From 596591b85f3c838cf071458c71ebd7a7c2e03ed3 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Mon, 10 Sep 2018 17:31:59 -0700 Subject: [PATCH 1/2] .*: replace tectonic node controller with machine config operator --- config.tf | 17 +++--- .../fixtures/kube-system.yaml | 14 ----- installer/pkg/config-generator/generator.go | 47 --------------- installer/pkg/config-generator/tls.go | 16 +++--- installer/pkg/workflow/utils.go | 10 ---- modules/bootkube/assets.tf | 12 ++-- modules/bootkube/manifests.tf | 19 ++++--- modules/bootkube/resources/bootkube.sh | 28 ++++++--- .../04-openshift-machine-config-operator.yaml | 7 +++ .../resources/manifests/app-version-tnc.yaml | 15 ----- ...machine-config-operator-00-config-crd.yaml | 24 ++++++++ ...e-config-operator-01-images-configmap.yaml | 7 +++ .../machine-config-operator-02-rbac.yaml | 13 +++++ ...machine-config-operator-03-deployment.yaml | 57 +++++++++++++++++++ .../machine-config-server-tls-secret.yaml | 9 +++ .../resources/manifests/node-config-kind.yaml | 10 ---- .../manifests/operatorstatus-crd.yaml | 24 ++++++++ .../tectonic-node-controller-operator.yaml | 51 ----------------- .../resources/manifests/tnc-tls-secret.yaml | 9 --- modules/bootkube/variables.tf | 4 +- steps/assets/base/ignition-bootstrap.tf | 13 +---- steps/assets/base/ignition-tls.tf | 18 +++--- steps/assets/base/inputs.tf | 4 +- steps/assets/base/tectonic.tf | 4 +- 24 files changed, 211 insertions(+), 221 deletions(-) create mode 100644 modules/bootkube/resources/manifests/04-openshift-machine-config-operator.yaml delete mode 100644 modules/bootkube/resources/manifests/app-version-tnc.yaml create mode 100644 modules/bootkube/resources/manifests/machine-config-operator-00-config-crd.yaml create mode 100644 modules/bootkube/resources/manifests/machine-config-operator-01-images-configmap.yaml create mode 100644 modules/bootkube/resources/manifests/machine-config-operator-02-rbac.yaml create mode 100644 modules/bootkube/resources/manifests/machine-config-operator-03-deployment.yaml create mode 100644 modules/bootkube/resources/manifests/machine-config-server-tls-secret.yaml delete mode 100644 modules/bootkube/resources/manifests/node-config-kind.yaml create mode 100644 modules/bootkube/resources/manifests/operatorstatus-crd.yaml delete mode 100644 modules/bootkube/resources/manifests/tectonic-node-controller-operator.yaml delete mode 100644 modules/bootkube/resources/manifests/tnc-tls-secret.yaml diff --git a/config.tf b/config.tf index 5689ac39b36..59edcb5b809 100644 --- a/config.tf +++ b/config.tf @@ -59,17 +59,18 @@ variable "tectonic_container_images" { default = { addon_resizer = "gcr.io/google_containers/addon-resizer:2.1" bootkube = "quay.io/coreos/bootkube:v0.10.0" - tnc_operator = "quay.io/coreos/tectonic-node-controller-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" + machine_config_operator = "openshift/origin-machine-config-operator:v4.0.0" etcd_cert_signer = "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6" etcd = "quay.io/coreos/etcd:v3.2.14" - kube_core_renderer = "quay.io/coreos/kube-core-renderer-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" - kube_core_operator = "quay.io/coreos/kube-core-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" - tectonic_channel_operator = "quay.io/coreos/tectonic-channel-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" - kube_addon_operator = "quay.io/coreos/kube-addon-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" + hyperkube = "openshift/origin-node:latest" + kube_core_renderer = "quay.io/coreos/kube-core-renderer-dev:0b97bdb8c663deab99a75cc0d6854ca240670320" + kube_core_operator = "quay.io/coreos/kube-core-operator-dev:0b97bdb8c663deab99a75cc0d6854ca240670320" + tectonic_channel_operator = "quay.io/coreos/tectonic-channel-operator-dev:0b97bdb8c663deab99a75cc0d6854ca240670320" + kube_addon_operator = "quay.io/coreos/kube-addon-operator-dev:0b97bdb8c663deab99a75cc0d6854ca240670320" tectonic_alm_operator = "quay.io/coreos/tectonic-alm-operator:v0.3.1" - tectonic_ingress_controller_operator = "quay.io/coreos/tectonic-ingress-controller-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" - tectonic_utility_operator = "quay.io/coreos/tectonic-utility-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" - tectonic_network_operator = "quay.io/coreos/tectonic-network-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1" + tectonic_ingress_controller_operator = "quay.io/coreos/tectonic-ingress-controller-operator-dev:0b97bdb8c663deab99a75cc0d6854ca240670320" + tectonic_utility_operator = "quay.io/coreos/tectonic-utility-operator-dev:0b97bdb8c663deab99a75cc0d6854ca240670320" + tectonic_network_operator = "quay.io/coreos/tectonic-network-operator-dev:0b97bdb8c663deab99a75cc0d6854ca240670320" } } diff --git a/installer/pkg/config-generator/fixtures/kube-system.yaml b/installer/pkg/config-generator/fixtures/kube-system.yaml index 8d184a2d858..701f2986d74 100644 --- a/installer/pkg/config-generator/fixtures/kube-system.yaml +++ b/installer/pkg/config-generator/fixtures/kube-system.yaml @@ -69,20 +69,6 @@ data: kind: TectonicNetworkOperatorConfig networkProfile: canal podCIDR: 10.2.0.0/16 - tnco-config: | - apiVersion: v1 - controllerConfig: - additionalConfigs: [] - apiVersion: v1 - baseDomain: cluster.com - cloudProviderConfig: "" - clusterDNSIP: 10.3.0.10 - clusterName: test - etcdInitialCount: 3 - kind: TectonicNodeControllerConfig - nodePoolUpdateLimit: null - platform: aws - kind: TectonicNodeControllerOperatorConfig kind: ConfigMap metadata: name: cluster-config-v1 diff --git a/installer/pkg/config-generator/generator.go b/installer/pkg/config-generator/generator.go index c0cb50bbc84..68b6ceb5abf 100644 --- a/installer/pkg/config-generator/generator.go +++ b/installer/pkg/config-generator/generator.go @@ -13,7 +13,6 @@ import ( "github.com/coreos/tectonic-config/config/kube-addon" "github.com/coreos/tectonic-config/config/kube-core" "github.com/coreos/tectonic-config/config/tectonic-network" - tnco "github.com/coreos/tectonic-config/config/tectonic-node-controller" "github.com/coreos/tectonic-config/config/tectonic-utility" "github.com/ghodss/yaml" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -65,10 +64,6 @@ func New(cluster config.Cluster) ConfigGenerator { // KubeSystem returns, if successful, a yaml string for the kube-system. func (c *ConfigGenerator) KubeSystem() (string, error) { - tncoConfig, err := c.tncoConfig() - if err != nil { - return "", err - } coreConfig, err := c.coreConfig() if err != nil { return "", err @@ -81,7 +76,6 @@ func (c *ConfigGenerator) KubeSystem() (string, error) { return configMap("kube-system", genericData{ "kco-config": coreConfig, "network-config": c.networkConfig(), - "tnco-config": tncoConfig, "install-config": installConfig, }) } @@ -211,15 +205,6 @@ func (c *ConfigGenerator) CoreConfig() (string, error) { return marshalYAML(coreConfig) } -// TncoConfig returns, if successful, a yaml string for the on-disk tnco-config. -func (c *ConfigGenerator) TncoConfig() (string, error) { - tncoConfig, err := c.tncoConfig() - if err != nil { - return "", err - } - return marshalYAML(tncoConfig) -} - func (c *ConfigGenerator) addonConfig() (*kubeaddon.OperatorConfig, error) { addonConfig := kubeaddon.OperatorConfig{ TypeMeta: metav1.TypeMeta{ @@ -284,38 +269,6 @@ func (c *ConfigGenerator) networkConfig() *tectonicnetwork.OperatorConfig { return &networkConfig } -func (c *ConfigGenerator) tncoConfig() (*tnco.OperatorConfig, error) { - tncoConfig := tnco.OperatorConfig{ - TypeMeta: metav1.TypeMeta{ - APIVersion: tnco.TNCOConfigAPIVersion, - Kind: tnco.TNCOConfigKind, - }, - } - - tncoConfig.ControllerConfig = tnco.ControllerConfig{ - TypeMeta: metav1.TypeMeta{ - APIVersion: tnco.TNCConfigAPIVersion, - Kind: tnco.TNCConfigKind, - }, - } - - cidrhost, err := cidrhost(c.Cluster.Networking.ServiceCIDR, 10) - if err != nil { - return nil, err - } - - tncoConfig.ControllerConfig.ClusterDNSIP = cidrhost - tncoConfig.ControllerConfig.Platform = tectonicCloudProvider(c.Platform) - tncoConfig.ControllerConfig.CloudProviderConfig = "" // TODO(yifan): Get CloudProviderConfig. - tncoConfig.ControllerConfig.ClusterName = c.Cluster.Name - tncoConfig.ControllerConfig.BaseDomain = c.Cluster.BaseDomain - tncoConfig.ControllerConfig.EtcdInitialCount = c.Cluster.NodeCount(c.Cluster.Master.NodePools) - tncoConfig.ControllerConfig.AdditionalConfigs = []string{} // TODO(yifan): Get additional configs. - tncoConfig.ControllerConfig.NodePoolUpdateLimit = nil // TODO(yifan): Get the node pool update limit. - - return &tncoConfig, nil -} - func (c *ConfigGenerator) utilityConfig() (*tectonicutility.OperatorConfig, error) { utilityConfig := tectonicutility.OperatorConfig{ TypeMeta: metav1.TypeMeta{ diff --git a/installer/pkg/config-generator/tls.go b/installer/pkg/config-generator/tls.go index 99c9b502ba3..f328995c424 100644 --- a/installer/pkg/config-generator/tls.go +++ b/installer/pkg/config-generator/tls.go @@ -42,8 +42,8 @@ const ( rootCAKeyPath = "generated/tls/root-ca.key" serviceServingCACertPath = "generated/tls/service-serving-ca.crt" serviceServingCAKeyPath = "generated/tls/service-serving-ca.key" - tncCertPath = "generated/tls/tnc.crt" - tncKeyPath = "generated/tls/tnc.key" + machineConfigServerCertPath = "generated/tls/machine-config-server.crt" + machineConfigServerKeyPath = "generated/tls/machine-config-server.key" serviceAccountPubkeyPath = "generated/tls/service-account.pub" serviceAccountPrivateKeyPath = "generated/tls/service-account.key" ) @@ -239,18 +239,18 @@ func (c *ConfigGenerator) GenerateTLSConfig(clusterDir string) error { return fmt.Errorf("failed to generate kubelet certificate: %v", err) } - // TNC certs - tncDomain := fmt.Sprintf("%s-tnc.%s", c.Name, c.BaseDomain) + // MachineConfigServer certs + mcsDomain := fmt.Sprintf("%s-tnc.%s", c.Name, c.BaseDomain) cfg = &tls.CertCfg{ ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - DNSNames: []string{tncDomain}, - Subject: pkix.Name{CommonName: tncDomain}, + DNSNames: []string{mcsDomain}, + Subject: pkix.Name{CommonName: mcsDomain}, Validity: tls.ValidityTenYears, IsCA: false, } - if _, _, err := generateCert(clusterDir, caKey, caCert, tncKeyPath, tncCertPath, cfg, false); err != nil { - return fmt.Errorf("failed to generate tnc certificate: %v", err) + if _, _, err := generateCert(clusterDir, caKey, caCert, machineConfigServerKeyPath, machineConfigServerCertPath, cfg, false); err != nil { + return fmt.Errorf("failed to generate machine-config-server certificate: %v", err) } // Cluster API cert diff --git a/installer/pkg/workflow/utils.go b/installer/pkg/workflow/utils.go index bea0d1eef36..80f8896143b 100644 --- a/installer/pkg/workflow/utils.go +++ b/installer/pkg/workflow/utils.go @@ -68,16 +68,6 @@ func generateClusterConfigMaps(m *metadata) error { return err } - tncoConfig, err := configGenerator.TncoConfig() - if err != nil { - return err - } - - tncoConfigFilePath := filepath.Join(clusterGeneratedPath, tncoConfigFileName) - if err := ioutil.WriteFile(tncoConfigFilePath, []byte(tncoConfig), 0666); err != nil { - return err - } - kubeSystem, err := configGenerator.KubeSystem() if err != nil { return err diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf index f9bad2d022d..c09a0e12efc 100644 --- a/modules/bootkube/assets.tf +++ b/modules/bootkube/assets.tf @@ -49,12 +49,12 @@ data "template_file" "bootkube_sh" { template = "${file("${path.module}/resources/bootkube.sh")}" vars { - bootkube_image = "${var.container_images["bootkube"]}" - kube_core_renderer_image = "${var.container_images["kube_core_renderer"]}" - tnc_operator_image = "${var.container_images["tnc_operator"]}" - etcd_cert_signer_image = "${var.container_images["etcd_cert_signer"]}" - etcdctl_image = "${var.container_images["etcd"]}" - etcd_cluster = "${join(",", data.template_file.initial_cluster.*.rendered)}" + bootkube_image = "${var.container_images["bootkube"]}" + kube_core_renderer_image = "${var.container_images["kube_core_renderer"]}" + machine_config_operator_image = "${var.container_images["machine_config_operator"]}" + etcd_cert_signer_image = "${var.container_images["etcd_cert_signer"]}" + etcdctl_image = "${var.container_images["etcd"]}" + etcd_cluster = "${join(",", data.template_file.initial_cluster.*.rendered)}" } } diff --git a/modules/bootkube/manifests.tf b/modules/bootkube/manifests.tf index 588a12af2a1..bdc43a6c301 100644 --- a/modules/bootkube/manifests.tf +++ b/modules/bootkube/manifests.tf @@ -3,19 +3,22 @@ variable "manifest_names" { "01-tectonic-namespace.yaml", "02-ingress-namespace.yaml", "03-openshift-web-console-namespace.yaml", + "04-openshift-machine-config-operator.yaml", # https://github.com/openshift/machine-config-operator/tree/master/install/00_namespace.yaml "app-version-kind.yaml", "app-version-tectonic-network.yaml", - "app-version-tnc.yaml", + "cluster-apiserver-secret.yaml", "kube-apiserver-secret.yaml", "kube-cloud-config.yaml", "kube-controller-manager-secret.yaml", - "node-config-kind.yaml", + "machine-config-operator-00-config-crd.yaml", # https://github.com/openshift/machine-config-operator/tree/master/install/01_mcoconfig.crd.yaml + "machine-config-operator-01-images-configmap.yaml", # https://github.com/openshift/machine-config-operator/tree/master/install/02_images.configmap.yaml + "machine-config-operator-02-rbac.yaml", # https://github.com/openshift/machine-config-operator/tree/master/install/03_rbac.yaml + "machine-config-operator-03-deployment.yaml", # https://github.com/openshift/machine-config-operator/tree/master/install/04_deployment.yaml + "machine-config-server-tls-secret.yaml", "openshift-apiserver-secret.yaml", - "cluster-apiserver-secret.yaml", "pull.json", "tectonic-network-operator.yaml", - "tectonic-node-controller-operator.yaml", - "tnc-tls-secret.yaml", + "operatorstatus-crd.yaml", ] } @@ -26,7 +29,7 @@ data "template_file" "manifest_file_list" { vars { tectonic_network_operator_image = "${var.container_images["tectonic_network_operator"]}" - tnc_operator_image = "${var.container_images["tnc_operator"]}" + machine_config_operator_image = "${var.container_images["machine_config_operator"]}" cloud_provider_config = "${var.cloud_provider_config}" @@ -57,8 +60,8 @@ data "template_file" "manifest_file_list" { etcd_client_cert = "${base64encode(var.etcd_client_cert_pem)}" etcd_client_key = "${base64encode(var.etcd_client_key_pem)}" - tnc_tls_cert = "${base64encode(var.tnc_cert_pem)}" - tnc_tls_key = "${base64encode(var.tnc_key_pem)}" + mcs_tls_cert = "${base64encode(var.mcs_cert_pem)}" + mcs_tls_key = "${base64encode(var.mcs_key_pem)}" } } diff --git a/modules/bootkube/resources/bootkube.sh b/modules/bootkube/resources/bootkube.sh index 53a403ff555..5f5256c1f8f 100644 --- a/modules/bootkube/resources/bootkube.sh +++ b/modules/bootkube/resources/bootkube.sh @@ -11,20 +11,32 @@ echo "Rendering Kubernetes core manifests..." --config=/assets/kco-config.yaml \ --output=/assets -echo "Rendering TNC manifests..." +echo "Rendering MCO manifests..." # shellcheck disable=SC2154 /usr/bin/podman run \ --user 0 \ --volume "$PWD:/assets:z" \ - "${tnc_operator_image}" \ - --config=/assets/tnco-config.yaml \ - --render-bootstrap=true \ - --render-output=/assets/tnc-bootstrap + "${machine_config_operator_image}" \ + bootstrap \ + --etcd-ca=/assets/tls/etcd-client-ca.crt \ + --root-ca=/assets/tls/root-ca.crt \ + --config-file=/assets/manifests/cluster-config.yaml \ + --dest-dir=/assets/mco-bootstrap \ + --images-json-configmap=/assets/manifests/machine-config-operator-01-images-configmap.yaml mkdir -p /etc/kubernetes/manifests/ -cp "$PWD/tnc-bootstrap/tectonic-node-controller-pod.yaml" /etc/kubernetes/manifests/ -cp "$PWD/tnc-bootstrap/tectonic-node-controller-config.yaml" /etc/kubernetes/tnc-config +mkdir -p /etc/mcc/bootstrap/ +mkdir -p /etc/ssl/mcs/ +# Bootstrap MachineConfigController uses /etc/mcc/bootstrap/manifests/ dir to +# 1. read the controller config rendered by MachineConfigOperator +# 2. read the default MachineConfigPools rendered by MachineConfigOperator +# 3. read any additional MachineConfigs that are needed for the default MachineConfigPools. +cp -r "$PWD/mco-bootstrap/manifests" /etc/mcc/bootstrap/manifests +# /etc/ssl/mcs/tls.{crt, key} are locations for MachineConfigServer's tls assets. +cp "$PWD/tls/machine-config-server.crt" /etc/ssl/mcs/tls.crt +cp "$PWD/tls/machine-config-server.key" /etc/ssl/mcs/tls.key +cp "$PWD/mco-bootstrap/machineconfigoperator-bootstrap-pod.yaml" /etc/kubernetes/manifests/ # We originally wanted to run the etcd cert signer as # a static pod, but kubelet could't remove static pod @@ -87,7 +99,7 @@ done echo "etcd cluster up. Killing etcd certificate signer..." /usr/bin/podman kill "$SIGNER" -rm /etc/kubernetes/manifests/tectonic-node-controller-pod.yaml +rm /etc/kubernetes/manifests/machineconfigoperator-bootstrap-pod.yaml cp -r "$PWD/bootstrap-configs" /etc/kubernetes/bootstrap-configs diff --git a/modules/bootkube/resources/manifests/04-openshift-machine-config-operator.yaml b/modules/bootkube/resources/manifests/04-openshift-machine-config-operator.yaml new file mode 100644 index 00000000000..83c8515e59a --- /dev/null +++ b/modules/bootkube/resources/manifests/04-openshift-machine-config-operator.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-machine-config-operator + labels: + name: openshift-machine-config-operator + openshift.io/run-level: "1" diff --git a/modules/bootkube/resources/manifests/app-version-tnc.yaml b/modules/bootkube/resources/manifests/app-version-tnc.yaml deleted file mode 100644 index 59a07d0ef6d..00000000000 --- a/modules/bootkube/resources/manifests/app-version-tnc.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: tco.coreos.com/v1 -kind: AppVersion -metadata: - name: tectonic-node-controller - namespace: tectonic-system - labels: - managed-by-channel-operator: "true" -spec: - desiredVersion: - paused: false -status: - currentVersion: - paused: false -upgradereq: 1 -upgradecomp: 0 diff --git a/modules/bootkube/resources/manifests/machine-config-operator-00-config-crd.yaml b/modules/bootkube/resources/manifests/machine-config-operator-00-config-crd.yaml new file mode 100644 index 00000000000..99ec6196194 --- /dev/null +++ b/modules/bootkube/resources/manifests/machine-config-operator-00-config-crd.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + # name must match the spec fields below, and be in the form: . + name: mcoconfigs.machineconfiguration.openshift.io +spec: + # group name to use for REST API: /apis// + group: machineconfiguration.openshift.io + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + # either Namespaced or Cluster + scope: Namespaced + names: + # plural name to be used in the URL: /apis/// + plural: mcoconfigs + # singular name to be used as an alias on the CLI and for display + singular: mcoconfig + # kind is normally the CamelCased singular type. Your resource manifests use this. + kind: MCOConfig diff --git a/modules/bootkube/resources/manifests/machine-config-operator-01-images-configmap.yaml b/modules/bootkube/resources/manifests/machine-config-operator-01-images-configmap.yaml new file mode 100644 index 00000000000..5d41f322e92 --- /dev/null +++ b/modules/bootkube/resources/manifests/machine-config-operator-01-images-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: machine-config-operator-images + namespace: openshift-machine-config-operator +data: + images.json: '{"machineConfigController": "openshift/origin-machine-config-controller:v4.0.0", "machineConfigDaemon": "openshift/origin-machine-config-daemon:v4.0.0", "machineConfigServer": "openshift/origin-machine-config-server:v4.0.0"}' diff --git a/modules/bootkube/resources/manifests/machine-config-operator-02-rbac.yaml b/modules/bootkube/resources/manifests/machine-config-operator-02-rbac.yaml new file mode 100644 index 00000000000..cd69091915e --- /dev/null +++ b/modules/bootkube/resources/manifests/machine-config-operator-02-rbac.yaml @@ -0,0 +1,13 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: default-account-openshift-machine-config-operator +subjects: +- kind: ServiceAccount + name: default + namespace: openshift-machine-config-operator +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/modules/bootkube/resources/manifests/machine-config-operator-03-deployment.yaml b/modules/bootkube/resources/manifests/machine-config-operator-03-deployment.yaml new file mode 100644 index 00000000000..10343fe9155 --- /dev/null +++ b/modules/bootkube/resources/manifests/machine-config-operator-03-deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: machine-config-operator + namespace: openshift-machine-config-operator + labels: + k8s-app: machine-config-operator +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: machine-config-operator + template: + metadata: + labels: + k8s-app: machine-config-operator + spec: + containers: + - name: machine-config-operator + image: ${machine_config_operator_image} + args: + - "start" + - "--images-json=/etc/mco/images/images.json" + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 20m + memory: 50Mi + volumeMounts: + - name: root-ca + mountPath: /etc/ssl/kubernetes/ca.crt + - name: etcd-ca + mountPath: /etc/ssl/etcd/ca.crt + - name: images + mountPath: /etc/mco/images + nodeSelector: + node-role.kubernetes.io/master: "" + restartPolicy: Always + securityContext: + runAsNonRoot: true + runAsUser: 65534 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + volumes: + - name: images + configMap: + name: machine-config-operator-images + - name: etcd-ca + hostPath: + path: /etc/ssl/etcd/ca.crt + - name: root-ca + hostPath: + path: /etc/kubernetes/ca.crt diff --git a/modules/bootkube/resources/manifests/machine-config-server-tls-secret.yaml b/modules/bootkube/resources/manifests/machine-config-server-tls-secret.yaml new file mode 100644 index 00000000000..5856850b5d1 --- /dev/null +++ b/modules/bootkube/resources/manifests/machine-config-server-tls-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: machine-config-server-tls + namespace: openshift-machine-config-operator +type: Opaque +data: + tls.crt: ${mcs_tls_cert} + tls.key: ${mcs_tls_key} diff --git a/modules/bootkube/resources/manifests/node-config-kind.yaml b/modules/bootkube/resources/manifests/node-config-kind.yaml deleted file mode 100644 index 71c5c0b1795..00000000000 --- a/modules/bootkube/resources/manifests/node-config-kind.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: "apiextensions.k8s.io/v1beta1" -kind: "CustomResourceDefinition" -metadata: - name: "nodeconfigs.ncg.coreos.com" -spec: - group: "ncg.coreos.com" - version: "v1beta1" - names: - plural: "nodeconfigs" - kind: "NodeConfig" diff --git a/modules/bootkube/resources/manifests/operatorstatus-crd.yaml b/modules/bootkube/resources/manifests/operatorstatus-crd.yaml new file mode 100644 index 00000000000..a9261ef2d2c --- /dev/null +++ b/modules/bootkube/resources/manifests/operatorstatus-crd.yaml @@ -0,0 +1,24 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + # name must match the spec fields below, and be in the form: . + name: operatorstatuses.clusterversion.openshift.io +spec: + # group name to use for REST API: /apis// + group: clusterversion.openshift.io + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + # either Namespaced or Cluster + scope: Cluster + names: + # plural name to be used in the URL: /apis/// + plural: operatorstatuses + # singular name to be used as an alias on the CLI and for display + singular: operatorstatus + # kind is normally the CamelCased singular type. Your resource manifests use this. + kind: OperatorStatus diff --git a/modules/bootkube/resources/manifests/tectonic-node-controller-operator.yaml b/modules/bootkube/resources/manifests/tectonic-node-controller-operator.yaml deleted file mode 100644 index 3362be4bcac..00000000000 --- a/modules/bootkube/resources/manifests/tectonic-node-controller-operator.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: tectonic-node-controller-operator - namespace: kube-system - labels: - k8s-app: tectonic-node-controller-operator - managed-by-channel-operator: "true" -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: tectonic-node-controller-operator - template: - metadata: - labels: - k8s-app: tectonic-node-controller-operator - tectonic-app-version-name: tectonic-node-controller - spec: - containers: - - name: tectonic-node-controller-operator - image: ${tnc_operator_image} - resources: - limits: - cpu: 20m - memory: 50Mi - requests: - cpu: 20m - memory: 50Mi - volumeMounts: - - name: cluster-config - mountPath: /etc/cluster-config - imagePullSecrets: - - name: coreos-pull-secret - nodeSelector: - node-role.kubernetes.io/master: "" - restartPolicy: Always - securityContext: - runAsNonRoot: true - runAsUser: 65534 - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - volumes: - - name: cluster-config - configMap: - name: cluster-config-v1 - items: - - key: tnco-config - path: tnco-config diff --git a/modules/bootkube/resources/manifests/tnc-tls-secret.yaml b/modules/bootkube/resources/manifests/tnc-tls-secret.yaml deleted file mode 100644 index 05dda964cb2..00000000000 --- a/modules/bootkube/resources/manifests/tnc-tls-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: tectonic-node-controller-tls - namespace: kube-system -type: Opaque -data: - tls.crt: ${tnc_tls_cert} - tls.key: ${tnc_tls_key} diff --git a/modules/bootkube/variables.tf b/modules/bootkube/variables.tf index 2583ffea579..9364fb47ae4 100644 --- a/modules/bootkube/variables.tf +++ b/modules/bootkube/variables.tf @@ -123,11 +123,11 @@ variable "kubelet_key_pem" { description = "The kubelet key in PEM format." } -variable "tnc_cert_pem" { +variable "mcs_cert_pem" { type = "string" } -variable "tnc_key_pem" { +variable "mcs_key_pem" { type = "string" } diff --git a/steps/assets/base/ignition-bootstrap.tf b/steps/assets/base/ignition-bootstrap.tf index ad5e0c0be61..61422e837c5 100644 --- a/steps/assets/base/ignition-bootstrap.tf +++ b/steps/assets/base/ignition-bootstrap.tf @@ -36,16 +36,6 @@ data "ignition_file" "tectonic_cluster_config" { } } -data "ignition_file" "tnco_config" { - filesystem = "root" - mode = "0644" - path = "/opt/tectonic/tnco-config.yaml" - - content { - content = "${file("./generated/tnco-config.yaml")}" - } -} - data "ignition_file" "kco_config" { filesystem = "root" mode = "0644" @@ -89,7 +79,6 @@ data "ignition_config" "bootstrap" { list( data.ignition_file.kube-system_cluster_config.id, data.ignition_file.tectonic_cluster_config.id, - data.ignition_file.tnco_config.id, data.ignition_file.kco_config.id, data.ignition_file.bootstrap_kubeconfig.id, data.ignition_file.kubelet_kubeconfig.id, @@ -101,7 +90,7 @@ data "ignition_config" "bootstrap" { local.ca_certs_ignition_file_id_list, local.etcd_certs_ignition_file_id_list, local.kube_certs_ignition_file_id_list, - local.tnc_certs_ignition_file_id_list, + local.mcs_certs_ignition_file_id_list, local.service_account_keys_ignition_file_id_list, )))}"] diff --git a/steps/assets/base/ignition-tls.tf b/steps/assets/base/ignition-tls.tf index 7cbac4b1e9e..c84ff06fa2c 100644 --- a/steps/assets/base/ignition-tls.tf +++ b/steps/assets/base/ignition-tls.tf @@ -253,26 +253,26 @@ data "ignition_file" "kubelet_cert" { path = "/opt/tectonic/tls/kubelet.crt" } -data "ignition_file" "tnc_key" { +data "ignition_file" "mcs_key" { filesystem = "root" mode = "0644" content { - content = "${local.tnc_key_pem}" + content = "${local.mcs_key_pem}" } - path = "/opt/tectonic/tls/tnc.key" + path = "/opt/tectonic/tls/machine-config-server.key" } -data "ignition_file" "tnc_cert" { +data "ignition_file" "mcs_cert" { filesystem = "root" mode = "0644" content { - content = "${local.tnc_cert_pem}" + content = "${local.mcs_cert_pem}" } - path = "/opt/tectonic/tls/tnc.crt" + path = "/opt/tectonic/tls/machine-config-server.crt" } data "ignition_file" "service_account_private_key" { @@ -330,9 +330,9 @@ locals { "${data.ignition_file.kubelet_cert.id}", ] - tnc_certs_ignition_file_id_list = [ - "${data.ignition_file.tnc_key.id}", - "${data.ignition_file.tnc_cert.id}", + mcs_certs_ignition_file_id_list = [ + "${data.ignition_file.mcs_key.id}", + "${data.ignition_file.mcs_cert.id}", ] service_account_keys_ignition_file_id_list = [ diff --git a/steps/assets/base/inputs.tf b/steps/assets/base/inputs.tf index 440173bcd52..36543877480 100644 --- a/steps/assets/base/inputs.tf +++ b/steps/assets/base/inputs.tf @@ -27,8 +27,8 @@ locals { service_serving_ca_cert_pem = "${file("${local.tls_path}/service-serving-ca.crt")}" service_serving_ca_key_pem = "${file("${local.tls_path}/service-serving-ca.key")}" tls_path = "${path.cwd}/generated/tls" - tnc_cert_pem = "${file("${local.tls_path}/tnc.crt")}" - tnc_key_pem = "${file("${local.tls_path}/tnc.key")}" + mcs_cert_pem = "${file("${local.tls_path}/machine-config-server.crt")}" + mcs_key_pem = "${file("${local.tls_path}/machine-config-server.key")}" service_account_public_key_pem = "${file("${local.tls_path}/service-account.pub")}" service_account_private_key_pem = "${file("${local.tls_path}/service-account.key")}" } diff --git a/steps/assets/base/tectonic.tf b/steps/assets/base/tectonic.tf index 010d81dc0f9..f00f65e348f 100644 --- a/steps/assets/base/tectonic.tf +++ b/steps/assets/base/tectonic.tf @@ -44,8 +44,8 @@ module "bootkube" { root_ca_cert_pem = "${local.root_ca_cert_pem}" service_serving_ca_cert_pem = "${local.service_serving_ca_cert_pem}" service_serving_ca_key_pem = "${local.service_serving_ca_key_pem}" - tnc_cert_pem = "${local.tnc_cert_pem}" - tnc_key_pem = "${local.tnc_key_pem}" + mcs_cert_pem = "${local.mcs_cert_pem}" + mcs_key_pem = "${local.mcs_key_pem}" service_account_public_key_pem = "${local.service_account_public_key_pem}" service_account_private_key_pem = "${local.service_account_private_key_pem}" From df629841331cd9a7a6d2e3cdcf27b9edcb616fd1 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Tue, 11 Sep 2018 16:06:17 -0700 Subject: [PATCH 2/2] *: update BUILD.bazel --- installer/pkg/config-generator/BUILD.bazel | 1 - pkg/rhcos/BUILD.bazel | 9 +-------- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/installer/pkg/config-generator/BUILD.bazel b/installer/pkg/config-generator/BUILD.bazel index 8045408332a..500505f48fa 100644 --- a/installer/pkg/config-generator/BUILD.bazel +++ b/installer/pkg/config-generator/BUILD.bazel @@ -21,7 +21,6 @@ go_library( "//vendor/github.com/coreos/tectonic-config/config/kube-addon:go_default_library", "//vendor/github.com/coreos/tectonic-config/config/kube-core:go_default_library", "//vendor/github.com/coreos/tectonic-config/config/tectonic-network:go_default_library", - "//vendor/github.com/coreos/tectonic-config/config/tectonic-node-controller:go_default_library", "//vendor/github.com/coreos/tectonic-config/config/tectonic-utility:go_default_library", "//vendor/github.com/ghodss/yaml:go_default_library", "//vendor/github.com/vincent-petithory/dataurl:go_default_library", diff --git a/pkg/rhcos/BUILD.bazel b/pkg/rhcos/BUILD.bazel index f4e32c3b7f6..761246193d9 100644 --- a/pkg/rhcos/BUILD.bazel +++ b/pkg/rhcos/BUILD.bazel @@ -1,4 +1,4 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") +load("@io_bazel_rules_go//go:def.bzl", "go_library") go_library( name = "go_default_library", @@ -9,10 +9,3 @@ go_library( importpath = "github.com/openshift/installer/pkg/rhcos", visibility = ["//visibility:public"], ) - -go_test( - name = "go_default_test", - srcs = [], - embed = [":go_default_library"], - deps = ["//vendor/github.com/stretchr/testify/assert:go_default_library"], -)