From 08ea9776f313ac04553ac55f3415ace9174fa43e Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 14 Jan 2022 10:10:32 -0800 Subject: [PATCH] Mask docker.service to prevent socket activation * Kubelet now uses `containerd` as the container runtime, but `docker.service` still starts when `docker.sock` is probed bc the service is socket activated. Prevent this by masking the `docker.service` unit --- CHANGES.md | 3 ++- aws/fedora-coreos/kubernetes/fcc/controller.yaml | 2 ++ aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml | 2 ++ azure/fedora-coreos/kubernetes/fcc/controller.yaml | 2 ++ azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml | 2 ++ bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml | 2 ++ bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml | 2 ++ digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml | 2 ++ digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml | 2 ++ google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml | 2 ++ google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml | 2 ++ 11 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 92519aca..41862c10 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,12 +7,13 @@ Notable changes between versions. ### Fedora CoreOS * Switch Kubernetes Container Runtime from `docker` to `containerd` ([#1101](https://github.com/poseidon/typhoon/pull/1101)) +* Mask `docker.service` to prevent it from being socket activated ([#1105](https://github.com/poseidon/typhoon/pull/1105)) ### Flatcar Linux #### AWS -* Add experimental Flatcar Linux ARM64 support ([#1102](https://github.com/poseidon/typhoon/pull/1102)) +* Add experimental Flatcar Linux ARM64 support ([docs](https://typhoon.psdn.io/advanced/arm64/), [#1102](https://github.com/poseidon/typhoon/pull/1102)) * Add `arch` variable to AWS `kubernetes` and `workers` modules * Allow arm64 full-cluster or mixed/hybrid cluster with arm64 workers * Requires `flannel` or `cilium` CNI provider diff --git a/aws/fedora-coreos/kubernetes/fcc/controller.yaml b/aws/fedora-coreos/kubernetes/fcc/controller.yaml index 10987588..1ab49d5b 100644 --- a/aws/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/aws/fedora-coreos/kubernetes/fcc/controller.yaml @@ -31,6 +31,8 @@ systemd: WantedBy=multi-user.target - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 51f6f58b..cd6f7ece 100644 --- a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -5,6 +5,8 @@ systemd: units: - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/azure/fedora-coreos/kubernetes/fcc/controller.yaml b/azure/fedora-coreos/kubernetes/fcc/controller.yaml index b963c4a6..42819983 100644 --- a/azure/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/azure/fedora-coreos/kubernetes/fcc/controller.yaml @@ -31,6 +31,8 @@ systemd: WantedBy=multi-user.target - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 6ddd64eb..a15d09d6 100644 --- a/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -5,6 +5,8 @@ systemd: units: - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml index dd08795a..450d304c 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml @@ -31,6 +31,8 @@ systemd: WantedBy=multi-user.target - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml index aa83d7c5..6245bfc5 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml @@ -5,6 +5,8 @@ systemd: units: - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml index fbd268ed..199b34d2 100644 --- a/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/fcc/controller.yaml @@ -31,6 +31,8 @@ systemd: WantedBy=multi-user.target - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml index 38fd02fb..b787d914 100644 --- a/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml @@ -5,6 +5,8 @@ systemd: units: - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml index 4b3d2da6..a9e8f0db 100644 --- a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml @@ -31,6 +31,8 @@ systemd: WantedBy=multi-user.target - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: | diff --git a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 6ddd64eb..a15d09d6 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -5,6 +5,8 @@ systemd: units: - name: containerd.service enabled: true + - name: docker.service + mask: true - name: wait-for-dns.service enabled: true contents: |