Add table of details about static Pods

* Also remote outdated mentions of rkt-fly
2022-07-21 09:01:43 -07:00 · 2022-07-21 09:01:43 -07:00 · 83236eab57
parent 7f445b0dba
commit 83236eab57
3 changed files with 30 additions and 5 deletions
--- a/docs/architecture/operating-systems.md
+++ b/docs/architecture/operating-systems.md
@ -9,8 +9,8 @@ Typhoon supports [Fedora CoreOS](https://getfedora.org/coreos/) and [Flatcar Lin

 Together, they diversify Typhoon to support a range of container technologies.

-* Fedora CoreOS: rpm-ostree, podman, moby
-* Flatcar Linux: Gentoo core, rkt-fly, docker
+* Fedora CoreOS: rpm-ostree, podman, containerd
+* Flatcar Linux: Gentoo core, docker, containerd

 ## Host Properties

--- a/docs/flatcar-linux/bare-metal.md
+++ b/docs/flatcar-linux/bare-metal.md
@ -269,10 +269,10 @@ To watch the bootstrap process in detail, SSH to the first controller and journa
 ```
 $ ssh core@node1.example.com
 $ journalctl -f -u bootstrap
-rkt[1750]: The connection to the server cluster.example.com:6443 was refused - did you specify the right host or port?
-rkt[1750]: Waiting for static pod control plane
+The connection to the server cluster.example.com:6443 was refused - did you specify the right host or port?
+Waiting for static pod control plane
 ...
-rkt[1750]: serviceaccount/calico-node unchanged
+serviceaccount/calico-node unchanged
 systemd[1]: Started Kubernetes control plane.
 ```

--- a/docs/topics/security.md
+++ b/docs/topics/security.md
@ -81,6 +81,31 @@ Typhoon publishes Terraform providers to the Terraform Registry, GPG signed by 0
 | ct       | [github](https://github.com/poseidon/terraform-provider-ct) | [poseidon/ct](https://registry.terraform.io/providers/poseidon/ct/latest) |
 | matchbox | [github](https://github.com/poseidon/terraform-provider-matchbox) | [poseidon/matchbox](https://registry.terraform.io/providers/poseidon/matchbox/latest) |

+## kube-system
+
+| Name           | user   | hostNet | privileged |
+|----------------|--------|---------|------------|
+| kube-apiserver | nobody | true    | false      |
+| kube-controller-manager | nobody | true | false |
+| kube-scheduler | nobody | true    | false      |
+| coredns        | NA     | false   | false      |
+| kube-proxy     | root   | true    | true       |
+| cilium         | root   | true    | true       |
+| calico         | root   | true    | true       |
+| flannel        | root   | true    | true       |
+
+
+| Name                    | priorityClassName |
+|-------------------------|-------------------|
+| kube-apiserver          | system-cluster-critical |
+| kube-controller-manager | system-cluster-critical |
+| kube-scheduler          | system-cluster-critical |
+| coredns                 | system-cluster-critical |
+| kube-proxy              | system-node-critical |
+| cilium                  | system-node-critical |
+| calico                  | system-node-critical |
+| flannel                 | system-node-critical |
+
 ## Disclosures

 If you find security issues, please email `security@psdn.io`. If the issue lies in upstream Kubernetes, please inform upstream Kubernetes as well.