From 24d230505aedeb8600d5e51045ecd8f9f5566a08 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sun, 15 Apr 2018 17:05:58 -0700
Subject: [PATCH] Add cloud-metadata.service on AWS fedora-atomic

---
 aws/fedora-atomic/kubernetes/apiserver.tf      |  6 +++---
 .../kubernetes/cloudinit/controller.yaml.tmpl  | 18 +++++++++++++++++-
 .../workers/cloudinit/worker.yaml.tmpl         | 16 ++++++++++++++++
 .../kubernetes/workers/ingress.tf              |  4 ++--
 4 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/aws/fedora-atomic/kubernetes/apiserver.tf b/aws/fedora-atomic/kubernetes/apiserver.tf
index f29d1f8d..8cc5eed6 100644
--- a/aws/fedora-atomic/kubernetes/apiserver.tf
+++ b/aws/fedora-atomic/kubernetes/apiserver.tf
@@ -1,4 +1,4 @@
-# kube-apiserver Network Load Balancer DNS Record
+# Network Load Balancer DNS Record
 resource "aws_route53_record" "apiserver" {
   zone_id = "${var.dns_zone_id}"
 
@@ -24,7 +24,7 @@ resource "aws_lb" "apiserver" {
   enable_cross_zone_load_balancing = true
 }
 
-# Forward HTTP traffic to controllers
+# Forward TCP traffic to controllers
 resource "aws_lb_listener" "apiserver-https" {
   load_balancer_arn = "${aws_lb.apiserver.arn}"
   protocol          = "TCP"
@@ -45,7 +45,7 @@ resource "aws_lb_target_group" "controllers" {
   protocol = "TCP"
   port     = 443
 
-  # Kubelet HTTP health check
+  # TCP health check for apiserver
   health_check {
     protocol = "TCP"
     port     = 443
diff --git a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index 0ae68003..1a5493a4 100644
--- a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -19,9 +19,24 @@ write_files:
       ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
       ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
       ETCD_PEER_CLIENT_CERT_AUTH=true
+  - path: /etc/systemd/system/cloud-metadata.service
+    content: |
+      [Unit]
+      Description=Cloud metadata agent
+      [Service]
+      Type=oneshot
+      Environment=OUTPUT=/run/metadata/cloud
+      ExecStart=/usr/bin/mkdir -p /run/metadata
+      ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
+        --url http://169.254.169.254/latest/meta-data/local-ipv4\
+        --retry 10)" > $${OUTPUT}'
+      [Install]
+      WantedBy=multi-user.target
   - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
     content: |
       [Unit]
+      Requires=cloud-metadata.service
+      After=cloud-metadata.service
       Wants=rpc-statd.service
       [Service]
       ExecStartPre=/bin/mkdir -p /opt/cni/bin
@@ -90,13 +105,14 @@ write_files:
       SELINUXTYPE=targeted
 bootcmd:
   - [setenforce, Permissive]
+  - [systemctl, disable, firewalld, --now]
 runcmd:
   - [systemctl, daemon-reload]
   - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
   - [systemctl, start, --no-block, etcd.service]
+  - [systemctl, enable, cloud-metadata.service]
   - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
   - [systemctl, start, --no-block, kubelet.service]
-  - [systemctl, disable, firewalld, --now]
 users:
   - default
   - name: fedora
diff --git a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl
index 1daaef91..f904fb3f 100644
--- a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl
+++ b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl
@@ -1,8 +1,23 @@
 #cloud-config
 write_files:
+  - path: /etc/systemd/system/cloud-metadata.service
+    content: |
+      [Unit]
+      Description=Cloud metadata agent
+      [Service]
+      Type=oneshot
+      Environment=OUTPUT=/run/metadata/cloud
+      ExecStart=/usr/bin/mkdir -p /run/metadata
+      ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
+        --url http://169.254.169.254/latest/meta-data/local-ipv4\
+        --retry 10)" > $${OUTPUT}'
+      [Install]
+      WantedBy=multi-user.target
   - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
     content: |
       [Unit]
+      Requires=cloud-metadata.service
+      After=cloud-metadata.service
       Wants=rpc-statd.service
       [Service]
       ExecStartPre=/bin/mkdir -p /opt/cni/bin
@@ -43,6 +58,7 @@ bootcmd:
   - [systemctl, disable, firewalld, --now]
 runcmd:
   - [systemctl, daemon-reload]
+  - [systemctl, enable, cloud-metadata.service]
   - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
   - [systemctl, start, --no-block, kubelet.service]
 users:
diff --git a/aws/fedora-atomic/kubernetes/workers/ingress.tf b/aws/fedora-atomic/kubernetes/workers/ingress.tf
index 6e1599c3..64810efa 100644
--- a/aws/fedora-atomic/kubernetes/workers/ingress.tf
+++ b/aws/fedora-atomic/kubernetes/workers/ingress.tf
@@ -43,7 +43,7 @@ resource "aws_lb_target_group" "workers-http" {
   protocol = "TCP"
   port     = 80
 
-  # Ingress Controller HTTP health check
+  # HTTP health check for ingress
   health_check {
     protocol = "HTTP"
     port     = 10254
@@ -66,7 +66,7 @@ resource "aws_lb_target_group" "workers-https" {
   protocol = "TCP"
   port     = 443
 
-  # Ingress Controller HTTP health check
+  # HTTP health check for ingress
   health_check {
     protocol = "HTTP"
     port     = 10254