diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go index 9296ef0a71d..8f62af1acf6 100644 --- a/pkg/asset/ignition/bootstrap/bootstrap.go +++ b/pkg/asset/ignition/bootstrap/bootstrap.go @@ -59,7 +59,6 @@ func (a *Bootstrap) Dependencies() []asset.Asset { &tls.KubeCA{}, &tls.AggregatorCA{}, &tls.ServiceServingCA{}, - &tls.ClusterAPIServerCertKey{}, &tls.EtcdClientCertKey{}, &tls.APIServerCertKey{}, &tls.OpenshiftAPIServerCertKey{}, @@ -253,7 +252,6 @@ func (a *Bootstrap) addTLSCertFiles(dependencies asset.Parents) { &tls.AggregatorCA{}, &tls.ServiceServingCA{}, &tls.EtcdCA{}, - &tls.ClusterAPIServerCertKey{}, &tls.EtcdClientCertKey{}, &tls.APIServerCertKey{}, &tls.OpenshiftAPIServerCertKey{}, diff --git a/pkg/asset/manifests/content/bootkube/cluster-apiserver-certs.go b/pkg/asset/manifests/content/bootkube/cluster-apiserver-certs.go deleted file mode 100644 index a47430d876b..00000000000 --- a/pkg/asset/manifests/content/bootkube/cluster-apiserver-certs.go +++ /dev/null @@ -1,23 +0,0 @@ -package bootkube - -import ( - "text/template" -) - -var ( - // ClusterApiserverCerts is the constant to represent contents of cluster_apiservercerts.yaml file - ClusterApiserverCerts = template.Must(template.New("cluster-apiserver-certs.yaml").Parse(` -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: cluster-apiserver-certs - namespace: openshift-cluster-api - labels: - api: clusterapi - apiserver: "true" -data: - tls.crt: {{.ClusterapiCaCert}} - tls.key: {{.ClusterapiCaKey}} -`)) -) diff --git a/pkg/asset/manifests/machine-api-operator.go b/pkg/asset/manifests/machine-api-operator.go deleted file mode 100644 index 38c81ea0628..00000000000 --- a/pkg/asset/manifests/machine-api-operator.go +++ /dev/null @@ -1,153 +0,0 @@ -package manifests - -import ( - "context" - - "github.com/ghodss/yaml" - "github.com/pkg/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/openshift/installer/pkg/asset" - "github.com/openshift/installer/pkg/asset/installconfig" - "github.com/openshift/installer/pkg/asset/tls" - "github.com/openshift/installer/pkg/rhcos" -) - -const ( - maoTargetNamespace = "openshift-cluster-api" - // DefaultChannel is the default RHCOS channel for the cluster. - DefaultChannel = "tested" - maoCfgFilename = "machine-api-operator-config.yml" -) - -// machineAPIOperator generates the network-operator-*.yml files -type machineAPIOperator struct { - Config *maoOperatorConfig - File *asset.File -} - -var _ asset.WritableAsset = (*machineAPIOperator)(nil) - -// maoOperatorConfig contains configuration for mao managed stack -// TODO(enxebre): move up to github.com/coreos/tectonic-config (to install-config? /rchopra) -type maoOperatorConfig struct { - metav1.TypeMeta `json:",inline"` - TargetNamespace string `json:"targetNamespace"` - APIServiceCA string `json:"apiServiceCA"` - Provider string `json:"provider"` - AWS *awsConfig `json:"aws"` - Libvirt *libvirtConfig `json:"libvirt"` - OpenStack *openstackConfig `json:"openstack"` -} - -type libvirtConfig struct { - ClusterName string `json:"clusterName"` - URI string `json:"uri"` - NetworkName string `json:"networkName"` - IPRange string `json:"iprange"` - Replicas int `json:"replicas"` -} - -type awsConfig struct { - ClusterName string `json:"clusterName"` - ClusterID string `json:"clusterID"` - Region string `json:"region"` - AvailabilityZone string `json:"availabilityZone"` - Image string `json:"image"` - Replicas int `json:"replicas"` -} - -type openstackConfig struct { - ClusterName string `json:"clusterName"` - ClusterID string `json:"clusterID"` - Region string `json:"region"` - Replicas int `json:"replicas"` -} - -// Name returns a human friendly name for the operator -func (mao *machineAPIOperator) Name() string { - return "Machine API Operator" -} - -// Dependencies returns all of the dependencies directly needed by an -// machineAPIOperator asset. -func (mao *machineAPIOperator) Dependencies() []asset.Asset { - return []asset.Asset{ - &installconfig.InstallConfig{}, - &tls.AggregatorCA{}, - } -} - -// Generate generates the network-operator-config.yml and network-operator-manifest.yml files -func (mao *machineAPIOperator) Generate(dependencies asset.Parents) error { - installConfig := &installconfig.InstallConfig{} - aggregatorCA := &tls.AggregatorCA{} - dependencies.Get(installConfig, aggregatorCA) - - mao.Config = &maoOperatorConfig{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "machineAPIOperatorConfig", - }, - TargetNamespace: maoTargetNamespace, - APIServiceCA: string(aggregatorCA.Cert()), - Provider: tectonicCloudProvider(installConfig.Config.Platform), - } - - switch { - case installConfig.Config.Platform.AWS != nil: - var ami string - - ami, err := rhcos.AMI(context.TODO(), DefaultChannel, installConfig.Config.Platform.AWS.Region) - if err != nil { - return errors.Wrapf(err, "failed to get AMI for %s config", mao.Name()) - } - - mao.Config.AWS = &awsConfig{ - ClusterName: installConfig.Config.ObjectMeta.Name, - ClusterID: installConfig.Config.ClusterID, - Region: installConfig.Config.Platform.AWS.Region, - AvailabilityZone: "", - Image: ami, - Replicas: 0, // setting replicas to 0 so that MAO doesn't create competing MachineSets - } - case installConfig.Config.Platform.Libvirt != nil: - mao.Config.Libvirt = &libvirtConfig{ - ClusterName: installConfig.Config.ObjectMeta.Name, - URI: installConfig.Config.Platform.Libvirt.URI, - NetworkName: installConfig.Config.Platform.Libvirt.Network.Name, - IPRange: installConfig.Config.Platform.Libvirt.Network.IPRange, - Replicas: 0, // setting replicas to 0 so that MAO doesn't create competing MachineSets - } - case installConfig.Config.Platform.OpenStack != nil: - mao.Config.OpenStack = &openstackConfig{ - ClusterName: installConfig.Config.ObjectMeta.Name, - ClusterID: installConfig.Config.ClusterID, - Region: installConfig.Config.Platform.OpenStack.Region, - Replicas: 0, // setting replicas to 0 so that MAO doesn't create competing MachineSets - } - default: - return errors.Errorf("unknown provider for machine-api-operator") - } - - data, err := yaml.Marshal(mao.Config) - if err != nil { - return errors.Wrapf(err, "failed to marshal %s config", mao.Name()) - } - mao.File = &asset.File{ - Filename: maoCfgFilename, - Data: data, - } - - return nil -} - -// Files returns the files generated by the asset. -func (mao *machineAPIOperator) Files() []*asset.File { - return []*asset.File{mao.File} -} - -// Load is a no-op because machine-api-operator manifest is not written to disk. -func (mao *machineAPIOperator) Load(asset.FileFetcher) (bool, error) { - return false, nil -} diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index 3fda4b60e01..e53e83b4582 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -47,14 +47,12 @@ func (m *Manifests) Dependencies() []asset.Asset { return []asset.Asset{ &installconfig.InstallConfig{}, &networkOperator{}, - &machineAPIOperator{}, &tls.RootCA{}, &tls.EtcdCA{}, &tls.IngressCertKey{}, &tls.KubeCA{}, &tls.AggregatorCA{}, &tls.ServiceServingCA{}, - &tls.ClusterAPIServerCertKey{}, &tls.EtcdClientCertKey{}, &tls.APIServerCertKey{}, &tls.OpenshiftAPIServerCertKey{}, @@ -69,15 +67,13 @@ func (m *Manifests) Dependencies() []asset.Asset { // Generate generates the respective operator config.yml files func (m *Manifests) Generate(dependencies asset.Parents) error { no := &networkOperator{} - mao := &machineAPIOperator{} installConfig := &installconfig.InstallConfig{} - dependencies.Get(no, mao, installConfig) + dependencies.Get(no, installConfig) // no+mao go to kube-system config map m.KubeSysConfig = configMap("kube-system", "cluster-config-v1", genericData{ "network-config": string(no.Files()[0].Data), "install-config": string(installConfig.Files()[0].Data), - "mao-config": string(mao.Files()[0].Data), }) kubeSysConfigData, err := yaml.Marshal(m.KubeSysConfig) if err != nil { @@ -105,7 +101,6 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass aggregatorCA := &tls.AggregatorCA{} apiServerCertKey := &tls.APIServerCertKey{} apiServerProxyCertKey := &tls.APIServerProxyCertKey{} - clusterAPIServerCertKey := &tls.ClusterAPIServerCertKey{} etcdCA := &tls.EtcdCA{} etcdClientCertKey := &tls.EtcdClientCertKey{} kubeCA := &tls.KubeCA{} @@ -120,7 +115,6 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass aggregatorCA, apiServerCertKey, apiServerProxyCertKey, - clusterAPIServerCertKey, etcdCA, etcdClientCertKey, kubeCA, @@ -145,8 +139,6 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass ApiserverProxyCert: base64.StdEncoding.EncodeToString(apiServerProxyCertKey.Cert()), ApiserverProxyKey: base64.StdEncoding.EncodeToString(apiServerProxyCertKey.Key()), Base64encodeCloudProviderConfig: "", // FIXME - ClusterapiCaCert: base64.StdEncoding.EncodeToString(clusterAPIServerCertKey.Cert()), - ClusterapiCaKey: base64.StdEncoding.EncodeToString(clusterAPIServerCertKey.Key()), EtcdCaCert: base64.StdEncoding.EncodeToString(etcdCA.Cert()), EtcdClientCert: base64.StdEncoding.EncodeToString(etcdClientCertKey.Cert()), EtcdClientKey: base64.StdEncoding.EncodeToString(etcdClientCertKey.Key()), @@ -171,7 +163,6 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass } assetData := map[string][]byte{ - "cluster-apiserver-certs.yaml": applyTemplateData(bootkube.ClusterApiserverCerts, templateData), "kube-apiserver-secret.yaml": applyTemplateData(bootkube.KubeApiserverSecret, templateData), "kube-cloud-config.yaml": applyTemplateData(bootkube.KubeCloudConfig, templateData), "kube-controller-manager-secret.yaml": applyTemplateData(bootkube.KubeControllerManagerSecret, templateData), diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index 13be4b49ede..da174037efd 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -24,8 +24,6 @@ type bootkubeTemplateData struct { ApiserverProxyCert string ApiserverProxyKey string Base64encodeCloudProviderConfig string - ClusterapiCaCert string - ClusterapiCaKey string EtcdCaCert string EtcdClientCert string EtcdClientKey string diff --git a/pkg/asset/tls/clusterapiservercertkey.go b/pkg/asset/tls/clusterapiservercertkey.go deleted file mode 100644 index dcb1469ea4b..00000000000 --- a/pkg/asset/tls/clusterapiservercertkey.go +++ /dev/null @@ -1,44 +0,0 @@ -package tls - -import ( - "crypto/x509" - "crypto/x509/pkix" - - "github.com/openshift/installer/pkg/asset" -) - -// ClusterAPIServerCertKey is the asset that generates the cluster API server key/cert pair. -type ClusterAPIServerCertKey struct { - CertKey -} - -var _ asset.Asset = (*ClusterAPIServerCertKey)(nil) - -// Dependencies returns the dependency of the the cert/key pair, which includes -// the parent CA, and install config if it depends on the install config for -// DNS names, etc. -func (a *ClusterAPIServerCertKey) Dependencies() []asset.Asset { - return []asset.Asset{ - &AggregatorCA{}, - } -} - -// Generate generates the cert/key pair based on its dependencies. -func (a *ClusterAPIServerCertKey) Generate(dependencies asset.Parents) error { - aggregatorCA := &AggregatorCA{} - dependencies.Get(aggregatorCA) - - cfg := &CertCfg{ - Subject: pkix.Name{CommonName: "clusterapi.openshift-cluster-api.svc", OrganizationalUnit: []string{"bootkube"}}, - KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - Validity: ValidityTenYears, - IsCA: true, - } - - return a.CertKey.Generate(cfg, aggregatorCA, "cluster-apiserver-ca", AppendParent) -} - -// Name returns the human-friendly name of the asset. -func (a *ClusterAPIServerCertKey) Name() string { - return "Certificate (clusterapi.openshift-cluster-api.svc)" -}