From 21a178f4237dda2f7587bca5822878c274bc01c1 Mon Sep 17 00:00:00 2001 From: Daniel Mellado Date: Tue, 21 Nov 2023 15:06:33 +0100 Subject: [PATCH] OCPBUGS-21610: Change config to allow ipv6/4 This commit uses the Kube Downward API to get the plugin's pod status.podIP and bash to set it and run nginx accordingly. This is also set in the jsonnet so it gets generated, even though it's some kind of double templating. Signed-off-by: Daniel Mellado --- assets/monitoring-plugin/config-map.yaml | 3 +- assets/monitoring-plugin/deployment.yaml | 22 ++++++++++++- .../components/monitoring-plugin.libsonnet | 32 ++++++++++++++++--- 3 files changed, 50 insertions(+), 7 deletions(-) diff --git a/assets/monitoring-plugin/config-map.yaml b/assets/monitoring-plugin/config-map.yaml index 041cef1f42..2d3863c42b 100644 --- a/assets/monitoring-plugin/config-map.yaml +++ b/assets/monitoring-plugin/config-map.yaml @@ -8,8 +8,7 @@ data: default_type application/octet-stream; keepalive_timeout 65; server { - listen 9443 ssl; - listen [::]:9443 ssl; + listen LISTEN_ADDR_PORT ssl; ssl_certificate /var/cert/tls.crt; ssl_certificate_key /var/cert/tls.key; root /usr/share/nginx/html; diff --git a/assets/monitoring-plugin/deployment.yaml b/assets/monitoring-plugin/deployment.yaml index 7ddee28b39..07270e5546 100644 --- a/assets/monitoring-plugin/deployment.yaml +++ b/assets/monitoring-plugin/deployment.yaml @@ -44,7 +44,27 @@ spec: topologyKey: kubernetes.io/hostname automountServiceAccountToken: false containers: - - image: quay.io/openshift/origin-monitoring-plugin:1.0.0 + - command: + - /bin/sh + - -c + - | + # TODO: Maybe just use IPV4 if empty? + if [ -z "$POD_IP" ]; then + echo "POD_IP env variable is not set or is empty" + exit 1 + elif echo "$POD_IP" | grep -qE '^([0-9]{1,3}\.){3}[0-9]{1,3}$'; then + LISTEN_ADDR_PORT="9943" + else + LISTEN_ADDR_PORT="[::]:9443" + fi + sed "s/LISTEN_ADDR_PORT/$LISTEN_ADDR_PORT/g" /etc/nginx/nginx.conf > /tmp/nginx.conf + exec nginx -c /tmp/nginx.conf -g 'daemon off;' + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldfPath: status.podIP + image: quay.io/openshift/origin-monitoring-plugin:1.0.0 imagePullPolicy: IfNotPresent name: monitoring-plugin ports: diff --git a/jsonnet/components/monitoring-plugin.libsonnet b/jsonnet/components/monitoring-plugin.libsonnet index b0ac7b0663..de0330c976 100644 --- a/jsonnet/components/monitoring-plugin.libsonnet +++ b/jsonnet/components/monitoring-plugin.libsonnet @@ -22,8 +22,7 @@ function(params) default_type application/octet-stream; keepalive_timeout 65; server { - listen %(nginxPort)d ssl; - listen [::]:%(nginxPort)d ssl; + listen LISTEN_ADDR_PORT ssl; ssl_certificate %(tlsPath)s/tls.crt; ssl_certificate_key %(tlsPath)s/tls.key; root /usr/share/nginx/html; @@ -212,8 +211,33 @@ function(params) $.volumeMount(tlsVolumeName, tlsMountPath), $.volumeMount(nginxCMVolName, nginxConfMountPath, 'nginx.conf'), ], - - + env: [ + { + name: 'POD_IP', + valueFrom: { + fieldRef: { + fieldfPath: 'status.podIP', + }, + }, + }, + ], + command: [ + '/bin/sh', + '-c', + ||| + # TODO: Maybe just use IPV4 if empty? + if [ -z "$POD_IP" ]; then + echo "POD_IP env variable is not set or is empty" + exit 1 + elif echo "$POD_IP" | grep -qE '^([0-9]{1,3}\.){3}[0-9]{1,3}$'; then + LISTEN_ADDR_PORT="9943" + else + LISTEN_ADDR_PORT="[::]:9443" + fi + sed "s/LISTEN_ADDR_PORT/$LISTEN_ADDR_PORT/g" /etc/nginx/nginx.conf > /tmp/nginx.conf + exec nginx -c /tmp/nginx.conf -g 'daemon off;' + |||, + ], }, // monitoring-plugin container ], // containers