Allow Flatcar Linux os_channel on bare-metal

* Choose the Container Linux derivative Flatcar Linux on
bare-metal by setting os_channel to flatcar-stable, flatcar-beta
or flatcar-alpha
* As with Container Linux from Red Hat, the version (os_version)
must correspond to the channel being used
* Thank you to @dongsupark from Kinvolk
This commit is contained in:
Dalton Hubble 2018-05-16 23:30:48 -07:00
parent adc6c6866d
commit 0c3557e68e
6 changed files with 42 additions and 13 deletions

View File

@ -4,6 +4,7 @@ Notable changes between versions.
## Latest ## Latest
* Add [Flatcar Linux](https://docs.flatcar-linux.org/) (Container Linux derivative) as an option for AWS and bare-metal (thanks @kinvolk folks)
* Allow bearer token authentication to the Kubelet ([#216](https://github.com/poseidon/typhoon/issues/216)) * Allow bearer token authentication to the Kubelet ([#216](https://github.com/poseidon/typhoon/issues/216))
* Require Webhook authorization to the Kubelet * Require Webhook authorization to the Kubelet
* Switch apiserver X509 client cert org to satisfy new authorization requirement * Switch apiserver X509 client cert org to satisfy new authorization requirement
@ -12,21 +13,22 @@ Notable changes between versions.
#### AWS #### AWS
* Allow preemptible workers via spot instances ([#202](https://github.com/poseidon/typhoon/pull/202)) * Allow Flatcar Linux by setting `os_image` to flatcar-stable (default), flatcar-beta, flatcar-alpha ([#211](https://github.com/poseidon/typhoon/pull/211))
* Add `worker_price` to allow worker spot instances. Default to empty string for the worker autoscaling group to use regular on-demand instances.
* Add `spot_price` to internal `workers` module for spot [worker pools](https://typhoon.psdn.io/advanced/worker-pools/)
* Allow Container Linux derivative [Flatcar Linux](https://docs.flatcar-linux.org/) by setting `os_image` to `flatcar-stable`, `flatcar-beta`, `flatcar-alpha`.
* Replace `os_channel` variable with `os_image` to align naming across clouds * Replace `os_channel` variable with `os_image` to align naming across clouds
* Please change values `stable`, `beta`, or `alpha` to `coreos-stable`, `coreos-beta`, `coreos-alpha` (action required!) * Please change values stable, beta, or alpha to coreos-stable, coreos-beta, coreos-alpha (**action required!**)
* Allow preemptible workers via spot instances ([#202](https://github.com/poseidon/typhoon/pull/202))
* Add `worker_price` to allow worker spot instances. Default to empty string for the worker autoscaling group to use regular on-demand instances
* Add `spot_price` to internal `workers` module for spot [worker pools](https://typhoon.psdn.io/advanced/worker-pools/)
#### Bare-Metal #### Bare-Metal
* Allow Flatcar Linux by setting `os_channel` to flatcar-stable, flatcar-beta, flatcar-alpha ([#220](https://github.com/poseidon/typhoon/pull/220))
* Replace `container_linux_channel` variable with `os_channel` * Replace `container_linux_channel` variable with `os_channel`
* Please change values `stable`, `beta`, or `alpha` to `coreos-stable` (default), `coreos-beta`, `coreos-alpha` (action required!) * Please change values stable, beta, or alpha to coreos-stable, coreos-beta, coreos-alpha (**action required!**)
* Replace `container_linux_version` variable with `os_version` * Replace `container_linux_version` variable with `os_version`
* Add `network_ip_autodetection_method` variable for Calico host IPv4 address detection * Add `network_ip_autodetection_method` variable for Calico host IPv4 address detection
* Use Calico's default "first-found" to support single NIC and bonded NIC nodes * Use Calico's default "first-found" to support single NIC and bonded NIC nodes
* Allow [alternative](https://docs.projectcalico.org/v3.1/reference/node/configuration#ip-autodetection-methods) methods for multi NIC nodes, like `can-reach=IP` or `interface=REGEX` * Allow [alternative](https://docs.projectcalico.org/v3.1/reference/node/configuration#ip-autodetection-methods) methods for multi NIC nodes, like can-reach=IP or interface=REGEX
* Deprecate `container_linux_oem` variable * Deprecate `container_linux_oem` variable
#### Addons #### Addons

View File

@ -31,7 +31,7 @@ storage:
inline: | inline: |
#!/bin/bash -ex #!/bin/bash -ex
curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json
coreos-install \ ${os_flavor}-install \
-d ${install_disk} \ -d ${install_disk} \
-C ${os_channel} \ -C ${os_channel} \
-V ${os_version} \ -V ${os_version} \

View File

@ -2,7 +2,8 @@ resource "matchbox_group" "install" {
count = "${length(var.controller_names) + length(var.worker_names)}" count = "${length(var.controller_names) + length(var.worker_names)}"
name = "${format("install-%s", element(concat(var.controller_names, var.worker_names), count.index))}" name = "${format("install-%s", element(concat(var.controller_names, var.worker_names), count.index))}"
profile = "${var.cached_install == "true" ? element(matchbox_profile.cached-container-linux-install.*.name, count.index) : element(matchbox_profile.container-linux-install.*.name, count.index)}"
profile = "${local.flavor == "flatcar" ? element(matchbox_profile.flatcar-install.*.name, count.index) : var.cached_install == "true" ? element(matchbox_profile.cached-container-linux-install.*.name, count.index) : element(matchbox_profile.container-linux-install.*.name, count.index)}"
selector { selector {
mac = "${element(concat(var.controller_macs, var.worker_macs), count.index)}" mac = "${element(concat(var.controller_macs, var.worker_macs), count.index)}"

View File

@ -1,5 +1,6 @@
locals { locals {
# coreos-stable -> coreos flavor, stable channel # coreos-stable -> coreos flavor, stable channel
# flatcar-stable -> flatcar flavor, stable channel
flavor = "${element(split("-", var.os_channel), 0)}" flavor = "${element(split("-", var.os_channel), 0)}"
channel = "${element(split("-", var.os_channel), 1)}" channel = "${element(split("-", var.os_channel), 1)}"
} }
@ -33,6 +34,7 @@ data "template_file" "container-linux-install-configs" {
template = "${file("${path.module}/cl/install.yaml.tmpl")}" template = "${file("${path.module}/cl/install.yaml.tmpl")}"
vars { vars {
os_flavor = "${local.flavor}"
os_channel = "${local.channel}" os_channel = "${local.channel}"
os_version = "${var.os_version}" os_version = "${var.os_version}"
ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}"
@ -75,6 +77,7 @@ data "template_file" "cached-container-linux-install-configs" {
template = "${file("${path.module}/cl/install.yaml.tmpl")}" template = "${file("${path.module}/cl/install.yaml.tmpl")}"
vars { vars {
os_flavor = "${local.flavor}"
os_channel = "${local.channel}" os_channel = "${local.channel}"
os_version = "${var.os_version}" os_version = "${var.os_version}"
ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}"
@ -87,6 +90,29 @@ data "template_file" "cached-container-linux-install-configs" {
} }
} }
// Flatcar Linux install profile (from release.flatcar-linux.net)
resource "matchbox_profile" "flatcar-install" {
count = "${length(var.controller_names) + length(var.worker_names)}"
name = "${format("%s-flatcar-install-%s", var.cluster_name, element(concat(var.controller_names, var.worker_names), count.index))}"
kernel = "http://${local.channel}.release.flatcar-linux.net/amd64-usr/${var.os_version}/flatcar_production_pxe.vmlinuz"
initrd = [
"http://${local.channel}.release.flatcar-linux.net/amd64-usr/${var.os_version}/flatcar_production_pxe_image.cpio.gz",
]
args = [
"initrd=flatcar_production_pxe_image.cpio.gz",
"flatcar.config.url=${var.matchbox_http_endpoint}/ignition?uuid=$${uuid}&mac=$${mac:hexhyp}",
"flatcar.first_boot=yes",
"console=tty0",
"console=ttyS0",
"${var.kernel_args}",
]
container_linux_config = "${element(data.template_file.container-linux-install-configs.*.rendered, count.index)}"
}
// Kubernetes Controller profiles // Kubernetes Controller profiles
resource "matchbox_profile" "controllers" { resource "matchbox_profile" "controllers" {
count = "${length(var.controller_names)}" count = "${length(var.controller_names)}"

View File

@ -12,12 +12,12 @@ variable "matchbox_http_endpoint" {
variable "os_channel" { variable "os_channel" {
type = "string" type = "string"
description = "Channel for a Container Linux derivative (coreos-stable, coreos-beta, coreos-alpha)" description = "Channel for a Container Linux derivative (coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha)"
} }
variable "os_version" { variable "os_version" {
type = "string" type = "string"
description = "Version for a Container Linux derivative to PXE and install (coreos-stable, coreos-beta, coreos-alpha)" description = "Version for a Container Linux derivative to PXE and install (coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha)"
} }
# machines # machines

View File

@ -353,7 +353,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me
|:-----|:------------|:--------| |:-----|:------------|:--------|
| cluster_name | Unique cluster name | mercury | | cluster_name | Unique cluster name | mercury |
| matchbox_http_endpoint | Matchbox HTTP read-only endpoint | http://matchbox.example.com:port | | matchbox_http_endpoint | Matchbox HTTP read-only endpoint | http://matchbox.example.com:port |
| os_channel | Channel for a Container Linux derivative | coreos-stable, coreos-beta, coreos-alpha | | os_channel | Channel for a Container Linux derivative | coreos-stable, coreos-beta, coreos-alpha, flatcar-stable, flatcar-beta, flatcar-alpha |
| os_version | Version for a Container Linux derivative to PXE and install | 1632.3.0 | | os_version | Version for a Container Linux derivative to PXE and install | 1632.3.0 |
| k8s_domain_name | FQDN resolving to the controller(s) nodes. Workers and kubectl will communicate with this endpoint | "myk8s.example.com" | | k8s_domain_name | FQDN resolving to the controller(s) nodes. Workers and kubectl will communicate with this endpoint | "myk8s.example.com" |
| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3Nz..." | | ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3Nz..." |
@ -369,7 +369,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me
| Name | Description | Default | Example | | Name | Description | Default | Example |
|:-----|:------------|:--------|:--------| |:-----|:------------|:--------|:--------|
| cached_install | Whether machines should PXE boot and install from the Matchbox `/assets` cache. Admin MUST have downloaded Container Linux images into the cache to use this | false | true | | cached_install | Whether machines should PXE boot and install from the Matchbox `/assets` cache. Admin MUST have downloaded Container Linux images into the cache to use this (coreos only for now) | false | true |
| install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" | | install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" |
| networking | Choice of networking provider | "calico" | "calico" or "flannel" | | networking | Choice of networking provider | "calico" | "calico" or "flannel" |
| network_mtu | CNI interface MTU (calico-only) | 1480 | - | | network_mtu | CNI interface MTU (calico-only) | 1480 | - |