mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-25 07:09:34 +01:00
Change Flatcar etcd-member.service container from rkt to docker
* Use docker to run the `etcd-member.service` container * Use env-file `/etc/etcd/etcd.env` like podman on FCOS * Background: https://github.com/poseidon/typhoon/pull/855
This commit is contained in:
parent
82e5ac3e7c
commit
ad1f59ce91
@ -15,6 +15,7 @@ Notable changes between versions.
|
|||||||
### Flatcar Linux
|
### Flatcar Linux
|
||||||
|
|
||||||
* Rename `container-linux` modules to `flatcar-linux` ([#858](https://github.com/poseidon/typhoon/issues/858)) (**action required**)
|
* Rename `container-linux` modules to `flatcar-linux` ([#858](https://github.com/poseidon/typhoon/issues/858)) (**action required**)
|
||||||
|
* Change `etcd-member.service` container runnner from rkt to docker ([#867](https://github.com/poseidon/typhoon/pull/867))
|
||||||
* Change `kubelet.service` container runner from rkt to docker ([#855](https://github.com/poseidon/typhoon/pull/855))
|
* Change `kubelet.service` container runner from rkt to docker ([#855](https://github.com/poseidon/typhoon/pull/855))
|
||||||
* Change `delete-node.service` to use docker and an inline ExecStart ([#855](https://github.com/poseidon/typhoon/pull/855))
|
* Change `delete-node.service` to use docker and an inline ExecStart ([#855](https://github.com/poseidon/typhoon/pull/855))
|
||||||
* Fix local node delete oneshot on node shutdown ([#855](https://github.com/poseidon/typhoon/pull/855))
|
* Fix local node delete oneshot on node shutdown ([#855](https://github.com/poseidon/typhoon/pull/855))
|
||||||
|
@ -3,30 +3,31 @@ systemd:
|
|||||||
units:
|
units:
|
||||||
- name: etcd-member.service
|
- name: etcd-member.service
|
||||||
enabled: true
|
enabled: true
|
||||||
dropins:
|
contents: |
|
||||||
- name: 40-etcd-cluster.conf
|
[Unit]
|
||||||
contents: |
|
Description=etcd (System Container)
|
||||||
[Service]
|
Documentation=https://github.com/etcd-io/etcd
|
||||||
Environment="ETCD_IMAGE_TAG=v3.4.12"
|
Requires=docker.service
|
||||||
Environment="ETCD_IMAGE_URL=docker://quay.io/coreos/etcd"
|
After=docker.service
|
||||||
Environment="RKT_RUN_ARGS=--insecure-options=image"
|
[Service]
|
||||||
Environment="ETCD_NAME=${etcd_name}"
|
Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.4.12
|
||||||
Environment="ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379"
|
ExecStartPre=/usr/bin/docker run -d \
|
||||||
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380"
|
--name etcd \
|
||||||
Environment="ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
|
--network host \
|
||||||
Environment="ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
|
--env-file /etc/etcd/etcd.env \
|
||||||
Environment="ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381"
|
--user 232:232 \
|
||||||
Environment="ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}"
|
--volume /etc/ssl/etcd:/etc/ssl/certs:ro \
|
||||||
Environment="ETCD_STRICT_RECONFIG_CHECK=true"
|
--volume /var/lib/etcd:/var/lib/etcd:rw \
|
||||||
Environment="ETCD_SSL_DIR=/etc/ssl/etcd"
|
$${ETCD_IMAGE}
|
||||||
Environment="ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt"
|
ExecStart=docker logs -f etcd
|
||||||
Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt"
|
ExecStop=docker stop etcd
|
||||||
Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key"
|
ExecStopPost=docker rm etcd
|
||||||
Environment="ETCD_CLIENT_CERT_AUTH=true"
|
Restart=always
|
||||||
Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt"
|
RestartSec=10s
|
||||||
Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt"
|
TimeoutStartSec=0
|
||||||
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
|
LimitNOFILE=40000
|
||||||
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: docker.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: locksmithd.service
|
- name: locksmithd.service
|
||||||
@ -49,7 +50,7 @@ systemd:
|
|||||||
enabled: true
|
enabled: true
|
||||||
contents: |
|
contents: |
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Kubelet
|
Description=Kubelet (System Container)
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
Wants=rpc-statd.service
|
Wants=rpc-statd.service
|
||||||
@ -187,6 +188,28 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
fs.inotify.max_user_watches=16184
|
fs.inotify.max_user_watches=16184
|
||||||
|
- path: /etc/etcd/etcd.env
|
||||||
|
filesystem: root
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
ETCD_NAME=${etcd_name}
|
||||||
|
ETCD_DATA_DIR=/var/lib/etcd
|
||||||
|
ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379
|
||||||
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
||||||
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt
|
||||||
|
ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key
|
||||||
|
ETCD_CLIENT_CERT_AUTH=true
|
||||||
|
ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt
|
||||||
|
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
||||||
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
@ -3,30 +3,31 @@ systemd:
|
|||||||
units:
|
units:
|
||||||
- name: etcd-member.service
|
- name: etcd-member.service
|
||||||
enabled: true
|
enabled: true
|
||||||
dropins:
|
contents: |
|
||||||
- name: 40-etcd-cluster.conf
|
[Unit]
|
||||||
contents: |
|
Description=etcd (System Container)
|
||||||
[Service]
|
Documentation=https://github.com/etcd-io/etcd
|
||||||
Environment="ETCD_IMAGE_TAG=v3.4.12"
|
Requires=docker.service
|
||||||
Environment="ETCD_IMAGE_URL=docker://quay.io/coreos/etcd"
|
After=docker.service
|
||||||
Environment="RKT_RUN_ARGS=--insecure-options=image"
|
[Service]
|
||||||
Environment="ETCD_NAME=${etcd_name}"
|
Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.4.12
|
||||||
Environment="ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379"
|
ExecStartPre=/usr/bin/docker run -d \
|
||||||
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380"
|
--name etcd \
|
||||||
Environment="ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
|
--network host \
|
||||||
Environment="ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
|
--env-file /etc/etcd/etcd.env \
|
||||||
Environment="ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381"
|
--user 232:232 \
|
||||||
Environment="ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}"
|
--volume /etc/ssl/etcd:/etc/ssl/certs:ro \
|
||||||
Environment="ETCD_STRICT_RECONFIG_CHECK=true"
|
--volume /var/lib/etcd:/var/lib/etcd:rw \
|
||||||
Environment="ETCD_SSL_DIR=/etc/ssl/etcd"
|
$${ETCD_IMAGE}
|
||||||
Environment="ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt"
|
ExecStart=docker logs -f etcd
|
||||||
Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt"
|
ExecStop=docker stop etcd
|
||||||
Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key"
|
ExecStopPost=docker rm etcd
|
||||||
Environment="ETCD_CLIENT_CERT_AUTH=true"
|
Restart=always
|
||||||
Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt"
|
RestartSec=10s
|
||||||
Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt"
|
TimeoutStartSec=0
|
||||||
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
|
LimitNOFILE=40000
|
||||||
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: docker.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: locksmithd.service
|
- name: locksmithd.service
|
||||||
@ -49,7 +50,7 @@ systemd:
|
|||||||
enabled: true
|
enabled: true
|
||||||
contents: |
|
contents: |
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Kubelet
|
Description=Kubelet (System Container)
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
Wants=rpc-statd.service
|
Wants=rpc-statd.service
|
||||||
@ -187,6 +188,28 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
fs.inotify.max_user_watches=16184
|
fs.inotify.max_user_watches=16184
|
||||||
|
- path: /etc/etcd/etcd.env
|
||||||
|
filesystem: root
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
ETCD_NAME=${etcd_name}
|
||||||
|
ETCD_DATA_DIR=/var/lib/etcd
|
||||||
|
ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379
|
||||||
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
||||||
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt
|
||||||
|
ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key
|
||||||
|
ETCD_CLIENT_CERT_AUTH=true
|
||||||
|
ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt
|
||||||
|
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
||||||
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
@ -3,30 +3,31 @@ systemd:
|
|||||||
units:
|
units:
|
||||||
- name: etcd-member.service
|
- name: etcd-member.service
|
||||||
enabled: true
|
enabled: true
|
||||||
dropins:
|
contents: |
|
||||||
- name: 40-etcd-cluster.conf
|
[Unit]
|
||||||
contents: |
|
Description=etcd (System Container)
|
||||||
[Service]
|
Documentation=https://github.com/etcd-io/etcd
|
||||||
Environment="ETCD_IMAGE_TAG=v3.4.12"
|
Requires=docker.service
|
||||||
Environment="ETCD_IMAGE_URL=docker://quay.io/coreos/etcd"
|
After=docker.service
|
||||||
Environment="RKT_RUN_ARGS=--insecure-options=image"
|
[Service]
|
||||||
Environment="ETCD_NAME=${etcd_name}"
|
Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.4.12
|
||||||
Environment="ETCD_ADVERTISE_CLIENT_URLS=https://${domain_name}:2379"
|
ExecStartPre=/usr/bin/docker run -d \
|
||||||
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${domain_name}:2380"
|
--name etcd \
|
||||||
Environment="ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
|
--network host \
|
||||||
Environment="ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
|
--env-file /etc/etcd/etcd.env \
|
||||||
Environment="ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381"
|
--user 232:232 \
|
||||||
Environment="ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}"
|
--volume /etc/ssl/etcd:/etc/ssl/certs:ro \
|
||||||
Environment="ETCD_STRICT_RECONFIG_CHECK=true"
|
--volume /var/lib/etcd:/var/lib/etcd:rw \
|
||||||
Environment="ETCD_SSL_DIR=/etc/ssl/etcd"
|
$${ETCD_IMAGE}
|
||||||
Environment="ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt"
|
ExecStart=docker logs -f etcd
|
||||||
Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt"
|
ExecStop=docker stop etcd
|
||||||
Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key"
|
ExecStopPost=docker rm etcd
|
||||||
Environment="ETCD_CLIENT_CERT_AUTH=true"
|
Restart=always
|
||||||
Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt"
|
RestartSec=10s
|
||||||
Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt"
|
TimeoutStartSec=0
|
||||||
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
|
LimitNOFILE=40000
|
||||||
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: docker.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: locksmithd.service
|
- name: locksmithd.service
|
||||||
@ -57,7 +58,7 @@ systemd:
|
|||||||
- name: kubelet.service
|
- name: kubelet.service
|
||||||
contents: |
|
contents: |
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Kubelet
|
Description=Kubelet (System Container)
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
Wants=rpc-statd.service
|
Wants=rpc-statd.service
|
||||||
@ -201,6 +202,28 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
fs.inotify.max_user_watches=16184
|
fs.inotify.max_user_watches=16184
|
||||||
|
- path: /etc/etcd/etcd.env
|
||||||
|
filesystem: root
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
ETCD_NAME=${etcd_name}
|
||||||
|
ETCD_DATA_DIR=/var/lib/etcd
|
||||||
|
ETCD_ADVERTISE_CLIENT_URLS=https://${domain_name}:2379
|
||||||
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${domain_name}:2380
|
||||||
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt
|
||||||
|
ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key
|
||||||
|
ETCD_CLIENT_CERT_AUTH=true
|
||||||
|
ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt
|
||||||
|
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
||||||
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
@ -3,30 +3,31 @@ systemd:
|
|||||||
units:
|
units:
|
||||||
- name: etcd-member.service
|
- name: etcd-member.service
|
||||||
enabled: true
|
enabled: true
|
||||||
dropins:
|
contents: |
|
||||||
- name: 40-etcd-cluster.conf
|
[Unit]
|
||||||
contents: |
|
Description=etcd (System Container)
|
||||||
[Service]
|
Documentation=https://github.com/etcd-io/etcd
|
||||||
Environment="ETCD_IMAGE_TAG=v3.4.12"
|
Requires=docker.service
|
||||||
Environment="ETCD_IMAGE_URL=docker://quay.io/coreos/etcd"
|
After=docker.service
|
||||||
Environment="RKT_RUN_ARGS=--insecure-options=image"
|
[Service]
|
||||||
Environment="ETCD_NAME=${etcd_name}"
|
Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.4.12
|
||||||
Environment="ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379"
|
ExecStartPre=/usr/bin/docker run -d \
|
||||||
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380"
|
--name etcd \
|
||||||
Environment="ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
|
--network host \
|
||||||
Environment="ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
|
--env-file /etc/etcd/etcd.env \
|
||||||
Environment="ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381"
|
--user 232:232 \
|
||||||
Environment="ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}"
|
--volume /etc/ssl/etcd:/etc/ssl/certs:ro \
|
||||||
Environment="ETCD_STRICT_RECONFIG_CHECK=true"
|
--volume /var/lib/etcd:/var/lib/etcd:rw \
|
||||||
Environment="ETCD_SSL_DIR=/etc/ssl/etcd"
|
$${ETCD_IMAGE}
|
||||||
Environment="ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt"
|
ExecStart=docker logs -f etcd
|
||||||
Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt"
|
ExecStop=docker stop etcd
|
||||||
Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key"
|
ExecStopPost=docker rm etcd
|
||||||
Environment="ETCD_CLIENT_CERT_AUTH=true"
|
Restart=always
|
||||||
Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt"
|
RestartSec=10s
|
||||||
Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt"
|
TimeoutStartSec=0
|
||||||
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
|
LimitNOFILE=40000
|
||||||
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: docker.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: locksmithd.service
|
- name: locksmithd.service
|
||||||
@ -57,7 +58,7 @@ systemd:
|
|||||||
- name: kubelet.service
|
- name: kubelet.service
|
||||||
contents: |
|
contents: |
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Kubelet
|
Description=Kubelet(System Container)
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
Requires=coreos-metadata.service
|
Requires=coreos-metadata.service
|
||||||
@ -194,3 +195,25 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
fs.inotify.max_user_watches=16184
|
fs.inotify.max_user_watches=16184
|
||||||
|
- path: /etc/etcd/etcd.env
|
||||||
|
filesystem: root
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
ETCD_NAME=${etcd_name}
|
||||||
|
ETCD_DATA_DIR=/var/lib/etcd
|
||||||
|
ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379
|
||||||
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
||||||
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt
|
||||||
|
ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key
|
||||||
|
ETCD_CLIENT_CERT_AUTH=true
|
||||||
|
ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt
|
||||||
|
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
||||||
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
|
@ -35,7 +35,7 @@ Together, they diversify Typhoon to support a range of container technologies.
|
|||||||
| control plane | static pods | static pods |
|
| control plane | static pods | static pods |
|
||||||
| kubelet image | kubelet [image](https://github.com/poseidon/kubelet) with upstream binary | kubelet [image](https://github.com/poseidon/kubelet) with upstream binary |
|
| kubelet image | kubelet [image](https://github.com/poseidon/kubelet) with upstream binary | kubelet [image](https://github.com/poseidon/kubelet) with upstream binary |
|
||||||
| control plane images | upstream images | upstream images |
|
| control plane images | upstream images | upstream images |
|
||||||
| on-host etcd | rkt-fly | podman |
|
| on-host etcd | docker | podman |
|
||||||
| on-host kubelet | docker | podman |
|
| on-host kubelet | docker | podman |
|
||||||
| CNI plugins | calico, cilium, flannel | calico, cilium, flannel |
|
| CNI plugins | calico, cilium, flannel | calico, cilium, flannel |
|
||||||
| coordinated drain & OS update | [FLUO](https://github.com/kinvolk/flatcar-linux-update-operator) addon | [fleetlock](https://github.com/poseidon/fleetlock) |
|
| coordinated drain & OS update | [FLUO](https://github.com/kinvolk/flatcar-linux-update-operator) addon | [fleetlock](https://github.com/poseidon/fleetlock) |
|
||||||
|
@ -3,30 +3,31 @@ systemd:
|
|||||||
units:
|
units:
|
||||||
- name: etcd-member.service
|
- name: etcd-member.service
|
||||||
enabled: true
|
enabled: true
|
||||||
dropins:
|
contents: |
|
||||||
- name: 40-etcd-cluster.conf
|
[Unit]
|
||||||
contents: |
|
Description=etcd (System Container)
|
||||||
[Service]
|
Documentation=https://github.com/etcd-io/etcd
|
||||||
Environment="ETCD_IMAGE_TAG=v3.4.12"
|
Requires=docker.service
|
||||||
Environment="ETCD_IMAGE_URL=docker://quay.io/coreos/etcd"
|
After=docker.service
|
||||||
Environment="RKT_RUN_ARGS=--insecure-options=image"
|
[Service]
|
||||||
Environment="ETCD_NAME=${etcd_name}"
|
Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.4.12
|
||||||
Environment="ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379"
|
ExecStartPre=/usr/bin/docker run -d \
|
||||||
Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380"
|
--name etcd \
|
||||||
Environment="ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
|
--network host \
|
||||||
Environment="ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
|
--env-file /etc/etcd/etcd.env \
|
||||||
Environment="ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381"
|
--user 232:232 \
|
||||||
Environment="ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}"
|
--volume /etc/ssl/etcd:/etc/ssl/certs:ro \
|
||||||
Environment="ETCD_STRICT_RECONFIG_CHECK=true"
|
--volume /var/lib/etcd:/var/lib/etcd:rw \
|
||||||
Environment="ETCD_SSL_DIR=/etc/ssl/etcd"
|
$${ETCD_IMAGE}
|
||||||
Environment="ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt"
|
ExecStart=docker logs -f etcd
|
||||||
Environment="ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt"
|
ExecStop=docker stop etcd
|
||||||
Environment="ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key"
|
ExecStopPost=docker rm etcd
|
||||||
Environment="ETCD_CLIENT_CERT_AUTH=true"
|
Restart=always
|
||||||
Environment="ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt"
|
RestartSec=10s
|
||||||
Environment="ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt"
|
TimeoutStartSec=0
|
||||||
Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key"
|
LimitNOFILE=40000
|
||||||
Environment="ETCD_PEER_CLIENT_CERT_AUTH=true"
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
- name: docker.service
|
- name: docker.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: locksmithd.service
|
- name: locksmithd.service
|
||||||
@ -49,7 +50,7 @@ systemd:
|
|||||||
enabled: true
|
enabled: true
|
||||||
contents: |
|
contents: |
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Kubelet
|
Description=Kubelet (System Container)
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
Wants=rpc-statd.service
|
Wants=rpc-statd.service
|
||||||
@ -185,6 +186,28 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
fs.inotify.max_user_watches=16184
|
fs.inotify.max_user_watches=16184
|
||||||
|
- path: /etc/etcd/etcd.env
|
||||||
|
filesystem: root
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
ETCD_NAME=${etcd_name}
|
||||||
|
ETCD_DATA_DIR=/var/lib/etcd
|
||||||
|
ETCD_ADVERTISE_CLIENT_URLS=https://${etcd_domain}:2379
|
||||||
|
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://${etcd_domain}:2380
|
||||||
|
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
|
||||||
|
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
|
||||||
|
ETCD_LISTEN_METRICS_URLS=http://0.0.0.0:2381
|
||||||
|
ETCD_INITIAL_CLUSTER=${etcd_initial_cluster}
|
||||||
|
ETCD_STRICT_RECONFIG_CHECK=true
|
||||||
|
ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/server-ca.crt
|
||||||
|
ETCD_CERT_FILE=/etc/ssl/certs/etcd/server.crt
|
||||||
|
ETCD_KEY_FILE=/etc/ssl/certs/etcd/server.key
|
||||||
|
ETCD_CLIENT_CERT_AUTH=true
|
||||||
|
ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/etcd/peer-ca.crt
|
||||||
|
ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd/peer.crt
|
||||||
|
ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key
|
||||||
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: core
|
- name: core
|
||||||
|
Loading…
Reference in New Issue
Block a user