James Harmison
9a4887d028
Add bind mounts for selinux to fcos kubelets
...
fixes #1123
Enables the use of CSI drivers with a StorageClass that lacks an explicit context mount option. In cases where the kubelet lacks mounts for `/etc/selinux` and `/sys/fs/selinux`, it is unable to set the `:Z` option for the CRI volume definition automatically. See [KEP 1710](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/1710-selinux-relabeling/README.md#volume-mounting ) for more information on how SELinux is passed to the CRI by Kubelet.
Prior to this change, a not-explicitly-labelled mount would have an `unlabeled_t` SELinux type on the host. Following this change, the Kubelet and CRI work together to dynamically relabel mounts that lack an explicit context specification every time it is rebound to a pod with SELinux type `container_file_t` and appropriate context labels to match the specifics for the pod it is bound to. This enables applications running in containers to consume dynamically provisioned storage on SELinux enforcing systems without explicitly setting the context on the StorageClass or PersistentVolume.
2022-04-26 21:33:26 -07:00
dependabot[bot]
35bca6df90
Bump mkdocs-material from 8.2.9 to 8.2.11
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.2.9 to 8.2.11.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.2.9...8.2.11 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 19:02:15 -07:00
Dalton Hubble
d7f55c4e46
Remove use of deprecated key_algorithm
field in TLS assets
...
* Fixes warning about use of deprecated field `key_algorithm` in
the `hashicorp/tls` provider. The key algorithm can now be inferred
directly from the private key so resources don't have to output
and pass around the algorithm
2022-04-20 19:52:03 -07:00
Dalton Hubble
80c6e2e7e6
Update Kubernetes from v1.23.5 to v1.23.6
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1236
2022-04-20 19:39:05 -07:00
Dalton Hubble
fddd8ac69d
Fix Flatcar Linux nodes on Google Cloud not ignoring image changes
...
* Add `boot_disk[0].initialize_params` to the ignored fields for the
controller nodes
* Nodes will auto-update, Terraform should not attempt to delete and
recreate nodes (especially controllers!). Lack of this ignore causes
Terraform to propose deleting controller nodes when Flatcar Linux
releases new images
* Matches the configuration on Typhoon Fedora CoreOS (which does not
have the issue)
2022-04-20 18:53:00 -07:00
Dalton Hubble
2f7d2a92e0
Update Cilium and Calico CNI providers
...
* Update Cilium from v1.11.3 to v1.11.4
* Update Calico from v3.22.1 to v3.22.2
2022-04-19 08:28:52 -07:00
dependabot[bot]
6cd6bb38de
Bump mkdocs-material from 8.2.8 to 8.2.9
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.2.8 to 8.2.9.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.2.8...8.2.9 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-12 07:53:43 -07:00
Dalton Hubble
d91408258b
Update nginx-ingress, Prometheus, and Grafana addons
2022-04-04 08:53:29 -07:00
Dalton Hubble
2df1873b7f
Update Cilium from v1.11.2 to v1.11.3
...
* https://github.com/cilium/cilium/releases/tag/v1.11.3
2022-04-01 16:44:30 -07:00
Dalton Hubble
93ebfc7dd0
Allow upgrading Azure Terraform Provider to v3.x
...
* Change subnet references to source and destinations prefixes
(plural)
* Remove references to a resource group in some load balancing
components, which no longer require it (inferred)
* Rename `worker_address_prefix` output to `worker_address_prefixes`
2022-04-01 16:36:53 -07:00
Dalton Hubble
5365ce8204
Mount /etc/machine-id from host into Kubelet
...
* Kubelet node's System UUID can be detected from the sysfs
filesystem without a host mount, but if you need to distinguish
between the host's machine-id and SystemUUID
* On cloud platforms, MachineID and SystemUUID are identical,
but on bare-metal the two differ
2022-04-01 16:32:06 -07:00
dependabot[bot]
2ad33cebaf
Bump mkdocs-material from 8.2.5 to 8.2.8
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.2.5 to 8.2.8.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.2.5...8.2.8 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-28 10:20:10 -07:00
dependabot[bot]
a26abcf5b1
Bump mkdocs from 1.2.3 to 1.3.0
...
Bumps [mkdocs](https://github.com/mkdocs/mkdocs ) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/mkdocs/mkdocs/releases )
- [Commits](https://github.com/mkdocs/mkdocs/compare/1.2.3...1.3.0 )
---
updated-dependencies:
- dependency-name: mkdocs
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-28 10:07:34 -07:00
dependabot[bot]
b8c4629548
Bump pymdown-extensions from 9.2 to 9.3
...
Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions ) from 9.2 to 9.3.
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases )
- [Commits](https://github.com/facelessuser/pymdown-extensions/compare/9.2...9.3 )
---
updated-dependencies:
- dependency-name: pymdown-extensions
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-21 10:35:37 -07:00
Dalton Hubble
c5814308ab
Refresh Terraform providers shown in docs
...
* Update a few OS component details
2022-03-19 19:30:43 -07:00
Dalton Hubble
b47edca6be
Refresh Prometheus rules and Grafana dashboards
...
* Update Prometheus rules and Grafana dashboards
* Add new networking dashboards
2022-03-19 17:08:00 -07:00
Dalton Hubble
e61d4b92da
Update Kubernetes from v1.23.4 to v1.23.5
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1235
2022-03-16 21:01:41 -07:00
Dalton Hubble
dca745fa4a
Update monitoring addon components
...
* Update Prometheus, kube-state-metrics, and Grafana
2022-03-11 11:50:16 -08:00
Dalton Hubble
661347fa71
Update nginx-ingress from v1.1.1 to v1.1.2
...
* https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.1.2
2022-03-11 11:42:33 -08:00
Dalton Hubble
69770b4827
Update Calico from v3.21.2 to v3.22.1
...
* https://github.com/projectcalico/calico/releases/tag/v3.22.1
* Fix https://github.com/projectcalico/calico/issues/5011
2022-03-11 11:22:29 -08:00
Dalton Hubble
f797f97675
Update Cilium from v1.11.1 to v1.11.2
...
* https://github.com/cilium/cilium/releases/tag/v1.11.2
2022-03-11 10:08:24 -08:00
dependabot[bot]
9fe0f2fa6c
Bump mkdocs-material from 8.2.3 to 8.2.5
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.2.3 to 8.2.5.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.2.3...8.2.5 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-11 09:57:31 -08:00
dependabot[bot]
268648c146
Bump mkdocs-material from 8.2.1 to 8.2.3
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.2.1 to 8.2.3.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.2.1...8.2.3 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-28 09:36:48 -08:00
Dalton Hubble
6cf40722de
Revert kube-state-metrics upgrade
...
* kube-state-metrics:v2.4.0 isn't published, skip it
2022-02-21 19:57:47 -08:00
Dalton Hubble
c230cdec46
Update Grafana and kube-state-metrics addons
2022-02-21 19:36:16 -08:00
Dalton Hubble
cabf5b2c34
Update recommended Terraform provider versions
...
* Update poseidon/ct version from v0.9.1 to v0.10.0
* Update aws provider to v4.x series
2022-02-21 19:27:54 -08:00
dependabot[bot]
ba8a951863
Bump mkdocs-material from 8.1.11 to 8.2.1
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.1.11 to 8.2.1.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.1.11...8.2.1 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-21 09:53:27 -08:00
Dalton Hubble
9aa99f1996
Allow upgrading AWS Terraform provider to v4.x
...
* https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.0.0
2022-02-17 09:35:15 -08:00
Dalton Hubble
fc38ba45b1
Update Kubernetes from v1.23.3 to v1.23.4
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1234
2022-02-17 09:00:31 -08:00
Dalton Hubble
28a42238c4
Update nginx-ingress, Prometheus, and Grafana addons
...
* Align `nginx-ingress` `--controller-class` with `IngressClass`
to provide a better example (e.g. if extended to multiple ingress
controllers)
2022-02-17 08:58:29 -08:00
dependabot[bot]
de9b30a587
Bump mkdocs-material from 8.1.10 to 8.1.11
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.1.10 to 8.1.11.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.1.10...8.1.11 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-14 11:11:06 -08:00
dependabot[bot]
affb40d59b
Bump pymdown-extensions from 9.1 to 9.2
...
Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions ) from 9.1 to 9.2.
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases )
- [Commits](https://github.com/facelessuser/pymdown-extensions/compare/9.1...9.2 )
---
updated-dependencies:
- dependency-name: pymdown-extensions
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-14 11:10:56 -08:00
dependabot[bot]
15ac49b34d
Bump mkdocs-material from 8.1.9 to 8.1.10
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.1.9 to 8.1.10.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.1.9...8.1.10 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-07 09:49:24 -08:00
Dalton Hubble
6c70d06937
Update etcd from v3.5.1 to v3.5.2
...
* https://github.com/etcd-io/etcd/releases/tag/v3.5.2
2022-02-07 08:10:17 -08:00
Dalton Hubble
cf4beeba34
Change default CNI provider from Calico to Cilium
...
* Cilium (v1.8) was added to Typhoon in v1.18.5 in June 2020
and its become more impressive since then. Its currently the
leading CNI provider choice.
* Calico has grown complex, has lots of CRDs, masks its
management complexity with an operator (which we won't use),
doesn't provide multi-arch images, and hasn't been compatible
with Kubernetes v1.23 (with ipvs) for several releases.
* Both have CNCF conformance quirks (flannel used for conformance),
but that's not the main factor in choosing the default
2022-02-07 08:07:00 -08:00
dependabot[bot]
10b4ba14b6
Bump mkdocs-material from 8.1.8 to 8.1.9
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.1.8 to 8.1.9.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.1.8...8.1.9 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-01 10:26:39 -08:00
Dalton Hubble
e06ee042ee
Switch to using Flatcar Linux images on Google Cloud
...
* Use the official Kinvolk Flatcar Linux image on Google Cloud
* Change `os_image` from a custom image name to `flatcar-stable`
(default), `flatcar-beta`, or `flatcar-alpha` (**action required**)
* Change `os_image` from a required to an optional variable
* Promote Typhoon on Flatcar Linux / Google Cloud to stable
* Remove docs about needing to upload a Flatcar Linux image
manually on Google Cloud and drop support for custom images
2022-01-28 21:04:10 -08:00
Dalton Hubble
a527f73f5a
Update Kubernetes from v1.23.2 to v1.23.3
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1233
2022-01-27 09:23:37 -08:00
dependabot[bot]
c21a0479c0
Bump mkdocs-material from 8.1.7 to 8.1.8
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.1.7 to 8.1.8.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.1.7...8.1.8 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 09:02:30 -08:00
Dalton Hubble
f614c538cf
Update Terraform provider recommendations in docs
2022-01-19 21:16:37 -08:00
Dalton Hubble
3da8c1575c
Update nginx-ingress and Grafana addons
2022-01-19 21:09:21 -08:00
Dalton Hubble
dedd17d085
Upgrade to DigitalOcean Terraform provider v2.x
...
* Remove deprecated `private_networking` parameter
2022-01-19 18:32:17 -08:00
Dalton Hubble
e274a451ff
Update Kubernetes from v1.23.1 to v1.23.2
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#v1232
2022-01-19 17:59:49 -08:00
dependabot[bot]
b2e36947ab
Bump mkdocs-material from 8.1.5 to 8.1.7
...
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) from 8.1.5 to 8.1.7.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/8.1.5...8.1.7 )
---
updated-dependencies:
- dependency-name: mkdocs-material
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-19 16:42:21 -08:00
Dalton Hubble
5af0a5c5b9
Add Flatcar Linux ARM64 examples
...
* Fix content tabs format for switching between example
code blocks
2022-01-14 12:52:45 -08:00
Dalton Hubble
2265ab5375
Remove Kubelet --network-plugin=cni
flag
...
* Now that `docker-shim` is no longer used, the Kubelet flag
is no longer needed and will be removed in v1.24
2022-01-14 10:43:07 -08:00
Dalton Hubble
08ea9776f3
Mask docker.service to prevent socket activation
...
* Kubelet now uses `containerd` as the container runtime, but
`docker.service` still starts when `docker.sock` is probed bc
the service is socket activated. Prevent this by masking the
`docker.service` unit
2022-01-14 10:31:47 -08:00
Dalton Hubble
2e8bc99164
Remove template
provider usage from terraform-render-bootstrap
2022-01-14 10:27:24 -08:00
Dalton Hubble
b18b0a9f3d
Remove unused ETCD_UNSUPPORTED_ARCH variable
...
* etcd used to require a special variable to use the arm64
container image, but this is no longer required
2022-01-14 10:25:45 -08:00
Dalton Hubble
beb9f1477a
Add experimental Flatcar Linux arm64 support on AWS
...
* Add `arch` variable to Flatcar Linux AWS `kubernetes` and
`workers` modules. Accept `amd64` (default) or `arm64` to support
native arm64/aarch64 clusters or mixed/hybrid clusters with arm64
workers
* Requires `flannel` or `cilium` CNI
Similar to https://github.com/poseidon/typhoon/pull/875
2022-01-14 10:24:48 -08:00