Improve and tidy Fedora CoreOS etcd-member.service

* Allow a snippet with a systemd dropin to set an alternate
image via `ETCD_IMAGE`, for consistency across Fedora CoreOS
and Flatcar Linux
* Drop comments about integrating system containers with
systemd-notify

docs/advanced/customization.md

@@ -174,32 +174,52 @@ module "nemo" {
 
 To customize low-level Kubernetes control plane bootstrapping, see the [poseidon/terraform-render-bootstrap](https://github.com/poseidon/terraform-render-bootstrap) Terraform module.
 
-## Kubelet
+## System Images
 
 Typhoon publishes Kubelet [container images](/topics/security/#container-images) to Quay.io (default) and to Dockerhub (in case of a Quay [outage](https://github.com/poseidon/typhoon/issues/735) or breach). Quay automated builds also provide the option for fully verifiable tagged images (`build-{short_sha}`).
 
-To set an alternative Kubelet image, use a snippet to set a systemd dropin.
+To set an alternative etcd image or Kubelet image, use a snippet to set a systemd dropin.
 
-```
-# host-image-override.yaml
-variant: fcos           <- remove for Flatcar Linux
-version: 1.1.0          <- remove for Flatcar Linux
-systemd:
-  units:
-    - name: kubelet.service
-      dropins:
-        - name: 10-image-override.conf
-          contents: |
-            [Service]
-            Environment=KUBELET_IMAGE=docker.io/psdn/kubelet:v1.18.3
-```
+=== "Kubelet"
 
-```
+    ```yaml
+    # kubelet-image-override.yaml
+    variant: fcos           <- remove for Flatcar Linux
+    version: 1.1.0          <- remove for Flatcar Linux
+    systemd:
+      units:
+        - name: kubelet.service
+          dropins:
+            - name: 10-image-override.conf
+              contents: |
+                [Service]
+                Environment=KUBELET_IMAGE=docker.io/psdn/kubelet:v1.18.3
+    ```
+
+=== "etcd"
+
+    ```yaml
+    # etcd-image-override.yaml
+    variant: fcos           <- remove for Flatcar Linux
+    version: 1.1.0          <- remove for Flatcar Linux
+    systemd:
+      units:
+        - name: etcd-member.service
+          dropins:
+            - name: 10-image-override.conf
+              contents: |
+                [Service]
+                Environment=ETCD_IMAGE=quay.io/mymirror/etcd:v3.4.12
+    ```
+
+Then reference the snippet in the cluster or worker pool definition.
+
+```tf
 module "nemo" {
   ...
 
   worker_snippets = [
-    file("./snippets/host-image-override.yaml")
+    file("./snippets/kubelet-image-override.yaml")
   ]
   ...
 }

docs/topics/security.md

@@ -64,7 +64,7 @@ Two tag styles indicate the build strategy used.
 * Typhoon internal infra publishes single and multi-arch images (e.g. `v1.18.4`, `v1.18.4-amd64`, `v1.18.4-arm64`, `v1.18.4-2-g23228e6-amd64`, `v1.18.4-2-g23228e6-arm64`)
 * Quay and Dockerhub automated builds publish verifiable images (e.g. `build-SHA` on Quay, `build-TAG` on Dockerhub)
 
-The Typhoon-built Kubelet image is used as the official image. Automated builds provide an alternative image for those preferring to trust images built by Quay/Dockerhub (albeit lacking multi-arch). To use the fallback registry or an alternative tag, see [customization](/advanced/customization/#kubelet).
+The Typhoon-built Kubelet image is used as the official image. Automated builds provide an alternative image for those preferring to trust images built by Quay/Dockerhub (albeit lacking multi-arch). To use the fallback registry or an alternative tag, see [customization](/advanced/customization/#system-images).
 
 ### flannel-cni