Mathieu Tortuyaux tormath1

Butane configuration:

# config.yaml
---
variant: flatcar
version: 1.0.0
storage:
  links:
    - path: /etc/extensions/docker-flatcar.raw
      target: /dev/null

$ sudo rm /etc/audit/rules.d/99-default.rules
$ sudo rm /etc/audit/rules.d/80-selinux.rules
$ sudo systemctl enable --now auditd
$ reboot
$ journalctl _TRANSPORT=kernel | grep -i avc
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.845:3): avc:  denied  { read } for  pid=1033 comm="systemd-gpt-aut" name="boot" dev="vda9" ino=14 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.846:4): avc:  denied  { mount } for  pid=1033 comm="systemd-gpt-aut" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
Nov 29 14:39:03 localhost kernel: audit: type=1400 audit(1732891141.861:5): avc:  denied  { read } for  pid=1025 comm="ibft-rule-gener" name="run" dev="vda9" ino=20 scontext=system_u:system_r:systemd_generator_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_fil

$ sudo crictl images
IMAGE                                     TAG                 IMAGE ID            SIZE
registry.k8s.io/coredns/coredns           v1.11.1             cbb01a7bd410d       18.2MB
registry.k8s.io/etcd                      3.5.12-0            3861cfcd7c04c       57.2MB
registry.k8s.io/kube-apiserver            v1.29.5             b36112597a5f1       35.2MB
registry.k8s.io/kube-controller-manager   v1.29.5             2242ad7f7c41a       33.6MB
registry.k8s.io/kube-proxy                v1.29.5             2019bbea5542a       28.4MB
registry.k8s.io/kube-scheduler            v1.29.5             e579eb50f57be       18.7MB

Configuration:

$ cat .config/sway/config | grep opa
# opacity
set $opacity 0.97
for_window [class=".*"] opacity $opacity
$ cat .config/sway/config | grep disable
disable_titlebar yes
$ sway --version

This is a demo of updating Kubernetes version on Flatcar without updating the OS leveraging Systemd sysext and Kured.

notes:

It has been tested on a simple control-plane node on Qemu but can be easily extended to CAPI.
The kubernetes sysext image is provided by https://github.com/flatcar/sysext-bakery.git

Boot an instance with the following Butane config.yaml:

variant: flatcar

[CAPO][capo] does test in its CI both Ubuntu and Flatcar. For Flatcar, the image still needs to be built via the image-builder and uploaded on CAPO GCS (Google Cloud Storage).

There is an open issue to bring some automation around this process: kubernetes-sigs/cluster-api-provider-openstack#1502 while it is not done, whether CAPO or Flatcar maintainers needs to do it manually.

Once the release is announced

$ cd kubernetes-sigs/image-builder/images/capi
$ make OEM_ID=openstack build-qemu-flatcar

Cluster API OpenStack using Flatcar

This is done on devstack environment.

	# butane < config.yaml > config.json
	# ./flatcar_production_qemu.sh -i ./config.json
	variant: flatcar
	version: 1.0.0
	storage:
	files:
	- path: /opt/extensions/docker/docker-24.0.5.raw
	contents:
	source: https://github.com/flatcar/sysext-bakery/releases/latest/download/docker-24.0.5.raw
	- path: /opt/extensions/kubernetes/kubernetes-v1.27.4.raw

	#!/usr/bin/env python

	# goal of this script is to control (play / pause) multimedia played
	# on a firefox tab through dbus

	# requirements:
	# * dbus (session)
	import dbus
	import sys

	# butane < config.yml > ignition.json
	---
	variant: flatcar
	version: 1.0.0
	storage:
	disks:
	- device: /dev/vda
	partitions:
	- number: 9
	label: ROOT

Mathieu Tortuyaux tormath1

Cluster API OpenStack using Flatcar

Resources

From an existing Kubernetes cluster deployed with Kind: