diff --git a/aws/fedora-atomic/kubernetes/README.md b/aws/fedora-atomic/kubernetes/README.md index f967e1f4..ae891418 100644 --- a/aws/fedora-atomic/kubernetes/README.md +++ b/aws/fedora-atomic/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/) diff --git a/aws/fedora-atomic/kubernetes/bootkube.tf b/aws/fedora-atomic/kubernetes/bootkube.tf index b8117969..7cb6151d 100644 --- a/aws/fedora-atomic/kubernetes/bootkube.tf +++ b/aws/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] diff --git a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl index 091f5b9b..0ae68003 100644 --- a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl +++ b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl @@ -81,7 +81,7 @@ write_files: --volume /etc/kubernetes:/etc/kubernetes:Z \ --volume /var/bootkube/assets:/assets:Z \ --entrypoint=/bootkube \ - quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets + quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets - path: /etc/selinux/config owner: root:root permissions: '0644' @@ -94,7 +94,7 @@ runcmd: - [systemctl, daemon-reload] - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - [systemctl, start, --no-block, etcd.service] - - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" + - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - [systemctl, start, --no-block, kubelet.service] - [systemctl, disable, firewalld, --now] users: diff --git a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl index a72597e5..1daaef91 100644 --- a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl +++ b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl @@ -40,11 +40,11 @@ write_files: SELINUXTYPE=targeted bootcmd: - [setenforce, Permissive] + - [systemctl, disable, firewalld, --now] runcmd: - - systemctl daemon-reload - - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - - systemctl start --no-block kubelet.service - - systemctl disable firewalld --now + - [systemctl, daemon-reload] + - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" + - [systemctl, start, --no-block, kubelet.service] users: - default - name: fedora diff --git a/bare-metal/fedora-atomic/kubernetes/README.md b/bare-metal/fedora-atomic/kubernetes/README.md index ae254e64..3262a8cb 100644 --- a/bare-metal/fedora-atomic/kubernetes/README.md +++ b/bare-metal/fedora-atomic/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/) diff --git a/bare-metal/fedora-atomic/kubernetes/bootkube.tf b/bare-metal/fedora-atomic/kubernetes/bootkube.tf index 338d9b55..90048ae9 100644 --- a/bare-metal/fedora-atomic/kubernetes/bootkube.tf +++ b/bare-metal/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f" cluster_name = "${var.cluster_name}" api_servers = ["${var.k8s_domain_name}"] diff --git a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl index 03923a98..7d573434 100644 --- a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl +++ b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl @@ -92,18 +92,18 @@ write_files: --volume /etc/kubernetes:/etc/kubernetes:Z \ --volume /var/bootkube/assets:/assets:Z \ --entrypoint=/bootkube \ - quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets + quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets bootcmd: - [setenforce, Permissive] + - [systemctl, disable, firewalld, --now] runcmd: - [systemctl, daemon-reload] - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - [systemctl, start, --no-block, etcd.service] - [hostnamectl, set-hostname, ${domain_name}] - - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" + - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - [systemctl, enable, kubelet.path] - [systemctl, start, --no-block, kubelet.path] - - [systemctl, disable, firewalld, --now] users: - default - name: fedora diff --git a/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl b/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl index ed4573a1..98d3785c 100644 --- a/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl +++ b/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl @@ -45,13 +45,13 @@ write_files: SELINUXTYPE=targeted bootcmd: - [setenforce, Permissive] + - [systemctl, disable, firewalld, --now] runcmd: - [systemctl, daemon-reload] - [hostnamectl, set-hostname, ${domain_name}] - - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" + - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - [systemctl, enable, kubelet.path] - [systemctl, start, --no-block, kubelet.path] - - [systemctl, disable, firewalld, --now] users: - default - name: fedora diff --git a/digital-ocean/fedora-atomic/kubernetes/README.md b/digital-ocean/fedora-atomic/kubernetes/README.md index 43142532..4586413e 100644 --- a/digital-ocean/fedora-atomic/kubernetes/README.md +++ b/digital-ocean/fedora-atomic/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) +* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/) diff --git a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf index d7e2106c..43a9733f 100644 --- a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf +++ b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf @@ -1,6 +1,6 @@ # Self-hosted Kubernetes assets (kubeconfig, manifests) module "bootkube" { - source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" + source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f" cluster_name = "${var.cluster_name}" api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] diff --git a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl index 3441ba48..2c816d0d 100644 --- a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl +++ b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl @@ -22,12 +22,12 @@ write_files: - path: /etc/systemd/system/cloud-metadata.service content: | [Unit] - Description=Digital Ocean metadata agent + Description=Cloud metadata agent [Service] Type=oneshot - Environment=OUTPUT=/run/metadata/digitalocean + Environment=OUTPUT=/run/metadata/cloud ExecStart=/usr/bin/mkdir -p /run/metadata - ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\ + ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\ --url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\ --retry 10)" > $${OUTPUT}' [Install] @@ -106,18 +106,18 @@ write_files: --volume /etc/kubernetes:/etc/kubernetes:Z \ --volume /var/bootkube/assets:/assets:Z \ --entrypoint=/bootkube \ - quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets + quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets bootcmd: - [setenforce, Permissive] + - [systemctl, disable, firewalld, --now] runcmd: - [systemctl, daemon-reload] - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - [systemctl, start, --no-block, etcd.service] - [systemctl, enable, cloud-metadata.service] - - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" + - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" - [systemctl, enable, kubelet.path] - [systemctl, start, --no-block, kubelet.path] - - [systemctl, disable, firewalld, --now] users: - default - name: fedora diff --git a/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl b/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl index 7ac6f9e6..610850ba 100644 --- a/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl +++ b/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl @@ -3,12 +3,12 @@ write_files: - path: /etc/systemd/system/cloud-metadata.service content: | [Unit] - Description=Digital Ocean metadata agent + Description=Cloud metadata agent [Service] Type=oneshot - Environment=OUTPUT=/run/metadata/digitalocean + Environment=OUTPUT=/run/metadata/cloud ExecStart=/usr/bin/mkdir -p /run/metadata - ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\ + ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\ --url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\ --retry 10)" > $${OUTPUT}' [Install] @@ -59,13 +59,13 @@ write_files: SELINUXTYPE=targeted bootcmd: - [setenforce, Permissive] + - [systemctl, disable, firewalld, --now] runcmd: - - systemctl daemon-reload - - systemctl enable cloud-metadata.service - - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - - systemctl enable kubelet.path - - systemctl start --no-block kubelet.path - - systemctl disable firewalld --now + - [systemctl, daemon-reload] + - [systemctl, enable, cloud-metadata.service] + - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61" + - [systemctl, enable, kubelet.path] + - [systemctl, start, --no-block, kubelet.path] users: - default - name: fedora