diff --git a/CHANGES.md b/CHANGES.md index 4ee49028..a6d2752d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,11 +4,11 @@ Notable changes between versions. ## Latest -* Update etcd from v3.3.4 to v3.3.5 ([#213](https://github.com/poseidon/typhoon/pull/213)) -* Require Terraform v0.11.x and drop support for v0.10.x ([migration guide](https://typhoon.psdn.io/topics/maintenance/#terraform-v011x)) * Allow bearer token authentication to the Kubelet ([#216](https://github.com/poseidon/typhoon/issues/216)) * Require Webhook authorization to the Kubelet * Switch apiserver X509 client cert org to satisfy new authorization requirement +* Require Terraform v0.11.x and drop support for v0.10.x ([migration guide](https://typhoon.psdn.io/topics/maintenance/#terraform-v011x)) +* Update etcd from v3.3.4 to v3.3.5 ([#213](https://github.com/poseidon/typhoon/pull/213)) #### AWS @@ -17,13 +17,17 @@ Notable changes between versions. * Add `spot_price` to internal `workers` module for spot [worker pools](https://typhoon.psdn.io/advanced/worker-pools/) * Allow Container Linux derivative [Flatcar Linux](https://docs.flatcar-linux.org/) by setting `os_image` to `flatcar-stable`, `flatcar-beta`, `flatcar-alpha`. * Replace `os_channel` variable with `os_image` to align naming across clouds - * Please change values `stable`, `beta`, or `alpha` to `coreos-stable` (default), `coreos-beta`, `coreos-alpha` (action required!) + * Please change values `stable`, `beta`, or `alpha` to `coreos-stable`, `coreos-beta`, `coreos-alpha` (action required!) #### Bare-Metal +* Replace `container_linux_channel` variable with `os_channel` + * Please change values `stable`, `beta`, or `alpha` to `coreos-stable` (default), `coreos-beta`, `coreos-alpha` (action required!) +* Replace `container_linux_version` variable with `os_version` * Add `network_ip_autodetection_method` variable for Calico host IPv4 address detection * Use Calico's default "first-found" to support single NIC and bonded NIC nodes * Allow [alternative](https://docs.projectcalico.org/v3.1/reference/node/configuration#ip-autodetection-methods) methods for multi NIC nodes, like `can-reach=IP` or `interface=REGEX` +* Deprecate `container_linux_oem` variable #### Addons diff --git a/bare-metal/container-linux/kubernetes/cl/container-linux-install.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/install.yaml.tmpl similarity index 93% rename from bare-metal/container-linux/kubernetes/cl/container-linux-install.yaml.tmpl rename to bare-metal/container-linux/kubernetes/cl/install.yaml.tmpl index fb6e687c..c208a0fd 100644 --- a/bare-metal/container-linux/kubernetes/cl/container-linux-install.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/install.yaml.tmpl @@ -33,8 +33,8 @@ storage: curl --retry 10 "${ignition_endpoint}?{{.request.raw_query}}&os=installed" -o ignition.json coreos-install \ -d ${install_disk} \ - -C ${container_linux_channel} \ - -V ${container_linux_version} \ + -C ${os_channel} \ + -V ${os_version} \ -o "${container_linux_oem}" \ ${baseurl_flag} \ -i ignition.json diff --git a/bare-metal/container-linux/kubernetes/groups.tf b/bare-metal/container-linux/kubernetes/groups.tf index 3566c9a9..3903ca25 100644 --- a/bare-metal/container-linux/kubernetes/groups.tf +++ b/bare-metal/container-linux/kubernetes/groups.tf @@ -1,8 +1,7 @@ -// Install Container Linux to disk -resource "matchbox_group" "container-linux-install" { +resource "matchbox_group" "install" { count = "${length(var.controller_names) + length(var.worker_names)}" - name = "${format("container-linux-install-%s", element(concat(var.controller_names, var.worker_names), count.index))}" + name = "${format("install-%s", element(concat(var.controller_names, var.worker_names), count.index))}" profile = "${var.cached_install == "true" ? element(matchbox_profile.cached-container-linux-install.*.name, count.index) : element(matchbox_profile.container-linux-install.*.name, count.index)}" selector { diff --git a/bare-metal/container-linux/kubernetes/profiles.tf b/bare-metal/container-linux/kubernetes/profiles.tf index 3d50b677..efd16eba 100644 --- a/bare-metal/container-linux/kubernetes/profiles.tf +++ b/bare-metal/container-linux/kubernetes/profiles.tf @@ -1,12 +1,18 @@ +locals { + # coreos-stable -> coreos flavor, stable channel + flavor = "${element(split("-", var.os_channel), 0)}" + channel = "${element(split("-", var.os_channel), 1)}" +} + // Container Linux Install profile (from release.core-os.net) resource "matchbox_profile" "container-linux-install" { count = "${length(var.controller_names) + length(var.worker_names)}" name = "${format("%s-container-linux-install-%s", var.cluster_name, element(concat(var.controller_names, var.worker_names), count.index))}" - kernel = "http://${var.container_linux_channel}.release.core-os.net/amd64-usr/${var.container_linux_version}/coreos_production_pxe.vmlinuz" + kernel = "http://${local.channel}.release.core-os.net/amd64-usr/${var.os_version}/coreos_production_pxe.vmlinuz" initrd = [ - "http://${var.container_linux_channel}.release.core-os.net/amd64-usr/${var.container_linux_version}/coreos_production_pxe_image.cpio.gz", + "http://${local.channel}.release.core-os.net/amd64-usr/${var.os_version}/coreos_production_pxe_image.cpio.gz", ] args = [ @@ -24,15 +30,15 @@ resource "matchbox_profile" "container-linux-install" { data "template_file" "container-linux-install-configs" { count = "${length(var.controller_names) + length(var.worker_names)}" - template = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" + template = "${file("${path.module}/cl/install.yaml.tmpl")}" vars { - container_linux_channel = "${var.container_linux_channel}" - container_linux_version = "${var.container_linux_version}" - ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" - install_disk = "${var.install_disk}" - container_linux_oem = "${var.container_linux_oem}" - ssh_authorized_key = "${var.ssh_authorized_key}" + os_channel = "${local.channel}" + os_version = "${var.os_version}" + ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" + install_disk = "${var.install_disk}" + container_linux_oem = "${var.container_linux_oem}" + ssh_authorized_key = "${var.ssh_authorized_key}" # only cached-container-linux profile adds -b baseurl baseurl_flag = "" @@ -40,15 +46,15 @@ data "template_file" "container-linux-install-configs" { } // Container Linux Install profile (from matchbox /assets cache) -// Note: Admin must have downloaded container_linux_version into matchbox assets. +// Note: Admin must have downloaded os_version into matchbox assets. resource "matchbox_profile" "cached-container-linux-install" { count = "${length(var.controller_names) + length(var.worker_names)}" name = "${format("%s-cached-container-linux-install-%s", var.cluster_name, element(concat(var.controller_names, var.worker_names), count.index))}" - kernel = "/assets/coreos/${var.container_linux_version}/coreos_production_pxe.vmlinuz" + kernel = "/assets/coreos/${var.os_version}/coreos_production_pxe.vmlinuz" initrd = [ - "/assets/coreos/${var.container_linux_version}/coreos_production_pxe_image.cpio.gz", + "/assets/coreos/${var.os_version}/coreos_production_pxe_image.cpio.gz", ] args = [ @@ -66,15 +72,15 @@ resource "matchbox_profile" "cached-container-linux-install" { data "template_file" "cached-container-linux-install-configs" { count = "${length(var.controller_names) + length(var.worker_names)}" - template = "${file("${path.module}/cl/container-linux-install.yaml.tmpl")}" + template = "${file("${path.module}/cl/install.yaml.tmpl")}" vars { - container_linux_channel = "${var.container_linux_channel}" - container_linux_version = "${var.container_linux_version}" - ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" - install_disk = "${var.install_disk}" - container_linux_oem = "${var.container_linux_oem}" - ssh_authorized_key = "${var.ssh_authorized_key}" + os_channel = "${local.channel}" + os_version = "${var.os_version}" + ignition_endpoint = "${format("%s/ignition", var.matchbox_http_endpoint)}" + install_disk = "${var.install_disk}" + container_linux_oem = "${var.container_linux_oem}" + ssh_authorized_key = "${var.ssh_authorized_key}" # profile uses -b baseurl to install from matchbox cache baseurl_flag = "-b ${var.matchbox_http_endpoint}/assets/coreos" diff --git a/bare-metal/container-linux/kubernetes/variables.tf b/bare-metal/container-linux/kubernetes/variables.tf index c49bf76c..2bca0bb6 100644 --- a/bare-metal/container-linux/kubernetes/variables.tf +++ b/bare-metal/container-linux/kubernetes/variables.tf @@ -10,14 +10,14 @@ variable "matchbox_http_endpoint" { description = "Matchbox HTTP read-only endpoint (e.g. http://matchbox.example.com:8080)" } -variable "container_linux_channel" { +variable "os_channel" { type = "string" - description = "Container Linux channel corresponding to the container_linux_version" + description = "Channel for a Container Linux derivative (coreos-stable, coreos-beta, coreos-alpha)" } -variable "container_linux_version" { +variable "os_version" { type = "string" - description = "Container Linux version of the kernel/initrd to PXE or the image to install" + description = "Version for a Container Linux derivative to PXE and install (coreos-stable, coreos-beta, coreos-alpha)" } # machines @@ -109,7 +109,7 @@ variable "cluster_domain_suffix" { variable "cached_install" { type = "string" default = "false" - description = "Whether Container Linux should PXE boot and install from matchbox /assets cache. Note that the admin must have downloaded the container_linux_version into matchbox assets." + description = "Whether Container Linux should PXE boot and install from matchbox /assets cache. Note that the admin must have downloaded the os_version into matchbox assets." } variable "install_disk" { @@ -121,7 +121,7 @@ variable "install_disk" { variable "container_linux_oem" { type = "string" default = "" - description = "Specify an OEM image id to use as base for the installation (e.g. ami, vmware_raw, xen) or leave blank for the default image" + description = "DEPRECATED: Specify an OEM image id to use as base for the installation (e.g. ami, vmware_raw, xen) or leave blank for the default image" } variable "kernel_args" { diff --git a/docs/cl/bare-metal.md b/docs/cl/bare-metal.md index 8762a49b..bee3db70 100644 --- a/docs/cl/bare-metal.md +++ b/docs/cl/bare-metal.md @@ -186,8 +186,8 @@ module "bare-metal-mercury" { # bare-metal cluster_name = "mercury" matchbox_http_endpoint = "http://matchbox.example.com" - container_linux_channel = "stable" - container_linux_version = "1632.3.0" + os_channel = "coreos-stable" + os_version = "1632.3.0" # configuration k8s_domain_name = "node1.example.com" @@ -353,8 +353,8 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me |:-----|:------------|:--------| | cluster_name | Unique cluster name | mercury | | matchbox_http_endpoint | Matchbox HTTP read-only endpoint | http://matchbox.example.com:port | -| container_linux_channel | Container Linux channel | stable, beta, alpha | -| container_linux_version | Container Linux version of the kernel/initrd to PXE and the image to install | 1632.3.0 | +| os_channel | Channel for a Container Linux derivative | coreos-stable, coreos-beta, coreos-alpha | +| os_version | Version for a Container Linux derivative to PXE and install | 1632.3.0 | | k8s_domain_name | FQDN resolving to the controller(s) nodes. Workers and kubectl will communicate with this endpoint | "myk8s.example.com" | | ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3Nz..." | | asset_dir | Path to a directory where generated assets should be placed (contains secrets) | "/home/user/.secrets/clusters/mercury" | @@ -371,7 +371,6 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me |:-----|:------------|:--------|:--------| | cached_install | Whether machines should PXE boot and install from the Matchbox `/assets` cache. Admin MUST have downloaded Container Linux images into the cache to use this | false | true | | install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" | -| container_linux_oem | Specify alternative OEM image ids for the disk install | "" | "vmware_raw", "xen" | | networking | Choice of networking provider | "calico" | "calico" or "flannel" | | network_mtu | CNI interface MTU (calico-only) | 1480 | - | | network_ip_autodetection_method | Method to detect host IPv4 address (calico-only) | first-found | can-reach=10.0.0.1 |