From 24d230505aedeb8600d5e51045ecd8f9f5566a08 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 15 Apr 2018 17:05:58 -0700 Subject: [PATCH] Add cloud-metadata.service on AWS fedora-atomic --- aws/fedora-atomic/kubernetes/apiserver.tf | 6 +++--- .../kubernetes/cloudinit/controller.yaml.tmpl | 18 +++++++++++++++++- .../workers/cloudinit/worker.yaml.tmpl | 16 ++++++++++++++++ .../kubernetes/workers/ingress.tf | 4 ++-- 4 files changed, 38 insertions(+), 6 deletions(-) diff --git a/aws/fedora-atomic/kubernetes/apiserver.tf b/aws/fedora-atomic/kubernetes/apiserver.tf index f29d1f8d..8cc5eed6 100644 --- a/aws/fedora-atomic/kubernetes/apiserver.tf +++ b/aws/fedora-atomic/kubernetes/apiserver.tf @@ -1,4 +1,4 @@ -# kube-apiserver Network Load Balancer DNS Record +# Network Load Balancer DNS Record resource "aws_route53_record" "apiserver" { zone_id = "${var.dns_zone_id}" @@ -24,7 +24,7 @@ resource "aws_lb" "apiserver" { enable_cross_zone_load_balancing = true } -# Forward HTTP traffic to controllers +# Forward TCP traffic to controllers resource "aws_lb_listener" "apiserver-https" { load_balancer_arn = "${aws_lb.apiserver.arn}" protocol = "TCP" @@ -45,7 +45,7 @@ resource "aws_lb_target_group" "controllers" { protocol = "TCP" port = 443 - # Kubelet HTTP health check + # TCP health check for apiserver health_check { protocol = "TCP" port = 443 diff --git a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl index 0ae68003..1a5493a4 100644 --- a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl +++ b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl @@ -19,9 +19,24 @@ write_files: ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key ETCD_PEER_CLIENT_CERT_AUTH=true + - path: /etc/systemd/system/cloud-metadata.service + content: | + [Unit] + Description=Cloud metadata agent + [Service] + Type=oneshot + Environment=OUTPUT=/run/metadata/cloud + ExecStart=/usr/bin/mkdir -p /run/metadata + ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\ + --url http://169.254.169.254/latest/meta-data/local-ipv4\ + --retry 10)" > $${OUTPUT}' + [Install] + WantedBy=multi-user.target - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf content: | [Unit] + Requires=cloud-metadata.service + After=cloud-metadata.service Wants=rpc-statd.service [Service] ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -90,13 +105,14 @@ write_files: SELINUXTYPE=targeted bootcmd: - [setenforce, Permissive] + - [systemctl, disable, firewalld, --now] runcmd: - [systemctl, daemon-reload] - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - [systemctl, start, --no-block, etcd.service] + - [systemctl, enable, cloud-metadata.service] - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - [systemctl, start, --no-block, kubelet.service] - - [systemctl, disable, firewalld, --now] users: - default - name: fedora diff --git a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl index 1daaef91..f904fb3f 100644 --- a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl +++ b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl @@ -1,8 +1,23 @@ #cloud-config write_files: + - path: /etc/systemd/system/cloud-metadata.service + content: | + [Unit] + Description=Cloud metadata agent + [Service] + Type=oneshot + Environment=OUTPUT=/run/metadata/cloud + ExecStart=/usr/bin/mkdir -p /run/metadata + ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\ + --url http://169.254.169.254/latest/meta-data/local-ipv4\ + --retry 10)" > $${OUTPUT}' + [Install] + WantedBy=multi-user.target - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf content: | [Unit] + Requires=cloud-metadata.service + After=cloud-metadata.service Wants=rpc-statd.service [Service] ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -43,6 +58,7 @@ bootcmd: - [systemctl, disable, firewalld, --now] runcmd: - [systemctl, daemon-reload] + - [systemctl, enable, cloud-metadata.service] - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - [systemctl, start, --no-block, kubelet.service] users: diff --git a/aws/fedora-atomic/kubernetes/workers/ingress.tf b/aws/fedora-atomic/kubernetes/workers/ingress.tf index 6e1599c3..64810efa 100644 --- a/aws/fedora-atomic/kubernetes/workers/ingress.tf +++ b/aws/fedora-atomic/kubernetes/workers/ingress.tf @@ -43,7 +43,7 @@ resource "aws_lb_target_group" "workers-http" { protocol = "TCP" port = 80 - # Ingress Controller HTTP health check + # HTTP health check for ingress health_check { protocol = "HTTP" port = 10254 @@ -66,7 +66,7 @@ resource "aws_lb_target_group" "workers-https" { protocol = "TCP" port = 443 - # Ingress Controller HTTP health check + # HTTP health check for ingress health_check { protocol = "HTTP" port = 10254