CadolesKube/typhoon
7
0
Fork 0
mirror of https://github.com/puppetmaster/typhoon.git synced 2025-07-17 06:31:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change Kubelet container image publishing

Browse Source 
* Build Kubelet container images internally and publish
to Quay and Dockerhub (new) as an alternative in case of
registry outage or breach
* Use our infra to provide single and multi-arch (default)
Kublet images for possible future use
* Docs: Show how to use alternative Kubelet images via
snippets and a systemd dropin (builds on #737)

Changes:

* Update docs with changes to Kubelet image building
* If you prefer to trust images built by Quay/Dockerhub,
automated image builds are still available with unique
tags (albeit with some limitations):
  * Quay automated builds are tagged `build-{short_sha}`
  (limit: only amd64)
  * Dockerhub automated builts are tagged `build-{tag}`
  and `build-master` (limit: only amd64, no shas)

Links:

* Kubelet: https://github.com/poseidon/kubelet
* Docs: https://typhoon.psdn.io/topics/security/#container-images
* Registries:
  * quay.io/poseidon/kubelet
  * docker.io/psdn/kubelet
This commit is contained in:
Dalton Hubble
2020-05-28 01:06:26 -07:00
parent ba44408b76
commit 20bfd69780
23 changed files with 90 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docs/advanced/customization.md
View File

@ -174,3 +174,34 @@ module "nemo" {
To customize low-level Kubernetes control plane bootstrapping, see the [poseidon/terraform-render-bootstrap](https://github.com/poseidon/terraform-render-bootstrap) Terraform module.
## Kubelet
Typhoon publishes Kubelet [container images](/topics/security.md#container-images) to Quay.io (default) and to Dockerhub (in case of a Quay [outage](https://github.com/poseidon/typhoon/issues/735) or breach). Quay automated builds also provide the option for fully verifiable tagged images (`build-{short_sha}`).
To set an alternative Kubelet image, use a snippet to set a systemd dropin.
```
# host-image-override.yaml
variant: fcos <- remove for Flatcar Linux
version: 1.0.0 <- remove for Flatcar Linux
systemd:
units:
- name: kubelet.service
dropins:
- name: 10-image-override.conf
contents: |
[Service]
Environment=KUBELET_IMAGE=docker.io/psdn/kubelet:v1.18.3
```
```
module "nemo" {
...
worker_snippets = [
file("./snippets/host-image-override.yaml")
]
...
}
```