From bccfe4b1ff20c708ce4d83aed84354e519f7406a Mon Sep 17 00:00:00 2001 From: Stanislav Egorov Date: Wed, 23 Sep 2020 15:25:52 -0700 Subject: [PATCH] Use proxy settings from env vars For the labs behind the corporate proxy we need to define proxy settings as env vars. Inside Ironic pod there is init-bootstrap container which is using curl with external URLs. This change introduces the env vars for proxy in the ConfigMap mounted to all Ironic containers in the pod. Also Ephemeral Secret now has an option to use proxy. Relates-To: #355 Change-Id: I4f1c61c8381d57e4ad8adc063434468fdfa0e959 --- .../env-vars-template.yaml | 21 +++++++ .../airshipctl-catalogues/kustomization.yaml | 1 + .../baremetal-operator/ironic-vars.yaml | 6 ++ .../replacements/ironic-env-vars.yaml | 61 +++++++++++++++++++ .../replacements/kustomization.yaml | 1 + .../replacements/ephemeral-env-vars.yaml | 34 +++++++++++ .../ephemeral/replacements/kustomization.yaml | 4 ++ manifests/function/ephemeral/secret.yaml | 17 +++++- .../ephemeral/bootstrap/kustomization.yaml | 5 ++ .../ephemeral/controlplane/kustomization.yaml | 5 ++ .../ephemeral/initinfra/kustomization.yaml | 6 ++ .../target/controlplane/kustomization.yaml | 5 ++ .../target/initinfra/kustomization.yaml | 6 ++ 13 files changed, 171 insertions(+), 1 deletion(-) create mode 100644 manifests/function/airshipctl-catalogues/env-vars-template.yaml create mode 100644 manifests/function/baremetal-operator/replacements/ironic-env-vars.yaml create mode 100644 manifests/function/ephemeral/replacements/ephemeral-env-vars.yaml create mode 100644 manifests/function/ephemeral/replacements/kustomization.yaml diff --git a/manifests/function/airshipctl-catalogues/env-vars-template.yaml b/manifests/function/airshipctl-catalogues/env-vars-template.yaml new file mode 100644 index 000000000..2a8bdf1ba --- /dev/null +++ b/manifests/function/airshipctl-catalogues/env-vars-template.yaml @@ -0,0 +1,21 @@ +apiVersion: airshipit.org/v1alpha1 +kind: Templater +metadata: + name: env-vars-template + labels: + airshipit.org/deploy-k8s: "false" +template: | + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + labels: + airshipit.org/deploy-k8s: "false" + name: env-vars-catalogue + env: + HTTP_PROXY: '{{ env "HTTP_PROXY" }}' + HTTPS_PROXY: '{{ env "HTTPS_PROXY" }}' + http_proxy: '{{ env "http_proxy" }}' + https_proxy: '{{ env "https_proxy" }}' + NO_PROXY: '{{ env "NO_PROXY" }}' + no_proxy: '{{ env "no_proxy" }}' diff --git a/manifests/function/airshipctl-catalogues/kustomization.yaml b/manifests/function/airshipctl-catalogues/kustomization.yaml index d001d354f..e695dd8df 100644 --- a/manifests/function/airshipctl-catalogues/kustomization.yaml +++ b/manifests/function/airshipctl-catalogues/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - versions-airshipctl.yaml + - env-vars-template.yaml diff --git a/manifests/function/baremetal-operator/ironic-vars.yaml b/manifests/function/baremetal-operator/ironic-vars.yaml index 606fe1174..af9b88485 100644 --- a/manifests/function/baremetal-operator/ironic-vars.yaml +++ b/manifests/function/baremetal-operator/ironic-vars.yaml @@ -5,6 +5,12 @@ metadata: labels: name: ironic-vars data: + HTTP_PROXY: "" + HTTPS_PROXY: "" + http_proxy: "" + https_proxy: "" + NO_PROXY: "" + no_proxy: "" PROVISIONING_IP: "192.168.10.100" DHCP_RANGE: "192.168.10.200,192.168.10.250" PROVISIONING_INTERFACE: "pxe" diff --git a/manifests/function/baremetal-operator/replacements/ironic-env-vars.yaml b/manifests/function/baremetal-operator/replacements/ironic-env-vars.yaml new file mode 100644 index 000000000..594bc7f87 --- /dev/null +++ b/manifests/function/baremetal-operator/replacements/ironic-env-vars.yaml @@ -0,0 +1,61 @@ +# These rules inject env vars into the baremetal-operator function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: baremetal-operator-env-vars-replacements +replacements: +# Replace the proxy vars +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTP_PROXY + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.HTTP_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTPS_PROXY + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.HTTPS_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.http_proxy + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.http_proxy"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.https_proxy + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.https_proxy"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.NO_PROXY + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.NO_PROXY"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.no_proxy + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.no_proxy"] diff --git a/manifests/function/baremetal-operator/replacements/kustomization.yaml b/manifests/function/baremetal-operator/replacements/kustomization.yaml index 1d43ee154..8eb4aedb1 100644 --- a/manifests/function/baremetal-operator/replacements/kustomization.yaml +++ b/manifests/function/baremetal-operator/replacements/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - versions.yaml + - ironic-env-vars.yaml diff --git a/manifests/function/ephemeral/replacements/ephemeral-env-vars.yaml b/manifests/function/ephemeral/replacements/ephemeral-env-vars.yaml new file mode 100644 index 000000000..83dcdc50b --- /dev/null +++ b/manifests/function/ephemeral/replacements/ephemeral-env-vars.yaml @@ -0,0 +1,34 @@ +# These rules inject env vars into the ephemeral function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: ephemeral-env-vars-replacements +replacements: +# Replace the proxy vars +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTP_PROXY + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_HTTP_PROXY%"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTPS_PROXY + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_HTTPS_PROXY%"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.NO_PROXY + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_NO_PROXY%"] diff --git a/manifests/function/ephemeral/replacements/kustomization.yaml b/manifests/function/ephemeral/replacements/kustomization.yaml new file mode 100644 index 000000000..85d54596b --- /dev/null +++ b/manifests/function/ephemeral/replacements/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ephemeral-env-vars.yaml diff --git a/manifests/function/ephemeral/secret.yaml b/manifests/function/ephemeral/secret.yaml index 5e670e64a..389ec7335 100644 --- a/manifests/function/ephemeral/secret.yaml +++ b/manifests/function/ephemeral/secret.yaml @@ -4,7 +4,7 @@ metadata: labels: airshipit.org/ephemeral-user-data: "true" airshipit.org/deploy-k8s: "false" - name: node1-bmc-secret + name: ephemeral-bmc-secret type: Opaque stringData: userData: | @@ -28,6 +28,12 @@ stringData: EOF - sysctl --system - swapoff -a + - export HTTP_PROXY=REPLACEMENT_HTTP_PROXY + - export HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY + - export http_proxy=${HTTP_PROXY} + - export https_proxy=${HTTPS_PROXY} + - export NO_PROXY=REPLACEMENT_NO_PROXY + - export no_proxy=${NO_PROXY} - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - - curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - - echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list @@ -40,9 +46,18 @@ stringData: containerd.io - apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00 - apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl + - unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY - kubeadm init --config /tmp/kubeadm.yaml - mkdir -p /opt/metal3-dev-env/ironic/html/images write_files: + - path: /etc/systemd/system/docker.service.d/http-proxy.conf + permissions: '0644' + owner: root:root + content: | + [Service] + Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY" + Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY" + Environment="NO_PROXY=REPLACEMENT_NO_PROXY" - content: | apiVersion: v1 clusters: diff --git a/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml b/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml index 1fee0e73b..56617ff7b 100644 --- a/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml @@ -2,9 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../../../type/gating + - ../../../../function/airshipctl-catalogues generators: - hostgenerator + - ../../../../function/airshipctl-catalogues patchesStrategicMerge: - baremetalhost.yaml + +transformers: + - ../../../../function/ephemeral/replacements diff --git a/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml b/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml index 8d764e51d..cd2a3065b 100644 --- a/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml @@ -6,7 +6,12 @@ resources: - nodes - ../../../../function/airshipctl-catalogues - ../../../../function/k8scontrol + patchesStrategicMerge: - versions-catalogue-patch.yaml + +generators: + - ../../../../function/airshipctl-catalogues + transformers: - ../../../../function/k8scontrol/replacements diff --git a/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml b/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml index 123b2ef9c..2c9283cda 100644 --- a/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml @@ -3,9 +3,15 @@ resources: - ../../../../function/clusterctl - ../../../../function/airshipctl-catalogues - ../../../../function/baremetal-operator + patchesStrategicMerge: - patch_bmo_config.yaml + commonLabels: airshipit.org/stage: initinfra + +generators: + - ../../../../function/airshipctl-catalogues + transformers: - ../../../../function/baremetal-operator/replacements diff --git a/manifests/site/test-site/target/controlplane/kustomization.yaml b/manifests/site/test-site/target/controlplane/kustomization.yaml index b316d3074..60dcec721 100644 --- a/manifests/site/test-site/target/controlplane/kustomization.yaml +++ b/manifests/site/test-site/target/controlplane/kustomization.yaml @@ -5,7 +5,12 @@ resources: # otherwise nodes will hang in 'registering' state for quite a long time - nodes - ../../../../function/k8scontrol + patchesStrategicMerge: - control-machine-template-patch.yaml + commonLabels: airshipit.org/stage: initinfra + +generators: + - ../../../../function/airshipctl-catalogues diff --git a/manifests/site/test-site/target/initinfra/kustomization.yaml b/manifests/site/test-site/target/initinfra/kustomization.yaml index 8c9838c70..cffdac288 100644 --- a/manifests/site/test-site/target/initinfra/kustomization.yaml +++ b/manifests/site/test-site/target/initinfra/kustomization.yaml @@ -4,9 +4,15 @@ resources: - ../../../../function/airshipctl-catalogues - ../../../../function/baremetal-operator - ../../../../function/helm-operator + patchesStrategicMerge: - patch_bmo_config.yaml + commonLabels: airshipit.org/stage: initinfra + +generators: + - ../../../../function/airshipctl-catalogues + transformers: - ../../../../function/baremetal-operator/replacements