Link
Stellirin's Notes

This site uses Just the Docs, a documentation theme for Jekyll.

Search

CoreOS

A minimal operating system designed for running containerized workloads.

Table of contents

  1. Variants
  2. Ignition

Variants

There are currently two variants of CoreOS:

  • RedHat CoreOS
    • Desiged specifically for OpenShift 4, already used in production
  • Fedora CoreOS
    • Designed to be a minimal, but still general purpose OS

Ignition

An Ignition file is a simple JSON configuration file to provision the host via PXE boot. Fedora recommends to write a YAML file and transform this into an Ignition file with FCCT. An example to start a minimal K3S server:

docker run \
    -i --rm \
    --volume "$PWD:/workdir" \
    --workdir /workdir \
    quay.io/coreos/fcct:latest \
        --pretty \
        --strict \
        --output /tftp/fcos/k3s-server.json
        k3s-server.yaml

k3s-server.yaml:

variant: fcos
version: 1.0.0

passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - "ssh-rsa AAAA..."

storage:
  files:

    # K3S
    - path: "/usr/local/bin/k3s"
      contents:
        source: https://github.com/rancher/k3s/releases/download/v1.17.4+k3s1/k3s
        verification:
          # GitHub provides sha256 hashes, but Ignition accepts only sha512 hashes, so you must download and generate the hash yourself :(
          hash: sha512-c2787f2654e8b78513b83298c84157f5ae7da9ca5ed749973709182143bfc9fed94d81f8b24b34b723905bc0d9034adc38fbf18ff1e2c4a74f46c611add40874
      mode: 0755
      user:
        name: root
      group:
        name: root

    # K3S Token
    - path: /usr/local/etc/k3s/token
      contents:
        source: data:text/plain;charset=utf-8;base64,YWQ4NDE1NTUtZGMyOS00YTZkLTk1NjQtN2E5NzQ0NGUwM2Ux
      mode: 0400
      user:
        name: root

systemd:
  units:

    - name: settimezone.service
      enabled: true
      contents: |
        [Unit]
        Description=Set local time zone

        [Install]
        WantedBy=multi-user.target

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/timedatectl set-timezone Europe/Prague

- name: k3s.service
      enabled: true
      contents: |
        [Unit]
        Description=Lightweight Kubernetes
        Documentation=https://k3s.io
        Wants=network-online.target
        After=network-online.target
        After=settimezone.service

        [Install]
        WantedBy=multi-user.target

        [Service]
        Type=notify
        KillMode=process
        Delegate=yes
        LimitNOFILE=1048576
        LimitNPROC=infinity
        LimitCORE=infinity
        TasksMax=infinity
        TimeoutStartSec=0
        Restart=always
        RestartSec=5s
        ExecStartPre=-/sbin/modprobe br_netfilter
        ExecStartPre=-/sbin/modprobe overlay
        ExecStart=/usr/local/bin/k3s \
          'server' \
          '--disable-selinux' \
          '--token-file=/usr/local/etc/k3s/token' \
          '--cluster-cidr=10.10.0.0/16' \
          '--service-cidr=10.20.0.0/16' \
          '--no-deploy=traefik'

k3s-agents.yaml is the same as above except:

        ExecStart=/usr/local/bin/k3s \
          'agent' \
          '--disable-selinux' \
          '--token-file=/usr/local/etc/k3s/token' \
          '--server=https://server-0.k3s:6443'

See: https://github.com/coreos/fcct/tree/master/docs