Update Kubernetes from v1.17.4 to v1.18.0
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md
This commit is contained in:
parent
c3bf8bcf96
commit
f100a90d28
|
@ -4,6 +4,7 @@ Notable changes between versions.
|
||||||
|
|
||||||
## Latest
|
## Latest
|
||||||
|
|
||||||
|
* Kubernetes [v1.18.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1180)
|
||||||
* Update etcd from v3.4.4 to [v3.4.5](https://github.com/etcd-io/etcd/releases/tag/v3.4.5)
|
* Update etcd from v3.4.4 to [v3.4.5](https://github.com/etcd-io/etcd/releases/tag/v3.4.5)
|
||||||
* Switch from upstream hyperkube image to individual images ([#669](https://github.com/poseidon/typhoon/pull/669))
|
* Switch from upstream hyperkube image to individual images ([#669](https://github.com/poseidon/typhoon/pull/669))
|
||||||
* Use upstream `k8s.gcr.io` `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, and `kube-proxy` container images
|
* Use upstream `k8s.gcr.io` `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, and `kube-proxy` container images
|
||||||
|
@ -27,6 +28,7 @@ Notable changes between versions.
|
||||||
|
|
||||||
## v1.17.4
|
## v1.17.4
|
||||||
|
|
||||||
|
* Kubernetes [v1.17.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md#v1174)
|
||||||
* Update etcd from v3.4.3 to [v3.4.4](https://github.com/etcd-io/etcd/releases/tag/v3.4.4)
|
* Update etcd from v3.4.3 to [v3.4.4](https://github.com/etcd-io/etcd/releases/tag/v3.4.4)
|
||||||
* On Container Linux, fetch using the docker transport format ([#659](https://github.com/poseidon/typhoon/pull/659))
|
* On Container Linux, fetch using the docker transport format ([#659](https://github.com/poseidon/typhoon/pull/659))
|
||||||
* Update CoreDNS from v1.6.6 to v1.6.7 ([#648](https://github.com/poseidon/typhoon/pull/648))
|
* Update CoreDNS from v1.6.6 to v1.6.7 ([#648](https://github.com/poseidon/typhoon/pull/648))
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
||||||
|
|
|
@ -91,7 +91,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -125,7 +125,6 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/rkt run \
|
ExecStart=/usr/bin/rkt run \
|
||||||
--trust-keys-from-https \
|
--trust-keys-from-https \
|
||||||
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
||||||
|
@ -135,7 +134,7 @@ systemd:
|
||||||
--volume script,kind=host,source=/opt/bootstrap/apply \
|
--volume script,kind=host,source=/opt/bootstrap/apply \
|
||||||
--mount volume=script,target=/apply \
|
--mount volume=script,target=/apply \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
--exec=/apply
|
--exec=/apply
|
||||||
|
@ -170,7 +169,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -183,6 +184,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -64,7 +64,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
||||||
|
|
|
@ -79,7 +79,7 @@ systemd:
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
quay.io/poseidon/kubelet:v1.17.4 \
|
quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -116,14 +116,13 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/podman run --name bootstrap \
|
ExecStart=/usr/bin/podman run --name bootstrap \
|
||||||
--network host \
|
--network host \
|
||||||
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
|
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
|
||||||
--volume /opt/bootstrap/assets:/assets:ro,Z \
|
--volume /opt/bootstrap/assets:/assets:ro,Z \
|
||||||
--volume /opt/bootstrap/apply:/apply:ro,Z \
|
--volume /opt/bootstrap/apply:/apply:ro,Z \
|
||||||
--entrypoint=/apply \
|
--entrypoint=/apply \
|
||||||
quay.io/poseidon/kubelet:v1.17.4
|
quay.io/poseidon/kubelet:v1.18.0
|
||||||
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
|
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
|
@ -155,7 +154,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
mode: 0544
|
mode: 0544
|
||||||
|
@ -167,6 +168,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -49,7 +49,7 @@ systemd:
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
quay.io/poseidon/kubelet:v1.17.4 \
|
quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -87,7 +87,7 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
ExecStart=/bin/true
|
ExecStart=/bin/true
|
||||||
ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.17.4 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME'
|
ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.18.0 --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME'
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
storage:
|
storage:
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
||||||
|
|
|
@ -90,7 +90,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -123,7 +123,6 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/rkt run \
|
ExecStart=/usr/bin/rkt run \
|
||||||
--trust-keys-from-https \
|
--trust-keys-from-https \
|
||||||
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
||||||
|
@ -133,7 +132,7 @@ systemd:
|
||||||
--volume script,kind=host,source=/opt/bootstrap/apply \
|
--volume script,kind=host,source=/opt/bootstrap/apply \
|
||||||
--mount volume=script,target=/apply \
|
--mount volume=script,target=/apply \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
--exec=/apply
|
--exec=/apply
|
||||||
|
@ -168,7 +167,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -181,6 +182,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -63,7 +63,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -125,7 +125,7 @@ storage:
|
||||||
--volume config,kind=host,source=/etc/kubernetes \
|
--volume config,kind=host,source=/etc/kubernetes \
|
||||||
--mount volume=config,target=/etc/kubernetes \
|
--mount volume=config,target=/etc/kubernetes \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
-- \
|
-- \
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [var.k8s_domain_name]
|
api_servers = [var.k8s_domain_name]
|
||||||
|
|
|
@ -103,7 +103,7 @@ systemd:
|
||||||
--mount volume=etc-iscsi,target=/etc/iscsi \
|
--mount volume=etc-iscsi,target=/etc/iscsi \
|
||||||
--volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \
|
--volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \
|
||||||
--mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \
|
--mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -138,7 +138,6 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/rkt run \
|
ExecStart=/usr/bin/rkt run \
|
||||||
--trust-keys-from-https \
|
--trust-keys-from-https \
|
||||||
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
||||||
|
@ -148,7 +147,7 @@ systemd:
|
||||||
--volume script,kind=host,source=/opt/bootstrap/apply \
|
--volume script,kind=host,source=/opt/bootstrap/apply \
|
||||||
--mount volume=script,target=/apply \
|
--mount volume=script,target=/apply \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
--exec=/apply
|
--exec=/apply
|
||||||
|
@ -186,7 +185,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -199,6 +200,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -76,7 +76,7 @@ systemd:
|
||||||
--mount volume=etc-iscsi,target=/etc/iscsi \
|
--mount volume=etc-iscsi,target=/etc/iscsi \
|
||||||
--volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \
|
--volume usr-sbin-iscsiadm,kind=host,source=/usr/sbin/iscsiadm \
|
||||||
--mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \
|
--mount volume=usr-sbin-iscsiadm,target=/sbin/iscsiadm \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [var.k8s_domain_name]
|
api_servers = [var.k8s_domain_name]
|
||||||
|
|
|
@ -80,7 +80,7 @@ systemd:
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
--volume /etc/iscsi:/etc/iscsi \
|
--volume /etc/iscsi:/etc/iscsi \
|
||||||
--volume /sbin/iscsiadm:/sbin/iscsiadm \
|
--volume /sbin/iscsiadm:/sbin/iscsiadm \
|
||||||
quay.io/poseidon/kubelet:v1.17.4 \
|
quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -127,14 +127,13 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/podman run --name bootstrap \
|
ExecStart=/usr/bin/podman run --name bootstrap \
|
||||||
--network host \
|
--network host \
|
||||||
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
|
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
|
||||||
--volume /opt/bootstrap/assets:/assets:ro,Z \
|
--volume /opt/bootstrap/assets:/assets:ro,Z \
|
||||||
--volume /opt/bootstrap/apply:/apply:ro,Z \
|
--volume /opt/bootstrap/apply:/apply:ro,Z \
|
||||||
--entrypoint=/apply \
|
--entrypoint=/apply \
|
||||||
quay.io/poseidon/kubelet:v1.17.4
|
quay.io/poseidon/kubelet:v1.18.0
|
||||||
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
|
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
|
@ -166,7 +165,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
mode: 0544
|
mode: 0544
|
||||||
|
@ -178,6 +179,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -50,7 +50,7 @@ systemd:
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
--volume /etc/iscsi:/etc/iscsi \
|
--volume /etc/iscsi:/etc/iscsi \
|
||||||
--volume /sbin/iscsiadm:/sbin/iscsiadm \
|
--volume /sbin/iscsiadm:/sbin/iscsiadm \
|
||||||
quay.io/poseidon/kubelet:v1.17.4 \
|
quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
||||||
|
|
|
@ -101,7 +101,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -135,7 +135,6 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/rkt run \
|
ExecStart=/usr/bin/rkt run \
|
||||||
--trust-keys-from-https \
|
--trust-keys-from-https \
|
||||||
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
||||||
|
@ -145,7 +144,7 @@ systemd:
|
||||||
--volume script,kind=host,source=/opt/bootstrap/apply \
|
--volume script,kind=host,source=/opt/bootstrap/apply \
|
||||||
--mount volume=script,target=/apply \
|
--mount volume=script,target=/apply \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
--exec=/apply
|
--exec=/apply
|
||||||
|
@ -177,7 +176,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -190,6 +191,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -74,7 +74,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -131,7 +131,7 @@ storage:
|
||||||
--volume config,kind=host,source=/etc/kubernetes \
|
--volume config,kind=host,source=/etc/kubernetes \
|
||||||
--mount volume=config,target=/etc/kubernetes \
|
--mount volume=config,target=/etc/kubernetes \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
-- \
|
-- \
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
||||||
|
|
|
@ -90,7 +90,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -123,7 +123,6 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/rkt run \
|
ExecStart=/usr/bin/rkt run \
|
||||||
--trust-keys-from-https \
|
--trust-keys-from-https \
|
||||||
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
--volume config,kind=host,source=/etc/kubernetes/bootstrap-secrets \
|
||||||
|
@ -133,7 +132,7 @@ systemd:
|
||||||
--volume script,kind=host,source=/opt/bootstrap/apply \
|
--volume script,kind=host,source=/opt/bootstrap/apply \
|
||||||
--mount volume=script,target=/apply \
|
--mount volume=script,target=/apply \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
--exec=/apply
|
--exec=/apply
|
||||||
|
@ -168,7 +167,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
filesystem: root
|
filesystem: root
|
||||||
|
@ -181,6 +182,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -63,7 +63,7 @@ systemd:
|
||||||
--mount volume=var-log,target=/var/log \
|
--mount volume=var-log,target=/var/log \
|
||||||
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
--volume opt-cni-bin,kind=host,source=/opt/cni/bin \
|
||||||
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
--mount volume=opt-cni-bin,target=/opt/cni/bin \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 -- \
|
docker://quay.io/poseidon/kubelet:v1.18.0 -- \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -125,7 +125,7 @@ storage:
|
||||||
--volume config,kind=host,source=/etc/kubernetes \
|
--volume config,kind=host,source=/etc/kubernetes \
|
||||||
--mount volume=config,target=/etc/kubernetes \
|
--mount volume=config,target=/etc/kubernetes \
|
||||||
--insecure-options=image \
|
--insecure-options=image \
|
||||||
docker://quay.io/poseidon/kubelet:v1.17.4 \
|
docker://quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--net=host \
|
--net=host \
|
||||||
--dns=host \
|
--dns=host \
|
||||||
-- \
|
-- \
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Kubernetes assets (kubeconfig, manifests)
|
# Kubernetes assets (kubeconfig, manifests)
|
||||||
module "bootstrap" {
|
module "bootstrap" {
|
||||||
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e76f0a09fa9e6421a9cf697ee03714c6224e2581"
|
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=cb170f802d09dcbe88b050257bc676e25d3c4282"
|
||||||
|
|
||||||
cluster_name = var.cluster_name
|
cluster_name = var.cluster_name
|
||||||
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
|
||||||
|
|
|
@ -79,7 +79,7 @@ systemd:
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
quay.io/poseidon/kubelet:v1.17.4 \
|
quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -116,14 +116,13 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
WorkingDirectory=/opt/bootstrap
|
WorkingDirectory=/opt/bootstrap
|
||||||
ExecStartPre=-/usr/bin/bash -c 'set -x && [ -n "$(ls /opt/bootstrap/assets/manifests-*/* 2>/dev/null)" ] && mv /opt/bootstrap/assets/manifests-*/* /opt/bootstrap/assets/manifests && rm -rf /opt/bootstrap/assets/manifests-*'
|
|
||||||
ExecStart=/usr/bin/podman run --name bootstrap \
|
ExecStart=/usr/bin/podman run --name bootstrap \
|
||||||
--network host \
|
--network host \
|
||||||
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
|
--volume /etc/kubernetes/bootstrap-secrets:/etc/kubernetes/secrets:ro,Z \
|
||||||
--volume /opt/bootstrap/assets:/assets:ro,Z \
|
--volume /opt/bootstrap/assets:/assets:ro,Z \
|
||||||
--volume /opt/bootstrap/apply:/apply:ro,Z \
|
--volume /opt/bootstrap/apply:/apply:ro,Z \
|
||||||
--entrypoint=/apply \
|
--entrypoint=/apply \
|
||||||
quay.io/poseidon/kubelet:v1.17.4
|
quay.io/poseidon/kubelet:v1.18.0
|
||||||
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
|
ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done
|
||||||
ExecStartPost=-/usr/bin/podman stop bootstrap
|
ExecStartPost=-/usr/bin/podman stop bootstrap
|
||||||
storage:
|
storage:
|
||||||
|
@ -155,7 +154,9 @@ storage:
|
||||||
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
sudo mv static-manifests/* /etc/kubernetes/manifests/
|
||||||
sudo mkdir -p /opt/bootstrap/assets
|
sudo mkdir -p /opt/bootstrap/assets
|
||||||
sudo mv manifests /opt/bootstrap/assets/manifests
|
sudo mv manifests /opt/bootstrap/assets/manifests
|
||||||
sudo mv manifests-networking /opt/bootstrap/assets/manifests-networking
|
sudo mkdir -p /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/crd*.yaml /opt/bootstrap/assets/manifests/crds
|
||||||
|
sudo mv manifests-networking/* /opt/bootstrap/assets/manifests/
|
||||||
rm -rf assets auth static-manifests tls
|
rm -rf assets auth static-manifests tls
|
||||||
- path: /opt/bootstrap/apply
|
- path: /opt/bootstrap/apply
|
||||||
mode: 0544
|
mode: 0544
|
||||||
|
@ -167,6 +168,10 @@ storage:
|
||||||
echo "Waiting for static pod control plane"
|
echo "Waiting for static pod control plane"
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
until kubectl apply -f /assets/manifests/crds -R; do
|
||||||
|
echo "Retry Custom Resource Definition manifests"
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
until kubectl apply -f /assets/manifests -R; do
|
until kubectl apply -f /assets/manifests -R; do
|
||||||
echo "Retry applying manifests"
|
echo "Retry applying manifests"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
|
@ -49,7 +49,7 @@ systemd:
|
||||||
--volume /var/log:/var/log \
|
--volume /var/log:/var/log \
|
||||||
--volume /var/run/lock:/var/run/lock:z \
|
--volume /var/run/lock:/var/run/lock:z \
|
||||||
--volume /opt/cni/bin:/opt/cni/bin:z \
|
--volume /opt/cni/bin:/opt/cni/bin:z \
|
||||||
quay.io/poseidon/kubelet:v1.17.4 \
|
quay.io/poseidon/kubelet:v1.18.0 \
|
||||||
--anonymous-auth=false \
|
--anonymous-auth=false \
|
||||||
--authentication-token-webhook \
|
--authentication-token-webhook \
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
|
@ -87,7 +87,7 @@ systemd:
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
ExecStart=/bin/true
|
ExecStart=/bin/true
|
||||||
ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.17.4 kubectl --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME'
|
ExecStop=/bin/bash -c '/usr/bin/podman run --volume /etc/kubernetes:/etc/kubernetes:ro,z --entrypoint /usr/local/bin/kubectl quay.io/poseidon/kubelet:v1.18.0 kubectl --kubeconfig=/etc/kubernetes/kubeconfig delete node $HOSTNAME'
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
storage:
|
storage:
|
||||||
|
|
Loading…
Reference in New Issue