From a3b44b574fbbe049957378fdf52b418e63b40668 Mon Sep 17 00:00:00 2001 From: David Porter Date: Thu, 12 Jan 2023 16:20:20 -0800 Subject: [PATCH] cluster/gce: Fetch image from image family Currently, we hardcode the exact image to use in cluster/gce. This is problematic as the image gets stale very frequently and has old versions of components such as containerd, kernel, and CVE issues. Instead, fetch the latest image from the image family. This will ensure the image will stay up to date. Each image change in image family is expected to be minor. Switching to a new LTS milestone will require updating the image family set. Also add new kube-up environment variables to allow controlling the image family used, namely: * IMAGE_FAMILY - default image family to use * MASTER_IMAGE_FAMILY - image family for master to use (defaults to IMAGE_FAMILY if unset) * NODE_IMAGE_FAMILY - image family for node to use (defaults to IMAGE_FAMILY if unset) Signed-off-by: David Porter --- cluster/gce/config-default.sh | 8 +++++++- cluster/gce/config-test.sh | 8 +++++++- cluster/gce/util.sh | 30 +++++++++++++++++++++++------- 3 files changed, 37 insertions(+), 9 deletions(-) diff --git a/cluster/gce/config-default.sh b/cluster/gce/config-default.sh index cf4bd382bc4..a4d506206a0 100755 --- a/cluster/gce/config-default.sh +++ b/cluster/gce/config-default.sh @@ -86,10 +86,16 @@ fi # you are updating the os image versions, update this variable. # Also please update corresponding image for node e2e at: # https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/image-config.yaml -GCI_VERSION=${KUBE_GCI_VERSION:-cos-97-16919-103-16} +# +# By default, the latest image from the image family will be used unless an +# explicit image will be set. +GCI_VERSION=${KUBE_GCI_VERSION:-} +IMAGE_FAMILY=${KUBE_IMAGE_FAMILY:-cos-97-lts} export MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-} +export MASTER_IMAGE_FAMILY=${KUBE_GCE_MASTER_IMAGE_FAMILY:-${IMAGE_FAMILY}} export MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud} export NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}} +export NODE_IMAGE_FAMILY=${KUBE_GCE_NODE_IMAGE_FAMILY:-${IMAGE_FAMILY}} export NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-cos-cloud} export NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default} diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh index 98762fe9901..a56a99089a9 100755 --- a/cluster/gce/config-test.sh +++ b/cluster/gce/config-test.sh @@ -99,10 +99,16 @@ ALLOWED_NOTREADY_NODES=${ALLOWED_NOTREADY_NODES:-$(($(get-num-nodes) / 100))} # you are updating the os image versions, update this variable. # Also please update corresponding image for node e2e at: # https://github.com/kubernetes/kubernetes/blob/master/test/e2e_node/jenkins/image-config.yaml -GCI_VERSION=${KUBE_GCI_VERSION:-cos-97-16919-103-16} +# +# By default, the latest image from the image family will be used unless an +# explicit image will be set. +GCI_VERSION=${KUBE_GCI_VERSION:-} +IMAGE_FAMILY=${KUBE_IMAGE_FAMILY:-cos-97-lts} export MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-} +export MASTER_IMAGE_FAMILY=${KUBE_GCE_MASTER_IMAGE_FAMILY:-${IMAGE_FAMILY}} export MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud} export NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}} +export NODE_IMAGE_FAMILY=${KUBE_GCE_NODE_IMAGE_FAMILY:-${IMAGE_FAMILY}} export NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-cos-cloud} export NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default} diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index 7df28267e03..47356bf9874 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -48,13 +48,20 @@ fi if [[ "${MASTER_OS_DISTRIBUTION}" == "gci" ]]; then DEFAULT_GCI_PROJECT=google-containers - if [[ "${GCI_VERSION}" == "cos"* ]]; then + if [[ "${GCI_VERSION}" == "cos"* ]] || [[ "${MASTER_IMAGE_FAMILY}" == "cos"* ]]; then DEFAULT_GCI_PROJECT=cos-cloud fi export MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-${DEFAULT_GCI_PROJECT}} - # If the master image is not set, we use the latest GCI image. - # Otherwise, we respect whatever is set by the user. - export MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-${GCI_VERSION}} + + # If the master image is not set, we use the latest image based on image + # family. + kube_master_image="${KUBE_GCE_MASTER_IMAGE:-${GCI_VERSION}}" + if [[ -z "${kube_master_image}" ]]; then + kube_master_image=$(gcloud compute images list --project="${MASTER_IMAGE_PROJECT}" --no-standard-images --filter="family:${MASTER_IMAGE_FAMILY}" --format 'value(name)') + fi + + echo "Using image: ${kube_master_image} from project: ${MASTER_IMAGE_PROJECT} as master image" >&2 + export MASTER_IMAGE="${kube_master_image}" fi # Sets node image based on the specified os distro. Currently this function only @@ -69,14 +76,23 @@ fi function set-linux-node-image() { if [[ "${NODE_OS_DISTRIBUTION}" == "gci" ]]; then DEFAULT_GCI_PROJECT=google-containers - if [[ "${GCI_VERSION}" == "cos"* ]]; then + if [[ "${GCI_VERSION}" == "cos"* ]] || [[ "${NODE_IMAGE_FAMILY}" == "cos"* ]]; then DEFAULT_GCI_PROJECT=cos-cloud fi - # If the node image is not set, we use the latest GCI image. + # If the node image is not set, we use the latest image based on image + # family. # Otherwise, we respect whatever is set by the user. - NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}} NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-${DEFAULT_GCI_PROJECT}} + local kube_node_image + + kube_node_image="${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}}" + if [[ -z "${kube_node_image}" ]]; then + kube_node_image=$(gcloud compute images list --project="${NODE_IMAGE_PROJECT}" --no-standard-images --filter="family:${NODE_IMAGE_FAMILY}" --format 'value(name)') + fi + + echo "Using image: ${kube_node_image} from project: ${NODE_IMAGE_PROJECT} as node image" >&2 + export NODE_IMAGE="${kube_node_image}" fi }