Add cloud-metadata.service on AWS fedora-atomic
This commit is contained in:
parent
cf22e70b46
commit
24d230505a
|
@ -1,4 +1,4 @@
|
||||||
# kube-apiserver Network Load Balancer DNS Record
|
# Network Load Balancer DNS Record
|
||||||
resource "aws_route53_record" "apiserver" {
|
resource "aws_route53_record" "apiserver" {
|
||||||
zone_id = "${var.dns_zone_id}"
|
zone_id = "${var.dns_zone_id}"
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ resource "aws_lb" "apiserver" {
|
||||||
enable_cross_zone_load_balancing = true
|
enable_cross_zone_load_balancing = true
|
||||||
}
|
}
|
||||||
|
|
||||||
# Forward HTTP traffic to controllers
|
# Forward TCP traffic to controllers
|
||||||
resource "aws_lb_listener" "apiserver-https" {
|
resource "aws_lb_listener" "apiserver-https" {
|
||||||
load_balancer_arn = "${aws_lb.apiserver.arn}"
|
load_balancer_arn = "${aws_lb.apiserver.arn}"
|
||||||
protocol = "TCP"
|
protocol = "TCP"
|
||||||
|
@ -45,7 +45,7 @@ resource "aws_lb_target_group" "controllers" {
|
||||||
protocol = "TCP"
|
protocol = "TCP"
|
||||||
port = 443
|
port = 443
|
||||||
|
|
||||||
# Kubelet HTTP health check
|
# TCP health check for apiserver
|
||||||
health_check {
|
health_check {
|
||||||
protocol = "TCP"
|
protocol = "TCP"
|
||||||
port = 443
|
port = 443
|
||||||
|
|
|
@ -19,9 +19,24 @@ write_files:
|
||||||
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
||||||
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
|
- path: /etc/systemd/system/cloud-metadata.service
|
||||||
|
content: |
|
||||||
|
[Unit]
|
||||||
|
Description=Cloud metadata agent
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
Environment=OUTPUT=/run/metadata/cloud
|
||||||
|
ExecStart=/usr/bin/mkdir -p /run/metadata
|
||||||
|
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
|
||||||
|
--url http://169.254.169.254/latest/meta-data/local-ipv4\
|
||||||
|
--retry 10)" > $${OUTPUT}'
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
|
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
|
||||||
content: |
|
content: |
|
||||||
[Unit]
|
[Unit]
|
||||||
|
Requires=cloud-metadata.service
|
||||||
|
After=cloud-metadata.service
|
||||||
Wants=rpc-statd.service
|
Wants=rpc-statd.service
|
||||||
[Service]
|
[Service]
|
||||||
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
||||||
|
@ -90,13 +105,14 @@ write_files:
|
||||||
SELINUXTYPE=targeted
|
SELINUXTYPE=targeted
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- [systemctl, start, --no-block, kubelet.service]
|
- [systemctl, start, --no-block, kubelet.service]
|
||||||
- [systemctl, disable, firewalld, --now]
|
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
- name: fedora
|
- name: fedora
|
||||||
|
|
|
@ -1,8 +1,23 @@
|
||||||
#cloud-config
|
#cloud-config
|
||||||
write_files:
|
write_files:
|
||||||
|
- path: /etc/systemd/system/cloud-metadata.service
|
||||||
|
content: |
|
||||||
|
[Unit]
|
||||||
|
Description=Cloud metadata agent
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
Environment=OUTPUT=/run/metadata/cloud
|
||||||
|
ExecStart=/usr/bin/mkdir -p /run/metadata
|
||||||
|
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
|
||||||
|
--url http://169.254.169.254/latest/meta-data/local-ipv4\
|
||||||
|
--retry 10)" > $${OUTPUT}'
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
|
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
|
||||||
content: |
|
content: |
|
||||||
[Unit]
|
[Unit]
|
||||||
|
Requires=cloud-metadata.service
|
||||||
|
After=cloud-metadata.service
|
||||||
Wants=rpc-statd.service
|
Wants=rpc-statd.service
|
||||||
[Service]
|
[Service]
|
||||||
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
ExecStartPre=/bin/mkdir -p /opt/cni/bin
|
||||||
|
@ -43,6 +58,7 @@ bootcmd:
|
||||||
- [systemctl, disable, firewalld, --now]
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- [systemctl, start, --no-block, kubelet.service]
|
- [systemctl, start, --no-block, kubelet.service]
|
||||||
users:
|
users:
|
||||||
|
|
|
@ -43,7 +43,7 @@ resource "aws_lb_target_group" "workers-http" {
|
||||||
protocol = "TCP"
|
protocol = "TCP"
|
||||||
port = 80
|
port = 80
|
||||||
|
|
||||||
# Ingress Controller HTTP health check
|
# HTTP health check for ingress
|
||||||
health_check {
|
health_check {
|
||||||
protocol = "HTTP"
|
protocol = "HTTP"
|
||||||
port = 10254
|
port = 10254
|
||||||
|
@ -66,7 +66,7 @@ resource "aws_lb_target_group" "workers-https" {
|
||||||
protocol = "TCP"
|
protocol = "TCP"
|
||||||
port = 443
|
port = 443
|
||||||
|
|
||||||
# Ingress Controller HTTP health check
|
# HTTP health check for ingress
|
||||||
health_check {
|
health_check {
|
||||||
protocol = "HTTP"
|
protocol = "HTTP"
|
||||||
port = 10254
|
port = 10254
|
||||||
|
|
Loading…
Reference in New Issue