mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-26 17:49:32 +01:00
eda78db08e
* Use docker to run the `kubelet.service` container * Update Kubelet mounts to match Fedora CoreOS * Remove unused `/etc/ssl/certs` mount (see https://github.com/poseidon/typhoon/pull/810) * Remove unused `/usr/share/ca-certificates` mount * Remove `/etc/resolv.conf` mount, Docker default is ok * Change `delete-node.service` to use docker instead of rkt and inline ExecStart, as was done on Fedora CoreOS * Fix permission denied on shutdown `delete-node`, caused by the kubeconfig mount changing with the introduction of node TLS bootstrap Background * podmand, rkt, and runc daemonless container process runners provide advantages over the docker daemon for system containers. Docker requires workarounds for use in systemd units where the ExecStart must tail logs so systemd can monitor the daemonized container. https://github.com/moby/moby/issues/6791 * Why switch then? On Flatcar Linux, podman isn't shipped. rkt works, but isn't developing while container standards continue to move forward. Typhoon has used runc for the Kubelet runner before in Fedora Atomic, but its more low-level. So we're left with Docker, which is less than ideal, but shipped in Flatcar * Flatcar Linux appears to be shifting system components to use docker, which does provide some limited guards against breakages (e.g. Flatcar cannot enable docker live restore)
53 lines
2.3 KiB
Markdown
53 lines
2.3 KiB
Markdown
# Operating Systems
|
|
|
|
Typhoon supports [Fedora CoreOS](https://getfedora.org/coreos/) and [Flatcar Linux](https://www.flatcar-linux.org/). These operating systems were chosen because they offer:
|
|
|
|
* Minimalism and focus on clustered operation
|
|
* Automated and atomic operating system upgrades
|
|
* Declarative and immutable configuration
|
|
* Optimization for containerized applications
|
|
|
|
Together, they diversify Typhoon to support a range of container technologies.
|
|
|
|
* Fedora CoreOS: rpm-ostree, podman, moby
|
|
* Flatcar Linux: Gentoo core, rkt-fly, docker
|
|
|
|
## Host Properties
|
|
|
|
| Property | Flatcar Linux | Fedora CoreOS |
|
|
|-------------------|---------------------------------|---------------|
|
|
| Kernel | ~5.4.x | ~5.8.x |
|
|
| systemd | 245 | 245 |
|
|
| Ignition system | Ignition v2.x spec | Ignition v3.x spec |
|
|
| Container Engine | docker 19.3.12 | docker 19.03.11 |
|
|
| storage driver | overlay2 (extfs) | overlay2 (xfs) |
|
|
| logging driver | json-file | journald |
|
|
| cgroup driver | cgroupfs (except Flatcar edge) | systemd |
|
|
| Networking | systemd-networkd | NetworkManager |
|
|
| Username | core | core |
|
|
|
|
## Kubernetes Properties
|
|
|
|
| Property | Flatcar Linux | Fedora CoreOS |
|
|
|-------------------|-----------------|---------------|
|
|
| single-master | all platforms | all platforms |
|
|
| multi-master | all platforms | all platforms |
|
|
| control plane | static pods | static pods |
|
|
| kubelet image | kubelet [image](https://github.com/poseidon/kubelet) with upstream binary | kubelet [image](https://github.com/poseidon/kubelet) with upstream binary |
|
|
| control plane images | upstream images | upstream images |
|
|
| on-host etcd | rkt-fly | podman |
|
|
| on-host kubelet | docker | podman |
|
|
| CNI plugins | calico, cilium, flannel | calico, cilium, flannel |
|
|
| coordinated drain & OS update | [FLUO](https://github.com/kinvolk/flatcar-linux-update-operator) addon | [fleetlock](https://github.com/poseidon/fleetlock) |
|
|
|
|
## Directory Locations
|
|
|
|
Typhoon conventional directories.
|
|
|
|
| Kubelet setting | Host location |
|
|
|-------------------|--------------------------------|
|
|
| cni-conf-dir | /etc/kubernetes/cni/net.d |
|
|
| pod-manifest-path | /etc/kubernetes/manifests |
|
|
| volume-plugin-dir | /var/lib/kubelet/volumeplugins |
|
|
|