xrstf/build.sh

## build.sh
#!/usr/bin/env bash

set -euo pipefail

# This script should be placed in the root of the cloud-controller-gcp working copy.
cd $(dirname $0)

set -x

# re-generating the bazel output takes foreeeeeeever, so be careful when you
# wipe the output directory…

# rm -rf output
# mkdir -p output

# docker run \
#   --rm \
#   -e "USER=$(id -u)" \
#   -u "$(id -u):$(id -g)" \
#   -v "$(realpath .):/src/workspace" \
#   -v "$(realpath output):/tmp/output" \
#   -w "/src/workspace" \
#   gcr.io/bazel-public/bazel:5.4.0 \
#     --output_user_root=/tmp/output \
#     build //release:kubernetes-manifests

sudo rm -rf build
mkdir -p build

# get half-precompiled manifests
cp output/*/external/io_k8s_release/kubernetes-manifests.tar.gz build

# extract them
cd build
tar xzf kubernetes-manifests.tar.gz

# generate final manifests
cd kubernetes/gci-trusty

mkdir compiled

# this value has been copied from the original script, where it's set in the main() function,
# which we do not execute here
CLOUD_CONTROLLER_MANAGER_CPU_REQUEST="50m"
KUBE_HOME="/home/kubernetes"

touch tempfile

# script requires root permissions as it runs chown
docker run \
  --rm \
  -it \
\
  -e "CLOUD_PROVIDER_FLAG=external" \
  -e "KUBERNETES_MASTER=true" \
  -e "KUBE_HOME=$KUBE_HOME" \
  -e "CLOUD_CONTROLLER_MANAGER_TOKEN=not-relevant" \
  -e "PV_RECYCLER_OVERRIDE_TEMPLATE=$KUBE_HOME/kube-manifests/kubernetes/pv-recycler-template.yaml" \
  -e "CLOUD_CONTROLLER_MANAGER_CPU_REQUEST=$CLOUD_CONTROLLER_MANAGER_CPU_REQUEST" \
\
  -v "$(realpath .):$KUBE_HOME/kube-manifests/kubernetes/gci-trusty" \
  -v "$(realpath tempfile):/etc/gce.conf" \
  -v "$(realpath compiled):/etc/kubernetes" \
  -w "$KUBE_HOME/kube-manifests/kubernetes/gci-trusty" \
  ubuntu:trusty bash -c "source gci-configure-helper.sh; override-pv-recycler; compute-master-manifest-variables; start-cloud-controller-manager"

# sane ownership
sudo chown -R "$(id -u):$(id -g)" compiled

# cleanup
yq e -P compiled/manifests > compiled/cloud-controller-manager.yaml
rm compiled/manifests

cd compiled
cp -ar * ../../../

cd ../../../
rm -rf kubernetes

## cloud-controller-manager.yaml
apiVersion: v1
kind: Pod
metadata:
  name: cloud-controller-manager
  namespace: kube-system
  labels:
    tier: control-plane
    component: cloud-controller-manager
spec:
  securityContext:
    seccompProfile:
      type: RuntimeDefault
  priorityClassName: system-node-critical
  hostNetwork: true
  containers:
    - name: cloud-controller-manager
      image: gcr.io/k8s-staging-cloud-provider-gcp/cloud-controller-manager:v26.2.4
      resources:
        requests:
          cpu: 50m
      args:
        - --log-file=/var/log/cloud-controller-manager.log
        - --also-stdout=false
        - --redirect-stderr=true
        - /cloud-controller-manager
        - --v=4
        - --cloud-config=/etc/gce.conf
        - --secure-port=10258
        - --use-service-account-credentials
        - --cloud-provider=gce
        - --kubeconfig=/etc/srv/kubernetes/cloud-controller-manager/kubeconfig
        - --authorization-kubeconfig=/etc/srv/kubernetes/cloud-controller-manager/kubeconfig
        - --authentication-kubeconfig=/etc/srv/kubernetes/cloud-controller-manager/kubeconfig
      livenessProbe:
        httpGet:
          host: 127.0.0.1
          port: 10258
          scheme: HTTPS
          path: /healthz
        initialDelaySeconds: 15
        timeoutSeconds: 15
      volumeMounts:
        - name: cloudconfigmount
          mountPath: /etc/gce.conf
          readOnly: true
        - name: pv-recycler-mount
          mountPath: /home/kubernetes/kube-manifests/kubernetes/pv-recycler-template.yaml
          readOnly: true
        - name: srvkube
          mountPath: /etc/srv/kubernetes
          readOnly: true
        - name: logfile
          mountPath: /var/log/cloud-controller-manager.log
          readOnly: false
        - name: etcssl
          mountPath: /etc/ssl
          readOnly: true
        - name: usrsharecacerts
          mountPath: /usr/share/ca-certificates
          readOnly: true
        - name: varssl
          mountPath: /var/ssl
          readOnly: true
        - name: etcopenssl
          mountPath: /etc/openssl
          readOnly: true
        - name: etcpki
          mountPath: /etc/pki
          readOnly: true
  volumes:
    - name: cloudconfigmount
      hostPath:
        path: /etc/gce.conf
        type: FileOrCreate
    - name: pv-recycler-mount
      hostPath:
        path: /home/kubernetes/kube-manifests/kubernetes/pv-recycler-template.yaml
        type: FileOrCreate
    - name: srvkube
      hostPath:
        path: /etc/srv/kubernetes
    - name: logfile
      hostPath:
        path: /var/log/cloud-controller-manager.log
        type: FileOrCreate
    - name: etcssl
      hostPath:
        path: /etc/ssl
    - name: usrsharecacerts
      hostPath:
        path: /usr/share/ca-certificates
    - name: varssl
      hostPath:
        path: /var/ssl
    - name: etcopenssl
      hostPath:
        path: /etc/openssl
    - name: etcpki
      hostPath:
        path: /etc/pki
	#!/usr/bin/env bash

	set -euo pipefail

	# This script should be placed in the root of the cloud-controller-gcp working copy.
	cd $(dirname $0)

	set -x

	# re-generating the bazel output takes foreeeeeeever, so be careful when you
	# wipe the output directory…

	# rm -rf output
	# mkdir -p output

	# docker run \
	# --rm \
	# -e "USER=$(id -u)" \
	# -u "$(id -u):$(id -g)" \
	# -v "$(realpath .):/src/workspace" \
	# -v "$(realpath output):/tmp/output" \
	# -w "/src/workspace" \
	# gcr.io/bazel-public/bazel:5.4.0 \
	# --output_user_root=/tmp/output \
	# build //release:kubernetes-manifests

	sudo rm -rf build
	mkdir -p build

	# get half-precompiled manifests
	cp output/*/external/io_k8s_release/kubernetes-manifests.tar.gz build

	# extract them
	cd build
	tar xzf kubernetes-manifests.tar.gz

	# generate final manifests
	cd kubernetes/gci-trusty

	mkdir compiled

	# this value has been copied from the original script, where it's set in the main() function,
	# which we do not execute here
	CLOUD_CONTROLLER_MANAGER_CPU_REQUEST="50m"
	KUBE_HOME="/home/kubernetes"

	touch tempfile

	# script requires root permissions as it runs chown
	docker run \
	--rm \
	-it \
	\
	-e "CLOUD_PROVIDER_FLAG=external" \
	-e "KUBERNETES_MASTER=true" \
	-e "KUBE_HOME=$KUBE_HOME" \
	-e "CLOUD_CONTROLLER_MANAGER_TOKEN=not-relevant" \
	-e "PV_RECYCLER_OVERRIDE_TEMPLATE=$KUBE_HOME/kube-manifests/kubernetes/pv-recycler-template.yaml" \
	-e "CLOUD_CONTROLLER_MANAGER_CPU_REQUEST=$CLOUD_CONTROLLER_MANAGER_CPU_REQUEST" \
	\
	-v "$(realpath .):$KUBE_HOME/kube-manifests/kubernetes/gci-trusty" \
	-v "$(realpath tempfile):/etc/gce.conf" \
	-v "$(realpath compiled):/etc/kubernetes" \
	-w "$KUBE_HOME/kube-manifests/kubernetes/gci-trusty" \
	ubuntu:trusty bash -c "source gci-configure-helper.sh; override-pv-recycler; compute-master-manifest-variables; start-cloud-controller-manager"

	# sane ownership
	sudo chown -R "$(id -u):$(id -g)" compiled

	# cleanup
	yq e -P compiled/manifests > compiled/cloud-controller-manager.yaml
	rm compiled/manifests

	cd compiled
	cp -ar * ../../../

	cd ../../../
	rm -rf kubernetes
	apiVersion: v1
	kind: Pod
	metadata:
	name: cloud-controller-manager
	namespace: kube-system
	labels:
	tier: control-plane
	component: cloud-controller-manager
	spec:
	securityContext:
	seccompProfile:
	type: RuntimeDefault
	priorityClassName: system-node-critical
	hostNetwork: true
	containers:
	- name: cloud-controller-manager
	image: gcr.io/k8s-staging-cloud-provider-gcp/cloud-controller-manager:v26.2.4
	resources:
	requests:
	cpu: 50m
	args:
	- --log-file=/var/log/cloud-controller-manager.log
	- --also-stdout=false
	- --redirect-stderr=true
	- /cloud-controller-manager
	- --v=4
	- --cloud-config=/etc/gce.conf
	- --secure-port=10258
	- --use-service-account-credentials
	- --cloud-provider=gce
	- --kubeconfig=/etc/srv/kubernetes/cloud-controller-manager/kubeconfig
	- --authorization-kubeconfig=/etc/srv/kubernetes/cloud-controller-manager/kubeconfig
	- --authentication-kubeconfig=/etc/srv/kubernetes/cloud-controller-manager/kubeconfig
	livenessProbe:
	httpGet:
	host: 127.0.0.1
	port: 10258
	scheme: HTTPS
	path: /healthz
	initialDelaySeconds: 15
	timeoutSeconds: 15
	volumeMounts:
	- name: cloudconfigmount
	mountPath: /etc/gce.conf
	readOnly: true
	- name: pv-recycler-mount
	mountPath: /home/kubernetes/kube-manifests/kubernetes/pv-recycler-template.yaml
	readOnly: true
	- name: srvkube
	mountPath: /etc/srv/kubernetes
	readOnly: true
	- name: logfile
	mountPath: /var/log/cloud-controller-manager.log
	readOnly: false
	- name: etcssl
	mountPath: /etc/ssl
	readOnly: true
	- name: usrsharecacerts
	mountPath: /usr/share/ca-certificates
	readOnly: true
	- name: varssl
	mountPath: /var/ssl
	readOnly: true
	- name: etcopenssl
	mountPath: /etc/openssl
	readOnly: true
	- name: etcpki
	mountPath: /etc/pki
	readOnly: true
	volumes:
	- name: cloudconfigmount
	hostPath:
	path: /etc/gce.conf
	type: FileOrCreate
	- name: pv-recycler-mount
	hostPath:
	path: /home/kubernetes/kube-manifests/kubernetes/pv-recycler-template.yaml
	type: FileOrCreate
	- name: srvkube
	hostPath:
	path: /etc/srv/kubernetes
	- name: logfile
	hostPath:
	path: /var/log/cloud-controller-manager.log
	type: FileOrCreate
	- name: etcssl
	hostPath:
	path: /etc/ssl
	- name: usrsharecacerts
	hostPath:
	path: /usr/share/ca-certificates
	- name: varssl
	hostPath:
	path: /var/ssl
	- name: etcopenssl
	hostPath:
	path: /etc/openssl
	- name: etcpki
	hostPath:
	path: /etc/pki