typhoon/google-cloud/fedora-coreos/kubernetes
Dalton Hubble 358854e712 Fix Calico install-cni crash loop on Pod restarts
* Set a consistent MCS level/range for Calico install-cni
* Note: Rebooting a node was a workaround, because Kubelet
relabels /etc/kubernetes(/cni/net.d)

Background:

* On SELinux enforcing systems, the Calico CNI install-cni
container ran with default SELinux context and a random MCS
pair. install-cni places CNI configs by first creating a
temporary file and then moving them into place, which means
the file MCS categories depend on the containers SELinux
context.
* calico-node Pod restarts creates a new install-cni container
with a different MCS pair that cannot access the earlier
written file (it places configs every time), causing the
init container to error and calico-node to crash loop
* https://github.com/projectcalico/cni-plugin/issues/874

```
mv: inter-device move failed: '/calico.conf.tmp' to
'/host/etc/cni/net.d/10-calico.conflist'; unable to remove target:
Permission denied
Failed to mv files. This may be caused by selinux configuration on
the
host, or something else.
```

Note, this isn't a host SELinux configuration issue.

Related:

* https://github.com/poseidon/terraform-render-bootstrap/pull/186
2020-05-09 16:01:44 -07:00
..
fcc Enable Kubelet TLS bootstrap and NodeRestriction 2020-04-28 19:35:33 -07:00
workers Use Fedora CoreOS image streams on Google Cloud 2020-05-08 01:23:12 -07:00
apiserver.tf Add module for Fedora CoreOS on Google Cloud 2020-02-01 15:21:40 -08:00
bootstrap.tf Fix Calico install-cni crash loop on Pod restarts 2020-05-09 16:01:44 -07:00
controllers.tf Use Fedora CoreOS image streams on Google Cloud 2020-05-08 01:23:12 -07:00
image.tf Use Fedora CoreOS image streams on Google Cloud 2020-05-08 01:23:12 -07:00
ingress.tf Add module for Fedora CoreOS on Google Cloud 2020-02-01 15:21:40 -08:00
LICENSE Add module for Fedora CoreOS on Google Cloud 2020-02-01 15:21:40 -08:00
network.tf Add module for Fedora CoreOS on Google Cloud 2020-02-01 15:21:40 -08:00
outputs.tf Add module for Fedora CoreOS on Google Cloud 2020-02-01 15:21:40 -08:00
README.md Update Kubernetes from v1.18.1 to v1.18.2 2020-04-16 23:40:52 -07:00
ssh.tf Add module for Fedora CoreOS on Google Cloud 2020-02-01 15:21:40 -08:00
variables.tf Use Fedora CoreOS image streams on Google Cloud 2020-05-08 01:23:12 -07:00
versions.tf Add module for Fedora CoreOS on Google Cloud 2020-02-01 15:21:40 -08:00
workers.tf Use Fedora CoreOS image streams on Google Cloud 2020-05-08 01:23:12 -07:00

Typhoon

Typhoon is a minimal and free Kubernetes distribution.

  • Minimal, stable base Kubernetes distribution
  • Declarative infrastructure and configuration
  • Free (freedom and cost) and privacy-respecting
  • Practical for labs, datacenters, and clouds

Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.

Features

Docs

Please see the official docs and the Google Cloud tutorial.