ]
+  - systemctl start deploy-kube-system

plugins/integrations/kubernetes-service/src/main/resources/script/upgrade-kubernetes.sh

@@ -93,7 +93,7 @@ if [ -d "$BINARIES_DIR" ]; then
   output=`ls ${BINARIES_DIR}/docker/`
   if [ "$output" != "" ]; then
     while read -r line; do
-        ctr image import "${BINARIES_DIR}/docker/$line"
+        ctr -n k8s.io image import "${BINARIES_DIR}/docker/$line"
     done <<< "$output"
   fi
   if [ -e "${BINARIES_DIR}/provider.yaml" ]; then
@@ -107,6 +107,12 @@ if [ -d "$BINARIES_DIR" ]; then
     cp "${BINARIES_DIR}/autoscaler.yaml" /opt/autoscaler/autoscaler_tmpl.yaml
   fi
 
+  PAUSE_IMAGE=`ctr -n k8s.io images ls -q | grep "pause" | sort | tail -n 1`
+  echo $PAUSE_IMAGE
+  if [ -n "$PAUSE_IMAGE" ]; then
+    sed -i "s|sandbox_image = .*|sandbox_image = \"$PAUSE_IMAGE\"|g" /etc/containerd/config.toml
+  fi
+
   tar -f "${BINARIES_DIR}/cni/cni-plugins-"*64.tgz -C /opt/cni/bin -xz
   tar -f "${BINARIES_DIR}/cri-tools/crictl-linux-"*64.tar.gz -C /opt/bin -xz
 
@@ -129,6 +135,9 @@ if [ -d "$BINARIES_DIR" ]; then
   systemctl stop kubelet
   cp -a ${BINARIES_DIR}/k8s/{kubelet,kubectl} /opt/bin
   chmod +x {kubelet,kubectl}
+
+  systemctl daemon-reload
+  systemctl restart containerd
   systemctl restart kubelet
 
   if [ "${IS_MAIN_CONTROL}" == 'true' ]; then