Skip to content
This repository has been archived by the owner on Feb 5, 2020. It is now read-only.

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update ignition and platforms to use kubeconfig-kubelet
Browse files Browse the repository at this point in the history
abhinavdahiya committed Jan 24, 2018
1 parent 7582e62 commit ef28504
Showing 15 changed files with 59 additions and 48 deletions.
6 changes: 3 additions & 3 deletions config.tf
View file
Original file line number Diff line number Diff line change
@@ -70,11 +70,11 @@ variable "tectonic_container_images" {
addon_resizer = "gcr.io/google_containers/addon-resizer:2.1"
awscli = "quay.io/coreos/awscli:025a357f05242fdad6a81e8a6b520098aa65a600"
gcloudsdk = "google/cloud-sdk:178.0.0-alpine"
bootkube = "quay.io/coreos/bootkube:v0.8.1"
etcd = "quay.io/coreos/etcd:v3.2.14"
bootkube = "quay.io/coreos/bootkube:v0.10.0"
etcd = "quay.io/coreos/etcd:v3.1.8"
etcd_operator = "quay.io/coreos/etcd-operator:v0.5.0"
hyperkube = "quay.io/coreos/hyperkube:v1.9.1_coreos.0"
kube_core_renderer = "quay.io/coreos/kube-core-renderer-dev:79403c0864d4a98773d92d01998124c096faf59f"
kube_core_renderer = "quay.io/coreos/kube-core-renderer-dev:f16aec79cfe0b667ac90b0bf1697be5fbc7e3366"
kube_version_operator = "quay.io/coreos/kube-version-operator:v1.8.4-kvo.5"
tectonic_channel_operator = "quay.io/coreos/tectonic-channel-operator:0.6.2"
tectonic_etcd_operator = "quay.io/coreos/tectonic-etcd-operator:v0.0.2"
33 changes: 19 additions & 14 deletions modules/ignition/resources/services/kubelet.service
View file
Original file line number Diff line number Diff line change
@@ -8,6 +8,8 @@ Environment="RKT_RUN_ARGS=--uuid-file-save=/var/cache/kubelet-pod.uuid \
--mount volume=resolv,target=/etc/resolv.conf \
--volume var-lib-cni,kind=host,source=/var/lib/cni \
--mount volume=var-lib-cni,target=/var/lib/cni \
--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet \
--mount volume=var-lib-kubelet,target=/var/lib/kubelet \
--volume var-log,kind=host,source=/var/log \
--mount volume=var-log,target=/var/log"

@@ -16,30 +18,33 @@ ExecStartPre=/bin/mkdir -p /srv/kubernetes/manifests
ExecStartPre=/bin/mkdir -p /etc/kubernetes/checkpoint-secrets
ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
ExecStartPre=/bin/mkdir -p /var/lib/cni
ExecStartPre=/bin/mkdir -p /var/lib/kubelet/pki
${kubeconfig_fetch_cmd}
ExecStartPre=/usr/bin/bash -c "grep 'certificate-authority-data' /etc/kubernetes/kubeconfig | awk '{print $2}' | base64 -d > /etc/kubernetes/ca.crt"
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/cache/kubelet-pod.uuid

ExecStart=/usr/lib/coreos/kubelet-wrapper \
--kubeconfig=/etc/kubernetes/kubeconfig \
--require-kubeconfig \
--cni-conf-dir=/etc/kubernetes/cni/net.d \
--cni-bin-dir=/var/lib/cni/bin \
--network-plugin=cni \
--lock-file=/var/run/lock/kubelet.lock \
--exit-on-lock-contention \
--pod-manifest-path=/etc/kubernetes/manifests \
--allow-privileged \
--node-labels=${node_label} \
${node_taints_param} \
--minimum-container-ttl-duration=6m0s \
--cluster-dns=${cluster_dns_ip} \
--cluster-domain=cluster.local \
--anonymous-auth=false \
--cert-dir=/var/lib/kubelet/pki \
--client-ca-file=/etc/kubernetes/ca.crt \
--cloud-provider=${cloud_provider} \
--cluster-dns=${cluster_dns_ip} \
--cluster-domain=cluster.local \
--cni-bin-dir=/var/lib/cni/bin \
--cni-conf-dir=/etc/kubernetes/cni/net.d \
--exit-on-lock-contention \
--kubeconfig=/etc/kubernetes/kubeconfig \
--lock-file=/var/run/lock/kubelet.lock \
--minimum-container-ttl-duration=6m0s \
--network-plugin=cni \
--node-labels=${node_label} \
--pod-manifest-path=/etc/kubernetes/manifests \
--require-kubeconfig \
--rotate-certificates \
${cloud_provider_config} \
${debug_config} \
--anonymous-auth=false
${node_taints_param}

ExecStop=-/usr/bin/rkt stop --uuid-file=/var/cache/kubelet-pod.uuid

2 changes: 1 addition & 1 deletion platforms/aws/s3.tf
View file
Original file line number Diff line number Diff line change
@@ -48,7 +48,7 @@ resource "aws_s3_bucket_object" "tectonic_assets" {
resource "aws_s3_bucket_object" "kubeconfig" {
bucket = "${aws_s3_bucket.tectonic.bucket}"
key = "kubeconfig"
content = "${module.bootkube.kubeconfig}"
content = "${module.bootkube.kubeconfig-kubelet}"
acl = "private"

# The current Tectonic installer stores bits of the kubeconfig in KMS. As we
5 changes: 3 additions & 2 deletions platforms/aws/tectonic.tf
View file
Original file line number Diff line number Diff line change
@@ -38,8 +38,9 @@ module "bootkube" {
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
kube_ca_key_pem = "${module.kube_certs.ca_key_pem}"
admin_cert_pem = "${module.kube_certs.admin_cert_pem}"
admin_key_pem = "${module.kube_certs.admin_key_pem}"

etcd_endpoints = "${module.dns.etcd_endpoints}"
master_count = "${var.tectonic_master_count}"
4 changes: 2 additions & 2 deletions platforms/azure/main.tf
View file
Original file line number Diff line number Diff line change
@@ -162,7 +162,7 @@ module "masters" {
ign_tectonic_service_id = "${module.tectonic.systemd_service_id}"
ign_tx_off_service_id = "${module.ignition_masters.tx_off_service_id}"
ign_update_ca_certificates_dropin_id = "${module.ignition_masters.update_ca_certificates_dropin_id}"
kubeconfig_content = "${module.bootkube.kubeconfig}"
kubeconfig_content = "${module.bootkube.kubeconfig-kubelet}"
location = "${var.tectonic_azure_location}"
master_count = "${var.tectonic_master_count}"
network_interface_ids = "${module.vnet.master_network_interface_ids}"
@@ -219,7 +219,7 @@ module "workers" {
ign_systemd_default_env_id = "${local.tectonic_http_proxy_enabled ? module.ignition_workers.systemd_default_env_id : ""}"
ign_tx_off_service_id = "${module.ignition_workers.tx_off_service_id}"
ign_update_ca_certificates_dropin_id = "${module.ignition_workers.update_ca_certificates_dropin_id}"
kubeconfig_content = "${module.bootkube.kubeconfig}"
kubeconfig_content = "${module.bootkube.kubeconfig-kubelet}"
location = "${var.tectonic_azure_location}"
network_interface_ids = "${module.vnet.worker_network_interface_ids}"
public_ssh_key = "${var.tectonic_azure_ssh_key}"
5 changes: 3 additions & 2 deletions platforms/azure/tectonic.tf
View file
Original file line number Diff line number Diff line change
@@ -42,8 +42,9 @@ module "bootkube" {
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
kube_ca_key_pem = "${module.kube_certs.ca_key_pem}"
admin_cert_pem = "${module.kube_certs.admin_cert_pem}"
admin_key_pem = "${module.kube_certs.admin_key_pem}"

etcd_endpoints = "${data.template_file.etcd_hostname_list.*.rendered}"

15 changes: 7 additions & 8 deletions platforms/gcp/main.tf
View file
Original file line number Diff line number Diff line change
@@ -71,12 +71,11 @@ module "masters" {
disk_size = "${var.tectonic_gcp_master_disk_size}"
disk_type = "${var.tectonic_gcp_master_disktype}"

region = "${var.tectonic_gcp_region}"
instance_count = "${var.tectonic_master_count}"
machine_type = "${var.tectonic_gcp_master_gce_type}"
cluster_name = "${var.tectonic_cluster_name}"
public_ssh_key = "${var.tectonic_gcp_ssh_key}"
kubeconfig_content = "${module.bootkube.kubeconfig}"
region = "${var.tectonic_gcp_region}"
instance_count = "${var.tectonic_master_count}"
machine_type = "${var.tectonic_gcp_master_gce_type}"
cluster_name = "${var.tectonic_cluster_name}"
public_ssh_key = "${var.tectonic_gcp_ssh_key}"

master_subnetwork_name = "${module.network.master_subnetwork_name}"
master_targetpool_self_link = "${module.network.master_targetpool_self_link}"
@@ -104,7 +103,7 @@ module "masters" {
ign_tectonic_service_id = "${module.tectonic.systemd_service_id}"
image_re = "${var.tectonic_image_re}"
instance_count = "${var.tectonic_master_count}"
kubeconfig_content = "${module.bootkube.kubeconfig}"
kubeconfig_content = "${module.bootkube.kubeconfig-kubelet}"
machine_type = "${var.tectonic_gcp_master_gce_type}"
master_subnetwork_name = "${module.network.master_subnetwork_name}"
master_targetpool_self_link = "${module.network.master_targetpool_self_link}"
@@ -133,7 +132,7 @@ module "workers" {
ign_profile_env_id = "${local.tectonic_http_proxy_enabled ? module.ignition_workers.profile_env_id : ""}"
ign_systemd_default_env_id = "${local.tectonic_http_proxy_enabled ? module.ignition_workers.systemd_default_env_id : ""}"
instance_count = "${var.tectonic_worker_count}"
kubeconfig_content = "${module.bootkube.kubeconfig}"
kubeconfig_content = "${module.bootkube.kubeconfig-kubelet}"
machine_type = "${var.tectonic_gcp_worker_gce_type}"
public_ssh_key = "${var.tectonic_gcp_ssh_key}"
region = "${var.tectonic_gcp_region}"
5 changes: 3 additions & 2 deletions platforms/gcp/tectonic.tf
View file
Original file line number Diff line number Diff line change
@@ -50,8 +50,9 @@ module "bootkube" {
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
kube_ca_key_pem = "${module.kube_certs.ca_key_pem}"
admin_cert_pem = "${module.kube_certs.admin_cert_pem}"
admin_key_pem = "${module.kube_certs.admin_key_pem}"

cloud_config_path = ""
etcd_endpoints = "${data.template_file.etcd_hostname_list.*.rendered}"
2 changes: 1 addition & 1 deletion platforms/govcloud/s3.tf
View file
Original file line number Diff line number Diff line change
@@ -48,7 +48,7 @@ resource "aws_s3_bucket_object" "tectonic_assets" {
resource "aws_s3_bucket_object" "kubeconfig" {
bucket = "${aws_s3_bucket.tectonic.bucket}"
key = "kubeconfig"
content = "${module.bootkube.kubeconfig}"
content = "${module.bootkube.kubeconfig-kubelet}"
acl = "private"

# The current Tectonic installer stores bits of the kubeconfig in KMS. As we
5 changes: 3 additions & 2 deletions platforms/govcloud/tectonic.tf
View file
Original file line number Diff line number Diff line change
@@ -39,8 +39,9 @@ module "bootkube" {
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
kube_ca_key_pem = "${module.kube_certs.ca_key_pem}"
admin_cert_pem = "${module.kube_certs.admin_cert_pem}"
admin_key_pem = "${module.kube_certs.admin_key_pem}"

etcd_endpoints = "${module.dns.etcd_endpoints}"
master_count = "${var.tectonic_master_count}"
2 changes: 1 addition & 1 deletion platforms/metal/remote.tf
View file
Original file line number Diff line number Diff line change
@@ -62,7 +62,7 @@ resource "null_resource" "kubeconfig" {
}

provisioner "file" {
content = "${module.bootkube.kubeconfig}"
content = "${module.bootkube.kubeconfig-kubelet}"
destination = "$HOME/kubeconfig"
}

5 changes: 3 additions & 2 deletions platforms/metal/tectonic.tf
View file
Original file line number Diff line number Diff line change
@@ -35,8 +35,9 @@ module "bootkube" {
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
kube_ca_key_pem = "${module.kube_certs.ca_key_pem}"
admin_cert_pem = "${module.kube_certs.admin_cert_pem}"
admin_key_pem = "${module.kube_certs.admin_key_pem}"

etcd_endpoints = "${split(",",
length(compact(var.tectonic_etcd_servers)) == 0
9 changes: 5 additions & 4 deletions platforms/openstack/neutron/main.tf
View file
Original file line number Diff line number Diff line change
@@ -83,8 +83,9 @@ module "bootkube" {
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
kube_ca_key_pem = "${module.kube_certs.ca_key_pem}"
admin_cert_pem = "${module.kube_certs.admin_cert_pem}"
admin_key_pem = "${module.kube_certs.admin_key_pem}"

etcd_endpoints = "${module.dns.etcd_a_nodes}"

@@ -224,7 +225,7 @@ EOF
ign_tectonic_service_id = "${module.tectonic.systemd_service_id}"
ign_update_ca_certificates_dropin_id = "${module.ignition_masters.update_ca_certificates_dropin_id}"
instance_count = "${var.tectonic_master_count}"
kubeconfig_content = "${module.bootkube.kubeconfig}"
kubeconfig_content = "${module.bootkube.kubeconfig-kubelet}"
}

module "ignition_workers" {
@@ -271,7 +272,7 @@ EOF
ign_systemd_default_env_id = "${local.tectonic_http_proxy_enabled ? module.ignition_workers.systemd_default_env_id : ""}"
ign_update_ca_certificates_dropin_id = "${module.ignition_workers.update_ca_certificates_dropin_id}"
instance_count = "${var.tectonic_worker_count}"
kubeconfig_content = "${module.bootkube.kubeconfig}"
kubeconfig_content = "${module.bootkube.kubeconfig-kubelet}"
}

module "secrets" {
4 changes: 2 additions & 2 deletions platforms/vmware/main.tf
View file
Original file line number Diff line number Diff line change
@@ -92,7 +92,7 @@ module "masters" {
image_re = "${var.tectonic_image_re}"
instance_count = "${var.tectonic_master_count}"
ip_address = "${var.tectonic_vmware_master_ip}"
kubeconfig = "${module.bootkube.kubeconfig}"
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
private_key = "${var.tectonic_vmware_ssh_private_key_path}"
vm_disk_datastores = "${var.tectonic_vmware_master_datastores}"
vm_disk_template = "${var.tectonic_vmware_vm_template}"
@@ -150,7 +150,7 @@ module "workers" {
image_re = "${var.tectonic_image_re}"
instance_count = "${var.tectonic_worker_count}"
ip_address = "${var.tectonic_vmware_worker_ip}"
kubeconfig = "${module.bootkube.kubeconfig}"
kubeconfig = "${module.bootkube.kubeconfig-kubelet}"
private_key = "${var.tectonic_vmware_ssh_private_key_path}"
vm_disk_datastores = "${var.tectonic_vmware_worker_datastores}"
vm_disk_template = "${var.tectonic_vmware_vm_template}"
5 changes: 3 additions & 2 deletions platforms/vmware/tectonic.tf
View file
Original file line number Diff line number Diff line change
@@ -78,8 +78,9 @@ module "bootkube" {
etcd_server_cert_pem = "${module.etcd_certs.etcd_server_crt_pem}"
etcd_server_key_pem = "${module.etcd_certs.etcd_server_key_pem}"
kube_ca_cert_pem = "${module.kube_certs.ca_cert_pem}"
kubelet_cert_pem = "${module.kube_certs.kubelet_cert_pem}"
kubelet_key_pem = "${module.kube_certs.kubelet_key_pem}"
kube_ca_key_pem = "${module.kube_certs.ca_key_pem}"
admin_cert_pem = "${module.kube_certs.admin_cert_pem}"
admin_key_pem = "${module.kube_certs.admin_key_pem}"

etcd_endpoints = "${formatlist("%s.%s", values(var.tectonic_vmware_etcd_hostnames), var.tectonic_base_domain)}"

0 comments on commit ef28504

Please sign in to comment.