Update Fedora Atomic modules to Kubernetes v1.10.1
This commit is contained in:
parent
5212684472
commit
b3cf9508b6
|
@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
|
||||||
|
|
||||||
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
|
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
|
||||||
|
|
||||||
* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
|
* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
|
||||||
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
|
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
|
||||||
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
|
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
|
||||||
* Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/)
|
* Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -81,7 +81,7 @@ write_files:
|
||||||
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
||||||
--volume /var/bootkube/assets:/assets:Z \
|
--volume /var/bootkube/assets:/assets:Z \
|
||||||
--entrypoint=/bootkube \
|
--entrypoint=/bootkube \
|
||||||
quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets
|
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
|
||||||
- path: /etc/selinux/config
|
- path: /etc/selinux/config
|
||||||
owner: root:root
|
owner: root:root
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
|
@ -94,7 +94,7 @@ runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- [systemctl, start, --no-block, kubelet.service]
|
- [systemctl, start, --no-block, kubelet.service]
|
||||||
- [systemctl, disable, firewalld, --now]
|
- [systemctl, disable, firewalld, --now]
|
||||||
users:
|
users:
|
||||||
|
|
|
@ -40,11 +40,11 @@ write_files:
|
||||||
SELINUXTYPE=targeted
|
SELINUXTYPE=targeted
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- systemctl daemon-reload
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- systemctl start --no-block kubelet.service
|
- [systemctl, start, --no-block, kubelet.service]
|
||||||
- systemctl disable firewalld --now
|
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
- name: fedora
|
- name: fedora
|
||||||
|
|
|
@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
|
||||||
|
|
||||||
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
|
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
|
||||||
|
|
||||||
* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
|
* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
|
||||||
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
|
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
|
||||||
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
|
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
|
||||||
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
|
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${var.k8s_domain_name}"]
|
api_servers = ["${var.k8s_domain_name}"]
|
||||||
|
|
|
@ -92,18 +92,18 @@ write_files:
|
||||||
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
||||||
--volume /var/bootkube/assets:/assets:Z \
|
--volume /var/bootkube/assets:/assets:Z \
|
||||||
--entrypoint=/bootkube \
|
--entrypoint=/bootkube \
|
||||||
quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets
|
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [hostnamectl, set-hostname, ${domain_name}]
|
- [hostnamectl, set-hostname, ${domain_name}]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- [systemctl, enable, kubelet.path]
|
- [systemctl, enable, kubelet.path]
|
||||||
- [systemctl, start, --no-block, kubelet.path]
|
- [systemctl, start, --no-block, kubelet.path]
|
||||||
- [systemctl, disable, firewalld, --now]
|
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
- name: fedora
|
- name: fedora
|
||||||
|
|
|
@ -45,13 +45,13 @@ write_files:
|
||||||
SELINUXTYPE=targeted
|
SELINUXTYPE=targeted
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- [hostnamectl, set-hostname, ${domain_name}]
|
- [hostnamectl, set-hostname, ${domain_name}]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- [systemctl, enable, kubelet.path]
|
- [systemctl, enable, kubelet.path]
|
||||||
- [systemctl, start, --no-block, kubelet.path]
|
- [systemctl, start, --no-block, kubelet.path]
|
||||||
- [systemctl, disable, firewalld, --now]
|
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
- name: fedora
|
- name: fedora
|
||||||
|
|
|
@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
|
||||||
|
|
||||||
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
|
## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
|
||||||
|
|
||||||
* Kubernetes v1.10.0 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
|
* Kubernetes v1.10.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
|
||||||
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
|
* Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
|
||||||
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
|
* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
|
||||||
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
|
* Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootkube" {
|
module "bootkube" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=33e00a6dc5cdf2744b0f607329c1566ae8e5fde9"
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=db36b92abced3c4b0af279adfd5ed4bf0cf8c39f"
|
||||||
|
|
||||||
cluster_name = "${var.cluster_name}"
|
cluster_name = "${var.cluster_name}"
|
||||||
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
||||||
|
|
|
@ -22,12 +22,12 @@ write_files:
|
||||||
- path: /etc/systemd/system/cloud-metadata.service
|
- path: /etc/systemd/system/cloud-metadata.service
|
||||||
content: |
|
content: |
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Digital Ocean metadata agent
|
Description=Cloud metadata agent
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
Environment=OUTPUT=/run/metadata/digitalocean
|
Environment=OUTPUT=/run/metadata/cloud
|
||||||
ExecStart=/usr/bin/mkdir -p /run/metadata
|
ExecStart=/usr/bin/mkdir -p /run/metadata
|
||||||
ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\
|
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
|
||||||
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
|
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
|
||||||
--retry 10)" > $${OUTPUT}'
|
--retry 10)" > $${OUTPUT}'
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -106,18 +106,18 @@ write_files:
|
||||||
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
--volume /etc/kubernetes:/etc/kubernetes:Z \
|
||||||
--volume /var/bootkube/assets:/assets:Z \
|
--volume /var/bootkube/assets:/assets:Z \
|
||||||
--entrypoint=/bootkube \
|
--entrypoint=/bootkube \
|
||||||
quay.io/coreos/bootkube:v0.11.0 start --asset-dir=/assets
|
quay.io/coreos/bootkube:v0.12.0 start --asset-dir=/assets
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- [systemctl, daemon-reload]
|
- [systemctl, daemon-reload]
|
||||||
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
- "atomic install --system --name=etcd quay.io/dghubble/etcd:0265e6680d2533f3fbf4512af868d29ff07451ca"
|
||||||
- [systemctl, start, --no-block, etcd.service]
|
- [systemctl, start, --no-block, etcd.service]
|
||||||
- [systemctl, enable, cloud-metadata.service]
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- [systemctl, enable, kubelet.path]
|
- [systemctl, enable, kubelet.path]
|
||||||
- [systemctl, start, --no-block, kubelet.path]
|
- [systemctl, start, --no-block, kubelet.path]
|
||||||
- [systemctl, disable, firewalld, --now]
|
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
- name: fedora
|
- name: fedora
|
||||||
|
|
|
@ -3,12 +3,12 @@ write_files:
|
||||||
- path: /etc/systemd/system/cloud-metadata.service
|
- path: /etc/systemd/system/cloud-metadata.service
|
||||||
content: |
|
content: |
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Digital Ocean metadata agent
|
Description=Cloud metadata agent
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
Environment=OUTPUT=/run/metadata/digitalocean
|
Environment=OUTPUT=/run/metadata/cloud
|
||||||
ExecStart=/usr/bin/mkdir -p /run/metadata
|
ExecStart=/usr/bin/mkdir -p /run/metadata
|
||||||
ExecStart=/usr/bin/bash -c 'echo "PRIVATE_IPV4=$(curl\
|
ExecStart=/usr/bin/bash -c 'echo "HOSTNAME_OVERRIDE=$(curl\
|
||||||
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
|
--url http://169.254.169.254/metadata/v1/interfaces/private/0/ipv4/address\
|
||||||
--retry 10)" > $${OUTPUT}'
|
--retry 10)" > $${OUTPUT}'
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -59,13 +59,13 @@ write_files:
|
||||||
SELINUXTYPE=targeted
|
SELINUXTYPE=targeted
|
||||||
bootcmd:
|
bootcmd:
|
||||||
- [setenforce, Permissive]
|
- [setenforce, Permissive]
|
||||||
|
- [systemctl, disable, firewalld, --now]
|
||||||
runcmd:
|
runcmd:
|
||||||
- systemctl daemon-reload
|
- [systemctl, daemon-reload]
|
||||||
- systemctl enable cloud-metadata.service
|
- [systemctl, enable, cloud-metadata.service]
|
||||||
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:d97cd9265ef6f6d0d9aab54ad9f66d4f5daaf397"
|
- "atomic install --system --name=kubelet quay.io/dghubble/kubelet:8767d4433f7c5a38c55edf6e682efb53fcd06f61"
|
||||||
- systemctl enable kubelet.path
|
- [systemctl, enable, kubelet.path]
|
||||||
- systemctl start --no-block kubelet.path
|
- [systemctl, start, --no-block, kubelet.path]
|
||||||
- systemctl disable firewalld --now
|
|
||||||
users:
|
users:
|
||||||
- default
|
- default
|
||||||
- name: fedora
|
- name: fedora
|
||||||
|
|
Loading…
Reference in New Issue