tormath1

Butane configuration:

# config.yaml
---
variant: flatcar
version: 1.0.0
storage:
  links:
    - path: /etc/extensions/docker-flatcar.raw
      target: /dev/null

tormath1

$ sudo rm /etc/audit/rules.d/99-default.rules
$ sudo rm /etc/audit/rules.d/80-selinux.rules
$ sudo systemctl enable --now auditd
$ reboot
$ journalctl _TRANSPORT=kernel | grep -i avc
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.845:3): avc:  denied  { read } for  pid=1033 comm="systemd-gpt-aut" name="boot" dev="vda9" ino=14 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.846:4): avc:  denied  { mount } for  pid=1033 comm="systemd-gpt-aut" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.861:5): avc:  denied  { read } for  pid=1025 comm="ibft-rule-gener" name="run" dev="vda9" ino=20 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_fil

tormath1

$ sudo crictl images
IMAGE                                     TAG                 IMAGE ID            SIZE
registry.k8s.io/coredns/coredns           v1.11.1             cbb01a7bd410d       18.2MB
registry.k8s.io/etcd                      3.5.12-0            3861cfcd7c04c       57.2MB
registry.k8s.io/kube-apiserver            v1.29.5             b36112597a5f1       35.2MB
registry.k8s.io/kube-controller-manager   v1.29.5             2242ad7f7c41a       33.6MB
registry.k8s.io/kube-proxy                v1.29.5             2019bbea5542a       28.4MB
registry.k8s.io/kube-scheduler            v1.29.5             e579eb50f57be       18.7MB

tormath1

Configuration:

$ cat .config/sway/config | grep opa
# opacity
set $opacity 0.97
for_window [class=".*"] opacity $opacity
$ cat .config/sway/config | grep disable
disable_titlebar yes
$ sway --version

tormath1

# butane < config.yaml > config.json
# ./flatcar_production_qemu.sh -i ./config.json
variant: flatcar
version: 1.0.0
storage:
  files:
    - path: /opt/extensions/docker/docker-24.0.5.raw
      contents:
        source: https://github.com/flatcar/sysext-bakery/releases/latest/download/docker-24.0.5.raw
    - path: /opt/extensions/kubernetes/kubernetes-v1.27.4.raw

tormath1

This is a demo of updating Kubernetes version on Flatcar without updating the OS leveraging Systemd sysext and Kured.

notes:

• It has been tested on a simple control-plane node on Qemu but can be easily extended to CAPI.
• The kubernetes sysext image is provided by https://github.com/flatcar/sysext-bakery.git

Boot an instance with the following Butane config.yaml:

variant: flatcar

tormath1

[CAPO][capo] does test in its CI both Ubuntu and Flatcar. For Flatcar, the image still needs to be built via the image-builder and uploaded on CAPO GCS (Google Cloud Storage).

There is an open issue to bring some automation around this process: kubernetes-sigs/cluster-api-provider-openstack#1502 while it is not done, whether CAPO or Flatcar maintainers needs to do it manually.

1. Once the release is announced

$ cd kubernetes-sigs/image-builder/images/capi
$ make OEM_ID=openstack build-qemu-flatcar

tormath1

#!/usr/bin/env python

# goal of this script is to control (play / pause) multimedia played
# on a firefox tab through dbus

# requirements:
# * dbus (session)
import dbus
import sys

tormath1

Cluster API OpenStack using Flatcar

This is done on devstack environment.

Resources

• YouTube video: https://www.youtube.com/watch?v=H2Eqw33m2S0
• https://github.com/tormath1/tormath1.github.io/blob/main/kcd-munich-flatcar-capi.pdf

From an existing Kubernetes cluster deployed with Kind:

tormath1

# butane < config.yml > ignition.json
---
variant: flatcar
version: 1.0.0
storage:
  disks:
    - device: /dev/vda
      partitions:
        - number: 9
          label: ROOT