diff --git a/installer/pkg/config-generator/ignition.go b/installer/pkg/config-generator/ignition.go index 162a81c516e..d3f03809539 100644 --- a/installer/pkg/config-generator/ignition.go +++ b/installer/pkg/config-generator/ignition.go @@ -100,7 +100,7 @@ func parseIgnFile(filePath string) (ignconfigtypes.Config, error) { func (c *ConfigGenerator) embedAppendBlock(ignCfg *ignconfigtypes.Config, role string, query string) { appendBlock := ignconfigtypes.ConfigReference{ - Source: c.getTNCURL(role, query), + Source: c.getMCSURL(role, query), Verification: ignconfigtypes.Verification{Hash: nil}, } ignCfg.Ignition.Config.Append = append(ignCfg.Ignition.Config.Append, appendBlock) @@ -123,21 +123,15 @@ func (c *ConfigGenerator) embedUserBlock(ignCfg *ignconfigtypes.Config) { ignCfg.Passwd.Users = append(ignCfg.Passwd.Users, userBlock) } -func (c *ConfigGenerator) getTNCURL(role string, query string) string { +func (c *ConfigGenerator) getMCSURL(role string, query string) string { var u string - - // cloud platforms put this behind a load balancer which remaps ports; - // libvirt doesn't do that - use the tnc port directly - port := 80 - if c.Platform == config.PlatformLibvirt { - port = 49500 - } + port := 49500 if role == "master" || role == "worker" { u = func() *url.URL { return &url.URL{ Scheme: "https", - Host: fmt.Sprintf("%s-tnc.%s:%d", c.Name, c.BaseDomain, port), + Host: fmt.Sprintf("%s-api.%s:%d", c.Name, c.BaseDomain, port), Path: fmt.Sprintf("/config/%s", role), RawQuery: query, } diff --git a/installer/pkg/config-generator/tls.go b/installer/pkg/config-generator/tls.go index 48130fd1b07..ee64315190c 100644 --- a/installer/pkg/config-generator/tls.go +++ b/installer/pkg/config-generator/tls.go @@ -240,7 +240,7 @@ func (c *ConfigGenerator) GenerateTLSConfig(clusterDir string) error { } // MachineConfigServer certs - mcsDomain := fmt.Sprintf("%s-tnc.%s", c.Name, c.BaseDomain) + mcsDomain := fmt.Sprintf("%s-api.%s", c.Name, c.BaseDomain) cfg = &tls.CertCfg{ ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, DNSNames: []string{mcsDomain}, diff --git a/installer/pkg/workflow/init.go b/installer/pkg/workflow/init.go index f338434e4e6..69c3f68f738 100644 --- a/installer/pkg/workflow/init.go +++ b/installer/pkg/workflow/init.go @@ -17,7 +17,6 @@ import ( const ( generatedPath = "generated" kcoConfigFileName = "kco-config.yaml" - tncoConfigFileName = "tnco-config.yaml" maoConfigFileName = "mao-config.yaml" kubeSystemPath = "generated/manifests" kubeSystemFileName = "cluster-config.yaml" diff --git a/modules/aws/master/main.tf b/modules/aws/master/main.tf index c0bc084e456..bbfd7284480 100644 --- a/modules/aws/master/main.tf +++ b/modules/aws/master/main.tf @@ -112,12 +112,6 @@ resource "aws_instance" "master" { ), var.extra_tags)}" } -resource "aws_elb_attachment" "masters_tnc" { - count = "${var.private_endpoints ? var.instance_count : 0}" - elb = "${var.elb_tnc_id}" - instance = "${aws_instance.master.*.id[count.index]}" -} - resource "aws_elb_attachment" "masters_internal" { count = "${var.private_endpoints ? var.instance_count : 0}" elb = "${var.elb_api_internal_id}" diff --git a/modules/aws/master/variables.tf b/modules/aws/master/variables.tf index 5a5348cd3eb..32e0715a99f 100644 --- a/modules/aws/master/variables.tf +++ b/modules/aws/master/variables.tf @@ -56,10 +56,6 @@ variable "public_endpoints" { default = true } -variable "elb_tnc_id" { - type = "string" -} - variable "elb_api_internal_id" { type = "string" } diff --git a/modules/aws/vpc/master-elb.tf b/modules/aws/vpc/master-elb.tf index 6e04a547646..300bdbd5df5 100644 --- a/modules/aws/vpc/master-elb.tf +++ b/modules/aws/vpc/master-elb.tf @@ -1,36 +1,3 @@ -resource "aws_elb" "tnc" { - count = "${var.private_master_endpoints ? 1 : 0}" - name = "${var.cluster_name}-tnc" - subnets = ["${local.master_subnet_ids}"] - internal = true - security_groups = ["${aws_security_group.tnc.id}"] - - idle_timeout = 3600 - connection_draining = true - connection_draining_timeout = 300 - - listener { - instance_port = 49500 - instance_protocol = "tcp" - lb_port = 80 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "TCP:49500" - interval = 5 - } - - tags = "${merge(map( - "Name", "${var.cluster_name}-int", - "kubernetes.io/cluster/${var.cluster_name}", "owned", - "tectonicClusterID", "${var.cluster_id}" - ), var.extra_tags)}" -} - resource "aws_elb" "api_internal" { count = "${var.private_master_endpoints ? 1 : 0}" name = "${var.cluster_name}-int" @@ -49,6 +16,13 @@ resource "aws_elb" "api_internal" { lb_protocol = "tcp" } + listener { + instance_port = 49500 + instance_protocol = "tcp" + lb_port = 49500 + lb_protocol = "tcp" + } + health_check { healthy_threshold = 2 unhealthy_threshold = 2 @@ -57,6 +31,15 @@ resource "aws_elb" "api_internal" { interval = 5 } + # TODO: we only have on health_check per ELB but need to check the following too + # health_check { + # healthy_threshold = 2 + # unhealthy_threshold = 2 + # timeout = 3 + # target = "TCP:49500" + # interval = 5 + # } + tags = "${merge(map( "Name", "${var.cluster_name}-int", "kubernetes.io/cluster/${var.cluster_name}", "owned", diff --git a/modules/aws/vpc/outputs.tf b/modules/aws/vpc/outputs.tf index 11cc81e6884..cab4d40f9b6 100644 --- a/modules/aws/vpc/outputs.tf +++ b/modules/aws/vpc/outputs.tf @@ -42,15 +42,11 @@ output "aws_elb_console_id" { value = "${aws_elb.console.id}" } -output "aws_elb_tnc_id" { - value = "${aws_elb.tnc.0.id}" -} - output "aws_lbs" { - value = ["${compact(concat(aws_elb.api_internal.*.id, list(aws_elb.console.id), aws_elb.api_external.*.id, aws_elb.tnc.*.id))}"] + value = ["${compact(concat(aws_elb.api_internal.*.id, list(aws_elb.console.id), aws_elb.api_external.*.id))}"] } -output "aws_api_external_dns_name" { +output "aws_elb_api_external_dns_name" { value = "${element(concat(aws_elb.api_external.*.dns_name, list("")), 0)}" } @@ -58,7 +54,7 @@ output "aws_elb_api_external_zone_id" { value = "${element(concat(aws_elb.api_external.*.zone_id, list("")), 0)}" } -output "aws_api_internal_dns_name" { +output "aws_elb_api_internal_dns_name" { value = "${element(concat(aws_elb.api_internal.*.dns_name, list("")), 0)}" } @@ -73,11 +69,3 @@ output "aws_console_dns_name" { output "aws_elb_console_zone_id" { value = "${aws_elb.console.zone_id}" } - -output "aws_elb_tnc_dns_name" { - value = "${element(concat(aws_elb.tnc.*.dns_name, list("")), 0)}" -} - -output "aws_elb_tnc_zone_id" { - value = "${element(concat(aws_elb.tnc.*.zone_id, list("")), 0)}" -} diff --git a/modules/aws/vpc/sg-elb.tf b/modules/aws/vpc/sg-elb.tf index d40f9bdf3b5..4984e641412 100644 --- a/modules/aws/vpc/sg-elb.tf +++ b/modules/aws/vpc/sg-elb.tf @@ -1,43 +1,3 @@ -resource "aws_security_group" "tnc" { - vpc_id = "${data.aws_vpc.cluster_vpc.id}" - - tags = "${merge(map( - "Name", "${var.cluster_name}_tnc_sg", - "kubernetes.io/cluster/${var.cluster_name}", "owned", - "tectonicClusterID", "${var.cluster_id}" - ), var.extra_tags)}" -} - -resource "aws_security_group_rule" "tnc_egress" { - type = "egress" - security_group_id = "${aws_security_group.tnc.id}" - - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "tnc_ingress_http" { - type = "ingress" - security_group_id = "${aws_security_group.tnc.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 80 - to_port = 80 -} - -resource "aws_security_group_rule" "tnc_ingress_https" { - type = "ingress" - security_group_id = "${aws_security_group.tnc.id}" - - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - to_port = 443 -} - resource "aws_security_group" "api" { vpc_id = "${data.aws_vpc.cluster_vpc.id}" @@ -68,6 +28,16 @@ resource "aws_security_group_rule" "api_ingress_console" { to_port = 6443 } +resource "aws_security_group_rule" "mcs_ingress" { + type = "ingress" + security_group_id = "${aws_security_group.api.id}" + + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + from_port = 49500 + to_port = 49500 +} + resource "aws_security_group" "console" { vpc_id = "${data.aws_vpc.cluster_vpc.id}" diff --git a/modules/aws/vpc/sg-master.tf b/modules/aws/vpc/sg-master.tf index bae531f2843..23578f4cc0f 100644 --- a/modules/aws/vpc/sg-master.tf +++ b/modules/aws/vpc/sg-master.tf @@ -8,7 +8,7 @@ resource "aws_security_group" "master" { ), var.extra_tags)}" } -resource "aws_security_group_rule" "master_tnc" { +resource "aws_security_group_rule" "master_mcs" { type = "ingress" security_group_id = "${aws_security_group.master.id}" diff --git a/pkg/asset/ignition/bootstrap.go b/pkg/asset/ignition/bootstrap.go index a1d87d24980..31d38a00b91 100644 --- a/pkg/asset/ignition/bootstrap.go +++ b/pkg/asset/ignition/bootstrap.go @@ -59,7 +59,7 @@ type bootstrap struct { apiServerProxyCertKey asset.Asset adminCertKey asset.Asset kubeletCertKey asset.Asset - tncCertKey asset.Asset + mcsCertKey asset.Asset serviceAccountKeyPair asset.Asset kubeconfig asset.Asset kubeconfigKubelet asset.Asset @@ -90,7 +90,7 @@ func newBootstrap( apiServerProxyCertKey: tlsStock.APIServerProxyCertKey(), adminCertKey: tlsStock.AdminCertKey(), kubeletCertKey: tlsStock.KubeletCertKey(), - tncCertKey: tlsStock.TNCCertKey(), + mcsCertKey: tlsStock.MCSCertKey(), serviceAccountKeyPair: tlsStock.ServiceAccountKeyPair(), kubeconfig: kubeconfigStock.KubeconfigAdmin(), kubeconfigKubelet: kubeconfigStock.KubeconfigKubelet(), @@ -114,7 +114,7 @@ func (a *bootstrap) Dependencies() []asset.Asset { a.apiServerProxyCertKey, a.adminCertKey, a.kubeletCertKey, - a.tncCertKey, + a.mcsCertKey, a.serviceAccountKeyPair, a.kubeconfig, a.kubeconfigKubelet, @@ -200,7 +200,6 @@ func (a *bootstrap) addBootstrapConfigFiles(config *ignition.Config, dependencie // TODO (staebler) - missing the following from assets step // /opt/tectonic/manifests/cluster-config.yaml // /opt/tectonic/tectonic/cluster-config.yaml - // /opt/tectonic/tnco-config.yaml // /opt/tectonic/kco-config.yaml // /etc/kubernetes/kubeconfig // /var/lib/kubelet/kubeconfig @@ -260,8 +259,8 @@ func (a *bootstrap) addTLSCertFiles(config *ignition.Config, dependencies map[as {"admin.key", "admin.crt", dependencies[a.adminCertKey]}, {"kubelet.key", "kubelet.crt", dependencies[a.kubeletCertKey]}, - // tnc cert - {"tnc.key", "tnc.crt", dependencies[a.tncCertKey]}, + // mcs cert + {"mcs.key", "mcs.crt", dependencies[a.mcsCertKey]}, // service account cert {"service-account.key", "service-account.crt", dependencies[a.serviceAccountKeyPair]}, diff --git a/pkg/asset/ignition/bootstrap_test.go b/pkg/asset/ignition/bootstrap_test.go index 75c03e461a8..1ab4f228878 100644 --- a/pkg/asset/ignition/bootstrap_test.go +++ b/pkg/asset/ignition/bootstrap_test.go @@ -41,7 +41,7 @@ machines: apiServerProxyCertKeyAsset := &testAsset{"apiserver-proxy-ca"} adminCertKeyAsset := &testAsset{"admin-ca"} kubeletCertKeyAsset := &testAsset{"kubelet-ca"} - tncCertKeyAsset := &testAsset{"tnc-ca"} + mcsCertKeyAsset := &testAsset{"mcs-ca"} serviceAccountKeyPairAsset := &testAsset{"service-account-ca"} kubeconfigAsset := &testAsset{"kubeconfig"} kubeconfigKubeletAsset := &testAsset{"kubeconfig-kubelet"} @@ -61,7 +61,7 @@ machines: apiServerProxyCertKey: apiServerProxyCertKeyAsset, adminCertKey: adminCertKeyAsset, kubeletCertKey: kubeletCertKeyAsset, - tncCertKey: tncCertKeyAsset, + mcsCertKey: mcsCertKeyAsset, serviceAccountKeyPair: serviceAccountKeyPairAsset, kubeconfig: kubeconfigAsset, kubeconfigKubelet: kubeconfigKubeletAsset, @@ -81,7 +81,7 @@ machines: apiServerProxyCertKeyAsset: stateWithContentsData("test-apiserver-proxy-cert-priv", "test-apiserver-proxy-cert-pub"), adminCertKeyAsset: stateWithContentsData("test-admin-cert-priv", "test-admin-cert-pub"), kubeletCertKeyAsset: stateWithContentsData("test-kubelet-cert-priv", "test-kubelet-cert-pub"), - tncCertKeyAsset: stateWithContentsData("test-tnc-cert-priv", "test-tnc-cert-pub"), + mcsCertKeyAsset: stateWithContentsData("test-mcs-cert-priv", "test-mcs-cert-pub"), serviceAccountKeyPairAsset: stateWithContentsData("test-service-account-cert-priv", "test-service-account-cert-pub"), kubeconfigAsset: stateWithContentsData("test-kubeconfig"), kubeconfigKubeletAsset: stateWithContentsData("test-kubeconfig-kubelet"), @@ -223,12 +223,12 @@ machines: data: "test-kubelet-cert-pub", }, fileAssertion{ - path: "/opt/tectonic/tls/tnc.key", - data: "test-tnc-cert-priv", + path: "/opt/tectonic/tls/mcs.key", + data: "test-mcs-cert-priv", }, fileAssertion{ - path: "/opt/tectonic/tls/tnc.crt", - data: "test-tnc-cert-pub", + path: "/opt/tectonic/tls/mcs.crt", + data: "test-mcs-cert-pub", }, fileAssertion{ path: "/opt/tectonic/tls/service-account.key", diff --git a/pkg/asset/ignition/node.go b/pkg/asset/ignition/node.go index b15511ecb9a..f7e097ce906 100644 --- a/pkg/asset/ignition/node.go +++ b/pkg/asset/ignition/node.go @@ -67,7 +67,7 @@ func pointerIgnitionConfig(installConfig *types.InstallConfig, rootCA []byte, ro Source: func() *url.URL { return &url.URL{ Scheme: "https", - Host: fmt.Sprintf("%s-tnc.%s:49500", installConfig.Name, installConfig.BaseDomain), + Host: fmt.Sprintf("%s-api.%s:49500", installConfig.Name, installConfig.BaseDomain), Path: fmt.Sprintf("/config/%s", role), RawQuery: query, } diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index a8ca0d5e613..88144176ee6 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -34,7 +34,7 @@ type manifests struct { apiServerProxyCertKey asset.Asset adminCertKey asset.Asset kubeletCertKey asset.Asset - tncCertKey asset.Asset + mcsCertKey asset.Asset serviceAccountKeyPair asset.Asset kubeconfig asset.Asset } @@ -70,7 +70,7 @@ func (o *manifests) Dependencies() []asset.Asset { o.apiServerProxyCertKey, o.adminCertKey, o.kubeletCertKey, - o.tncCertKey, + o.mcsCertKey, o.serviceAccountKeyPair, o.kubeconfig, } diff --git a/pkg/asset/manifests/stock.go b/pkg/asset/manifests/stock.go index 8d600e70b9d..4212a66db99 100644 --- a/pkg/asset/manifests/stock.go +++ b/pkg/asset/manifests/stock.go @@ -56,7 +56,7 @@ func (s *StockImpl) EstablishStock(rootDir string, stock installconfig.Stock, tl apiServerProxyCertKey: tlsStock.APIServerProxyCertKey(), adminCertKey: tlsStock.AdminCertKey(), kubeletCertKey: tlsStock.KubeletCertKey(), - tncCertKey: tlsStock.TNCCertKey(), + mcsCertKey: tlsStock.MCSCertKey(), serviceAccountKeyPair: tlsStock.ServiceAccountKeyPair(), kubeconfig: kubeConfigStock.KubeconfigAdmin(), } diff --git a/pkg/asset/tls/helper.go b/pkg/asset/tls/helper.go index b4647d16d54..019a8fadadb 100644 --- a/pkg/asset/tls/helper.go +++ b/pkg/asset/tls/helper.go @@ -79,10 +79,10 @@ func genIPAddressesForOpenshiftAPIServerCertKey(cfg *types.InstallConfig) ([]net return []net.IP{net.ParseIP(apiServerAddress)}, nil } -func genDNSNamesForTNCCertKey(cfg *types.InstallConfig) ([]string, error) { - return []string{fmt.Sprintf("%s-tnc.%s", cfg.Name, cfg.BaseDomain)}, nil +func genDNSNamesForMCSCertKey(cfg *types.InstallConfig) ([]string, error) { + return []string{fmt.Sprintf("%s-api.%s", cfg.Name, cfg.BaseDomain)}, nil } -func genSubjectForTNCCertKey(cfg *types.InstallConfig) (pkix.Name, error) { - return pkix.Name{CommonName: fmt.Sprintf("%s-tnc.%s", cfg.Name, cfg.BaseDomain)}, nil +func genSubjectForMCSCertKey(cfg *types.InstallConfig) (pkix.Name, error) { + return pkix.Name{CommonName: fmt.Sprintf("%s-api.%s", cfg.Name, cfg.BaseDomain)}, nil } diff --git a/pkg/asset/tls/stock.go b/pkg/asset/tls/stock.go index 326028dd498..4704c0bd3c6 100644 --- a/pkg/asset/tls/stock.go +++ b/pkg/asset/tls/stock.go @@ -57,10 +57,10 @@ const ( KubeletKeyName = "kubelet.key" // KubeletCertName is the filename of the KubeletCert. KubeletCertName = "kubelet.crt" - // TNCKeyName is the filename of the TNCKey. - TNCKeyName = "tnc.key" - // TNCCertName is the filename of the TNCCert. - TNCCertName = "tnc.crt" + // MCSKeyName is the filename of the MCSKey. + MCSKeyName = "mcs.key" + // MCSCertName is the filename of the MCSCert. + MCSCertName = "mcs.crt" // ClusterAPIServerCAKeyName is the filename of the ClusterAPIServerCAKey. ClusterAPIServerCAKeyName = "cluster-apiserver-ca.key" // ClusterAPIServerCACertName is the filename of the ClusterAPIServerCACert. @@ -97,8 +97,8 @@ type Stock interface { APIServerProxyCertKey() asset.Asset // KubeletCertKey is the asset that generates the kubelet key/cert pair. KubeletCertKey() asset.Asset - // TNCCertKey is the asset that generates the TNC key/cert pair. - TNCCertKey() asset.Asset + // MCSCertKey is the asset that generates the MCS key/cert pair. + MCSCertKey() asset.Asset // ClusterAPIServerCertKey is the asset that generates the cluster API server key/cert pair. ClusterAPIServerCertKey() asset.Asset // ServiceAccountKeyPair is the asset that generates the service-account public/private key pair. @@ -119,7 +119,7 @@ type StockImpl struct { openshiftAPIServerCertKey asset.Asset apiServerProxyCertKey asset.Asset kubeletCertKey asset.Asset - tncCertKey asset.Asset + mcsCertKey asset.Asset clusterAPIServerCertKey asset.Asset serviceAccountKeyPair asset.Asset } @@ -280,17 +280,17 @@ func (s *StockImpl) EstablishStock(rootDir string, stock installconfig.Stock) { ParentCA: s.kubeCA, } - s.tncCertKey = &CertKey{ + s.mcsCertKey = &CertKey{ rootDir: rootDir, installConfig: stock.InstallConfig(), ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, Validity: ValidityTenYears, - KeyFileName: TNCKeyName, - CertFileName: TNCCertName, + KeyFileName: MCSKeyName, + CertFileName: MCSCertName, ParentCA: s.rootCA, - GenDNSNames: genDNSNamesForTNCCertKey, - GenSubject: genSubjectForTNCCertKey, + GenDNSNames: genDNSNamesForMCSCertKey, + GenSubject: genSubjectForMCSCertKey, } s.clusterAPIServerCertKey = &CertKey{ @@ -350,8 +350,8 @@ func (s *StockImpl) APIServerProxyCertKey() asset.Asset { return s.apiServerProx // KubeletCertKey is the asset that generates the kubelet key/cert pair. func (s *StockImpl) KubeletCertKey() asset.Asset { return s.kubeletCertKey } -// TNCCertKey is the asset that generates the TNC key/cert pair. -func (s *StockImpl) TNCCertKey() asset.Asset { return s.tncCertKey } +// MCSCertKey is the asset that generates the MCS key/cert pair. +func (s *StockImpl) MCSCertKey() asset.Asset { return s.mcsCertKey } // ClusterAPIServerCertKey is the asset that generates the cluster API server key/cert pair. func (s *StockImpl) ClusterAPIServerCertKey() asset.Asset { return s.clusterAPIServerCertKey } diff --git a/steps/infra/aws/main.tf b/steps/infra/aws/main.tf index 7d61bef40aa..7ab49631256 100644 --- a/steps/infra/aws/main.tf +++ b/steps/infra/aws/main.tf @@ -18,7 +18,6 @@ provider "aws" { module "masters" { source = "../../../modules/aws/master" - elb_tnc_id = "${module.vpc.aws_elb_tnc_id}" elb_api_internal_id = "${module.vpc.aws_elb_api_internal_id}" elb_api_external_id = "${module.vpc.aws_elb_api_external_id}" elb_console_id = "${module.vpc.aws_elb_console_id}" @@ -51,9 +50,9 @@ module "iam" { module "dns" { source = "../../../modules/dns/route53" - api_external_elb_dns_name = "${module.vpc.aws_api_external_dns_name}" + api_external_elb_dns_name = "${module.vpc.aws_elb_api_external_dns_name}" api_external_elb_zone_id = "${module.vpc.aws_elb_api_external_zone_id}" - api_internal_elb_dns_name = "${module.vpc.aws_api_internal_dns_name}" + api_internal_elb_dns_name = "${module.vpc.aws_elb_api_internal_dns_name}" api_internal_elb_zone_id = "${module.vpc.aws_elb_api_internal_zone_id}" api_ip_addresses = "${module.vpc.aws_lbs}" base_domain = "${var.tectonic_base_domain}" @@ -100,18 +99,6 @@ resource "aws_route53_record" "etcd_a_nodes" { records = ["${module.masters.ip_addresses[count.index]}"] } -resource "aws_route53_record" "tectonic_tnc_a" { - zone_id = "${local.private_zone_id}" - name = "${var.tectonic_cluster_name}-tnc.${var.tectonic_base_domain}" - type = "A" - - alias { - name = "${module.vpc.aws_elb_tnc_dns_name}" - zone_id = "${module.vpc.aws_elb_tnc_zone_id}" - evaluate_target_health = true - } -} - resource "aws_route53_zone" "tectonic_int" { count = "${local.private_endpoints ? "${var.tectonic_aws_external_private_zone == "" ? 1 : 0 }" : 0}" vpc_id = "${module.vpc.vpc_id}" diff --git a/steps/infra/libvirt/main.tf b/steps/infra/libvirt/main.tf index 6dbb7dd4758..026ad77df4e 100644 --- a/steps/infra/libvirt/main.tf +++ b/steps/infra/libvirt/main.tf @@ -80,7 +80,6 @@ resource "libvirt_domain" "master" { locals { "hostnames" = [ "${var.tectonic_cluster_name}-api", - "${var.tectonic_cluster_name}-tnc", ] } diff --git a/tests/smoke/cluster_test.go b/tests/smoke/cluster_test.go index 5cc395e8d04..174549b0e47 100644 --- a/tests/smoke/cluster_test.go +++ b/tests/smoke/cluster_test.go @@ -35,7 +35,6 @@ var ( defaultIgnoredManifests = []string{ "bootstrap", "kco-config.yaml", - "tnco-config.yaml", // TODO: temporary disabling this for OpenTonic "tectonic/security/priviledged-scc-tectonic.yaml", }