OCPBUGS-21610: Change config to allow ipv6/4

This commit uses the Kube Downward API to get the plugin's pod status.podIP and bash to set it and run nginx accordingly. This is also set in the jsonnet so it gets generated, even though it's some kind of double templating. Signed-off-by: Daniel Mellado <dmellado@redhat.com>
openshift · Nov 23, 2023 · 21a178f · 21a178f
1 parent 4cb7660
commit 21a178f
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 7 deletions.
diff --git a/assets/monitoring-plugin/config-map.yaml b/assets/monitoring-plugin/config-map.yaml
@@ -8,8 +8,7 @@ data:
       default_type       application/octet-stream;
       keepalive_timeout  65;
       server {
-        listen              9443 ssl;
-        listen              [::]:9443 ssl;
+        listen              LISTEN_ADDR_PORT ssl;
         ssl_certificate     /var/cert/tls.crt;
         ssl_certificate_key /var/cert/tls.key;
         root                /usr/share/nginx/html;

diff --git a/assets/monitoring-plugin/deployment.yaml b/assets/monitoring-plugin/deployment.yaml
@@ -44,7 +44,27 @@ spec:
             topologyKey: kubernetes.io/hostname
       automountServiceAccountToken: false
       containers:
-      - image: quay.io/openshift/origin-monitoring-plugin:1.0.0
+      - command:
+        - /bin/sh
+        - -c
+        - |
+          # TODO: Maybe just use IPV4 if empty?
+          if [ -z "$POD_IP" ]; then
+            echo "POD_IP env variable is not set or is empty"
+            exit 1
+          elif echo "$POD_IP" | grep -qE '^([0-9]{1,3}\.){3}[0-9]{1,3}$'; then
+            LISTEN_ADDR_PORT="9943"
+          else
+            LISTEN_ADDR_PORT="[::]:9443"
+          fi
+          sed "s/LISTEN_ADDR_PORT/$LISTEN_ADDR_PORT/g" /etc/nginx/nginx.conf > /tmp/nginx.conf
+          exec nginx -c /tmp/nginx.conf -g 'daemon off;'
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldfPath: status.podIP
+        image: quay.io/openshift/origin-monitoring-plugin:1.0.0
         imagePullPolicy: IfNotPresent
         name: monitoring-plugin
         ports:

diff --git a/jsonnet/components/monitoring-plugin.libsonnet b/jsonnet/components/monitoring-plugin.libsonnet
@@ -22,8 +22,7 @@ function(params)
       default_type       application/octet-stream;
       keepalive_timeout  65;
       server {
-        listen              %(nginxPort)d ssl;
-        listen              [::]:%(nginxPort)d ssl;
+        listen              LISTEN_ADDR_PORT ssl;
         ssl_certificate     %(tlsPath)s/tls.crt;
         ssl_certificate_key %(tlsPath)s/tls.key;
         root                /usr/share/nginx/html;
@@ -212,8 +211,33 @@ function(params)
                   $.volumeMount(tlsVolumeName, tlsMountPath),
                   $.volumeMount(nginxCMVolName, nginxConfMountPath, 'nginx.conf'),
                 ],
-
-
+                env: [
+                  {
+                    name: 'POD_IP',
+                    valueFrom: {
+                      fieldRef: {
+                        fieldfPath: 'status.podIP',
+                      },
+                    },
+                  },
+                ],
+                command: [
+                  '/bin/sh',
+                  '-c',
+                  |||
+                    # TODO: Maybe just use IPV4 if empty?
+                    if [ -z "$POD_IP" ]; then
+                      echo "POD_IP env variable is not set or is empty"
+                      exit 1
+                    elif echo "$POD_IP" | grep -qE '^([0-9]{1,3}\.){3}[0-9]{1,3}$'; then
+                      LISTEN_ADDR_PORT="9943"
+                    else
+                      LISTEN_ADDR_PORT="[::]:9443"
+                    fi
+                    sed "s/LISTEN_ADDR_PORT/$LISTEN_ADDR_PORT/g" /etc/nginx/nginx.conf > /tmp/nginx.conf
+                    exec nginx -c /tmp/nginx.conf -g 'daemon off;'
+                  |||,
+                ],
               },  // monitoring-plugin container
             ],  // containers