Dalton Hubble
ebd9570ede
Update Fedora CoreOS Config version from v1.1.0 to v1.2.0
...
* Require [poseidon/ct](https://github.com/poseidon/terraform-provider-ct )
Terraform provider v0.8+
* Require any [snippets](https://typhoon.psdn.io/advanced/customization/#hosts )
customizations to update to v1.2.0
See upgrade [notes](https://typhoon.psdn.io/topics/maintenance/#upgrade-terraform-provider-ct )
2021-04-11 15:26:54 -07:00
Dalton Hubble
34e8db7aae
Update static Pod manifests for Kubernetes v1.21.0
...
* https://github.com/poseidon/terraform-render-bootstrap/pull/257
2021-04-11 15:05:46 -07:00
Dalton Hubble
d73621c838
Update Kubernetes from v1.20.5 to v1.21.0
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#v1210
2021-04-08 21:44:31 -07:00
Dalton Hubble
798ec9a92f
Change CNI config directory to /etc/cni/net.d
...
* Change CNI config directory from `/etc/kubernetes/cni/net.d`
to `/etc/cni/net.d` (Kubelet default)
* https://github.com/poseidon/terraform-render-bootstrap/pull/255
2021-04-02 00:03:48 -07:00
Dalton Hubble
597ca4acce
Update CoreDNS from v1.7.0 to v1.8.0
...
* https://github.com/poseidon/terraform-render-bootstrap/pull/254
2021-03-20 16:47:25 -07:00
Dalton Hubble
796149d122
Update Kubernetes from v1.20.4 to v1.20.5
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#v1205
2021-03-19 11:27:31 -07:00
Dalton Hubble
a66bccd590
Update Cilium from v1.9.4 to v1.9.5
...
* https://github.com/cilium/cilium/releases/tag/v1.9.5
2021-03-14 11:48:22 -07:00
Dalton Hubble
30b1edfcc6
Mark bootstrap token as sensitive in plan/apply
...
* Mark the bootstrap token as sensitive, which is useful when
Terraform is run in automated CI/CD systems to avoid showing
the token
* https://github.com/poseidon/terraform-render-bootstrap/pull/251
2021-03-14 11:32:35 -07:00
Dalton Hubble
a4afe06b64
Update Calico from v3.17.3 to v3.18.1
...
* https://docs.projectcalico.org/archive/v3.18/release-notes/
2021-03-14 10:35:24 -07:00
ajrpayne
170b768ad8
Add KUBELET_IMAGE to Fedora CoreOS bootstrap.service ( #945 )
...
* Align with Flatcar Linux `bootstrap.service`
2021-03-14 09:35:42 -07:00
Dalton Hubble
a5c1a96df1
Update etcd from v3.4.14 to v3.4.15
...
* https://github.com/etcd-io/etcd/releases/tag/v3.4.15
2021-03-05 17:02:57 -08:00
Dalton Hubble
6a091e245e
Remove Flatcar Linux Edge `os_image` option
...
* Flatcar Linux has not published an Edge channel image since
April 2020 and recently removed mention of the channel from
their documentation https://github.com/kinvolk/Flatcar/pull/345
* Users of Flatcar Linux Edge should move to the stable, beta, or
alpha channel, barring any alternate advice from upstream Flatcar
Linux
2021-02-20 16:09:54 -08:00
Dalton Hubble
e76fe80b45
Update Kubernetes from v1.20.3 to v1.20.4
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#v1204
2021-02-19 00:02:07 -08:00
Dalton Hubble
32853aaa7b
Update Kubernetes from v1.20.2 to v1.20.3
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#v1203
2021-02-17 22:29:33 -08:00
Dalton Hubble
9671b1c734
Update flannel-cni from v0.4.1 to v0.4.2
...
* https://github.com/poseidon/flannel-cni/releases/tag/v0.4.2
2021-02-14 12:04:59 -08:00
Dalton Hubble
18165d8076
Update Calico from v3.17.1 to v3.17.2
...
* https://github.com/projectcalico/calico/releases/tag/v3.17.2
2021-02-04 22:03:51 -08:00
Dalton Hubble
50acf28ce5
Update Cilium from v1.9.3 to v1.9.4
...
* https://github.com/cilium/cilium/releases/tag/v1.9.4
2021-02-03 23:08:22 -08:00
Dalton Hubble
ab793eb842
Update Cilium from v1.9.2 to v1.9.3
...
* https://github.com/cilium/cilium/releases/tag/v1.9.3
2021-01-26 17:13:52 -08:00
Dalton Hubble
b74c958524
Update Cilium from v1.9.1 to v1.9.2
...
* https://github.com/cilium/cilium/releases/tag/v1.9.2
2021-01-20 22:06:45 -08:00
Dalton Hubble
05f7df9e80
Update Kubernetes from v1.20.1 to v1.20.2
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#v1202
2021-01-13 17:46:51 -08:00
Dalton Hubble
4220b9ce18
Add support for Terraform v0.14.4+
...
* Support Terraform v0.13.x and v0.14.4+
2021-01-12 21:43:12 -08:00
Dalton Hubble
646bdd78e4
Update Kubernetes from v1.20.0 to v1.20.1
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#v1201
2020-12-19 12:56:28 -08:00
Dalton Hubble
dc7be431e0
Remove iSCSI mounts from Kubelet
...
* Remove Kubelet `/etc/iscsi` and `iscsiadm` host mounts that
were added on bare-metal, since these no longer work on either
Fedora CoreOS or Flatcar Linux with newer `iscsiadm`
* These special mounts on bare-metal date back to #350 which
added them to provide a way to use iSCSI in Kubernetes v1.10
* Today, storage should be handled by external CSI providers
which handle different storage systems, which doesn't rely
on Kubelet storage utils
Close #907
2020-12-12 11:41:02 -08:00
Dalton Hubble
86e0f806b3
Revert "Add support for Terraform v0.14.x"
...
This reverts commit 968febb050
.
2020-12-11 00:47:57 -08:00
Dalton Hubble
ee9ce3d0ab
Update Calico from v3.17.0 to v3.17.1
...
* https://github.com/projectcalico/calico/releases/tag/v3.17.1
2020-12-10 22:48:38 -08:00
Dalton Hubble
a8b8a9b454
Update Kubernetes from v1.20.0-rc.0 to v1.20.0
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#v1200
2020-12-08 18:28:13 -08:00
Dalton Hubble
968febb050
Add support for Terraform v0.14.x
...
* Support Terraform v0.13.x and v0.14.x
2020-12-07 00:22:38 -08:00
Dalton Hubble
bee455f83a
Update Cilium from v1.9.0 to v1.9.1
...
* https://github.com/cilium/cilium/releases/tag/v1.9.1
2020-12-04 14:14:18 -08:00
Dalton Hubble
e77dd6ecd4
Update Kubernetes from v1.19.4 to v1.20.0-rc.0
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#v1200-rc0
2020-12-03 16:01:28 -08:00
Dalton Hubble
4fd4a0f540
Move control plane static pod TLS assets to /etc/kubernetes/pki
...
* Change control plane static pods to mount `/etc/kubernetes/pki`,
instead of `/etc/kubernetes/bootstrap-secrets` to better reflect
their purpose and match some loose conventions upstream
* Place control plane and bootstrap TLS assets and kubeconfig's
in `/etc/kubernetes/pki`
* Mount to `/etc/kubernetes/pki` (rather than `/etc/kubernetes/secrets`)
to match the host location (less surprise)
Rel: https://github.com/poseidon/terraform-render-bootstrap/pull/233
2020-12-02 23:26:42 -08:00
Dalton Hubble
804dfea0f9
Add kubeconfig's for kube-scheduler and kube-controller-manager
...
* Generate TLS client certificates for `kube-scheduler` and
`kube-controller-manager` with `system:kube-scheduler` and
`system:kube-controller-manager` CNs
* Template separate kubeconfigs for kube-scheduler and
kube-controller manager (`scheduler.conf` and
`controller-manager.conf`). Rename admin for clarity
* Before v1.16.0, Typhoon scheduled a self-hosted control
plane, which allowed the steady-state kube-scheduler and
kube-controller-manager to use a scoped ServiceAccount.
With a static pod control plane, separate CN TLS client
certificates are the nearest equiv.
* https://kubernetes.io/docs/setup/best-practices/certificates/
* Remove unused Kubelet certificate, TLS bootstrap is used
instead
2020-12-01 22:02:15 -08:00
Dalton Hubble
8ba23f364c
Add TokenReview and TokenRequestProjection flags
...
* Add kube-apiserver flags for TokenReview and TokenRequestProjection
(beta, defaults on) to allow using Service Account Token Volume
Projection to create and mount service account tokens tied to a Pod's
lifecycle
Rel:
* https://github.com/poseidon/terraform-render-bootstrap/pull/231
* https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
2020-12-01 20:02:33 -08:00
Dalton Hubble
f6025666eb
Update etcd from v3.4.12 to v3.4.14
...
* https://github.com/etcd-io/etcd/releases/tag/v3.4.14
2020-11-29 20:04:25 -08:00
Dalton Hubble
fa3184fb9c
Relax terraform-provider-ct version constraint
...
* Allow terraform-provider-ct versions v0.6+ (e.g. v0.7.1)
Before, only v0.6.x point updates were allowed
* Update terraform-provider-ct to v0.7.1 in docs
* READ the docs before updating terraform-provider-ct,
as changing worker user-data is handled differently
by different cloud platforms
2020-11-29 19:51:26 -08:00
Dalton Hubble
ae548ce213
Update Calico from v3.16.5 to v3.17.0
...
* Enable Calico MTU auto-detection
* Remove [workaround](https://github.com/poseidon/typhoon/pull/724 ) to
Calico cni-plugin [issue](https://github.com/projectcalico/cni-plugin/issues/874 )
Rel: https://github.com/poseidon/terraform-render-bootstrap/pull/230
2020-11-25 14:22:58 -08:00
Dalton Hubble
e826b49648
Update Matchbox profile to use initramfs and rootfs images
...
* Fedora CoreOS stable (after Oct 6) ships separate initramfs
and rootfs images, used as initrd's
* Update profiles to match the Matchbox examples, which have
already switched to the new profile and to remove the unused
kernel args
* Requires Fedora CoreOS version which ships rootfs images
(e.g. stable 32.20200923.3.0 or later)
Rel:
* https://github.com/coreos/fedora-coreos-tracker/issues/390#issuecomment-661986987
* da0df01763 (diff-4541f7b7c174f6ae6270135942c1c65ed9e09ebe81239709f5a9fb34e858ddcf)
Supercedes https://github.com/poseidon/typhoon/pull/888
2020-11-25 14:13:39 -08:00
Dalton Hubble
c0347ca0c6
Set kubeconfig and asset_dist as sensitive
...
* Mark `kubeconfig` and `asset_dist` as `sensitive` to
prevent the Terraform CLI displaying these values, esp.
for CI systems
* In particular, external tools or tfvars style uses (not
recommended) reportedly display all outputs and are improved
by setting sensitive
* For Terraform v0.14, outputs referencing sensitive fields
must also be annotated as sensitive
Closes https://github.com/poseidon/typhoon/issues/884
2020-11-23 11:41:55 -08:00
Dalton Hubble
9f94ab6bcc
Rerun terraform fmt for recent variables
2020-11-21 14:20:36 -08:00
Dalton Hubble
cc00afa4e1
Add Terraform v0.13 input variable validations
...
* Support for migrating from Terraform v0.12.x to v0.13.x
was added in v1.18.8
* Require Terraform v0.13+. Drop support for Terraform v0.12
2020-11-17 12:02:34 -08:00
Dalton Hubble
1113a22f61
Update Kubernetes from v1.19.3 to v1.19.4
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#v1194
2020-11-11 22:56:27 -08:00
Dalton Hubble
152c7d86bd
Change bootstrap.service container from rkt to docker
...
* Use docker to run `bootstrap.service` container
* Background https://github.com/poseidon/typhoon/pull/855
2020-11-11 22:26:05 -08:00
Dalton Hubble
79deb8a967
Update Cilium from v1.9.0-rc3 to v1.9.0
...
* https://github.com/cilium/cilium/releases/tag/v1.9.0
2020-11-10 23:42:41 -08:00
Dalton Hubble
f412f0d9f2
Update Calico from v3.16.4 to v3.16.5
...
* https://github.com/projectcalico/calico/releases/tag/v3.16.5
2020-11-10 22:58:19 -08:00
Phil Sautter
eca6c4a1a1
Fix broken flatcar linux documentation links ( #870 )
...
* Fix old documentation links
2020-11-10 18:30:30 -08:00
Dalton Hubble
0eef16b274
Improve and tidy Fedora CoreOS etcd-member.service
...
* Allow a snippet with a systemd dropin to set an alternate
image via `ETCD_IMAGE`, for consistency across Fedora CoreOS
and Flatcar Linux
* Drop comments about integrating system containers with
systemd-notify
2020-11-08 11:49:56 -08:00
Dalton Hubble
ad1f59ce91
Change Flatcar etcd-member.service container from rkt to docker
...
* Use docker to run the `etcd-member.service` container
* Use env-file `/etc/etcd/etcd.env` like podman on FCOS
* Background: https://github.com/poseidon/typhoon/pull/855
2020-11-03 16:42:18 -08:00
Dalton Hubble
82e5ac3e7c
Update Cilium from v1.8.5 to v1.9.0-rc3
...
* https://github.com/poseidon/terraform-render-bootstrap/pull/224
2020-11-03 10:29:07 -08:00
Dalton Hubble
a8f7880511
Update Cilium from v1.8.4 to v1.8.5
...
* https://github.com/cilium/cilium/releases/tag/v1.8.5
2020-10-29 00:50:18 -07:00
Dalton Hubble
893d139590
Update Calico from v3.16.3 to v3.16.4
...
* https://github.com/projectcalico/calico/releases/tag/v3.16.4
2020-10-26 00:50:40 -07:00
Dalton Hubble
e5ba3329eb
Remove bare-metal CoreOS Container Linux profiles
...
* Remove Matchbox profiles for CoreOS Container Linux
* Simplify the remaining Flatcat Linux profiles
2020-10-21 00:25:10 -07:00