Skip to content

Manage routing wildcard domain #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 2 commits into from
Nov 19, 2018
Merged

Manage routing wildcard domain #59

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a315b9b
Add aws-sdk-go dependency
ironcladlou Nov 9, 2018
2b9a2f6
Manage DNS for load balancer services
ironcladlou Nov 9, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions Gopkg.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions Gopkg.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ required = [
name = "github.com/openshift/cluster-version-operator"
revision = "fe673cb712fa5e27001488fc088ac91bb553353d"

[[constraint]]
name = "github.com/aws/aws-sdk-go"
version = "v1.15.72"

[[override]]
name = "k8s.io/api"
version = "kubernetes-1.10.1"
Expand Down
77 changes: 62 additions & 15 deletions cmd/cluster-ingress-operator/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,13 @@ package main

import (
"context"
"fmt"
"runtime"
"strings"
"time"

"github.com/openshift/cluster-ingress-operator/pkg/dns"
awsdns "github.com/openshift/cluster-ingress-operator/pkg/dns/aws"
"github.com/openshift/cluster-ingress-operator/pkg/manifests"
stub "github.com/openshift/cluster-ingress-operator/pkg/stub"
"github.com/openshift/cluster-ingress-operator/pkg/util"
Expand All @@ -18,6 +22,8 @@ import (

"github.com/sirupsen/logrus"

corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
)

Expand All @@ -38,34 +44,75 @@ func main() {
if err != nil {
logrus.Fatalf("Failed to get watch namespace: %v", err)
}
kubeClient := k8sclient.GetKubeClient()

ic, err := util.GetInstallConfig(kubeClient)
handler, err := createHandler(namespace)
Copy link
Contributor

@Miciah Miciah Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should check err.

Copy link
Contributor Author

@ironcladlou ironcladlou Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

if err != nil {
logrus.Fatalf("could't get installconfig: %v", err)
}

cvoClient, err := cvoclientset.NewForConfig(k8sclient.GetKubeConfig())
if err != nil {
logrus.Fatalf("Failed to get cvoClient: %v", err)
}

handler := &stub.Handler{
CvoClient: cvoClient,
InstallConfig: ic,
Namespace: namespace,
ManifestFactory: manifests.NewFactory(),
logrus.Fatalf("couldn't create handler: %v", err)
}

if err := handler.EnsureDefaultClusterIngress(); err != nil {
logrus.Fatalf("failed to ensure default cluster ingress: %v", err)
}

resyncPeriod := 10 * time.Minute
logrus.Infof("Watching %s, %s, %s, %d", resource, kind, namespace, resyncPeriod)
sdk.Watch(resource, kind, namespace, resyncPeriod)
// TODO Use a named constant for the router's namespace or get the
// namespace from config.
sdk.Watch("apps/v1", "DaemonSet", "openshift-ingress", resyncPeriod)
sdk.Watch("v1", "Service", "openshift-ingress", resyncPeriod)
sdk.Handle(handler)
sdk.Run(context.TODO())
}

func createHandler(namespace string) (*stub.Handler, error) {
Copy link
Contributor

@Miciah Miciah Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be moved to pkg/stub/handler.go and maybe renamed to "NewHandler".

Copy link
Contributor Author

@ironcladlou ironcladlou Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I almost didn't even refactor this -- I think we have more to think about here in terms of setup. Okay to revisit after the sdk upgrade?

Copy link
Contributor

@Miciah Miciah Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, it's only a suggestion.

cvoClient, err := cvoclientset.NewForConfig(k8sclient.GetKubeConfig())
if err != nil {
return nil, fmt.Errorf("failed to create CVO client: %v", err)
}

ic, err := util.GetInstallConfig(k8sclient.GetKubeClient())
if err != nil {
return nil, fmt.Errorf("failed to get installconfig: %v", err)
}

var dnsManager dns.Manager
switch {
case ic.Platform.AWS != nil:
Copy link
Contributor

@Miciah Miciah Nov 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could have an InstallConfig with a nil Platform, so we should check that here.

Copy link
Contributor Author

@ironcladlou ironcladlou Nov 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Platform is a value type, can't be nil

Copy link
Contributor

@Miciah Miciah Nov 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, right, sorry. Never mind!

awsCreds := &corev1.Secret{
TypeMeta: metav1.TypeMeta{
APIVersion: "v1",
Kind: "Secret",
},
ObjectMeta: metav1.ObjectMeta{
Name: "aws-creds",
Namespace: metav1.NamespaceSystem,
},
}
err := sdk.Get(awsCreds)
if err != nil {
return nil, fmt.Errorf("failed to get aws creds from %s/%s: %v", awsCreds.Namespace, awsCreds.Name, err)
}
manager, err := awsdns.NewManager(awsdns.Config{
AccessID: string(awsCreds.Data["aws_access_key_id"]),
AccessKey: string(awsCreds.Data["aws_secret_access_key"]),
Region: ic.Platform.AWS.Region,
BaseDomain: strings.TrimSuffix(ic.BaseDomain, ".") + ".",
ClusterID: ic.ClusterID,
})
if err != nil {
return nil, fmt.Errorf("failed to create AWS DNS manager: %v", err)
}
dnsManager = manager
default:
dnsManager = &dns.NoopManager{}
}

return &stub.Handler{
InstallConfig: ic,
CvoClient: cvoClient,
Namespace: namespace,
ManifestFactory: manifests.NewFactory(),
DNSManager: dnsManager,
}, nil
}
18 changes: 12 additions & 6 deletions hack/release-local.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,28 @@ if [[ "${TEMP_COMMIT}" == "true" ]]; then
fi

REV=$(git rev-parse --short HEAD)
TAG="${TAG:-$REV}"

if [[ -z "${DOCKER+1}" ]] && command -v buildah >& /dev/null; then
buildah bud -t $REPO:$REV .
buildah push $REPO:$REV docker://$REPO:$REV
buildah bud -t $REPO:$TAG .
buildah push $REPO:$TAG docker://$REPO:$TAG
else
docker build -t $REPO:$REV .
docker push $REPO:$REV
docker build -t $REPO:$TAG .
docker push $REPO:$TAG
fi

if [[ "${TEMP_COMMIT}" == "true" ]]; then
git reset --soft HEAD~1
fi

cp -R manifests/* $MANIFESTS
cat manifests/02-deployment.yaml | sed "s~openshift/origin-cluster-ingress-operator:latest~$REPO:$REV~" > "$MANIFESTS/02-deployment.yaml"
cat manifests/02-deployment.yaml | sed "s~openshift/origin-cluster-ingress-operator:latest~$REPO:$TAG~" > "$MANIFESTS/02-deployment.yaml"

echo "Pushed $REPO:$REV"
echo "Pushed $REPO:$TAG"
echo "Install manifests using:"
echo ""
echo "oc apply -f $MANIFESTS"
echo ""
echo "Alternatively, rollout just a new operator deployment with:"
echo ""
echo "oc apply -f $MANIFESTS/02-deployment.yaml"
3 changes: 2 additions & 1 deletion hack/uninstall.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@
set -uo pipefail

# Disable the CVO
oc patch -n openshift-cluster-version daemonsets/cluster-version-operator --patch '{"spec": {"template": {"spec": {"nodeSelector": {"node-role.kubernetes.io/fake": ""}}}}}'
oc scale --replicas 0 -n openshift-cluster-version deployments/cluster-version-operator

# Uninstall the cluster-ingress-operator
oc delete -n openshift-ingress-operator deployments/ingress-operator
oc patch -n openshift-ingress-operator clusteringresses/default --patch '{"metadata":{"finalizers": []}}' --type=merge
oc delete -n openshift-ingress-operator clusteroperators.operatorstatus.openshift.io/openshift-ingress
oc delete --force --grace-period=0 -n openshift-ingress-operator clusteringresses/default
oc delete namespaces/openshift-ingress-operator
oc delete namespaces/openshift-ingress
Expand Down
14 changes: 14 additions & 0 deletions manifests/01-kube-system-aws-creds-role-binding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Binds the aws-creds-secret-reader role to the operator Service Account.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ingress-operator-aws-creds-secret-reader
namespace: kube-system
subjects:
- kind: ServiceAccount
name: ingress-operator
namespace: openshift-ingress-operator
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: aws-creds-secret-reader
Loading