From 60bc8957c924f45d898cff55a2a647ac21f11790 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 24 Oct 2017 21:34:29 -0700 Subject: [PATCH] Update Kubernetes from v1.8.1 to v1.8.2 * Kubernetes v1.8.2 fixes a memory leak in the v1.8.1 apiserver * Switch to using the `gcr.io/google_containers/hyperkube` for the on-host kubelet and shutdown drains * Update terraform-render-bootkube manifests generation * Update flannel from v0.8.0 to v0.9.0 * Add `hairpinMode` to flannel CNI config * Add `--no-negcache` to kube-dns dnsmasq --- CHANGES.md | 9 +++++++++ README.md | 8 ++++---- aws/container-linux/kubernetes/README.md | 2 +- aws/container-linux/kubernetes/bootkube.tf | 2 +- aws/container-linux/kubernetes/cl/controller.yaml.tmpl | 7 ++++--- aws/container-linux/kubernetes/cl/worker.yaml.tmpl | 10 ++++++---- bare-metal/container-linux/kubernetes/README.md | 2 +- bare-metal/container-linux/kubernetes/bootkube.tf | 2 +- .../container-linux/kubernetes/cl/controller.yaml.tmpl | 7 ++++--- .../container-linux/kubernetes/cl/worker.yaml.tmpl | 7 ++++--- .../pxe-worker/cl/bootkube-worker.yaml.tmpl | 7 ++++--- digital-ocean/container-linux/kubernetes/README.md | 2 +- digital-ocean/container-linux/kubernetes/bootkube.tf | 2 +- .../container-linux/kubernetes/cl/controller.yaml.tmpl | 7 ++++--- .../container-linux/kubernetes/cl/worker.yaml.tmpl | 10 ++++++---- docs/aws.md | 8 ++++---- docs/bare-metal.md | 8 ++++---- docs/concepts.md | 7 ++++--- docs/digital-ocean.md | 8 ++++---- docs/google-cloud.md | 8 ++++---- docs/index.md | 8 ++++---- google-cloud/container-linux/kubernetes/README.md | 2 +- google-cloud/container-linux/kubernetes/bootkube.tf | 2 +- .../kubernetes/controllers/cl/controller.yaml.tmpl | 7 ++++--- .../kubernetes/workers/cl/worker.yaml.tmpl | 10 ++++++---- 25 files changed, 87 insertions(+), 65 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 780b4a46..889b7ace 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,15 @@ Notable changes between versions. ## Latest +## v1.8.2 + +* Kubernetes v1.8.2 + * Fixes a memory leak in the v1.8.1 apiserver ([kubernetes#53485](https://github.com/kubernetes/kubernetes/issues/53485)) +* Switch to using the `gcr.io/google_containers/hyperkube` +* Update flannel from v0.8.0 to v0.9.0 +* Add `hairpinMode` to flannel CNI config +* Add `--no-negcache` to kube-dns dnsmasq + ## v1.8.1 * Kubernetes v1.8.1 diff --git a/README.md b/README.md index 153ef935..4c4eaa81 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.8.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.8.2 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Dashboards, Metrics, and other optional [addons](https://typhoon.psdn.io/addons/overview/) @@ -78,9 +78,9 @@ In 5-10 minutes (varies by platform), the cluster will be ready. This Google Clo $ KUBECONFIG=/home/user/.secrets/clusters/yavin/auth/kubeconfig $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-1682.c.example-com.internal Ready 6m v1.8.1+coreos.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.8.1+coreos.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.8.1+coreos.0 +yavin-controller-1682.c.example-com.internal Ready 6m v1.8.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.8.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.8.2 ``` List the pods. diff --git a/aws/container-linux/kubernetes/README.md b/aws/container-linux/kubernetes/README.md index 2e728f51..f3914fe0 100644 --- a/aws/container-linux/kubernetes/README.md +++ b/aws/container-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.8.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.8.2 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Dashboards, Metrics, and other optional [addons](https://typhoon.psdn.io/addons/overview/) diff --git a/aws/container-linux/kubernetes/bootkube.tf b/aws/container-linux/kubernetes/bootkube.tf index 476d60f9..6d9d3334 100644 --- a/aws/container-linux/kubernetes/bootkube.tf +++ b/aws/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=v0.8.0" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=b6b320ef6aceb7b72802b3aea6da6690d6a7c509" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] diff --git a/aws/container-linux/kubernetes/cl/controller.yaml.tmpl b/aws/container-linux/kubernetes/cl/controller.yaml.tmpl index 99672851..4ea56df4 100644 --- a/aws/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/aws/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -34,7 +34,8 @@ systemd: --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ - --mount volume=var-log,target=/var/log" + --mount volume=var-log,target=/var/log \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -104,8 +105,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: diff --git a/aws/container-linux/kubernetes/cl/worker.yaml.tmpl b/aws/container-linux/kubernetes/cl/worker.yaml.tmpl index ffa8338d..bc9586ab 100644 --- a/aws/container-linux/kubernetes/cl/worker.yaml.tmpl +++ b/aws/container-linux/kubernetes/cl/worker.yaml.tmpl @@ -34,7 +34,8 @@ systemd: --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ - --mount volume=var-log,target=/var/log" + --mount volume=var-log,target=/var/log \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -102,8 +103,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: @@ -120,7 +121,8 @@ storage: --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \ - quay.io/coreos/hyperkube:v1.8.1_coreos.0 \ + --insecure-options=image \ + docker://gcr.io/google_containers/hyperkube:v1.8.2 \ --net=host \ --dns=host \ --exec=/kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) diff --git a/bare-metal/container-linux/kubernetes/README.md b/bare-metal/container-linux/kubernetes/README.md index 943bb854..0ee57bdd 100644 --- a/bare-metal/container-linux/kubernetes/README.md +++ b/bare-metal/container-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.8.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.8.2 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Dashboards, Metrics, and other optional [addons](https://typhoon.psdn.io/addons/overview/) diff --git a/bare-metal/container-linux/kubernetes/bootkube.tf b/bare-metal/container-linux/kubernetes/bootkube.tf index b8c75247..0519e10e 100644 --- a/bare-metal/container-linux/kubernetes/bootkube.tf +++ b/bare-metal/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=v0.8.0" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=b6b320ef6aceb7b72802b3aea6da6690d6a7c509" cluster_name = "${var.cluster_name}" api_servers = ["${var.k8s_domain_name}"] diff --git a/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl index 9b1c02df..4877bbf6 100644 --- a/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -65,7 +65,8 @@ systemd: --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ - --mount volume=var-log,target=/var/log" + --mount volume=var-log,target=/var/log \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -113,8 +114,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/hostname filesystem: root mode: 0644 diff --git a/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl index d22f8afe..4e2ff583 100644 --- a/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/worker.yaml.tmpl @@ -42,7 +42,8 @@ systemd: --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ - --mount volume=var-log,target=/var/log" + --mount volume=var-log,target=/var/log \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -79,8 +80,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/hostname filesystem: root mode: 0644 diff --git a/bare-metal/container-linux/pxe-worker/cl/bootkube-worker.yaml.tmpl b/bare-metal/container-linux/pxe-worker/cl/bootkube-worker.yaml.tmpl index 868f797e..f6b2fc5e 100644 --- a/bare-metal/container-linux/pxe-worker/cl/bootkube-worker.yaml.tmpl +++ b/bare-metal/container-linux/pxe-worker/cl/bootkube-worker.yaml.tmpl @@ -42,7 +42,8 @@ systemd: --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ - --mount volume=var-log,target=/var/log" + --mount volume=var-log,target=/var/log \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -95,8 +96,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/hostname filesystem: root mode: 0644 diff --git a/digital-ocean/container-linux/kubernetes/README.md b/digital-ocean/container-linux/kubernetes/README.md index 5bf1eb24..61553a38 100644 --- a/digital-ocean/container-linux/kubernetes/README.md +++ b/digital-ocean/container-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.8.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.8.2 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Dashboards, Metrics, and other optional [addons](https://typhoon.psdn.io/addons/overview/) diff --git a/digital-ocean/container-linux/kubernetes/bootkube.tf b/digital-ocean/container-linux/kubernetes/bootkube.tf index 4b3a8e37..40d3ca89 100644 --- a/digital-ocean/container-linux/kubernetes/bootkube.tf +++ b/digital-ocean/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=v0.8.0" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=b6b320ef6aceb7b72802b3aea6da6690d6a7c509" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] diff --git a/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl b/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl index 48be9b8d..ebe073ef 100644 --- a/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl +++ b/digital-ocean/container-linux/kubernetes/cl/controller.yaml.tmpl @@ -68,7 +68,8 @@ systemd: --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ - --mount volume=var-log,target=/var/log" + --mount volume=var-log,target=/var/log \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -118,8 +119,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: diff --git a/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl b/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl index f924e539..39b7bd7f 100644 --- a/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl +++ b/digital-ocean/container-linux/kubernetes/cl/worker.yaml.tmpl @@ -45,7 +45,8 @@ systemd: --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ - --mount volume=var-log,target=/var/log" + --mount volume=var-log,target=/var/log \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -93,8 +94,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: @@ -111,7 +112,8 @@ storage: --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \ - quay.io/coreos/hyperkube:v1.8.1_coreos.0 \ + --insecure-options=image \ + docker://gcr.io/google_containers/hyperkube:v1.8.2 \ --net=host \ --dns=host \ --exec=/kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname) diff --git a/docs/aws.md b/docs/aws.md index bbb12824..ec91930f 100644 --- a/docs/aws.md +++ b/docs/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.8.1 cluster on AWS. +In this tutorial, we'll create a Kubernetes v1.8.2 cluster on AWS. We'll declare a Kubernetes cluster in Terraform using the Typhoon Terraform module. On apply, a VPC, gateway, subnets, auto-scaling groups of controllers and workers, network load balancers for controllers and workers, and security groups will be created. @@ -160,9 +160,9 @@ In 10-20 minutes, the Kubernetes cluster will be ready. $ KUBECONFIG=/home/user/.secrets/clusters/tempest/auth/kubeconfig $ kubectl get nodes NAME STATUS AGE VERSION -ip-10-0-12-221 Ready 34m v1.8.1+coreos.0 -ip-10-0-19-112 Ready 34m v1.8.1+coreos.0 -ip-10-0-4-22 Ready 34m v1.8.1+coreos.0 +ip-10-0-12-221 Ready 34m v1.8.2 +ip-10-0-19-112 Ready 34m v1.8.2 +ip-10-0-4-22 Ready 34m v1.8.2 ``` List the pods. diff --git a/docs/bare-metal.md b/docs/bare-metal.md index d830d461..e1e363f7 100644 --- a/docs/bare-metal.md +++ b/docs/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provison a Kubernetes v1.8.1 cluster on bare-metal. +In this tutorial, we'll network boot and provison a Kubernetes v1.8.2 cluster on bare-metal. First, we'll deploy a [Matchbox](https://github.com/coreos/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster in Terraform using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers. @@ -290,9 +290,9 @@ bootkube[5]: Tearing down temporary bootstrap control plane... $ KUBECONFIG=/home/user/.secrets/clusters/mercury/auth/kubeconfig $ kubectl get nodes NAME STATUS AGE VERSION -node1.example.com Ready 11m v1.8.1+coreos.0 -node2.example.com Ready 11m v1.8.1+coreos.0 -node3.example.com Ready 11m v1.8.1+coreos.0 +node1.example.com Ready 11m v1.8.2 +node2.example.com Ready 11m v1.8.2 +node3.example.com Ready 11m v1.8.2 ``` List the pods. diff --git a/docs/concepts.md b/docs/concepts.md index 93ae37ee..d8c5a1bf 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -60,7 +60,7 @@ Modules are updated regularly, set the version to a [release tag](https://github ```tf ... -source = "git:https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes?ref=v1.8.1" +source = "git:https://github.com/poseidon/typhoon//google-cloud/container-linux/kubernetes?ref=hash" ``` Module versioning ensures `terraform get --update` only fetches the desired version, so plan and apply don't change cluster resources, unless the version is altered. @@ -69,14 +69,15 @@ Module versioning ensures `terraform get --update` only fetches the desired vers Maintain Terraform configs for "live" infrastructure in a versioned repository. Seek to organize configs to reflect resources that should be managed together in a `terraform apply` invocation. -You may choose to organize resources all together, by team, by project, or some other scheme. Here's an example that manages three clusters together: +You may choose to organize resources all together, by team, by project, or some other scheme. Here's an example that manages four clusters together: ```sh .git/ infra/ └── terraform └── clusters - ├── bare-metal-tungsten.tf + ├── aws-tempest.tf + ├── bare-metal-mercury.tf ├── google-cloud-yavin.tf ├── digital-ocean-nemo.tf ├── providers.tf diff --git a/docs/digital-ocean.md b/docs/digital-ocean.md index 24d517d0..4f74fa06 100644 --- a/docs/digital-ocean.md +++ b/docs/digital-ocean.md @@ -1,6 +1,6 @@ # Digital Ocean -In this tutorial, we'll create a Kubernetes v1.8.1 cluster on Digital Ocean. +In this tutorial, we'll create a Kubernetes v1.8.2 cluster on Digital Ocean. We'll declare a Kubernetes cluster in Terraform using the Typhoon Terraform module. On apply, firewall rules, DNS records, tags, and droplets for Kubernetes controllers and workers will be created. @@ -147,9 +147,9 @@ In 3-6 minutes, the Kubernetes cluster will be ready. $ KUBECONFIG=/home/user/.secrets/clusters/nemo/auth/kubeconfig $ kubectl get nodes NAME STATUS AGE VERSION -10.132.110.130 Ready 10m v1.8.1+coreos.0 -10.132.115.81 Ready 10m v1.8.1+coreos.0 -10.132.124.107 Ready 10m v1.8.1+coreos.0 +10.132.110.130 Ready 10m v1.8.2 +10.132.115.81 Ready 10m v1.8.2 +10.132.124.107 Ready 10m v1.8.2 ``` List the pods. diff --git a/docs/google-cloud.md b/docs/google-cloud.md index 8b3ca3fd..d192681e 100644 --- a/docs/google-cloud.md +++ b/docs/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.8.1 cluster on Google Compute Engine (not GKE). +In this tutorial, we'll create a Kubernetes v1.8.2 cluster on Google Compute Engine (not GKE). We'll declare a Kubernetes cluster in Terraform using the Typhoon Terraform module. On apply, a network, firewall rules, managed instance groups of Kubernetes controllers and workers, network load balancers for controllers and workers, and health checks will be created. @@ -154,9 +154,9 @@ In 5-10 minutes, the Kubernetes cluster will be ready. $ KUBECONFIG=/home/user/.secrets/clusters/yavin/auth/kubeconfig $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-1682.c.example-com.internal Ready 6m v1.8.1+coreos.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.8.1+coreos.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.8.1+coreos.0 +yavin-controller-1682.c.example-com.internal Ready 6m v1.8.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.8.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.8.2 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 04d04f1e..5f550187 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.8.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.8.2 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Dashboards, Metrics and other optional [addons](addons/overview.md) @@ -77,9 +77,9 @@ In 5-10 minutes (varies by platform), the cluster will be ready. This Google Clo $ KUBECONFIG=/home/user/.secrets/clusters/yavin/auth/kubeconfig $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-1682.c.example-com.internal Ready 6m v1.8.1+coreos.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.8.1+coreos.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.8.1+coreos.0 +yavin-controller-1682.c.example-com.internal Ready 6m v1.8.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.8.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.8.2 ``` List the pods. diff --git a/google-cloud/container-linux/kubernetes/README.md b/google-cloud/container-linux/kubernetes/README.md index 491b69db..006056a3 100644 --- a/google-cloud/container-linux/kubernetes/README.md +++ b/google-cloud/container-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.8.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.8.2 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Dashboards, Metrics, and other optional [addons](https://typhoon.psdn.io/addons/overview/) diff --git a/google-cloud/container-linux/kubernetes/bootkube.tf b/google-cloud/container-linux/kubernetes/bootkube.tf index d204fa43..ee5e13e9 100644 --- a/google-cloud/container-linux/kubernetes/bootkube.tf +++ b/google-cloud/container-linux/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=v0.8.0" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=b6b320ef6aceb7b72802b3aea6da6690d6a7c509" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] diff --git a/google-cloud/container-linux/kubernetes/controllers/cl/controller.yaml.tmpl b/google-cloud/container-linux/kubernetes/controllers/cl/controller.yaml.tmpl index 60f55024..5c721814 100644 --- a/google-cloud/container-linux/kubernetes/controllers/cl/controller.yaml.tmpl +++ b/google-cloud/container-linux/kubernetes/controllers/cl/controller.yaml.tmpl @@ -35,7 +35,8 @@ systemd: --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ --mount volume=var-log,target=/var/log \ - --hosts-entry=host" + --hosts-entry=host \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -105,8 +106,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: diff --git a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl index 6f6050fe..54cc73aa 100644 --- a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl +++ b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml.tmpl @@ -35,7 +35,8 @@ systemd: --mount volume=opt-cni-bin,target=/opt/cni/bin \ --volume var-log,kind=host,source=/var/log \ --mount volume=var-log,target=/var/log \ - --hosts-entry=host" + --hosts-entry=host \ + --insecure-options=image" ExecStartPre=/bin/mkdir -p /opt/cni/bin ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d @@ -103,8 +104,8 @@ storage: mode: 0644 contents: inline: | - KUBELET_IMAGE_URL=quay.io/coreos/hyperkube - KUBELET_IMAGE_TAG=v1.8.1_coreos.0 + KUBELET_IMAGE_URL=docker://gcr.io/google_containers/hyperkube + KUBELET_IMAGE_TAG=v1.8.2 - path: /etc/sysctl.d/max-user-watches.conf filesystem: root contents: @@ -121,7 +122,8 @@ storage: --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \ - quay.io/coreos/hyperkube:v1.8.1_coreos.0 \ + --insecure-options=image \ + docker://gcr.io/google_containers/hyperkube:v1.8.2 \ --net=host \ --dns=host \ --exec=/kubectl -- --kubeconfig=/etc/kubernetes/kubeconfig delete node $(hostname)