diff --git a/CHANGES.md b/CHANGES.md index e27f4156b..ab1c52b9c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -14,6 +14,17 @@ Notable changes between versions. strategy (see [docs](https://typhoon.psdn.io/topics/security/#container-images)) * Update Calico from v3.14.0 to [v3.14.1](https://docs.projectcalico.org/v3.14/release-notes/) +### Fedora CoreOS + +#### Azure + +* Use `strict` Fedora CoreOS Config (FCC) snippet parsing ([#755](https://github.com/poseidon/typhoon/pull/755)) + +### Flatcar Linux + +* Use `strict` Container Linux Config (CLC) snippet parsing ([#755](https://github.com/poseidon/typhoon/pull/755)) + * Require `terraform-provider-ct` v0.4+, recommend v0.5+ (**action required**) + ### Addons * Update Prometheus from v2.18.1 to [v2.19.0-rc.0](https://github.com/prometheus/prometheus/releases/tag/v2.19.0-rc.0) diff --git a/aws/container-linux/kubernetes/cl/controller.yaml b/aws/container-linux/kubernetes/cl/controller.yaml index 49873f6fa..ac7efce42 100644 --- a/aws/container-linux/kubernetes/cl/controller.yaml +++ b/aws/container-linux/kubernetes/cl/controller.yaml @@ -2,7 +2,7 @@ systemd: units: - name: etcd-member.service - enable: true + enabled: true dropins: - name: 40-etcd-cluster.conf contents: | @@ -28,11 +28,11 @@ systemd: Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -46,7 +46,7 @@ systemd: RequiredBy=kubelet.service RequiredBy=etcd-member.service - name: kubelet.service - enable: true + enabled: true contents: | [Unit] Description=Kubelet @@ -191,6 +191,7 @@ storage: done - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/aws/container-linux/kubernetes/controllers.tf b/aws/container-linux/kubernetes/controllers.tf index 66a0a9bc2..252c6b9d8 100644 --- a/aws/container-linux/kubernetes/controllers.tf +++ b/aws/container-linux/kubernetes/controllers.tf @@ -49,10 +49,10 @@ resource "aws_instance" "controllers" { # Controller Ignition configs data "ct_config" "controller-ignitions" { - count = var.controller_count - content = data.template_file.controller-configs.*.rendered[count.index] - pretty_print = false - snippets = var.controller_snippets + count = var.controller_count + content = data.template_file.controller-configs.*.rendered[count.index] + strict = true + snippets = var.controller_snippets } # Controller Container Linux configs diff --git a/aws/container-linux/kubernetes/versions.tf b/aws/container-linux/kubernetes/versions.tf index f7a10ff15..bd2776f08 100644 --- a/aws/container-linux/kubernetes/versions.tf +++ b/aws/container-linux/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { aws = "~> 2.23" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" } diff --git a/aws/container-linux/kubernetes/workers/cl/worker.yaml b/aws/container-linux/kubernetes/workers/cl/worker.yaml index e6272747b..3743b6b67 100644 --- a/aws/container-linux/kubernetes/workers/cl/worker.yaml +++ b/aws/container-linux/kubernetes/workers/cl/worker.yaml @@ -2,11 +2,11 @@ systemd: units: - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -19,7 +19,7 @@ systemd: [Install] RequiredBy=kubelet.service - name: kubelet.service - enable: true + enabled: true contents: | [Unit] Description=Kubelet @@ -115,6 +115,7 @@ storage: ${kubeconfig} - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/aws/container-linux/kubernetes/workers/workers.tf b/aws/container-linux/kubernetes/workers/workers.tf index 0d6ab035f..5b28c1052 100644 --- a/aws/container-linux/kubernetes/workers/workers.tf +++ b/aws/container-linux/kubernetes/workers/workers.tf @@ -71,9 +71,9 @@ resource "aws_launch_configuration" "worker" { # Worker Ignition config data "ct_config" "worker-ignition" { - content = data.template_file.worker-config.rendered - pretty_print = false - snippets = var.snippets + content = data.template_file.worker-config.rendered + strict = true + snippets = var.snippets } # Worker Container Linux config diff --git a/azure/container-linux/kubernetes/cl/controller.yaml b/azure/container-linux/kubernetes/cl/controller.yaml index b1ddb75cc..babca9b98 100644 --- a/azure/container-linux/kubernetes/cl/controller.yaml +++ b/azure/container-linux/kubernetes/cl/controller.yaml @@ -2,7 +2,7 @@ systemd: units: - name: etcd-member.service - enable: true + enabled: true dropins: - name: 40-etcd-cluster.conf contents: | @@ -28,11 +28,11 @@ systemd: Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -46,7 +46,7 @@ systemd: RequiredBy=kubelet.service RequiredBy=etcd-member.service - name: kubelet.service - enable: true + enabled: true contents: | [Unit] Description=Kubelet @@ -189,6 +189,7 @@ storage: done - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/azure/container-linux/kubernetes/controllers.tf b/azure/container-linux/kubernetes/controllers.tf index ad329b0f7..876ae7ca1 100644 --- a/azure/container-linux/kubernetes/controllers.tf +++ b/azure/container-linux/kubernetes/controllers.tf @@ -139,10 +139,10 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlle # Controller Ignition configs data "ct_config" "controller-ignitions" { - count = var.controller_count - content = data.template_file.controller-configs.*.rendered[count.index] - pretty_print = false - snippets = var.controller_snippets + count = var.controller_count + content = data.template_file.controller-configs.*.rendered[count.index] + strict = true + snippets = var.controller_snippets } # Controller Container Linux configs diff --git a/azure/container-linux/kubernetes/versions.tf b/azure/container-linux/kubernetes/versions.tf index 09f4f3e2d..5da5fff00 100644 --- a/azure/container-linux/kubernetes/versions.tf +++ b/azure/container-linux/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { azurerm = "~> 2.8" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" } diff --git a/azure/container-linux/kubernetes/workers/cl/worker.yaml b/azure/container-linux/kubernetes/workers/cl/worker.yaml index 87e33e682..402e21a6f 100644 --- a/azure/container-linux/kubernetes/workers/cl/worker.yaml +++ b/azure/container-linux/kubernetes/workers/cl/worker.yaml @@ -2,11 +2,11 @@ systemd: units: - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -19,7 +19,7 @@ systemd: [Install] RequiredBy=kubelet.service - name: kubelet.service - enable: true + enabled: true contents: | [Unit] Description=Kubelet @@ -92,7 +92,7 @@ systemd: [Install] WantedBy=multi-user.target - name: delete-node.service - enable: true + enabled: true contents: | [Unit] Description=Waiting to delete Kubernetes node on shutdown @@ -113,6 +113,7 @@ storage: ${kubeconfig} - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/azure/container-linux/kubernetes/workers/workers.tf b/azure/container-linux/kubernetes/workers/workers.tf index 025045541..7e8f008d2 100644 --- a/azure/container-linux/kubernetes/workers/workers.tf +++ b/azure/container-linux/kubernetes/workers/workers.tf @@ -97,9 +97,9 @@ resource "azurerm_monitor_autoscale_setting" "workers" { # Worker Ignition configs data "ct_config" "worker-ignition" { - content = data.template_file.worker-config.rendered - pretty_print = false - snippets = var.snippets + content = data.template_file.worker-config.rendered + strict = true + snippets = var.snippets } # Worker Container Linux configs diff --git a/azure/fedora-coreos/kubernetes/controllers.tf b/azure/fedora-coreos/kubernetes/controllers.tf index b82992315..02853e33a 100644 --- a/azure/fedora-coreos/kubernetes/controllers.tf +++ b/azure/fedora-coreos/kubernetes/controllers.tf @@ -113,10 +113,10 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlle # Controller Ignition configs data "ct_config" "controller-ignitions" { - count = var.controller_count - content = data.template_file.controller-configs.*.rendered[count.index] - pretty_print = false - snippets = var.controller_snippets + count = var.controller_count + content = data.template_file.controller-configs.*.rendered[count.index] + strict = true + snippets = var.controller_snippets } # Controller Fedora CoreOS configs diff --git a/azure/fedora-coreos/kubernetes/versions.tf b/azure/fedora-coreos/kubernetes/versions.tf index 09f4f3e2d..5da5fff00 100644 --- a/azure/fedora-coreos/kubernetes/versions.tf +++ b/azure/fedora-coreos/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { azurerm = "~> 2.8" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" } diff --git a/azure/fedora-coreos/kubernetes/workers/workers.tf b/azure/fedora-coreos/kubernetes/workers/workers.tf index a5c2c209c..6ecb81a50 100644 --- a/azure/fedora-coreos/kubernetes/workers/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers/workers.tf @@ -72,9 +72,9 @@ resource "azurerm_monitor_autoscale_setting" "workers" { # Worker Ignition configs data "ct_config" "worker-ignition" { - content = data.template_file.worker-config.rendered - pretty_print = false - snippets = var.snippets + content = data.template_file.worker-config.rendered + strict = true + snippets = var.snippets } # Worker Fedora CoreOS configs diff --git a/bare-metal/container-linux/kubernetes/cl/controller.yaml b/bare-metal/container-linux/kubernetes/cl/controller.yaml index 8ac9368b3..399430502 100644 --- a/bare-metal/container-linux/kubernetes/cl/controller.yaml +++ b/bare-metal/container-linux/kubernetes/cl/controller.yaml @@ -2,7 +2,7 @@ systemd: units: - name: etcd-member.service - enable: true + enabled: true dropins: - name: 40-etcd-cluster.conf contents: | @@ -28,11 +28,11 @@ systemd: Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: kubelet.path - enable: true + enabled: true contents: | [Unit] Description=Watch for kubeconfig @@ -41,7 +41,7 @@ systemd: [Install] WantedBy=multi-user.target - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -161,6 +161,7 @@ storage: directories: - path: /etc/kubernetes filesystem: root + mode: 0755 files: - path: /etc/hostname filesystem: root @@ -207,6 +208,7 @@ storage: done - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/bare-metal/container-linux/kubernetes/cl/install.yaml b/bare-metal/container-linux/kubernetes/cl/install.yaml index e8562c932..6a36f19dc 100644 --- a/bare-metal/container-linux/kubernetes/cl/install.yaml +++ b/bare-metal/container-linux/kubernetes/cl/install.yaml @@ -2,7 +2,7 @@ systemd: units: - name: installer.service - enable: true + enabled: true contents: | [Unit] Requires=network-online.target diff --git a/bare-metal/container-linux/kubernetes/cl/worker.yaml b/bare-metal/container-linux/kubernetes/cl/worker.yaml index 73bdea996..e83bf3898 100644 --- a/bare-metal/container-linux/kubernetes/cl/worker.yaml +++ b/bare-metal/container-linux/kubernetes/cl/worker.yaml @@ -2,11 +2,11 @@ systemd: units: - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: kubelet.path - enable: true + enabled: true contents: | [Unit] Description=Watch for kubeconfig @@ -15,7 +15,7 @@ systemd: [Install] WantedBy=multi-user.target - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -114,6 +114,7 @@ storage: directories: - path: /etc/kubernetes filesystem: root + mode: 0755 files: - path: /etc/hostname filesystem: root @@ -123,6 +124,7 @@ storage: ${domain_name} - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/bare-metal/container-linux/kubernetes/profiles.tf b/bare-metal/container-linux/kubernetes/profiles.tf index 7ec6cc3a7..eee772539 100644 --- a/bare-metal/container-linux/kubernetes/profiles.tf +++ b/bare-metal/container-linux/kubernetes/profiles.tf @@ -141,10 +141,10 @@ resource "matchbox_profile" "controllers" { } data "ct_config" "controller-ignitions" { - count = length(var.controllers) - content = data.template_file.controller-configs.*.rendered[count.index] - pretty_print = false - snippets = lookup(var.snippets, var.controllers.*.name[count.index], []) + count = length(var.controllers) + content = data.template_file.controller-configs.*.rendered[count.index] + strict = true + snippets = lookup(var.snippets, var.controllers.*.name[count.index], []) } data "template_file" "controller-configs" { @@ -171,10 +171,10 @@ resource "matchbox_profile" "workers" { } data "ct_config" "worker-ignitions" { - count = length(var.workers) - content = data.template_file.worker-configs.*.rendered[count.index] - pretty_print = false - snippets = lookup(var.snippets, var.workers.*.name[count.index], []) + count = length(var.workers) + content = data.template_file.worker-configs.*.rendered[count.index] + strict = true + snippets = lookup(var.snippets, var.workers.*.name[count.index], []) } data "template_file" "worker-configs" { diff --git a/bare-metal/container-linux/kubernetes/versions.tf b/bare-metal/container-linux/kubernetes/versions.tf index f7f7aaf69..cf547f19d 100644 --- a/bare-metal/container-linux/kubernetes/versions.tf +++ b/bare-metal/container-linux/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { matchbox = "~> 0.3.0" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" } diff --git a/digital-ocean/container-linux/kubernetes/cl/controller.yaml b/digital-ocean/container-linux/kubernetes/cl/controller.yaml index dbcacebf4..ef1395122 100644 --- a/digital-ocean/container-linux/kubernetes/cl/controller.yaml +++ b/digital-ocean/container-linux/kubernetes/cl/controller.yaml @@ -2,7 +2,7 @@ systemd: units: - name: etcd-member.service - enable: true + enabled: true dropins: - name: 40-etcd-cluster.conf contents: | @@ -28,11 +28,11 @@ systemd: Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: kubelet.path - enable: true + enabled: true contents: | [Unit] Description=Watch for kubeconfig @@ -41,7 +41,7 @@ systemd: [Install] WantedBy=multi-user.target - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -158,6 +158,7 @@ storage: directories: - path: /etc/kubernetes filesystem: root + mode: 0755 files: - path: /opt/bootstrap/layout filesystem: root @@ -198,6 +199,7 @@ storage: done - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/digital-ocean/container-linux/kubernetes/cl/worker.yaml b/digital-ocean/container-linux/kubernetes/cl/worker.yaml index b1803b2da..387f0f034 100644 --- a/digital-ocean/container-linux/kubernetes/cl/worker.yaml +++ b/digital-ocean/container-linux/kubernetes/cl/worker.yaml @@ -2,11 +2,11 @@ systemd: units: - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: kubelet.path - enable: true + enabled: true contents: | [Unit] Description=Watch for kubeconfig @@ -15,7 +15,7 @@ systemd: [Install] WantedBy=multi-user.target - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -101,7 +101,7 @@ systemd: [Install] WantedBy=multi-user.target - name: delete-node.service - enable: true + enabled: true contents: | [Unit] Description=Waiting to delete Kubernetes node on shutdown @@ -116,9 +116,11 @@ storage: directories: - path: /etc/kubernetes filesystem: root + mode: 0755 files: - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/digital-ocean/container-linux/kubernetes/controllers.tf b/digital-ocean/container-linux/kubernetes/controllers.tf index 6d183b952..9efe84270 100644 --- a/digital-ocean/container-linux/kubernetes/controllers.tf +++ b/digital-ocean/container-linux/kubernetes/controllers.tf @@ -69,10 +69,10 @@ resource "digitalocean_tag" "controllers" { # Controller Ignition configs data "ct_config" "controller-ignitions" { - count = var.controller_count - content = data.template_file.controller-configs.*.rendered[count.index] - pretty_print = false - snippets = var.controller_snippets + count = var.controller_count + content = data.template_file.controller-configs.*.rendered[count.index] + strict = true + snippets = var.controller_snippets } # Controller Container Linux configs diff --git a/digital-ocean/container-linux/kubernetes/versions.tf b/digital-ocean/container-linux/kubernetes/versions.tf index c0e31a276..38b32c8d1 100644 --- a/digital-ocean/container-linux/kubernetes/versions.tf +++ b/digital-ocean/container-linux/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { digitalocean = "~> 1.3" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" } diff --git a/digital-ocean/container-linux/kubernetes/workers.tf b/digital-ocean/container-linux/kubernetes/workers.tf index fa9b85d61..cdd94ebae 100644 --- a/digital-ocean/container-linux/kubernetes/workers.tf +++ b/digital-ocean/container-linux/kubernetes/workers.tf @@ -58,9 +58,9 @@ resource "digitalocean_tag" "workers" { # Worker Ignition config data "ct_config" "worker-ignition" { - content = data.template_file.worker-config.rendered - pretty_print = false - snippets = var.worker_snippets + content = data.template_file.worker-config.rendered + strict = true + snippets = var.worker_snippets } # Worker Container Linux config diff --git a/digital-ocean/fedora-coreos/kubernetes/versions.tf b/digital-ocean/fedora-coreos/kubernetes/versions.tf index c0e31a276..38b32c8d1 100644 --- a/digital-ocean/fedora-coreos/kubernetes/versions.tf +++ b/digital-ocean/fedora-coreos/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { digitalocean = "~> 1.3" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" } diff --git a/google-cloud/container-linux/kubernetes/cl/controller.yaml b/google-cloud/container-linux/kubernetes/cl/controller.yaml index 53cd7a747..28bc25102 100644 --- a/google-cloud/container-linux/kubernetes/cl/controller.yaml +++ b/google-cloud/container-linux/kubernetes/cl/controller.yaml @@ -2,7 +2,7 @@ systemd: units: - name: etcd-member.service - enable: true + enabled: true dropins: - name: 40-etcd-cluster.conf contents: | @@ -28,11 +28,11 @@ systemd: Environment="ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd/peer.key" Environment="ETCD_PEER_CLIENT_CERT_AUTH=true" - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -46,7 +46,7 @@ systemd: RequiredBy=kubelet.service RequiredBy=etcd-member.service - name: kubelet.service - enable: true + enabled: true contents: | [Unit] Description=Kubelet @@ -189,6 +189,7 @@ storage: done - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/google-cloud/container-linux/kubernetes/controllers.tf b/google-cloud/container-linux/kubernetes/controllers.tf index 6ab09219d..58fb93121 100644 --- a/google-cloud/container-linux/kubernetes/controllers.tf +++ b/google-cloud/container-linux/kubernetes/controllers.tf @@ -65,10 +65,10 @@ resource "google_compute_instance" "controllers" { # Controller Ignition configs data "ct_config" "controller-ignitions" { - count = var.controller_count - content = data.template_file.controller-configs.*.rendered[count.index] - pretty_print = false - snippets = var.controller_snippets + count = var.controller_count + content = data.template_file.controller-configs.*.rendered[count.index] + strict = true + snippets = var.controller_snippets } # Controller Container Linux configs diff --git a/google-cloud/container-linux/kubernetes/versions.tf b/google-cloud/container-linux/kubernetes/versions.tf index 26ea74cac..7210a4b33 100644 --- a/google-cloud/container-linux/kubernetes/versions.tf +++ b/google-cloud/container-linux/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { google = ">= 2.19, < 4.0" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" } diff --git a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml index 1351cb91f..048b667e1 100644 --- a/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml +++ b/google-cloud/container-linux/kubernetes/workers/cl/worker.yaml @@ -2,11 +2,11 @@ systemd: units: - name: docker.service - enable: true + enabled: true - name: locksmithd.service mask: true - name: wait-for-dns.service - enable: true + enabled: true contents: | [Unit] Description=Wait for DNS entries @@ -19,7 +19,7 @@ systemd: [Install] RequiredBy=kubelet.service - name: kubelet.service - enable: true + enabled: true contents: | [Unit] Description=Kubelet @@ -92,7 +92,7 @@ systemd: [Install] WantedBy=multi-user.target - name: delete-node.service - enable: true + enabled: true contents: | [Unit] Description=Waiting to delete Kubernetes node on shutdown @@ -113,6 +113,7 @@ storage: ${kubeconfig} - path: /etc/sysctl.d/max-user-watches.conf filesystem: root + mode: 0644 contents: inline: | fs.inotify.max_user_watches=16184 diff --git a/google-cloud/container-linux/kubernetes/workers/workers.tf b/google-cloud/container-linux/kubernetes/workers/workers.tf index 7c130ed20..e635592ff 100644 --- a/google-cloud/container-linux/kubernetes/workers/workers.tf +++ b/google-cloud/container-linux/kubernetes/workers/workers.tf @@ -71,9 +71,9 @@ resource "google_compute_instance_template" "worker" { # Worker Ignition config data "ct_config" "worker-ignition" { - content = data.template_file.worker-config.rendered - pretty_print = false - snippets = var.snippets + content = data.template_file.worker-config.rendered + strict = true + snippets = var.snippets } # Worker Container Linux config diff --git a/google-cloud/fedora-coreos/kubernetes/versions.tf b/google-cloud/fedora-coreos/kubernetes/versions.tf index 26ea74cac..7210a4b33 100644 --- a/google-cloud/fedora-coreos/kubernetes/versions.tf +++ b/google-cloud/fedora-coreos/kubernetes/versions.tf @@ -4,7 +4,7 @@ terraform { required_version = "~> 0.12.6" required_providers { google = ">= 2.19, < 4.0" - ct = "~> 0.3" + ct = "~> 0.4" template = "~> 2.1" null = "~> 2.1" }