December 2023 – 一江春水向东流

使用 GitHub Actions 编译 kubernetes 组件

在使用 kubernetes 过程中由于某些需求往往要修改一下 k8s 官方的源码，然后重新编译才行。本文就以修改 kubeadm 生成证书为默认 100 年为例，来讲解如何使用 GitHub Actions 来编译和发布生成的二进制文件。构建 clone repo 将 kubernetes 官方源码 fork 到自己的 repo 中

$ git clone https://github.com/k8sli/kubernetes.git
$ cd kubernetes
$ git remote add upstream https://github.com/kubernetes/kubernetes.git
$ git fetch --all
$ git checkout upstream/release-1.21
$ git checkout -B kubeadm-1.21

$ git clone https://github.com/k8sli/kubernetes.git

$ cd kubernetes

$ git remote add upstream https://github.com/kubernetes/kubernetes.git

$ git fetch --all

$ git checkout upstream/release-1.21

$ git checkout -B kubeadm-1.21

workflow .github/workflows/kubeadm.yaml

---
name: Build kubeadm binary

on:
  push:
    tag:
      - 'v*'
jobs:
  build:
    runs-on: ubuntu-20.04
    # 这里我们选择以 tag 的方式惩触发 job 的运行
    if: startsWith(github.ref, 'refs/tags/')
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Build kubeadm binary
        shell: bash
        run: |
          # 运行 build/run.sh 构建脚本来编译相应平台上的二进制文件
          build/run.sh make kubeadm KUBE_BUILD_PLATFORMS=linux/amd64
          build/run.sh make kubeadm KUBE_BUILD_PLATFORMS=linux/arm64

      # 构建好的二进制文件存放在 _output/dockerized/bin/ 中
      # 我们根据二进制目标文件的系统名称+CPU体系架构名称进行命名
      - name: Prepare for upload
        shell: bash
        run: |
          mv _output/dockerized/bin/linux/amd64/kubeadm kubeadm-linux-amd64
          mv _output/dockerized/bin/linux/arm64/kubeadm kubeadm-linux-arm64
          sha256sum kubeadm-linux-{amd64,arm64} > sha256sum.txt

      # 使用 softprops/action-gh-release 来将构建产物上传到 GitHub release 当中
      - name: Release and upload packages
        uses: softprops/action-gh-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          files: |
            sha256sum.txt
            kubeadm-linux-amd64
            kubeadm-linux-arm64

---

name: Build kubeadm binary

on:

push:

tag:

- 'v*'

jobs:

build:

runs-on: ubuntu-20.04

# 这里我们选择以 tag 的方式惩触发 job 的运行

if: startsWith(github.ref, 'refs/tags/')

steps:

- name: Checkout

uses: actions/checkout@v2

- name: Build kubeadm binary

shell: bash

run: |

# 运行 build/run.sh 构建脚本来编译相应平台上的二进制文件

build/run.sh make kubeadm KUBE_BUILD_PLATFORMS=linux/amd64

build/run.sh make kubeadm KUBE_BUILD_PLATFORMS=linux/arm64

# 构建好的二进制文件存放在 _output/dockerized/bin/ 中

# 我们根据二进制目标文件的系统名称+CPU体系架构名称进行命名

- name: Prepare for upload

shell: bash

run: |

mv _output/dockerized/bin/linux/amd64/kubeadm kubeadm-linux-amd64

mv _output/dockerized/bin/linux/arm64/kubeadm kubeadm-linux-arm64

sha256sum kubeadm-linux-{amd64,arm64} > sha256sum.txt

# 使用 softprops/action-gh-release 来将构建产物上传到 GitHub release 当中

- name: Release and upload packages

uses: softprops/action-gh-release@v1

env:

GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

with:

files: |

sha256sum.txt

kubeadm-linux-amd64

kubeadm-linux-arm64

build/run.sh : Run a command in a build docker container. Common invocations: build/run.sh make: Build just linux binaries in the container. Pass options and Read more…

By sean, 5 months12/26/2023 ago

github的token使用方法今天从本地向github push代码发，失败了。错误消息如下： remote: Support for password authentication was remove on August 123, 2021. Please use a personal access token instead. 原因是github不再使用密码方式验证身份，现在使用个人token。本文记录，如何生成token 在命令行下怎样使用token github如何生成token github的官方有给出如何生成个人token的文档。参考github官网生成token文档命令行如何使用token 之前，github使用用户名和密码作为身份验证，现在使用用户名和token作为验证。比如，github官网给出的示例。克隆一个仓库，提示输入用户名和密码，此处就可以使用上面生成的token作为密码使用。

$ git clone https://github.com/username/repo.git
Username: your_username
Password: your_token

$ git clone https://github.com/username/repo.git

Username: your_username

Password: your_token

但是有一个问题，我们总不能记住那么长的一串token吧为了解决这个问题，github提供了gh工具，通过gh登录验证身份后，之后再不需要验证身份。此处只演示ubuntu安装gh工具。

$ sudo apt update
$ sudo apt install snapd
$ sudo apt install gh

$ sudo apt update

$ sudo apt install snapd

$ sudo apt install gh

然后使用gh进行认证

$ gh auth login
# 输入你的用户名和token

1 2	$ gh auth login # 输入你的用户名和token

如下图所示：使用键盘上下键选择对应项，回车键确认。依次选择Github.com, HTTPS（如果使用的https协议）, 选择使用网页浏览器认证或者粘贴token认证，二者选择一个即可。如果是ssh远程登录，命令行中无法打开远程的浏览器，那么只能选择token验证了。选择使用网页认证：先复制命令行中生成的一次性验证码，比如我这里本次是5C38-D954。然后回车，自动打开网页浏览器，输入一次性验证码，授权即可完成认证。如果上面选择使用token认证，那么输入你的token即可。如果换了一台机器，那么重新生成一个新的token，然后gh auth login即可。

By sean, 5 months12/26/2023 ago

HANDBOOK

解决ansible mitogen 0.3.0+ 插件未渲染ansible_ssh_common_args模板变量问题

问题使用ansible mitogen 0.3.4插件进行kubespray安装时，报错： EOF on stream; last 100 lines received:\nssh: Could not resolve hostname {%: Name or service not known 分析经过debug分析，kubespray-default默认定义了如下变量模板：

ansible_ssh_common_args: |
"{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p 
-p {{ hostvars['bastion']['ansible_port'] | default(22) }} {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}
-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"

ansible_ssh_common_args: |

"{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p

-p {{ hostvars['bastion']['ansible_port'] | default(22) }} {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}

-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"

但是通过ansible role去执行后，通过mitogen进行ssh并没有渲染出来变量：

mitogen.parent: command line for Connection(None): ssh -o "LogLevel ERROR" -l root -p 22 -o "Compression yes" -o "ServerAliveInterval 30" -o "ServerAliveCountMax 10" 
-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null" -o "GlobalKnownHostsFile /dev/null" -C -o ControlMaster=auto 
-o ControlPersist=60s {% if bastion in groups[all] %} -o "ProxyCommand=ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p 
-p {{ hostvars[bastion][ansible_port] | default(22) }} {{ hostvars[bastion][ansible_user] }}@{{ hostvars[bastion][ansible_host] }} {% if ansible_ssh_private_key_file is defined %}
-i {{ ansible_ssh_private_key_file }}{% endif %} " {% endif %} 172.20.59.209 /usr/bin/python -c

mitogen.parent: command line for Connection(None): ssh -o "LogLevel ERROR" -l root -p 22 -o "Compression yes" -o "ServerAliveInterval 30" -o "ServerAliveCountMax 10"

-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null" -o "GlobalKnownHostsFile /dev/null" -C -o ControlMaster=auto

-o ControlPersist=60s {% if bastion in groups[all] %} -o "ProxyCommand=ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p

-p {{ hostvars[bastion][ansible_port] | default(22) }} {{ hostvars[bastion][ansible_user] }}@{{ hostvars[bastion][ansible_host] }} {% if ansible_ssh_private_key_file is defined %}

-i {{ ansible_ssh_private_key_file }}{% endif %} " {% endif %} 172.20.59.209 /usr/bin/python -c

可以看到，mitogen的ssh将ansible_ssh_common_args原封不动地输出来了修改源码验证：修改transport_config.py，增加debug信息：

476     def ssh_args(self):
478         print('------------>')
479         print('ssh_args: ',C.config.get_config_value("ssh_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})))
480         print('ssh_common_args: ',C.config.get_config_value("ssh_common_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})))
481         print('ssh_extra_args: ', C.config.get_config_value("ssh_extra_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})))
482         print('----------->')
483         return [
484             mitogen.core.to_text(term)
485             for s in (
486                 C.config.get_config_value("ssh_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})),
487                 C.config.get_config_value("ssh_common_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})),
488                 C.config.get_config_value("ssh_extra_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {}))
489                 #C.config.get_config_value("ssh_args", plugin_type="connection", plugin_name="ssh", variables=local_vars),
490                 #C.config.get_config_value("ssh_common_args", plugin_type="connection", plugin_name="ssh", variables=local_vars),
491                 #C.config.get_config_value("ssh_extra_args", plugin_type="connection", plugin_name="ssh", variables=local_vars)
492             )
493             for term in ansible.utils.shlex.shlex_split(s or '')
494         ]

476 def ssh_args(self):

478 print('------------>')

479 print('ssh_args: ',C.config.get_config_value("ssh_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})))

480 print('ssh_common_args: ',C.config.get_config_value("ssh_common_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})))

481 print('ssh_extra_args: ', C.config.get_config_value("ssh_extra_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})))

482 print('----------->')

483 return [

484 mitogen.core.to_text(term)

485 for s in (

486 C.config.get_config_value("ssh_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})),

487 C.config.get_config_value("ssh_common_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {})),

488 C.config.get_config_value("ssh_extra_args", plugin_type="connection", plugin_name="ssh", variables=self._task_vars.get("vars", {}))

489 #C.config.get_config_value("ssh_args", plugin_type="connection", plugin_name="ssh", variables=local_vars),

490 #C.config.get_config_value("ssh_common_args", plugin_type="connection", plugin_name="ssh", variables=local_vars),

491 #C.config.get_config_value("ssh_extra_args", plugin_type="connection", plugin_name="ssh", variables=local_vars)

492 )

493 for term in ansible.utils.shlex.shlex_split(s or '')

494 ]

下面是输出：

------------>
ssh_args:  -o ControlMaster=auto -o ControlPersist=1d -o UserKnownHostsFile=/dev/null -o ConnectTimeout=30 -o Compression=yes -o TCPKeepAlive=yes -o ServerAliveInterval=60 -o StrictHostKeyChecking=no -o AddKeysToAgent=yes -o ControlPath=~/.ssh/%r@%h-%p
ssh_common_args:  {% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -p {{ hostvars['bastion']['ansible_port'] | default(22) }} {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}
ssh_extra_args:  
----------->

------------>

ssh_args: -o ControlMaster=auto -o ControlPersist=1d -o UserKnownHostsFile=/dev/null -o ConnectTimeout=30 -o Compression=yes -o TCPKeepAlive=yes -o ServerAliveInterval=60 -o StrictHostKeyChecking=no -o AddKeysToAgent=yes -o ControlPath=~/.ssh/%r@%h-%p

ssh_common_args: {% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -p {{ hostvars['bastion']['ansible_port'] | default(22) }} {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}

ssh_extra_args:

----------->

可以看到ssh_common_args变量没有渲染解决将_task_vars.get(“vars”, {}) 改为 _task_vars.get(“hostvars”, {})，从hostvars取值搜索官方issures: https://github.com/mitogen-hq/mitogen/pull/956 commit ac34252bcccb60b50e6a8ed3a3b2f42d256d62e0 https://github.com/mitogen-hq/mitogen/pull/956/commits/ac34252bcccb60b50e6a8ed3a3b2f42d256d62e0 总结 Read more…

By sean, 5 months12/07/2023 ago

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31