Documentation
¶
Index ¶
- func CheckCNIArtifacts(log *slog.Logger, rootFS *goalstates.RootFS) preflight.Checker
- func CheckCRIArtifacts(log *slog.Logger, rootFS *goalstates.RootFS) preflight.Checker
- func CheckKubernetesArtifacts(log *slog.Logger, rootFS *goalstates.RootFS) preflight.Checker
- func CheckNSpawnMachineProvisioning(log *slog.Logger, gs *goalstates.RootFS) preflight.Checker
- func CheckOCIImageReachable(log *slog.Logger, rootFS *goalstates.RootFS) preflight.Checker
- func ConfigureOS(goalState *goalstates.RootFS) phases.Task
- func DisableResolved(goalState *goalstates.RootFS) phases.Task
- func DownloadCNIBinaries(log *slog.Logger, goalState *goalstates.RootFS) phases.Task
- func DownloadCRIBinaries(log *slog.Logger, goalState *goalstates.RootFS) phases.Task
- func DownloadKubeBinaries(log *slog.Logger, goalState *goalstates.RootFS) phases.Task
- func EnsureNSpawnWorkspace(log *slog.Logger, goalState *goalstates.RootFS) phases.Task
- func Preflight(log *slog.Logger, _ *provision.UnboundedAgentConfig, ...) []preflight.Checker
- func Provision(log *slog.Logger, gs *goalstates.RootFS) phases.Task
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckCNIArtifacts ¶
CheckCNIArtifacts validates that CNI artifact URLs are reachable without downloading or extracting the full artifact.
func CheckCRIArtifacts ¶
CheckCRIArtifacts validates that CRI artifact URLs are reachable without downloading or extracting the full artifacts.
func CheckKubernetesArtifacts ¶
CheckKubernetesArtifacts validates that Kubernetes binary artifact URLs are reachable without downloading the full binaries or checksum files.
func CheckNSpawnMachineProvisioning ¶
CheckNSpawnMachineProvisioning validates local host paths needed to provision and configure the nspawn machine rootfs.
func CheckOCIImageReachable ¶
CheckOCIImageReachable validates that the OCI rootfs image manifest can be resolved without pulling layers.
func ConfigureOS ¶
func ConfigureOS(goalState *goalstates.RootFS) phases.Task
ConfigureOS returns a task that writes OS-level configuration files into the machine rootfs so that kubelet and container networking work correctly inside systemd-nspawn. This includes an arch-specific apt sources.list so that packages can be installed inside the machine during the nodestart phase.
NOTE: The apt sources are hard-coded to Ubuntu Noble at this moment.
func DisableResolved ¶
func DisableResolved(goalState *goalstates.RootFS) phases.Task
DisableResolved returns a task that masks systemd-resolved inside the container and writes a static resolv.conf copied from the host.
The rootfs includes systemd-resolved which starts on boot and overwrites /etc/resolv.conf with "No DNS servers known." since it has no upstream configuration inside the container. By masking the service and writing a static file we avoid the conflict entirely. With VirtualEthernet=no the container shares the host network namespace, so the host's systemd-resolved stub at 127.0.0.53 is reachable.
NOTE: If we were building our own rootfs we could just ditch systemd-resolved entirely.
func DownloadCNIBinaries ¶
DownloadCNIBinaries returns a task that downloads and installs CNI plugin binaries into the rootfs. It skips the download if all required plugins are already installed and the version matches.
func DownloadCRIBinaries ¶
DownloadCRIBinaries returns a task that downloads and installs containerd and runc binaries into the rootfs. It skips each download if the installed version already matches.
func DownloadKubeBinaries ¶
DownloadKubeBinaries returns a task that downloads and installs Kubernetes node binaries into the rootfs. It skips the download if all required binaries are already installed and the kubelet version matches. Each binary is downloaded individually from the official Kubernetes release CDN (dl.k8s.io) and verified against its published SHA256 checksum.
func EnsureNSpawnWorkspace ¶
EnsureNSpawnWorkspace returns a task that bootstraps an OCI rootfs into the machine directory (if it is empty or missing) and writes the systemd-nspawn configuration files needed to run a Kubernetes node inside a nspawn container.
func Preflight ¶
func Preflight(log *slog.Logger, _ *provision.UnboundedAgentConfig, goalState *goalstates.MachineGoalState) []preflight.Checker
Preflight returns the standard rootfs checks for a resolved machine goal state.
func Provision ¶
Provision returns a composite task that provisions a complete nspawn machine rootfs: bootstrapping the workspace, then downloading Kubernetes, CRI, and CNI binaries in parallel with OS configuration.
This is the shared rootfs provisioning sequence used by both the initial agent start and node update flows.
Types ¶
This section is empty.