Browse Source

Allow configuration of bootstrap API server

This avoids possible issues when the configuration of the bootstrapping
apiserver differs from the chart's configuration.  Issues were
specifically seen when overriding the node port range, but this opens up
additional configuration also.

Change-Id: I2a3fc5847e850c8055c099bac50782debbbabbf4
Mark Burnett 1 year ago
parent
commit
4f975a8cd8

+ 4
- 4
examples/basic/armada-resources.yaml View File

@@ -578,10 +578,11 @@ data:
578 578
   values:
579 579
     conf:
580 580
       anchor:
581
-        kubernetes_url: https://kubernetes.default:443
581
+        kubernetes_url: https://10.96.0.1:443
582 582
         services:
583
-          default:
584
-            kubernetes:
583
+          default: null
584
+          kube-system:
585
+            kubernetes-apiserver:
585 586
               server_opts: "check port 6443"
586 587
               conf_parts:
587 588
                 frontend:
@@ -591,7 +592,6 @@ data:
591 592
                   - mode tcp
592 593
                   - option tcp-check
593 594
                   - option redispatch
594
-          kube-system:
595 595
             kubernetes-etcd:
596 596
               server_opts: "check port 2379"
597 597
               conf_parts:

+ 4
- 4
examples/complete/armada-resources.yaml View File

@@ -618,10 +618,11 @@ data:
618 618
   values:
619 619
     conf:
620 620
       anchor:
621
-        kubernetes_url: https://kubernetes.default:443
621
+        kubernetes_url: https://10.96.0.1:443
622 622
         services:
623
-          default:
624
-            kubernetes:
623
+          default: null
624
+          kube-system:
625
+            kubernetes-apiserver:
625 626
               server_opts: "check port 6443"
626 627
               conf_parts:
627 628
                 frontend:
@@ -631,7 +632,6 @@ data:
631 632
                   - mode tcp
632 633
                   - option tcp-check
633 634
                   - option redispatch
634
-          kube-system:
635 635
             kubernetes-etcd:
636 636
               server_opts: "check port 2379"
637 637
               conf_parts:

+ 4
- 0
promenade/config.py View File

@@ -170,6 +170,10 @@ class Configuration:
170 170
         validation.check_schema(item)
171 171
         self.documents.append(item)
172 172
 
173
+    def bootstrap_apiserver_prefix(self):
174
+        return self.get_path('Genesis:apiserver.command_prefix',
175
+                             ['/apiserver', '--apiserver-count=2', '--v=5'])
176
+
173 177
 
174 178
 def _matches_filter(document, *, schema, labels):
175 179
     matches = True

+ 9
- 0
promenade/schemas/Genesis.yaml View File

@@ -64,6 +64,15 @@ data:
64 64
           type: string
65 65
       additionalProperties: false
66 66
 
67
+    apiserver:
68
+      type: object
69
+      properties:
70
+        command_prefix:
71
+          type: array
72
+          items:
73
+            type: string
74
+      additionalProperties: false
75
+
67 76
     files:
68 77
       type: array
69 78
       items:

+ 3
- 6
promenade/templates/roles/genesis/etc/kubernetes/manifests/bootstrap-armada.yaml View File

@@ -118,8 +118,9 @@ spec:
118 118
   - name: kubectl-apiserver
119 119
     image: {{ config['Genesis:images.kubernetes.apiserver'] }}
120 120
     command:
121
-      - /hyperkube
122
-      - apiserver
121
+      {%- for argument in config.bootstrap_apiserver_prefix() %}
122
+      - "{{ argument }}"
123
+      {%- endfor %}
123 124
       - --advertise-address={{ config['Genesis:ip'] }}
124 125
       - --authorization-mode=Node,RBAC
125 126
       - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
@@ -128,9 +129,6 @@ spec:
128 129
       - --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/cluster-ca.pem
129 130
       - --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/apiserver.pem
130 131
       - --kubelet-client-key=/etc/kubernetes/apiserver/pki/apiserver-key.pem
131
-      # Hard coding to 2 is a pretty safe move for now.  This can be exposed
132
-      # with additional configuration later.
133
-      - --apiserver-count=2
134 132
       - --insecure-port=8080
135 133
       - --secure-port=6444
136 134
       - --bind-address=0.0.0.0
@@ -145,7 +143,6 @@ spec:
145 143
       - --service-account-key-file=/etc/kubernetes/apiserver/pki/service-account.pub
146 144
       - --tls-cert-file=/etc/kubernetes/apiserver/pki/apiserver.pem
147 145
       - --tls-private-key-file=/etc/kubernetes/apiserver/pki/apiserver-key.pem
148
-      - --v=5
149 146
     env:
150 147
       - name: KUBECONFIG
151 148
         value: /etc/kubernetes/admin/config

+ 3
- 6
promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-apiserver.yaml View File

@@ -14,8 +14,9 @@ spec:
14 14
     - name: kube-apiserver
15 15
       image: {{ config['Genesis:images.kubernetes.apiserver'] }}
16 16
       command:
17
-        - /hyperkube
18
-        - apiserver
17
+        {%- for argument in config.bootstrap_apiserver_prefix() %}
18
+        - "{{ argument }}"
19
+        {%- endfor %}
19 20
         - --advertise-address={{ config['Genesis:ip'] }}
20 21
         - --authorization-mode=Node,RBAC
21 22
         - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
@@ -24,9 +25,6 @@ spec:
24 25
         - --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/cluster-ca.pem
25 26
         - --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/apiserver.pem
26 27
         - --kubelet-client-key=/etc/kubernetes/apiserver/pki/apiserver-key.pem
27
-        # Hard coding 3 is a pretty safe move for now.  This can be exposed
28
-        # with additional configuration later.
29
-        - --apiserver-count=3
30 28
         - --insecure-port=0
31 29
         - --bind-address=0.0.0.0
32 30
         - --secure-port=6443
@@ -41,7 +39,6 @@ spec:
41 39
         - --service-account-key-file=/etc/kubernetes/apiserver/pki/service-account.pub
42 40
         - --tls-cert-file=/etc/kubernetes/apiserver/pki/apiserver.pem
43 41
         - --tls-private-key-file=/etc/kubernetes/apiserver/pki/apiserver-key.pem
44
-        - --v=5
45 42
       volumeMounts:
46 43
         - name: config
47 44
           mountPath: /etc/kubernetes/apiserver

+ 5
- 5
tools/gate/config-templates/bootstrap-armada-config.yaml View File

@@ -556,11 +556,12 @@ data:
556 556
   values:
557 557
     conf:
558 558
       anchor:
559
-        kubernetes_url: https://kubernetes.default:443
559
+        kubernetes_url: https://10.96.0.1:443
560 560
         services:
561
-          default:
562
-            kubernetes:
563
-              server_opts: "check"
561
+          default: null
562
+          kube-system:
563
+            kubernetes-apiserver:
564
+              server_opts: "check port 6443"
564 565
               conf_parts:
565 566
                 frontend:
566 567
                   - mode tcp
@@ -569,7 +570,6 @@ data:
569 570
                   - mode tcp
570 571
                   - option tcp-check
571 572
                   - option redispatch
572
-          kube-system:
573 573
             kubernetes-etcd:
574 574
               server_opts: "check"
575 575
               conf_parts:

Loading…
Cancel
Save