mirror of
https://github.com/poseidon/typhoon
synced 2024-12-18 14:34:14 +01:00
fc444d25f8
* Update Fedora CoreOS Butane configs from v1.4.0 to v1.5.0 * Require Fedora CoreOS Butane snippets update to v1.1.0 * Require poseidon/ct Terraform provider v0.13 or newer * Use Ignition v3.4.0 spec for all node provisioning
207 lines
6.9 KiB
Markdown
207 lines
6.9 KiB
Markdown
# Customization
|
|
|
|
Typhoon provides Kubernetes clusters with defaults recommended for production. Terraform variables expose supported customization options. Advanced options are available for customizing the architecture or hosts as well.
|
|
|
|
## Variables
|
|
|
|
Typhoon modules accept Terraform input variables for customizing clusters in meritorious ways (e.g. `worker_count`, etc). Variables are carefully considered to provide essentials, while limiting complexity and test matrix burden. See each platform's tutorial for options.
|
|
|
|
## Addons
|
|
|
|
Clusters are kept to a minimal Kubernetes control plane by offering components like Nginx Ingress Controller, Prometheus, and Grafana as optional post-install [addons](https://github.com/poseidon/typhoon/tree/master/addons). Customize addons by modifying a copy of our addon manifests.
|
|
|
|
## Hosts
|
|
|
|
### Background
|
|
|
|
Typhoon uses the [Ignition](https://github.com/coreos/ignition) system of Fedora CoreOS and Flatcar Linux to immutably declare a system via first-boot disk provisioning. Human-friendly [Butane Configs](https://coreos.github.io/butane/specs/) define disk partitions, filesystems, systemd units, dropins, config files, mount units, raid arrays, users, and more before being converted to Ignition.
|
|
|
|
Controller and worker instances form a minimal and secure Kubernetes cluster on each platform. Typhoon provides the **snippets** feature to accept custom Butane Configs that are merged with instance declarations. This allows advanced host customization and experimentation.
|
|
|
|
!!! note
|
|
Snippets cannot be used to modify an already existing instance, the antithesis of immutable provisioning. Ignition fully declares a system on first boot only.
|
|
|
|
!!! danger
|
|
Snippets provide the powerful host customization abilities of Ignition. You are responsible for additional units, configs, files, and conflicts.
|
|
|
|
!!! danger
|
|
Edits to snippets for controller instances can (correctly) cause Terraform to observe a diff (if not otherwise suppressed) and propose destroying and recreating controller(s). Recognize that this is destructive since controllers run etcd and are stateful. See [blue/green](/topics/maintenance/#upgrades) clusters.
|
|
|
|
### Usage
|
|
|
|
Define a Butane Config ([docs](https://coreos.github.io/butane/specs/), [config](https://github.com/coreos/butane/blob/main/docs/config-fcos-v1_4.md)) in version control near your Terraform workspace directory (e.g. perhaps in a `snippets` subdirectory). You may organize snippets into multiple files, if desired.
|
|
|
|
For example, ensure an `/opt/hello` file is created with permissions 0644 before boot.
|
|
|
|
=== "Fedora CoreOS"
|
|
|
|
```yaml
|
|
# custom-files.yaml
|
|
variant: fcos
|
|
version: 1.5.0
|
|
storage:
|
|
files:
|
|
- path: /opt/hello
|
|
contents:
|
|
inline: |
|
|
Hello World
|
|
mode: 0644
|
|
```
|
|
|
|
=== "Flatcar Linux"
|
|
|
|
```yaml
|
|
# custom-files.yaml
|
|
variant: flatcar
|
|
version: 1.0.0
|
|
storage:
|
|
files:
|
|
- path: /opt/hello
|
|
contents:
|
|
inline: |
|
|
Hello World
|
|
mode: 0644
|
|
```
|
|
|
|
Or ensure a systemd unit `hello.service` is created.
|
|
|
|
=== "Fedora CoreOS"
|
|
|
|
```yaml
|
|
# custom-units.yaml
|
|
variant: fcos
|
|
version: 1.5.0
|
|
systemd:
|
|
units:
|
|
- name: hello.service
|
|
enabled: true
|
|
contents: |
|
|
[Unit]
|
|
Description=Hello World
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/bin/echo Hello World!
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
|
|
=== "Flatcar Linux"
|
|
|
|
```yaml
|
|
# custom-units.yaml
|
|
variant: flatcar
|
|
version: 1.0.0
|
|
systemd:
|
|
units:
|
|
- name: hello.service
|
|
enabled: true
|
|
contents: |
|
|
[Unit]
|
|
Description=Hello World
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/bin/echo Hello World!
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
|
|
Reference the Butane contents by location (e.g. `file("./custom-units.yaml")`). On [AWS](/fedora-coreos/aws/#cluster), [Azure](/fedora-coreos/azure/#cluster), [DigitalOcean](/fedora-coreos/digital-ocean/#cluster), or [Google Cloud](/fedora-coreos/google-cloud/#cluster) extend the `controller_snippets` or `worker_snippets` list variables.
|
|
|
|
|
|
```tf
|
|
module "nemo" {
|
|
...
|
|
worker_count = 2
|
|
controller_snippets = [
|
|
file("./custom-files.yaml"),
|
|
file("./custom-units.yaml"),
|
|
]
|
|
worker_snippets = [
|
|
file("./custom-files.yaml"),
|
|
file("./custom-units.yaml")",
|
|
]
|
|
...
|
|
}
|
|
```
|
|
|
|
On [Bare-Metal](/fedora-coreos/bare-metal/#cluster), different Butane configs may be used for each node (since hardware may be heterogeneous). Extend the `snippets` map variable by mapping a controller or worker name key to a list of snippets.
|
|
|
|
```tf
|
|
module "mercury" {
|
|
...
|
|
snippets = {
|
|
"node2" = [file("./units/hello.yaml")]
|
|
"node3" = [
|
|
file("./units/world.yaml"),
|
|
file("./units/hello.yaml"),
|
|
]
|
|
}
|
|
...
|
|
}
|
|
```
|
|
|
|
## Architecture
|
|
|
|
Typhoon chooses variables to expose with purpose. If you must customize clusters in ways that aren't supported by input variables, fork Typhoon and maintain a repository with customizations. Reference the repository by changing the username.
|
|
|
|
```
|
|
module "nemo" {
|
|
source = "git::https://github.com/USERNAME/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=myspecialcase"
|
|
...
|
|
}
|
|
```
|
|
|
|
To customize low-level Kubernetes control plane bootstrapping, see the [poseidon/terraform-render-bootstrap](https://github.com/poseidon/terraform-render-bootstrap) Terraform module.
|
|
|
|
## System Images
|
|
|
|
Typhoon publishes Kubelet [container images](/topics/security/#container-images) to Quay.io (default) and to Dockerhub (in case of a Quay [outage](https://github.com/poseidon/typhoon/issues/735) or breach). Quay automated builds also provide the option for fully verifiable tagged images (`build-{short_sha}`).
|
|
|
|
To set an alternative etcd image or Kubelet image, use a snippet to set a systemd dropin.
|
|
|
|
=== "Kubelet"
|
|
|
|
```yaml
|
|
# kubelet-image-override.yaml
|
|
variant: fcos <- remove for Flatcar Linux
|
|
version: 1.5.0 <- remove for Flatcar Linux
|
|
systemd:
|
|
units:
|
|
- name: kubelet.service
|
|
dropins:
|
|
- name: 10-image-override.conf
|
|
contents: |
|
|
[Service]
|
|
Environment=KUBELET_IMAGE=docker.io/psdn/kubelet:v1.18.3
|
|
```
|
|
|
|
=== "etcd"
|
|
|
|
```yaml
|
|
# etcd-image-override.yaml
|
|
variant: fcos <- remove for Flatcar Linux
|
|
version: 1.5.0 <- remove for Flatcar Linux
|
|
systemd:
|
|
units:
|
|
- name: etcd-member.service
|
|
dropins:
|
|
- name: 10-image-override.conf
|
|
contents: |
|
|
[Service]
|
|
Environment=ETCD_IMAGE=quay.io/mymirror/etcd:v3.4.12
|
|
```
|
|
|
|
Then reference the snippet in the cluster or worker pool definition.
|
|
|
|
```tf
|
|
module "nemo" {
|
|
...
|
|
|
|
worker_snippets = [
|
|
file("./snippets/kubelet-image-override.yaml")
|
|
]
|
|
...
|
|
}
|
|
```
|
|
|