From 0c3557e68eef0fb00e451de273bb6e668972b5f5 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 16 May 2018 23:30:48 -0700 Subject: [PATCH] Allow Flatcar Linux os_channel on bare-metal * Choose the Container Linux derivative Flatcar Linux on bare-metal by setting os_channel to flatcar-stable, flatcar-beta or flatcar-alpha * As with Container Linux from Red Hat, the version (os_version) must correspond to the channel being used * Thank you to @dongsupark from Kinvolk --- CHANGES.md | 16 +++++++----- .../kubernetes/cl/install.yaml.tmpl | 2 +- .../container-linux/kubernetes/groups.tf | 3 ++- .../container-linux/kubernetes/profiles.tf | 26 +++++++++++++++++++ .../container-linux/kubernetes/variables.tf | 4 +-- docs/cl/bare-metal.md | 4 +-- 6 files changed, 42 insertions(+), 13 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index a6d2752d..dfd202f6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,7 @@ Notable changes between versions. ## Latest +* Add [Flatcar Linux](https://docs.flatcar-linux.org/) (Container Linux derivative) as an option for AWS and bare-metal (thanks @kinvolk folks) * Allow bearer token authentication to the Kubelet ([#216](https://github.com/poseidon/typhoon/issues/216)) * Require Webhook authorization to the Kubelet * Switch apiserver X509 client cert org to satisfy new authorization requirement @@ -12,21 +13,22 @@ Notable changes between versions. #### AWS -* Allow preemptible workers via spot instances ([#202](https://github.com/poseidon/typhoon/pull/202)) - * Add `worker_price` to allow worker spot instances. Default to empty string for the worker autoscaling group to use regular on-demand instances. - * Add `spot_price` to internal `workers` module for spot [worker pools](https://typhoon.psdn.io/advanced/worker-pools/) -* Allow Container Linux derivative [Flatcar Linux](https://docs.flatcar-linux.org/) by setting `os_image` to `flatcar-stable`, `flatcar-beta`, `flatcar-alpha`. +* Allow Flatcar Linux by setting `os_image` to flatcar-stable (default), flatcar-beta, flatcar-alpha ([#211](https://github.com/poseidon/typhoon/pull/211)) * Replace `os_channel` variable with `os_image` to align naming across clouds - * Please change values `stable`, `beta`, or `alpha` to `coreos-stable`, `coreos-beta`, `coreos-alpha` (action required!) + * Please change values stable, beta, or alpha to coreos-stable, coreos-beta, coreos-alpha (**action required!**) +* Allow preemptible workers via spot instances ([#202](https://github.com/poseidon/typhoon/pull/202)) + * Add `worker_price` to allow worker spot instances. Default to empty string for the worker autoscaling group to use regular on-demand instances + * Add `spot_price` to internal `workers` module for spot [worker pools](https://typhoon.psdn.io/advanced/worker-pools/) #### Bare-Metal +* Allow Flatcar Linux by setting `os_channel` to flatcar-stable, flatcar-beta, flatcar-alpha ([#220](https://github.com/poseidon/typhoon/pull/220)) * Replace `container_linux_channel` variable with `os_channel` - * Please change values `stable`, `beta`, or `alpha` to `coreos-stable` (default), `coreos-beta`, `coreos-alpha` (action required!) + * Please change values stable, beta, or alpha to coreos-stable, coreos-beta, coreos-alpha (**action required!**) * Replace `container_linux_version` variable with `os_version` * Add `network_ip_autodetection_method` variable for Calico host IPv4 address detection * Use Calico's default "first-found" to support single NIC and bonded NIC nodes - * Allow [alternative](https://docs.projectcalico.org/v3.1/reference/node/configuration#ip-autodetection-methods) methods for multi NIC nodes, like `can-reach=IP` or `interface=REGEX` + * Allow [alternative](https://docs.projectcalico.org/v3.1/reference/node/configuration#ip-autodetection-methods) methods for multi NIC nodes, like can-reach=IP or interface=REGEX * Deprecate `container_linux_oem` variable #### Addons diff --git a/bare-metal/container-linux/kubernetes/cl/install.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/install.yaml.tmpl index c208a0fd..0acca9ab 100644 --- a/bare-metal/container-linux/kubernetes/cl/install.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/install.yaml.tmpl @@ -31,7 +31,7 @@ storage: inline: | #!/bin/bash -ex curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json - coreos-install \ + ${os_flavor}-install \ -d ${install_disk} \ -C ${os_channel} \ -V ${os_version} \ diff --git a/bare-metal/container-linux/kubernetes/groups.tf b/bare-metal/container-linux/kubernetes/groups.tf index 3903ca25..3a418849 100644 --- a/bare-metal/container-linux/kubernetes/groups.tf +++ b/bare-metal/container-linux/kubernetes/groups.tf @@ -2,7 +2,8 @@ resource "matchbox_group" "install" { count = "${length(var.controller_names) + length(var.worker_names)}" name = "${format("install-%s", element(concat(var.controller_names, var.worker_names), count.index))}" - profile = "${var.cached_install == "true" ? element(matchbox_profile.cached-container-linux-install.*.name, count.index) : element(matchbox_profile.container-linux-install.*.name, count.index)}" + + profile = "${local.flavor == "flatcar" ? element(matchbox_profile.flatcar-install.*.name, count.index) : var.cached_install == "true" ? element(matchbox_profile.cached-container-linux-install.*.name, count.index) : element(matchbox_profile.container-linux-install.*.name, count.index)}" selector { mac = "${element(concat(var.controller_macs, var.worker_macs), count.index)}" diff --git a/bare-metal/container-linux/kubernetes/profiles.tf b/bare-metal/container-linux/kubernetes/profiles.tf index efd16eba..001e45a0 100644 --- a/bare-metal/container-linux/kubernetes/profiles.tf +++ b/bare-metal/container-linux/kubernetes/profiles.tf @@ -1,5 +1,6 @@ locals { # coreos-stable -> coreos flavor, stable channel + # flatcar-stable -> flatcar flavor, stable channel flavor = "${element(split("-", var.os_channel), 0)}" channel = "${element(split("-", var.os_channel), 1)}" } @@ -33,6 +34,7 @@ data "template_file" "container-linux-install-configs" { template = "${file("${path.module}/cl/install.yaml.tmpl")}" vars { + os_flavor = "${local.flavor}" os_channel = "${local.channel}" os_version = "${var.os_version}" ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" @@ -75,6 +77,7 @@ data "template_file" "cached-container-linux-install-configs" { template = "${file("${path.module}/cl/install.yaml.tmpl")}" vars { + os_flavor = "${local.flavor}" os_channel = "${local.channel}" os_version = "${var.os_version}" ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" @@ -87,6 +90,29 @@ data "template_file" "cached-container-linux-install-configs" { } } +// Flatcar Linux install profile (from release.flatcar-linux.net) +resource "matchbox_profile" "flatcar-install" { + count = "${length(var.controller_names) + length(var.worker_names)}" + name = "${format("%s-flatcar-install-%s", var.cluster_name, element(concat(var.controller_names, var.worker_names), count.index))}" + + kernel = "http://${local.channel}.release.flatcar-linux.net/amd64-usr/${var.os_version}/flatcar_production_pxe.vmlinuz" + + initrd = [ + "http://${local.channel}.release.flatcar-linux.net/amd64-usr/${var.os_version}/flatcar_production_pxe_image.cpio.gz", + ] + + args = [ + "initrd=flatcar_production_pxe_image.cpio.gz", + "flatcar.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}", + "flatcar.first_boot=yes", + "console=tty0", + "console=ttyS0", + "${var.kernel_args}", + ] + + container_linux_config = "${element(data.template_file.container-linux-install-configs.*.rendered, count.index)}" +} + // Kubernetes Controller profiles resource "matchbox_profile" "controllers" { count = "${length(var.controller_names)}" diff --git a/bare-metal/container-linux/kubernetes/variables.tf b/bare-metal/container-linux/kubernetes/variables.tf index 2bca0bb6..cb41648c 100644 --- a/bare-metal/container-linux/kubernetes/variables.tf +++ b/bare-metal/container-linux/kubernetes/variables.tf @@ -12,12 +12,12 @@ variable "matchbox_http_endpoint" { variable "os_channel" { type = "string" - description = "Channel for a Container Linux derivative (coreos-stable, coreos-beta, coreos-alpha)" + description = "Channel for a Container Linux derivative (coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha)" } variable "os_version" { type = "string" - description = "Version for a Container Linux derivative to PXE and install (coreos-stable, coreos-beta, coreos-alpha)" + description = "Version for a Container Linux derivative to PXE and install (coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha)" } # machines diff --git a/docs/cl/bare-metal.md b/docs/cl/bare-metal.md index bee3db70..1db4f873 100644 --- a/docs/cl/bare-metal.md +++ b/docs/cl/bare-metal.md @@ -353,7 +353,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me |:-----|:------------|:--------| | cluster_name | Unique cluster name | mercury | | matchbox_http_endpoint | Matchbox HTTP read-only endpoint | http://matchbox.example.com:port | -| os_channel | Channel for a Container Linux derivative | coreos-stable, coreos-beta, coreos-alpha | +| os_channel | Channel for a Container Linux derivative | coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha | | os_version | Version for a Container Linux derivative to PXE and install | 1632.3.0 | | k8s_domain_name | FQDN resolving to the controller(s) nodes. Workers and kubectl will communicate with this endpoint | "myk8s.example.com" | | ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3Nz..." | @@ -369,7 +369,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me | Name | Description | Default | Example | |:-----|:------------|:--------|:--------| -| cached_install | Whether machines should PXE boot and install from the Matchbox `/assets` cache. Admin MUST have downloaded Container Linux images into the cache to use this | false | true | +| cached_install | Whether machines should PXE boot and install from the Matchbox `/assets` cache. Admin MUST have downloaded Container Linux images into the cache to use this (coreos only for now) | false | true | | install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" | | networking | Choice of networking provider | "calico" | "calico" or "flannel" | | network_mtu | CNI interface MTU (calico-only) | 1480 | - |