GitLab

ipxe:run_ipxe: update legacy qemu flags

See merge request !1

The script was using legacy shorthand version of the ipv4 and readonly
flags, which emmitted some annoying warnings. Update them to their
non-legacy long-form versions to avoid the warnings (and avoid future
breakage, naturally)

ipxe/PKGBUILD:
Remove an unused source file.

ipxe/:
Add the ipxe package with custom Arch Linux related artifacts to allow
netboot.

kubernetes/*

The pkgbase is long in [community].

PKGBUILD:
Add crictl as kubeadm dependency.

kubelet.install:
Remove unneeded sysctl checks.

{containers-common,cri-tools}/:
Both pkgbases are now in [community].

containers-common/*:
Add override dir for registries.conf and add emptydirs to options
explicitly.

kubernetes/*:
Make sure the sysusers.d and tmpfiles.d integration is installed as a
file, not as directory.

kubernetes/*:
Add sysusers.d and tmpfiles.d integration for
kube-{apiserver,controller-manager,scheduler}.
Remove most of the hardening options from kubelet.service as it may be
able to run with it, but e.g. bootstrapping a kubernetes cluster using
kubeadm is not possible with it (e.g. mount points fail for secrets
storage).

etcd/*:
Add etcd as dependency for a manual kubernetes cluster setup.
Add patches to set configuration default values for system integration
and achieve full RELRO.
Add sysusers.d and tmpfiles.d integration.
Add custom systemd service with more hardening (more can probably still
be added) options and use of configuration file instead of many
different environment variables.

kubelet-{modules,sysctl}.conf,kubelet.install:
Move modules, sysctl and related installation instructions from kubeadm
to kubelet (as kubelet is the entity requiring the settings, kubeadm
only checks for them).

*.{eng,service}:
Add environment files (for defining flags to various tools) and
respective services for
kube-{apiserver,controller-manager,proxy,scheduler} to start them as a
system service instead of relying on kubeadm.

PKGBUILD:
Upgrade to 1.19.4.
Sort package() functions alphabetically for better overview.
Add comments.
Remove kubeadm from kubernetes-{control-plane,node} groups, as it is
only required when the user wants to use it.

kubelet.service:
Add hardening options, that are hopefully not too restrictive.

calicoctl/*
Add calicoctl 3.16.5

calico-cni-plugin/*
Add calico-cni-plugin.

PKGBUILD:
Change mode for /var/lib/containers to 700, as that's what will be used
by all tools.

PKGBUILD:
Add the skopeo sources for policy.json and default.yaml.
Add containers.conf from the common sources.

containers-common/*:
Add a package that holds all relevant configuration files and man pages
commonly shared amongst container tooling, such as buildah, cri-o,
podman and skopeo.

cri-tools/PKGBUILD:
Add first draft for crictl and critest.
This includes a patch for honoring GOFLAGS, being able to add to
GO_LDFLAGS and setting CGO_ENABLE=1.
Opened upstream ticket to be able to build from source tarballs or
consider PGP signed tags/tarballs.

.gitignore:
Add signature files and sub sub directories.

PKGBUILD:
Remove RELRO patch in favor of setting GOLDFLAGS.

kubernetes/*:
Add first draft of kubernetes PKGBUILD.
The configuration and services are taken from the AUR kubernetes
package.
The kubeadm.install file is still a draft.
Everything needs to be reviewed and tested.

Current known problem: the version of the generated binaries is not set
correctly.