CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use strict mode for Container Linux Configs 

* Enable terraform-provider-ct `strict` mode for parsing
Container Linux Configs and snippets
* Fix Container Linux Config systemd unit syntax `enable`
(old) to `enabled`
* Align with Fedora CoreOS which uses strict mode already
This commit is contained in:
Dalton Hubble 2020-06-09 22:38:32 -07:00
parent 8dc170b9d9
commit a287920169
31 changed files with 115 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGES.md
View File

@ -14,6 +14,17 @@ Notable changes between versions.
strategy (see [docs](https://typhoon.psdn.io/topics/security/#container-images)) strategy (see [docs](https://typhoon.psdn.io/topics/security/#container-images))
* Update Calico from v3.14.0 to [v3.14.1](https://docs.projectcalico.org/v3.14/release-notes/) * Update Calico from v3.14.0 to [v3.14.1](https://docs.projectcalico.org/v3.14/release-notes/)
### Fedora CoreOS
#### Azure
* Use `strict` Fedora CoreOS Config (FCC) snippet parsing ([#755](https://github.com/poseidon/typhoon/pull/755))
### Flatcar Linux
* Use `strict` Container Linux Config (CLC) snippet parsing ([#755](https://github.com/poseidon/typhoon/pull/755))
* Require `terraform-provider-ct` v0.4+, recommend v0.5+ (**action required**)
### Addons ### Addons
* Update Prometheus from v2.18.1 to [v2.19.0-rc.0](https://github.com/prometheus/prometheus/releases/tag/v2.19.0-rc.0) * Update Prometheus from v2.18.1 to [v2.19.0-rc.0](https://github.com/prometheus/prometheus/releases/tag/v2.19.0-rc.0)

9
aws/container-linux/kubernetes/cl/controller.yaml
View File

@ -2,7 +2,7 @@
systemd: systemd:
units: units:
- name: etcd-member.service - name: etcd-member.service
enable: true enabled: true
dropins: dropins:
- name: 40-etcd-cluster.conf - name: 40-etcd-cluster.conf
contents: | contents: |
@ -28,11 +28,11 @@ systemd:
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -46,7 +46,7 @@ systemd:
RequiredBy=kubelet.service RequiredBy=kubelet.service
RequiredBy=etcd-member.service RequiredBy=etcd-member.service
- name: kubelet.service - name: kubelet.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Kubelet Description=Kubelet
@ -191,6 +191,7 @@ storage:
done done
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

8
aws/container-linux/kubernetes/controllers.tf
View File

@ -49,10 +49,10 @@ resource "aws_instance" "controllers" {
# Controller Ignition configs # Controller Ignition configs
data "ct_config" "controller-ignitions" { data "ct_config" "controller-ignitions" {
count = var.controller_count count = var.controller_count
content = data.template_file.controller-configs.*.rendered[count.index] content = data.template_file.controller-configs.*.rendered[count.index]
pretty_print = false strict = true
snippets = var.controller_snippets snippets = var.controller_snippets
} }
# Controller Container Linux configs # Controller Container Linux configs

2
aws/container-linux/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
aws = "~> 2.23" aws = "~> 2.23"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }

7
aws/container-linux/kubernetes/workers/cl/worker.yaml
View File

@ -2,11 +2,11 @@
systemd: systemd:
units: units:
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -19,7 +19,7 @@ systemd:
[Install] [Install]
RequiredBy=kubelet.service RequiredBy=kubelet.service
- name: kubelet.service - name: kubelet.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Kubelet Description=Kubelet
@ -115,6 +115,7 @@ storage:
${kubeconfig} ${kubeconfig}
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

6
aws/container-linux/kubernetes/workers/workers.tf
View File

@ -71,9 +71,9 @@ resource "aws_launch_configuration" "worker" {
# Worker Ignition config # Worker Ignition config
data "ct_config" "worker-ignition" { data "ct_config" "worker-ignition" {
content = data.template_file.worker-config.rendered content = data.template_file.worker-config.rendered
pretty_print = false strict = true
snippets = var.snippets snippets = var.snippets
} }
# Worker Container Linux config # Worker Container Linux config

9
azure/container-linux/kubernetes/cl/controller.yaml
View File

@ -2,7 +2,7 @@
systemd: systemd:
units: units:
- name: etcd-member.service - name: etcd-member.service
enable: true enabled: true
dropins: dropins:
- name: 40-etcd-cluster.conf - name: 40-etcd-cluster.conf
contents: | contents: |
@ -28,11 +28,11 @@ systemd:
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -46,7 +46,7 @@ systemd:
RequiredBy=kubelet.service RequiredBy=kubelet.service
RequiredBy=etcd-member.service RequiredBy=etcd-member.service
- name: kubelet.service - name: kubelet.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Kubelet Description=Kubelet
@ -189,6 +189,7 @@ storage:
done done
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

8
azure/container-linux/kubernetes/controllers.tf
View File

@ -139,10 +139,10 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlle
# Controller Ignition configs # Controller Ignition configs
data "ct_config" "controller-ignitions" { data "ct_config" "controller-ignitions" {
count = var.controller_count count = var.controller_count
content = data.template_file.controller-configs.*.rendered[count.index] content = data.template_file.controller-configs.*.rendered[count.index]
pretty_print = false strict = true
snippets = var.controller_snippets snippets = var.controller_snippets
} }
# Controller Container Linux configs # Controller Container Linux configs

2
azure/container-linux/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
azurerm = "~> 2.8" azurerm = "~> 2.8"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }

9
azure/container-linux/kubernetes/workers/cl/worker.yaml
View File

@ -2,11 +2,11 @@
systemd: systemd:
units: units:
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -19,7 +19,7 @@ systemd:
[Install] [Install]
RequiredBy=kubelet.service RequiredBy=kubelet.service
- name: kubelet.service - name: kubelet.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Kubelet Description=Kubelet
@ -92,7 +92,7 @@ systemd:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: delete-node.service - name: delete-node.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Waiting to delete Kubernetes node on shutdown Description=Waiting to delete Kubernetes node on shutdown
@ -113,6 +113,7 @@ storage:
${kubeconfig} ${kubeconfig}
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

6
azure/container-linux/kubernetes/workers/workers.tf
View File

@ -97,9 +97,9 @@ resource "azurerm_monitor_autoscale_setting" "workers" {
# Worker Ignition configs # Worker Ignition configs
data "ct_config" "worker-ignition" { data "ct_config" "worker-ignition" {
content = data.template_file.worker-config.rendered content = data.template_file.worker-config.rendered
pretty_print = false strict = true
snippets = var.snippets snippets = var.snippets
} }
# Worker Container Linux configs # Worker Container Linux configs

8
azure/fedora-coreos/kubernetes/controllers.tf
View File

@ -113,10 +113,10 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlle
# Controller Ignition configs # Controller Ignition configs
data "ct_config" "controller-ignitions" { data "ct_config" "controller-ignitions" {
count = var.controller_count count = var.controller_count
content = data.template_file.controller-configs.*.rendered[count.index] content = data.template_file.controller-configs.*.rendered[count.index]
pretty_print = false strict = true
snippets = var.controller_snippets snippets = var.controller_snippets
} }
# Controller Fedora CoreOS configs # Controller Fedora CoreOS configs

2
azure/fedora-coreos/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
azurerm = "~> 2.8" azurerm = "~> 2.8"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }

6
azure/fedora-coreos/kubernetes/workers/workers.tf
View File

@ -72,9 +72,9 @@ resource "azurerm_monitor_autoscale_setting" "workers" {
# Worker Ignition configs # Worker Ignition configs
data "ct_config" "worker-ignition" { data "ct_config" "worker-ignition" {
content = data.template_file.worker-config.rendered content = data.template_file.worker-config.rendered
pretty_print = false strict = true
snippets = var.snippets snippets = var.snippets
} }
# Worker Fedora CoreOS configs # Worker Fedora CoreOS configs

10
bare-metal/container-linux/kubernetes/cl/controller.yaml
View File

@ -2,7 +2,7 @@
systemd: systemd:
units: units:
- name: etcd-member.service - name: etcd-member.service
enable: true enabled: true
dropins: dropins:
- name: 40-etcd-cluster.conf - name: 40-etcd-cluster.conf
contents: | contents: |
@ -28,11 +28,11 @@ systemd:
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: kubelet.path - name: kubelet.path
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Watch for kubeconfig Description=Watch for kubeconfig
@ -41,7 +41,7 @@ systemd:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -161,6 +161,7 @@ storage:
directories: directories:
- path: /etc/kubernetes - path: /etc/kubernetes
filesystem: root filesystem: root
mode: 0755
files: files:
- path: /etc/hostname - path: /etc/hostname
filesystem: root filesystem: root
@ -207,6 +208,7 @@ storage:
done done
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

2
bare-metal/container-linux/kubernetes/cl/install.yaml
View File

@ -2,7 +2,7 @@
systemd: systemd:
units: units:
- name: installer.service - name: installer.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Requires=network-online.target Requires=network-online.target

8
bare-metal/container-linux/kubernetes/cl/worker.yaml
View File

@ -2,11 +2,11 @@
systemd: systemd:
units: units:
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: kubelet.path - name: kubelet.path
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Watch for kubeconfig Description=Watch for kubeconfig
@ -15,7 +15,7 @@ systemd:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -114,6 +114,7 @@ storage:
directories: directories:
- path: /etc/kubernetes - path: /etc/kubernetes
filesystem: root filesystem: root
mode: 0755
files: files:
- path: /etc/hostname - path: /etc/hostname
filesystem: root filesystem: root
@ -123,6 +124,7 @@ storage:
${domain_name} ${domain_name}
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

16
bare-metal/container-linux/kubernetes/profiles.tf
View File

@ -141,10 +141,10 @@ resource "matchbox_profile" "controllers" {
} }
data "ct_config" "controller-ignitions" { data "ct_config" "controller-ignitions" {
count = length(var.controllers) count = length(var.controllers)
content = data.template_file.controller-configs.*.rendered[count.index] content = data.template_file.controller-configs.*.rendered[count.index]
pretty_print = false strict = true
snippets = lookup(var.snippets, var.controllers.*.name[count.index], []) snippets = lookup(var.snippets, var.controllers.*.name[count.index], [])
} }
data "template_file" "controller-configs" { data "template_file" "controller-configs" {
@ -171,10 +171,10 @@ resource "matchbox_profile" "workers" {
} }
data "ct_config" "worker-ignitions" { data "ct_config" "worker-ignitions" {
count = length(var.workers) count = length(var.workers)
content = data.template_file.worker-configs.*.rendered[count.index] content = data.template_file.worker-configs.*.rendered[count.index]
pretty_print = false strict = true
snippets = lookup(var.snippets, var.workers.*.name[count.index], []) snippets = lookup(var.snippets, var.workers.*.name[count.index], [])
} }
data "template_file" "worker-configs" { data "template_file" "worker-configs" {

2
bare-metal/container-linux/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
matchbox = "~> 0.3.0" matchbox = "~> 0.3.0"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }

10
digital-ocean/container-linux/kubernetes/cl/controller.yaml
View File

@ -2,7 +2,7 @@
systemd: systemd:
units: units:
- name: etcd-member.service - name: etcd-member.service
enable: true enabled: true
dropins: dropins:
- name: 40-etcd-cluster.conf - name: 40-etcd-cluster.conf
contents: | contents: |
@ -28,11 +28,11 @@ systemd:
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: kubelet.path - name: kubelet.path
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Watch for kubeconfig Description=Watch for kubeconfig
@ -41,7 +41,7 @@ systemd:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -158,6 +158,7 @@ storage:
directories: directories:
- path: /etc/kubernetes - path: /etc/kubernetes
filesystem: root filesystem: root
mode: 0755
files: files:
- path: /opt/bootstrap/layout - path: /opt/bootstrap/layout
filesystem: root filesystem: root
@ -198,6 +199,7 @@ storage:
done done
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

10
digital-ocean/container-linux/kubernetes/cl/worker.yaml
View File

@ -2,11 +2,11 @@
systemd: systemd:
units: units:
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: kubelet.path - name: kubelet.path
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Watch for kubeconfig Description=Watch for kubeconfig
@ -15,7 +15,7 @@ systemd:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -101,7 +101,7 @@ systemd:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: delete-node.service - name: delete-node.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Waiting to delete Kubernetes node on shutdown Description=Waiting to delete Kubernetes node on shutdown
@ -116,9 +116,11 @@ storage:
directories: directories:
- path: /etc/kubernetes - path: /etc/kubernetes
filesystem: root filesystem: root
mode: 0755
files: files:
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

8
digital-ocean/container-linux/kubernetes/controllers.tf
View File

@ -69,10 +69,10 @@ resource "digitalocean_tag" "controllers" {
# Controller Ignition configs # Controller Ignition configs
data "ct_config" "controller-ignitions" { data "ct_config" "controller-ignitions" {
count = var.controller_count count = var.controller_count
content = data.template_file.controller-configs.*.rendered[count.index] content = data.template_file.controller-configs.*.rendered[count.index]
pretty_print = false strict = true
snippets = var.controller_snippets snippets = var.controller_snippets
} }
# Controller Container Linux configs # Controller Container Linux configs

2
digital-ocean/container-linux/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
digitalocean = "~> 1.3" digitalocean = "~> 1.3"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }

6
digital-ocean/container-linux/kubernetes/workers.tf
View File

@ -58,9 +58,9 @@ resource "digitalocean_tag" "workers" {
# Worker Ignition config # Worker Ignition config
data "ct_config" "worker-ignition" { data "ct_config" "worker-ignition" {
content = data.template_file.worker-config.rendered content = data.template_file.worker-config.rendered
pretty_print = false strict = true
snippets = var.worker_snippets snippets = var.worker_snippets
} }
# Worker Container Linux config # Worker Container Linux config

2
digital-ocean/fedora-coreos/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
digitalocean = "~> 1.3" digitalocean = "~> 1.3"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }

9
google-cloud/container-linux/kubernetes/cl/controller.yaml
View File

@ -2,7 +2,7 @@
systemd: systemd:
units: units:
- name: etcd-member.service - name: etcd-member.service
enable: true enabled: true
dropins: dropins:
- name: 40-etcd-cluster.conf - name: 40-etcd-cluster.conf
contents: | contents: |
@ -28,11 +28,11 @@ systemd:
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -46,7 +46,7 @@ systemd:
RequiredBy=kubelet.service RequiredBy=kubelet.service
RequiredBy=etcd-member.service RequiredBy=etcd-member.service
- name: kubelet.service - name: kubelet.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Kubelet Description=Kubelet
@ -189,6 +189,7 @@ storage:
done done
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

8
google-cloud/container-linux/kubernetes/controllers.tf
View File

@ -65,10 +65,10 @@ resource "google_compute_instance" "controllers" {
# Controller Ignition configs # Controller Ignition configs
data "ct_config" "controller-ignitions" { data "ct_config" "controller-ignitions" {
count = var.controller_count count = var.controller_count
content = data.template_file.controller-configs.*.rendered[count.index] content = data.template_file.controller-configs.*.rendered[count.index]
pretty_print = false strict = true
snippets = var.controller_snippets snippets = var.controller_snippets
} }
# Controller Container Linux configs # Controller Container Linux configs

2
google-cloud/container-linux/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
google = ">= 2.19, < 4.0" google = ">= 2.19, < 4.0"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }

9
google-cloud/container-linux/kubernetes/workers/cl/worker.yaml
View File

@ -2,11 +2,11 @@
systemd: systemd:
units: units:
- name: docker.service - name: docker.service
enable: true enabled: true
- name: locksmithd.service - name: locksmithd.service
mask: true mask: true
- name: wait-for-dns.service - name: wait-for-dns.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Wait for DNS entries Description=Wait for DNS entries
@ -19,7 +19,7 @@ systemd:
[Install] [Install]
RequiredBy=kubelet.service RequiredBy=kubelet.service
- name: kubelet.service - name: kubelet.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Kubelet Description=Kubelet
@ -92,7 +92,7 @@ systemd:
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: delete-node.service - name: delete-node.service
enable: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=Waiting to delete Kubernetes node on shutdown Description=Waiting to delete Kubernetes node on shutdown
@ -113,6 +113,7 @@ storage:
${kubeconfig} ${kubeconfig}
- path: /etc/sysctl.d/max-user-watches.conf - path: /etc/sysctl.d/max-user-watches.conf
filesystem: root filesystem: root
mode: 0644
contents: contents:
inline: | inline: |
fs.inotify.max_user_watches=16184 fs.inotify.max_user_watches=16184

6
google-cloud/container-linux/kubernetes/workers/workers.tf
View File

@ -71,9 +71,9 @@ resource "google_compute_instance_template" "worker" {
# Worker Ignition config # Worker Ignition config
data "ct_config" "worker-ignition" { data "ct_config" "worker-ignition" {
content = data.template_file.worker-config.rendered content = data.template_file.worker-config.rendered
pretty_print = false strict = true
snippets = var.snippets snippets = var.snippets
} }
# Worker Container Linux config # Worker Container Linux config

2
google-cloud/fedora-coreos/kubernetes/versions.tf
View File

@ -4,7 +4,7 @@ terraform {
required_version = "~> 0.12.6" required_version = "~> 0.12.6"
required_providers { required_providers {
google = ">= 2.19, < 4.0" google = ">= 2.19, < 4.0"
ct = "~> 0.3" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"
} }