typhoon/aws/container-linux/kubernetes
Dalton Hubble 358854e712 Fix Calico install-cni crash loop on Pod restarts
* Set a consistent MCS level/range for Calico install-cni
* Note: Rebooting a node was a workaround, because Kubelet
relabels /etc/kubernetes(/cni/net.d)

Background:

* On SELinux enforcing systems, the Calico CNI install-cni
container ran with default SELinux context and a random MCS
pair. install-cni places CNI configs by first creating a
temporary file and then moving them into place, which means
the file MCS categories depend on the containers SELinux
context.
* calico-node Pod restarts creates a new install-cni container
with a different MCS pair that cannot access the earlier
written file (it places configs every time), causing the
init container to error and calico-node to crash loop
* https://github.com/projectcalico/cni-plugin/issues/874

```
mv: inter-device move failed: '/calico.conf.tmp' to
'/host/etc/cni/net.d/10-calico.conflist'; unable to remove target:
Permission denied
Failed to mv files. This may be caused by selinux configuration on
the
host, or something else.
```

Note, this isn't a host SELinux configuration issue.

Related:

* https://github.com/poseidon/terraform-render-bootstrap/pull/186
2020-05-09 16:01:44 -07:00
..
cl Enable Kubelet TLS bootstrap and NodeRestriction 2020-04-28 19:35:33 -07:00
workers Enable Kubelet TLS bootstrap and NodeRestriction 2020-04-28 19:35:33 -07:00
ami.tf Rename CLC files and favor Terraform list index syntax 2019-12-28 12:14:01 -08:00
bootstrap.tf Fix Calico install-cni crash loop on Pod restarts 2020-05-09 16:01:44 -07:00
controllers.tf Use Terraform element wrap-around for AWS controllers subnet_id (#714) 2020-04-29 20:41:08 -07:00
LICENSE Add LICENSE to top-level of each module 2017-09-28 20:41:19 -07:00
network.tf Fix terraform fmt 2020-03-31 21:42:51 -07:00
nlb.tf Rename CLC files and favor Terraform list index syntax 2019-12-28 12:14:01 -08:00
outputs.tf Rename bootkube modules to bootstrap 2019-09-14 16:24:32 -07:00
README.md Update Kubernetes from v1.18.1 to v1.18.2 2020-04-16 23:40:52 -07:00
security.tf Enable kube-proxy metrics and allow Prometheus scrapes 2020-01-06 21:11:18 -08:00
ssh.tf Rename CLC files and favor Terraform list index syntax 2019-12-28 12:14:01 -08:00
variables.tf Change container-linux module preference to Flatcar Linux 2020-04-11 14:52:30 -07:00
versions.tf Adopt Terraform v0.12 templatefile function 2019-11-13 16:33:36 -08:00
workers.tf Fix terraform fmt 2020-03-31 21:42:51 -07:00

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

  • Minimal, stable base Kubernetes distribution
  • Declarative infrastructure and configuration
  • Free (freedom and cost) and privacy-respecting
  • Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

Docs

Please see the official docs and the AWS tutorial.