set ntp server and reload config

koflanx · koflanx · commit 45e3b6e29da4 · 2025-07-07T15:48:44.000+02:00
anexia-it/machine-controller@f9025b9 ANXKUBE-1356: Use Anexia NTP servers In comparison to the official Flatcar ones, our NTP servers are not automatically blocked by the firewall. anexia-it/machine-controller@9710c81 ANXKUBE-1353: Apply sysctls automatically with kubelet sysctl --system can be executed multiple times, so this should be a safe change. It's also just a soft dependency (Wants instead of Requires), so even in case of an error, it would not block the startup of kubelet. It's still unclear why the unit is sometimes not executed and right now, I assume it has to do something with the network dependences.Please enter the commit message for your changes. Lines starting
diff --git a/deploy/osps/default/osp-flatcar-cloud-init.yaml b/deploy/osps/default/osp-flatcar-cloud-init.yaml
@@ -550,6 +550,7 @@ spec:
               After={{ .ContainerRuntime }}.service
               {{- if eq .CloudProviderName "anexia" }}
               Requires={{ .ContainerRuntime }}.service rpc-statd.service
+              Wants=apply-sysctl-settings.service
               {{- else }}
               Requires={{ .ContainerRuntime }}.service
               {{- end }}
diff --git a/deploy/osps/default/osp-flatcar.yaml b/deploy/osps/default/osp-flatcar.yaml
@@ -891,3 +891,12 @@ spec:
               PrintMotd no # handled by PAM
               PasswordAuthentication no
               ChallengeResponseAuthentication no
+      - path: /etc/systemd/timesyncd.conf
+        permissions: 644
+        content:
+          inline:
+            data: |
+              # ANXKUBE-1356 made us realise that we have to use our custom NTP servers,
+              # because the official Flatcar ones might be blocked by a firewall.
+              [Time]
+              NTP=ntp0101.anexia-it.net ntp0401.anexia-it.net ntp8201.anexia-it.net
diff --git a/pkg/controllers/osc/testdata/osc-flatcar-aws-containerd.yaml b/pkg/controllers/osc/testdata/osc-flatcar-aws-containerd.yaml
@@ -561,6 +561,15 @@ spec:
             ChallengeResponseAuthentication no
       path: /etc/ssh/sshd_config
       permissions: 600
+    - content:
+        inline:
+          data: |
+            # ANXKUBE-1356 made us realise that we have to use our custom NTP servers,
+            # because the official Flatcar ones might be blocked by a firewall.
+            [Time]
+            NTP=ntp0101.anexia-it.net ntp0401.anexia-it.net ntp8201.anexia-it.net
+      path: /etc/systemd/timesyncd.conf
+      permissions: 644
     - content:
         inline:
           data: |
diff --git a/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-provisioning.yaml b/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-provisioning.yaml
