airship
/
airshipctl
Code Issues Proposed changes

Use proxy settings from env vars 

For the labs behind the corporate proxy we need to define proxy settings as env vars.
Inside Ironic pod there is init-bootstrap container which is using curl with external
URLs. This change introduces the env vars for proxy in the ConfigMap mounted to all
Ironic containers in the pod. Also Ephemeral Secret now has an option to use proxy.

Relates-To: #355

Change-Id: I4f1c61c8381d57e4ad8adc063434468fdfa0e959
This commit is contained in:
Stanislav Egorov 2020-09-23 15:25:52 -07:00 committed by Stas Egorov
parent 4b8209f100
commit bccfe4b1ff
13 changed files with 171 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
manifests/function/airshipctl-catalogues/env-vars-template.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: env-vars-template
labels:
airshipit.org/deploy-k8s: "false"
template: |
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: env-vars-catalogue
env:
HTTP_PROXY: '{{ env "HTTP_PROXY" }}'
HTTPS_PROXY: '{{ env "HTTPS_PROXY" }}'
http_proxy: '{{ env "http_proxy" }}'
https_proxy: '{{ env "https_proxy" }}'
NO_PROXY: '{{ env "NO_PROXY" }}'
no_proxy: '{{ env "no_proxy" }}'

1
manifests/function/airshipctl-catalogues/kustomization.yaml
View File

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- versions-airshipctl.yaml
- env-vars-template.yaml

6
manifests/function/baremetal-operator/ironic-vars.yaml
View File

@ -5,6 +5,12 @@ metadata:
labels:
name: ironic-vars
data:
HTTP_PROXY: ""
HTTPS_PROXY: ""
http_proxy: ""
https_proxy: ""
NO_PROXY: ""
no_proxy: ""
PROVISIONING_IP: "192.168.10.100"
DHCP_RANGE: "192.168.10.200,192.168.10.250"
PROVISIONING_INTERFACE: "pxe"

61
manifests/function/baremetal-operator/replacements/ironic-env-vars.yaml Normal file
View File

@ -0,0 +1,61 @@
# These rules inject env vars into the baremetal-operator function.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: baremetal-operator-env-vars-replacements
replacements:
# Replace the proxy vars
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTP_PROXY
target:
objref:
kind: ConfigMap
name: ironic-vars
fieldrefs: ["data.HTTP_PROXY"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTPS_PROXY
target:
objref:
kind: ConfigMap
name: ironic-vars
fieldrefs: ["data.HTTPS_PROXY"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.http_proxy
target:
objref:
kind: ConfigMap
name: ironic-vars
fieldrefs: ["data.http_proxy"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.https_proxy
target:
objref:
kind: ConfigMap
name: ironic-vars
fieldrefs: ["data.https_proxy"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.NO_PROXY
target:
objref:
kind: ConfigMap
name: ironic-vars
fieldrefs: ["data.NO_PROXY"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.no_proxy
target:
objref:
kind: ConfigMap
name: ironic-vars
fieldrefs: ["data.no_proxy"]

1
manifests/function/baremetal-operator/replacements/kustomization.yaml
View File

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- versions.yaml
- ironic-env-vars.yaml

34
manifests/function/ephemeral/replacements/ephemeral-env-vars.yaml Normal file
View File

@ -0,0 +1,34 @@
# These rules inject env vars into the ephemeral function.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: ephemeral-env-vars-replacements
replacements:
# Replace the proxy vars
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTP_PROXY
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_HTTP_PROXY%"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTPS_PROXY
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_HTTPS_PROXY%"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.NO_PROXY
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_NO_PROXY%"]

4
manifests/function/ephemeral/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ephemeral-env-vars.yaml

17
manifests/function/ephemeral/secret.yaml
View File

@ -4,7 +4,7 @@ metadata:
labels:
airshipit.org/ephemeral-user-data: "true"
airshipit.org/deploy-k8s: "false"
name: node1-bmc-secret
name: ephemeral-bmc-secret
type: Opaque
stringData:
userData: |
@ -28,6 +28,12 @@ stringData:
EOF
- sysctl --system
- swapoff -a
- export HTTP_PROXY=REPLACEMENT_HTTP_PROXY
- export HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY
- export http_proxy=${HTTP_PROXY}
- export https_proxy=${HTTPS_PROXY}
- export NO_PROXY=REPLACEMENT_NO_PROXY
- export no_proxy=${NO_PROXY}
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
- curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
@ -40,9 +46,18 @@ stringData:
containerd.io
- apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00
- apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl
- unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
- kubeadm init --config /tmp/kubeadm.yaml
- mkdir -p /opt/metal3-dev-env/ironic/html/images
write_files:
- path: /etc/systemd/system/docker.service.d/http-proxy.conf
permissions: '0644'
owner: root:root
content: |
[Service]
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
- content: |
apiVersion: v1
clusters:

5
manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml
View File

@ -2,9 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/gating
- ../../../../function/airshipctl-catalogues
generators:
- hostgenerator
- ../../../../function/airshipctl-catalogues
patchesStrategicMerge:
- baremetalhost.yaml
transformers:
- ../../../../function/ephemeral/replacements

5
manifests/site/test-site/ephemeral/controlplane/kustomization.yaml
View File

@ -6,7 +6,12 @@ resources:
- nodes
- ../../../../function/airshipctl-catalogues
- ../../../../function/k8scontrol
patchesStrategicMerge:
- versions-catalogue-patch.yaml
generators:
- ../../../../function/airshipctl-catalogues
transformers:
- ../../../../function/k8scontrol/replacements

6
manifests/site/test-site/ephemeral/initinfra/kustomization.yaml
View File

@ -3,9 +3,15 @@ resources:
- ../../../../function/clusterctl
- ../../../../function/airshipctl-catalogues
- ../../../../function/baremetal-operator
patchesStrategicMerge:
- patch_bmo_config.yaml
commonLabels:
airshipit.org/stage: initinfra
generators:
- ../../../../function/airshipctl-catalogues
transformers:
- ../../../../function/baremetal-operator/replacements

5
manifests/site/test-site/target/controlplane/kustomization.yaml
View File

@ -5,7 +5,12 @@ resources:
# otherwise nodes will hang in 'registering' state for quite a long time
- nodes
- ../../../../function/k8scontrol
patchesStrategicMerge:
- control-machine-template-patch.yaml
commonLabels:
airshipit.org/stage: initinfra
generators:
- ../../../../function/airshipctl-catalogues

6
manifests/site/test-site/target/initinfra/kustomization.yaml
View File

@ -4,9 +4,15 @@ resources:
- ../../../../function/airshipctl-catalogues
- ../../../../function/baremetal-operator
- ../../../../function/helm-operator
patchesStrategicMerge:
- patch_bmo_config.yaml
commonLabels:
airshipit.org/stage: initinfra
generators:
- ../../../../function/airshipctl-catalogues
transformers:
- ../../../../function/baremetal-operator/replacements