diff --git a/manifests/baremetal/coredns.yaml b/manifests/baremetal/coredns.yaml deleted file mode 100644 index c2ea26431e..0000000000 --- a/manifests/baremetal/coredns.yaml +++ /dev/null @@ -1,90 +0,0 @@ ---- -kind: Pod -apiVersion: v1 -metadata: - name: coredns - namespace: openshift-kni-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: kni-infra-mdns -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{ .Images.CorednsBootstrap }} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} diff --git a/manifests/baremetal/coredns-corefile.tmpl b/manifests/on-prem/coredns-corefile.tmpl similarity index 86% rename from manifests/baremetal/coredns-corefile.tmpl rename to manifests/on-prem/coredns-corefile.tmpl index c188e0f09f..c878acb813 100644 --- a/manifests/baremetal/coredns-corefile.tmpl +++ b/manifests/on-prem/coredns-corefile.tmpl @@ -7,7 +7,7 @@ reload template IN {{`{{ .Cluster.IngressVIPRecordType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ onPremPlatformIngressIP .ControllerConfig }}" fallthrough } template IN {{`{{ .Cluster.IngressVIPEmptyType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { @@ -16,7 +16,7 @@ } template IN {{`{{ .Cluster.APIVIPRecordType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { match api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" fallthrough } template IN {{`{{ .Cluster.APIVIPEmptyType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { @@ -25,7 +25,7 @@ } template IN {{`{{ .Cluster.APIVIPRecordType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { match api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" fallthrough } template IN {{`{{ .Cluster.APIVIPEmptyType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { diff --git a/manifests/openstack/coredns.yaml b/manifests/on-prem/coredns.yaml similarity index 88% rename from manifests/openstack/coredns.yaml rename to manifests/on-prem/coredns.yaml index 3cb7874d12..f231b359f2 100644 --- a/manifests/openstack/coredns.yaml +++ b/manifests/on-prem/coredns.yaml @@ -3,11 +3,11 @@ kind: Pod apiVersion: v1 metadata: name: coredns - namespace: openshift-openstack-infra + namespace: openshift-{{ onPremPlatformShortName .ControllerConfig }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: openstack-infra-mdns + app: {{ onPremPlatformShortName .ControllerConfig }}-infra-mdns spec: volumes: - name: resource-dir @@ -29,9 +29,9 @@ spec: - render - "/etc/kubernetes/kubeconfig" - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.IngressIP }}" + - "{{ onPremPlatformIngressIP .ControllerConfig }}" - "/config" - "--out-dir" - "/etc/coredns" diff --git a/manifests/baremetal/keepalived.conf.tmpl b/manifests/on-prem/keepalived.conf.tmpl similarity index 100% rename from manifests/baremetal/keepalived.conf.tmpl rename to manifests/on-prem/keepalived.conf.tmpl diff --git a/manifests/baremetal/keepalived.yaml b/manifests/on-prem/keepalived.yaml similarity index 93% rename from manifests/baremetal/keepalived.yaml rename to manifests/on-prem/keepalived.yaml index 23b315782f..846d395408 100644 --- a/manifests/baremetal/keepalived.yaml +++ b/manifests/on-prem/keepalived.yaml @@ -3,11 +3,11 @@ kind: Pod apiVersion: v1 metadata: name: keepalived - namespace: openshift-kni-infra + namespace: openshift-{{ onPremPlatformShortName .ControllerConfig }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: kni-infra-vrrp + app: {{ onPremPlatformShortName .ControllerConfig }}-infra-vrrp spec: volumes: - name: resource-dir @@ -114,9 +114,9 @@ spec: - "/config/keepalived.conf.tmpl" - "/etc/keepalived/keepalived.conf" - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + - "{{ onPremPlatformIngressIP .ControllerConfig }}" - "--cluster-config" - "/opt/openshift/manifests/cluster-config.yaml" - "--check-interval" diff --git a/manifests/openstack/coredns-corefile.tmpl b/manifests/openstack/coredns-corefile.tmpl deleted file mode 100644 index a171ee6fd2..0000000000 --- a/manifests/openstack/coredns-corefile.tmpl +++ /dev/null @@ -1,14 +0,0 @@ -. { - errors - health :18080 - mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`{{.Cluster.MasterAmount}}`}} {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}} - forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} { - policy sequential - } - cache 30 - reload - hosts /etc/coredns/api-int.hosts {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - {{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }} api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } -} diff --git a/manifests/openstack/keepalived.conf.tmpl b/manifests/openstack/keepalived.conf.tmpl deleted file mode 100644 index 5d2ec43b42..0000000000 --- a/manifests/openstack/keepalived.conf.tmpl +++ /dev/null @@ -1,20 +0,0 @@ -# Configuration template for Keepalived, which is used to manage the DNS and -# API VIPs. -# -# For more information, see installer/data/data/bootstrap/baremetal/README.md -# in the installer repo. - -vrrp_instance {{`{{.Cluster.Name}}`}}_API { - state BACKUP - interface {{`{{.VRRPInterface}}`}} - virtual_router_id {{`{{.Cluster.APIVirtualRouterID }}`}} - priority 50 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{.Cluster.Name}}`}}_api_vip - } - virtual_ipaddress { - {{`{{ .Cluster.APIVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } -} diff --git a/manifests/openstack/keepalived.yaml b/manifests/openstack/keepalived.yaml deleted file mode 100644 index 6324012303..0000000000 --- a/manifests/openstack/keepalived.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -kind: Pod -apiVersion: v1 -metadata: - name: keepalived - namespace: openshift-openstack-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: openstack-infra-vrrp -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: keepalived - securityContext: - privileged: true - image: {{ .Images.KeepalivedBootstrap }} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /usr/sbin/keepalived - args: - - "-f" - - "/etc/keepalived/keepalived.conf" - - "--dont-fork" - - "--vrrp" - - "--log-detail" - - "--log-console" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} diff --git a/manifests/ovirt/coredns-corefile.tmpl b/manifests/ovirt/coredns-corefile.tmpl deleted file mode 100644 index c882ca0ca0..0000000000 --- a/manifests/ovirt/coredns-corefile.tmpl +++ /dev/null @@ -1,12 +0,0 @@ -. { - errors - health :18080 - mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`{{.Cluster.MasterAmount}}`}} {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}} - forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} - cache 30 - reload - hosts /etc/coredns/api-int.hosts {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - {{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }} api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } -} diff --git a/manifests/ovirt/coredns.yaml b/manifests/ovirt/coredns.yaml deleted file mode 100644 index 61deea1f1d..0000000000 --- a/manifests/ovirt/coredns.yaml +++ /dev/null @@ -1,90 +0,0 @@ ---- -kind: Pod -apiVersion: v1 -metadata: - name: coredns - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: ovirt-infra-mdns -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{ .Images.CorednsBootstrap }} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} diff --git a/manifests/ovirt/keepalived.conf.tmpl b/manifests/ovirt/keepalived.conf.tmpl deleted file mode 100644 index 5d2ec43b42..0000000000 --- a/manifests/ovirt/keepalived.conf.tmpl +++ /dev/null @@ -1,20 +0,0 @@ -# Configuration template for Keepalived, which is used to manage the DNS and -# API VIPs. -# -# For more information, see installer/data/data/bootstrap/baremetal/README.md -# in the installer repo. - -vrrp_instance {{`{{.Cluster.Name}}`}}_API { - state BACKUP - interface {{`{{.VRRPInterface}}`}} - virtual_router_id {{`{{.Cluster.APIVirtualRouterID }}`}} - priority 50 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{.Cluster.Name}}`}}_api_vip - } - virtual_ipaddress { - {{`{{ .Cluster.APIVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } -} diff --git a/manifests/ovirt/keepalived.yaml b/manifests/ovirt/keepalived.yaml deleted file mode 100644 index e6ec5f6a8d..0000000000 --- a/manifests/ovirt/keepalived.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -kind: Pod -apiVersion: v1 -metadata: - name: keepalived - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: ovirt-infra-vrrp -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: keepalived - securityContext: - privileged: true - image: {{ .Images.KeepalivedBootstrap }} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /usr/sbin/keepalived - args: - - "-f" - - "/etc/keepalived/keepalived.conf" - - "--dont-fork" - - "--vrrp" - - "--log-detail" - - "--log-console" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} diff --git a/manifests/vsphere/coredns-corefile.tmpl b/manifests/vsphere/coredns-corefile.tmpl deleted file mode 100644 index c2b680b4d7..0000000000 --- a/manifests/vsphere/coredns-corefile.tmpl +++ /dev/null @@ -1,18 +0,0 @@ -. { - errors - health :18080 - mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`{{.Cluster.MasterAmount}}`}} {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}} - forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} - cache 30 - reload - hosts { - {{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }} api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - {{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }} api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } - template IN A {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in a {{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.IngressIP }}" - fallthrough - } -} diff --git a/manifests/vsphere/coredns.yaml b/manifests/vsphere/coredns.yaml deleted file mode 100644 index 3755c16b9a..0000000000 --- a/manifests/vsphere/coredns.yaml +++ /dev/null @@ -1,90 +0,0 @@ ---- -kind: Pod -apiVersion: v1 -metadata: - name: coredns - namespace: openshift-vsphere-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: vsphere-infra-mdns -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{ .Images.CorednsBootstrap }} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} diff --git a/manifests/vsphere/keepalived.conf.tmpl b/manifests/vsphere/keepalived.conf.tmpl deleted file mode 100644 index f800903700..0000000000 --- a/manifests/vsphere/keepalived.conf.tmpl +++ /dev/null @@ -1,21 +0,0 @@ -# Configuration template for Keepalived, which is used to manage the DNS and -# API VIPs. -# -# For more information, see installer/data/data/bootstrap/baremetal/README.md -# in the installer repo. - -vrrp_instance {{`{{.Cluster.Name}}`}}_API { - state BACKUP - interface {{`{{.VRRPInterface}}`}} - virtual_router_id {{`{{.Cluster.APIVirtualRouterID }}`}} - priority 50 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{.Cluster.Name}}`}}_api_vip - } - virtual_ipaddress { - {{`{{ .Cluster.APIVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } -} - diff --git a/manifests/vsphere/keepalived.yaml b/manifests/vsphere/keepalived.yaml deleted file mode 100644 index 74a5114c43..0000000000 --- a/manifests/vsphere/keepalived.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -kind: Pod -apiVersion: v1 -metadata: - name: keepalived - namespace: openshift-vsphere-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: vsphere-infra-vrrp -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: keepalived - securityContext: - privileged: true - image: {{ .Images.KeepalivedBootstrap }} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /usr/sbin/keepalived - args: - - "-f" - - "/etc/keepalived/keepalived.conf" - - "--dont-fork" - - "--vrrp" - - "--log-detail" - - "--log-console" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} diff --git a/pkg/operator/assets/bindata.go b/pkg/operator/assets/bindata.go index 6e98529186..40df9bd44e 100644 --- a/pkg/operator/assets/bindata.go +++ b/pkg/operator/assets/bindata.go @@ -1,9 +1,5 @@ // Code generated for package assets by go-bindata DO NOT EDIT. (@generated) // sources: -// manifests/baremetal/coredns-corefile.tmpl -// manifests/baremetal/coredns.yaml -// manifests/baremetal/keepalived.conf.tmpl -// manifests/baremetal/keepalived.yaml // manifests/bootstrap-pod-v2.yaml // manifests/controllerconfig.crd.yaml // manifests/machineconfigcontroller/clusterrole.yaml @@ -32,18 +28,10 @@ // manifests/machineconfigserver/node-bootstrapper-token.yaml // manifests/machineconfigserver/sa.yaml // manifests/master.machineconfigpool.yaml -// manifests/openstack/coredns-corefile.tmpl -// manifests/openstack/coredns.yaml -// manifests/openstack/keepalived.conf.tmpl -// manifests/openstack/keepalived.yaml -// manifests/ovirt/coredns-corefile.tmpl -// manifests/ovirt/coredns.yaml -// manifests/ovirt/keepalived.conf.tmpl -// manifests/ovirt/keepalived.yaml -// manifests/vsphere/coredns-corefile.tmpl -// manifests/vsphere/coredns.yaml -// manifests/vsphere/keepalived.conf.tmpl -// manifests/vsphere/keepalived.yaml +// manifests/on-prem/coredns-corefile.tmpl +// manifests/on-prem/coredns.yaml +// manifests/on-prem/keepalived.conf.tmpl +// manifests/on-prem/keepalived.yaml // manifests/worker.machineconfigpool.yaml package assets @@ -97,382 +85,6 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } -var _manifestsBaremetalCorednsCorefileTmpl = []byte(`. { - errors - health :18080 - mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`+"`"+`{{.Cluster.MasterAmount}}`+"`"+`}} {{`+"`"+`{{.Cluster.Name}}`+"`"+`}} {{`+"`"+`{{.NonVirtualIP}}`+"`"+`}} - forward . {{`+"`"+`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`+"`"+`}} - cache 30 - reload - template IN {{`+"`"+`{{ .Cluster.IngressVIPRecordType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`+"`"+`{{"{{ .Name }}"}}`+"`"+`}} 60 in {{`+"`"+`{{"{{ .Type }}"}}`+"`"+`}} {{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - fallthrough - } - template IN {{`+"`"+`{{ .Cluster.IngressVIPEmptyType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } - template IN {{`+"`"+`{{ .Cluster.APIVIPRecordType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - match api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`+"`"+`{{"{{ .Name }}"}}`+"`"+`}} 60 in {{`+"`"+`{{"{{ .Type }}"}}`+"`"+`}} {{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - fallthrough - } - template IN {{`+"`"+`{{ .Cluster.APIVIPEmptyType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - match api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } - template IN {{`+"`"+`{{ .Cluster.APIVIPRecordType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - match api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`+"`"+`{{"{{ .Name }}"}}`+"`"+`}} 60 in {{`+"`"+`{{"{{ .Type }}"}}`+"`"+`}} {{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - fallthrough - } - template IN {{`+"`"+`{{ .Cluster.APIVIPEmptyType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - match api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } -} -`) - -func manifestsBaremetalCorednsCorefileTmplBytes() ([]byte, error) { - return _manifestsBaremetalCorednsCorefileTmpl, nil -} - -func manifestsBaremetalCorednsCorefileTmpl() (*asset, error) { - bytes, err := manifestsBaremetalCorednsCorefileTmplBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/baremetal/coredns-corefile.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsBaremetalCorednsYaml = []byte(`--- -kind: Pod -apiVersion: v1 -metadata: - name: coredns - namespace: openshift-kni-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: kni-infra-mdns -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{ .Images.CorednsBootstrap }} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} -`) - -func manifestsBaremetalCorednsYamlBytes() ([]byte, error) { - return _manifestsBaremetalCorednsYaml, nil -} - -func manifestsBaremetalCorednsYaml() (*asset, error) { - bytes, err := manifestsBaremetalCorednsYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/baremetal/coredns.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsBaremetalKeepalivedConfTmpl = []byte(`# Configuration template for Keepalived, which is used to manage the DNS and -# API VIPs. -# -# For more information, see installer/data/data/bootstrap/baremetal/README.md -# in the installer repo. - -{{`+"`"+`vrrp_instance {{.Cluster.Name}}_API { - state BACKUP - interface {{.VRRPInterface}} - virtual_router_id {{.Cluster.APIVirtualRouterID }} - priority 70 - advert_int 1 - nopreempt - {{ if .EnableUnicast }} - unicast_src_ip {{.NonVirtualIP}} - unicast_peer { - {{range .LBConfig.Backends -}} - {{.Address}} - {{end}} - } - {{end}} - authentication { - auth_type PASS - auth_pass {{.Cluster.Name}}_api_vip - } - virtual_ipaddress { - {{ .Cluster.APIVIP }}/{{ .Cluster.VIPNetmask }} - } -}`+"`"+`}} -`) - -func manifestsBaremetalKeepalivedConfTmplBytes() ([]byte, error) { - return _manifestsBaremetalKeepalivedConfTmpl, nil -} - -func manifestsBaremetalKeepalivedConfTmpl() (*asset, error) { - bytes, err := manifestsBaremetalKeepalivedConfTmplBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/baremetal/keepalived.conf.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsBaremetalKeepalivedYaml = []byte(`--- -kind: Pod -apiVersion: v1 -metadata: - name: keepalived - namespace: openshift-kni-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: kni-infra-vrrp -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/keepalived" - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - - name: run-dir - empty-dir: {} - containers: - - name: keepalived - securityContext: - privileged: true - image: {{.Images.KeepalivedBootstrap}} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /bin/bash - - -c - - | - #/bin/bash - reload_keepalived() - { - if pid=$(pgrep -o keepalived); then - kill -s SIGHUP "$pid" - else - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - } - stop_keepalived() - { - echo "Keepalived process stopped" >> /var/run/keepalived/stopped - if pid=$(pgrep -o keepalived); then - kill -s TERM "$pid" - fi - } - - msg_handler() - { - while read -r line; do - echo "The client sent: $line" >&2 - # currently only 'reload' and 'stop' msgs are supported - if [ "$line" = reload ]; then - reload_keepalived - elif [ "$line" = stop ]; then - stop_keepalived - fi - done - } - set -ex - declare -r keepalived_sock="/var/run/keepalived/keepalived.sock" - export -f msg_handler - export -f reload_keepalived - export -f stop_keepalived - - while [ -s "/var/run/keepalived/stopped" ]; do - echo "Container stopped" - sleep 60 - done - if [ -s "/etc/keepalived/keepalived.conf" ]; then - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - rm -f "$keepalived_sock" - socat UNIX-LISTEN:${keepalived_sock},fork system:'bash -c msg_handler' - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - livenessProbe: - exec: - command: - - /bin/bash - - -c - - | - [[ -s /etc/keepalived/keepalived.conf ]] || \ - [[ -s /var/run/keepalived/stopped ]] || \ - kill -s SIGUSR1 "$(pgrep -o keepalived)" && ! grep -q "State = FAULT" /tmp/keepalived.data - initialDelaySeconds: 20 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: keepalived-monitor - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - env: - - name: ENABLE_UNICAST - value: "yes" - - name: IS_BOOTSTRAP - value: "yes" - command: - - dynkeepalived - - "/etc/kubernetes/kubeconfig" - - "/config/keepalived.conf.tmpl" - - "/etc/keepalived/keepalived.conf" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.BareMetal.IngressIP }}" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - - "--check-interval" - - "5s" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - - name: manifests - mountPath: "/opt/openshift/manifests" - readinessProbe: - httpGet: - path: /readyz - port: 6443 - scheme: HTTPS - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} -`) - -func manifestsBaremetalKeepalivedYamlBytes() ([]byte, error) { - return _manifestsBaremetalKeepalivedYaml, nil -} - -func manifestsBaremetalKeepalivedYaml() (*asset, error) { - bytes, err := manifestsBaremetalKeepalivedYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/baremetal/keepalived.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _manifestsBootstrapPodV2Yaml = []byte(`apiVersion: v1 kind: Pod metadata: @@ -1631,939 +1243,412 @@ func manifestsMachineconfigdaemonEventsRolebindingTargetYamlBytes() ([]byte, err } func manifestsMachineconfigdaemonEventsRolebindingTargetYaml() (*asset, error) { - bytes, err := manifestsMachineconfigdaemonEventsRolebindingTargetYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigdaemon/events-rolebinding-target.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsMachineconfigdaemonSaYaml = []byte(`apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{.TargetNamespace}} - name: machine-config-daemon -`) - -func manifestsMachineconfigdaemonSaYamlBytes() ([]byte, error) { - return _manifestsMachineconfigdaemonSaYaml, nil -} - -func manifestsMachineconfigdaemonSaYaml() (*asset, error) { - bytes, err := manifestsMachineconfigdaemonSaYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigdaemon/sa.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsMachineconfigserverClusterroleYaml = []byte(`apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: machine-config-server - namespace: {{.TargetNamespace}} -rules: -- apiGroups: ["machineconfiguration.openshift.io"] - resources: ["machineconfigs", "machineconfigpools"] - verbs: ["*"] -`) - -func manifestsMachineconfigserverClusterroleYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverClusterroleYaml, nil -} - -func manifestsMachineconfigserverClusterroleYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverClusterroleYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigserver/clusterrole.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsMachineconfigserverClusterrolebindingYaml = []byte(`apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: machine-config-server - namespace: {{.TargetNamespace}} -roleRef: - kind: ClusterRole - name: machine-config-server -subjects: -- kind: ServiceAccount - namespace: {{.TargetNamespace}} - name: machine-config-server -`) - -func manifestsMachineconfigserverClusterrolebindingYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverClusterrolebindingYaml, nil -} - -func manifestsMachineconfigserverClusterrolebindingYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverClusterrolebindingYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigserver/clusterrolebinding.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsMachineconfigserverCsrBootstrapRoleBindingYaml = []byte(`# system-bootstrap-node-bootstrapper lets serviceaccount `+"`"+`openshift-machine-config-operator/node-bootstrapper`+"`"+` tokens and nodes request CSRs. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system-bootstrap-node-bootstrapper -subjects: -- kind: ServiceAccount - name: node-bootstrapper - namespace: openshift-machine-config-operator -roleRef: - kind: ClusterRole - name: system:node-bootstrapper - apiGroup: rbac.authorization.k8s.io`) - -func manifestsMachineconfigserverCsrBootstrapRoleBindingYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverCsrBootstrapRoleBindingYaml, nil -} - -func manifestsMachineconfigserverCsrBootstrapRoleBindingYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverCsrBootstrapRoleBindingYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigserver/csr-bootstrap-role-binding.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsMachineconfigserverCsrRenewalRoleBindingYaml = []byte(`# CSRRenewalRoleBindingTemplate instructs the csrapprover controller to -# automatically approve all CSRs made by nodes to renew their client -# certificates. -# -# This binding should be altered in the future to hold a list of node -# names instead of targeting `+"`"+`system:nodes`+"`"+` so we can revoke invidivual -# node's ability to renew its certs. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system-bootstrap-node-renewal -subjects: -- kind: Group - name: system:nodes - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient - apiGroup: rbac.authorization.k8s.io`) - -func manifestsMachineconfigserverCsrRenewalRoleBindingYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverCsrRenewalRoleBindingYaml, nil -} - -func manifestsMachineconfigserverCsrRenewalRoleBindingYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverCsrRenewalRoleBindingYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigserver/csr-renewal-role-binding.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsMachineconfigserverDaemonsetYaml = []byte(`apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: machine-config-server - namespace: {{.TargetNamespace}} -spec: - selector: - matchLabels: - k8s-app: machine-config-server - template: - metadata: - name: machine-config-server - labels: - k8s-app: machine-config-server - spec: - containers: - - name: machine-config-server - image: {{.Images.MachineConfigOperator}} - command: ["/usr/bin/machine-config-server"] - args: - - "start" - - "--apiserver-url={{.APIServerURL}}" - resources: - requests: - cpu: 20m - memory: 50Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - name: certs - mountPath: /etc/ssl/mcs - - name: node-bootstrap-token - mountPath: /etc/mcs/bootstrap-token - hostNetwork: true - nodeSelector: - node-role.kubernetes.io/master: "" - priorityClassName: "system-cluster-critical" - serviceAccountName: machine-config-server - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - - key: node-role.kubernetes.io/etcd - operator: Exists - effect: NoSchedule - volumes: - - name: node-bootstrap-token - secret: - secretName: node-bootstrapper-token - - name: certs - secret: - secretName: machine-config-server-tls -`) - -func manifestsMachineconfigserverDaemonsetYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverDaemonsetYaml, nil -} - -func manifestsMachineconfigserverDaemonsetYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverDaemonsetYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/machineconfigserver/daemonset.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsMachineconfigserverKubeApiserverServingCaConfigmapYaml = []byte(`apiVersion: v1 -kind: ConfigMap -metadata: - name: initial-kube-apiserver-server-ca - namespace: openshift-config -data: - ca-bundle.crt: | -{{.KubeAPIServerServingCA | indent 4}} -`) - -func manifestsMachineconfigserverKubeApiserverServingCaConfigmapYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverKubeApiserverServingCaConfigmapYaml, nil -} - -func manifestsMachineconfigserverKubeApiserverServingCaConfigmapYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverKubeApiserverServingCaConfigmapYamlBytes() + bytes, err := manifestsMachineconfigdaemonEventsRolebindingTargetYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/machineconfigserver/kube-apiserver-serving-ca-configmap.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigdaemon/events-rolebinding-target.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsMachineconfigserverNodeBootstrapperSaYaml = []byte(`apiVersion: v1 +var _manifestsMachineconfigdaemonSaYaml = []byte(`apiVersion: v1 kind: ServiceAccount metadata: namespace: {{.TargetNamespace}} - name: node-bootstrapper + name: machine-config-daemon `) -func manifestsMachineconfigserverNodeBootstrapperSaYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverNodeBootstrapperSaYaml, nil +func manifestsMachineconfigdaemonSaYamlBytes() ([]byte, error) { + return _manifestsMachineconfigdaemonSaYaml, nil } -func manifestsMachineconfigserverNodeBootstrapperSaYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverNodeBootstrapperSaYamlBytes() +func manifestsMachineconfigdaemonSaYaml() (*asset, error) { + bytes, err := manifestsMachineconfigdaemonSaYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/machineconfigserver/node-bootstrapper-sa.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigdaemon/sa.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsMachineconfigserverNodeBootstrapperTokenYaml = []byte(`apiVersion: v1 -kind: Secret +var _manifestsMachineconfigserverClusterroleYaml = []byte(`apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - annotations: - kubernetes.io/service-account.name: node-bootstrapper - name: node-bootstrapper-token + name: machine-config-server namespace: {{.TargetNamespace}} -type: kubernetes.io/service-account-token +rules: +- apiGroups: ["machineconfiguration.openshift.io"] + resources: ["machineconfigs", "machineconfigpools"] + verbs: ["*"] `) -func manifestsMachineconfigserverNodeBootstrapperTokenYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverNodeBootstrapperTokenYaml, nil +func manifestsMachineconfigserverClusterroleYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverClusterroleYaml, nil } -func manifestsMachineconfigserverNodeBootstrapperTokenYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverNodeBootstrapperTokenYamlBytes() +func manifestsMachineconfigserverClusterroleYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverClusterroleYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/machineconfigserver/node-bootstrapper-token.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/clusterrole.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsMachineconfigserverSaYaml = []byte(`apiVersion: v1 -kind: ServiceAccount +var _manifestsMachineconfigserverClusterrolebindingYaml = []byte(`apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: + name: machine-config-server + namespace: {{.TargetNamespace}} +roleRef: + kind: ClusterRole + name: machine-config-server +subjects: +- kind: ServiceAccount namespace: {{.TargetNamespace}} name: machine-config-server `) -func manifestsMachineconfigserverSaYamlBytes() ([]byte, error) { - return _manifestsMachineconfigserverSaYaml, nil +func manifestsMachineconfigserverClusterrolebindingYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverClusterrolebindingYaml, nil } -func manifestsMachineconfigserverSaYaml() (*asset, error) { - bytes, err := manifestsMachineconfigserverSaYamlBytes() +func manifestsMachineconfigserverClusterrolebindingYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverClusterrolebindingYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/machineconfigserver/sa.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/clusterrolebinding.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsMasterMachineconfigpoolYaml = []byte(`apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfigPool +var _manifestsMachineconfigserverCsrBootstrapRoleBindingYaml = []byte(`# system-bootstrap-node-bootstrapper lets serviceaccount `+"`"+`openshift-machine-config-operator/node-bootstrapper`+"`"+` tokens and nodes request CSRs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: master - labels: - "operator.machineconfiguration.openshift.io/required-for-upgrade": "" - "machineconfiguration.openshift.io/mco-built-in": "" - "pools.operator.machineconfiguration.openshift.io/master": "" -spec: - machineConfigSelector: - matchLabels: - "machineconfiguration.openshift.io/role": "master" - nodeSelector: - matchLabels: - node-role.kubernetes.io/master: ""`) + name: system-bootstrap-node-bootstrapper +subjects: +- kind: ServiceAccount + name: node-bootstrapper + namespace: openshift-machine-config-operator +roleRef: + kind: ClusterRole + name: system:node-bootstrapper + apiGroup: rbac.authorization.k8s.io`) -func manifestsMasterMachineconfigpoolYamlBytes() ([]byte, error) { - return _manifestsMasterMachineconfigpoolYaml, nil +func manifestsMachineconfigserverCsrBootstrapRoleBindingYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverCsrBootstrapRoleBindingYaml, nil } -func manifestsMasterMachineconfigpoolYaml() (*asset, error) { - bytes, err := manifestsMasterMachineconfigpoolYamlBytes() +func manifestsMachineconfigserverCsrBootstrapRoleBindingYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverCsrBootstrapRoleBindingYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/master.machineconfigpool.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/csr-bootstrap-role-binding.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsOpenstackCorednsCorefileTmpl = []byte(`. { - errors - health :18080 - mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`+"`"+`{{.Cluster.MasterAmount}}`+"`"+`}} {{`+"`"+`{{.Cluster.Name}}`+"`"+`}} {{`+"`"+`{{.NonVirtualIP}}`+"`"+`}} - forward . {{`+"`"+`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`+"`"+`}} { - policy sequential - } - cache 30 - reload - hosts /etc/coredns/api-int.hosts {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - {{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }} api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } -} -`) +var _manifestsMachineconfigserverCsrRenewalRoleBindingYaml = []byte(`# CSRRenewalRoleBindingTemplate instructs the csrapprover controller to +# automatically approve all CSRs made by nodes to renew their client +# certificates. +# +# This binding should be altered in the future to hold a list of node +# names instead of targeting `+"`"+`system:nodes`+"`"+` so we can revoke invidivual +# node's ability to renew its certs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-bootstrap-node-renewal +subjects: +- kind: Group + name: system:nodes + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient + apiGroup: rbac.authorization.k8s.io`) -func manifestsOpenstackCorednsCorefileTmplBytes() ([]byte, error) { - return _manifestsOpenstackCorednsCorefileTmpl, nil +func manifestsMachineconfigserverCsrRenewalRoleBindingYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverCsrRenewalRoleBindingYaml, nil } -func manifestsOpenstackCorednsCorefileTmpl() (*asset, error) { - bytes, err := manifestsOpenstackCorednsCorefileTmplBytes() +func manifestsMachineconfigserverCsrRenewalRoleBindingYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverCsrRenewalRoleBindingYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/openstack/coredns-corefile.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/csr-renewal-role-binding.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsOpenstackCorednsYaml = []byte(`--- -kind: Pod -apiVersion: v1 +var _manifestsMachineconfigserverDaemonsetYaml = []byte(`apiVersion: apps/v1 +kind: DaemonSet metadata: - name: coredns - namespace: openshift-openstack-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: openstack-infra-mdns + name: machine-config-server + namespace: {{.TargetNamespace}} spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{ .Images.CorednsBootstrap }} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} -`) - -func manifestsOpenstackCorednsYamlBytes() ([]byte, error) { - return _manifestsOpenstackCorednsYaml, nil -} - -func manifestsOpenstackCorednsYaml() (*asset, error) { - bytes, err := manifestsOpenstackCorednsYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "manifests/openstack/coredns.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - -var _manifestsOpenstackKeepalivedConfTmpl = []byte(`# Configuration template for Keepalived, which is used to manage the DNS and -# API VIPs. -# -# For more information, see installer/data/data/bootstrap/baremetal/README.md -# in the installer repo. - -vrrp_instance {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_API { - state BACKUP - interface {{`+"`"+`{{.VRRPInterface}}`+"`"+`}} - virtual_router_id {{`+"`"+`{{.Cluster.APIVirtualRouterID }}`+"`"+`}} - priority 50 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_api_vip - } - virtual_ipaddress { - {{`+"`"+`{{ .Cluster.APIVIP }}`+"`"+`}}/{{`+"`"+`{{ .Cluster.VIPNetmask }}`+"`"+`}} - } -} + selector: + matchLabels: + k8s-app: machine-config-server + template: + metadata: + name: machine-config-server + labels: + k8s-app: machine-config-server + spec: + containers: + - name: machine-config-server + image: {{.Images.MachineConfigOperator}} + command: ["/usr/bin/machine-config-server"] + args: + - "start" + - "--apiserver-url={{.APIServerURL}}" + resources: + requests: + cpu: 20m + memory: 50Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: certs + mountPath: /etc/ssl/mcs + - name: node-bootstrap-token + mountPath: /etc/mcs/bootstrap-token + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/master: "" + priorityClassName: "system-cluster-critical" + serviceAccountName: machine-config-server + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + operator: Exists + effect: NoSchedule + volumes: + - name: node-bootstrap-token + secret: + secretName: node-bootstrapper-token + - name: certs + secret: + secretName: machine-config-server-tls `) -func manifestsOpenstackKeepalivedConfTmplBytes() ([]byte, error) { - return _manifestsOpenstackKeepalivedConfTmpl, nil +func manifestsMachineconfigserverDaemonsetYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverDaemonsetYaml, nil } -func manifestsOpenstackKeepalivedConfTmpl() (*asset, error) { - bytes, err := manifestsOpenstackKeepalivedConfTmplBytes() +func manifestsMachineconfigserverDaemonsetYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverDaemonsetYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/openstack/keepalived.conf.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/daemonset.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsOpenstackKeepalivedYaml = []byte(`--- -kind: Pod -apiVersion: v1 +var _manifestsMachineconfigserverKubeApiserverServingCaConfigmapYaml = []byte(`apiVersion: v1 +kind: ConfigMap metadata: - name: keepalived - namespace: openshift-openstack-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: openstack-infra-vrrp -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.OpenStack.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: keepalived - securityContext: - privileged: true - image: {{ .Images.KeepalivedBootstrap }} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /usr/sbin/keepalived - args: - - "-f" - - "/etc/keepalived/keepalived.conf" - - "--dont-fork" - - "--vrrp" - - "--log-detail" - - "--log-console" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} + name: initial-kube-apiserver-server-ca + namespace: openshift-config +data: + ca-bundle.crt: | +{{.KubeAPIServerServingCA | indent 4}} `) -func manifestsOpenstackKeepalivedYamlBytes() ([]byte, error) { - return _manifestsOpenstackKeepalivedYaml, nil +func manifestsMachineconfigserverKubeApiserverServingCaConfigmapYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverKubeApiserverServingCaConfigmapYaml, nil } -func manifestsOpenstackKeepalivedYaml() (*asset, error) { - bytes, err := manifestsOpenstackKeepalivedYamlBytes() +func manifestsMachineconfigserverKubeApiserverServingCaConfigmapYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverKubeApiserverServingCaConfigmapYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/openstack/keepalived.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/kube-apiserver-serving-ca-configmap.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsOvirtCorednsCorefileTmpl = []byte(`. { - errors - health :18080 - mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`+"`"+`{{.Cluster.MasterAmount}}`+"`"+`}} {{`+"`"+`{{.Cluster.Name}}`+"`"+`}} {{`+"`"+`{{.NonVirtualIP}}`+"`"+`}} - forward . {{`+"`"+`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`+"`"+`}} - cache 30 - reload - hosts /etc/coredns/api-int.hosts {{ .ControllerConfig.DNS.Spec.BaseDomain }} { - {{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }} api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - fallthrough - } -} +var _manifestsMachineconfigserverNodeBootstrapperSaYaml = []byte(`apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{.TargetNamespace}} + name: node-bootstrapper `) -func manifestsOvirtCorednsCorefileTmplBytes() ([]byte, error) { - return _manifestsOvirtCorednsCorefileTmpl, nil +func manifestsMachineconfigserverNodeBootstrapperSaYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverNodeBootstrapperSaYaml, nil } -func manifestsOvirtCorednsCorefileTmpl() (*asset, error) { - bytes, err := manifestsOvirtCorednsCorefileTmplBytes() +func manifestsMachineconfigserverNodeBootstrapperSaYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverNodeBootstrapperSaYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/ovirt/coredns-corefile.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/node-bootstrapper-sa.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsOvirtCorednsYaml = []byte(`--- -kind: Pod -apiVersion: v1 +var _manifestsMachineconfigserverNodeBootstrapperTokenYaml = []byte(`apiVersion: v1 +kind: Secret metadata: - name: coredns - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: ovirt-infra-mdns -spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{ .Images.CorednsBootstrap }} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} + annotations: + kubernetes.io/service-account.name: node-bootstrapper + name: node-bootstrapper-token + namespace: {{.TargetNamespace}} +type: kubernetes.io/service-account-token `) -func manifestsOvirtCorednsYamlBytes() ([]byte, error) { - return _manifestsOvirtCorednsYaml, nil +func manifestsMachineconfigserverNodeBootstrapperTokenYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverNodeBootstrapperTokenYaml, nil } -func manifestsOvirtCorednsYaml() (*asset, error) { - bytes, err := manifestsOvirtCorednsYamlBytes() +func manifestsMachineconfigserverNodeBootstrapperTokenYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverNodeBootstrapperTokenYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/ovirt/coredns.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/node-bootstrapper-token.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsOvirtKeepalivedConfTmpl = []byte(`# Configuration template for Keepalived, which is used to manage the DNS and -# API VIPs. -# -# For more information, see installer/data/data/bootstrap/baremetal/README.md -# in the installer repo. - -vrrp_instance {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_API { - state BACKUP - interface {{`+"`"+`{{.VRRPInterface}}`+"`"+`}} - virtual_router_id {{`+"`"+`{{.Cluster.APIVirtualRouterID }}`+"`"+`}} - priority 50 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_api_vip - } - virtual_ipaddress { - {{`+"`"+`{{ .Cluster.APIVIP }}`+"`"+`}}/{{`+"`"+`{{ .Cluster.VIPNetmask }}`+"`"+`}} - } -} +var _manifestsMachineconfigserverSaYaml = []byte(`apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{.TargetNamespace}} + name: machine-config-server `) -func manifestsOvirtKeepalivedConfTmplBytes() ([]byte, error) { - return _manifestsOvirtKeepalivedConfTmpl, nil +func manifestsMachineconfigserverSaYamlBytes() ([]byte, error) { + return _manifestsMachineconfigserverSaYaml, nil } -func manifestsOvirtKeepalivedConfTmpl() (*asset, error) { - bytes, err := manifestsOvirtKeepalivedConfTmplBytes() +func manifestsMachineconfigserverSaYaml() (*asset, error) { + bytes, err := manifestsMachineconfigserverSaYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/ovirt/keepalived.conf.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/machineconfigserver/sa.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsOvirtKeepalivedYaml = []byte(`--- -kind: Pod -apiVersion: v1 +var _manifestsMasterMachineconfigpoolYaml = []byte(`apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfigPool metadata: - name: keepalived - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 + name: master labels: - app: ovirt-infra-vrrp + "operator.machineconfiguration.openshift.io/required-for-upgrade": "" + "machineconfiguration.openshift.io/mco-built-in": "" + "pools.operator.machineconfiguration.openshift.io/master": "" spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - empty-dir: {} - - name: manifests - hostPath: - path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.Ovirt.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent - containers: - - name: keepalived - securityContext: - privileged: true - image: {{ .Images.KeepalivedBootstrap }} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /usr/sbin/keepalived - args: - - "-f" - - "/etc/keepalived/keepalived.conf" - - "--dont-fork" - - "--vrrp" - - "--log-detail" - - "--log-console" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical -status: {} -`) + machineConfigSelector: + matchLabels: + "machineconfiguration.openshift.io/role": "master" + nodeSelector: + matchLabels: + node-role.kubernetes.io/master: ""`) -func manifestsOvirtKeepalivedYamlBytes() ([]byte, error) { - return _manifestsOvirtKeepalivedYaml, nil +func manifestsMasterMachineconfigpoolYamlBytes() ([]byte, error) { + return _manifestsMasterMachineconfigpoolYaml, nil } -func manifestsOvirtKeepalivedYaml() (*asset, error) { - bytes, err := manifestsOvirtKeepalivedYamlBytes() +func manifestsMasterMachineconfigpoolYaml() (*asset, error) { + bytes, err := manifestsMasterMachineconfigpoolYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/ovirt/keepalived.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/master.machineconfigpool.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsVsphereCorednsCorefileTmpl = []byte(`. { +var _manifestsOnPremCorednsCorefileTmpl = []byte(`. { errors health :18080 mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`+"`"+`{{.Cluster.MasterAmount}}`+"`"+`}} {{`+"`"+`{{.Cluster.Name}}`+"`"+`}} {{`+"`"+`{{.NonVirtualIP}}`+"`"+`}} forward . {{`+"`"+`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`+"`"+`}} cache 30 reload - hosts { - {{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }} api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - {{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }} api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} + template IN {{`+"`"+`{{ .Cluster.IngressVIPRecordType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { + match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }} + answer "{{`+"`"+`{{"{{ .Name }}"}}`+"`"+`}} 60 in {{`+"`"+`{{"{{ .Type }}"}}`+"`"+`}} {{ onPremPlatformIngressIP .ControllerConfig }}" fallthrough } - template IN A {{ .ControllerConfig.DNS.Spec.BaseDomain }} { + template IN {{`+"`"+`{{ .Cluster.IngressVIPEmptyType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { match .*.apps.{{ .ControllerConfig.DNS.Spec.BaseDomain }} - answer "{{`+"`"+`{{"{{ .Name }}"}}`+"`"+`}} 60 in a {{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.IngressIP }}" + fallthrough + } + template IN {{`+"`"+`{{ .Cluster.APIVIPRecordType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { + match api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} + answer "{{`+"`"+`{{"{{ .Name }}"}}`+"`"+`}} 60 in {{`+"`"+`{{"{{ .Type }}"}}`+"`"+`}} {{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" + fallthrough + } + template IN {{`+"`"+`{{ .Cluster.APIVIPEmptyType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { + match api.{{ .ControllerConfig.DNS.Spec.BaseDomain }} + fallthrough + } + template IN {{`+"`"+`{{ .Cluster.APIVIPRecordType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { + match api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} + answer "{{`+"`"+`{{"{{ .Name }}"}}`+"`"+`}} 60 in {{`+"`"+`{{"{{ .Type }}"}}`+"`"+`}} {{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" + fallthrough + } + template IN {{`+"`"+`{{ .Cluster.APIVIPEmptyType }}`+"`"+`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} { + match api-int.{{ .ControllerConfig.DNS.Spec.BaseDomain }} fallthrough } } `) -func manifestsVsphereCorednsCorefileTmplBytes() ([]byte, error) { - return _manifestsVsphereCorednsCorefileTmpl, nil +func manifestsOnPremCorednsCorefileTmplBytes() ([]byte, error) { + return _manifestsOnPremCorednsCorefileTmpl, nil } -func manifestsVsphereCorednsCorefileTmpl() (*asset, error) { - bytes, err := manifestsVsphereCorednsCorefileTmplBytes() +func manifestsOnPremCorednsCorefileTmpl() (*asset, error) { + bytes, err := manifestsOnPremCorednsCorefileTmplBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/vsphere/coredns-corefile.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/on-prem/coredns-corefile.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsVsphereCorednsYaml = []byte(`--- +var _manifestsOnPremCorednsYaml = []byte(`--- kind: Pod apiVersion: v1 metadata: name: coredns - namespace: openshift-vsphere-infra + namespace: openshift-{{ onPremPlatformShortName .ControllerConfig }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: vsphere-infra-mdns + app: {{ onPremPlatformShortName .ControllerConfig }}-infra-mdns spec: volumes: - name: resource-dir @@ -2585,9 +1670,9 @@ spec: - render - "/etc/kubernetes/kubeconfig" - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.IngressIP }}" + - "{{ onPremPlatformIngressIP .ControllerConfig }}" - "/config" - "--out-dir" - "/etc/coredns" @@ -2646,69 +1731,77 @@ spec: status: {} `) -func manifestsVsphereCorednsYamlBytes() ([]byte, error) { - return _manifestsVsphereCorednsYaml, nil +func manifestsOnPremCorednsYamlBytes() ([]byte, error) { + return _manifestsOnPremCorednsYaml, nil } -func manifestsVsphereCorednsYaml() (*asset, error) { - bytes, err := manifestsVsphereCorednsYamlBytes() +func manifestsOnPremCorednsYaml() (*asset, error) { + bytes, err := manifestsOnPremCorednsYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/vsphere/coredns.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/on-prem/coredns.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsVsphereKeepalivedConfTmpl = []byte(`# Configuration template for Keepalived, which is used to manage the DNS and +var _manifestsOnPremKeepalivedConfTmpl = []byte(`# Configuration template for Keepalived, which is used to manage the DNS and # API VIPs. # # For more information, see installer/data/data/bootstrap/baremetal/README.md # in the installer repo. -vrrp_instance {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_API { +{{`+"`"+`vrrp_instance {{.Cluster.Name}}_API { state BACKUP - interface {{`+"`"+`{{.VRRPInterface}}`+"`"+`}} - virtual_router_id {{`+"`"+`{{.Cluster.APIVirtualRouterID }}`+"`"+`}} - priority 50 + interface {{.VRRPInterface}} + virtual_router_id {{.Cluster.APIVirtualRouterID }} + priority 70 advert_int 1 + nopreempt + {{ if .EnableUnicast }} + unicast_src_ip {{.NonVirtualIP}} + unicast_peer { + {{range .LBConfig.Backends -}} + {{.Address}} + {{end}} + } + {{end}} authentication { auth_type PASS - auth_pass {{`+"`"+`{{.Cluster.Name}}`+"`"+`}}_api_vip + auth_pass {{.Cluster.Name}}_api_vip } virtual_ipaddress { - {{`+"`"+`{{ .Cluster.APIVIP }}`+"`"+`}}/{{`+"`"+`{{ .Cluster.VIPNetmask }}`+"`"+`}} + {{ .Cluster.APIVIP }}/{{ .Cluster.VIPNetmask }} } -} - +}`+"`"+`}} `) -func manifestsVsphereKeepalivedConfTmplBytes() ([]byte, error) { - return _manifestsVsphereKeepalivedConfTmpl, nil +func manifestsOnPremKeepalivedConfTmplBytes() ([]byte, error) { + return _manifestsOnPremKeepalivedConfTmpl, nil } -func manifestsVsphereKeepalivedConfTmpl() (*asset, error) { - bytes, err := manifestsVsphereKeepalivedConfTmplBytes() +func manifestsOnPremKeepalivedConfTmpl() (*asset, error) { + bytes, err := manifestsOnPremKeepalivedConfTmplBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/vsphere/keepalived.conf.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/on-prem/keepalived.conf.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } -var _manifestsVsphereKeepalivedYaml = []byte(`--- +var _manifestsOnPremKeepalivedYaml = []byte(`--- kind: Pod apiVersion: v1 metadata: name: keepalived - namespace: openshift-vsphere-infra + namespace: openshift-{{ onPremPlatformShortName .ControllerConfig }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: vsphere-infra-vrrp + app: {{ onPremPlatformShortName .ControllerConfig }}-infra-vrrp spec: volumes: - name: resource-dir @@ -2718,54 +1811,69 @@ spec: hostPath: path: "/etc/kubernetes/kubeconfig" - name: conf-dir - empty-dir: {} + hostPath: + path: "/etc/keepalived" - name: manifests hostPath: path: "/opt/openshift/manifests" - initContainers: - - name: render-config - image: {{ .Images.BaremetalRuntimeCfgBootstrap }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .ControllerConfig.Infra.Status.PlatformStatus.VSphere.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - - "--cluster-config" - - "/opt/openshift/manifests/cluster-config.yaml" - resources: {} - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: manifests - mountPath: "/opt/openshift/manifests" - imagePullPolicy: IfNotPresent + - name: run-dir + empty-dir: {} containers: - name: keepalived securityContext: privileged: true - image: {{ .Images.KeepalivedBootstrap }} + image: {{.Images.KeepalivedBootstrap}} env: - name: NSS_SDB_USE_CACHE value: "no" command: - - /usr/sbin/keepalived - args: - - "-f" - - "/etc/keepalived/keepalived.conf" - - "--dont-fork" - - "--vrrp" - - "--log-detail" - - "--log-console" + - /bin/bash + - -c + - | + #/bin/bash + reload_keepalived() + { + if pid=$(pgrep -o keepalived); then + kill -s SIGHUP "$pid" + else + /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & + fi + } + stop_keepalived() + { + echo "Keepalived process stopped" >> /var/run/keepalived/stopped + if pid=$(pgrep -o keepalived); then + kill -s TERM "$pid" + fi + } + + msg_handler() + { + while read -r line; do + echo "The client sent: $line" >&2 + # currently only 'reload' and 'stop' msgs are supported + if [ "$line" = reload ]; then + reload_keepalived + elif [ "$line" = stop ]; then + stop_keepalived + fi + done + } + set -ex + declare -r keepalived_sock="/var/run/keepalived/keepalived.sock" + export -f msg_handler + export -f reload_keepalived + export -f stop_keepalived + + while [ -s "/var/run/keepalived/stopped" ]; do + echo "Container stopped" + sleep 60 + done + if [ -s "/etc/keepalived/keepalived.conf" ]; then + /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & + fi + rm -f "$keepalived_sock" + socat UNIX-LISTEN:${keepalived_sock},fork system:'bash -c msg_handler' resources: requests: cpu: 100m @@ -2773,8 +1881,66 @@ spec: volumeMounts: - name: conf-dir mountPath: "/etc/keepalived" + - name: run-dir + mountPath: "/var/run/keepalived" + livenessProbe: + exec: + command: + - /bin/bash + - -c + - | + [[ -s /etc/keepalived/keepalived.conf ]] || \ + [[ -s /var/run/keepalived/stopped ]] || \ + kill -s SIGUSR1 "$(pgrep -o keepalived)" && ! grep -q "State = FAULT" /tmp/keepalived.data + initialDelaySeconds: 20 terminationMessagePolicy: FallbackToLogsOnError imagePullPolicy: IfNotPresent + - name: keepalived-monitor + image: {{ .Images.BaremetalRuntimeCfgBootstrap }} + env: + - name: ENABLE_UNICAST + value: "yes" + - name: IS_BOOTSTRAP + value: "yes" + command: + - dynkeepalived + - "/etc/kubernetes/kubeconfig" + - "/config/keepalived.conf.tmpl" + - "/etc/keepalived/keepalived.conf" + - "--api-vip" + - "{{ onPremPlatformAPIServerInternalIP .ControllerConfig }}" + - "--ingress-vip" + - "{{ onPremPlatformIngressIP .ControllerConfig }}" + - "--cluster-config" + - "/opt/openshift/manifests/cluster-config.yaml" + - "--check-interval" + - "5s" + resources: + requests: + cpu: 100m + memory: 200Mi + volumeMounts: + - name: resource-dir + mountPath: "/config" + - name: kubeconfig + mountPath: "/etc/kubernetes/kubeconfig" + - name: conf-dir + mountPath: "/etc/keepalived" + - name: run-dir + mountPath: "/var/run/keepalived" + - name: manifests + mountPath: "/opt/openshift/manifests" + readinessProbe: + httpGet: + path: /readyz + port: 6443 + scheme: HTTPS + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 10 + imagePullPolicy: IfNotPresent hostNetwork: true tolerations: - operator: Exists @@ -2782,17 +1948,17 @@ spec: status: {} `) -func manifestsVsphereKeepalivedYamlBytes() ([]byte, error) { - return _manifestsVsphereKeepalivedYaml, nil +func manifestsOnPremKeepalivedYamlBytes() ([]byte, error) { + return _manifestsOnPremKeepalivedYaml, nil } -func manifestsVsphereKeepalivedYaml() (*asset, error) { - bytes, err := manifestsVsphereKeepalivedYamlBytes() +func manifestsOnPremKeepalivedYaml() (*asset, error) { + bytes, err := manifestsOnPremKeepalivedYamlBytes() if err != nil { return nil, err } - info := bindataFileInfo{name: "manifests/vsphere/keepalived.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + info := bindataFileInfo{name: "manifests/on-prem/keepalived.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2879,10 +2045,6 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. var _bindata = map[string]func() (*asset, error){ - "manifests/baremetal/coredns-corefile.tmpl": manifestsBaremetalCorednsCorefileTmpl, - "manifests/baremetal/coredns.yaml": manifestsBaremetalCorednsYaml, - "manifests/baremetal/keepalived.conf.tmpl": manifestsBaremetalKeepalivedConfTmpl, - "manifests/baremetal/keepalived.yaml": manifestsBaremetalKeepalivedYaml, "manifests/bootstrap-pod-v2.yaml": manifestsBootstrapPodV2Yaml, "manifests/controllerconfig.crd.yaml": manifestsControllerconfigCrdYaml, "manifests/machineconfigcontroller/clusterrole.yaml": manifestsMachineconfigcontrollerClusterroleYaml, @@ -2911,18 +2073,10 @@ var _bindata = map[string]func() (*asset, error){ "manifests/machineconfigserver/node-bootstrapper-token.yaml": manifestsMachineconfigserverNodeBootstrapperTokenYaml, "manifests/machineconfigserver/sa.yaml": manifestsMachineconfigserverSaYaml, "manifests/master.machineconfigpool.yaml": manifestsMasterMachineconfigpoolYaml, - "manifests/openstack/coredns-corefile.tmpl": manifestsOpenstackCorednsCorefileTmpl, - "manifests/openstack/coredns.yaml": manifestsOpenstackCorednsYaml, - "manifests/openstack/keepalived.conf.tmpl": manifestsOpenstackKeepalivedConfTmpl, - "manifests/openstack/keepalived.yaml": manifestsOpenstackKeepalivedYaml, - "manifests/ovirt/coredns-corefile.tmpl": manifestsOvirtCorednsCorefileTmpl, - "manifests/ovirt/coredns.yaml": manifestsOvirtCorednsYaml, - "manifests/ovirt/keepalived.conf.tmpl": manifestsOvirtKeepalivedConfTmpl, - "manifests/ovirt/keepalived.yaml": manifestsOvirtKeepalivedYaml, - "manifests/vsphere/coredns-corefile.tmpl": manifestsVsphereCorednsCorefileTmpl, - "manifests/vsphere/coredns.yaml": manifestsVsphereCorednsYaml, - "manifests/vsphere/keepalived.conf.tmpl": manifestsVsphereKeepalivedConfTmpl, - "manifests/vsphere/keepalived.yaml": manifestsVsphereKeepalivedYaml, + "manifests/on-prem/coredns-corefile.tmpl": manifestsOnPremCorednsCorefileTmpl, + "manifests/on-prem/coredns.yaml": manifestsOnPremCorednsYaml, + "manifests/on-prem/keepalived.conf.tmpl": manifestsOnPremKeepalivedConfTmpl, + "manifests/on-prem/keepalived.yaml": manifestsOnPremKeepalivedYaml, "manifests/worker.machineconfigpool.yaml": manifestsWorkerMachineconfigpoolYaml, } @@ -2968,12 +2122,6 @@ type bintree struct { var _bintree = &bintree{nil, map[string]*bintree{ "manifests": &bintree{nil, map[string]*bintree{ - "baremetal": &bintree{nil, map[string]*bintree{ - "coredns-corefile.tmpl": &bintree{manifestsBaremetalCorednsCorefileTmpl, map[string]*bintree{}}, - "coredns.yaml": &bintree{manifestsBaremetalCorednsYaml, map[string]*bintree{}}, - "keepalived.conf.tmpl": &bintree{manifestsBaremetalKeepalivedConfTmpl, map[string]*bintree{}}, - "keepalived.yaml": &bintree{manifestsBaremetalKeepalivedYaml, map[string]*bintree{}}, - }}, "bootstrap-pod-v2.yaml": &bintree{manifestsBootstrapPodV2Yaml, map[string]*bintree{}}, "controllerconfig.crd.yaml": &bintree{manifestsControllerconfigCrdYaml, map[string]*bintree{}}, "machineconfigcontroller": &bintree{nil, map[string]*bintree{ @@ -3008,23 +2156,11 @@ var _bintree = &bintree{nil, map[string]*bintree{ "sa.yaml": &bintree{manifestsMachineconfigserverSaYaml, map[string]*bintree{}}, }}, "master.machineconfigpool.yaml": &bintree{manifestsMasterMachineconfigpoolYaml, map[string]*bintree{}}, - "openstack": &bintree{nil, map[string]*bintree{ - "coredns-corefile.tmpl": &bintree{manifestsOpenstackCorednsCorefileTmpl, map[string]*bintree{}}, - "coredns.yaml": &bintree{manifestsOpenstackCorednsYaml, map[string]*bintree{}}, - "keepalived.conf.tmpl": &bintree{manifestsOpenstackKeepalivedConfTmpl, map[string]*bintree{}}, - "keepalived.yaml": &bintree{manifestsOpenstackKeepalivedYaml, map[string]*bintree{}}, - }}, - "ovirt": &bintree{nil, map[string]*bintree{ - "coredns-corefile.tmpl": &bintree{manifestsOvirtCorednsCorefileTmpl, map[string]*bintree{}}, - "coredns.yaml": &bintree{manifestsOvirtCorednsYaml, map[string]*bintree{}}, - "keepalived.conf.tmpl": &bintree{manifestsOvirtKeepalivedConfTmpl, map[string]*bintree{}}, - "keepalived.yaml": &bintree{manifestsOvirtKeepalivedYaml, map[string]*bintree{}}, - }}, - "vsphere": &bintree{nil, map[string]*bintree{ - "coredns-corefile.tmpl": &bintree{manifestsVsphereCorednsCorefileTmpl, map[string]*bintree{}}, - "coredns.yaml": &bintree{manifestsVsphereCorednsYaml, map[string]*bintree{}}, - "keepalived.conf.tmpl": &bintree{manifestsVsphereKeepalivedConfTmpl, map[string]*bintree{}}, - "keepalived.yaml": &bintree{manifestsVsphereKeepalivedYaml, map[string]*bintree{}}, + "on-prem": &bintree{nil, map[string]*bintree{ + "coredns-corefile.tmpl": &bintree{manifestsOnPremCorednsCorefileTmpl, map[string]*bintree{}}, + "coredns.yaml": &bintree{manifestsOnPremCorednsYaml, map[string]*bintree{}}, + "keepalived.conf.tmpl": &bintree{manifestsOnPremKeepalivedConfTmpl, map[string]*bintree{}}, + "keepalived.yaml": &bintree{manifestsOnPremKeepalivedYaml, map[string]*bintree{}}, }}, "worker.machineconfigpool.yaml": &bintree{manifestsWorkerMachineconfigpoolYaml, map[string]*bintree{}}, }}, diff --git a/pkg/operator/bootstrap.go b/pkg/operator/bootstrap.go index 8908ae4cfc..df15fa49b0 100644 --- a/pkg/operator/bootstrap.go +++ b/pkg/operator/bootstrap.go @@ -214,19 +214,19 @@ func appendManifestsByPlatform(manifests []manifest, infra configv1.Infrastructu if infra.Status.PlatformStatus.BareMetal != nil { manifests = append(manifests, manifest{ - name: "manifests/baremetal/coredns.yaml", + name: "manifests/on-prem/coredns.yaml", filename: "baremetal/manifests/coredns.yaml", }, manifest{ - name: "manifests/baremetal/coredns-corefile.tmpl", + name: "manifests/on-prem/coredns-corefile.tmpl", filename: "baremetal/static-pod-resources/coredns/Corefile.tmpl", }, manifest{ - name: "manifests/baremetal/keepalived.yaml", + name: "manifests/on-prem/keepalived.yaml", filename: "baremetal/manifests/keepalived.yaml", }, manifest{ - name: "manifests/baremetal/keepalived.conf.tmpl", + name: "manifests/on-prem/keepalived.conf.tmpl", filename: "baremetal/static-pod-resources/keepalived/keepalived.conf.tmpl", }, ) @@ -235,19 +235,19 @@ func appendManifestsByPlatform(manifests []manifest, infra configv1.Infrastructu if infra.Status.PlatformStatus.OpenStack != nil { manifests = append(manifests, manifest{ - name: "manifests/openstack/coredns.yaml", + name: "manifests/on-prem/coredns.yaml", filename: "openstack/manifests/coredns.yaml", }, manifest{ - name: "manifests/openstack/coredns-corefile.tmpl", + name: "manifests/on-prem/coredns-corefile.tmpl", filename: "openstack/static-pod-resources/coredns/Corefile.tmpl", }, manifest{ - name: "manifests/openstack/keepalived.yaml", + name: "manifests/on-prem/keepalived.yaml", filename: "openstack/manifests/keepalived.yaml", }, manifest{ - name: "manifests/openstack/keepalived.conf.tmpl", + name: "manifests/on-prem/keepalived.conf.tmpl", filename: "openstack/static-pod-resources/keepalived/keepalived.conf.tmpl", }, ) @@ -256,19 +256,19 @@ func appendManifestsByPlatform(manifests []manifest, infra configv1.Infrastructu if infra.Status.PlatformStatus.Ovirt != nil { manifests = append(manifests, manifest{ - name: "manifests/ovirt/coredns.yaml", + name: "manifests/on-prem/coredns.yaml", filename: "ovirt/manifests/coredns.yaml", }, manifest{ - name: "manifests/ovirt/coredns-corefile.tmpl", + name: "manifests/on-prem/coredns-corefile.tmpl", filename: "ovirt/static-pod-resources/coredns/Corefile.tmpl", }, manifest{ - name: "manifests/ovirt/keepalived.yaml", + name: "manifests/on-prem/keepalived.yaml", filename: "ovirt/manifests/keepalived.yaml", }, manifest{ - name: "manifests/ovirt/keepalived.conf.tmpl", + name: "manifests/on-prem/keepalived.conf.tmpl", filename: "ovirt/static-pod-resources/keepalived/keepalived.conf.tmpl", }, ) @@ -276,19 +276,19 @@ func appendManifestsByPlatform(manifests []manifest, infra configv1.Infrastructu if infra.Status.PlatformStatus.VSphere != nil && infra.Status.PlatformStatus.VSphere.APIServerInternalIP != "" { manifests = append(manifests, manifest{ - name: "manifests/vsphere/coredns.yaml", + name: "manifests/on-prem/coredns.yaml", filename: "vsphere/manifests/coredns.yaml", }, manifest{ - name: "manifests/vsphere/coredns-corefile.tmpl", + name: "manifests/on-prem/coredns-corefile.tmpl", filename: "vsphere/static-pod-resources/coredns/Corefile.tmpl", }, manifest{ - name: "manifests/vsphere/keepalived.yaml", + name: "manifests/on-prem/keepalived.yaml", filename: "vsphere/manifests/keepalived.yaml", }, manifest{ - name: "manifests/vsphere/keepalived.conf.tmpl", + name: "manifests/on-prem/keepalived.conf.tmpl", filename: "vsphere/static-pod-resources/keepalived/keepalived.conf.tmpl", }, ) diff --git a/pkg/operator/render.go b/pkg/operator/render.go index 486657ad98..efdc2432d0 100644 --- a/pkg/operator/render.go +++ b/pkg/operator/render.go @@ -38,6 +38,9 @@ func renderAsset(config *renderConfig, path string) ([]byte, error) { funcs := sprig.TxtFuncMap() funcs["toYAML"] = toYAML + funcs["onPremPlatformAPIServerInternalIP"] = onPremPlatformAPIServerInternalIP + funcs["onPremPlatformIngressIP"] = onPremPlatformIngressIP + funcs["onPremPlatformShortName"] = onPremPlatformShortName tmpl, err := template.New(path).Funcs(funcs).Parse(string(objBytes)) if err != nil { return nil, fmt.Errorf("failed to parse asset %s: %v", path, err) @@ -156,3 +159,60 @@ func isSingleStackIPv6(serviceCIDRs []string) (bool, error) { func (rc renderConfig) GenerateProxyCookieSecret() string { return base64.StdEncoding.EncodeToString([]byte(utilrand.String(32))) } + +func onPremPlatformShortName(cfg mcfgv1.ControllerConfigSpec) interface{} { + if cfg.Infra.Status.PlatformStatus != nil { + switch cfg.Infra.Status.PlatformStatus.Type { + case configv1.BareMetalPlatformType: + return "kni" + case configv1.OvirtPlatformType: + return "ovirt" + case configv1.OpenStackPlatformType: + return "openstack" + case configv1.VSpherePlatformType: + return "vsphere" + default: + return "" + } + } else { + return "" + } +} + +func onPremPlatformIngressIP(cfg mcfgv1.ControllerConfigSpec) (interface{}, error) { + if cfg.Infra.Status.PlatformStatus != nil { + switch cfg.Infra.Status.PlatformStatus.Type { + case configv1.BareMetalPlatformType: + return cfg.Infra.Status.PlatformStatus.BareMetal.IngressIP, nil + case configv1.OvirtPlatformType: + return cfg.Infra.Status.PlatformStatus.Ovirt.IngressIP, nil + case configv1.OpenStackPlatformType: + return cfg.Infra.Status.PlatformStatus.OpenStack.IngressIP, nil + case configv1.VSpherePlatformType: + return cfg.Infra.Status.PlatformStatus.VSphere.IngressIP, nil + default: + return nil, fmt.Errorf("invalid platform for Ingress IP") + } + } else { + return nil, fmt.Errorf("") + } +} + +func onPremPlatformAPIServerInternalIP(cfg mcfgv1.ControllerConfigSpec) (interface{}, error) { + if cfg.Infra.Status.PlatformStatus != nil { + switch cfg.Infra.Status.PlatformStatus.Type { + case configv1.BareMetalPlatformType: + return cfg.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP, nil + case configv1.OvirtPlatformType: + return cfg.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP, nil + case configv1.OpenStackPlatformType: + return cfg.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP, nil + case configv1.VSpherePlatformType: + return cfg.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP, nil + default: + return nil, fmt.Errorf("invalid platform for API Server Internal IP") + } + } else { + return nil, fmt.Errorf("") + } +}