Browse Source

(fix) Fix static ports in MAAS ingress

- Some residual static configuration was left in the MAAS ingress
  deployment template. Update it to render the ingress ports from
  endpoints and also to remove the TCP forwarder for the MAAS
  region API and instead use a standard Ingress resource.

Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
Scott Hussey 5 months ago
parent
commit
617607e426

+ 8
- 8
charts/maas/templates/bin/_maas-vip-configure.sh.tpl View File

@@ -1,4 +1,4 @@
1
-#!/bin/bash
1
+#!/bin/sh
2 2
 
3 3
 {{/*
4 4
 Copyright 2018 The Openstack-Helm Authors.
@@ -18,20 +18,20 @@ limitations under the License.*/}}
18 18
 
19 19
 set -ex
20 20
 
21
-COMMAND="${@:-start}"
21
+COMMAND="${*:-start}"
22 22
 
23
-function kernel_modules () {
23
+kernel_modules () {
24 24
   chroot /mnt/host-rootfs modprobe dummy
25 25
 }
26 26
 
27
-function test_vip () {
27
+test_vip () {
28 28
   ip addr show ${interface} | \
29 29
     awk "/inet / && /${interface}/{print \$2 }" | \
30 30
     awk -F '/' '{ print $1 }' | \
31 31
     grep -q "${addr%/*}"
32 32
 }
33 33
 
34
-function start () {
34
+start () {
35 35
   kernel_modules
36 36
   ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
37 37
   if ! test_vip; then
@@ -40,11 +40,11 @@ function start () {
40 40
   ip link set ${interface} up
41 41
 }
42 42
 
43
-function sleep () {
44
-  exec /usr/bin/dumb-init bash -c "while :; do sleep 2073600; done"
43
+sleep () {
44
+  exec /bin/sh -c "while :; do sleep 2073600; done"
45 45
 }
46 46
 
47
-function stop () {
47
+stop () {
48 48
   ip link show ${interface} > /dev/null || exit 0
49 49
   if test_vip; then
50 50
    ip addr del ${addr} dev ${interface}

+ 2
- 0
charts/maas/templates/configmap-etc.yaml View File

@@ -44,3 +44,5 @@ data:
44 44
   drivers.yaml: |
45 45
 {{ tuple "etc/_drivers.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
46 46
 {{- end }}
47
+  sleep-inittab: |
48
+    ::sysinit:/tmp/maas-vip-configure.sh sleep

+ 0
- 1
charts/maas/templates/configmap-ingress.yaml View File

@@ -22,7 +22,6 @@ kind: ConfigMap
22 22
 metadata:
23 23
   name: maas-ingress-services-tcp
24 24
 data:
25
-  {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-api"
26 25
   {{ tuple "maas_region" "public" "region_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-proxy"
27 26
 ...
28 27
 ---

+ 13
- 6
charts/maas/templates/deployment-maas-ingress.yaml View File

@@ -168,7 +168,7 @@ spec:
168 168
       initContainers:
169 169
 {{ tuple $envAll "maas_ingress" $mounts_maas_ingress_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
170 170
         - name: maas-ingress-vip-init
171
-          image: {{ .Values.images.tags.ingress }}
171
+          image: {{ .Values.images.tags.ingress_vip }}
172 172
           imagePullPolicy: {{ .Values.images.pull_policy }}
173 173
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
174 174
           securityContext:
@@ -192,7 +192,7 @@ spec:
192 192
               readOnly: true
193 193
       containers:
194 194
         - name: maas-ingress-vip
195
-          image: {{ .Values.images.tags.ingress }}
195
+          image: {{ .Values.images.tags.ingress_vip }}
196 196
           imagePullPolicy: {{ .Values.images.pull_policy }}
197 197
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
198 198
           securityContext:
@@ -201,8 +201,7 @@ spec:
201 201
                 - 'NET_ADMIN'
202 202
             runAsUser: 0
203 203
           command:
204
-            - /tmp/maas-vip-configure.sh
205
-            - sleep
204
+            - /bin/init
206 205
           env:
207 206
 {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
208 207
           volumeMounts:
@@ -210,6 +209,10 @@ spec:
210 209
               name: maas-bin
211 210
               subPath: maas-vip-configure
212 211
               readOnly: true
212
+            - mountPath: /etc/inittab
213
+              name: maas-etc
214
+              subPath: sleep-inittab
215
+              readOnly: true
213 216
           lifecycle:
214 217
             preStop:
215 218
               exec:
@@ -240,9 +243,9 @@ spec:
240 243
             - name: RELEASE_NAME
241 244
               value: {{ .Release.Name | quote }}
242 245
             - name: HTTP_PORT
243
-              value: "8808"
246
+              value: {{ tuple "maas_ingress" "podport" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
244 247
             - name: HTTPS_PORT
245
-              value: "8543"
248
+              value: {{ tuple "maas_ingress" "podport" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
246 249
             - name: HEALTHZ_PORT
247 250
               value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
248 251
             - name: STATUS_PORT
@@ -260,6 +263,10 @@ spec:
260 263
           configMap:
261 264
             name: maas-bin
262 265
             defaultMode: 0555
266
+        - name: maas-etc
267
+          configMap:
268
+            name: maas-etc
269
+            defaultMode: 0444
263 270
         - name: host-rootfs
264 271
           hostPath:
265 272
             path: /

+ 2
- 2
charts/maas/templates/etc/_curtin_userdata.tpl View File

@@ -39,8 +39,8 @@ def find_ba_key(n):
39 39
 {{ "{{" }}py: ba_files_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/files']){{ "}}" }}
40 40
 {{ "{{" }}if ba_key{{ "}}" }}
41 41
   drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."]
42
-  drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"]
43
-  drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"]
42
+  drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"]
43
+  drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"]
44 44
   drydock_03: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-units.tar.gz > /tmp/bootaction-unit-names.txt"]
45 45
   drydock_04: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-files.tar.gz > /tmp/bootaction-file-names.txt"]
46 46
   drydock_05: ["curtin", "in-target", "--", "sh", "-c", "xargs -a /tmp/bootaction-unit-names.txt -n 1 basename > /tmp/bootaction-unit-basenames.txt || echo 'Did not run basenames on units'"]

+ 0
- 4
charts/maas/templates/statefulset-rack.yaml View File

@@ -103,10 +103,6 @@ spec:
103 103
               mountPath: /usr/local/bin/register-rack-controller.sh
104 104
               subPath: register-rack-controller.sh
105 105
               readOnly: true
106
-            - name: maas-etc
107
-              mountPath: /lib/systemd/system/register-rack-controller.service
108
-              subPath: register-rack-controller.service
109
-              readOnly: true
110 106
             - name: rackd-state
111 107
               mountPath: /etc/maas
112 108
               subPath: etc

+ 2
- 1
charts/maas/values.yaml View File

@@ -79,7 +79,8 @@ images:
79 79
     export_api_key: quay.io/airshipit/maas-region-controller:latest
80 80
     maas_cache: quay.io/airshipit/sstream-cache:latest
81 81
     dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
82
-    ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
82
+    ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0
83
+    ingress_vip: docker.io/busybox:latest
83 84
     error_pages: gcr.io/google_containers/defaultbackend:1.0
84 85
   pull_policy: IfNotPresent
85 86
   local_registry:

+ 10
- 0
images/maas-rack-controller/2.3_hostheader.patch View File

@@ -0,0 +1,10 @@
1
+1047c1047
2
+<             if family in {AF_INET, AF_INET6}:
3
+---
4
+>             if family in {AF_INET6}:
5
+1051a1052,1054
6
+>                 info_url = info_url_base._replace(netloc=netloc)
7
+>             elif family in {AF_INET}:
8
+>                 info_url = info_url_base
9
+1054d1056
10
+<             info_url = info_url_base._replace(netloc=netloc)

+ 4
- 0
images/maas-rack-controller/Dockerfile View File

@@ -52,8 +52,12 @@ RUN systemctl enable register-rack-controller.service
52 52
 COPY 2.3_nic_filter.patch /tmp/2.3_nic_filter.patch
53 53
 # sh8121att: patch so that interfaces with MAC 00:00:00:00:00:00 omit the MAC address
54 54
 COPY 2.3_mac_address.patch /tmp/2.3_mac_address.patch
55
+# sh8121att: patch so query for RPC info contains proper Host header
56
+copy 2.3_hostheader.patch /tmp/2.3_hostheader.patch
57
+
55 58
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.3_nic_filter.patch
56 59
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch
60
+RUN cd /usr/lib/python3/dist-packages/provisioningserver/rpc && patch clusterservice.py < /tmp/2.3_hostheader.patch
57 61
 
58 62
 # echo journalctl logs to the container's stdout
59 63
 COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service

Loading…
Cancel
Save