Make protokube a systemd process

2021-03-06 00:32:44 +05:30 · 2021-03-06 00:32:44 +05:30 · d45514cff3
parent 5cc94d76a6
commit d45514cff3
7 changed files with 94 additions and 446 deletions
--- a/nodeup/pkg/model/BUILD.bazel
+++ b/nodeup/pkg/model/BUILD.bazel
@ -38,7 +38,6 @@ go_library(
    importpath = "k8s.io/kops/nodeup/pkg/model",
    visibility = ["//visibility:public"],
    deps = [
-        "//:go_default_library",
        "//nodeup/pkg/model/resources:go_default_library",
        "//pkg/apis/kops:go_default_library",
        "//pkg/apis/kops/model:go_default_library",
--- a/nodeup/pkg/model/protokube.go
+++ b/nodeup/pkg/model/protokube.go
@ -17,13 +17,12 @@ limitations under the License.
 package model

 import (
-	"bytes"
 	"fmt"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"

-	kopsbase "k8s.io/kops"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/apis/kops/util"
 	"k8s.io/kops/pkg/assets"
@ -33,8 +32,8 @@ import (
 	"k8s.io/kops/pkg/systemd"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
-	"k8s.io/kops/util/pkg/architectures"
 	"k8s.io/kops/util/pkg/distributions"
+
 	"k8s.io/kops/util/pkg/proxy"

 	"github.com/blang/semver/v4"
@ -58,15 +57,32 @@ func (t *ProtokubeBuilder) Build(c *fi.ModelBuilderContext) error {
 		return nil
 	}

-	if protokubeImage := t.NodeupConfig.ProtokubeImage[t.Architecture]; protokubeImage != nil {
-		c.AddTask(&nodetasks.LoadImageTask{
-			Name:    "protokube",
-			Sources: protokubeImage.Sources,
-			Hash:    protokubeImage.Hash,
-			Runtime: t.Cluster.Spec.ContainerRuntime,
-		})
+	protokubeBinName, protokubeBinRes, err := t.Assets.FindMatch(regexp.MustCompile("protokube$"))
+	if err != nil {
+		return err
 	}

+	fileTaskProtokubeBin := &nodetasks.File{
+		Path:     filepath.Join("/opt/kops/bin", protokubeBinName),
+		Contents: protokubeBinRes,
+		Type:     nodetasks.FileType_File,
+		Mode:     fi.String("0755"),
+	}
+	c.AddTask(fileTaskProtokubeBin)
+
+	channelBinName, channelBinRes, err := t.Assets.FindMatch(regexp.MustCompile("channels$"))
+	if err != nil {
+		return err
+	}
+
+	fileTaskChannel := &nodetasks.File{
+		Path:     filepath.Join("/opt/kops/bin", channelBinName),
+		Contents: channelBinRes,
+		Type:     nodetasks.FileType_File,
+		Mode:     fi.String("0755"),
+	}
+	c.AddTask(fileTaskChannel)
+
 	if t.IsMaster {
 		name := nodetasks.PKIXName{
 			CommonName:   "kops",
@ -96,6 +112,12 @@ func (t *ProtokubeBuilder) Build(c *fi.ModelBuilderContext) error {
 		}
 	}

+	envFileTask, err := t.buildProtokubeEnvironmentVariables()
+	if err != nil {
+		return err
+	}
+	c.AddTask(envFileTask)
+
 	service, err := t.buildSystemdService()
 	if err != nil {
 		return err
@ -128,27 +150,12 @@ func (t *ProtokubeBuilder) buildSystemdService() (*nodetasks.Service, error) {
 		return nil, err
 	}

-	protokubeContainerStopCommand, err := t.ProtokubeContainerStopCommand()
-	if err != nil {
-		return nil, err
-	}
-	protokubeContainerRemoveCommand, err := t.ProtokubeContainerRemoveCommand()
-	if err != nil {
-		return nil, err
-	}
-	protokubeContainerRunCommand, err := t.ProtokubeContainerRunCommand()
-	if err != nil {
-		return nil, err
-	}
-
 	manifest := &systemd.Manifest{}
 	manifest.Set("Unit", "Description", "Kubernetes Protokube Service")
 	manifest.Set("Unit", "Documentation", "https://github.com/kubernetes/kops")

-	// @step: let need a dependency for any volumes to be mounted first
-	manifest.Set("Service", "ExecStartPre", protokubeContainerStopCommand)
-	manifest.Set("Service", "ExecStartPre", protokubeContainerRemoveCommand)
-	manifest.Set("Service", "ExecStart", protokubeContainerRunCommand+" "+protokubeRunArgs)
+	manifest.Set("Service", "ExecStart", "/opt/kops/bin/protokube"+" "+protokubeRunArgs)
+	manifest.Set("Service", "EnvironmentFile", "/etc/sysconfig/protokube")
 	manifest.Set("Service", "Restart", "always")
 	manifest.Set("Service", "RestartSec", "3s")
 	manifest.Set("Service", "StartLimitInterval", "0")
@ -167,161 +174,6 @@ func (t *ProtokubeBuilder) buildSystemdService() (*nodetasks.Service, error) {
 	return service, nil
 }

-// ProtokubeImageName returns the docker image for protokube
-func (t *ProtokubeBuilder) ProtokubeImageName() string {
-	name := ""
-	if t.NodeupConfig.ProtokubeImage[t.Architecture] != nil && t.NodeupConfig.ProtokubeImage[t.Architecture].Name != "" {
-		name = t.NodeupConfig.ProtokubeImage[t.Architecture].Name
-	}
-	if name == "" {
-		// use current default corresponding to this version of nodeup
-		name = kopsbase.DefaultProtokubeImageName()
-	}
-	return name
-}
-
-// ProtokubeContainerStopCommand returns the command that stops the Protokube container, before being removed
-func (t *ProtokubeBuilder) ProtokubeContainerStopCommand() (string, error) {
-	var containerStopCommand string
-	if t.Cluster.Spec.ContainerRuntime == "docker" {
-		containerStopCommand = "-/usr/bin/docker stop protokube"
-	} else if t.Cluster.Spec.ContainerRuntime == "containerd" {
-		containerStopCommand = "/bin/true"
-	} else {
-		return "", fmt.Errorf("unable to create protokube stop command for unsupported runtime %q", t.Cluster.Spec.ContainerRuntime)
-	}
-	return containerStopCommand, nil
-}
-
-// ProtokubeContainerRemoveCommand returns the command that removes the Protokube container
-func (t *ProtokubeBuilder) ProtokubeContainerRemoveCommand() (string, error) {
-	var containerRemoveCommand string
-	if t.Cluster.Spec.ContainerRuntime == "docker" {
-		containerRemoveCommand = "-/usr/bin/docker rm protokube"
-	} else if t.Cluster.Spec.ContainerRuntime == "containerd" {
-		containerRemoveCommand = "-/usr/bin/ctr --namespace k8s.io container rm protokube"
-	} else {
-		return "", fmt.Errorf("unable to create protokube remove command for unsupported runtime %q", t.Cluster.Spec.ContainerRuntime)
-	}
-	return containerRemoveCommand, nil
-}
-
-// ProtokubeContainerRunCommand returns the command that runs the Protokube container
-func (t *ProtokubeBuilder) ProtokubeContainerRunCommand() (string, error) {
-	var containerRunArgs []string
-	if t.Cluster.Spec.ContainerRuntime == "docker" {
-		containerRunArgs = append(containerRunArgs, []string{
-			"/usr/bin/docker run",
-			"--net=host",
-			"--pid=host",   // Needed for mounting in a container (when using systemd mounting?)
-			"--privileged", // We execute in the host namespace
-			"--volume /:/rootfs",
-			"--env KUBECONFIG=/rootfs/var/lib/kops/kubeconfig",
-		}...)
-
-		// Mount bin dirs from host, required for "k8s.io/utils/mount" and "k8s.io/utils/nsenter"
-		containerRunArgs = append(containerRunArgs, []string{
-			"--volume /bin:/bin:ro",
-			"--volume /lib:/lib:ro",
-			"--volume /sbin:/sbin:ro",
-			"--volume /usr/bin:/usr/bin:ro",
-			"--volume /var/run/dbus:/var/run/dbus",
-			"--volume /run/systemd:/run/systemd",
-		}...)
-
-		if t.Architecture == architectures.ArchitectureAmd64 {
-			containerRunArgs = append(containerRunArgs, []string{
-				"--volume /lib64:/lib64:ro",
-			}...)
-		}
-
-		if fi.BoolValue(t.Cluster.Spec.UseHostCertificates) {
-			containerRunArgs = append(containerRunArgs, []string{
-				"--volume /etc/ssl/certs:/etc/ssl/certs",
-			}...)
-		}
-
-		// add kubectl only if a master
-		// path changes depending on distro, and always mount it on /opt/kops/bin
-		// kubectl is downloaded and installed by other tasks
-		if t.IsMaster {
-			containerRunArgs = append(containerRunArgs, []string{
-				"--volume " + t.KubectlPath() + ":/opt/kops/bin:ro",
-				"--env PATH=/opt/kops/bin:/usr/bin:/sbin:/bin",
-			}...)
-		}
-
-		protokubeEnvVars := t.ProtokubeEnvironmentVariables()
-		if protokubeEnvVars != "" {
-			containerRunArgs = append(containerRunArgs, []string{
-				protokubeEnvVars,
-			}...)
-		}
-
-		containerRunArgs = append(containerRunArgs, []string{
-			"--name", "protokube",
-			t.ProtokubeImageName(),
-			"/protokube",
-		}...)
-
-	} else if t.Cluster.Spec.ContainerRuntime == "containerd" {
-		containerRunArgs = append(containerRunArgs, []string{
-			"/usr/bin/ctr --namespace k8s.io run",
-			"--net-host",
-			"--with-ns pid:/proc/1/ns/pid",
-			"--privileged",
-			"--mount type=bind,src=/,dst=/rootfs,options=rbind:rslave",
-			"--env KUBECONFIG=/rootfs/var/lib/kops/kubeconfig",
-		}...)
-
-		// Mount bin dirs from host, required for "k8s.io/utils/mount" and "k8s.io/utils/nsenter"
-		containerRunArgs = append(containerRunArgs, []string{
-			"--mount type=bind,src=/bin,dst=/bin,options=rbind:ro:rprivate",
-			"--mount type=bind,src=/lib,dst=/lib,options=rbind:ro:rprivate",
-			"--mount type=bind,src=/sbin,dst=/sbin,options=rbind:ro:rprivate",
-			"--mount type=bind,src=/usr/bin,dst=/usr/bin,options=rbind:ro:rprivate",
-			"--mount type=bind,src=/var/run/dbus,dst=/var/run/dbus,options=rbind:rprivate",
-			"--mount type=bind,src=/run/systemd,dst=/run/systemd,options=rbind:rprivate",
-		}...)
-
-		if t.Architecture == architectures.ArchitectureAmd64 {
-			containerRunArgs = append(containerRunArgs, []string{
-				"--mount type=bind,src=/lib64,dst=/lib64,options=rbind:ro:rprivate",
-			}...)
-		}
-
-		if fi.BoolValue(t.Cluster.Spec.UseHostCertificates) {
-			containerRunArgs = append(containerRunArgs, []string{
-				"--mount type=bind,src=/etc/ssl/certs,dst=/etc/ssl/certs,options=rbind:ro:rprivate",
-			}...)
-		}
-
-		if t.IsMaster {
-			containerRunArgs = append(containerRunArgs, []string{
-				"--mount type=bind,src=" + t.KubectlPath() + ",dst=/opt/kops/bin,options=rbind:ro:rprivate",
-				"--env PATH=/opt/kops/bin:/usr/bin:/sbin:/bin",
-			}...)
-		}
-
-		protokubeEnvVars := t.ProtokubeEnvironmentVariables()
-		if protokubeEnvVars != "" {
-			containerRunArgs = append(containerRunArgs, []string{
-				protokubeEnvVars,
-			}...)
-		}
-
-		containerRunArgs = append(containerRunArgs, []string{
-			"docker.io/library/" + t.ProtokubeImageName(),
-			"protokube",
-			"/protokube",
-		}...)
-	} else {
-		return "", fmt.Errorf("unable to create protokube run command for unsupported runtime %q", t.Cluster.Spec.ContainerRuntime)
-	}
-
-	return strings.Join(containerRunArgs, " "), nil
-}
-
 // ProtokubeFlags are the flags for protokube
 type ProtokubeFlags struct {
 	ApplyTaints               *bool    `json:"applyTaints,omitempty" flag:"apply-taints"`
@ -391,7 +243,7 @@ func (t *ProtokubeBuilder) ProtokubeFlags(k8sVersion semver.Version) (*Protokube

 	f := &ProtokubeFlags{
 		Channels:                  t.NodeupConfig.Channels,
-		Containerized:             fi.Bool(true),
+		Containerized:             fi.Bool(false),
 		EtcdLeaderElectionTimeout: s(leaderElectionTimeout),
 		EtcdHearbeatInterval:      s(heartbeatInterval),
 		LogLevel:                  fi.Int32(4),
@ -548,49 +400,26 @@ func (t *ProtokubeBuilder) ProtokubeFlags(k8sVersion semver.Version) (*Protokube
 	return f, nil
 }

-// ProtokubeEnvironmentVariables generates the environments variables for docker
-func (t *ProtokubeBuilder) ProtokubeEnvironmentVariables() string {
-	var buffer bytes.Buffer
+func (t *ProtokubeBuilder) buildProtokubeEnvironmentVariables() (*nodetasks.File, error) {
+	var envVars = make(map[string]string)

-	// TODO write out an environments file for this.  This is getting a tad long.
+	envVars["KUBECONFIG"] = "/var/lib/kops/kubeconfig"

 	// Pass in gossip dns connection limit
 	if os.Getenv("GOSSIP_DNS_CONN_LIMIT") != "" {
-		buffer.WriteString(" ")
-		buffer.WriteString("--env 'GOSSIP_DNS_CONN_LIMIT=")
-		buffer.WriteString(os.Getenv("GOSSIP_DNS_CONN_LIMIT"))
-		buffer.WriteString("'")
-		buffer.WriteString(" ")
+		envVars["GOSSIP_DNS_CONN_LIMIT"] = os.Getenv("GOSSIP_DNS_CONN_LIMIT")
 	}

 	// Pass in required credentials when using user-defined s3 endpoint
 	if os.Getenv("AWS_REGION") != "" {
-		buffer.WriteString(" ")
-		buffer.WriteString("--env 'AWS_REGION=")
-		buffer.WriteString(os.Getenv("AWS_REGION"))
-		buffer.WriteString("'")
-		buffer.WriteString(" ")
+		envVars["AWS_REGION"] = os.Getenv("AWS_REGION")
 	}

 	if os.Getenv("S3_ENDPOINT") != "" {
-		buffer.WriteString(" ")
-		buffer.WriteString("--env S3_ENDPOINT=")
-		buffer.WriteString("'")
-		buffer.WriteString(os.Getenv("S3_ENDPOINT"))
-		buffer.WriteString("'")
-		buffer.WriteString(" --env S3_REGION=")
-		buffer.WriteString("'")
-		buffer.WriteString(os.Getenv("S3_REGION"))
-		buffer.WriteString("'")
-		buffer.WriteString(" --env S3_ACCESS_KEY_ID=")
-		buffer.WriteString("'")
-		buffer.WriteString(os.Getenv("S3_ACCESS_KEY_ID"))
-		buffer.WriteString("'")
-		buffer.WriteString(" --env S3_SECRET_ACCESS_KEY=")
-		buffer.WriteString("'")
-		buffer.WriteString(os.Getenv("S3_SECRET_ACCESS_KEY"))
-		buffer.WriteString("'")
-		buffer.WriteString(" ")
+		envVars["S3_ENDPOINT"] = os.Getenv("S3_ENDPOINT")
+		envVars["S3_REGION"] = os.Getenv("S3_REGION")
+		envVars["S3_ACCESS_KEY_ID"] = os.Getenv("S3_ACCESS_KEY_ID")
+		envVars["S3_SECRET_ACCESS_KEY"] = os.Getenv("S3_SECRET_ACCESS_KEY")
 	}

 	if os.Getenv("OS_AUTH_URL") != "" {
@ -605,60 +434,41 @@ func (t *ProtokubeBuilder) ProtokubeEnvironmentVariables() string {
 			"OS_APPLICATION_CREDENTIAL_ID",
 			"OS_APPLICATION_CREDENTIAL_SECRET",
 		} {
-			buffer.WriteString(" --env '")
-			buffer.WriteString(envVar)
-			buffer.WriteString("=")
-			buffer.WriteString(os.Getenv(envVar))
-			buffer.WriteString("'")
+			envVars[envVar] = os.Getenv(envVar)
 		}
 	}

 	if kops.CloudProviderID(t.Cluster.Spec.CloudProvider) == kops.CloudProviderDO && os.Getenv("DIGITALOCEAN_ACCESS_TOKEN") != "" {
-		buffer.WriteString(" ")
-		buffer.WriteString("--env 'DIGITALOCEAN_ACCESS_TOKEN=")
-		buffer.WriteString(os.Getenv("DIGITALOCEAN_ACCESS_TOKEN"))
-		buffer.WriteString("'")
-		buffer.WriteString(" ")
+		envVars["DIGITALOCEAN_ACCESS_TOKEN"] = os.Getenv("DIGITALOCEAN_ACCESS_TOKEN")
 	}

 	if os.Getenv("OSS_REGION") != "" {
-		buffer.WriteString(" ")
-		buffer.WriteString("--env 'OSS_REGION=")
-		buffer.WriteString(os.Getenv("OSS_REGION"))
-		buffer.WriteString("'")
-		buffer.WriteString(" ")
+		envVars["OSS_REGION"] = os.Getenv("OSS_REGION")
 	}

 	if os.Getenv("ALIYUN_ACCESS_KEY_ID") != "" {
-		buffer.WriteString(" ")
-		buffer.WriteString("--env 'ALIYUN_ACCESS_KEY_ID=")
-		buffer.WriteString(os.Getenv("ALIYUN_ACCESS_KEY_ID"))
-		buffer.WriteString("'")
-		buffer.WriteString(" --env 'ALIYUN_ACCESS_KEY_SECRET=")
-		buffer.WriteString(os.Getenv("ALIYUN_ACCESS_KEY_SECRET"))
-		buffer.WriteString("'")
-		buffer.WriteString(" ")
+		envVars["ALIYUN_ACCESS_KEY_ID"] = os.Getenv("ALIYUN_ACCESS_KEY_ID")
+		envVars["ALIYUN_ACCESS_KEY_SECRET"] = os.Getenv("ALIYUN_ACCESS_KEY_SECRET")
 	}

 	if os.Getenv("AZURE_STORAGE_ACCOUNT") != "" {
-		buffer.WriteString(" ")
-		buffer.WriteString("--env 'AZURE_STORAGE_ACCOUNT=")
-		buffer.WriteString(os.Getenv("AZURE_STORAGE_ACCOUNT"))
-		buffer.WriteString("'")
-		buffer.WriteString(" ")
+		envVars["AZURE_STORAGE_ACCOUNT"] = os.Getenv("AZURE_STORAGE_ACCOUNT")
 	}

-	t.writeProxyEnvVars(&buffer)
-
-	return buffer.String()
-}
-
-func (t *ProtokubeBuilder) writeProxyEnvVars(buffer *bytes.Buffer) {
 	for _, envVar := range proxy.GetProxyEnvVars(t.Cluster.Spec.EgressProxy) {
-		buffer.WriteString(" --env ")
-		buffer.WriteString(envVar.Name)
-		buffer.WriteString("=")
-		buffer.WriteString(envVar.Value)
-		buffer.WriteString(" ")
+		envVars[envVar.Name] = envVar.Value
 	}
+
+	var sysconfig = ""
+	for key, value := range envVars {
+		sysconfig += key + "=" + value + "\n"
+	}
+
+	task := &nodetasks.File{
+		Path:     "/etc/sysconfig/protokube",
+		Contents: fi.NewStringResource(sysconfig),
+		Type:     nodetasks.FileType_File,
+	}
+
+	return task, nil
 }
--- a/nodeup/pkg/model/protokube_test.go
+++ b/nodeup/pkg/model/protokube_test.go
@ -19,35 +19,19 @@ package model
 import (
 	"testing"

-	"k8s.io/kops/pkg/apis/nodeup"
 	"k8s.io/kops/upup/pkg/fi"
-	"k8s.io/kops/util/pkg/architectures"
 )

-func TestProtokubeBuilder_Docker(t *testing.T) {
-	RunGoldenTest(t, "tests/protokube/docker", "protokube", func(nodeupModelContext *NodeupModelContext, target *fi.ModelBuilderContext) error {
+func TestProtokubeBuilder(t *testing.T) {
+	RunGoldenTest(t, "tests/protokube/", "protokube", func(nodeupModelContext *NodeupModelContext, target *fi.ModelBuilderContext) error {
 		builder := ProtokubeBuilder{NodeupModelContext: nodeupModelContext}
-		populateImage(nodeupModelContext)
+		populateAssets(nodeupModelContext)
 		return builder.Build(target)
 	})
 }

-func TestProtokubeBuilder_containerd(t *testing.T) {
-	RunGoldenTest(t, "tests/protokube/containerd", "protokube", func(nodeupModelContext *NodeupModelContext, target *fi.ModelBuilderContext) error {
-		builder := ProtokubeBuilder{NodeupModelContext: nodeupModelContext}
-		populateImage(nodeupModelContext)
-		return builder.Build(target)
-	})
-}
-
-func populateImage(ctx *NodeupModelContext) {
-	if ctx.NodeupConfig == nil {
-		ctx.NodeupConfig = &nodeup.Config{}
-	}
-	if ctx.NodeupConfig.ProtokubeImage == nil {
-		ctx.NodeupConfig.ProtokubeImage = make(map[architectures.Architecture]*nodeup.Image)
-	}
-	ctx.NodeupConfig.ProtokubeImage[architectures.ArchitectureAmd64] = &nodeup.Image{
-		Name: "protokube image name",
-	}
+func populateAssets(ctx *NodeupModelContext) {
+	ctx.Assets = fi.NewAssetStore("")
+	ctx.Assets.AddForTest("protokube", "/opt/kops/bin/protokube", "testing protokube content")
+	ctx.Assets.AddForTest("channels", "/opt/kops/bin/channels", "testing channels content")
 }
--- a/nodeup/pkg/model/tests/protokube/containerd/cluster.yaml
+++ b/nodeup/pkg/model/tests/protokube/containerd/cluster.yaml
--- a/nodeup/pkg/model/tests/protokube/docker/cluster.yaml
+++ b/nodeup/pkg/model/tests/protokube/docker/cluster.yaml
@ -1,62 +0,0 @@
-apiVersion: kops.k8s.io/v1alpha2
-kind: Cluster
-metadata:
-  creationTimestamp: "2016-12-10T22:42:27Z"
-  name: minimal.example.com
-spec:
-  kubernetesApiAccess:
-  - 0.0.0.0/0
-  channel: stable
-  cloudProvider: aws
-  configBase: memfs://clusters.example.com/minimal.example.com
-  containerRuntime: docker
-  etcdClusters:
-  - etcdMembers:
-    - instanceGroup: master-us-test-1a
-      name: master-us-test-1a
-    name: main
-    provider: Manager
-  - etcdMembers:
-    - instanceGroup: master-us-test-1a
-      name: master-us-test-1a
-    name: events
-    provider: Manager
-  iam: {}
-  kubelet:
-    hostnameOverride: master.override.invalid
-  kubernetesVersion: v1.17.0
-  masterInternalName: api.internal.minimal.k8s.local
-  masterPublicName: api.minimal.example.com
-  networkCIDR: 172.20.0.0/16
-  networking:
-    kubenet: {}
-  nonMasqueradeCIDR: 100.64.0.0/10
-  sshAccess:
-    - 0.0.0.0/0
-  topology:
-    masters: public
-    nodes: public
-  subnets:
-  - cidr: 172.20.32.0/19
-    name: us-test-1a
-    type: Public
-    zone: us-test-1a
-
---
-
-apiVersion: kops.k8s.io/v1alpha2
-kind: InstanceGroup
-metadata:
-  creationTimestamp: "2016-12-10T22:42:28Z"
-  name: master-1a
-  labels:
-    kops.k8s.io/cluster: minimal.example.com
-spec:
-  associatePublicIp: true
-  image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
-  machineType: t2.medium
-  maxSize: 2
-  minSize: 2
-  role: Master
-  subnets:
-  - us-test-1a
--- a/nodeup/pkg/model/tests/protokube/docker/tasks-protokube.yaml
+++ b/nodeup/pkg/model/tests/protokube/docker/tasks-protokube.yaml
@ -1,98 +0,0 @@
-contents:
-  task:
-    CA:
-      task:
-        Name: kops
-        signer: ca
-        subject:
-          CommonName: kops
-          Organization:
-          - system:masters
-        type: client
-    Cert:
-      task:
-        Name: kops
-        signer: ca
-        subject:
-          CommonName: kops
-          Organization:
-          - system:masters
-        type: client
-    Key:
-      task:
-        Name: kops
-        signer: ca
-        subject:
-          CommonName: kops
-          Organization:
-          - system:masters
-        type: client
-    Name: kops
-    ServerURL: https://127.0.0.1
-mode: "0400"
-path: /var/lib/kops/kubeconfig
-type: file
---
-Name: kops
-signer: ca
-subject:
-  CommonName: kops
-  Organization:
-  - system:masters
-type: client
---
-CA:
-  task:
-    Name: kops
-    signer: ca
-    subject:
-      CommonName: kops
-      Organization:
-      - system:masters
-    type: client
-Cert:
-  task:
-    Name: kops
-    signer: ca
-    subject:
-      CommonName: kops
-      Organization:
-      - system:masters
-    type: client
-Key:
-  task:
-    Name: kops
-    signer: ca
-    subject:
-      CommonName: kops
-      Organization:
-      - system:masters
-    type: client
-Name: kops
-ServerURL: https://127.0.0.1
---
-Hash: ""
-Name: protokube
-Runtime: docker
-Sources: null
---
-Name: protokube.service
-definition: |
-  [Unit]
-  Description=Kubernetes Protokube Service
-  Documentation=https://github.com/kubernetes/kops
-
-  [Service]
-  ExecStartPre=-/usr/bin/docker stop protokube
-  ExecStartPre=-/usr/bin/docker rm protokube
-  ExecStart=/usr/bin/docker run --net=host --pid=host --privileged --volume /:/rootfs --env KUBECONFIG=/rootfs/var/lib/kops/kubeconfig --volume /bin:/bin:ro --volume /lib:/lib:ro --volume /sbin:/sbin:ro --volume /usr/bin:/usr/bin:ro --volume /var/run/dbus:/var/run/dbus --volume /run/systemd:/run/systemd --volume /lib64:/lib64:ro --volume /usr/local/bin:/opt/kops/bin:ro --env PATH=/opt/kops/bin:/usr/bin:/sbin:/bin --name protokube protokube image name /protokube --bootstrap-master-node-labels=true --cloud=aws --containerized=true --dns-internal-suffix=internal.minimal.k8s.local --dns=gossip --etcd-backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/main --etcd-image=k8s.gcr.io/etcd:3.4.3 --initialize-rbac=true --manage-etcd=true --master=true --node-name=master.override.invalid --peer-ca=/srv/kubernetes/ca.crt --peer-cert=/srv/kubernetes/etcd-peer.pem --peer-key=/srv/kubernetes/etcd-peer-key.pem --tls-auth=true --tls-ca=/srv/kubernetes/ca.crt --tls-cert=/srv/kubernetes/etcd.pem --tls-key=/srv/kubernetes/etcd-key.pem --v=4 --zone=*/Z1AFAKE1ZON3YO
-  Restart=always
-  RestartSec=3s
-  StartLimitInterval=0
-
-  [Install]
-  WantedBy=multi-user.target
-enabled: true
-manageState: true
-running: true
-smartRestart: true
--- a/nodeup/pkg/model/tests/protokube/containerd/tasks-protokube.yaml
+++ b/nodeup/pkg/model/tests/protokube/containerd/tasks-protokube.yaml
@ -1,3 +1,24 @@
+contents: |
+  KUBECONFIG=/var/lib/kops/kubeconfig
+path: /etc/sysconfig/protokube
+type: file
+---
+contents:
+  Asset:
+    AssetPath: /opt/kops/bin/channels
+    Key: channels
+mode: "0755"
+path: /opt/kops/bin/channels
+type: file
+---
+contents:
+  Asset:
+    AssetPath: /opt/kops/bin/protokube
+    Key: protokube
+mode: "0755"
+path: /opt/kops/bin/protokube
+type: file
+---
 contents:
  task:
    CA:
@ -71,11 +92,6 @@ Key:
 Name: kops
 ServerURL: https://127.0.0.1
 ---
-Hash: ""
-Name: protokube
-Runtime: containerd
-Sources: null
---
 Name: protokube.service
 definition: |
  [Unit]
@ -83,9 +99,8 @@ definition: |
  Documentation=https://github.com/kubernetes/kops

  [Service]
-  ExecStartPre=/bin/true
-  ExecStartPre=-/usr/bin/ctr --namespace k8s.io container rm protokube
-  ExecStart=/usr/bin/ctr --namespace k8s.io run --net-host --with-ns pid:/proc/1/ns/pid --privileged --mount type=bind,src=/,dst=/rootfs,options=rbind:rslave --env KUBECONFIG=/rootfs/var/lib/kops/kubeconfig --mount type=bind,src=/bin,dst=/bin,options=rbind:ro:rprivate --mount type=bind,src=/lib,dst=/lib,options=rbind:ro:rprivate --mount type=bind,src=/sbin,dst=/sbin,options=rbind:ro:rprivate --mount type=bind,src=/usr/bin,dst=/usr/bin,options=rbind:ro:rprivate --mount type=bind,src=/var/run/dbus,dst=/var/run/dbus,options=rbind:rprivate --mount type=bind,src=/run/systemd,dst=/run/systemd,options=rbind:rprivate --mount type=bind,src=/lib64,dst=/lib64,options=rbind:ro:rprivate --mount type=bind,src=/usr/local/bin,dst=/opt/kops/bin,options=rbind:ro:rprivate --env PATH=/opt/kops/bin:/usr/bin:/sbin:/bin docker.io/library/protokube image name protokube /protokube --bootstrap-master-node-labels=true --cloud=aws --containerized=true --dns-internal-suffix=.internal.minimal.example.com --dns=aws-route53 --etcd-backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/main --etcd-image=k8s.gcr.io/etcd:3.4.3 --initialize-rbac=true --manage-etcd=true --master=true --node-name=master.hostname.invalid --peer-ca=/srv/kubernetes/ca.crt --peer-cert=/srv/kubernetes/etcd-peer.pem --peer-key=/srv/kubernetes/etcd-peer-key.pem --tls-auth=true --tls-ca=/srv/kubernetes/ca.crt --tls-cert=/srv/kubernetes/etcd.pem --tls-key=/srv/kubernetes/etcd-key.pem --v=4 --zone=*/Z1AFAKE1ZON3YO
+  ExecStart=/opt/kops/bin/protokube --bootstrap-master-node-labels=true --cloud=aws --containerized=false --dns-internal-suffix=.internal.minimal.example.com --dns=aws-route53 --etcd-backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/main --etcd-image=k8s.gcr.io/etcd:3.4.3 --initialize-rbac=true --manage-etcd=true --master=true --node-name=master.hostname.invalid --peer-ca=/srv/kubernetes/ca.crt --peer-cert=/srv/kubernetes/etcd-peer.pem --peer-key=/srv/kubernetes/etcd-peer-key.pem --tls-auth=true --tls-ca=/srv/kubernetes/ca.crt --tls-cert=/srv/kubernetes/etcd.pem --tls-key=/srv/kubernetes/etcd-key.pem --v=4 --zone=*/Z1AFAKE1ZON3YO
+  EnvironmentFile=/etc/sysconfig/protokube
  Restart=always
  RestartSec=3s
  StartLimitInterval=0