From df17253e72e7b0b17cf96bbaca9c73d6cacd28d0 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 18 Oct 2020 23:29:19 -0700 Subject: [PATCH] Fix delete node permission on Fedora CoreOS node shutdown * On cloud platforms, `delete-node.service` tries to delete the local node (not always possible depending on preemption time) * Since v1.18.3, kubelet TLS bootstrap generates a kubeconfig in `/var/lib/kubelet` which should be used with kubectl in the delete-node oneshot --- CHANGES.md | 10 +++++++--- aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml | 3 ++- azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml | 3 ++- digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml | 3 ++- .../fedora-coreos/kubernetes/workers/fcc/worker.yaml | 3 ++- 5 files changed, 15 insertions(+), 7 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6142355d..3199baab 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,13 +4,17 @@ Notable changes between versions. ## Latest -* Remove `asset_dir` variable (default off in [v1.17.0](https://github.com/poseidon/typhoon/pull/595), deprecated in [v1.18.0](https://github.com/poseidon/typhoon/pull/678)) +* Remove `asset_dir` variable (defaulted off in [v1.17.0](https://github.com/poseidon/typhoon/pull/595), deprecated in [v1.18.0](https://github.com/poseidon/typhoon/pull/678)) + +### Fedora CoreOS + +* Fix local node delete oneshot on node shutdown ([#856](https://github.com/poseidon/typhoon/pull/855)) ### Flatcar Linux * Change `kubelet.service` container runner from rkt to docker ([#855](https://github.com/poseidon/typhoon/pull/855)) -* Change `delete-node.service` to be inlined and use docker ([#855](https://github.com/poseidon/typhoon/pull/855)) - * Fix mount to restore permission to delete the local node on shutdown (cloud-only) +* Change `delete-node.service` to use docker and an inline ExecStart ([#855](https://github.com/poseidon/typhoon/pull/855)) +* Fix local node delete oneshot on node shutdown ([#855](https://github.com/poseidon/typhoon/pull/855)) ## v1.19.3 diff --git a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 59f9bb93..7359dc1f 100644 --- a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -86,10 +86,11 @@ systemd: [Unit] Description=Delete Kubernetes node on shutdown [Service] + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.19.3 Type=oneshot RemainAfterExit=true ExecStart=/bin/true - ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.19.3 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' + ExecStop=/bin/bash -c '/usr/bin/podman run --volume /var/lib/kubelet:/var/lib/kubelet:ro,z --entrypoint /usr/local/bin/kubectl $${KUBELET_IMAGE} --kubeconfig=/var/lib/kubelet/kubeconfig delete node $HOSTNAME' [Install] WantedBy=multi-user.target storage: diff --git a/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 92ba9ce3..6ef97c1b 100644 --- a/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -85,10 +85,11 @@ systemd: [Unit] Description=Delete Kubernetes node on shutdown [Service] + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.19.3 Type=oneshot RemainAfterExit=true ExecStart=/bin/true - ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.19.3 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' + ExecStop=/bin/bash -c '/usr/bin/podman run --volume /var/lib/kubelet:/var/lib/kubelet:ro,z --entrypoint /usr/local/bin/kubectl $${KUBELET_IMAGE} --kubeconfig=/var/lib/kubelet/kubeconfig delete node $HOSTNAME' [Install] WantedBy=multi-user.target storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml index f777cde8..e911b88d 100644 --- a/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/fcc/worker.yaml @@ -95,10 +95,11 @@ systemd: [Unit] Description=Delete Kubernetes node on shutdown [Service] + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.19.3 Type=oneshot RemainAfterExit=true ExecStart=/bin/true - ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.19.3 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' + ExecStop=/bin/bash -c '/usr/bin/podman run --volume /var/lib/kubelet:/var/lib/kubelet:ro,z --entrypoint /usr/local/bin/kubectl $${KUBELET_IMAGE} --kubeconfig=/var/lib/kubelet/kubeconfig delete node $HOSTNAME' [Install] WantedBy=multi-user.target storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 02daa6e1..53ceafe0 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -85,10 +85,11 @@ systemd: [Unit] Description=Delete Kubernetes node on shutdown [Service] + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.19.3 Type=oneshot RemainAfterExit=true ExecStart=/bin/true - ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.19.3 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' + ExecStop=/bin/bash -c '/usr/bin/podman run --volume /var/lib/kubelet:/var/lib/kubelet:ro,z --entrypoint /usr/local/bin/kubectl $${KUBELET_IMAGE} --kubeconfig=/var/lib/kubelet/kubeconfig delete node $HOSTNAME' [Install] WantedBy=multi-user.target storage: