CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
typhoon/digital-ocean/container-linux/kubernetes
History
Dalton Hubble 358854e712 Fix Calico install-cni crash loop on Pod restarts 
* Set a consistent MCS level/range for Calico install-cni
* Note: Rebooting a node was a workaround, because Kubelet
relabels /etc/kubernetes(/cni/net.d)

Background:

* On SELinux enforcing systems, the Calico CNI install-cni
container ran with default SELinux context and a random MCS
pair. install-cni places CNI configs by first creating a
temporary file and then moving them into place, which means
the file MCS categories depend on the containers SELinux
context.
* calico-node Pod restarts creates a new install-cni container
with a different MCS pair that cannot access the earlier
written file (it places configs every time), causing the
init container to error and calico-node to crash loop
* https://github.com/projectcalico/cni-plugin/issues/874

```
mv: inter-device move failed: '/calico.conf.tmp' to
'/host/etc/cni/net.d/10-calico.conflist'; unable to remove target:
Permission denied
Failed to mv files. This may be caused by selinux configuration on
the
host, or something else.
```

Note, this isn't a host SELinux configuration issue.

Related:

* https://github.com/poseidon/terraform-render-bootstrap/pull/186
 		2020-05-09 16:01:44 -07:00
..
cl Enable Kubelet TLS bootstrap and NodeRestriction 2020-04-28 19:35:33 -07:00
LICENSE Add LICENSE to top-level of each module 2017-09-28 20:41:19 -07:00
README.md Update Kubernetes from v1.18.1 to v1.18.2 2020-04-16 23:40:52 -07:00
bootstrap.tf Fix Calico install-cni crash loop on Pod restarts 2020-05-09 16:01:44 -07:00
controllers.tf Fix terraform fmt 2020-03-31 21:42:51 -07:00
network.tf Fix race condition creating DigitalOcean firewall rules 2020-04-19 16:55:02 -07:00
outputs.tf Add Kubelet kubeconfig output for DigitalOcean 2019-12-18 23:20:55 -08:00
ssh.tf Rename CLC files and favor Terraform list index syntax 2019-12-28 12:14:01 -08:00
variables.tf Change `container-linux` module preference to Flatcar Linux 2020-04-11 14:52:30 -07:00
versions.tf Adopt Terraform v0.12 templatefile function 2019-11-13 16:33:36 -08:00
workers.tf Rename Container Linux snippets variable for consistency 2020-03-31 18:25:51 -07:00

README.md

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

  • Minimal, stable base Kubernetes distribution
  • Declarative infrastructure and configuration
  • Free (freedom and cost) and privacy-respecting
  • Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

  • Kubernetes v1.18.2 (upstream)
  • Single or multi-master, Calico or flannel networking
  • On-cluster etcd with TLS, RBAC-enabled, network policy
  • Advanced features like snippets customization
  • Ready for Ingress, Prometheus, Grafana, CSI, and other addons

Docs

Please see the official docs and the Digital Ocean tutorial.