CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Fedora Atomic modules to Kubernetes v1.10.1

This commit is contained in:
Dalton Hubble 2018-04-14 00:37:53 -07:00
parent 5212684472
commit b3cf9508b6
12 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
aws/fedora-atomic/kubernetes/README.md
View File

@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a> ## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
* Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/)

2
aws/fedora-atomic/kubernetes/bootkube.tf
View File

@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]

4
aws/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
View File

@ -81,7 +81,7 @@ write_files:
--volume /etc/kubernetes:/etc/kubernetes:Z \ --volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \ --volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \ --entrypoint=/bootkube \
quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
- path: /etc/selinux/config - path: /etc/selinux/config
owner: root:root owner: root:root
permissions: '0644' permissions: '0644'
@ -94,7 +94,7 @@ runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service] - [systemctl, start, --no-block, etcd.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, start, --no-block, kubelet.service] - [systemctl, start, --no-block, kubelet.service]
- [systemctl, disable, firewalld, --now] - [systemctl, disable, firewalld, --now]
users: users:

8
aws/fedora-atomic/kubernetes/workers/cloudinit/worker.yaml.tmpl
View File

@ -40,11 +40,11 @@ write_files:
SELINUXTYPE=targeted SELINUXTYPE=targeted
bootcmd: bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd: runcmd:
- systemctl daemon-reload - [systemctl, daemon-reload]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- systemctl start --no-block kubelet.service - [systemctl, start, --no-block, kubelet.service]
- systemctl disable firewalld --now
users: users:
- default - default
- name: fedora - name: fedora

2
bare-metal/fedora-atomic/kubernetes/README.md
View File

@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a> ## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/) * Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)

2
bare-metal/fedora-atomic/kubernetes/bootkube.tf
View File

@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${var.k8s_domain_name}"] api_servers = ["${var.k8s_domain_name}"]

6
bare-metal/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
View File

@ -92,18 +92,18 @@ write_files:
--volume /etc/kubernetes:/etc/kubernetes:Z \ --volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \ --volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \ --entrypoint=/bootkube \
quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
bootcmd: bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service] - [systemctl, start, --no-block, etcd.service]
- [hostnamectl, set-hostname, ${domain_name}] - [hostnamectl, set-hostname, ${domain_name}]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, enable, kubelet.path] - [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path] - [systemctl, start, --no-block, kubelet.path]
- [systemctl, disable, firewalld, --now]
users: users:
- default - default
- name: fedora - name: fedora

4
bare-metal/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
View File

@ -45,13 +45,13 @@ write_files:
SELINUXTYPE=targeted SELINUXTYPE=targeted
bootcmd: bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- [hostnamectl, set-hostname, ${domain_name}] - [hostnamectl, set-hostname, ${domain_name}]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, enable, kubelet.path] - [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path] - [systemctl, start, --no-block, kubelet.path]
- [systemctl, disable, firewalld, --now]
users: users:
- default - default
- name: fedora - name: fedora

2
digital-ocean/fedora-atomic/kubernetes/README.md
View File

@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a> ## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube)) * Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/) * Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)

2
digital-ocean/fedora-atomic/kubernetes/bootkube.tf
View File

@ -1,6 +1,6 @@
# Self-hosted Kubernetes assets (kubeconfig, manifests) # Self-hosted Kubernetes assets (kubeconfig, manifests)
module "bootkube" { module "bootkube" {
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9" source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
cluster_name = "${var.cluster_name}" cluster_name = "${var.cluster_name}"
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"] api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]

12
digital-ocean/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
View File

@ -22,12 +22,12 @@ write_files:
- path: /etc/systemd/system/cloud-metadata.service - path: /etc/systemd/system/cloud-metadata.service
content: | content: |
[Unit] [Unit]
Description=Digital Ocean metadata agent Description=Cloud metadata agent
[Service] [Service]
Type=oneshot Type=oneshot
Environment=OUTPUT=/run/metadata/digitalocean Environment=OUTPUT=/run/metadata/cloud
ExecStart=/usr/bin/mkdir -p /run/metadata ExecStart=/usr/bin/mkdir -p /run/metadata
ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\ ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\ --url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
--retry 10)" > $${OUTPUT}' --retry 10)" > $${OUTPUT}'
[Install] [Install]
@ -106,18 +106,18 @@ write_files:
--volume /etc/kubernetes:/etc/kubernetes:Z \ --volume /etc/kubernetes:/etc/kubernetes:Z \
--volume /var/bootkube/assets:/assets:Z \ --volume /var/bootkube/assets:/assets:Z \
--entrypoint=/bootkube \ --entrypoint=/bootkube \
quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
bootcmd: bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd: runcmd:
- [systemctl, daemon-reload] - [systemctl, daemon-reload]
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca" - "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
- [systemctl, start, --no-block, etcd.service] - [systemctl, start, --no-block, etcd.service]
- [systemctl, enable, cloud-metadata.service] - [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- [systemctl, enable, kubelet.path] - [systemctl, enable, kubelet.path]
- [systemctl, start, --no-block, kubelet.path] - [systemctl, start, --no-block, kubelet.path]
- [systemctl, disable, firewalld, --now]
users: users:
- default - default
- name: fedora - name: fedora

18
digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
View File

@ -3,12 +3,12 @@ write_files:
- path: /etc/systemd/system/cloud-metadata.service - path: /etc/systemd/system/cloud-metadata.service
content: | content: |
[Unit] [Unit]
Description=Digital Ocean metadata agent Description=Cloud metadata agent
[Service] [Service]
Type=oneshot Type=oneshot
Environment=OUTPUT=/run/metadata/digitalocean Environment=OUTPUT=/run/metadata/cloud
ExecStart=/usr/bin/mkdir -p /run/metadata ExecStart=/usr/bin/mkdir -p /run/metadata
ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\ ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\ --url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
--retry 10)" > $${OUTPUT}' --retry 10)" > $${OUTPUT}'
[Install] [Install]
@ -59,13 +59,13 @@ write_files:
SELINUXTYPE=targeted SELINUXTYPE=targeted
bootcmd: bootcmd:
- [setenforce, Permissive] - [setenforce, Permissive]
- [systemctl, disable, firewalld, --now]
runcmd: runcmd:
- systemctl daemon-reload - [systemctl, daemon-reload]
- systemctl enable cloud-metadata.service - [systemctl, enable, cloud-metadata.service]
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397" - "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
- systemctl enable kubelet.path - [systemctl, enable, kubelet.path]
- systemctl start --no-block kubelet.path - [systemctl, start, --no-block, kubelet.path]
- systemctl disable firewalld --now
users: users:
- default - default
- name: fedora - name: fedora