diff --git a/CHANGES.md b/CHANGES.md index 3b33ac4a..bcb861c6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,7 @@ Notable changes between versions. ## Latest +* Kubernetes [v1.18.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1180) * Update etcd from v3.4.4 to [v3.4.5](https://github.com/etcd-io/etcd/releases/tag/v3.4.5) * Switch from upstream hyperkube image to individual images ([#669](https://github.com/poseidon/typhoon/pull/669)) * Use upstream `k8s.gcr.io` `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, and `kube-proxy` container images @@ -27,6 +28,7 @@ Notable changes between versions. ## v1.17.4 +* Kubernetes [v1.17.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md#v1174) * Update etcd from v3.4.3 to [v3.4.4](https://github.com/etcd-io/etcd/releases/tag/v3.4.4) * On Container Linux, fetch using the docker transport format ([#659](https://github.com/poseidon/typhoon/pull/659)) * Update CoreDNS from v1.6.6 to v1.6.7 ([#648](https://github.com/poseidon/typhoon/pull/648)) diff --git a/aws/container-linux/kubernetes/bootstrap.tf b/aws/container-linux/kubernetes/bootstrap.tf index 65431247..a5a100ca 100644 --- a/aws/container-linux/kubernetes/bootstrap.tf +++ b/aws/container-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/container-linux/kubernetes/cl/controller.yaml b/aws/container-linux/kubernetes/cl/controller.yaml index 59b634f8..940ec021 100644 --- a/aws/container-linux/kubernetes/cl/controller.yaml +++ b/aws/container-linux/kubernetes/cl/controller.yaml @@ -91,7 +91,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -125,7 +125,6 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/rkt run \ --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ @@ -135,7 +134,7 @@ systemd: --volume script,kind=host,source=/opt/bootstrap/apply \ --mount volume=script,target=/apply \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ --exec=/apply @@ -170,7 +169,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply filesystem: root @@ -183,6 +184,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/aws/container-linux/kubernetes/workers/cl/worker.yaml b/aws/container-linux/kubernetes/workers/cl/worker.yaml index b2bc6ad6..03780b50 100644 --- a/aws/container-linux/kubernetes/workers/cl/worker.yaml +++ b/aws/container-linux/kubernetes/workers/cl/worker.yaml @@ -64,7 +64,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 5036643e..dcec91e0 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/fcc/controller.yaml b/aws/fedora-coreos/kubernetes/fcc/controller.yaml index b9cac354..37ea43aa 100644 --- a/aws/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/aws/fedora-coreos/kubernetes/fcc/controller.yaml @@ -79,7 +79,7 @@ systemd: --volume /var/log:/var/log \ --volume /var/run/lock:/var/run/lock:z \ --volume /opt/cni/bin:/opt/cni/bin:z \ - quay.io/poseidon/kubelet:v1.17.4 \ + quay.io/poseidon/kubelet:v1.18.0 \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -116,14 +116,13 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.17.4 + quay.io/poseidon/kubelet:v1.18.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: @@ -155,7 +154,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply mode: 0544 @@ -167,6 +168,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml index c840da1d..f8b35216 100644 --- a/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -49,7 +49,7 @@ systemd: --volume /var/log:/var/log \ --volume /var/run/lock:/var/run/lock:z \ --volume /opt/cni/bin:/opt/cni/bin:z \ - quay.io/poseidon/kubelet:v1.17.4 \ + quay.io/poseidon/kubelet:v1.18.0 \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -87,7 +87,7 @@ systemd: Type=oneshot RemainAfterExit=true ExecStart=/bin/true - ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.17.4 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' + ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.18.0 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' [Install] WantedBy=multi-user.target storage: diff --git a/azure/container-linux/kubernetes/bootstrap.tf b/azure/container-linux/kubernetes/bootstrap.tf index 3f8118a6..509ac63b 100644 --- a/azure/container-linux/kubernetes/bootstrap.tf +++ b/azure/container-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/container-linux/kubernetes/cl/controller.yaml b/azure/container-linux/kubernetes/cl/controller.yaml index a8dc507d..f34c4630 100644 --- a/azure/container-linux/kubernetes/cl/controller.yaml +++ b/azure/container-linux/kubernetes/cl/controller.yaml @@ -90,7 +90,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -123,7 +123,6 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/rkt run \ --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ @@ -133,7 +132,7 @@ systemd: --volume script,kind=host,source=/opt/bootstrap/apply \ --mount volume=script,target=/apply \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ --exec=/apply @@ -168,7 +167,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply filesystem: root @@ -181,6 +182,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/azure/container-linux/kubernetes/workers/cl/worker.yaml b/azure/container-linux/kubernetes/workers/cl/worker.yaml index 6ca5794f..c9fd7a47 100644 --- a/azure/container-linux/kubernetes/workers/cl/worker.yaml +++ b/azure/container-linux/kubernetes/workers/cl/worker.yaml @@ -63,7 +63,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -125,7 +125,7 @@ storage: --volume config,kind=host,source=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ -- \ diff --git a/bare-metal/container-linux/kubernetes/bootstrap.tf b/bare-metal/container-linux/kubernetes/bootstrap.tf index f60e7b21..bec22b39 100644 --- a/bare-metal/container-linux/kubernetes/bootstrap.tf +++ b/bare-metal/container-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/container-linux/kubernetes/cl/controller.yaml b/bare-metal/container-linux/kubernetes/cl/controller.yaml index db0b430b..e5c14f30 100644 --- a/bare-metal/container-linux/kubernetes/cl/controller.yaml +++ b/bare-metal/container-linux/kubernetes/cl/controller.yaml @@ -103,7 +103,7 @@ systemd: --mount volume=etc-iscsi,target=/etc/iscsi \ --volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \ --mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -138,7 +138,6 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/rkt run \ --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ @@ -148,7 +147,7 @@ systemd: --volume script,kind=host,source=/opt/bootstrap/apply \ --mount volume=script,target=/apply \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ --exec=/apply @@ -186,7 +185,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply filesystem: root @@ -199,6 +200,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/bare-metal/container-linux/kubernetes/cl/worker.yaml b/bare-metal/container-linux/kubernetes/cl/worker.yaml index 09450435..794f70dd 100644 --- a/bare-metal/container-linux/kubernetes/cl/worker.yaml +++ b/bare-metal/container-linux/kubernetes/cl/worker.yaml @@ -76,7 +76,7 @@ systemd: --mount volume=etc-iscsi,target=/etc/iscsi \ --volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \ --mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 6941dd26..428a1d66 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml index 69176ebc..7a83caef 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/controller.yaml @@ -80,7 +80,7 @@ systemd: --volume /opt/cni/bin:/opt/cni/bin:z \ --volume /etc/iscsi:/etc/iscsi \ --volume /sbin/iscsiadm:/sbin/iscsiadm \ - quay.io/poseidon/kubelet:v1.17.4 \ + quay.io/poseidon/kubelet:v1.18.0 \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -127,14 +127,13 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.17.4 + quay.io/poseidon/kubelet:v1.18.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: @@ -166,7 +165,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply mode: 0544 @@ -178,6 +179,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml index e02083d1..730c5c42 100644 --- a/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/fcc/worker.yaml @@ -50,7 +50,7 @@ systemd: --volume /opt/cni/bin:/opt/cni/bin:z \ --volume /etc/iscsi:/etc/iscsi \ --volume /sbin/iscsiadm:/sbin/iscsiadm \ - quay.io/poseidon/kubelet:v1.17.4 \ + quay.io/poseidon/kubelet:v1.18.0 \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ diff --git a/digital-ocean/container-linux/kubernetes/bootstrap.tf b/digital-ocean/container-linux/kubernetes/bootstrap.tf index e35dd0e6..0e11eca5 100644 --- a/digital-ocean/container-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/container-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/container-linux/kubernetes/cl/controller.yaml b/digital-ocean/container-linux/kubernetes/cl/controller.yaml index cb190e39..04bb8e7e 100644 --- a/digital-ocean/container-linux/kubernetes/cl/controller.yaml +++ b/digital-ocean/container-linux/kubernetes/cl/controller.yaml @@ -101,7 +101,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -135,7 +135,6 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/rkt run \ --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ @@ -145,7 +144,7 @@ systemd: --volume script,kind=host,source=/opt/bootstrap/apply \ --mount volume=script,target=/apply \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ --exec=/apply @@ -177,7 +176,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply filesystem: root @@ -190,6 +191,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/digital-ocean/container-linux/kubernetes/cl/worker.yaml b/digital-ocean/container-linux/kubernetes/cl/worker.yaml index 2a36572c..c3e4f202 100644 --- a/digital-ocean/container-linux/kubernetes/cl/worker.yaml +++ b/digital-ocean/container-linux/kubernetes/cl/worker.yaml @@ -74,7 +74,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -131,7 +131,7 @@ storage: --volume config,kind=host,source=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ -- \ diff --git a/google-cloud/container-linux/kubernetes/bootstrap.tf b/google-cloud/container-linux/kubernetes/bootstrap.tf index 83cd7ba7..9f83af17 100644 --- a/google-cloud/container-linux/kubernetes/bootstrap.tf +++ b/google-cloud/container-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/container-linux/kubernetes/cl/controller.yaml b/google-cloud/container-linux/kubernetes/cl/controller.yaml index a8d97a54..424b41ae 100644 --- a/google-cloud/container-linux/kubernetes/cl/controller.yaml +++ b/google-cloud/container-linux/kubernetes/cl/controller.yaml @@ -90,7 +90,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -123,7 +123,6 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/rkt run \ --trust-keys-from-https \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ @@ -133,7 +132,7 @@ systemd: --volume script,kind=host,source=/opt/bootstrap/apply \ --mount volume=script,target=/apply \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ --exec=/apply @@ -168,7 +167,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply filesystem: root @@ -181,6 +182,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml index 6ccd5254..ed01bb48 100644 --- a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml +++ b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml @@ -63,7 +63,7 @@ systemd: --mount volume=var-log,target=/var/log \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \ - docker://quay.io/poseidon/kubelet:v1.17.4 -- \ + docker://quay.io/poseidon/kubelet:v1.18.0 -- \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -125,7 +125,7 @@ storage: --volume config,kind=host,source=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \ --insecure-options=image \ - docker://quay.io/poseidon/kubelet:v1.17.4 \ + docker://quay.io/poseidon/kubelet:v1.18.0 \ --net=host \ --dns=host \ -- \ diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index b8d9c1b5..113fdc0f 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml index b9cac354..37ea43aa 100644 --- a/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/fcc/controller.yaml @@ -79,7 +79,7 @@ systemd: --volume /var/log:/var/log \ --volume /var/run/lock:/var/run/lock:z \ --volume /opt/cni/bin:/opt/cni/bin:z \ - quay.io/poseidon/kubelet:v1.17.4 \ + quay.io/poseidon/kubelet:v1.18.0 \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -116,14 +116,13 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*' ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.17.4 + quay.io/poseidon/kubelet:v1.18.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: @@ -155,7 +154,9 @@ storage: sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mkdir -p /opt/bootstrap/assets sudo mv manifests /opt/bootstrap/assets/manifests - sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking + sudo mkdir -p /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds + sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/ rm -rf assets auth static-manifests tls - path: /opt/bootstrap/apply mode: 0544 @@ -167,6 +168,10 @@ storage: echo "Waiting for static pod control plane" sleep 5 done + until kubectl apply -f /assets/manifests/crds -R; do + echo "Retry Custom Resource Definition manifests" + sleep 5 + done until kubectl apply -f /assets/manifests -R; do echo "Retry applying manifests" sleep 5 diff --git a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml index 17a19c4f..44ddd2c7 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/fcc/worker.yaml @@ -49,7 +49,7 @@ systemd: --volume /var/log:/var/log \ --volume /var/run/lock:/var/run/lock:z \ --volume /opt/cni/bin:/opt/cni/bin:z \ - quay.io/poseidon/kubelet:v1.17.4 \ + quay.io/poseidon/kubelet:v1.18.0 \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ @@ -87,7 +87,7 @@ systemd: Type=oneshot RemainAfterExit=true ExecStart=/bin/true - ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.17.4 kubectl --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' + ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.18.0 kubectl --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' [Install] WantedBy=multi-user.target storage: