From 2996a2ce99bbfdb00691be7b8faa572d481843b5 Mon Sep 17 00:00:00 2001 From: Nemric <56299157+Nemric@users.noreply.github.com> Date: Sun, 27 Oct 2024 22:17:32 +0100 Subject: [PATCH] Initial commit --- KoreOS/calico.config.template.yaml | 26 ++++++++++ KoreOS/environment.conf | 10 ++++ KoreOS/join.config.template.yaml | 18 +++++++ KoreOS/kubeadm.config.template.yaml | 40 ++++++++++++++++ README.md | 64 ++++++++++++++++++++++++- controller.bu | 36 ++++++++++++++ merge/KoreOS-cri-o.bu | 26 ++++++++++ merge/KoreOS-dependencies-controller.bu | 64 +++++++++++++++++++++++++ merge/KoreOS-dependencies-worker.bu | 34 +++++++++++++ merge/KoreOS-etc-mount.bu | 18 +++++++ merge/KoreOS-installer.bu | 34 +++++++++++++ merge/KoreOS-kubelet-controller.bu | 55 +++++++++++++++++++++ merge/KoreOS-kubelet-worker.bu | 55 +++++++++++++++++++++ merge/KoreOS-services-conf.bu | 13 +++++ merge/KoreOS-ssh-key.bu | 8 ++++ merge/KoreOS-template-controller.bu | 21 ++++++++ merge/KoreOS-template-worker.bu | 20 ++++++++ updateignitions.sh | 61 +++++++++++++++++++++++ worker.bu | 35 ++++++++++++++ 19 files changed, 637 insertions(+), 1 deletion(-) create mode 100644 KoreOS/calico.config.template.yaml create mode 100644 KoreOS/environment.conf create mode 100644 KoreOS/join.config.template.yaml create mode 100644 KoreOS/kubeadm.config.template.yaml create mode 100644 controller.bu create mode 100644 merge/KoreOS-cri-o.bu create mode 100644 merge/KoreOS-dependencies-controller.bu create mode 100644 merge/KoreOS-dependencies-worker.bu create mode 100644 merge/KoreOS-etc-mount.bu create mode 100644 merge/KoreOS-installer.bu create mode 100644 merge/KoreOS-kubelet-controller.bu create mode 100644 merge/KoreOS-kubelet-worker.bu create mode 100644 merge/KoreOS-services-conf.bu create mode 100644 merge/KoreOS-ssh-key.bu create mode 100644 merge/KoreOS-template-controller.bu create mode 100644 merge/KoreOS-template-worker.bu create mode 100755 updateignitions.sh create mode 100644 worker.bu diff --git a/KoreOS/calico.config.template.yaml b/KoreOS/calico.config.template.yaml new file mode 100644 index 0000000..7220a8c --- /dev/null +++ b/KoreOS/calico.config.template.yaml @@ -0,0 +1,26 @@ +# This section includes base Calico installation configuration. +# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.Installation +apiVersion: operator.tigera.io/v1 +kind: Installation +metadata: + name: default +spec: + # Configures Calico networking. + calicoNetwork: + # Note: The ipPools section cannot be modified post-install. + ipPools: + - blockSize: 26 + cidr: $KOREOS_POD_SUBNET_CIDR + encapsulation: VXLANCrossSubnet + natOutgoing: Enabled + nodeSelector: all() + flexVolumePath: /var/lib/kubelet/volumeplugins +--- + +# This section configures the Calico API server. +# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer +apiVersion: operator.tigera.io/v1 +kind: APIServer +metadata: + name: default +spec: {} \ No newline at end of file diff --git a/KoreOS/environment.conf b/KoreOS/environment.conf new file mode 100644 index 0000000..c05a32a --- /dev/null +++ b/KoreOS/environment.conf @@ -0,0 +1,10 @@ +[Service] +Environment=KOREOS_CRIO_VERSION=v1.31.1 +Environment=LIBEXECDIR=/usr/local # https://github.com/cri-o/packaging/issues/150 +Environment=KOREOS_KUBERNETES_VERSION=v1.31.2 +Environment=KOREOS_CLUSTER_NAME="your cluster name here" +Environment=KOREOS_DNS_DOMAIN="your cluster dns name here" +Environment=KOREOS_POD_SUBNET_CIDR=10.0.0.0/16 +Environment=KOREOS_SERVICE_SUBNET_CIDR=10.96.0.0/12 +Environment=KOREOS_HOSTNAME=%l +Environment=KOREOS_CONTROL_PLANE_ENDPOINT="cluster FQDN and port 'eg. cluter.domain:6443" \ No newline at end of file diff --git a/KoreOS/join.config.template.yaml b/KoreOS/join.config.template.yaml new file mode 100644 index 0000000..6069d92 --- /dev/null +++ b/KoreOS/join.config.template.yaml @@ -0,0 +1,18 @@ +apiVersion: kubeadm.k8s.io/v1beta3 +kind: JoinConfiguration +caCertPath: /etc/kubernetes/pki/ca.crt +discovery: + bootstrapToken: + apiServerEndpoint: $KOREOS_CONTROL_PLANE_ENDPOINT + token: + caCertHashes: + - + timeout: 5m0s +nodeRegistration: + criSocket: unix:///run/crio/crio.sock + imagePullPolicy: IfNotPresent + name: $KOREOS_HOSTNAME + taints: null + ignorePreflightErrors: + - KubeletVersion + - FileExisting-conntrack \ No newline at end of file diff --git a/KoreOS/kubeadm.config.template.yaml b/KoreOS/kubeadm.config.template.yaml new file mode 100644 index 0000000..85a7bbc --- /dev/null +++ b/KoreOS/kubeadm.config.template.yaml @@ -0,0 +1,40 @@ +apiVersion: kubeadm.k8s.io/v1beta3 +kind: ClusterConfiguration +kubernetesVersion: $KOREOS_KUBERNETES_VERSION +clusterName: $KOREOS_CLUSTER_NAME +controlPlaneEndpoint: $KOREOS_CONTROL_PLANE_ENDPOINT +certificatesDir: /etc/kubernetes/pki +imageRepository: registry.k8s.io +apiServer: + timeoutForControlPlane: 4m0s +controllerManager: + extraArgs: + flex-volume-plugin-dir: /var/lib/kubelet/volumeplugins +dns: {} +etcd: + local: + dataDir: /var/lib/etcd +networking: + dnsDomain: $KOREOS_DNS_DOMAIN + serviceSubnet: $KOREOS_SERVICE_SUBNET_CIDR + podSubnet: $KOREOS_POD_SUBNET_CIDR +scheduler: {} +--- +apiVersion: kubeadm.k8s.io/v1beta3 +kind: InitConfiguration +nodeRegistration: + criSocket: unix:///run/crio/crio.sock + ignorePreflightErrors: + - KubeletVersion + - FileExisting-conntrack +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +failSwapOn: false +featureGates: + NodeSwap: true +memorySwap: + swapBehavior: LimitedSwap +volumePluginDir: /var/lib/kubelet/volumeplugins +containerRuntimeEndpoint: unix:///run/crio/crio.sock +cgroupDriver: systemd diff --git a/README.md b/README.md index 9663b09..339dab2 100644 --- a/README.md +++ b/README.md @@ -1 +1,63 @@ -# KoreOS \ No newline at end of file +# KoreOS + +The name come from ... CoreOS and the fact that every things relative to kubernetes contains a K :D so, it's not a clever name + +## Prerequisites + +You should know FedoraCoreOS quite well and how to write `*.bu` files and convert them to `*.ign` files : see + +I'm used to rely on a PXE boot server and a Http server for provisioning and everything here is more or less based on this in mind. + +You should have some k8s/kubeadm basics in your bag ! + +## Feel free to contribute + +As the first readme file everything needs to be done + +This is a real WIP, I did promise it on so I deliver my work as is + +This work has been possible thanks to GOAT and his great idea + +## How to use it ? + +### ./KoreOS/environment.conf + +Contains some variables used for provisionning, change it with you favorite values, typîcally : + +```ini +[Service] +Environment=KOREOS_CRIO_VERSION=v1.31.1 +# https://github.com/cri-o/packaging/issues/150 +Environment=LIBEXECDIR=/usr/local +Environment=KOREOS_KUBERNETES_VERSION=v1.31.2 +Environment=KOREOS_CLUSTER_NAME=MyCLuster +Environment=KOREOS_DNS_DOMAIN=MyCluster.MyDomain +Environment=KOREOS_POD_SUBNET_CIDR=10.0.0.0/16 +Environment=KOREOS_SERVICE_SUBNET_CIDR=10.96.0.0/12 +Environment=KOREOS_HOSTNAME=%l +Environment=KOREOS_CONTROL_PLANE_ENDPOINT=mycluster.mydomain:6443 +``` + +`KOREOS_POD_SUBNET_CIDR` and `KOREOS_SERVICE_SUBNET_CIDR` are default values from Kubernetes documentation. + +### ./merge/KoreOS-dependencies-xxx.bu + +These 2 files contain some other dependencies not linked to `environment.conf` but you should set same version numbers. + +### controller.bu and worker.bu + +These files contain some node specific informations like `storage` or `hostname file` and the links to you http(s) server where ign files are stored/published + +I don't know how to manage multiple master nodes ... feel free to contribute +You will have to duplicate worker.bu for each worker node + +## updateignitions.sh + +A small script that will convert `*.bu` files in `*.ign` files and if you want can publish them via ssh on your web server. + +## The right way ... + +You should start your cluster with the master/controller node and wait for `koreos-installer.service` (from KoreOS-installer.ign) to finish. +Then you can check the logs with `journalctl -eu koreos-installer.service` and get the token like `kzh5ow.k7658m9zlmec5cni` and the caCertHashes: like `sha256:e46b74d087a9b14ebb03f7f65d75944a8dead52d0dddc654aa9878985ff9b0be` + +You can boot your worker nodes and then connect them via ssh and `cd /opt/koreos` and update the `join.config.yaml` with token and caCertHashes taken from master node and then run `sudo kubeadm join --config join.config.yaml` diff --git a/controller.bu b/controller.bu new file mode 100644 index 0000000..20ef683 --- /dev/null +++ b/controller.bu @@ -0,0 +1,36 @@ +variant: fcos +version: 1.5.0 + +ignition: + security: + tls: + certificate_authorities: + - source: http://YourHttpServerName:port/path/YourCertificate.crt + verification: + hash: sha256-xxxxx + + config: + merge: + - source: https://YourHttpServerName:port/ign/KoreOS-ssh-key.ign + - source: https://YourHttpServerName:port/ign/KoreOS-cri-o.ign + - source: https://YourHttpServerName:port/ign/KoreOS-installer.ign + - source: https://YourHttpServerName:port/ign/KoreOS-etc-mount.ign + - source: https://YourHttpServerName:port/ign/KoreOS-services-conf.ign + - source: https://YourHttpServerName:port/ign/KoreOS-kubelet-controller.ign + - source: https://YourHttpServerName:port/ign/KoreOS-dependencies-controller.ign + - source: https://YourHttpServerName:port/ign/KoreOS-template-controller.ign + +storage: + filesystems: + - path: /var + device: /dev/sda + format: xfs + label: Var + wipe_filesystem: true + with_mount_unit: true + + files: + - path: /etc/hostname + mode: 0644 + contents: + inline: NodeName \ No newline at end of file diff --git a/merge/KoreOS-cri-o.bu b/merge/KoreOS-cri-o.bu new file mode 100644 index 0000000..a89533a --- /dev/null +++ b/merge/KoreOS-cri-o.bu @@ -0,0 +1,26 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: crio-installer.service + enabled: true + dropins: + - name: env.conf + contents_local: KoreOS/environment.conf + contents: | + [Unit] + Description=Install crio + Before=kubelet.service + After=network-online.target + + [Service] + TimeoutSec=300 + Type=oneshot + RemainAfterExit=true + ExecStartPre=/usr/bin/bash -c 'curl -vL https://storage.googleapis.com/cri-o/artifacts/cri-o.amd64.${KOREOS_CRIO_VERSION}.tar.gz | tar -xz --directory /opt' + ExecStart=/usr/bin/bash -c 'cd /opt/cri-o && ./install' + ExecStart=/usr/bin/systemctl enable --now crio.service + + [Install] + WantedBy=multi-user.target \ No newline at end of file diff --git a/merge/KoreOS-dependencies-controller.bu b/merge/KoreOS-dependencies-controller.bu new file mode 100644 index 0000000..a6e4cb8 --- /dev/null +++ b/merge/KoreOS-dependencies-controller.bu @@ -0,0 +1,64 @@ +variant: fcos +version: 1.5.0 + +storage: + files: + - path: /opt/koreos/tigera-operator.yaml + mode: 0751 + overwrite: true + contents: + source: https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/tigera-operator.yaml + + - path: /usr/local/bin/calicoctl + mode: 0751 + overwrite: true + contents: + source: https://github.com/projectcalico/calico/releases/download/v3.28.2/calicoctl-linux-amd64 + + - path: /usr/local/bin/kubeadm + mode: 0751 + overwrite: true + contents: + source: https://dl.k8s.io/release/v1.31.2/bin/linux/amd64/kubeadm + + - path: /usr/local/bin/kubectl + mode: 0751 + overwrite: true + contents: + source: https://dl.k8s.io/release/v1.31.2/bin/linux/amd64/kubectl + + - path: /var/lib/calico/nodename + mode: 0644 + overwrite: true + contents: + inline: $HOSTNAME + + - path: /var/lib/calico/mtu + mode: 0644 + overwrite: true + contents: + inline: "1450" + + - path: /opt/koreos/templates/calico.config.template.yaml + mode: 0644 + overwrite: true + contents: + local: KoreOS/calico.config.template.yaml + + - path: /opt/koreos/templates/kubeadm.config.template.yaml + mode: 0644 + overwrite: true + contents: + local: KoreOS/kubeadm.config.template.yaml + + - path: /etc/profile.d/kubeCLI_completions.sh + contents: + inline: | + source <(kubectl completion bash) + source <(kubeadm completion bash) + + directories: + - path: /opt/cni/bin + - path: /etc/cni/net.d + - path: /var/lib/kubelet/volumeplugins + - path: /var/lib/kubernetes/manifests \ No newline at end of file diff --git a/merge/KoreOS-dependencies-worker.bu b/merge/KoreOS-dependencies-worker.bu new file mode 100644 index 0000000..75f3f17 --- /dev/null +++ b/merge/KoreOS-dependencies-worker.bu @@ -0,0 +1,34 @@ +variant: fcos +version: 1.5.0 + +storage: + files: + - path: /usr/local/bin/kubeadm + mode: 0751 + overwrite: true + contents: + source: https://dl.k8s.io/release/v1.31.2/bin/linux/amd64/kubeadm + + - path: /usr/local/bin/kubectl + mode: 0751 + overwrite: true + contents: + source: https://dl.k8s.io/release/v1.31.2/bin/linux/amd64/kubectl + + - path: /opt/koreos/templates/join.config.template.yaml + mode: 0644 + overwrite: true + contents: + local: KoreOS/join.config.template.yaml + + - path: /etc/profile.d/kubeCLI_completions.sh + contents: + inline: | + source <(kubectl completion bash) + source <(kubeadm completion bash) + + directories: + - path: /opt/cni/bin + - path: /etc/cni/net.d + - path: /var/lib/kubelet/volumeplugins + - path: /var/lib/kubernetes/manifests \ No newline at end of file diff --git a/merge/KoreOS-etc-mount.bu b/merge/KoreOS-etc-mount.bu new file mode 100644 index 0000000..8f9c659 --- /dev/null +++ b/merge/KoreOS-etc-mount.bu @@ -0,0 +1,18 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: etc-kubernetes.mount + enabled: true + contents: | + [Unit] + Description=Bind mount for etc/kubernetes + + [Mount] + What=/var/lib/kubernetes + Where=/etc/kubernetes + Options=bind + + [Install] + WantedBy=multi-user.target \ No newline at end of file diff --git a/merge/KoreOS-installer.bu b/merge/KoreOS-installer.bu new file mode 100644 index 0000000..db22656 --- /dev/null +++ b/merge/KoreOS-installer.bu @@ -0,0 +1,34 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: koreos-installer.service + enabled: true + contents: | + [Unit] + Description=Install KoreOS + RequiresMountsFor=/etc/kubernetes + After=network-online.target crio-installer.service crio.service koreos-template.service + Wants=crio.service koreos-template.service + + [Service] + TimeoutSec=300 + Type=oneshot + RemainAfterExit=true + ExecStartPre=/usr/local/bin/kubeadm config images pull --config /opt/koreos/kubeadm.config.yaml + ExecStart=/usr/local/bin/kubeadm init --v=5 --config /opt/koreos/kubeadm.config.yaml + ExecStartPost=/usr/bin/install -D -o root -g root /etc/kubernetes/super-admin.conf /root/.kube/config + ExecStartPost=/usr/bin/install -d -o core -g core /home/core/.kube + ExecStartPost=/usr/bin/install -o core -g core /etc/kubernetes/admin.conf /home/core/.kube/config + ExecStartPost=/usr/local/bin/kubectl --kubeconfig /root/.kube/config cluster-info + ExecStartPost=/usr/local/bin/kubectl wait --kubeconfig /root/.kube/config nodes --all --for condition=Ready + ExecStartPost=/usr/local/bin/kubectl wait --kubeconfig /root/.kube/config --all-namespaces deployments --all --for condition=Available --timeout=60s + ExecStartPost=/usr/local/bin/kubectl wait --kubeconfig /root/.kube/config --all-namespaces pods --all --for condition=Ready + ExecStartPost=/usr/local/bin/kubectl create --kubeconfig /root/.kube/config -f /opt/koreos/tigera-operator.yaml + ExecStartPost=/usr/local/bin/kubectl wait --kubeconfig /root/.kube/config --namespace tigera-operator deployments --all --for condition=Available --timeout=60s + ExecStartPost=/usr/local/bin/kubectl create --kubeconfig /root/.kube/config -f /opt/koreos/calico.config.yaml + + [Install] + WantedBy=multi-user.target + \ No newline at end of file diff --git a/merge/KoreOS-kubelet-controller.bu b/merge/KoreOS-kubelet-controller.bu new file mode 100644 index 0000000..c9600e7 --- /dev/null +++ b/merge/KoreOS-kubelet-controller.bu @@ -0,0 +1,55 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: kubelet.service + enabled: true + dropins: + - name: env.conf + contents_local: KoreOS/environment.conf + contents: | + [Unit] + Description=Kubelet (System Container) + Wants=network-online.target rpc-statd.service + Requires=network-online.target crio.service + After=crio.service crio-installer.service + RequiresMountsFor=/etc/kubernetes + + [Service] + ExecStartPre=/usr/bin/podman pull quay.io/poseidon/kubelet:${KOREOS_KUBERNETES_VERSION} + ExecStart=/usr/bin/podman run \ + --name %N \ + --log-driver journald \ + --privileged \ + --pid host \ + --network host \ + --name %N \ + --replace \ + --rm \ + --volume /etc/cni/net.d:/etc/cni/net.d:ro,z \ + --volume /etc/kubernetes:/etc/kubernetes:ro,z \ + --volume /usr/lib/os-release:/etc/os-release:ro \ + --volume /etc/machine-id:/etc/machine-id:ro \ + --volume /lib/modules:/lib/modules:ro \ + --volume /run:/run \ + --volume /sys/fs/cgroup:/sys/fs/cgroup \ + --volume /etc/selinux:/etc/selinux \ + --volume /sys/fs/selinux:/sys/fs/selinux \ + --volume /var/lib/calico:/var/lib/calico:ro \ + --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ + --volume /var/log:/var/log \ + --volume /var/run/lock:/var/run/lock:z \ + --volume /opt/cni/bin:/opt/cni/bin:z \ + --volume /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay:ro \ + quay.io/poseidon/kubelet:${KOREOS_KUBERNETES_VERSION} \ + --config=/var/lib/kubelet/config.yaml \ + --kubeconfig=/etc/kubernetes/kubelet.conf + ExecStop=-/usr/bin/podman stop kubelet + Delegate=yes + Restart=always + RestartSec=10 + + [Install] + WantedBy=multi-user.target + \ No newline at end of file diff --git a/merge/KoreOS-kubelet-worker.bu b/merge/KoreOS-kubelet-worker.bu new file mode 100644 index 0000000..48e474b --- /dev/null +++ b/merge/KoreOS-kubelet-worker.bu @@ -0,0 +1,55 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: kubelet.service + enabled: true + dropins: + - name: env.conf + contents_local: KoreOS/environment.conf + contents: | + [Unit] + Description=Kubelet (System Container) + Wants=network-online.target + Requires=network-online.target crio.service + After=crio.service crio-installer.service + RequiresMountsFor=/etc/kubernetes + + [Service] + ExecStartPre=/usr/bin/podman pull quay.io/poseidon/kubelet:${KOREOS_KUBERNETES_VERSION} + ExecStart=/usr/bin/podman run \ + --name %N \ + --log-driver journald \ + --privileged \ + --pid host \ + --network host \ + --name %N \ + --replace \ + --rm \ + --volume /etc/cni/net.d:/etc/cni/net.d:ro,z \ + --volume /etc/kubernetes:/etc/kubernetes:rw,z \ + --volume /usr/lib/os-release:/etc/os-release:ro \ + --volume /etc/machine-id:/etc/machine-id:ro \ + --volume /lib/modules:/lib/modules:ro \ + --volume /run:/run \ + --volume /sys/fs/cgroup:/sys/fs/cgroup \ + --volume /etc/selinux:/etc/selinux \ + --volume /sys/fs/selinux:/sys/fs/selinux \ + --volume /var/lib/kubelet:/var/lib/kubelet:rshared,z \ + --volume /var/log:/var/log \ + --volume /var/run/lock:/var/run/lock:z \ + --volume /opt/cni/bin:/opt/cni/bin:z \ + --volume /var/lib/containers/storage/overlay:/var/lib/containers/storage/overlay:ro \ + quay.io/poseidon/kubelet:${KOREOS_KUBERNETES_VERSION} \ + --kubeconfig=/etc/kubernetes/kubelet.conf \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --config=/var/lib/kubelet/config.yaml + ExecStop=-/usr/bin/podman stop kubelet + Delegate=yes + Restart=always + RestartSec=10 + + [Install] + WantedBy=multi-user.target + \ No newline at end of file diff --git a/merge/KoreOS-services-conf.bu b/merge/KoreOS-services-conf.bu new file mode 100644 index 0000000..7c292ee --- /dev/null +++ b/merge/KoreOS-services-conf.bu @@ -0,0 +1,13 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: containerd.service + mask: true + - name: docker.service + mask: true + - name: docker.socket + mask: true + - name: iscsid.service + enabled: true \ No newline at end of file diff --git a/merge/KoreOS-ssh-key.bu b/merge/KoreOS-ssh-key.bu new file mode 100644 index 0000000..243d066 --- /dev/null +++ b/merge/KoreOS-ssh-key.bu @@ -0,0 +1,8 @@ +variant: fcos +version: 1.5.0 + +passwd: + users: + - name: core + ssh_authorized_keys: + - ssh-ed25519 xxxxx diff --git a/merge/KoreOS-template-controller.bu b/merge/KoreOS-template-controller.bu new file mode 100644 index 0000000..299c212 --- /dev/null +++ b/merge/KoreOS-template-controller.bu @@ -0,0 +1,21 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: koreos-template.service + enabled: true + dropins: + - name: env.conf + contents_local: KoreOS/environment.conf + contents: | + [Unit] + Description=Update KoreOS configs + + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/usr/bin/bash -c 'envsubst < /opt/koreos/templates/kubeadm.config.template.yaml > /opt/koreos/kubeadm.config.yaml' + ExecStart=/usr/bin/bash -c 'envsubst < /opt/koreos/templates/calico.config.template.yaml > /opt/koreos/calico.config.yaml' + [Install] + WantedBy=multi-user.target \ No newline at end of file diff --git a/merge/KoreOS-template-worker.bu b/merge/KoreOS-template-worker.bu new file mode 100644 index 0000000..2477479 --- /dev/null +++ b/merge/KoreOS-template-worker.bu @@ -0,0 +1,20 @@ +variant: fcos +version: 1.5.0 + +systemd: + units: + - name: koreos-template.service + enabled: true + dropins: + - name: env.conf + contents_local: KoreOS/environment.conf + contents: | + [Unit] + Description=Update KoreOS configs + + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/usr/bin/bash -c 'envsubst < /opt/koreos/templates/join.config.template.yaml > /opt/koreos/join.config.yaml' + [Install] + WantedBy=multi-user.target \ No newline at end of file diff --git a/updateignitions.sh b/updateignitions.sh new file mode 100755 index 0000000..d26e8b7 --- /dev/null +++ b/updateignitions.sh @@ -0,0 +1,61 @@ +#!/bin/bash +scp_to="user@server:/www/ign/" + +butane() +{ + podman run --rm --tty --interactive \ + --security-opt label=disable --log-driver=none \ + --volume ${PWD}:/pwd --workdir /pwd \ + quay.io/coreos/butane:release \ + --pretty --strict --files-dir=/pwd $1 > $2 +} + +validate() +{ + podman run --rm --tty --interactive \ + --security-opt label=disable --log-driver=none \ + --volume ${PWD}:/pwd --workdir /pwd \ + quay.io/coreos/ignition-validate:release $1 +} + +read -n 1 -p "send files to $scp_to ? (y/n) :" send + +echo "" + +podman pull quay.io/coreos/butane:release +podman pull quay.io/coreos/ignition-validate:release +mkdir -p ignitions + +for f in $(find . -type f -name "*.bu") +do + file=${f%.*} + + butane_file=$file.bu + ign_file=./ignitions/$(basename "$file.ign") + + echo "creating $ign_file from $butane_file" + butane $butane_file $ign_file + + case ${?} in + 0) + echo "Done" + echo "validating $ign_file" + + validate $ign_file + case ${?} in + 0) + echo "Done" + if [[ $send =~ ^(y|Y)$ ]] + then + echo "sending to $scp_to" + scp -4 $ign_file $scp_to + echo "Done" + fi;; + *) + echo "failed";; + esac;; + *) + echo "failed" + cat $ign_file;; + esac +done \ No newline at end of file diff --git a/worker.bu b/worker.bu new file mode 100644 index 0000000..d5b2a72 --- /dev/null +++ b/worker.bu @@ -0,0 +1,35 @@ +variant: fcos +version: 1.5.0 + +ignition: + security: + tls: + certificate_authorities: + - source: http://YourHttpServerName:port/ign/YourCertificate.crt + verification: + hash: sha256-c7d64fe8c6b78b643d20f38b9944d5f860908a2bf0c30683faff840ad34299e3 + + config: + merge: + - source: https://YourHttpServerName:port/ign/KoreOS-ssh-key.ign + - source: https://YourHttpServerName:port/ign/KoreOS-cri-o.ign + - source: https://YourHttpServerName:port/ign/KoreOS-etc-mount.ign + - source: https://YourHttpServerName:port/ign/KoreOS-services-conf.ign + - source: https://YourHttpServerName:port/ign/KoreOS-kubelet-worker.ign + - source: https://YourHttpServerName:port/ign/KoreOS-dependencies-worker.ign + - source: https://YourHttpServerName:port/ign/KoreOS-template-worker.ign + +storage: + filesystems: + - path: /var + device: /dev/sda + format: xfs + label: Var + wipe_filesystem: true + with_mount_unit: true + + files: + - path: /etc/hostname + mode: 0644 + contents: + inline: NodeName