Loadbalancer pods which run haproxy should run on
Kubernetes master nodes as per the design. This commit
adds appropriate node selectors and tolerations.
Change-Id: Ic35a0130d8767e3cda7bbf4370f5dd07de1f6b8e
- Move to ubuntu-focal to account for:
http://lists.opendev.org/pipermail/service-announce/2021-May/000019.html
- Set an explicit nodeset on jobs to prevent this issue in the future
- Fix unit test and doc gen issues which cropped up while CI was
falsely passing
Closes: #22
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I4a53d2099c29ad3fc7a8188a9153008c56a7fd72
- Add API to configure a node port range
- Map each port to same port on sub-cluster
- Implement haproxy settings for workload services, including tcp connect
health checks
TODO (later):
- The existing singular NodePort field is now ignored for this service,
since the node port range is used instead, and so should be removed,
which will require some refactoring of base service types.
Change-Id: I6a5be3e330270c13c3d42c8bba4004b67524911d
- Set back ownership of ~/.kube and ~/.minikube to current user
- Remove not needed -E flag to sudo commands
- Remove unused etcd data directory
- Uplift minikube to latest stable release
This merely copies over the following Vino change:
https://review.opendev.org/c/airship/vino/+/782880
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: Iadf605b9028811f645262aa1b6354ed574f212ba
A couple of the BMH Secrets had explicit namespaces set, which
weren't getting used anyway since the config/samples kustomization
overrides the namespace, leading to confusion about the actual
namespace used, thus this removes them.
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: Iaac3d34911d14295897a0225682ac973f3ce6795
The auth service (Dex) does not depend on the SIP scheduling output
like the other services do, so it can be put in place independet
of SIP. This will remove complexity from SIP and give more
flexibility in how we deploy Dex through kustomize.
Change-Id: I1f871ae3be7d228cef867af6bed8ffffd6d0ea56
- This patchset installs ClusterIssuer that references the selfsigned certificates generated via Issuer in config/samples
- Passing in the generated secret from Issuer in SIP CR so that it can be consumed by ClusterIssuer
- Changes made in overall structure of config/samples since Issuer and Secret required for dex needs to be in cert-manager namespace
- Changes made in install-k8s.sh since minikube installation needs that apiserver-names param for dex endpoint to work
- Changes made in deploy-sip.sh for installation of Cert-Manager since we need to enable it temporarily for gates
- Added TODO for Auth related Test cases, for more details https://github.com/airshipit/sip/issues/14
Note: This patchset doesn't install Dex but the pre-req for Dex
Change-Id: If1962ead2a38dd0082a5e8978e5869f5c06aa757
This was causing gate failures after we started using the
airshipctl docker-install script [0].
[0]: https://review.opendev.org/c/airship/sip/+/785248
Change-Id: Ibcd5ae8fb7ffc2b5d0d968945e67d7e0641a9f09
Spin up a new load balancer for services exposed on the
sub-cluster(ControlPlane and Worker)
TODO: Support node port range
Map each port to same port on sub-cluster (instead of 6443)
Optimize haproxy config for generic workload services
Change-Id: I59125d7af06886fe128d068f657f0d9f1be7e926
This removes the `sip.airshipit.org/scheduled` label, and SIP now
relies solely on the presence/absense of the `sip.airshipit.org/cluster`
(renamed from `sip.airshipit.org/workload-cluster`) label to determine
which if any sip cluster a BMH is already scheduled to.
Closes #7
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I10f0c3a0cf420e41916fe9c1144fab9df21f3b97
This is a small change to fix some spelling issues, logging mistakes,
and simplifying small functions.
Change-Id: I9c90d4b9b83074a0ddfb681d9d5ee5e21b599ede
This removes references to "vm", "vino", and "vbmh" in the API and
replaces them with "bmh" since at least the existing functionality of
SIP is applicable to any BMH, not just those backed by vino/VMs.
If/when we add functionality specific to VM nodes, the API for those
features should be named/documented accordingly.
This also updates BMH scheduling to support arbitrary label selectors [0].
[0]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements
Closes: #8
Closes: #9
Change-Id: I105fe3dc854c032c755997c47c24997a03cd65e6
This adds a field to the SIP CRD to reference a Secret containing
SSH private keys to inject into the jump host container to be
used to SSH into the cluster's nodes. These should correspond
to whatever SSH authorized keys that will be included in the nodes.
These keys are then added to the jumphost container, and an SSH
config file is added to the ubuntu user's SSH config which includes
these keys along with host entries for each VM, which allows
them to be consumed by bash completion, which this also adds to
the jumphost image.
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: If2e948f567a867d8ee11353d79f3224faeac9215
The BMH CRD should not be bundled with the SIP CRD because it could
cause conflicts with baremetal operator deployments. The reason the CRD
was bundled with the SIP CRD was to load it into the unit tests.
This change moves the BMH CRD near the sample BMH objects for testing
purposes and adjusts the tests to load from that directory.
Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: I7e5b67ebbabb815fd19320d248246055decbde1e
This change enables operators to SSH into a sub-cluster Jump Host from
outside the base K8s cluster using a Node Port service. Operators
authenticate using SSH authorized keys to the SIP CR.
Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Ib1d94b5b0813e34014375d97f9189948af49f42c
