Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WIP openstack: remove the service VM
This is part of the work to remove the service VM from the openstack architecture. This relies on the coredns/mdns and haproxy static pods setup in: openshift/machine-config-operator/pull/740 TODO(shadower): clean up the commit message, explain what we're doing, why we're doing it, all the external dependencies (MCO, CAPO) the current status and what still needs to be done. Below are the messages of all the commits squashed to get this in: openstack: remove service vm Run haproxy on 7443 with NAT rule forward to 6443 openstack: add clustervars that can be sourced by static pods hacks: integrate changes from pull/1808 hacks: start haproxy with only bootstrap node in backends don't use /tmp for clustervars hacks: don't redirect traffic from the cluster CIDR hacks: open master SGs to internet Set domain search to cluster domain So that nodes can resolve other nodes in the cluster using short names. Remove unused master_port_names tfvar WIP Some progress on getting Ignition via IP The LbFloatingIP is now used as the predictible address for API. It points to the bootstrap node first, then is moved to the first master upon bootstrap removal. As a consequence, the LbFloatingIP becomes a mandatory parameter for the installer on OpenStack platform. This patch also cleans up the network architecture a little bit by removing the subnet complexity for the deployed nodes. There is now only one subnet for all the provisioned nodes. Some cleanup Stop setting selinux permissive on master nodes Use bootstrap node's default hosts file Unbreak other platforms for ignition retrieval Make the ignition retrieval via IP address specific to the OpenStack platform. bootstrap: add switch-api-endpoint service There is a potential cycle where the temporary bootstrap control plane gets torn down and the API endpoint on the bootstrap node points to itself (via the floating IP) rather than the masters. The installer is waiting for the bootstrapping to be completed, but the `progress` service is unable to send the bootstrap-complete event, because the API server is no longer running on the bootstrap node (which still has the FIP attached). Therefore, the installer never runs the bootstrap destroy terraform actions and the FIP is stuck on the bootstrap node. This adds a new service that waits until the `bootkube` and `openshift` services finish (just like `progress.service` does), but then creates an `/etc/hosts` entry for the API endpoints so that `progress` can communicate with the master control plane. Run haproxy from MCO Move the bootstrap API endpoint after etcd That should fix the connection issues I've been seeing. But it's still not enough for some reason.
- Loading branch information
1 parent
1cb12b5
commit 73fc1ba
Showing
18 changed files
with
215 additions
and
583 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.