diff --git a/aws/fedora-atomic/kubernetes/README.md b/aws/fedora-atomic/kubernetes/README.md
index f967e1f4..ae891418 100644
--- a/aws/fedora-atomic/kubernetes/README.md
+++ b/aws/fedora-atomic/kubernetes/README.md
@@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
## Features
-* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
+* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
* Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/)
diff --git a/aws/fedora-atomic/kubernetes/bootkube.tf b/aws/fedora-atomic/kubernetes/bootkube.tf
index b8117969..7cb6151d 100644
--- a/aws/fedora-atomic/kubernetes/bootkube.tf
+++ b/aws/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" {
- source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
+ source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index 091f5b9b..0ae68003 100644
--- a/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -81,7 +81,7 @@ write_files:
--volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \
- quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets
+ quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
- path: /etc/selinux/config
owner: root:root
permissions: '0644'
@@ -94,7 +94,7 @@ runcmd:
- [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service]
- - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
+ - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, start, --no-block, kubelet.service]
- [systemctl, disable, firewalld, --now]
users:
diff --git a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl
index a72597e5..1daaef91 100644
--- a/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl
+++ b/aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl
@@ -40,11 +40,11 @@ write_files:
SELINUXTYPE=targeted
bootcmd:
- [setenforce, Permissive]
+ - [systemctl, disable, firewalld, --now]
runcmd:
- - systemctl daemon-reload
- - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
- - systemctl start --no-block kubelet.service
- - systemctl disable firewalld --now
+ - [systemctl, daemon-reload]
+ - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
+ - [systemctl, start, --no-block, kubelet.service]
users:
- default
- name: fedora
diff --git a/bare-metal/fedora-atomic/kubernetes/README.md b/bare-metal/fedora-atomic/kubernetes/README.md
index ae254e64..3262a8cb 100644
--- a/bare-metal/fedora-atomic/kubernetes/README.md
+++ b/bare-metal/fedora-atomic/kubernetes/README.md
@@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
## Features
-* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
+* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
diff --git a/bare-metal/fedora-atomic/kubernetes/bootkube.tf b/bare-metal/fedora-atomic/kubernetes/bootkube.tf
index 338d9b55..90048ae9 100644
--- a/bare-metal/fedora-atomic/kubernetes/bootkube.tf
+++ b/bare-metal/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" {
- source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
+ source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
cluster_name = "${var.cluster_name}"
api_servers = ["${var.k8s_domain_name}"]
diff --git a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index 03923a98..7d573434 100644
--- a/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -92,18 +92,18 @@ write_files:
--volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \
- quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets
+ quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
bootcmd:
- [setenforce, Permissive]
+ - [systemctl, disable, firewalld, --now]
runcmd:
- [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service]
- [hostnamectl, set-hostname, ${domain_name}]
- - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
+ - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path]
- - [systemctl, disable, firewalld, --now]
users:
- default
- name: fedora
diff --git a/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl b/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
index ed4573a1..98d3785c 100644
--- a/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
+++ b/bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
@@ -45,13 +45,13 @@ write_files:
SELINUXTYPE=targeted
bootcmd:
- [setenforce, Permissive]
+ - [systemctl, disable, firewalld, --now]
runcmd:
- [systemctl, daemon-reload]
- [hostnamectl, set-hostname, ${domain_name}]
- - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
+ - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path]
- - [systemctl, disable, firewalld, --now]
users:
- default
- name: fedora
diff --git a/digital-ocean/fedora-atomic/kubernetes/README.md b/digital-ocean/fedora-atomic/kubernetes/README.md
index 43142532..4586413e 100644
--- a/digital-ocean/fedora-atomic/kubernetes/README.md
+++ b/digital-ocean/fedora-atomic/kubernetes/README.md
@@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
## Features
-* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
+* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
diff --git a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf
index d7e2106c..43a9733f 100644
--- a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf
+++ b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" {
- source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
+ source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index 3441ba48..2c816d0d 100644
--- a/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -22,12 +22,12 @@ write_files:
- path: /etc/systemd/system/cloud-metadata.service
content: |
[Unit]
- Description=Digital Ocean metadata agent
+ Description=Cloud metadata agent
[Service]
Type=oneshot
- Environment=OUTPUT=/run/metadata/digitalocean
+ Environment=OUTPUT=/run/metadata/cloud
ExecStart=/usr/bin/mkdir -p /run/metadata
- ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\
+ ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
--retry 10)" > $${OUTPUT}'
[Install]
@@ -106,18 +106,18 @@ write_files:
--volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \
- quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets
+ quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
bootcmd:
- [setenforce, Permissive]
+ - [systemctl, disable, firewalld, --now]
runcmd:
- [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, cloud-metadata.service]
- - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
+ - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path]
- - [systemctl, disable, firewalld, --now]
users:
- default
- name: fedora
diff --git a/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl b/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
index 7ac6f9e6..610850ba 100644
--- a/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
+++ b/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
@@ -3,12 +3,12 @@ write_files:
- path: /etc/systemd/system/cloud-metadata.service
content: |
[Unit]
- Description=Digital Ocean metadata agent
+ Description=Cloud metadata agent
[Service]
Type=oneshot
- Environment=OUTPUT=/run/metadata/digitalocean
+ Environment=OUTPUT=/run/metadata/cloud
ExecStart=/usr/bin/mkdir -p /run/metadata
- ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\
+ ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
--retry 10)" > $${OUTPUT}'
[Install]
@@ -59,13 +59,13 @@ write_files:
SELINUXTYPE=targeted
bootcmd:
- [setenforce, Permissive]
+ - [systemctl, disable, firewalld, --now]
runcmd:
- - systemctl daemon-reload
- - systemctl enable cloud-metadata.service
- - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
- - systemctl enable kubelet.path
- - systemctl start --no-block kubelet.path
- - systemctl disable firewalld --now
+ - [systemctl, daemon-reload]
+ - [systemctl, enable, cloud-metadata.service]
+ - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
+ - [systemctl, enable, kubelet.path]
+ - [systemctl, start, --no-block, kubelet.path]
users:
- default
- name: fedora