Browse Source

Support MAAS HA

- Create two replicas of rack and region pods
- Use required anti-affinity between rack pods
- Remove the MAAS ingress controller from the rack pod
  and into dedicated deployment
- Update rack registration script to harvest the systemid
  from the underlying host when available

Change-Id: I41e21b7bb5256d04b37a70fbd2088c617b5d239a
Scott Hussey 6 months ago
parent
commit
1c0485e3e6

+ 68
- 11
charts/maas/templates/bin/_register-rack-controller.sh.tpl View File

@@ -2,23 +2,80 @@
2 2
 
3 3
 set -x
4 4
 
5
-if [[ -r ~maas/maas_id && -r ~maas/secret ]]
6
-then
7
-  echo "Found existing maas_id and secret, assuming already registered."
8
-  exit 0
9
-fi
5
+# Path where the host's cloud-init data is mounted
6
+# to source the maas system_id
7
+HOST_MOUNT_PATH=${HOST_MOUNT_PATH:-"/host_cloud-init/"}
8
+
9
+unregister_maas_rack() {
10
+  sys_id="$1"
11
+  echo "Deregister this pod as MAAS rack controller ${sys_id}."
12
+  maas login local "$MAAS_ENDPOINT" "$MAAS_API_KEY"
13
+  maas local rack-controller delete "$sys_id"
14
+  rm -f ~maas/maas_id
15
+  rm -f ~maas/secret
16
+}
10 17
 
11
-echo "register-rack-controller URL: ${MAAS_ENDPOINT}"
18
+register_maas_rack() {
19
+  sys_id=${1:-""}
20
+  echo "register-rack-controller URL: ${MAAS_ENDPOINT}"
12 21
 
13
-# register forever
14
-while [ 1 ];
15
-do
22
+  if [[ ! -z "$sys_id" ]]
23
+  then
24
+    echo "Using provided system id ${sys_id}."
25
+    echo "$sys_id" > ~maas/maas_id
26
+  fi
27
+
28
+  # register forever
29
+  while [ 1 ];
30
+  do
16 31
     if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}";
17 32
     then
18 33
         echo "Successfully registered with MaaS Region Controller"
19 34
         break
20 35
     else
21 36
         echo "Unable to register with ${MAAS_ENDPOINT}... will try again"
22
-        sleep 10
37
+        sleep 30
23 38
     fi;
24
-done;
39
+  done;
40
+}
41
+
42
+get_host_identity() {
43
+  # Check if the underlying host was deployed by MAAS
44
+  if [[ -r "${HOST_MOUNT_PATH}/instance-data.json" ]]
45
+  then
46
+    grep -E 'instance-id' "${HOST_MOUNT_PATH}/instance-data.json" | head -1 | tr -d ' ",' | cut -d: -f 2
47
+  else
48
+    echo ""
49
+  fi
50
+}
51
+
52
+get_pod_identity() {
53
+  if [[ -r ~maas/maas_id ]]
54
+  then
55
+    cat ~maas/maas_id
56
+  else
57
+    echo ""
58
+  fi
59
+}
60
+
61
+HOST_SYSTEM_ID=$(get_host_identity)
62
+POD_SYSTEM_ID=$(get_pod_identity)
63
+
64
+# This Pod state already has a MAAS identity
65
+if [[ ! -z "$POD_SYSTEM_ID" ]]
66
+then
67
+  # If the pod maas identity doesn't match the
68
+  # host maas identity, unregister the pod identity
69
+  # as a rack controller
70
+  if [[ "$HOST_SYSTEM_ID" != "$POD_SYSTEM_ID" ]]
71
+  then
72
+    unregister_maas_rack "$POD_SYSTEM_ID"
73
+    register_maas_rack "$HOST_SYTEM_ID"
74
+  else
75
+    echo "Found existing maas_id, assuming already registered."
76
+  fi
77
+
78
+  exit 0
79
+else
80
+  register_maas_rack
81
+fi

+ 1
- 1
charts/maas/templates/configmap-ingress.yaml View File

@@ -33,6 +33,6 @@ metadata:
33 33
 data:
34 34
   enable-underscores-in-headers: "true"
35 35
   bind-address: {{ index $bind_address_cidr 0 | quote }}
36
-  diable-ipv6: "true"
36
+  disable-ipv6: "true"
37 37
 ...
38 38
 {{- end }}

+ 267
- 0
charts/maas/templates/deployment-maas-ingress.yaml View File

@@ -0,0 +1,267 @@
1
+
2
+{{/*
3
+Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
4
+
5
+Licensed under the Apache License, Version 2.0 (the "License");
6
+you may not use this file except in compliance with the License.
7
+You may obtain a copy of the License at
8
+
9
+   http://www.apache.org/licenses/LICENSE-2.0
10
+
11
+Unless required by applicable law or agreed to in writing, software
12
+distributed under the License is distributed on an "AS IS" BASIS,
13
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+See the License for the specific language governing permissions and
15
+limitations under the License.
16
+*/}}
17
+
18
+{{- if .Values.manifests.maas_ingress }}
19
+{{- $envAll := . }}
20
+{{- $serviceAccountName := "maas-ingress" }}
21
+{{- $mounts_maas_ingress := .Values.pod.mounts.maas_ingress }}
22
+{{- $mounts_maas_ingress_init := .Values.pod.mounts.maas_ingress.init_container }}
23
+
24
+{{ tuple $envAll "maas_ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25
+---
26
+apiVersion: rbac.authorization.k8s.io/v1beta1
27
+kind: ClusterRole
28
+metadata:
29
+  name: {{ $serviceAccountName }}
30
+rules:
31
+  - apiGroups:
32
+      - ""
33
+    resources:
34
+      - configmaps
35
+      - endpoints
36
+      - nodes
37
+      - pods
38
+      - secrets
39
+    verbs:
40
+      - list
41
+      - watch
42
+  - apiGroups:
43
+      - ""
44
+    resources:
45
+      - nodes
46
+    verbs:
47
+      - get
48
+  - apiGroups:
49
+      - ""
50
+    resources:
51
+      - services
52
+    verbs:
53
+      - get
54
+      - list
55
+      - watch
56
+  - apiGroups:
57
+      - "extensions"
58
+    resources:
59
+      - ingresses
60
+    verbs:
61
+      - get
62
+      - list
63
+      - watch
64
+  - apiGroups:
65
+      - ""
66
+    resources:
67
+        - events
68
+    verbs:
69
+        - create
70
+        - patch
71
+  - apiGroups:
72
+      - "extensions"
73
+    resources:
74
+      - ingresses/status
75
+    verbs:
76
+      - update
77
+---
78
+apiVersion: rbac.authorization.k8s.io/v1beta1
79
+kind: ClusterRoleBinding
80
+metadata:
81
+  name: {{ $serviceAccountName }}
82
+roleRef:
83
+  apiGroup: rbac.authorization.k8s.io
84
+  kind: ClusterRole
85
+  name: {{ $serviceAccountName }}
86
+subjects:
87
+  - kind: ServiceAccount
88
+    name: {{ $serviceAccountName }}
89
+    namespace: {{ $envAll.Release.Namespace }}
90
+---
91
+apiVersion: rbac.authorization.k8s.io/v1beta1
92
+kind: Role
93
+metadata:
94
+  name: {{ $serviceAccountName }}
95
+  namespace: {{ $envAll.Release.Namespace }}
96
+rules:
97
+  - apiGroups:
98
+      - ""
99
+    resources:
100
+      - configmaps
101
+      - pods
102
+      - secrets
103
+      - namespaces
104
+    verbs:
105
+      - get
106
+  - apiGroups:
107
+      - ""
108
+    resources:
109
+      - configmaps
110
+    resourceNames:
111
+      - {{ printf "%s-maas-ingress" .Release.Name | quote }}
112
+    verbs:
113
+      - get
114
+      - update
115
+  - apiGroups:
116
+      - ""
117
+    resources:
118
+      - configmaps
119
+    verbs:
120
+      - create
121
+  - apiGroups:
122
+      - ""
123
+    resources:
124
+      - endpoints
125
+    verbs:
126
+      - get
127
+      - create
128
+      - update
129
+---
130
+apiVersion: rbac.authorization.k8s.io/v1beta1
131
+kind: RoleBinding
132
+metadata:
133
+  name: {{ $serviceAccountName }}
134
+  namespace: {{ $envAll.Release.Namespace }}
135
+roleRef:
136
+  apiGroup: rbac.authorization.k8s.io
137
+  kind: Role
138
+  name: {{ $serviceAccountName }}
139
+subjects:
140
+  - kind: ServiceAccount
141
+    name: {{ $serviceAccountName }}
142
+    namespace: {{ $envAll.Release.Namespace }}
143
+---
144
+---
145
+apiVersion: apps/v1beta1
146
+kind: Deployment
147
+metadata:
148
+  name: maas-ingress
149
+  annotations:
150
+    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
151
+spec:
152
+  replicas: {{ .Values.pod.replicas.ingress }}
153
+  template:
154
+    metadata:
155
+      labels:
156
+{{ tuple $envAll "maas" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
157
+      annotations:
158
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
159
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
160
+    spec:
161
+      serviceAccountName: {{ $serviceAccountName }}
162
+      affinity:
163
+{{- tuple $envAll "maas" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
164
+      nodeSelector:
165
+        {{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
166
+      hostNetwork: true
167
+      dnsPolicy: ClusterFirstWithHostNet
168
+      initContainers:
169
+{{ tuple $envAll "maas_ingress" $mounts_maas_ingress_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
170
+        - name: maas-ingress-vip-init
171
+          image: {{ .Values.images.tags.ingress }}
172
+          imagePullPolicy: {{ .Values.images.pull_policy }}
173
+{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
174
+          securityContext:
175
+            capabilities:
176
+              add:
177
+                - 'NET_ADMIN'
178
+                - 'SYS_MODULE'
179
+            runAsUser: 0
180
+          command:
181
+            - /tmp/maas-vip-configure.sh
182
+            - start
183
+          env:
184
+{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
185
+          volumeMounts:
186
+            - mountPath: /tmp/maas-vip-configure.sh
187
+              name: maas-bin
188
+              subPath: maas-vip-configure
189
+              readOnly: true
190
+            - mountPath: /mnt/host-rootfs
191
+              name: host-rootfs
192
+              readOnly: true
193
+      containers:
194
+        - name: maas-ingress-vip
195
+          image: {{ .Values.images.tags.ingress }}
196
+          imagePullPolicy: {{ .Values.images.pull_policy }}
197
+{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
198
+          securityContext:
199
+            capabilities:
200
+              add:
201
+                - 'NET_ADMIN'
202
+            runAsUser: 0
203
+          command:
204
+            - /tmp/maas-vip-configure.sh
205
+            - sleep
206
+          env:
207
+{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
208
+          volumeMounts:
209
+            - mountPath: /tmp/maas-vip-configure.sh
210
+              name: maas-bin
211
+              subPath: maas-vip-configure
212
+              readOnly: true
213
+          lifecycle:
214
+            preStop:
215
+              exec:
216
+                command:
217
+                  - /tmp/maas-vip-configure.sh
218
+                  - stop
219
+        - name: maas-ingress
220
+          image: {{ .Values.images.tags.ingress }}
221
+          imagePullPolicy: {{ .Values.images.pull_policy }}
222
+{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
223
+          securityContext:
224
+            capabilities:
225
+              add:
226
+                - 'NET_BIND_SERVICE'
227
+            runAsUser: 0
228
+          command:
229
+            - /tmp/maas-ingress.sh
230
+            - start
231
+          env:
232
+            - name: POD_NAMESPACE
233
+              valueFrom:
234
+                fieldRef:
235
+                  fieldPath: metadata.namespace
236
+            - name: POD_NAME
237
+              valueFrom:
238
+                fieldRef:
239
+                  fieldPath: metadata.name
240
+            - name: RELEASE_NAME
241
+              value: {{ .Release.Name | quote }}
242
+            - name: HTTP_PORT
243
+              value: "8808"
244
+            - name: HTTPS_PORT
245
+              value: "8543"
246
+            - name: HEALTHZ_PORT
247
+              value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
248
+            - name: STATUS_PORT
249
+              value: {{ tuple "maas_ingress" "podport" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
250
+            - name: ERROR_PAGE_SERVICE
251
+              value: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
252
+          volumeMounts:
253
+            - mountPath: /tmp/maas-ingress.sh
254
+              name: maas-bin
255
+              subPath: maas-ingress
256
+              readOnly: true
257
+{{ if $mounts_maas_ingress.volumeMounts }}{{ toYaml $mounts_maas_ingress.volumeMounts | indent 12 }}{{ end }}
258
+      volumes:
259
+        - name: maas-bin
260
+          configMap:
261
+            name: maas-bin
262
+            defaultMode: 0555
263
+        - name: host-rootfs
264
+          hostPath:
265
+            path: /
266
+{{ if $mounts_maas_ingress.volumes }}{{ toYaml $mounts_maas_ingress.volumes | indent 8 }}{{ end }}
267
+{{- end }}

+ 2
- 0
charts/maas/templates/service-ingress-error.yaml View File

@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 13
 See the License for the specific language governing permissions and
14 14
 limitations under the License.
15 15
 */}}
16
+{{- if .Values.manifests.maas_ingress }}
16 17
 ---
17 18
 apiVersion: v1
18 19
 kind: Service
@@ -26,3 +27,4 @@ spec:
26 27
   selector:
27 28
 {{ tuple . "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
28 29
 ...
30
+{{- end }}

+ 11
- 207
charts/maas/templates/statefulset-rack.yaml View File

@@ -23,125 +23,6 @@ limitations under the License.
23 23
 
24 24
 {{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25 25
 ---
26
-apiVersion: rbac.authorization.k8s.io/v1beta1
27
-kind: ClusterRole
28
-metadata:
29
-  name: {{ $serviceAccountName }}
30
-rules:
31
-  - apiGroups:
32
-      - ""
33
-    resources:
34
-      - configmaps
35
-      - endpoints
36
-      - nodes
37
-      - pods
38
-      - secrets
39
-    verbs:
40
-      - list
41
-      - watch
42
-  - apiGroups:
43
-      - ""
44
-    resources:
45
-      - nodes
46
-    verbs:
47
-      - get
48
-  - apiGroups:
49
-      - ""
50
-    resources:
51
-      - services
52
-    verbs:
53
-      - get
54
-      - list
55
-      - watch
56
-  - apiGroups:
57
-      - "extensions"
58
-    resources:
59
-      - ingresses
60
-    verbs:
61
-      - get
62
-      - list
63
-      - watch
64
-  - apiGroups:
65
-      - ""
66
-    resources:
67
-        - events
68
-    verbs:
69
-        - create
70
-        - patch
71
-  - apiGroups:
72
-      - "extensions"
73
-    resources:
74
-      - ingresses/status
75
-    verbs:
76
-      - update
77
----
78
-apiVersion: rbac.authorization.k8s.io/v1beta1
79
-kind: ClusterRoleBinding
80
-metadata:
81
-  name: {{ $serviceAccountName }}
82
-roleRef:
83
-  apiGroup: rbac.authorization.k8s.io
84
-  kind: ClusterRole
85
-  name: {{ $serviceAccountName }}
86
-subjects:
87
-  - kind: ServiceAccount
88
-    name: {{ $serviceAccountName }}
89
-    namespace: {{ $envAll.Release.Namespace }}
90
----
91
-apiVersion: rbac.authorization.k8s.io/v1beta1
92
-kind: Role
93
-metadata:
94
-  name: {{ $serviceAccountName }}
95
-  namespace: {{ $envAll.Release.Namespace }}
96
-rules:
97
-  - apiGroups:
98
-      - ""
99
-    resources:
100
-      - configmaps
101
-      - pods
102
-      - secrets
103
-      - namespaces
104
-    verbs:
105
-      - get
106
-  - apiGroups:
107
-      - ""
108
-    resources:
109
-      - configmaps
110
-    resourceNames:
111
-      - {{ printf "%s-maas-ingress" .Release.Name | quote }}
112
-    verbs:
113
-      - get
114
-      - update
115
-  - apiGroups:
116
-      - ""
117
-    resources:
118
-      - configmaps
119
-    verbs:
120
-      - create
121
-  - apiGroups:
122
-      - ""
123
-    resources:
124
-      - endpoints
125
-    verbs:
126
-      - get
127
-      - create
128
-      - update
129
----
130
-apiVersion: rbac.authorization.k8s.io/v1beta1
131
-kind: RoleBinding
132
-metadata:
133
-  name: {{ $serviceAccountName }}
134
-  namespace: {{ $envAll.Release.Namespace }}
135
-roleRef:
136
-  apiGroup: rbac.authorization.k8s.io
137
-  kind: Role
138
-  name: {{ $serviceAccountName }}
139
-subjects:
140
-  - kind: ServiceAccount
141
-    name: {{ $serviceAccountName }}
142
-    namespace: {{ $envAll.Release.Namespace }}
143
----
144
----
145 26
 apiVersion: apps/v1beta1
146 27
 kind: StatefulSet
147 28
 metadata:
@@ -151,6 +32,7 @@ metadata:
151 32
 spec:
152 33
   serviceName: maas-rack
153 34
   replicas: {{ .Values.pod.replicas.rack }}
35
+  podManagementPolicy: 'Parallel'
154 36
   updateStrategy:
155 37
     type: 'RollingUpdate'
156 38
   template:
@@ -170,93 +52,7 @@ spec:
170 52
       dnsPolicy: ClusterFirstWithHostNet
171 53
       initContainers:
172 54
 {{ tuple $envAll "rack_controller" $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
173
-        - name: maas-ingress-vip-init
174
-          image: {{ .Values.images.tags.ingress }}
175
-          imagePullPolicy: {{ .Values.images.pull_policy }}
176
-{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
177
-          securityContext:
178
-            capabilities:
179
-              add:
180
-                - 'NET_ADMIN'
181
-                - 'SYS_MODULE'
182
-            runAsUser: 0
183
-          command:
184
-            - /tmp/maas-vip-configure.sh
185
-            - start
186
-          env:
187
-{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
188
-          volumeMounts:
189
-            - mountPath: /tmp/maas-vip-configure.sh
190
-              name: maas-bin
191
-              subPath: maas-vip-configure
192
-              readOnly: true
193
-            - mountPath: /mnt/host-rootfs
194
-              name: host-rootfs
195
-              readOnly: true
196 55
       containers:
197
-        - name: maas-ingress-vip
198
-          image: {{ .Values.images.tags.ingress }}
199
-          imagePullPolicy: {{ .Values.images.pull_policy }}
200
-{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
201
-          securityContext:
202
-            capabilities:
203
-              add:
204
-                - 'NET_ADMIN'
205
-            runAsUser: 0
206
-          command:
207
-            - /tmp/maas-vip-configure.sh
208
-            - sleep
209
-          env:
210
-{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
211
-          volumeMounts:
212
-            - mountPath: /tmp/maas-vip-configure.sh
213
-              name: maas-bin
214
-              subPath: maas-vip-configure
215
-              readOnly: true
216
-          lifecycle:
217
-            preStop:
218
-              exec:
219
-                command:
220
-                  - /tmp/maas-vip-configure.sh
221
-                  - stop
222
-        - name: maas-ingress
223
-          image: {{ .Values.images.tags.ingress }}
224
-          imagePullPolicy: {{ .Values.images.pull_policy }}
225
-{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
226
-          securityContext:
227
-            capabilities:
228
-              add:
229
-                - 'NET_BIND_SERVICE'
230
-            runAsUser: 0
231
-          command:
232
-            - /tmp/maas-ingress.sh
233
-            - start
234
-          env:
235
-            - name: POD_NAMESPACE
236
-              valueFrom:
237
-                fieldRef:
238
-                  fieldPath: metadata.namespace
239
-            - name: POD_NAME
240
-              valueFrom:
241
-                fieldRef:
242
-                  fieldPath: metadata.name
243
-            - name: RELEASE_NAME
244
-              value: {{ .Release.Name | quote }}
245
-            - name: HTTP_PORT
246
-              value: "8808"
247
-            - name: HTTPS_PORT
248
-              value: "8543"
249
-            - name: HEALTHZ_PORT
250
-              value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
251
-            - name: STATUS_PORT
252
-              value: {{ tuple "maas_ingress" "podport" "status" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
253
-            - name: ERROR_PAGE_SERVICE
254
-              value: {{ tuple "maas_ingress" "error_pages" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
255
-          volumeMounts:
256
-            - mountPath: /tmp/maas-ingress.sh
257
-              name: maas-bin
258
-              subPath: maas-ingress
259
-              readOnly: true
260 56
         - name: maas-rack
261 57
           image: {{ .Values.images.tags.maas_rack }}
262 58
           imagePullPolicy: {{ .Values.images.pull_policy }}
@@ -269,6 +65,11 @@ spec:
269 65
                 secretKeyRef:
270 66
                   name: {{ .Values.secrets.maas_region.name }}
271 67
                   key: REGION_SECRET
68
+            - name: MAAS_API_KEY
69
+              valueFrom:
70
+                secretKeyRef:
71
+                  name: {{ .Values.conf.maas.credentials.secret.name }}
72
+                  key: 'token'
272 73
 {{ tuple $envAll $envAll.Values.pod.resources.maas_rack | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
273 74
           command:
274 75
             - /tmp/start.sh
@@ -284,6 +85,9 @@ spec:
284 85
               name: pod-run-lock
285 86
             - mountPath: /tmp
286 87
               name: pod-tmp
88
+            - mountPath: /host_cloud-init
89
+              name: host-cloud-init
90
+              readOnly: true
287 91
 {{- if .Values.conf.maas.ntp.disable_ntpd_rack }}
288 92
             - name: maas-bin
289 93
               mountPath: /usr/sbin/ntpd
@@ -324,9 +128,9 @@ spec:
324 128
         - name: host-sys-fs-cgroup
325 129
           hostPath:
326 130
             path: /sys/fs/cgroup
327
-        - name: host-rootfs
131
+        - name: host-cloud-init
328 132
           hostPath:
329
-            path: /
133
+            path: /run/cloud-init
330 134
         - name: pod-run
331 135
           emptyDir: {}
332 136
         - name: pod-run-lock

+ 13
- 2
charts/maas/values.yaml View File

@@ -19,10 +19,13 @@
19 19
 
20 20
 dependencies:
21 21
   static:
22
+    maas_ingress: {}
22 23
     rack_controller:
23 24
       services:
24 25
         - service: maas_region
25 26
           endpoint: internal
27
+      jobs:
28
+        - maas-export-api-key
26 29
     region_controller:
27 30
       jobs:
28 31
         - maas-db-sync
@@ -64,6 +67,7 @@ manifests:
64 67
   secret_ssh_key: false
65 68
   ingress_region: true
66 69
   configmap_ingress: true
70
+  maas_ingress: true
67 71
 
68 72
 images:
69 73
   tags:
@@ -98,6 +102,9 @@ labels:
98 102
   region:
99 103
     node_selector_key: ucp-control-plane
100 104
     node_selector_value: enabled
105
+  ingress:
106
+    node_selector_key: ucp-control-plane
107
+    node_selector_value: enabled
101 108
 
102 109
 network:
103 110
   maas_ingress:
@@ -226,6 +233,7 @@ pod:
226 233
   affinity:
227 234
     anti:
228 235
       type:
236
+        rack: requiredDuringSchedulingIgnoredDuringExecution
229 237
         default: preferredDuringSchedulingIgnoredDuringExecution
230 238
       topologyKey:
231 239
         default: kubernetes.io/hostname
@@ -239,9 +247,12 @@ pod:
239 247
     export_api_key:
240 248
       init_container: []
241 249
       export_api_key:
250
+    maas_ingress:
251
+      init_container: []
252
+      maas_region:
242 253
   replicas:
243
-    rack: 1
244
-    region: 1
254
+    rack: 2
255
+    region: 2
245 256
   resources:
246 257
     enabled: false
247 258
     test:

+ 0
- 7
images/maas-rack-controller/Dockerfile View File

@@ -40,13 +40,6 @@ ENV MAAS_VERSION 2.3.5-6511-gf466fdb-0ubuntu1
40 40
 # install maas
41 41
 RUN rsyslogd; apt-get install -y maas-cli=$MAAS_VERSION maas-rack-controller=$MAAS_VERSION
42 42
 
43
-COPY scripts/register-rack-controller.sh /usr/local/bin
44
-RUN chmod +x /usr/local/bin/register-rack-controller.sh
45
-
46
-# register ourselves with the region controller
47
-COPY scripts/register-rack-controller.service /lib/systemd/system/register-rack-controller.service
48
-RUN systemctl enable register-rack-controller.service
49
-
50 43
 RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump
51 44
 RUN ln -s /usr/bin/tcpdump /usr/sbin/tcpdump
52 45
 

Loading…
Cancel
Save