Add cloud-metadata.service on AWS fedora-atomic
This commit is contained in:
parent
cf22e70b46
commit
24d230505a
|
@ -1,4 +1,4 @@
|
|||
# kube-apiserver Network Load Balancer DNS Record
|
||||
# Network Load Balancer DNS Record
|
||||
resource "aws_route53_record" "apiserver" {
|
||||
zone_id = "${var.dns_zone_id}"
|
||||
|
||||
|
@ -24,7 +24,7 @@ resource "aws_lb" "apiserver" {
|
|||
enable_cross_zone_load_balancing = true
|
||||
}
|
||||
|
||||
# Forward HTTP traffic to controllers
|
||||
# Forward TCP traffic to controllers
|
||||
resource "aws_lb_listener" "apiserver-https" {
|
||||
load_balancer_arn = "${aws_lb.apiserver.arn}"
|
||||
protocol = "TCP"
|
||||
|
@ -45,7 +45,7 @@ resource "aws_lb_target_group" "controllers" {
|
|||
protocol = "TCP"
|
||||
port = 443
|
||||
|
||||
# Kubelet HTTP health check
|
||||
# TCP health check for apiserver
|
||||
health_check {
|
||||
protocol = "TCP"
|
||||
port = 443
|
||||
|
|
|
@ -19,9 +19,24 @@ write_files:
|
|||
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
||||
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||
- path: /etc/systemd/system/cloud-metadata.service
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Cloud metadata agent
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment=OUTPUT=/run/metadata/cloud
|
||||
ExecStart=/usr/bin/mkdir -p /run/metadata
|
||||
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
|
||||
--url http://169.254.169.254/latest/meta-data/local-ipv4\
|
||||
--retry 10)" > $${OUTPUT}'
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
|
||||
content: |
|
||||
[Unit]
|
||||
Requires=cloud-metadata.service
|
||||
After=cloud-metadata.service
|
||||
Wants=rpc-statd.service
|
||||
[Service]
|
||||
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
||||
|
@ -90,13 +105,14 @@ write_files:
|
|||
SELINUXTYPE=targeted
|
||||
bootcmd:
|
||||
- [setenforce, Permissive]
|
||||
- [systemctl, disable, firewalld, --now]
|
||||
runcmd:
|
||||
- [systemctl, daemon-reload]
|
||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||
- [systemctl, start, --no-block, etcd.service]
|
||||
- [systemctl, enable, cloud-metadata.service]
|
||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||
- [systemctl, start, --no-block, kubelet.service]
|
||||
- [systemctl, disable, firewalld, --now]
|
||||
users:
|
||||
- default
|
||||
- name: fedora
|
||||
|
|
|
@ -1,8 +1,23 @@
|
|||
#cloud-config
|
||||
write_files:
|
||||
- path: /etc/systemd/system/cloud-metadata.service
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Cloud metadata agent
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment=OUTPUT=/run/metadata/cloud
|
||||
ExecStart=/usr/bin/mkdir -p /run/metadata
|
||||
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
|
||||
--url http://169.254.169.254/latest/meta-data/local-ipv4\
|
||||
--retry 10)" > $${OUTPUT}'
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
|
||||
content: |
|
||||
[Unit]
|
||||
Requires=cloud-metadata.service
|
||||
After=cloud-metadata.service
|
||||
Wants=rpc-statd.service
|
||||
[Service]
|
||||
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
||||
|
@ -43,6 +58,7 @@ bootcmd:
|
|||
- [systemctl, disable, firewalld, --now]
|
||||
runcmd:
|
||||
- [systemctl, daemon-reload]
|
||||
- [systemctl, enable, cloud-metadata.service]
|
||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||
- [systemctl, start, --no-block, kubelet.service]
|
||||
users:
|
||||
|
|
|
@ -43,7 +43,7 @@ resource "aws_lb_target_group" "workers-http" {
|
|||
protocol = "TCP"
|
||||
port = 80
|
||||
|
||||
# Ingress Controller HTTP health check
|
||||
# HTTP health check for ingress
|
||||
health_check {
|
||||
protocol = "HTTP"
|
||||
port = 10254
|
||||
|
@ -66,7 +66,7 @@ resource "aws_lb_target_group" "workers-https" {
|
|||
protocol = "TCP"
|
||||
port = 443
|
||||
|
||||
# Ingress Controller HTTP health check
|
||||
# HTTP health check for ingress
|
||||
health_check {
|
||||
protocol = "HTTP"
|
||||
port = 10254
|
||||
|
|
Loading…
Reference in New Issue