This capture the Ignition logs on Scaleway to test the dual stack Ignition implementation. (coreos/ignition#2052)
The instance is created with:
About the IPv6 failure: it appears randomly that the IPv6 metadata endpoint returns an empty configuration.
This is a practical gist to propose backport from main kernel to a stable branch. This does not superseed the official documentation.
Documentation (Read. Carefully. Each. Line.):
Apply the patches you want to backport on the target branch, e.g:
$ git clone https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git -b linux-6.12.y
| { | |
| "ignition": { | |
| "config": { | |
| "replace": { | |
| "source": "https://example.com/sample.ign" | |
| } | |
| }, | |
| "security": { | |
| "tls": { | |
| "certificateAuthorities": [ |
Butane configuration:
# config.yaml
---
variant: flatcar
version: 1.0.0
storage:
links:
- path: /etc/extensions/docker-flatcar.raw
target: /dev/null
$ sudo rm /etc/audit/rules.d/99-default.rules
$ sudo rm /etc/audit/rules.d/80-selinux.rules
$ sudo systemctl enable --now auditd
$ reboot
$ journalctl _TRANSPORT=kernel | grep -i avc
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.845:3): avc: denied { read } for pid=1033 comm="systemd-gpt-aut" name="boot" dev="vda9" ino=14 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.846:4): avc: denied { mount } for pid=1033 comm="systemd-gpt-aut" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.861:5): avc: denied { read } for pid=1025 comm="ibft-rule-gener" name="run" dev="vda9" ino=20 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_fil
$ sudo crictl images
IMAGE TAG IMAGE ID SIZE
registry.k8s.io/coredns/coredns v1.11.1 cbb01a7bd410d 18.2MB
registry.k8s.io/etcd 3.5.12-0 3861cfcd7c04c 57.2MB
registry.k8s.io/kube-apiserver v1.29.5 b36112597a5f1 35.2MB
registry.k8s.io/kube-controller-manager v1.29.5 2242ad7f7c41a 33.6MB
registry.k8s.io/kube-proxy v1.29.5 2019bbea5542a 28.4MB
registry.k8s.io/kube-scheduler v1.29.5 e579eb50f57be 18.7MB
Configuration:
$ cat .config/sway/config | grep opa
# opacity
set $opacity 0.97
for_window [class=".*"] opacity $opacity
$ cat .config/sway/config | grep disable
disable_titlebar yes
$ sway --version
| # butane < config.yaml > config.json | |
| # ./flatcar_production_qemu.sh -i ./config.json | |
| variant: flatcar | |
| version: 1.0.0 | |
| storage: | |
| files: | |
| - path: /opt/extensions/docker/docker-24.0.5.raw | |
| contents: | |
| source: https://github.com/flatcar/sysext-bakery/releases/latest/download/docker-24.0.5.raw | |
| - path: /opt/extensions/kubernetes/kubernetes-v1.27.4.raw |
This is a demo of updating Kubernetes version on Flatcar without updating the OS leveraging Systemd sysext and Kured.
notes:
kubernetes sysext image is provided by https://github.com/flatcar/sysext-bakery.gitBoot an instance with the following Butane config.yaml:
variant: flatcar[CAPO][capo] does test in its CI both Ubuntu and Flatcar. For Flatcar, the image still needs to be built via the image-builder and uploaded on CAPO GCS (Google Cloud Storage).
There is an open issue to bring some automation around this process: kubernetes-sigs/cluster-api-provider-openstack#1502 while it is not done, whether CAPO or Flatcar maintainers needs to do it manually.
$ cd kubernetes-sigs/image-builder/images/capi
$ make OEM_ID=openstack build-qemu-flatcar