From 3f7f0c94f3c8e7c4be31a9bebef5c3e9f3bb473a Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 31 Jan 2019 12:03:14 -0800 Subject: [PATCH 1/6] libvirt: switch from base_domain to cluster_domain --- data/data/libvirt/main.tf | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/data/data/libvirt/main.tf b/data/data/libvirt/main.tf index 06bbac25313..869d151bef7 100644 --- a/data/data/libvirt/main.tf +++ b/data/data/libvirt/main.tf @@ -1,3 +1,7 @@ +locals { + cluster_domain = "${var.cluster_name}.${var.base_domain}" +} + provider "libvirt" { uri = "${var.libvirt_uri}" } @@ -36,7 +40,7 @@ resource "libvirt_network" "net" { mode = "nat" bridge = "${var.libvirt_network_if}" - domain = "${var.base_domain}" + domain = "${local.cluster_domain}" addresses = [ "${var.machine_cidr}", @@ -92,27 +96,27 @@ resource "libvirt_domain" "master" { data "libvirt_network_dns_host_template" "bootstrap" { count = "${var.bootstrap_dns ? 1 : 0}" ip = "${var.libvirt_bootstrap_ip}" - hostname = "${var.cluster_name}-api" + hostname = "api.${local.cluster_domain}" } data "libvirt_network_dns_host_template" "masters" { count = "${var.master_count}" ip = "${var.libvirt_master_ips[count.index]}" - hostname = "${var.cluster_name}-api" + hostname = "api.${local.cluster_domain}" } data "libvirt_network_dns_host_template" "etcds" { count = "${var.master_count}" ip = "${var.libvirt_master_ips[count.index]}" - hostname = "${var.cluster_name}-etcd-${count.index}" + hostname = "etcd-${count.index}.${local.cluster_domain}" } data "libvirt_network_dns_srv_template" "etcd_cluster" { count = "${var.master_count}" service = "etcd-server-ssl" protocol = "tcp" - domain = "${var.cluster_name}.${var.base_domain}" + domain = "${local.cluster_domain}" port = 2380 weight = 10 - target = "${var.cluster_name}-etcd-${count.index}.${var.base_domain}" + target = "etcd-${count.index}.${local.cluster_domain}" } From 65380308c19b3b4d597dbb58c4e7b3fc21adf72e Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 31 Jan 2019 12:03:51 -0800 Subject: [PATCH 2/6] aws: switch from base_domain to cluster_domain --- data/data/aws/main.tf | 8 +++++--- data/data/aws/route53/base.tf | 6 ++++-- data/data/aws/vpc/vpc.tf | 4 +++- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/data/data/aws/main.tf b/data/data/aws/main.tf index 5ce4f01e3f9..14161edd4ba 100644 --- a/data/data/aws/main.tf +++ b/data/data/aws/main.tf @@ -1,6 +1,8 @@ locals { private_zone_id = "${aws_route53_zone.int.zone_id}" + cluster_domain = "${var.cluster_name}.${var.base_domain}" + tags = "${merge(map( "openshiftClusterID", "${var.cluster_id}" ), var.aws_extra_tags)}" @@ -92,7 +94,7 @@ resource "aws_route53_record" "etcd_a_nodes" { type = "A" ttl = "60" zone_id = "${local.private_zone_id}" - name = "${var.cluster_name}-etcd-${count.index}" + name = "etcd-${count.index}.${local.cluster_domain}" records = ["${module.masters.ip_addresses[count.index]}"] } @@ -100,12 +102,12 @@ resource "aws_route53_record" "etcd_cluster" { type = "SRV" ttl = "60" zone_id = "${local.private_zone_id}" - name = "_etcd-server-ssl._tcp.${var.cluster_name}" + name = "_etcd-server-ssl._tcp" records = ["${formatlist("0 10 2380 %s", aws_route53_record.etcd_a_nodes.*.fqdn)}"] } resource "aws_route53_zone" "int" { - name = "${var.base_domain}" + name = "${local.cluster_domain}" force_destroy = true vpc { diff --git a/data/data/aws/route53/base.tf b/data/data/aws/route53/base.tf index d9f4d06dc07..b92e435baab 100644 --- a/data/data/aws/route53/base.tf +++ b/data/data/aws/route53/base.tf @@ -6,11 +6,13 @@ locals { public_zone_id = "${data.aws_route53_zone.base.zone_id}" zone_id = "${var.private_zone_id}" + + cluster_domain = "${var.cluster_name}.${var.base_domain}" } resource "aws_route53_record" "api_external" { zone_id = "${local.public_zone_id}" - name = "${var.cluster_name}-api.${var.base_domain}" + name = "api.${local.cluster_domain}" type = "A" alias { @@ -22,7 +24,7 @@ resource "aws_route53_record" "api_external" { resource "aws_route53_record" "api_internal" { zone_id = "${var.private_zone_id}" - name = "${var.cluster_name}-api.${var.base_domain}" + name = "api.${local.cluster_domain}" type = "A" alias { diff --git a/data/data/aws/vpc/vpc.tf b/data/data/aws/vpc/vpc.tf index 4a44b92e75d..01b19e9d1fb 100644 --- a/data/data/aws/vpc/vpc.tf +++ b/data/data/aws/vpc/vpc.tf @@ -1,6 +1,8 @@ locals { new_private_cidr_range = "${cidrsubnet(data.aws_vpc.cluster_vpc.cidr_block,1,1)}" new_public_cidr_range = "${cidrsubnet(data.aws_vpc.cluster_vpc.cidr_block,1,0)}" + + cluster_domain = "${var.cluster_name}.${var.base_domain}" } resource "aws_vpc" "new_vpc" { @@ -9,7 +11,7 @@ resource "aws_vpc" "new_vpc" { enable_dns_support = true tags = "${merge(map( - "Name", "${var.cluster_name}.${var.base_domain}", + "Name", "${local.cluster_domain}", ), var.tags)}" } From 1ab1cd3fb04f2ed0b4ff831c1a436ddfd9171ae0 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 31 Jan 2019 12:05:24 -0800 Subject: [PATCH 3/6] types: add ClusterDomain helper for InstallConfig --- pkg/types/installconfig.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/types/installconfig.go b/pkg/types/installconfig.go index 97ac99d0401..86c332f98d3 100644 --- a/pkg/types/installconfig.go +++ b/pkg/types/installconfig.go @@ -1,6 +1,8 @@ package types import ( + "fmt" + "github.com/openshift/installer/pkg/ipnet" "github.com/openshift/installer/pkg/types/aws" "github.com/openshift/installer/pkg/types/libvirt" @@ -64,6 +66,11 @@ type InstallConfig struct { PullSecret string `json:"pullSecret"` } +// ClusterDomain returns the DNS domain that all records for a cluster must belong to. +func (c *InstallConfig) ClusterDomain() string { + return fmt.Sprintf("%s.%s", c.ObjectMeta.Name, c.BaseDomain) +} + // Platform is the configuration for the specific platform upon which to perform // the installation. Only one of the platform configuration should be set. type Platform struct { From 2a0f9b3415520c3e7594fc0e95d58b0971e75975 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 31 Jan 2019 12:04:23 -0800 Subject: [PATCH 4/6] assets: update assets to use cluster_domain, new api URL --- pkg/asset/ignition/bootstrap/bootstrap.go | 2 +- pkg/asset/ignition/machine/node.go | 2 +- pkg/asset/kubeconfig/kubeconfig.go | 2 +- pkg/asset/kubeconfig/kubeconfig_test.go | 4 ++-- pkg/asset/manifests/dns.go | 2 +- pkg/asset/manifests/ingress.go | 2 +- pkg/asset/manifests/operators.go | 4 ++-- pkg/asset/manifests/utils.go | 4 ++-- pkg/asset/tls/helper.go | 2 +- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go index 29d6af434ac..fcc1ff25001 100644 --- a/pkg/asset/ignition/bootstrap/bootstrap.go +++ b/pkg/asset/ignition/bootstrap/bootstrap.go @@ -142,7 +142,7 @@ func (a *Bootstrap) Files() []*asset.File { func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootstrapTemplateData, error) { etcdEndpoints := make([]string, *installConfig.ControlPlane.Replicas) for i := range etcdEndpoints { - etcdEndpoints[i] = fmt.Sprintf("https://%s-etcd-%d.%s:2379", installConfig.ObjectMeta.Name, i, installConfig.BaseDomain) + etcdEndpoints[i] = fmt.Sprintf("https://etcd-%d.%s:2379", i, installConfig.ClusterDomain()) } releaseImage := defaultReleaseImage diff --git a/pkg/asset/ignition/machine/node.go b/pkg/asset/ignition/machine/node.go index 28f104b5359..62c5452fb0b 100644 --- a/pkg/asset/ignition/machine/node.go +++ b/pkg/asset/ignition/machine/node.go @@ -21,7 +21,7 @@ func pointerIgnitionConfig(installConfig *types.InstallConfig, rootCA []byte, ro Source: func() *url.URL { return &url.URL{ Scheme: "https", - Host: fmt.Sprintf("%s-api.%s:22623", installConfig.ObjectMeta.Name, installConfig.BaseDomain), + Host: fmt.Sprintf("api.%s:22623", installConfig.ClusterDomain()), Path: fmt.Sprintf("/config/%s", role), } }().String(), diff --git a/pkg/asset/kubeconfig/kubeconfig.go b/pkg/asset/kubeconfig/kubeconfig.go index 5ac43530dd3..4df217164a8 100644 --- a/pkg/asset/kubeconfig/kubeconfig.go +++ b/pkg/asset/kubeconfig/kubeconfig.go @@ -31,7 +31,7 @@ func (k *kubeconfig) generate( { Name: installConfig.ObjectMeta.Name, Cluster: clientcmd.Cluster{ - Server: fmt.Sprintf("https://%s-api.%s:6443", installConfig.ObjectMeta.Name, installConfig.BaseDomain), + Server: fmt.Sprintf("https://api.%s:6443", installConfig.ClusterDomain()), CertificateAuthorityData: []byte(rootCA.Cert()), }, }, diff --git a/pkg/asset/kubeconfig/kubeconfig_test.go b/pkg/asset/kubeconfig/kubeconfig_test.go index 44352a244c8..0e2116ddd03 100644 --- a/pkg/asset/kubeconfig/kubeconfig_test.go +++ b/pkg/asset/kubeconfig/kubeconfig_test.go @@ -62,7 +62,7 @@ func TestKubeconfigGenerate(t *testing.T) { expectedData: []byte(`clusters: - cluster: certificate-authority-data: VEhJUyBJUyBST09UIENBIENFUlQgREFUQQ== - server: https://test-cluster-name-api.test.example.com:6443 + server: https://api.test-cluster-name.test.example.com:6443 name: test-cluster-name contexts: - context: @@ -86,7 +86,7 @@ users: expectedData: []byte(`clusters: - cluster: certificate-authority-data: VEhJUyBJUyBST09UIENBIENFUlQgREFUQQ== - server: https://test-cluster-name-api.test.example.com:6443 + server: https://api.test-cluster-name.test.example.com:6443 name: test-cluster-name contexts: - context: diff --git a/pkg/asset/manifests/dns.go b/pkg/asset/manifests/dns.go index 8574ada15b1..fe6992a64fe 100644 --- a/pkg/asset/manifests/dns.go +++ b/pkg/asset/manifests/dns.go @@ -65,7 +65,7 @@ func (d *DNS) Generate(dependencies asset.Parents) error { // not namespaced }, Spec: configv1.DNSSpec{ - BaseDomain: installConfig.Config.BaseDomain, + BaseDomain: installConfig.Config.ClusterDomain(), }, } diff --git a/pkg/asset/manifests/ingress.go b/pkg/asset/manifests/ingress.go index 4f8800dff47..a65a1fbbfbe 100644 --- a/pkg/asset/manifests/ingress.go +++ b/pkg/asset/manifests/ingress.go @@ -52,7 +52,7 @@ func (ing *Ingress) Generate(dependencies asset.Parents) error { // not namespaced }, Spec: configv1.IngressSpec{ - Domain: fmt.Sprintf("apps.%s.%s", installConfig.Config.ObjectMeta.Name, installConfig.Config.BaseDomain), + Domain: fmt.Sprintf("apps.%s", installConfig.Config.ClusterDomain()), }, } diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index 2d3068d96f6..4b14a420f4a 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -142,7 +142,7 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass etcdEndpointHostnames := make([]string, *installConfig.Config.ControlPlane.Replicas) for i := range etcdEndpointHostnames { - etcdEndpointHostnames[i] = fmt.Sprintf("%s-etcd-%d", installConfig.Config.ObjectMeta.Name, i) + etcdEndpointHostnames[i] = fmt.Sprintf("etcd-%d", i) } templateData := &bootkubeTemplateData{ @@ -158,7 +158,7 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass RootCaCert: string(rootCA.Cert()), CVOClusterID: clusterID.ClusterID, EtcdEndpointHostnames: etcdEndpointHostnames, - EtcdEndpointDNSSuffix: installConfig.Config.BaseDomain, + EtcdEndpointDNSSuffix: installConfig.Config.ClusterDomain(), } kubeCloudConfig := &bootkube.KubeCloudConfig{} diff --git a/pkg/asset/manifests/utils.go b/pkg/asset/manifests/utils.go index fa8ab986ec0..603aec23853 100644 --- a/pkg/asset/manifests/utils.go +++ b/pkg/asset/manifests/utils.go @@ -34,9 +34,9 @@ func configMap(namespace, name string, data genericData) *configurationObject { } func getAPIServerURL(ic *types.InstallConfig) string { - return fmt.Sprintf("https://%s-api.%s:6443", ic.ObjectMeta.Name, ic.BaseDomain) + return fmt.Sprintf("https://api.%s:6443", ic.ClusterDomain()) } func getEtcdDiscoveryDomain(ic *types.InstallConfig) string { - return fmt.Sprintf("%s.%s", ic.ObjectMeta.Name, ic.BaseDomain) + return ic.ClusterDomain() } diff --git a/pkg/asset/tls/helper.go b/pkg/asset/tls/helper.go index de02b26029c..101bf16ff0a 100644 --- a/pkg/asset/tls/helper.go +++ b/pkg/asset/tls/helper.go @@ -19,7 +19,7 @@ func assetFilePath(filename string) string { } func apiAddress(cfg *types.InstallConfig) string { - return fmt.Sprintf("%s-api.%s", cfg.ObjectMeta.Name, cfg.BaseDomain) + return fmt.Sprintf("api.%s", cfg.ClusterDomain()) } func cidrhost(network net.IPNet, hostNum int) (string, error) { From bab60857dbfe19bd12686a0d1c766254b2d056f8 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 14 Feb 2019 14:14:59 -0800 Subject: [PATCH 5/6] destroy/aws: update the public zone discovery The public zone is now a parent domain of the private zone. The discovery of public zone now tried to find a public zone that is the nearest parent domain of the private zone's domain. --- pkg/destroy/aws/aws.go | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/pkg/destroy/aws/aws.go b/pkg/destroy/aws/aws.go index 9e761cf18a8..b6c5887b87f 100644 --- a/pkg/destroy/aws/aws.go +++ b/pkg/destroy/aws/aws.go @@ -348,21 +348,47 @@ func getSharedHostedZone(client *route53.Route53, privateID string, logger logru logger.WithField("hosted zone", privateName).Warn("could not determine whether hosted zone is private") } + domain := privateName + parents := []string{domain} + for { + idx := strings.Index(domain, ".") + if idx == -1 { + break + } + if len(domain[idx+1:]) > 0 { + parents = append(parents, domain[idx+1:]) + } + domain = domain[idx+1:] + } + + for _, p := range parents { + sZone, err := findPublicRoute53(client, p, logger) + if err != nil { + return "", err + } + if sZone != "" { + return sZone, nil + } + } + return "", nil +} + +// findPublicRoute53 finds a public route53 zone matching the dnsName. +// It returns "", when no public route53 zone could be found. +func findPublicRoute53(client *route53.Route53, dnsName string, logger logrus.FieldLogger) (string, error) { request := &route53.ListHostedZonesByNameInput{ - DNSName: aws.String(privateName), + DNSName: aws.String(dnsName), } for i := 0; true; i++ { - logger.Debugf("listing AWS hosted zones (page %d)", i) + logger.Debugf("listing AWS hosted zones %q (page %d)", dnsName, i) list, err := client.ListHostedZonesByName(request) if err != nil { return "", err } for _, zone := range list.HostedZones { - if *zone.Id == privateID { - continue - } - if *zone.Name != privateName { + if *zone.Name != dnsName { + // No name after this can match dnsName return "", nil } if zone.Config == nil || zone.Config.PrivateZone == nil { @@ -381,7 +407,6 @@ func getSharedHostedZone(client *route53.Route53, privateID string, logger logru break } - return "", nil } From a0a77add3ddf259f7c0dbcfabc00a61af5cc9575 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Thu, 14 Feb 2019 14:20:38 -0800 Subject: [PATCH 6/6] openstack: switch from base_domain to cluster_domain --- data/data/openstack/main.tf | 6 +++++- data/data/openstack/service/main.tf | 18 +++++++++--------- data/data/openstack/service/variables.tf | 2 +- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/data/data/openstack/main.tf b/data/data/openstack/main.tf index 55ae38e5e2d..0432e37fe50 100644 --- a/data/data/openstack/main.tf +++ b/data/data/openstack/main.tf @@ -1,3 +1,7 @@ +locals { + cluster_domain = "${var.cluster_name}.${var.base_domain}" +} + provider "openstack" { auth_url = "${var.openstack_credentials_auth_url}" cert = "${var.openstack_credentials_cert}" @@ -81,7 +85,7 @@ module "topology" { } resource "openstack_objectstorage_container_v1" "container" { - name = "${lower(var.cluster_name)}.${var.base_domain}" + name = "${local.cluster_domain}" metadata = "${merge(map( "Name", "${var.cluster_name}-ignition-master", diff --git a/data/data/openstack/service/main.tf b/data/data/openstack/service/main.tf index a7bb8db1880..bdfb650b9c6 100644 --- a/data/data/openstack/service/main.tf +++ b/data/data/openstack/service/main.tf @@ -134,19 +134,19 @@ data "ignition_file" "corefile" { errors reload 10s -${length(var.lb_floating_ip) == 0 ? "" : " file /etc/coredns/db.${var.cluster_domain} ${var.cluster_name}-api.${var.cluster_domain} {\n }\n"} +${length(var.lb_floating_ip) == 0 ? "" : " file /etc/coredns/db.${var.cluster_domain} api.${var.cluster_domain} {\n }\n"} - file /etc/coredns/db.${var.cluster_domain} _etcd-server-ssl._tcp.${var.cluster_name}.${var.cluster_domain} { + file /etc/coredns/db.${var.cluster_domain} _etcd-server-ssl._tcp.${var.cluster_domain} { } -${replace(join("\n", formatlist(" file /etc/coredns/db.${var.cluster_domain} ${var.cluster_name}-etcd-%s.${var.cluster_domain} {\n upstream /etc/resolv.conf\n }\n", var.master_port_names)), "master-port-", "")} +${replace(join("\n", formatlist(" file /etc/coredns/db.${var.cluster_domain} etcd-%s.${var.cluster_domain} {\n upstream /etc/resolv.conf\n }\n", var.master_port_names)), "master-port-", "")} forward . /etc/resolv.conf { } } -${var.cluster_name}.${var.cluster_domain} { +${var.cluster_domain} { log errors reload 10s @@ -168,7 +168,7 @@ data "ignition_file" "coredb" { content { content = <