microk8s/kubernetes: Configure containerd proxy

Configure the containerd proxy server, as it's not possible to pull from most image repositories without it in se-cloud. Defaults to the required settings for the se-cloud environment. Can be overridden with --containerd-proxy and --containerd-no-proxy. For those using stsstack-bundles outside of the se-cloud environment, use --containerd-use-proxy false to skip it. This is required as passing a blank ("") argument to --containerd-proxy is not parsed correctly.
canonical · Aug 15, 2024 · e2dee17 · e2dee17
1 parent 3357a98
commit e2dee17
Show file tree

Hide file tree

Showing 7 changed files with 64 additions and 2 deletions.
diff --git a/common/render.d/all b/common/render.d/all
@@ -45,7 +45,8 @@ render_mod_params ()
 
     if ((${#MOD_PARAMS[@]})); then
         for p in ${!MOD_PARAMS[@]}; do
-            echo -n "-e 's,$p,${MOD_PARAMS[$p]},g' " >> $config_renderer
+            # Escape any comma characters in the value, otherwise it breaks
+            echo -n "-e 's,$p,${MOD_PARAMS[$p]//,/\\,},g' " >> $config_renderer
             echo "${p}: \"${MOD_PARAMS[$p]}\"" >> $INTERNAL_BUNDLE_CONFIG
         done
     fi

diff --git a/kubernetes/module_defaults b/kubernetes/module_defaults
@@ -17,4 +17,5 @@ MOD_PARAMS[__NUM_K8S_WORKER_UNITS__]=2
 MOD_PARAMS[__NUM_K8S_LB_UNITS__]=1
 MOD_PARAMS[__ETCD_SNAP_CHANNEL__]='latest/stable'
 MOD_PARAMS[__CONTAINER_RUNTIME__]='containerd'
-
+MOD_PARAMS[__CONTAINERD_PROXY__]='http://squid.internal:3128'
+MOD_PARAMS[__CONTAINERD_NO_PROXY__]='127.0.0.1,localhost,::1,10.149.0.0/16,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
diff --git a/kubernetes/pipeline/02configure b/kubernetes/pipeline/02configure
@@ -110,6 +110,22 @@ do
             conflicts_with $1 --docker
             MOD_OVERLAYS+=( "kubernetes/k8s-containerd.yaml" )
             ;;
+        --containerd-use-proxy) ##__OPT__type:<bool> (default=true) Set false not to use the default containerd proxy (passing a blank string to --containerd-proxy won't work)
+	    if [[ $2 != "true" ]]; then
+              MOD_PARAMS[__CONTAINERD_PROXY__]=""
+              MOD_PARAMS[__CONTAINERD_NO_PROXY__]=""
+	    fi
+	    shift
+	    ;;
+        --containerd-proxy)  #__OPT__type:<str> (default=http://squid.internal:3128)
+	    echo "XXX X: ${MOD_PARAMS[__CONTAINERD_PROXY__]} Y: $2"
+            MOD_PARAMS[__CONTAINERD_PROXY__]=$2
+            shift
+            ;;
+        --containerd-no-proxy)  #__OPT__type:<str> (default=127.0.0.1,localhost,::1,10.149.0.0/16,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16)
+            MOD_PARAMS[__CONTAINERD_NO_PROXY__]=$2
+            shift
+            ;;
         --calico)
             conflicts_with $1 --canal
             MOD_OVERLAYS+=( "kubernetes/k8s-cni-calico.yaml" )

diff --git a/microk8s/microk8s.yaml.template b/microk8s/microk8s.yaml.template
@@ -5,3 +5,7 @@ applications:
     num_units: __NUM_MICROK8S_UNITS__
     constraints: mem=8G
     expose: true
+    options:
+      containerd_http_proxy: __CONTAINERD_PROXY__
+      containerd_https_proxy: __CONTAINERD_PROXY__
+      containerd_no_proxy: __CONTAINERD_NO_PROXY__
diff --git a/microk8s/module_defaults b/microk8s/module_defaults
@@ -8,3 +8,5 @@
 
 MOD_PARAMS[__MICROK8S_CHANNEL__]="latest/edge"
 MOD_PARAMS[__NUM_MICROK8S_UNITS__]=1
+MOD_PARAMS[__CONTAINERD_PROXY__]='http://squid.internal:3128'
+MOD_PARAMS[__CONTAINERD_NO_PROXY__]='127.0.0.1,localhost,::1,10.149.0.0/16,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
diff --git a/microk8s/pipeline/02configure b/microk8s/pipeline/02configure
@@ -9,3 +9,37 @@ target=$series
 [ -z "$pocket" ] || target=${target}-$pocket
 target=${target}:${MOD_PARAMS[__MICROK8S_CHANNEL__]}
 MOD_PASSTHROUGH_OPTS+=( --release-name $target )
+
+# Skip processing input if it includes exclusive passthrough options
+! has_excl_passthrough_opt && \
+while (($# > 0))
+do
+    case "$1" in
+        --containerd)
+            conflicts_with $1 --docker
+            MOD_OVERLAYS+=( "kubernetes/k8s-containerd.yaml" )
+            ;;
+        --containerd-use-proxy) ##__OPT__type:<bool> (default=true) Set false not to use the default containerd proxy (passing a blank string to --containerd-proxy won't work)
+	    if [[ $2 != "true" ]]; then
+              MOD_PARAMS[__CONTAINERD_PROXY__]=""
+              MOD_PARAMS[__CONTAINERD_NO_PROXY__]=""
+	    fi
+	    shift
+	    ;;
+        --containerd-proxy)  #__OPT__type:<str> (default=http://squid.internal:3128)
+	    echo "XXX X: ${MOD_PARAMS[__CONTAINERD_PROXY__]} Y: $2"
+            MOD_PARAMS[__CONTAINERD_PROXY__]=$2
+            shift
+            ;;
+        --containerd-no-proxy)  #__OPT__type:<str> (default=127.0.0.1,localhost,::1,10.149.0.0/16,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16)
+            MOD_PARAMS[__CONTAINERD_NO_PROXY__]=$2
+            shift
+            ;;
+        *)
+            echo "ERROR: invalid input '$1'"
+            _usage
+            exit 1
+            ;;
+    esac
+    shift
+done
diff --git a/overlays/kubernetes/k8s-containerd.yaml b/overlays/kubernetes/k8s-containerd.yaml
@@ -1,6 +1,10 @@
 applications:
   containerd:
     charm: __CHARM_STORE____CHARM_CS_NS____CHARM_CH_PREFIX__containerd
+    options:
+      http_proxy: __CONTAINERD_PROXY__
+      https_proxy: __CONTAINERD_PROXY__
+      no_proxy: __CONTAINERD_NO_PROXY__
 relations:
  - [ 'containerd:containerd', 'kubernetes-worker:container-runtime' ]
  - [ 'containerd:containerd', 'kubernetes-control-plane:container-runtime' ]