Add cloud-metadata.service on AWS fedora-atomic

This commit is contained in:
Dalton Hubble 2018-04-15 17:05:58 -07:00
parent cf22e70b46
commit 24d230505a
4 changed files with 38 additions and 6 deletions

View File

@ -1,4 +1,4 @@
# kube-apiserver Network Load Balancer DNS Record # Network Load Balancer DNS Record
resource "aws_route53_record" "apiserver" { resource "aws_route53_record" "apiserver" {
zone_id = "${var.dns_zone_id}" zone_id = "${var.dns_zone_id}"
@ -24,7 +24,7 @@ resource "aws_lb" "apiserver" {
enable_cross_zone_load_balancing = true enable_cross_zone_load_balancing = true
} }
# Forward HTTP traffic to controllers # Forward TCP traffic to controllers
resource "aws_lb_listener" "apiserver-https" { resource "aws_lb_listener" "apiserver-https" {
load_balancer_arn = "${aws_lb.apiserver.arn}" load_balancer_arn = "${aws_lb.apiserver.arn}"
protocol = "TCP" protocol = "TCP"
@ -45,7 +45,7 @@ resource "aws_lb_target_group" "controllers" {
protocol = "TCP" protocol = "TCP"
port = 443 port = 443
# Kubelet HTTP health check # TCP health check for apiserver
health_check { health_check {
protocol = "TCP" protocol = "TCP"
port = 443 port = 443

View File

@ -19,9 +19,24 @@ write_files:
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
ETCD_PEER_CLIENT_CERT_AUTH=true ETCD_PEER_CLIENT_CERT_AUTH=true
- path: /etc/systemd/system/cloud-metadata.service
content: |
[Unit]
Description=Cloud metadata agent
[Service]
Type=oneshot
Environment=OUTPUT=/run/metadata/cloud
ExecStart=/usr/bin/mkdir -p /run/metadata
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
--url http://169.254.169.254/latest/meta-data/local-ipv4\
--retry 10)" > $${OUTPUT}'
[Install]
WantedBy=multi-user.target
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
content: | content: |
[Unit] [Unit]
Requires=cloud-metadata.service
After=cloud-metadata.service
Wants=rpc-statd.service Wants=rpc-statd.service
[Service] [Service]
ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /opt/cni/bin
@ -90,13 +105,14 @@ write_files:
SELINUXTYPE=targeted SELINUXTYPE=targeted
bootcmd: bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service] - [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, start, --no-block, kubelet.service] - [systemctl, start, --no-block, kubelet.service]
- [systemctl, disable, firewalld, --now]
users: users:
- default - default
- name: fedora - name: fedora

View File

@ -1,8 +1,23 @@
#cloud-config #cloud-config
write_files: write_files:
- path: /etc/systemd/system/cloud-metadata.service
content: |
[Unit]
Description=Cloud metadata agent
[Service]
Type=oneshot
Environment=OUTPUT=/run/metadata/cloud
ExecStart=/usr/bin/mkdir -p /run/metadata
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
--url http://169.254.169.254/latest/meta-data/local-ipv4\
--retry 10)" > $${OUTPUT}'
[Install]
WantedBy=multi-user.target
- path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
content: | content: |
[Unit] [Unit]
Requires=cloud-metadata.service
After=cloud-metadata.service
Wants=rpc-statd.service Wants=rpc-statd.service
[Service] [Service]
ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /opt/cni/bin
@ -43,6 +58,7 @@ bootcmd:
- [systemctl, disable, firewalld, --now] - [systemctl, disable, firewalld, --now]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, start, --no-block, kubelet.service] - [systemctl, start, --no-block, kubelet.service]
users: users:

View File

@ -43,7 +43,7 @@ resource "aws_lb_target_group" "workers-http" {
protocol = "TCP" protocol = "TCP"
port = 80 port = 80
# Ingress Controller HTTP health check # HTTP health check for ingress
health_check { health_check {
protocol = "HTTP" protocol = "HTTP"
port = 10254 port = 10254
@ -66,7 +66,7 @@ resource "aws_lb_target_group" "workers-https" {
protocol = "TCP" protocol = "TCP"
port = 443 port = 443
# Ingress Controller HTTP health check # HTTP health check for ingress
health_check { health_check {
protocol = "HTTP" protocol = "HTTP"
port = 10254 port = 10254