fixes
This commit is contained in:
@@ -64,7 +64,7 @@ storage:
|
||||
contents:
|
||||
inline: |
|
||||
*******************************************************************
|
||||
* AUTHORIZED ACCESS ONLY *
|
||||
* AUTHORIZED ACCESS ONLY *
|
||||
* *
|
||||
* This system is part of a secured infrastructure. *
|
||||
* All activities are monitored and logged. *
|
||||
@@ -72,21 +72,41 @@ storage:
|
||||
* may result in disciplinary and legal action. *
|
||||
*******************************************************************
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
kubernetes controle plane Node
|
||||
|
||||
Manage via:
|
||||
kubectl (kubectl)
|
||||
calico (calicoctl)
|
||||
velero - backup (velero)
|
||||
argocd https://argocd-server.argocd.svc.k8aux.undercloud.cf/
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
- path: /etc/sysctl.d/99-k8s.conf
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: |
|
||||
net.ipv4.ip_forward=1
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
net.bridge.bridge-nf-call-iptables=1
|
||||
net.bridge.bridge-nf-call-ip6tables=1
|
||||
net.ipv4.conf.all.rp_filter=0
|
||||
net.ipv6.conf.all.disable_ipv6=0
|
||||
vm.overcommit_memory=1
|
||||
fs.inotify.max_user_watches=524288
|
||||
fs.inotify.max_user_instances=512
|
||||
kernel.panic=10
|
||||
kernel.panic_on_oops=1
|
||||
net.ipv4.ip_forward = 1
|
||||
net.ipv6.ip_forward = 1
|
||||
net.ipv6.conf.all.forwarding = 1
|
||||
net.ipv4.conf.all.forwarding = 1
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.netfilter.nf_conntrack_max = 1000000
|
||||
net.ipv4.conf.all.rp_filter = 0
|
||||
net.ipv6.conf.all.disable_ipv6 = 0
|
||||
vm.overcommit_memory = 1
|
||||
fs.inotify.max_user_watches = 524288
|
||||
fs.inotify.max_user_instances = 512
|
||||
kernel.panic = 10
|
||||
kernel.panic_on_oops = 1
|
||||
|
||||
- path: /etc/flatcar/update.conf
|
||||
overwrite: true
|
||||
mode: 0420
|
||||
contents:
|
||||
inline: |
|
||||
REBOOT_STRATEGY=off
|
||||
|
||||
- path: /opt/bin/kubeadm
|
||||
mode: 0755
|
||||
@@ -187,7 +207,24 @@ systemd:
|
||||
OOMScoreAdjust=-999
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=multi-user.
|
||||
|
||||
- name: set-timezone.service
|
||||
enabled: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Set Timezone
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
[Service]
|
||||
StandardOutput=journal+console
|
||||
StandardError=journal+console
|
||||
Type=oneshot
|
||||
Restart=on-failure
|
||||
ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
|
||||
ExecStart=/usr/bin/timedatectl set-ntp true
|
||||
[Install]
|
||||
WantedBy=kubeadm.service
|
||||
|
||||
- name: kubelet.service
|
||||
enabled: true
|
||||
@@ -220,13 +257,20 @@ systemd:
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment="PATH=/opt/bin:/usr/bin:/bin:/usr/sbin:/sbin"
|
||||
|
||||
# Environment
|
||||
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
|
||||
Environment=DATASTORE_TYPE=kubernetes
|
||||
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin:/opt/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent-uds/
|
||||
|
||||
ExecStartPre=/bin/sleep 30s
|
||||
ExecStart=/opt/bin/kubeadm init --upload-certs --config=/etc/kubernetes/kubeadm-init.yaml
|
||||
|
||||
# copy files for kubectl
|
||||
ExecStartPost=/usr/bin/mkdir -p /home/core/.kube
|
||||
ExecStartPost=/usr/bin/cp -i /etc/kubernetes/admin.conf /home/core/.kube/config
|
||||
ExecStartPost=/usr/bin/chown core:core /home/core/.kube/config
|
||||
#ExecStartPost=/opt/bin/kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/calico.yaml
|
||||
|
||||
ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service
|
||||
Restart=on-failure
|
||||
RestartSec=120s
|
||||
|
||||
Reference in New Issue
Block a user