diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go index 4fd79bddbdb..51e6fc9bad7 100644 --- a/pkg/asset/ignition/bootstrap/bootstrap.go +++ b/pkg/asset/ignition/bootstrap/bootstrap.go @@ -4,11 +4,13 @@ import ( "bytes" "encoding/json" "fmt" + "os" "strings" "text/template" "github.com/coreos/ignition/config/util" igntypes "github.com/coreos/ignition/config/v2_2/types" + log "github.com/sirupsen/logrus" "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/ignition" @@ -21,23 +23,24 @@ import ( ) const ( - rootDir = "/opt/tectonic" + rootDir = "/opt/tectonic" + defaultReleaseImage = "registry.svc.ci.openshift.org/openshift/origin-release:v4.0" ) // bootstrapTemplateData is the data to use to replace values in bootstrap // template files. type bootstrapTemplateData struct { - ClusterDNSIP string - CloudProvider string - CloudProviderConfig string - DebugConfig string - KubeCoreRenderImage string - MachineConfigOperatorImage string - EtcdCertSignerImage string - EtcdctlImage string - BootkubeImage string - HyperkubeImage string - EtcdCluster string + BootkubeImage string + CloudProvider string + CloudProviderConfig string + ClusterDNSIP string + DebugConfig string + EtcdCertSignerImage string + EtcdCluster string + EtcdctlImage string + HyperkubeImage string + KubeCoreRenderImage string + ReleaseImage string } // bootstrap is an asset that generates the ignition config for bootstrap nodes. @@ -189,18 +192,25 @@ func (a *bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst for i := range etcdEndpoints { etcdEndpoints[i] = fmt.Sprintf("https://%s-etcd-%d.%s:2379", installConfig.Name, i, installConfig.BaseDomain) } + + releaseImage := defaultReleaseImage + if ri, ok := os.LookupEnv("OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE"); ok && ri != "" { + log.Warn("Found override for ReleaseImage. Please be warned, this is not advised") + releaseImage = ri + } + return &bootstrapTemplateData{ - ClusterDNSIP: clusterDNSIP, - CloudProvider: getCloudProvider(installConfig), - CloudProviderConfig: getCloudProviderConfig(installConfig), - DebugConfig: "", - KubeCoreRenderImage: "quay.io/coreos/kube-core-renderer-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85", - MachineConfigOperatorImage: "docker.io/openshift/origin-machine-config-operator:v4.0.0", - EtcdCertSignerImage: "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6", - EtcdctlImage: "quay.io/coreos/etcd:v3.2.14", - BootkubeImage: "quay.io/coreos/bootkube:v0.10.0", - HyperkubeImage: "openshift/origin-node:latest", - EtcdCluster: strings.Join(etcdEndpoints, ","), + ClusterDNSIP: clusterDNSIP, + CloudProvider: getCloudProvider(installConfig), + CloudProviderConfig: getCloudProviderConfig(installConfig), + DebugConfig: "", + KubeCoreRenderImage: "quay.io/coreos/kube-core-renderer-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85", + EtcdCertSignerImage: "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6", + EtcdctlImage: "quay.io/coreos/etcd:v3.2.14", + BootkubeImage: "quay.io/coreos/bootkube:v0.10.0", + ReleaseImage: releaseImage, + HyperkubeImage: "openshift/origin-node:latest", + EtcdCluster: strings.Join(etcdEndpoints, ","), }, nil } diff --git a/pkg/asset/ignition/content/bootkube.go b/pkg/asset/ignition/content/bootkube.go index e38b1b2b2ae..5a7110f20a2 100644 --- a/pkg/asset/ignition/content/bootkube.go +++ b/pkg/asset/ignition/content/bootkube.go @@ -29,6 +29,25 @@ set -e mkdir --parents /etc/kubernetes/manifests/ +MACHINE_CONFIG_OPERATOR_IMAGE=$(podman run --rm {{.ReleaseImage}} image machine-config-operator) +echo "Found Machine Config Operator's image: $MACHINE_CONFIG_OPERATOR_IMAGE" + +if [ ! -d cvo-bootstrap ] +then + echo "Rendering Cluster Version Operator Manifests..." + + # shellcheck disable=SC2154 + podman run \ + --volume "$PWD:/assets:z" \ + "{{.ReleaseImage}}" \ + render \ + --output-dir=/assets/cvo-bootstrap \ + --release-image="{{.ReleaseImage}}" + + cp --recursive cvo-bootstrap/manifests . + cp --recursive cvo-bootstrap/bootstrap/bootstrap-pod.yaml /etc/kubernetes/manifests/ +fi + if [ ! -d kco-bootstrap ] then echo "Rendering Kubernetes core manifests..." @@ -54,7 +73,7 @@ then podman run \ --user 0 \ --volume "$PWD:/assets:z" \ - "{{.MachineConfigOperatorImage}}" \ + "${MACHINE_CONFIG_OPERATOR_IMAGE}" \ bootstrap \ --etcd-ca=/assets/tls/etcd-client-ca.crt \ --root-ca=/assets/tls/root-ca.crt \ diff --git a/pkg/asset/ignition/content/tectonic.go b/pkg/asset/ignition/content/tectonic.go index b6e87996564..635d2bc35cd 100644 --- a/pkg/asset/ignition/content/tectonic.go +++ b/pkg/asset/ignition/content/tectonic.go @@ -80,39 +80,12 @@ wait_for_pods() { # Wait for Kubernetes pods wait_for_pods kube-system -echo "Creating initial roles..." -kubectl delete --filename rbac/role-admin.yaml - -kubectl create --filename ingress/svc-account.yaml -kubectl create --filename rbac/role-admin.yaml -kubectl create --filename rbac/role-user.yaml -kubectl create --filename rbac/binding-admin.yaml -kubectl create --filename rbac/binding-discovery.yaml - -echo "Creating cluster config for Tectonic..." -kubectl create --filename cluster-config.yaml -kubectl create --filename ingress/cluster-config.yaml - -echo "Creating Tectonic secrets..." -kubectl create --filename secrets/pull.json -kubectl create --filename secrets/ingress-tls.yaml -kubectl create --filename secrets/ca-cert.yaml -kubectl create --filename ingress/pull.json - -echo "Creating operators..." -kubectl create --filename security/priviledged-scc-tectonic.yaml -kubectl create --filename updater/app-version-kind.yaml -kubectl create --filename updater/migration-status-kind.yaml - -kubectl create --filename updater/operators/kube-core-operator.yaml -kubectl create --filename updater/operators/kube-addon-operator.yaml -kubectl create --filename updater/operators/tectonic-ingress-controller-operator.yaml - -kubectl --namespace=tectonic-system get customresourcedefinition appversions.tco.coreos.com -kubectl create --filename updater/app_versions/app-version-tectonic-cluster.yaml -kubectl create --filename updater/app_versions/app-version-kube-core.yaml -kubectl create --filename updater/app_versions/app-version-kube-addon.yaml -kubectl create --filename updater/app_versions/app-version-tectonic-ingress.yaml +for file in $(find . -type f -maxdepth 1) +do + echo "Creating object from file: $file ..." + kubectl create --filename "$file" + echo "Done creating object from file: $file ..." +done # Wait for Tectonic pods wait_for_pods tectonic-system diff --git a/pkg/asset/manifests/content/bootkube/machine-api-operator.go b/pkg/asset/manifests/content/bootkube/machine-api-operator.go deleted file mode 100644 index 3a649340659..00000000000 --- a/pkg/asset/manifests/content/bootkube/machine-api-operator.go +++ /dev/null @@ -1,61 +0,0 @@ -package bootkube - -const ( - // MachineAPIOperator is the constant to represent contents of Machine_Api_Operator.yaml file - MachineAPIOperator = ` ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: machine-api-operator - namespace: kube-system - labels: - k8s-app: machine-api-operator - managed-by-channel-operator: "true" -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: machine-api-operator - template: - metadata: - labels: - k8s-app: machine-api-operator - tectonic-app-version-name: machine-api - spec: - containers: - - name: machine-api-operator - image: quay.io/coreos/machine-api-operator:b6a04c2 - command: - - "/machine-api-operator" - resources: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 20m - memory: 50Mi - volumeMounts: - - name: cluster-config - mountPath: /etc/mao-config - imagePullSecrets: - - name: coreos-pull-secret - nodeSelector: - node-role.kubernetes.io/master: "" - restartPolicy: Always - securityContext: - runAsNonRoot: true - runAsUser: 65534 - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - volumes: - - name: cluster-config - configMap: - name: cluster-config-v1 - items: - - key: mao-config - path: config -` -) diff --git a/pkg/asset/manifests/content/bootkube/machine-config-operator-00-config-crd.go b/pkg/asset/manifests/content/bootkube/machine-config-operator-00-config-crd.go deleted file mode 100644 index 8490898890b..00000000000 --- a/pkg/asset/manifests/content/bootkube/machine-config-operator-00-config-crd.go +++ /dev/null @@ -1,32 +0,0 @@ -package bootkube - -const ( - // MachineConfigOperator00ConfigCrd is the constant to represent contents of Machine_ConfigOperator00ConfigCrd.yaml file - MachineConfigOperator00ConfigCrd = ` ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - # name must match the spec fields below, and be in the form: . - name: mcoconfigs.machineconfiguration.openshift.io -spec: - # group name to use for REST API: /apis// - group: machineconfiguration.openshift.io - # list of versions supported by this CustomResourceDefinition - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true - # either Namespaced or Cluster - scope: Namespaced - names: - # plural name to be used in the URL: /apis/// - plural: mcoconfigs - # singular name to be used as an alias on the CLI and for display - singular: mcoconfig - # kind is normally the CamelCased singular type. Your resource manifests use this. - kind: MCOConfig -` -) diff --git a/pkg/asset/manifests/content/bootkube/machine-config-operator-02-rbac.go b/pkg/asset/manifests/content/bootkube/machine-config-operator-02-rbac.go deleted file mode 100644 index cf797944553..00000000000 --- a/pkg/asset/manifests/content/bootkube/machine-config-operator-02-rbac.go +++ /dev/null @@ -1,20 +0,0 @@ -package bootkube - -const ( - // MachineConfigOperator02Rbac is the constant to represent contents of manifest file machine-config-operator-02-rbac.yaml - MachineConfigOperator02Rbac = ` ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: default-account-openshift-machine-config-operator -subjects: - - kind: ServiceAccount - name: default - namespace: openshift-machine-config-operator -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io -` -) diff --git a/pkg/asset/manifests/content/bootkube/machine-config-operator-03-deployment.go b/pkg/asset/manifests/content/bootkube/machine-config-operator-03-deployment.go deleted file mode 100644 index 26c6dbcc8f4..00000000000 --- a/pkg/asset/manifests/content/bootkube/machine-config-operator-03-deployment.go +++ /dev/null @@ -1,69 +0,0 @@ -package bootkube - -import ( - "text/template" -) - -var ( - // MachineConfigOperator03Deployment is the constant to represent contents of machine_configoperator03deployment.yaml file - MachineConfigOperator03Deployment = template.Must(template.New("machine-config-operator-03-deployment.yaml").Parse(` ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: machine-config-operator - namespace: openshift-machine-config-operator - labels: - k8s-app: machine-config-operator -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: machine-config-operator - template: - metadata: - labels: - k8s-app: machine-config-operator - spec: - containers: - - name: machine-config-operator - image: {{.MachineConfigOperatorImage}} - args: - - "start" - - "--images-json=/etc/mco/images/images.json" - resources: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 20m - memory: 50Mi - volumeMounts: - - name: root-ca - mountPath: /etc/ssl/kubernetes/ca.crt - - name: etcd-ca - mountPath: /etc/ssl/etcd/ca.crt - - name: images - mountPath: /etc/mco/images - nodeSelector: - node-role.kubernetes.io/master: "" - restartPolicy: Always - securityContext: - runAsNonRoot: true - runAsUser: 65534 - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - volumes: - - name: images - configMap: - name: machine-config-operator-images - - name: etcd-ca - hostPath: - path: /etc/ssl/etcd/ca.crt - - name: root-ca - hostPath: - path: /etc/kubernetes/ca.crt -`)) -) diff --git a/pkg/asset/manifests/content/tectonic/BUILD.bazel b/pkg/asset/manifests/content/tectonic/BUILD.bazel new file mode 100644 index 00000000000..35d301574dd --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/BUILD.bazel @@ -0,0 +1,26 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "binding-discovery.go", + "kube-addon-00-appversion.go", + "kube-addon-01-operator.go", + "kube-core-00-appversion.go", + "kube-core-00-operator.go", + "role-admin.go", + "role-user.go", + "tectonic-ingress-00-appversion.go", + "tectonic-ingress-01-cluster-config.go", + "tectonic-ingress-02-tls.go", + "tectonic-ingress-03-pull.go", + "tectonic-ingress-04-svc-account.go", + "tectonic-ingress-05-operator.go", + "tectonic-system-00-binding-admin.go", + "tectonic-system-01-ca-cert.go", + "tectonic-system-02-privileged-scc.go", + "tectonic-system-03-pull.go", + ], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/rbac/binding-discovery.go b/pkg/asset/manifests/content/tectonic/binding-discovery.go similarity index 96% rename from pkg/asset/manifests/content/tectonic/rbac/binding-discovery.go rename to pkg/asset/manifests/content/tectonic/binding-discovery.go index bdfdb19b837..79dc5febbf1 100644 --- a/pkg/asset/manifests/content/tectonic/rbac/binding-discovery.go +++ b/pkg/asset/manifests/content/tectonic/binding-discovery.go @@ -1,4 +1,4 @@ -package rbac +package tectonic const ( // BindingDiscovery is the variable/constant representing the contents of the respective file diff --git a/pkg/asset/manifests/content/tectonic/ingress/svc-account.go b/pkg/asset/manifests/content/tectonic/ingress/svc-account.go deleted file mode 100644 index 5d979fc16b4..00000000000 --- a/pkg/asset/manifests/content/tectonic/ingress/svc-account.go +++ /dev/null @@ -1,12 +0,0 @@ -package ingress - -const ( - // SvcAccount is the variable/constant representing the contents of the respective file - SvcAccount = ` -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tectonic-ingress-controller-operator - namespace: openshift-ingress -` -) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-addon.go b/pkg/asset/manifests/content/tectonic/kube-addon-00-appversion.go similarity index 95% rename from pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-addon.go rename to pkg/asset/manifests/content/tectonic/kube-addon-00-appversion.go index 128328165d6..30fda5308e0 100644 --- a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-addon.go +++ b/pkg/asset/manifests/content/tectonic/kube-addon-00-appversion.go @@ -1,4 +1,4 @@ -package appversions +package tectonic const ( // AppVersionKubeAddon is the variable/constant representing the contents of the respective file diff --git a/pkg/asset/manifests/content/tectonic/updater/operators/kube-addon-operator.go b/pkg/asset/manifests/content/tectonic/kube-addon-01-operator.go similarity index 98% rename from pkg/asset/manifests/content/tectonic/updater/operators/kube-addon-operator.go rename to pkg/asset/manifests/content/tectonic/kube-addon-01-operator.go index 964491da292..33fb6273d7a 100644 --- a/pkg/asset/manifests/content/tectonic/updater/operators/kube-addon-operator.go +++ b/pkg/asset/manifests/content/tectonic/kube-addon-01-operator.go @@ -1,4 +1,4 @@ -package operators +package tectonic import ( "text/template" diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-core.go b/pkg/asset/manifests/content/tectonic/kube-core-00-appversion.go similarity index 94% rename from pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-core.go rename to pkg/asset/manifests/content/tectonic/kube-core-00-appversion.go index 4613593cb37..a67ba4d09ae 100644 --- a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-core.go +++ b/pkg/asset/manifests/content/tectonic/kube-core-00-appversion.go @@ -1,4 +1,4 @@ -package appversions +package tectonic const ( // AppVersionKubeCore is the variable/constant representing the contents of the respective file diff --git a/pkg/asset/manifests/content/tectonic/updater/operators/kube-core-operator.go b/pkg/asset/manifests/content/tectonic/kube-core-00-operator.go similarity index 93% rename from pkg/asset/manifests/content/tectonic/updater/operators/kube-core-operator.go rename to pkg/asset/manifests/content/tectonic/kube-core-00-operator.go index 374928c0c14..909177805d6 100644 --- a/pkg/asset/manifests/content/tectonic/updater/operators/kube-core-operator.go +++ b/pkg/asset/manifests/content/tectonic/kube-core-00-operator.go @@ -1,4 +1,4 @@ -package operators +package tectonic import ( "text/template" @@ -6,8 +6,7 @@ import ( var ( // KubeCoreOperator is the variable/constant representing the contents of the respective file - KubeCoreOperator = template.Must(template.New("kube-core-operator.yaml").Parse(` ---- + KubeCoreOperator = template.Must(template.New("kube-core-00-operator.yaml").Parse(` apiVersion: apps/v1beta2 kind: Deployment metadata: diff --git a/pkg/asset/manifests/content/tectonic/rbac/role-admin.go b/pkg/asset/manifests/content/tectonic/role-admin.go similarity index 94% rename from pkg/asset/manifests/content/tectonic/rbac/role-admin.go rename to pkg/asset/manifests/content/tectonic/role-admin.go index 23744dcdf8b..57f95300fd1 100644 --- a/pkg/asset/manifests/content/tectonic/rbac/role-admin.go +++ b/pkg/asset/manifests/content/tectonic/role-admin.go @@ -1,4 +1,4 @@ -package rbac +package tectonic const ( // RoleAdmin is the variable/constant representing the contents of the respective file diff --git a/pkg/asset/manifests/content/tectonic/rbac/role-user.go b/pkg/asset/manifests/content/tectonic/role-user.go similarity index 99% rename from pkg/asset/manifests/content/tectonic/rbac/role-user.go rename to pkg/asset/manifests/content/tectonic/role-user.go index 4a14db9aa5a..ac0e40fe02c 100644 --- a/pkg/asset/manifests/content/tectonic/rbac/role-user.go +++ b/pkg/asset/manifests/content/tectonic/role-user.go @@ -1,4 +1,4 @@ -package rbac +package tectonic const ( // RoleUser is the variable/constant representing the contents of the respective file diff --git a/pkg/asset/manifests/content/tectonic/secrets/ca-cert.go b/pkg/asset/manifests/content/tectonic/secrets/ca-cert.go deleted file mode 100644 index a4c45946aa6..00000000000 --- a/pkg/asset/manifests/content/tectonic/secrets/ca-cert.go +++ /dev/null @@ -1,19 +0,0 @@ -package secrets - -import ( - "text/template" -) - -var ( - // CaCert is the variable/constant representing the contents of the respective file - CaCert = template.Must(template.New("ca-cert.yaml").Parse(` -apiVersion: v1 -kind: Secret -metadata: - name: tectonic-ca-cert-secret - namespace: tectonic-system -type: Opaque -data: - ca-cert: {{.IngressCaCert}} -`)) -) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-ingress.go b/pkg/asset/manifests/content/tectonic/tectonic-ingress-00-appversion.go similarity index 95% rename from pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-ingress.go rename to pkg/asset/manifests/content/tectonic/tectonic-ingress-00-appversion.go index 15d90e747b2..d5e43f72fb5 100644 --- a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-ingress.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-ingress-00-appversion.go @@ -1,4 +1,4 @@ -package appversions +package tectonic const ( // AppVersionTectonicIngress is the variable/constant representing the contents of the respective file diff --git a/pkg/asset/manifests/content/tectonic/ingress/cluster-config.go b/pkg/asset/manifests/content/tectonic/tectonic-ingress-01-cluster-config.go similarity index 57% rename from pkg/asset/manifests/content/tectonic/ingress/cluster-config.go rename to pkg/asset/manifests/content/tectonic/tectonic-ingress-01-cluster-config.go index aff7522fc3a..7e159bcdef9 100644 --- a/pkg/asset/manifests/content/tectonic/ingress/cluster-config.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-ingress-01-cluster-config.go @@ -1,12 +1,12 @@ -package ingress +package tectonic import ( "text/template" ) var ( - // ClusterConfig is the variable/constant representing the contents of the respective file - ClusterConfig = template.Must(template.New("cluster-config.yaml").Parse(` + // ClusterConfigTectonicIngress is the variable/constant representing the contents of the respective file + ClusterConfigTectonicIngress = template.Must(template.New("tectonic-ingress-01-cluster-config.yaml").Parse(` apiVersion: v1 kind: ConfigMap metadata: diff --git a/pkg/asset/manifests/content/tectonic/secrets/ingress-tls.go b/pkg/asset/manifests/content/tectonic/tectonic-ingress-02-tls.go similarity index 55% rename from pkg/asset/manifests/content/tectonic/secrets/ingress-tls.go rename to pkg/asset/manifests/content/tectonic/tectonic-ingress-02-tls.go index e875b022719..740d400e8d2 100644 --- a/pkg/asset/manifests/content/tectonic/secrets/ingress-tls.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-ingress-02-tls.go @@ -1,12 +1,12 @@ -package secrets +package tectonic import ( "text/template" ) var ( - // IngressTLS is the variable/constant representing the contents of the respective file - IngressTLS = template.Must(template.New("ingress-tls.yaml").Parse(` + // TLSTectonicIngress is the variable/constant representing the contents of the respective file + TLSTectonicIngress = template.Must(template.New("tectonic-ingress-02-tls.yaml").Parse(` apiVersion: v1 kind: Secret metadata: diff --git a/pkg/asset/manifests/content/tectonic/ingress/pull.go b/pkg/asset/manifests/content/tectonic/tectonic-ingress-03-pull.go similarity index 57% rename from pkg/asset/manifests/content/tectonic/ingress/pull.go rename to pkg/asset/manifests/content/tectonic/tectonic-ingress-03-pull.go index d0987ba2550..dd4d8287239 100644 --- a/pkg/asset/manifests/content/tectonic/ingress/pull.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-ingress-03-pull.go @@ -1,12 +1,12 @@ -package ingress +package tectonic import ( "text/template" ) var ( - // Pull is the variable/constant representing the contents of the respective file - Pull = template.Must(template.New("pull.json").Parse(` + // PullTectonicIngress is the variable/constant representing the contents of the respective file + PullTectonicIngress = template.Must(template.New("tectonic-ingress-03-pull.json").Parse(` { "apiVersion": "v1", "kind": "Secret", diff --git a/pkg/asset/manifests/content/tectonic/tectonic-ingress-04-svc-account.go b/pkg/asset/manifests/content/tectonic/tectonic-ingress-04-svc-account.go new file mode 100644 index 00000000000..f00683bc748 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/tectonic-ingress-04-svc-account.go @@ -0,0 +1,12 @@ +package tectonic + +const ( + // SvcAccountTectonicIngress is the variable/constant representing the contents of the respective file + SvcAccountTectonicIngress = ` +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tectonic-ingress-controller-operator + namespace: openshift-ingress +` +) diff --git a/pkg/asset/manifests/content/tectonic/updater/operators/tectonic-ingress-controller-operator.go b/pkg/asset/manifests/content/tectonic/tectonic-ingress-05-operator.go similarity index 95% rename from pkg/asset/manifests/content/tectonic/updater/operators/tectonic-ingress-controller-operator.go rename to pkg/asset/manifests/content/tectonic/tectonic-ingress-05-operator.go index 2ef9e6ef2a4..1df2a60fe63 100644 --- a/pkg/asset/manifests/content/tectonic/updater/operators/tectonic-ingress-controller-operator.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-ingress-05-operator.go @@ -1,4 +1,4 @@ -package operators +package tectonic import ( "text/template" @@ -6,8 +6,7 @@ import ( var ( // TectonicIngressControllerOperator is the variable/constant representing the contents of the respective file - TectonicIngressControllerOperator = template.Must(template.New("tectonic-ingress-controller-operator.yaml").Parse(` ---- + TectonicIngressControllerOperator = template.Must(template.New("tectonic-ingress-05-operator.yaml").Parse(` apiVersion: apps/v1beta2 kind: Deployment metadata: diff --git a/pkg/asset/manifests/content/tectonic/rbac/binding-admin.go b/pkg/asset/manifests/content/tectonic/tectonic-system-00-binding-admin.go similarity index 96% rename from pkg/asset/manifests/content/tectonic/rbac/binding-admin.go rename to pkg/asset/manifests/content/tectonic/tectonic-system-00-binding-admin.go index f91001c1491..59515947022 100644 --- a/pkg/asset/manifests/content/tectonic/rbac/binding-admin.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-system-00-binding-admin.go @@ -1,4 +1,4 @@ -package rbac +package tectonic const ( // BindingAdmin is the variable/constant representing the contents of the respective file diff --git a/pkg/asset/manifests/content/tectonic/tectonic-system-01-ca-cert.go b/pkg/asset/manifests/content/tectonic/tectonic-system-01-ca-cert.go new file mode 100644 index 00000000000..8d7bbc50bb5 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/tectonic-system-01-ca-cert.go @@ -0,0 +1,19 @@ +package tectonic + +import ( + "text/template" +) + +var ( + // CaCertTectonicSystem is the variable/constant representing the contents of the respective file + CaCertTectonicSystem = template.Must(template.New("tectonic-system-01-ca-cert.yaml").Parse(` +apiVersion: v1 +kind: Secret +metadata: + name: tectonic-ca-cert-secret + namespace: tectonic-system +type: Opaque +data: + ca-cert: {{.IngressCaCert}} +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/security/priviledged-scc-tectonic.go b/pkg/asset/manifests/content/tectonic/tectonic-system-02-privileged-scc.go similarity index 81% rename from pkg/asset/manifests/content/tectonic/security/priviledged-scc-tectonic.go rename to pkg/asset/manifests/content/tectonic/tectonic-system-02-privileged-scc.go index deb0336806f..1197130c046 100644 --- a/pkg/asset/manifests/content/tectonic/security/priviledged-scc-tectonic.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-system-02-privileged-scc.go @@ -1,9 +1,8 @@ -package security +package tectonic const ( - // PriviledgedSccTectonic is the variable/constant representing the contents of the respective file - PriviledgedSccTectonic = ` ---- + // PriviledgedSccTectonicSystem is the variable/constant representing the contents of the respective file + PriviledgedSccTectonicSystem = ` apiVersion: security.openshift.io/v1 kind: SecurityContextConstraints metadata: diff --git a/pkg/asset/manifests/content/tectonic/secrets/pull.go b/pkg/asset/manifests/content/tectonic/tectonic-system-03-pull.go similarity index 57% rename from pkg/asset/manifests/content/tectonic/secrets/pull.go rename to pkg/asset/manifests/content/tectonic/tectonic-system-03-pull.go index be6e104988e..d3c2b139978 100644 --- a/pkg/asset/manifests/content/tectonic/secrets/pull.go +++ b/pkg/asset/manifests/content/tectonic/tectonic-system-03-pull.go @@ -1,12 +1,12 @@ -package secrets +package tectonic import ( "text/template" ) var ( - // Pull is the variable/constant representing the contents of the respective file - Pull = template.Must(template.New("pull.json").Parse(` + // PullTectonicSystem is the variable/constant representing the contents of the respective file + PullTectonicSystem = template.Must(template.New("tectonic-system-03-pull.json").Parse(` { "apiVersion": "v1", "kind": "Secret", diff --git a/pkg/asset/manifests/content/tectonic/updater/app-version-kind.go b/pkg/asset/manifests/content/tectonic/updater/app-version-kind.go deleted file mode 100644 index c7617933731..00000000000 --- a/pkg/asset/manifests/content/tectonic/updater/app-version-kind.go +++ /dev/null @@ -1,18 +0,0 @@ -package updater - -const ( - // AppVersionKind is the variable/constant representing the contents of the respective file - AppVersionKind = ` ---- -apiVersion: "apiextensions.k8s.io/v1beta1" -kind: "CustomResourceDefinition" -metadata: - name: "appversions.tco.coreos.com" -spec: - group: "tco.coreos.com" - version: "v1" - names: - plural: "appversions" - kind: "AppVersion" -` -) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-cluster.go b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-cluster.go deleted file mode 100644 index 69f887b7a5c..00000000000 --- a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-cluster.go +++ /dev/null @@ -1,24 +0,0 @@ -package appversions - -import ( - "text/template" -) - -var ( - // AppVersionTectonicCluster is the variable/constant representing the contents of the respective file - AppVersionTectonicCluster = template.Must(template.New("app-version-tectonic-cluster.yaml").Parse(` -apiVersion: tco.coreos.com/v1 -kind: AppVersion -metadata: - name: tectonic-cluster - namespace: tectonic-system - labels: - managed-by-channel-operator: "true" -spec: - desiredVersion: {{.TectonicVersion}} - paused: false -status: - currentVersion: {{.TectonicVersion}} - paused: false -`)) -) diff --git a/pkg/asset/manifests/content/tectonic/updater/migration-status-kind.go b/pkg/asset/manifests/content/tectonic/updater/migration-status-kind.go deleted file mode 100644 index 37b38a12ff6..00000000000 --- a/pkg/asset/manifests/content/tectonic/updater/migration-status-kind.go +++ /dev/null @@ -1,18 +0,0 @@ -package updater - -const ( - // MigrationStatusKind is the variable/constant representing the contents of the respective file - MigrationStatusKind = ` ---- -apiVersion: "apiextensions.k8s.io/v1beta1" -kind: "CustomResourceDefinition" -metadata: - name: "migrationstatuses.kvo.coreos.com" -spec: - group: "kvo.coreos.com" - version: "v1" - names: - plural: "migrationstatuses" - kind: "MigrationStatus" -` -) diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index ff879cfdf0a..138552efc21 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -142,7 +142,6 @@ func (m *manifests) generateBootKubeManifests(dependencies map[asset.Asset]*asse EtcdClientKey: base64.StdEncoding.EncodeToString(dependencies[m.etcdClientCertKey].Contents[keyIndex].Data), KubeCaCert: base64.StdEncoding.EncodeToString(dependencies[m.kubeCA].Contents[certIndex].Data), KubeCaKey: base64.StdEncoding.EncodeToString(dependencies[m.kubeCA].Contents[keyIndex].Data), - MachineConfigOperatorImage: "docker.io/openshift/origin-machine-config-operator:v4.0.0", McsTLSCert: base64.StdEncoding.EncodeToString(dependencies[m.mcsCertKey].Contents[certIndex].Data), McsTLSKey: base64.StdEncoding.EncodeToString(dependencies[m.mcsCertKey].Contents[keyIndex].Data), OidcCaCert: base64.StdEncoding.EncodeToString(dependencies[m.kubeCA].Contents[certIndex].Data), @@ -160,31 +159,25 @@ func (m *manifests) generateBootKubeManifests(dependencies map[asset.Asset]*asse } assetData := map[string][]byte{ - "cluster-apiserver-certs.yaml": applyTemplateData(bootkube.ClusterApiserverCerts, templateData), - "ign-config.yaml": applyTemplateData(bootkube.IgnConfig, templateData), - "kube-apiserver-secret.yaml": applyTemplateData(bootkube.KubeApiserverSecret, templateData), - "kube-cloud-config.yaml": applyTemplateData(bootkube.KubeCloudConfig, templateData), - "kube-controller-manager-secret.yaml": applyTemplateData(bootkube.KubeControllerManagerSecret, templateData), - "machine-config-operator-03-deployment.yaml": applyTemplateData(bootkube.MachineConfigOperator03Deployment, templateData), - "machine-config-server-tls-secret.yaml": applyTemplateData(bootkube.MachineConfigServerTLSSecret, templateData), - "openshift-apiserver-secret.yaml": applyTemplateData(bootkube.OpenshiftApiserverSecret, templateData), - "pull.json": applyTemplateData(bootkube.Pull, templateData), - "tectonic-network-operator.yaml": applyTemplateData(bootkube.TectonicNetworkOperator, templateData), + "cluster-apiserver-certs.yaml": applyTemplateData(bootkube.ClusterApiserverCerts, templateData), + "ign-config.yaml": applyTemplateData(bootkube.IgnConfig, templateData), + "kube-apiserver-secret.yaml": applyTemplateData(bootkube.KubeApiserverSecret, templateData), + "kube-cloud-config.yaml": applyTemplateData(bootkube.KubeCloudConfig, templateData), + "kube-controller-manager-secret.yaml": applyTemplateData(bootkube.KubeControllerManagerSecret, templateData), + "machine-config-server-tls-secret.yaml": applyTemplateData(bootkube.MachineConfigServerTLSSecret, templateData), + "openshift-apiserver-secret.yaml": applyTemplateData(bootkube.OpenshiftApiserverSecret, templateData), + "pull.json": applyTemplateData(bootkube.Pull, templateData), + "tectonic-network-operator.yaml": applyTemplateData(bootkube.TectonicNetworkOperator, templateData), "01-tectonic-namespace.yaml": []byte(bootkube.TectonicNamespace), "02-ingress-namespace.yaml": []byte(bootkube.IngressNamespace), "03-openshift-web-console-namespace.yaml": []byte(bootkube.OpenshiftWebConsoleNamespace), "04-openshift-machine-config-operator.yaml": []byte(bootkube.OpenshiftMachineConfigOperator), "05-openshift-cluster-api-namespace.yaml": []byte(bootkube.OpenshiftClusterAPINamespace), - "openshift-machine-config-operator.yaml": []byte(bootkube.OpenshiftMachineConfigOperator), - "openshift-cluster-api-namespace.yaml": []byte(bootkube.OpenshiftClusterAPINamespace), "app-version-kind.yaml": []byte(bootkube.AppVersionKind), "app-version-mao.yaml": []byte(bootkube.AppVersionMao), "app-version-tectonic-network.yaml": []byte(bootkube.AppVersionTectonicNetwork), - "machine-api-operator.yaml": []byte(bootkube.MachineAPIOperator), - "machine-config-operator-00-config-crd.yaml": []byte(bootkube.MachineConfigOperator00ConfigCrd), "machine-config-operator-01-images-configmap.yaml": []byte(bootkube.MachineConfigOperator01ImagesConfigmap), - "machine-config-operator-02-rbac.yaml": []byte(bootkube.MachineConfigOperator02Rbac), "operatorstatus-crd.yaml": []byte(bootkube.OperatorstatusCrd), } diff --git a/pkg/asset/manifests/tectonic.go b/pkg/asset/manifests/tectonic.go index 6dd5903408d..bfe5778a3b4 100644 --- a/pkg/asset/manifests/tectonic.go +++ b/pkg/asset/manifests/tectonic.go @@ -7,13 +7,7 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/installconfig" - "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/ingress" - "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/rbac" - "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/secrets" - "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/security" - "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater" - "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater/appversions" - "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater/operators" + content "github.com/openshift/installer/pkg/asset/manifests/content/tectonic" ) // tectonic generates the dependent resource manifests for tectonic (as against bootkube) @@ -62,29 +56,23 @@ func (t *tectonic) Generate(dependencies map[asset.Asset]*asset.State) (*asset.S } assetData := map[string][]byte{ - // template files - "secrets/ingress-tls.yaml": applyTemplateData(secrets.IngressTLS, templateData), - "secrets/ca-cert.yaml": applyTemplateData(secrets.CaCert, templateData), - "secrets/pull.json": applyTemplateData(secrets.Pull, templateData), - "updater/operators/tectonic-ingress-controller-operator.yaml": applyTemplateData(operators.TectonicIngressControllerOperator, templateData), - "updater/operators/kube-addon-operator.yaml": applyTemplateData(operators.KubeAddonOperator, templateData), - "updater/operators/kube-core-operator.yaml": applyTemplateData(operators.KubeCoreOperator, templateData), - "updater/app_versions/app-version-tectonic-cluster.yaml": applyTemplateData(appversions.AppVersionTectonicCluster, templateData), - "ingress/pull.json": applyTemplateData(ingress.Pull, templateData), - "ingress/cluster-config.yaml": applyTemplateData(ingress.ClusterConfig, templateData), - - // constant files - "security/priviledged-scc-tectonic.yaml": []byte(security.PriviledgedSccTectonic), - "rbac/role-admin.yaml": []byte(rbac.RoleAdmin), - "rbac/binding-admin.yaml": []byte(rbac.BindingAdmin), - "rbac/binding-discovery.yaml": []byte(rbac.BindingDiscovery), - "rbac/role-user.yaml": []byte(rbac.RoleUser), - "updater/migration-status-kind.yaml": []byte(updater.MigrationStatusKind), - "updater/app_versions/app-version-kube-addon.yaml": []byte(appversions.AppVersionKubeAddon), - "updater/app_versions/app-version-tectonic-ingress.yaml": []byte(appversions.AppVersionTectonicIngress), - "updater/app_versions/app-version-kube-core.yaml": []byte(appversions.AppVersionKubeCore), - "updater/app-version-kind.yaml": []byte(updater.AppVersionKind), - "ingress/svc-account.yaml": []byte(ingress.SvcAccount), + "99_binding-discovery.yaml": []byte(content.BindingDiscovery), + "99_kube-addon-00-appversion.yaml": []byte(content.AppVersionKubeAddon), + "99_kube-addon-01-operator.yaml": applyTemplateData(content.KubeAddonOperator, templateData), + "99_kube-core-00-appversion.yaml": []byte(content.AppVersionKubeCore), + "99_kube-core-00-operator.yaml": applyTemplateData(content.KubeCoreOperator, templateData), + "99_role-admin.yaml": []byte(content.RoleAdmin), + "99_role-user.yaml": []byte(content.RoleUser), + "99_tectonic-ingress-00-appversion.yaml": []byte(content.AppVersionTectonicIngress), + "99_tectonic-ingress-01-cluster-config.yaml": applyTemplateData(content.ClusterConfigTectonicIngress, templateData), + "99_tectonic-ingress-02-tls.yaml": applyTemplateData(content.TLSTectonicIngress, templateData), + "99_tectonic-ingress-03-pull.json": applyTemplateData(content.PullTectonicIngress, templateData), + "99_tectonic-ingress-04-svc-account.yaml": []byte(content.SvcAccountTectonicIngress), + "99_tectonic-ingress-05-operator.yaml": applyTemplateData(content.TectonicIngressControllerOperator, templateData), + "99_tectonic-system-00-binding-admin.yaml": []byte(content.BindingAdmin), + "99_tectonic-system-01-ca-cert.yaml": applyTemplateData(content.CaCertTectonicSystem, templateData), + "99_tectonic-system-02-privileged-scc.yaml": []byte(content.PriviledgedSccTectonicSystem), + "99_tectonic-system-03-pull.json": applyTemplateData(content.PullTectonicSystem, templateData), } var assetContents []asset.Content diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index ca2a864ac58..98cbdc51815 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -15,7 +15,6 @@ type bootkubeTemplateData struct { EtcdClientKey string KubeCaCert string KubeCaKey string - MachineConfigOperatorImage string McsTLSCert string McsTLSKey string OidcCaCert string diff --git a/pkg/asset/tls/helper.go b/pkg/asset/tls/helper.go index d63a39124bc..5dc4be64458 100644 --- a/pkg/asset/tls/helper.go +++ b/pkg/asset/tls/helper.go @@ -49,6 +49,7 @@ func genDNSNamesForAPIServerCertKey(cfg *types.InstallConfig) ([]string, error) "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster.local", + "localhost", }, nil } @@ -57,7 +58,7 @@ func genIPAddressesForAPIServerCertKey(cfg *types.InstallConfig) ([]net.IP, erro if err != nil { return nil, err } - return []net.IP{net.ParseIP(apiServerAddress)}, nil + return []net.IP{net.ParseIP(apiServerAddress), net.ParseIP("127.0.0.1")}, nil } func genDNSNamesForOpenshiftAPIServerCertKey(cfg *types.InstallConfig) ([]string, error) {