From 520a6310a25039144a72853cc691cef6fe5e7545 Mon Sep 17 00:00:00 2001 From: Chris Werner Rau Date: Thu, 26 Sep 2024 15:01:47 +0200 Subject: [PATCH] chore(t8s-cluster/management-cluster)!: update CAPIO and migrate config --- .../clusterClass/_helpers.tpl | 2 +- .../_kubeadmConfigTemplateSpec.yaml | 1 + .../clusterClass/clusterClass.yaml | 43 +-------------- .../_kubeadmControlPlaneTemplateSpec.yaml | 1 + .../_openStackClusterTemplateSpec.yaml | 54 ++++++++++++++++--- .../openStackClusterTemplate.yaml | 2 +- .../openStackMachineTemplates/_helpers.tpl | 5 +- .../_openstackMachineTemplateSpec.yaml | 8 +-- .../openStackMachineTemplates.yaml | 2 +- 9 files changed, 60 insertions(+), 58 deletions(-) diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl index b321ee0d4f..7b054610e5 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl @@ -1,5 +1,5 @@ {{- define "t8s-cluster.clusterClass.infrastructureApiVersion" -}} -infrastructure.cluster.x-k8s.io/v1alpha7 +infrastructure.cluster.x-k8s.io/v1beta1 {{- end -}} {{- define "t8s-cluster.clusterClass.cloudName" -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml index 1c5eef2998..9faa06e7ab 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml @@ -3,6 +3,7 @@ joinConfiguration: nodeRegistration: kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .context) | nindent 6 }} + imagePullSerial: false patches: directory: /etc/kubernetes/patches files: {{- include "t8s-cluster.clusterClass.configTemplate.files" (dict "context" .context "gpu" .gpu) | nindent 2 }} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml index 0736b5d3e5..098b7201c3 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml @@ -43,16 +43,6 @@ spec: kind: OpenStackClusterTemplate name: {{ printf "%s-%s" $.Release.Name (include "t8s-cluster.clusterClass.openStackClusterTemplate.specHash" (dict "context" $)) }} variables: - - name: controlPlaneServerGroupID - required: true - schema: - openAPIV3Schema: - type: string - - name: machineDeploymentServerGroupID - required: false - schema: - openAPIV3Schema: - type: string - name: dnsNameservers required: true schema: @@ -79,35 +69,6 @@ spec: type: string default: compute-plane-placeholder patches: - {{- if not .Values.controlPlane.hosted }} - - name: controlPlaneServerGroupID - description: Sets the ServerGroupID for Control Plane machines. - definitions: - - jsonPatches: - - op: add - path: /spec/template/spec/serverGroupID - valueFrom: - variable: controlPlaneServerGroupID - selector: - apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} - kind: OpenStackMachineTemplate - matchResources: - controlPlane: true - {{- end }} - - name: machineDeploymentServerGroupID - description: Sets the ServerGroupID for MachineDeployment machines. - definitions: - - jsonPatches: - - op: add - path: /spec/template/spec/serverGroupID - valueFrom: - variable: machineDeploymentServerGroupID - selector: - apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} - kind: OpenStackMachineTemplate - matchResources: - machineDeploymentClass: - names: {{- $machineDeploymentClasses | keys | sortAlpha | toYaml | nindent 18 }} - name: machineDeploymentFlavour definitions: - jsonPatches: @@ -127,7 +88,7 @@ spec: - jsonPatches: - &imagePatch op: add - path: /spec/template/spec/image + path: /spec/template/spec/image/id valueFrom: template: {{ printf "t8s-engine-%s{{ .builtin.machineDeployment.version }}" .Values.openstackImageNamePrefix }} selector: &imagePatchSelector @@ -170,7 +131,7 @@ spec: infrastructureCluster: true jsonPatches: - op: add - path: /spec/template/spec/dnsNameservers + path: /spec/template/spec/managedSubnets/0/dnsNameservers valueFrom: variable: dnsNameservers workers: diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml index 133d59f3e4..a88f7f4d9c 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml @@ -34,6 +34,7 @@ kubeadmConfigSpec: initConfiguration: &configuration nodeRegistration: kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .) | nindent 8 }} + imagePullSerial: false patches: directory: {{ include "t8s-cluster.patches.directory" (dict) }} joinConfiguration: *configuration diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml index ad3bb94843..c317c9ee5e 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml @@ -11,21 +11,59 @@ apiServerLoadBalancer: {{- end }} disableAPIServerFloatingIP: {{ .Values.controlPlane.hosted }} bastion: - availabilityZone: {{ .Values.bastion.availabilityZone }} enabled: {{ .Values.bastion.enabled }} - instance: + {{- if .Values.bastion.enabled }} + {{- with .Values.bastion.availabilityZone }} + availabilityZone: {{ . }} + {{- end }} + spec: cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }} flavor: standard.1.1905 identityRef: kind: Secret name: {{ include "t8s-cluster.clusterClass.getIdentityRefSecretName" (dict "context" .context) }} - image: Ubuntu 20.04 - sshKeyName: {{ .Values.bastion.sshKeyName }} -cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }} + image: + filter: + name: Ubuntu 20.04 + {{- with .Values.bastion.sshKeyName }} + sshKeyName: {{ . }} + {{- end }} + {{- end }} disablePortSecurity: false identityRef: - kind: Secret name: {{ include "t8s-cluster.clusterClass.getIdentityRefSecretName" (dict "context" .context) }} -managedSecurityGroups: true -nodeCidr: 10.6.0.0/24 + cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }} + {{- $cniSecurityGroupRules := dict -}} + {{- $cni := include "t8s-cluster.cni" .context -}} + {{- $remoteManagedGroups := list "worker" -}} + {{- if not .Values.controlPlane.hosted -}} + {{ $remoteManagedGroups = append $remoteManagedGroups "controlplane" -}} + {{- end -}} + {{- if eq $cni "calico" }} + {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "BGP" (dict "port" 179 "protocol" "tcp") -}} + {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "IP-in-IP" (dict "protocol" "4") -}} + {{- else if eq $cni "cilium" -}} + {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "VXLAN" (dict "port" 8472 "protocol" "udp") -}} + {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "health (http)" (dict "port" 4240 "protocol" "tcp") -}} + {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "health (ping)" (dict "protocol" "icmp") -}} + {{- end }} + {{- $allNodesSecurityGroupRules := list -}} + {{- range $name, $securityGroupRule := $cniSecurityGroupRules -}} + {{- $_securityGroupRule := dict + "name" (printf "%s %s" $cni $name) + "direction" "Ingress" + "etherType" "IPv4" + "protocol" ($securityGroupRule.protocol | required "security group rule protocol is required") + "remoteManagedGroups" $remoteManagedGroups + -}} + {{- if or (hasKey $securityGroupRule "port") (hasKey $securityGroupRule "portMin") -}} + {{- $_securityGroupRule = set $_securityGroupRule "PortRangeMin" ($securityGroupRule.portMin | default $securityGroupRule.port) -}} + {{- $_securityGroupRule = set $_securityGroupRule "PortRangeMax" ($securityGroupRule.portMax | default $securityGroupRule.port) -}} + {{- end -}} + {{- $allNodesSecurityGroupRules = append $allNodesSecurityGroupRules $_securityGroupRule -}} + {{- end }} +managedSecurityGroups: + allNodesSecurityGroupRules: {{- toYaml $allNodesSecurityGroupRules | nindent 4 }} +managedSubnets: + - cidr: 10.6.0.0/24 {{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/openStackClusterTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/openStackClusterTemplate.yaml index e9bc712fb8..26a765ea9d 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/openStackClusterTemplate.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/openStackClusterTemplate.yaml @@ -1,5 +1,5 @@ {{- if false }} -apiVersion: infrastructure.cluster.x-k8s.io/v1alpha7 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 {{- else }} apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} {{- end }} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_helpers.tpl index c392f6d6d8..9ceafae3a8 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_helpers.tpl +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_helpers.tpl @@ -23,10 +23,9 @@ {{- $additionalSecurityGroups = .Values.additionalComputePlaneSecurityGroups -}} {{- end -}} {{- $securityGroups := $additionalSecurityGroups | default (list) -}} - {{- $securityGroups = append $securityGroups "default" | sortAlpha | uniq }} {{- $securityGroupsObject := list -}} - {{- range $name := $securityGroups -}} - {{- $securityGroupsObject = append $securityGroupsObject (dict "name" $name)}} + {{- range $name := $securityGroups | sortAlpha -}} + {{- $securityGroupsObject = append $securityGroupsObject (dict "filter" (dict "name" $name))}} {{- end -}} {{- toYaml $securityGroupsObject -}} {{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_openstackMachineTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_openstackMachineTemplateSpec.yaml index 4fe59bfea1..7bb8e11434 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_openstackMachineTemplateSpec.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_openstackMachineTemplateSpec.yaml @@ -4,13 +4,15 @@ Here we are generating a hash suffix. */}} {{- define "t8s-cluster.clusterClass.openStackMachineTemplate.spec" -}} {{- $_ := mustMerge . (pick .context "Values") -}} -cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }} flavor: {{ eq .name "control-plane" | ternary .Values.controlPlane.flavor "compute-plane-placeholder" }} identityRef: name: {{ include "t8s-cluster.clusterClass.getIdentityRefSecretName" (dict "context" .context) }} - kind: Secret + cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }} securityGroups: {{- include "t8s-cluster.clusterClass.securityGroups" (dict "name" .name "context" .context) | nindent 2 }} {{- with .Values.sshKeyName }} sshKeyName: {{ . }} - {{- end -}} + {{- end }} +serverGroup: + filter: + name: {{ .name }} {{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml index dc8c0b0873..e4f5cbd320 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml @@ -1,7 +1,7 @@ {{- range $name := list "compute-plane" "control-plane" }} {{- if or (ne $name "control-plane") (not $.Values.controlPlane.hosted) }} {{- if false }} -apiVersion: infrastructure.cluster.x-k8s.io/v1alpha7 +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 {{- else }} apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} {{- end }}