get TNC to a working state

enxebre · Mar 2, 2018 · d6ff12c · d6ff12c
1 parent a9a940d
commit d6ff12c
Show file tree

Hide file tree

Showing 21 changed files with 91 additions and 186 deletions.
diff --git a/installer/pkg/workflow/install.go b/installer/pkg/workflow/install.go
@@ -61,7 +61,7 @@ func installBootstrapStep(m *metadata) error {
 		return err
 	}
 
-	if err := waitForNCG(m); err != nil {
+	if err := waitForTNC(m); err != nil {
 		return err
 	}
 

diff --git a/installer/pkg/workflow/utils.go b/installer/pkg/workflow/utils.go
@@ -26,6 +26,7 @@ const (
 	configFileName = "config.yaml"
 	kubeConfigPath = "generated/auth/kubeconfig"
 	binaryPrefix   = "tectonic-installer"
+	tncDaemonSet   = "tectonic-node-controller"
 )
 
 func copyFile(fromFilePath, toFilePath string) error {
@@ -50,7 +51,7 @@ func destroyCNAME(clusterDir string) error {
 	if err != nil {
 		return err
 	}
-	return terraformExec(clusterDir, "destroy", "-force", fmt.Sprintf("-state=%s.tfstate", bootstrapStep), "-target=aws_route53_record.tectonic_ncg", templatesPath)
+	return terraformExec(clusterDir, "destroy", "-force", fmt.Sprintf("-state=%s.tfstate", bootstrapStep), "-target=aws_route53_record.tectonic_tnc", templatesPath)
 }
 
 func findTemplates(relativePath string) (string, error) {
@@ -154,7 +155,7 @@ func readClusterConfigStep(m *metadata) error {
 	return nil
 }
 
-func waitForNCG(m *metadata) error {
+func waitForTNC(m *metadata) error {
 	config, err := clientcmd.BuildConfigFromFlags("", filepath.Join(m.clusterDir, kubeConfigPath))
 	if err != nil {
 		return err
@@ -169,16 +170,16 @@ func waitForNCG(m *metadata) error {
 	wait := 10
 	for retries > 0 {
 		// client will error until api sever is up
-		ds, _ := client.DaemonSets("kube-system").Get("ncg")
-		log.Printf("Waiting for NCG to be running, this might take a while...")
+		ds, _ := client.DaemonSets("kube-system").Get(tncDaemonSet)
+		log.Printf("Waiting for TNC to be running, this might take a while...")
 		if ds.Status.NumberReady >= 1 {
 			return nil
 		}
 		time.Sleep(time.Second * time.Duration(wait))
 		retries--
 	}
 
-	return errors.New("NCG is not running")
+	return errors.New("TNC is not running")
 }
 
 func writeFile(path, content string) error {

diff --git a/modules/aws/master-asg/master.tf b/modules/aws/master-asg/master.tf
@@ -59,9 +59,9 @@ resource "aws_autoscaling_group" "masters" {
   }
 }
 
-data "ignition_config" "ncg_master" {
+data "ignition_config" "tnc_master" {
   append {
-    source = "http://${var.cluster_name}-ncg.${var.base_domain}/ign/v1/role/master"
+    source = "http://${var.cluster_name}-tnc.${var.base_domain}/ign?role=master"
   }
 
   files = ["${data.ignition_file.kubelet_master_kubeconfig.id}"]
@@ -85,7 +85,7 @@ resource "aws_launch_configuration" "master_conf" {
   security_groups             = ["${var.master_sg_ids}"]
   iam_instance_profile        = "${aws_iam_instance_profile.master_profile.arn}"
   associate_public_ip_address = "${var.public_endpoints}"
-  user_data                   = "${data.ignition_config.ncg_master.rendered}"
+  user_data                   = "${data.ignition_config.tnc_master.rendered}"
 
   lifecycle {
     create_before_destroy = true

diff --git a/modules/aws/vpc/master-elb.tf b/modules/aws/vpc/master-elb.tf
@@ -1,16 +1,16 @@
-resource "aws_elb" "ncg" {
+resource "aws_elb" "tnc" {
   count           = "${var.private_master_endpoints}"
-  name            = "${var.cluster_name}-ncg"
+  name            = "${var.cluster_name}-tnc"
   subnets         = ["${local.master_subnet_ids}"]
   internal        = true
-  security_groups = ["${aws_security_group.ncg.id}"]
+  security_groups = ["${aws_security_group.tnc.id}"]
 
   idle_timeout                = 3600
   connection_draining         = true
   connection_draining_timeout = 300
 
   listener {
-    instance_port     = 8080
+    instance_port     = 45900
     instance_protocol = "tcp"
     lb_port           = 80
     lb_protocol       = "tcp"
@@ -20,7 +20,7 @@ resource "aws_elb" "ncg" {
     healthy_threshold   = 2
     unhealthy_threshold = 2
     timeout             = 3
-    target              = "TCP:8080"
+    target              = "TCP:45900"
     interval            = 5
   }
 

diff --git a/modules/aws/vpc/outputs.tf b/modules/aws/vpc/outputs.tf
@@ -45,7 +45,7 @@ output "aws_elb_console_id" {
 }
 
 output "aws_lbs" {
-  value = ["${compact(concat(aws_elb.api_internal.*.id, list(aws_elb.console.id), aws_elb.api_external.*.id, aws_elb.ncg.*.id))}"]
+  value = ["${compact(concat(aws_elb.api_internal.*.id, list(aws_elb.console.id), aws_elb.api_external.*.id, aws_elb.tnc.*.id))}"]
 }
 
 output "aws_api_external_dns_name" {
@@ -72,10 +72,10 @@ output "aws_elb_console_zone_id" {
   value = "${aws_elb.console.zone_id}"
 }
 
-output "aws_elb_ncg_dns_name" {
-  value = "${element(concat(aws_elb.ncg.*.dns_name, list("")), 0)}"
+output "aws_elb_tnc_dns_name" {
+  value = "${element(concat(aws_elb.tnc.*.dns_name, list("")), 0)}"
 }
 
-output "aws_elb_ncg_zone_id" {
-  value = "${element(concat(aws_elb.ncg.*.zone_id, list("")), 0)}"
+output "aws_elb_tnc_zone_id" {
+  value = "${element(concat(aws_elb.tnc.*.zone_id, list("")), 0)}"
 }
diff --git a/modules/aws/vpc/sg-elb.tf b/modules/aws/vpc/sg-elb.tf
@@ -1,4 +1,4 @@
-resource "aws_security_group" "ncg" {
+resource "aws_security_group" "tnc" {
   vpc_id = "${data.aws_vpc.cluster_vpc.id}"
 
   tags = "${merge(map(

diff --git a/modules/aws/vpc/sg-master.tf b/modules/aws/vpc/sg-master.tf
@@ -8,14 +8,14 @@ resource "aws_security_group" "master" {
     ), var.extra_tags)}"
 }
 
-resource "aws_security_group_rule" "master_ncg" {
+resource "aws_security_group_rule" "master_tnc" {
   type              = "ingress"
   security_group_id = "${aws_security_group.master.id}"
 
   protocol    = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
-  from_port   = 8080
-  to_port     = 8080
+  from_port   = 45900
+  to_port     = 45900
 }
 
 resource "aws_security_group_rule" "master_egress" {

diff --git a/modules/aws/worker-asg/worker.tf b/modules/aws/worker-asg/worker.tf
@@ -25,9 +25,9 @@ data "aws_ami" "coreos_ami" {
   }
 }
 
-data "ignition_config" "ncg_worker" {
+data "ignition_config" "tnc_worker" {
   append {
-    source = "http://${var.cluster_name}-ncg.${var.base_domain}/ign/v1/role/worker"
+    source = "http://${var.cluster_name}-tnc.${var.base_domain}/ign?role=worker"
   }
 
   files = ["${data.ignition_file.kubelet_worker_kubeconfig.id}"]
@@ -50,7 +50,7 @@ resource "aws_launch_configuration" "worker_conf" {
   key_name             = "${var.ssh_key}"
   security_groups      = ["${var.sg_ids}"]
   iam_instance_profile = "${aws_iam_instance_profile.worker_profile.arn}"
-  user_data            = "${data.ignition_config.ncg_worker.rendered}"
+  user_data            = "${data.ignition_config.tnc_worker.rendered}"
 
   lifecycle {
     create_before_destroy = true

diff --git a/modules/bootkube-ut2/assets.tf b/modules/bootkube-ut2/assets.tf
@@ -40,8 +40,6 @@ resource "template_dir" "bootkube" {
     pull_secret                    = "${base64encode(file(var.pull_secret_path))}"
     serviceaccount_pub             = "${base64encode(tls_private_key.service_account.public_key_pem)}"
     serviceaccount_key             = "${base64encode(tls_private_key.service_account.private_key_pem)}"
-    ncg_config_worker              = "${var.ncg_config_worker}"
-    ncg_config_master              = "${var.ncg_config_master}"
     kube_dns_service_ip            = "${cidrhost(var.service_cidr, 10)}"
 
     etcd_ca_cert     = "${base64encode(var.etcd_ca_cert_pem)}"
@@ -170,4 +168,3 @@ data "ignition_systemd_unit" "bootkube_path_unit" {
   enabled = true
   content = "${data.template_file.bootkube_path_unit.rendered}"
 }
-
diff --git a/modules/bootkube-ut2/resources/manifests/tectonic-node-controller-config.yaml b/modules/bootkube-ut2/resources/manifests/tectonic-node-controller-config.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tectonic-node-controller-config-v1
+  namespace: kube-system
+data:
+  tnc-config: |
+    HTTPProxy: "${http_proxy}"
+    HTTPSProxy: "${https_proxy}"
+    NoProxy: "${no_proxy}"
+    KubeletImageUrl: "${kubelet_image_url}"
+    KubeletImageTag: "${kubelet_image_tag}"
+    IscsiEnabled: "${iscsi_enabled}"
+    KubeconfigFetchCmd: "${kubeconfig_fetch_cmd}"
+    TectonicTorcxImageURL: "${tectonic_torcx_image_url}"
+    TectonicTorcxImageTag: "${tectonic_torcx_image_tag}"
+    BootstrapUpgradeCl: "${bootstrap_upgrade_cl}"
+    TorcxStoreULL: "${torcx_store_url}"
+    TorcxSkipSetup: "${torcx_skip_setup}"
+    NodeLabel: "${node_label}"
+    NodeTaintsParam: "${node_taints_param}"
+    ClusterDNSIP: "${cluster_dns_ip}"
+    CloudProvider: "${cloud_provider}"
+    CloudProviderConfig: "${cloud_provider_config}"
+    DebugConfig: "${debug_config}"
+    ClusterName: "${cluster_name}"
diff --git a/modules/bootkube-ut2/resources/manifests/tectonic-node-controller.yaml b/modules/bootkube-ut2/resources/manifests/tectonic-node-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1beta2
 kind: DaemonSet
 metadata:
   name: tectonic-node-controller
-  namespace: tectonic-system
+  namespace: kube-system
   labels:
     k8s-app: tectonic-node-controller
     managed-by-channel-operator: "true"
@@ -23,12 +23,11 @@ spec:
       containers:
       - name: tectonic-node-controller
         image: ${tnc_bootstrap_image}
-        command:
-        - /bootstrap
-        - --config=/etc/cluster-config
+        args:
+        - --config=/etc/cluster-config/tnc-config
         - --port=45900
-        - --cert=/opt/tectonic/tls/root-ca.crt
-        - --key=/opt/tectonic/tls/root-ca.key
+        - --cert=/opt/tectonic/tls/ca.crt
+        - --key=/opt/tectonic/tls/ca.key
         resources:
           limits:
             cpu: 20m
@@ -51,7 +50,7 @@ spec:
       volumes:
       - name: cluster-config
         configMap:
-          name: cluster-config-v1
+          name: tectonic-node-controller-config-v1
           items:
           - key: tnc-config
             path: tnc-config

diff --git a/modules/bootkube-ut2/variables.tf b/modules/bootkube-ut2/variables.tf
@@ -178,16 +178,6 @@ variable "tectonic_networking" {
   type        = "string"
 }
 
-variable "ncg_config_worker" {
-  description = "configures the network to be used in the cluster"
-  type        = "string"
-}
-
-variable "ncg_config_master" {
-  description = "configures the network to be used in the cluster"
-  type        = "string"
-}
-
 variable "http_proxy" {
   type        = "string"
   description = "HTTP proxy address."
@@ -255,4 +245,3 @@ EOF
 
   type = "string"
 }
-
diff --git a/steps/assets/ignition-ncg.tf b/steps/assets/ignition-ncg.tf
diff --git a/steps/assets/resources/rm-assets.sh b/steps/assets/resources/rm-assets.sh
@@ -19,7 +19,7 @@ s3_clean() {
             set -o pipefail
             REGION=$(wget -q -O - http://169.254.169.254/latest/meta-data/placement/availability-zone | sed '"'"'s/[a-zA-Z]$//'"'"')
             /usr/bin/aws --region="$REGION" s3 cp /tmp/assets.zip s3://"$LOCATION/assets.zip"
-            /usr/bin/aws --region="$REGION" s3 cp /tmp/assets.zip s3://"$LOCATION/ignition"
+            /usr/bin/aws --region="$REGION" s3 cp /tmp/assets.zip s3://"$LOCATION/ign"
         '
 }