Use bootkube system container on fedora-atomic
* Use the upstream bootkube image packaged with the required metadata to be usable as a system container under systemd * Run bootkube with runc so no host level components use Docker any more. Docker is still the runtime * Remove bootkube script and old systemd unit
This commit is contained in:
parent
3dde4ba8ba
commit
9b88d4bbfd
|
@ -70,33 +70,7 @@ write_files:
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
content: |
|
content: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
- path: /etc/systemd/system/bootkube.service
|
- path: /var/lib/bootkube/.keep
|
||||||
content: |
|
|
||||||
[Unit]
|
|
||||||
Description=Bootstrap a Kubernetes cluster
|
|
||||||
ConditionPathExists=!/var/bootkube/init_bootkube.done
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=true
|
|
||||||
WorkingDirectory=/var/bootkube
|
|
||||||
ExecStartPre=/bin/mkdir -p /var/bootkube
|
|
||||||
ExecStart=/usr/local/bin/bootkube-start
|
|
||||||
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
- path: /var/bootkube/.keep
|
|
||||||
- path: /usr/local/bin/bootkube-start
|
|
||||||
permissions: '0755'
|
|
||||||
content: |
|
|
||||||
#!/bin/bash -e
|
|
||||||
# Wrapper for bootkube start
|
|
||||||
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
|
|
||||||
/usr/bin/docker run --rm --name bootkube \
|
|
||||||
--net=host \
|
|
||||||
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
|
||||||
--volume /var/bootkube/assets:/assets:Z \
|
|
||||||
--entrypoint=/bootkube \
|
|
||||||
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
|
|
||||||
- path: /etc/selinux/config
|
- path: /etc/selinux/config
|
||||||
owner: root:root
|
owner: root:root
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
|
@ -109,9 +83,10 @@ bootcmd:
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
||||||
|
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [systemctl, enable, cloud-metadata.service]
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
|
||||||
- [systemctl, start, --no-block, kubelet.service]
|
- [systemctl, start, --no-block, kubelet.service]
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
|
|
|
@ -82,7 +82,7 @@ resource "null_resource" "bootkube-start" {
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
||||||
"sudo mv $HOME/assets /var/bootkube",
|
"sudo mv $HOME/assets /var/lib/bootkube",
|
||||||
"sudo systemctl start bootkube",
|
"sudo systemctl start bootkube",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,48 +60,23 @@ write_files:
|
||||||
PathExists=/etc/kubernetes/kubeconfig
|
PathExists=/etc/kubernetes/kubeconfig
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
- path: /etc/systemd/system/bootkube.service
|
- path: /var/lib/bootkube/.keep
|
||||||
content: |
|
|
||||||
[Unit]
|
|
||||||
Description=Bootstrap a Kubernetes cluster
|
|
||||||
ConditionPathExists=!/var/bootkube/init_bootkube.done
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=true
|
|
||||||
WorkingDirectory=/var/bootkube
|
|
||||||
ExecStartPre=/bin/mkdir -p /var/bootkube
|
|
||||||
ExecStart=/usr/local/bin/bootkube-start
|
|
||||||
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
- path: /var/bootkube/.keep
|
|
||||||
- path: /etc/selinux/config
|
- path: /etc/selinux/config
|
||||||
owner: root:root
|
owner: root:root
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
content: |
|
content: |
|
||||||
SELINUX=permissive
|
SELINUX=permissive
|
||||||
SELINUXTYPE=targeted
|
SELINUXTYPE=targeted
|
||||||
- path: /usr/local/bin/bootkube-start
|
|
||||||
permissions: '0755'
|
|
||||||
content: |
|
|
||||||
#!/bin/bash -e
|
|
||||||
# Wrapper for bootkube start
|
|
||||||
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
|
|
||||||
/usr/bin/docker run --rm --name bootkube \
|
|
||||||
--net=host \
|
|
||||||
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
|
||||||
--volume /var/bootkube/assets:/assets:Z \
|
|
||||||
--entrypoint=/bootkube \
|
|
||||||
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
|
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
- [systemctl, disable, firewalld, --now]
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
|
||||||
- [hostnamectl, set-hostname, ${domain_name}]
|
- [hostnamectl, set-hostname, ${domain_name}]
|
||||||
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
||||||
|
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
|
||||||
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [systemctl, enable, kubelet.path]
|
- [systemctl, enable, kubelet.path]
|
||||||
- [systemctl, start, --no-block, kubelet.path]
|
- [systemctl, start, --no-block, kubelet.path]
|
||||||
users:
|
users:
|
||||||
|
|
|
@ -113,7 +113,7 @@ resource "null_resource" "bootkube-start" {
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
||||||
"sudo mv $HOME/assets /var/bootkube",
|
"sudo mv $HOME/assets /var/lib/bootkube",
|
||||||
"sudo systemctl start bootkube",
|
"sudo systemctl start bootkube",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,48 +74,23 @@ write_files:
|
||||||
PathExists=/etc/kubernetes/kubeconfig
|
PathExists=/etc/kubernetes/kubeconfig
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
- path: /etc/systemd/system/bootkube.service
|
- path: /var/lib/bootkube/.keep
|
||||||
content: |
|
|
||||||
[Unit]
|
|
||||||
Description=Bootstrap a Kubernetes cluster
|
|
||||||
ConditionPathExists=!/var/bootkube/init_bootkube.done
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=true
|
|
||||||
WorkingDirectory=/var/bootkube
|
|
||||||
ExecStartPre=/bin/mkdir -p /var/bootkube
|
|
||||||
ExecStart=/usr/local/bin/bootkube-start
|
|
||||||
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
- path: /var/bootkube/.keep
|
|
||||||
- path: /etc/selinux/config
|
- path: /etc/selinux/config
|
||||||
owner: root:root
|
owner: root:root
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
content: |
|
content: |
|
||||||
SELINUX=permissive
|
SELINUX=permissive
|
||||||
SELINUXTYPE=targeted
|
SELINUXTYPE=targeted
|
||||||
- path: /usr/local/bin/bootkube-start
|
|
||||||
permissions: '0755'
|
|
||||||
content: |
|
|
||||||
#!/bin/bash -e
|
|
||||||
# Wrapper for bootkube start
|
|
||||||
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
|
|
||||||
/usr/bin/docker run --rm --name bootkube \
|
|
||||||
--net=host \
|
|
||||||
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
|
||||||
--volume /var/bootkube/assets:/assets:Z \
|
|
||||||
--entrypoint=/bootkube \
|
|
||||||
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
|
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
- [systemctl, disable, firewalld, --now]
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
||||||
|
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [systemctl, enable, cloud-metadata.service]
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
|
||||||
- [systemctl, enable, kubelet.path]
|
- [systemctl, enable, kubelet.path]
|
||||||
- [systemctl, start, --no-block, kubelet.path]
|
- [systemctl, start, --no-block, kubelet.path]
|
||||||
users:
|
users:
|
||||||
|
|
|
@ -110,7 +110,7 @@ resource "null_resource" "bootkube-start" {
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
||||||
"sudo mv $HOME/assets /var/bootkube",
|
"sudo mv $HOME/assets /var/lib/bootkube",
|
||||||
"sudo systemctl start bootkube",
|
"sudo systemctl start bootkube",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,33 +71,7 @@ write_files:
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
content: |
|
content: |
|
||||||
${kubeconfig}
|
${kubeconfig}
|
||||||
- path: /etc/systemd/system/bootkube.service
|
- path: /var/lib/bootkube/.keep
|
||||||
content: |
|
|
||||||
[Unit]
|
|
||||||
Description=Bootstrap a Kubernetes cluster
|
|
||||||
ConditionPathExists=!/var/bootkube/init_bootkube.done
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=true
|
|
||||||
WorkingDirectory=/var/bootkube
|
|
||||||
ExecStartPre=/bin/mkdir -p /var/bootkube
|
|
||||||
ExecStart=/usr/local/bin/bootkube-start
|
|
||||||
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
- path: /var/bootkube/.keep
|
|
||||||
- path: /usr/local/bin/bootkube-start
|
|
||||||
permissions: '0755'
|
|
||||||
content: |
|
|
||||||
#!/bin/bash -e
|
|
||||||
# Wrapper for bootkube start
|
|
||||||
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
|
|
||||||
/usr/bin/docker run --rm --name bootkube \
|
|
||||||
--net=host \
|
|
||||||
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
|
||||||
--volume /var/bootkube/assets:/assets:Z \
|
|
||||||
--entrypoint=/bootkube \
|
|
||||||
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
|
|
||||||
- path: /etc/selinux/config
|
- path: /etc/selinux/config
|
||||||
owner: root:root
|
owner: root:root
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
|
@ -110,9 +84,10 @@ bootcmd:
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
||||||
|
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [systemctl, enable, cloud-metadata.service]
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
|
|
||||||
- [systemctl, start, --no-block, kubelet.service]
|
- [systemctl, start, --no-block, kubelet.service]
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
|
|
|
@ -82,7 +82,7 @@ resource "null_resource" "bootkube-start" {
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
|
||||||
"sudo mv $HOME/assets /var/bootkube",
|
"sudo mv $HOME/assets /var/lib/bootkube",
|
||||||
"sudo systemctl start bootkube",
|
"sudo systemctl start bootkube",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue