Skip to content

Instantly share code, notes, and snippets.

@tuxfight3r tuxfight3r/00bootstrap.md
Last active May 7, 2019

Embed
What would you like to do?
openshift4 boot strap ignition configs

Openshift 4 bootstrap node ignition configs

# Ignition config touches 4 components when it bootstraps
# 1. Ignition version
$cat bootstrap.ign |jq '.ignition'
{
  "config": {},
  "security": {
    "tls": {}
  },
  "timeouts": {},
  "version": "2.2.0"
}

# 2. Users created by Ignition
$ cat bootstrap.ign |jq '.passwd'
{
  "users": [
    {
      "name": "core",
      "sshAuthorizedKeys": [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA....user@host\n",
      ]
    }
  ]
}

# 3. files managed by Ignition
$ cat bootstrap.ign |jq '.storage[][].path'
"/etc/motd"
"/root/.docker/config.json"
"/usr/local/bin/bootkube.sh"
"/usr/local/bin/openshift.sh"
"/usr/local/bin/report-progress.sh"
"/opt/openshift/manifests/04-openshift-machine-config-operator.yaml"
"/opt/openshift/manifests/cluster-config.yaml"
"/opt/openshift/manifests/cluster-dns-02-config.yml"
"/opt/openshift/manifests/cluster-infrastructure-02-config.yml"
"/opt/openshift/manifests/cluster-ingress-02-config.yml"
"/opt/openshift/manifests/cluster-network-01-crd.yml"
"/opt/openshift/manifests/cluster-network-02-config.yml"
"/opt/openshift/manifests/cvo-overrides.yaml"
"/opt/openshift/manifests/etcd-service.yaml"
"/opt/openshift/manifests/host-etcd-service-endpoints.yaml"
"/opt/openshift/manifests/host-etcd-service.yaml"
"/opt/openshift/manifests/kube-cloud-config.yaml"
"/opt/openshift/manifests/kube-system-configmap-etcd-ca-bundle.yaml"
"/opt/openshift/manifests/kube-system-configmap-etcd-serving-ca.yaml"
"/opt/openshift/manifests/kube-system-configmap-root-ca.yaml"
"/opt/openshift/manifests/kube-system-secret-etcd-client-ca-deprecated.yaml"
"/opt/openshift/manifests/kube-system-secret-etcd-client.yaml"
"/opt/openshift/manifests/kube-system-secret-etcd-signer-client.yaml"
"/opt/openshift/manifests/kube-system-secret-etcd-signer.yaml"
"/opt/openshift/manifests/machine-config-server-tls-secret.yaml"
"/opt/openshift/manifests/openshift-config-configmap-etcd-metric-serving-ca.yaml"
"/opt/openshift/manifests/openshift-config-secret-etcd-metric-client.yaml"
"/opt/openshift/manifests/pull.json"
"/opt/openshift/openshift/99_binding-discovery.yaml"
"/opt/openshift/openshift/99_cloud-creds-secret.yaml"
"/opt/openshift/openshift/99_kubeadmin-password-secret.yaml"
"/opt/openshift/openshift/99_role-cloud-creds-secret-reader.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_master-user-data-secret.yaml"
"/opt/openshift/openshift/99_openshift-machineconfig_master.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_master-machines-0.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_master-machines-1.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_master-machines-2.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_worker-user-data-secret.yaml"
"/opt/openshift/openshift/99_openshift-machineconfig_worker.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_worker-machineset-0.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_worker-machineset-1.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_worker-machineset-2.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_worker-machineset-3.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_worker-machineset-4.yaml"
"/opt/openshift/openshift/99_openshift-cluster-api_worker-machineset-5.yaml"
"/opt/openshift/auth/kubeconfig"
"/opt/openshift/auth/kubeconfig-kubelet"
"/opt/openshift/tls/admin-kubeconfig-ca-bundle.crt"
"/opt/openshift/tls/aggregator-ca.key"
"/opt/openshift/tls/aggregator-ca.crt"
"/opt/openshift/tls/aggregator-ca-bundle.crt"
"/opt/openshift/tls/apiserver-proxy.key"
"/opt/openshift/tls/apiserver-proxy.crt"
"/opt/openshift/tls/aggregator-signer.key"
"/opt/openshift/tls/aggregator-signer.crt"
"/opt/openshift/tls/apiserver.key"
"/opt/openshift/tls/apiserver.crt"
"/opt/openshift/tls/apiserver-proxy.key"
"/opt/openshift/tls/apiserver-proxy.crt"
"/opt/openshift/tls/etcd-client-ca.key"
"/opt/openshift/tls/etcd-client-ca.crt"
"/opt/openshift/tls/etcd-ca-bundle.crt"
"/opt/openshift/tls/etcd-client.key"
"/opt/openshift/tls/etcd-client.crt"
"/opt/openshift/tls/etcd-metric-ca-bundle.crt"
"/opt/openshift/tls/etcd-metric-signer.key"
"/opt/openshift/tls/etcd-metric-signer.crt"
"/opt/openshift/tls/etcd-metric-signer-client.key"
"/opt/openshift/tls/etcd-metric-signer-client.crt"
"/opt/openshift/tls/etcd-signer.key"
"/opt/openshift/tls/etcd-signer.crt"
"/opt/openshift/tls/etcd-signer-client.key"
"/opt/openshift/tls/etcd-signer-client.crt"
"/opt/openshift/tls/kube-apiserver-lb-ca-bundle.crt"
"/opt/openshift/tls/kube-apiserver-lb-server.key"
"/opt/openshift/tls/kube-apiserver-lb-server.crt"
"/opt/openshift/tls/kube-apiserver-lb-signer.key"
"/opt/openshift/tls/kube-apiserver-lb-signer.crt"
"/opt/openshift/tls/kube-apiserver-localhost-ca-bundle.crt"
"/opt/openshift/tls/kube-apiserver-localhost-server.key"
"/opt/openshift/tls/kube-apiserver-localhost-server.crt"
"/opt/openshift/tls/kube-apiserver-localhost-signer.key"
"/opt/openshift/tls/kube-apiserver-localhost-signer.crt"
"/opt/openshift/tls/kube-apiserver-service-network-ca-bundle.crt"
"/opt/openshift/tls/kube-apiserver-service-network-server.key"
"/opt/openshift/tls/kube-apiserver-service-network-server.crt"
"/opt/openshift/tls/kube-apiserver-service-network-signer.key"
"/opt/openshift/tls/kube-apiserver-service-network-signer.crt"
"/opt/openshift/tls/kube-apiserver-complete-server-ca-bundle.crt"
"/opt/openshift/tls/kube-apiserver-complete-client-ca-bundle.crt"
"/opt/openshift/tls/kube-apiserver-to-kubelet-ca-bundle.crt"
"/opt/openshift/tls/kube-apiserver-to-kubelet-client.key"
"/opt/openshift/tls/kube-apiserver-to-kubelet-client.crt"
"/opt/openshift/tls/kube-apiserver-to-kubelet-signer.key"
"/opt/openshift/tls/kube-apiserver-to-kubelet-signer.crt"
"/opt/openshift/tls/kube-ca.key"
"/opt/openshift/tls/kube-ca.crt"
"/opt/openshift/tls/kube-control-plane-ca-bundle.crt"
"/opt/openshift/tls/kube-control-plane-kube-controller-manager-client.key"
"/opt/openshift/tls/kube-control-plane-kube-controller-manager-client.crt"
"/opt/openshift/tls/kube-control-plane-kube-scheduler-client.key"
"/opt/openshift/tls/kube-control-plane-kube-scheduler-client.crt"
"/opt/openshift/tls/kube-control-plane-signer.key"
"/opt/openshift/tls/kube-control-plane-signer.crt"
"/opt/openshift/tls/kubelet-bootstrap-kubeconfig-ca-bundle.crt"
"/opt/openshift/tls/kubelet-client-ca-bundle.crt"
"/opt/openshift/tls/kubelet-client.key"
"/opt/openshift/tls/kubelet-client.crt"
"/opt/openshift/tls/kubelet-signer.key"
"/opt/openshift/tls/kubelet-signer.crt"
"/opt/openshift/tls/kubelet-serving-ca-bundle.crt"
"/opt/openshift/tls/machine-config-server.key"
"/opt/openshift/tls/machine-config-server.crt"
"/opt/openshift/tls/service-account.key"
"/opt/openshift/tls/service-account.pub"
"/opt/openshift/tls/journal-gatewayd.key"
"/opt/openshift/tls/journal-gatewayd.crt"
"/opt/openshift/tls/root-ca.crt"

# 4. systemd units managed by ignition
$ cat bootstrap.ign |jq '.systemd[][].name'
"bootkube.service"
"chown-gatewayd-key.service"
"kubelet.service"
"openshift.service"
"progress.service"
"systemd-journal-gatewayd.service"
"systemd-journal-gatewayd.socket"

Master Ignition Config


{
  "ignition": {
    "config": {
      "append": [
        {
          "source": "https://api.ocp4-cluster32.cluster3.local:22623/config/master",
          "verification": {}
        }
      ]
    },
    "security": {
      "tls": {
        "certificateAuthorities": [
          {
            "source": "data:text/plain;charset=utf-8;base64,LS0tLS1C....",
            "verification": {}
          }
        ]
      }
    },
    "timeouts": {},
    "version": "2.2.0"
  },
  "networkd": {},
  "passwd": {},
  "storage": {},
  "systemd": {}
}

Worker Ignition Config

{
  "ignition": {
    "config": {
      "append": [
        {
          "source": "https://api.ocp4-cluster32.cluster3.local:22623/config/worker",
          "verification": {}
        }
      ]
    },
    "security": {
      "tls": {
        "certificateAuthorities": [
          {
            "source": "data:text/plain;charset=utf-8;base64,LS0tLS1......",
            "verification": {}
          }
        ]
      }
    },
    "timeouts": {},
    "version": "2.2.0"
  },
  "networkd": {},
  "passwd": {},
  "storage": {},
  "systemd": {}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.