Add cloud-metadata.service on AWS fedora-atomic

aws/fedora-atomic/kubernetes/apiserver.tf

@@ -1,4 +1,4 @@
-# kube-apiserver Network Load Balancer DNS Record
+# Network Load Balancer DNS Record
 resource "aws_route53_record" "apiserver" {
   zone_id = "${var.dns_zone_id}"
 
@@ -24,7 +24,7 @@ resource "aws_lb" "apiserver" {
   enable_cross_zone_load_balancing = true
 }
 
-# Forward HTTP traffic to controllers
+# Forward TCP traffic to controllers
 resource "aws_lb_listener" "apiserver-https" {
   load_balancer_arn = "${aws_lb.apiserver.arn}"
   protocol          = "TCP"
@@ -45,7 +45,7 @@ resource "aws_lb_target_group" "controllers" {
   protocol = "TCP"
   port     = 443
 
-  # Kubelet HTTP health check
+  # TCP health check for apiserver
   health_check {
     protocol = "TCP"
     port     = 443

aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl

@@ -19,9 +19,24 @@ write_files:
       ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
       ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
       ETCD_PEER_CLIENT_CERT_AUTH=true
+  - path: /etc/systemd/system/cloud-metadata.service
+    content: |
+      [Unit]
+      Description=Cloud metadata agent
+      [Service]
+      Type=oneshot
+      Environment=OUTPUT=/run/metadata/cloud
+      ExecStart=/usr/bin/mkdir -p /run/metadata
+      ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
+        --url http://169.254.169.254/latest/meta-data/local-ipv4\
+        --retry 10)" > $${OUTPUT}'
+      [Install]
+      WantedBy=multi-user.target
   - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
     content: |
       [Unit]
+      Requires=cloud-metadata.service
+      After=cloud-metadata.service
       Wants=rpc-statd.service
       [Service]
       ExecStartPre=/bin/mkdir -p /opt/cni/bin
@@ -90,13 +105,14 @@ write_files:
       SELINUXTYPE=targeted
 bootcmd:
   - [setenforce, Permissive]
+  - [systemctl, disable, firewalld, --now]
 runcmd:
   - [systemctl, daemon-reload]
   - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
   - [systemctl, start, --no-block, etcd.service]
+  - [systemctl, enable, cloud-metadata.service]
   - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
   - [systemctl, start, --no-block, kubelet.service]
-  - [systemctl, disable, firewalld, --now]
 users:
   - default
   - name: fedora

aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl

@@ -1,8 +1,23 @@
 #cloud-config
 write_files:
+  - path: /etc/systemd/system/cloud-metadata.service
+    content: |
+      [Unit]
+      Description=Cloud metadata agent
+      [Service]
+      Type=oneshot
+      Environment=OUTPUT=/run/metadata/cloud
+      ExecStart=/usr/bin/mkdir -p /run/metadata
+      ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
+        --url http://169.254.169.254/latest/meta-data/local-ipv4\
+        --retry 10)" > $${OUTPUT}'
+      [Install]
+      WantedBy=multi-user.target
   - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
     content: |
       [Unit]
+      Requires=cloud-metadata.service
+      After=cloud-metadata.service
       Wants=rpc-statd.service
       [Service]
       ExecStartPre=/bin/mkdir -p /opt/cni/bin
@@ -43,6 +58,7 @@ bootcmd:
   - [systemctl, disable, firewalld, --now]
 runcmd:
   - [systemctl, daemon-reload]
+  - [systemctl, enable, cloud-metadata.service]
   - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
   - [systemctl, start, --no-block, kubelet.service]
 users:

aws/fedora-atomic/kubernetes/workers/ingress.tf

@@ -43,7 +43,7 @@ resource "aws_lb_target_group" "workers-http" {
   protocol = "TCP"
   port     = 80
 
-  # Ingress Controller HTTP health check
+  # HTTP health check for ingress
   health_check {
     protocol = "HTTP"
     port     = 10254
@@ -66,7 +66,7 @@ resource "aws_lb_target_group" "workers-https" {
   protocol = "TCP"
   port     = 443
 
-  # Ingress Controller HTTP health check
+  # HTTP health check for ingress
   health_check {
     protocol = "HTTP"
     port     = 10254