CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use bootkube system container on fedora-atomic 

* Use the upstream bootkube image packaged with the
required metadata to be usable as a system container
under systemd
* Run bootkube with runc so no host level components
use Docker any more. Docker is still the runtime
* Remove bootkube script and old systemd unit
This commit is contained in:
Dalton Hubble 2018-04-17 23:31:09 -07:00
parent 3dde4ba8ba
commit 9b88d4bbfd
8 changed files with 17 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
View File

@ -70,33 +70,7 @@ write_files:
permissions: '0644'
content: |
${kubeconfig}
- path: /etc/systemd/system/bootkube.service
content: |
[Unit]
Description=Bootstrap a Kubernetes cluster
ConditionPathExists=!/var/bootkube/init_bootkube.done
[Service]
Type=oneshot
RemainAfterExit=true
WorkingDirectory=/var/bootkube
ExecStartPre=/bin/mkdir -p /var/bootkube
ExecStart=/usr/local/bin/bootkube-start
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
[Install]
WantedBy=multi-user.target
- path: /var/bootkube/.keep
- path: /usr/local/bin/bootkube-start
permissions: '0755'
content: |
#!/bin/bash -e
# Wrapper for bootkube start
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
/usr/bin/docker run --rm --name bootkube \
--net=host \
--volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
- path: /var/lib/bootkube/.keep
- path: /etc/selinux/config
owner: root:root
permissions: '0644'
@ -109,9 +83,10 @@ bootcmd:
runcmd:
- [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
- [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
- [systemctl, start, --no-block, kubelet.service]
users:
- default

2
aws/fedora-atomic/kubernetes/ssh.tf
View File

@ -82,7 +82,7 @@ resource "null_resource" "bootkube-start" {
provisioner "remote-exec" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
"sudo mv $HOME/assets /var/bootkube",
"sudo mv $HOME/assets /var/lib/bootkube",
"sudo systemctl start bootkube",
]
}

33
bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
View File

@ -60,48 +60,23 @@ write_files:
PathExists=/etc/kubernetes/kubeconfig
[Install]
WantedBy=multi-user.target
- path: /etc/systemd/system/bootkube.service
content: |
[Unit]
Description=Bootstrap a Kubernetes cluster
ConditionPathExists=!/var/bootkube/init_bootkube.done
[Service]
Type=oneshot
RemainAfterExit=true
WorkingDirectory=/var/bootkube
ExecStartPre=/bin/mkdir -p /var/bootkube
ExecStart=/usr/local/bin/bootkube-start
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
[Install]
WantedBy=multi-user.target
- path: /var/bootkube/.keep
- path: /var/lib/bootkube/.keep
- path: /etc/selinux/config
owner: root:root
permissions: '0644'
content: |
SELINUX=permissive
SELINUXTYPE=targeted
- path: /usr/local/bin/bootkube-start
permissions: '0755'
content: |
#!/bin/bash -e
# Wrapper for bootkube start
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
/usr/bin/docker run --rm --name bootkube \
--net=host \
--volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
bootcmd:
- [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd:
- [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service]
- [hostnamectl, set-hostname, ${domain_name}]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
- [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path]
users:

2
bare-metal/fedora-atomic/kubernetes/ssh.tf
View File

@ -113,7 +113,7 @@ resource "null_resource" "bootkube-start" {
provisioner "remote-exec" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
"sudo mv $HOME/assets /var/bootkube",
"sudo mv $HOME/assets /var/lib/bootkube",
"sudo systemctl start bootkube",
]
}

31
digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
View File

@ -74,48 +74,23 @@ write_files:
PathExists=/etc/kubernetes/kubeconfig
[Install]
WantedBy=multi-user.target
- path: /etc/systemd/system/bootkube.service
content: |
[Unit]
Description=Bootstrap a Kubernetes cluster
ConditionPathExists=!/var/bootkube/init_bootkube.done
[Service]
Type=oneshot
RemainAfterExit=true
WorkingDirectory=/var/bootkube
ExecStartPre=/bin/mkdir -p /var/bootkube
ExecStart=/usr/local/bin/bootkube-start
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
[Install]
WantedBy=multi-user.target
- path: /var/bootkube/.keep
- path: /var/lib/bootkube/.keep
- path: /etc/selinux/config
owner: root:root
permissions: '0644'
content: |
SELINUX=permissive
SELINUXTYPE=targeted
- path: /usr/local/bin/bootkube-start
permissions: '0755'
content: |
#!/bin/bash -e
# Wrapper for bootkube start
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
/usr/bin/docker run --rm --name bootkube \
--net=host \
--volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
bootcmd:
- [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd:
- [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
- [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
- [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path]
users:

2
digital-ocean/fedora-atomic/kubernetes/ssh.tf
View File

@ -110,7 +110,7 @@ resource "null_resource" "bootkube-start" {
provisioner "remote-exec" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
"sudo mv $HOME/assets /var/bootkube",
"sudo mv $HOME/assets /var/lib/bootkube",
"sudo systemctl start bootkube",
]
}

31
google-cloud/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
View File

@ -71,33 +71,7 @@ write_files:
permissions: '0644'
content: |
${kubeconfig}
- path: /etc/systemd/system/bootkube.service
content: |
[Unit]
Description=Bootstrap a Kubernetes cluster
ConditionPathExists=!/var/bootkube/init_bootkube.done
[Service]
Type=oneshot
RemainAfterExit=true
WorkingDirectory=/var/bootkube
ExecStartPre=/bin/mkdir -p /var/bootkube
ExecStart=/usr/local/bin/bootkube-start
ExecStartPost=/bin/touch /var/bootkube/init_bootkube.done
[Install]
WantedBy=multi-user.target
- path: /var/bootkube/.keep
- path: /usr/local/bin/bootkube-start
permissions: '0755'
content: |
#!/bin/bash -e
# Wrapper for bootkube start
[ -n "$(ls /var/bootkube/assets/manifests-*/* 2>/dev/null)" ] && mv /var/bootkube/assets/manifests-*/* /var/bootkube/assets/manifests && rm -rf /var/bootkube/assets/manifests-*
/usr/bin/docker run --rm --name bootkube \
--net=host \
--volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
- path: /var/lib/bootkube/.keep
- path: /etc/selinux/config
owner: root:root
permissions: '0644'
@ -110,9 +84,10 @@ bootcmd:
runcmd:
- [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
- "atomic install --system --name=bootkube quay.io/dghubble/bootkube:3cc2345503c60186db5272fa918514259e3c4a9d"
- [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8baca5cbaf7b7ee0710380c7d8897e444ebdcb27"
- [systemctl, start, --no-block, kubelet.service]
users:
- default

2
google-cloud/fedora-atomic/kubernetes/ssh.tf
View File

@ -82,7 +82,7 @@ resource "null_resource" "bootkube-start" {
provisioner "remote-exec" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do sleep 4; done",
"sudo mv $HOME/assets /var/bootkube",
"sudo mv $HOME/assets /var/lib/bootkube",
"sudo systemctl start bootkube",
]
}