Update Kubernetes from v1.17.4 to v1.18.0

* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md
This commit is contained in:
Dalton Hubble 2020-03-22 13:47:18 -07:00
parent c3bf8bcf96
commit f100a90d28
25 changed files with 95 additions and 53 deletions

View File

@ -4,6 +4,7 @@ Notable changes between versions.
## Latest ## Latest
* Kubernetes [v1.18.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1180)
* Update etcd from v3.4.4 to [v3.4.5](https://github.com/etcd-io/etcd/releases/tag/v3.4.5) * Update etcd from v3.4.4 to [v3.4.5](https://github.com/etcd-io/etcd/releases/tag/v3.4.5)
* Switch from upstream hyperkube image to individual images ([#669](https://github.com/poseidon/typhoon/pull/669)) * Switch from upstream hyperkube image to individual images ([#669](https://github.com/poseidon/typhoon/pull/669))
* Use upstream `k8s.gcr.io` `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, and `kube-proxy` container images * Use upstream `k8s.gcr.io` `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, and `kube-proxy` container images
@ -27,6 +28,7 @@ Notable changes between versions.
## v1.17.4 ## v1.17.4
* Kubernetes [v1.17.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md#v1174)
* Update etcd from v3.4.3 to [v3.4.4](https://github.com/etcd-io/etcd/releases/tag/v3.4.4) * Update etcd from v3.4.3 to [v3.4.4](https://github.com/etcd-io/etcd/releases/tag/v3.4.4)
* On Container Linux, fetch using the docker transport format ([#659](https://github.com/poseidon/typhoon/pull/659)) * On Container Linux, fetch using the docker transport format ([#659](https://github.com/poseidon/typhoon/pull/659))
* Update CoreDNS from v1.6.6 to v1.6.7 ([#648](https://github.com/poseidon/typhoon/pull/648)) * Update CoreDNS from v1.6.6 to v1.6.7 ([#648](https://github.com/poseidon/typhoon/pull/648))

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]

View File

@ -91,7 +91,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -125,7 +125,6 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/rkt run \ ExecStart=/usr/bin/rkt run \
--trust-keys-from-https \ --trust-keys-from-https \
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
@ -135,7 +134,7 @@ systemd:
--volume script,kind=host,source=/opt/bootstrap/apply \ --volume script,kind=host,source=/opt/bootstrap/apply \
--mount volume=script,target=/apply \ --mount volume=script,target=/apply \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
--exec=/apply --exec=/apply
@ -170,7 +169,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
filesystem: root filesystem: root
@ -183,6 +184,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -64,7 +64,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]

View File

@ -79,7 +79,7 @@ systemd:
--volume /var/log:/var/log \ --volume /var/log:/var/log \
--volume /var/run/lock:/var/run/lock:z \ --volume /var/run/lock:/var/run/lock:z \
--volume /opt/cni/bin:/opt/cni/bin:z \ --volume /opt/cni/bin:/opt/cni/bin:z \
quay.io/poseidon/kubelet:v1.17.4 \ quay.io/poseidon/kubelet:v1.18.0 \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -116,14 +116,13 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/podman run --name bootstrap \ ExecStart=/usr/bin/podman run --name bootstrap \
--network host \ --network host \
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
--volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \
--volume /opt/bootstrap/apply:/apply:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \
--entrypoint=/apply \ --entrypoint=/apply \
quay.io/poseidon/kubelet:v1.17.4 quay.io/poseidon/kubelet:v1.18.0
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
ExecStartPost=-/usr/bin/podman stop bootstrap ExecStartPost=-/usr/bin/podman stop bootstrap
storage: storage:
@ -155,7 +154,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
mode: 0544 mode: 0544
@ -167,6 +168,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -49,7 +49,7 @@ systemd:
--volume /var/log:/var/log \ --volume /var/log:/var/log \
--volume /var/run/lock:/var/run/lock:z \ --volume /var/run/lock:/var/run/lock:z \
--volume /opt/cni/bin:/opt/cni/bin:z \ --volume /opt/cni/bin:/opt/cni/bin:z \
quay.io/poseidon/kubelet:v1.17.4 \ quay.io/poseidon/kubelet:v1.18.0 \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -87,7 +87,7 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
ExecStart=/bin/true ExecStart=/bin/true
ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.17.4 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.18.0 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME'
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
storage: storage:

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]

View File

@ -90,7 +90,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -123,7 +123,6 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/rkt run \ ExecStart=/usr/bin/rkt run \
--trust-keys-from-https \ --trust-keys-from-https \
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
@ -133,7 +132,7 @@ systemd:
--volume script,kind=host,source=/opt/bootstrap/apply \ --volume script,kind=host,source=/opt/bootstrap/apply \
--mount volume=script,target=/apply \ --mount volume=script,target=/apply \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
--exec=/apply --exec=/apply
@ -168,7 +167,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
filesystem: root filesystem: root
@ -181,6 +182,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -63,7 +63,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -125,7 +125,7 @@ storage:
--volume config,kind=host,source=/etc/kubernetes \ --volume config,kind=host,source=/etc/kubernetes \
--mount volume=config,target=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
-- \ -- \

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name] api_servers = [var.k8s_domain_name]

View File

@ -103,7 +103,7 @@ systemd:
--mount volume=etc-iscsi,target=/etc/iscsi \ --mount volume=etc-iscsi,target=/etc/iscsi \
--volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \ --volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \
--mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \ --mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -138,7 +138,6 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/rkt run \ ExecStart=/usr/bin/rkt run \
--trust-keys-from-https \ --trust-keys-from-https \
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
@ -148,7 +147,7 @@ systemd:
--volume script,kind=host,source=/opt/bootstrap/apply \ --volume script,kind=host,source=/opt/bootstrap/apply \
--mount volume=script,target=/apply \ --mount volume=script,target=/apply \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
--exec=/apply --exec=/apply
@ -186,7 +185,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
filesystem: root filesystem: root
@ -199,6 +200,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -76,7 +76,7 @@ systemd:
--mount volume=etc-iscsi,target=/etc/iscsi \ --mount volume=etc-iscsi,target=/etc/iscsi \
--volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \ --volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \
--mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \ --mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name] api_servers = [var.k8s_domain_name]

View File

@ -80,7 +80,7 @@ systemd:
--volume /opt/cni/bin:/opt/cni/bin:z \ --volume /opt/cni/bin:/opt/cni/bin:z \
--volume /etc/iscsi:/etc/iscsi \ --volume /etc/iscsi:/etc/iscsi \
--volume /sbin/iscsiadm:/sbin/iscsiadm \ --volume /sbin/iscsiadm:/sbin/iscsiadm \
quay.io/poseidon/kubelet:v1.17.4 \ quay.io/poseidon/kubelet:v1.18.0 \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -127,14 +127,13 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/podman run --name bootstrap \ ExecStart=/usr/bin/podman run --name bootstrap \
--network host \ --network host \
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
--volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \
--volume /opt/bootstrap/apply:/apply:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \
--entrypoint=/apply \ --entrypoint=/apply \
quay.io/poseidon/kubelet:v1.17.4 quay.io/poseidon/kubelet:v1.18.0
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
ExecStartPost=-/usr/bin/podman stop bootstrap ExecStartPost=-/usr/bin/podman stop bootstrap
storage: storage:
@ -166,7 +165,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
mode: 0544 mode: 0544
@ -178,6 +179,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -50,7 +50,7 @@ systemd:
--volume /opt/cni/bin:/opt/cni/bin:z \ --volume /opt/cni/bin:/opt/cni/bin:z \
--volume /etc/iscsi:/etc/iscsi \ --volume /etc/iscsi:/etc/iscsi \
--volume /sbin/iscsiadm:/sbin/iscsiadm \ --volume /sbin/iscsiadm:/sbin/iscsiadm \
quay.io/poseidon/kubelet:v1.17.4 \ quay.io/poseidon/kubelet:v1.18.0 \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]

View File

@ -101,7 +101,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -135,7 +135,6 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/rkt run \ ExecStart=/usr/bin/rkt run \
--trust-keys-from-https \ --trust-keys-from-https \
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
@ -145,7 +144,7 @@ systemd:
--volume script,kind=host,source=/opt/bootstrap/apply \ --volume script,kind=host,source=/opt/bootstrap/apply \
--mount volume=script,target=/apply \ --mount volume=script,target=/apply \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
--exec=/apply --exec=/apply
@ -177,7 +176,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
filesystem: root filesystem: root
@ -190,6 +191,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -74,7 +74,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -131,7 +131,7 @@ storage:
--volume config,kind=host,source=/etc/kubernetes \ --volume config,kind=host,source=/etc/kubernetes \
--mount volume=config,target=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
-- \ -- \

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]

View File

@ -90,7 +90,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -123,7 +123,6 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/rkt run \ ExecStart=/usr/bin/rkt run \
--trust-keys-from-https \ --trust-keys-from-https \
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \ --volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
@ -133,7 +132,7 @@ systemd:
--volume script,kind=host,source=/opt/bootstrap/apply \ --volume script,kind=host,source=/opt/bootstrap/apply \
--mount volume=script,target=/apply \ --mount volume=script,target=/apply \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
--exec=/apply --exec=/apply
@ -168,7 +167,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
filesystem: root filesystem: root
@ -181,6 +182,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -63,7 +63,7 @@ systemd:
--mount volume=var-log,target=/var/log \ --mount volume=var-log,target=/var/log \
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \ --volume opt-cni-bin,kind=host,source=/opt/cni/bin \
--mount volume=opt-cni-bin,target=/opt/cni/bin \ --mount volume=opt-cni-bin,target=/opt/cni/bin \
docker://quay.io/poseidon/kubelet:v1.17.4 -- \ docker://quay.io/poseidon/kubelet:v1.18.0 -- \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -125,7 +125,7 @@ storage:
--volume config,kind=host,source=/etc/kubernetes \ --volume config,kind=host,source=/etc/kubernetes \
--mount volume=config,target=/etc/kubernetes \ --mount volume=config,target=/etc/kubernetes \
--insecure-options=image \ --insecure-options=image \
docker://quay.io/poseidon/kubelet:v1.17.4 \ docker://quay.io/poseidon/kubelet:v1.18.0 \
--net=host \ --net=host \
--dns=host \ --dns=host \
-- \ -- \

View File

@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests) # Kubernetes assets (kubeconfig, manifests)
module "bootstrap" { module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581" source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
cluster_name = var.cluster_name cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]

View File

@ -79,7 +79,7 @@ systemd:
--volume /var/log:/var/log \ --volume /var/log:/var/log \
--volume /var/run/lock:/var/run/lock:z \ --volume /var/run/lock:/var/run/lock:z \
--volume /opt/cni/bin:/opt/cni/bin:z \ --volume /opt/cni/bin:/opt/cni/bin:z \
quay.io/poseidon/kubelet:v1.17.4 \ quay.io/poseidon/kubelet:v1.18.0 \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -116,14 +116,13 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/opt/bootstrap WorkingDirectory=/opt/bootstrap
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
ExecStart=/usr/bin/podman run --name bootstrap \ ExecStart=/usr/bin/podman run --name bootstrap \
--network host \ --network host \
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \ --volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
--volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/assets:/assets:ro,Z \
--volume /opt/bootstrap/apply:/apply:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \
--entrypoint=/apply \ --entrypoint=/apply \
quay.io/poseidon/kubelet:v1.17.4 quay.io/poseidon/kubelet:v1.18.0
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
ExecStartPost=-/usr/bin/podman stop bootstrap ExecStartPost=-/usr/bin/podman stop bootstrap
storage: storage:
@ -155,7 +154,9 @@ storage:
sudo mv static-manifests/* /etc/kubernetes/manifests/ sudo mv static-manifests/* /etc/kubernetes/manifests/
sudo mkdir -p /opt/bootstrap/assets sudo mkdir -p /opt/bootstrap/assets
sudo mv manifests /opt/bootstrap/assets/manifests sudo mv manifests /opt/bootstrap/assets/manifests
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking sudo mkdir -p /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
rm -rf assets auth static-manifests tls rm -rf assets auth static-manifests tls
- path: /opt/bootstrap/apply - path: /opt/bootstrap/apply
mode: 0544 mode: 0544
@ -167,6 +168,10 @@ storage:
echo "Waiting for static pod control plane" echo "Waiting for static pod control plane"
sleep 5 sleep 5
done done
until kubectl apply -f /assets/manifests/crds -R; do
echo "Retry Custom Resource Definition manifests"
sleep 5
done
until kubectl apply -f /assets/manifests -R; do until kubectl apply -f /assets/manifests -R; do
echo "Retry applying manifests" echo "Retry applying manifests"
sleep 5 sleep 5

View File

@ -49,7 +49,7 @@ systemd:
--volume /var/log:/var/log \ --volume /var/log:/var/log \
--volume /var/run/lock:/var/run/lock:z \ --volume /var/run/lock:/var/run/lock:z \
--volume /opt/cni/bin:/opt/cni/bin:z \ --volume /opt/cni/bin:/opt/cni/bin:z \
quay.io/poseidon/kubelet:v1.17.4 \ quay.io/poseidon/kubelet:v1.18.0 \
--anonymous-auth=false \ --anonymous-auth=false \
--authentication-token-webhook \ --authentication-token-webhook \
--authorization-mode=Webhook \ --authorization-mode=Webhook \
@ -87,7 +87,7 @@ systemd:
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
ExecStart=/bin/true ExecStart=/bin/true
ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.17.4 kubectl --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME' ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.18.0 kubectl --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME'
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
storage: storage: