From 910d296f6bb71962fe43e162fd970b7049593358 Mon Sep 17 00:00:00 2001 From: Matt McEuen Date: Wed, 2 Sep 2020 07:47:00 -0500 Subject: [PATCH] Deduplicate airshipctl manifest networking Deduplicate networking definitions inside of airshipctl functions, and make the values driveable via a catalogue. Changes: * Removed BMO patches at site level; drive through catalogue instead. * Added separate entrypoints for ephemeral & target site-level. catalogue/networking overrides. Ephemeral's kustomizes target's. * Generalized the commonHostNetworking catalogue into a section in the overall networking catalogue. * Cleaned up catalogue use in general. * Got rid of some ill-formed Type-level phase definition. We should go back soon and define proper Type-level phases. Change-Id: Iff96ccdcf7ebde4ae55e2b1a9d25dd1cdca0d2c8 Relates-To: https://github.com/airshipit/airshipctl/issues/315 --- .../README.md | 4 +- .../env-vars-template.yaml | 0 .../kustomization.yaml | 1 + .../networking.yaml | 62 +++++++++++++++++++ .../versions-airshipctl.yaml | 0 .../function/baremetal-operator/README.md | 8 ++- .../baremetal-operator/ironic-vars.yaml | 4 ++ .../replacements/kustomization.yaml | 1 + .../replacements/networking.yaml | 37 +++++++++++ manifests/function/clusterctl/README.md | 2 +- manifests/function/ephemeral/README.md | 16 +++++ .../ephemeral/replacements/kustomization.yaml | 1 + .../ephemeral/replacements/networking.yaml | 47 ++++++++++++++ manifests/function/ephemeral/secret.yaml | 13 ++-- .../hardwareprofile.yaml | 3 + manifests/function/hostgenerator-m3/README.md | 2 +- .../hostgenerator-m3/hosttemplate.yaml | 2 +- .../hostgenerator-m3/replacements/hosts.yaml | 5 +- manifests/function/k8scontrol/README.md | 8 ++- manifests/function/k8scontrol/cluster.yaml | 3 + .../function/k8scontrol/controlplane.yaml | 1 + .../replacements/kustomization.yaml | 1 + .../k8scontrol/replacements/networking.yaml | 41 ++++++++++++ .../hostgenerator/kustomization.yaml | 2 +- .../ephemeral/bootstrap/kustomization.yaml | 4 +- .../test-site/ephemeral/catalogues/README.md | 4 ++ .../ephemeral/catalogues/kustomization.yaml | 6 ++ .../ephemeral/catalogues/networking.yaml | 20 ++++++ .../hostgenerator/kustomization.yaml | 2 +- .../ephemeral/controlplane/kustomization.yaml | 7 +-- .../ephemeral/initinfra/kustomization.yaml | 9 +-- .../ephemeral/initinfra/patch_bmo_config.yaml | 9 --- .../test-site/target/catalogues/README.md | 5 ++ .../{shared => target}/catalogues/hosts.yaml | 3 + .../catalogues/kustomization.yaml | 5 ++ .../target/catalogues/networking.yaml | 19 ++++++ .../catalogues/versions-airshipctl.yaml} | 5 +- .../control-machine-template-patch.yaml | 11 ---- .../hostgenerator/kustomization.yaml | 2 +- .../target/controlplane/kustomization.yaml | 8 +-- .../target/initinfra/kustomization.yaml | 9 +-- .../workers/hostgenerator/kustomization.yaml | 2 +- manifests/type/gating/kustomization.yaml | 2 - .../shared/catalogues/kustomization.yaml | 5 +- ...common-networking.yaml => networking.yaml} | 16 +++-- 45 files changed, 345 insertions(+), 72 deletions(-) rename manifests/function/{airshipctl-catalogues => airshipctl-base-catalogues}/README.md (93%) rename manifests/function/{airshipctl-catalogues => airshipctl-base-catalogues}/env-vars-template.yaml (100%) rename manifests/function/{airshipctl-catalogues => airshipctl-base-catalogues}/kustomization.yaml (87%) create mode 100644 manifests/function/airshipctl-base-catalogues/networking.yaml rename manifests/function/{airshipctl-catalogues => airshipctl-base-catalogues}/versions-airshipctl.yaml (100%) create mode 100644 manifests/function/baremetal-operator/replacements/networking.yaml create mode 100644 manifests/function/ephemeral/README.md create mode 100644 manifests/function/ephemeral/replacements/networking.yaml create mode 100644 manifests/function/k8scontrol/replacements/networking.yaml create mode 100755 manifests/site/test-site/ephemeral/catalogues/README.md create mode 100644 manifests/site/test-site/ephemeral/catalogues/kustomization.yaml create mode 100644 manifests/site/test-site/ephemeral/catalogues/networking.yaml delete mode 100644 manifests/site/test-site/ephemeral/initinfra/patch_bmo_config.yaml create mode 100755 manifests/site/test-site/target/catalogues/README.md rename manifests/site/test-site/{shared => target}/catalogues/hosts.yaml (96%) rename manifests/site/test-site/{shared => target}/catalogues/kustomization.yaml (69%) create mode 100644 manifests/site/test-site/target/catalogues/networking.yaml rename manifests/site/test-site/{ephemeral/controlplane/versions-catalogue-patch.yaml => target/catalogues/versions-airshipctl.yaml} (65%) delete mode 100644 manifests/site/test-site/target/controlplane/control-machine-template-patch.yaml delete mode 100644 manifests/type/gating/kustomization.yaml rename manifests/type/gating/shared/catalogues/{common-networking.yaml => networking.yaml} (60%) diff --git a/manifests/function/airshipctl-catalogues/README.md b/manifests/function/airshipctl-base-catalogues/README.md similarity index 93% rename from manifests/function/airshipctl-catalogues/README.md rename to manifests/function/airshipctl-base-catalogues/README.md index 21b04e717..ddc3407ec 100644 --- a/manifests/function/airshipctl-catalogues/README.md +++ b/manifests/function/airshipctl-base-catalogues/README.md @@ -1,5 +1,5 @@ -Function: airshipctl-catalogues -=============================== +Function: airshipctl-base-catalogues +==================================== This function defines some default VariableCatalogue resources, which can be consumed and used (via ReplacementTransformer) to change the diff --git a/manifests/function/airshipctl-catalogues/env-vars-template.yaml b/manifests/function/airshipctl-base-catalogues/env-vars-template.yaml similarity index 100% rename from manifests/function/airshipctl-catalogues/env-vars-template.yaml rename to manifests/function/airshipctl-base-catalogues/env-vars-template.yaml diff --git a/manifests/function/airshipctl-catalogues/kustomization.yaml b/manifests/function/airshipctl-base-catalogues/kustomization.yaml similarity index 87% rename from manifests/function/airshipctl-catalogues/kustomization.yaml rename to manifests/function/airshipctl-base-catalogues/kustomization.yaml index f1b6381c3..ee62d1a95 100644 --- a/manifests/function/airshipctl-catalogues/kustomization.yaml +++ b/manifests/function/airshipctl-base-catalogues/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - versions-airshipctl.yaml + - networking.yaml generators: - env-vars-template.yaml diff --git a/manifests/function/airshipctl-base-catalogues/networking.yaml b/manifests/function/airshipctl-base-catalogues/networking.yaml new file mode 100644 index 000000000..d85797efe --- /dev/null +++ b/manifests/function/airshipctl-base-catalogues/networking.yaml @@ -0,0 +1,62 @@ +# The default networking catalogue for functions hosted in the airshipctl project. +# These values can be overridden at the site, type, etc levels as appropriate. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: networking + labels: + airshipit.org/deploy-k8s: "false" + +# The catalogue should be overridden as appropriate for different kubernetes +# clusters, e.g. ephemeral vs target vs tenant +kubernetes: + serviceCidr: "10.96.0.0/12" + podCidr: "192.168.0.0/18" + controlPlaneEndpoint: + host: "10.23.25.102" # ephemeral will be different + port: 6443 + # NOTE: This stringing is required to do substring replacement. + # Ideally, improve this in the future. + apiserverCertSANs: "[10.23.25.201, 10.23.24.201]" + +ironic: + provisioningInterface: "pxe" + provisioningIp: "10.23.25.102" + dhcpRange: "10.23.25.200,10.23.25.250" + +# This section is only relevant when using Metal3 BareMetalHosts, and +# is consumed by the `hostgenerator-m3` function. +# It defines host-level networking that is common across all BMHs in a site, +# and will typically be fully overridden at the Type and Site level. +commonHostNetworking: + links: + - id: oam + name: oam + type: phy + mtu: "1500" + # ethernet_mac_address: (optional) + - id: pxe + name: pxe + type: phy + mtu: "1500" + # ethernet_mac_address: (optional) + networks: + - id: oam-ipv4 + type: ipv4 + link: oam + # ip_address: + netmask: 255.255.255.0 + routes: + - network: 0.0.0.0 + netmask: 0.0.0.0 + gateway: 10.23.25.1 + - id: pxe-ipv4 + type: ipv4 + link: pxe + # ip_address: + netmask: 255.255.255.0 + services: + - address: 8.8.8.8 + type: dns + - address: 8.8.4.4 + type: dns diff --git a/manifests/function/airshipctl-catalogues/versions-airshipctl.yaml b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml similarity index 100% rename from manifests/function/airshipctl-catalogues/versions-airshipctl.yaml rename to manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml diff --git a/manifests/function/baremetal-operator/README.md b/manifests/function/baremetal-operator/README.md index 8e9293fbe..63839ad48 100644 --- a/manifests/function/baremetal-operator/README.md +++ b/manifests/function/baremetal-operator/README.md @@ -6,6 +6,12 @@ including both the operator itself and Ironic. Optional: a ``versions-airshipctl`` VariableCatalogue may be used to override the default container images. -A base example for this catalogue can be found in the ``airshipctl-catalogues`` +A base example for this catalogue can be found in the ``airshipctl-base-catalogues`` +function. If using the catalogue, apply the ``replacements/`` entrypoint +at the site level, as a Kustomize transformer. + +Optional: a ``networking`` VariableCatalogue may be used to +override some of the ironic networking variables. +A base example for this catalogue can be found in the ``airshipctl-base-catalogues`` function. If using the catalogue, apply the ``replacements/`` entrypoint at the site level, as a Kustomize transformer. diff --git a/manifests/function/baremetal-operator/ironic-vars.yaml b/manifests/function/baremetal-operator/ironic-vars.yaml index af9b88485..e73649bd5 100644 --- a/manifests/function/baremetal-operator/ironic-vars.yaml +++ b/manifests/function/baremetal-operator/ironic-vars.yaml @@ -5,14 +5,18 @@ metadata: labels: name: ironic-vars data: + # Overrideable via the `replacements` entrypoint and environment variables HTTP_PROXY: "" HTTPS_PROXY: "" http_proxy: "" https_proxy: "" NO_PROXY: "" no_proxy: "" + # Overrideable via the `replacements` entrypoint and networking catalogue PROVISIONING_IP: "192.168.10.100" + # Overrideable via the `replacements` entrypoint and networking catalogue DHCP_RANGE: "192.168.10.200,192.168.10.250" + # Overrideable via the `replacements` entrypoint and networking catalogue PROVISIONING_INTERFACE: "pxe" HTTP: "80" DEPLOY_KERNEL_PATH: "/images/tinyipa-stable-ussuri.vmlinuz" diff --git a/manifests/function/baremetal-operator/replacements/kustomization.yaml b/manifests/function/baremetal-operator/replacements/kustomization.yaml index 8eb4aedb1..967c37e4f 100644 --- a/manifests/function/baremetal-operator/replacements/kustomization.yaml +++ b/manifests/function/baremetal-operator/replacements/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - versions.yaml - ironic-env-vars.yaml + - networking.yaml diff --git a/manifests/function/baremetal-operator/replacements/networking.yaml b/manifests/function/baremetal-operator/replacements/networking.yaml new file mode 100644 index 000000000..2045d1d46 --- /dev/null +++ b/manifests/function/baremetal-operator/replacements/networking.yaml @@ -0,0 +1,37 @@ +# These rules inject networking info into the baremetal-operator function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: baremetal-operator-networking-replacements +replacements: +# Replace the pod & service networks +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: ironic.provisioningInterface + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.PROVISIONING_INTERFACE"] +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: ironic.provisioningIp + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.PROVISIONING_IP"] +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: ironic.dhcpRange + target: + objref: + kind: ConfigMap + name: ironic-vars + fieldrefs: ["data.DHCP_RANGE"] diff --git a/manifests/function/clusterctl/README.md b/manifests/function/clusterctl/README.md index 6f01de11d..6d298f07b 100644 --- a/manifests/function/clusterctl/README.md +++ b/manifests/function/clusterctl/README.md @@ -13,4 +13,4 @@ supplies defaults, and these can (optionally) be overridden either by simple Kustomize patching, or by applying the ``replacements`` kustomization as a Kustomize transformer. In the latter case, an airshipctl versions catalogue must be supplied; please see the -``airshipctl-catalogues`` function for a base/example. +``airshipctl-base-catalogues`` function for a base/example. diff --git a/manifests/function/ephemeral/README.md b/manifests/function/ephemeral/README.md new file mode 100644 index 000000000..f002c7114 --- /dev/null +++ b/manifests/function/ephemeral/README.md @@ -0,0 +1,16 @@ +Function: ephemeral +=================== + +This function defines the configuration for a bare metal ephemeral +bootstrapping image, which can be built via ``airshipctl image build`` +and delivered over the WAN to a remote +host via redfish using ``airshipctl baremetal remotedirect``. + +REQUIRED: a ``networking`` VariableCatalogue must be used to +override some Kubernetes networking configuration. +A base example for this catalogue can be found in the ``airshipctl-base-catalogues`` +function. If using the catalogue, apply the ``replacements/`` entrypoint +at the site level, as a Kustomize transformer. + +Alternately, the entire text payload of the ephemeral secret may be overridden +via normal Kustomize patching. diff --git a/manifests/function/ephemeral/replacements/kustomization.yaml b/manifests/function/ephemeral/replacements/kustomization.yaml index 85d54596b..ced9d187c 100644 --- a/manifests/function/ephemeral/replacements/kustomization.yaml +++ b/manifests/function/ephemeral/replacements/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ephemeral-env-vars.yaml + - networking.yaml diff --git a/manifests/function/ephemeral/replacements/networking.yaml b/manifests/function/ephemeral/replacements/networking.yaml new file mode 100644 index 000000000..8cc238657 --- /dev/null +++ b/manifests/function/ephemeral/replacements/networking.yaml @@ -0,0 +1,47 @@ +# These rules inject networking info artifacts into the ephemeral function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: ephemeral-networking-replacements +replacements: +# Substring-replace the ephemeral control plane's info +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: kubernetes.controlPlaneEndpoint.host + target: + objref: + name: ephemeral-bmc-secret + kind: Secret + fieldrefs: ["stringData.userData%REPLACEMENT_CP_IP%"] +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: kubernetes.controlPlaneEndpoint.port + target: + objref: + name: ephemeral-bmc-secret + kind: Secret + fieldrefs: ["stringData.userData%REPLACEMENT_CP_PORT%"] +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: kubernetes.apiserverCertSANs + target: + objref: + name: ephemeral-bmc-secret + kind: Secret + fieldrefs: ["stringData.userData%REPLACEMENT_CERT_SANS%"] +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: kubernetes.podCidr + target: + objref: + name: ephemeral-bmc-secret + kind: Secret + fieldrefs: ["stringData.userData%REPLACEMENT_POD_CIDR%"] diff --git a/manifests/function/ephemeral/secret.yaml b/manifests/function/ephemeral/secret.yaml index 389ec7335..6ee397e28 100644 --- a/manifests/function/ephemeral/secret.yaml +++ b/manifests/function/ephemeral/secret.yaml @@ -4,9 +4,12 @@ metadata: labels: airshipit.org/ephemeral-user-data: "true" airshipit.org/deploy-k8s: "false" - name: ephemeral-bmc-secret + name: ephemeral-bmc-secret # replacement rules key off this name type: Opaque stringData: + # These substrings must be overriden via the `replacements` entrypoint and networking catalogue: + # REPLACEMENT_CP_IP, REPLACEMENT_CP_PORT, REPLACEMENT_CERT_SANS, REPLACEMENT_POD_CIDR + # TODO: add download sources to the versions catalogue userData: | #cloud-config ssh_pwauth: True @@ -63,7 +66,7 @@ stringData: clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - server: https://10.23.25.101:6443 + server: https://REPLACEMENT_CP_IP:REPLACEMENT_CP_PORT name: kubernetes contexts: - context: @@ -96,9 +99,7 @@ stringData: - content: | --- apiServer: - certSANs: - - 10.23.25.101 - - 10.23.24.101 + certSANs: REPLACEMENT_CERT_SANS apiVersion: kubeadm.k8s.io/v1beta2 controllerManager: {} dns: @@ -106,7 +107,7 @@ stringData: etcd: {} kind: ClusterConfiguration networking: - podSubnet: 192.168.0.0/24 + podSubnet: REPLACEMENT_POD_CIDR scheduler: {} --- apiVersion: kubeadm.k8s.io/v1beta2 diff --git a/manifests/function/hardwareprofile-example/hardwareprofile.yaml b/manifests/function/hardwareprofile-example/hardwareprofile.yaml index b38b2b349..bbd0438a1 100644 --- a/manifests/function/hardwareprofile-example/hardwareprofile.yaml +++ b/manifests/function/hardwareprofile-example/hardwareprofile.yaml @@ -3,6 +3,9 @@ kind: VariableCatalogue metadata: # NOTE: change this when copying this example name: hardwareprofile-example + labels: + airshipit.org/deploy-k8s: "false" + hardwareProfile: firmware: sriovEnabled: false diff --git a/manifests/function/hostgenerator-m3/README.md b/manifests/function/hostgenerator-m3/README.md index 80f10fe69..a8da56d27 100644 --- a/manifests/function/hostgenerator-m3/README.md +++ b/manifests/function/hostgenerator-m3/README.md @@ -15,7 +15,7 @@ BMHs in a data-driven fashion. To use this function, do the following: -* Supply a `common-networking-catalogue`, which outlines things that are +* Supply a `networking` catalogue, which outlines things that are typically common across hosts in a site, such as networking interfaces, DNS servers, and other networking info. Example: `manifests/type/gating/shared/catalogues/common-networking.yaml` diff --git a/manifests/function/hostgenerator-m3/hosttemplate.yaml b/manifests/function/hostgenerator-m3/hosttemplate.yaml index 091f8ef65..0c9804ec9 100644 --- a/manifests/function/hostgenerator-m3/hosttemplate.yaml +++ b/manifests/function/hostgenerator-m3/hosttemplate.yaml @@ -9,7 +9,7 @@ values: # hostsToGenerate: # (filled in with phase-specific host-generation-catalogue) # commonNetworking: - # (filled in with the type-specific common-networking-catalogue) + # (filled in with the type-specific common-networking) # Additional hardwareProfiles can be defined within their own functions, # and then substituted into the stanza below. diff --git a/manifests/function/hostgenerator-m3/replacements/hosts.yaml b/manifests/function/hostgenerator-m3/replacements/hosts.yaml index 10f2a9a61..af19e1fc1 100644 --- a/manifests/function/hostgenerator-m3/replacements/hosts.yaml +++ b/manifests/function/hostgenerator-m3/replacements/hosts.yaml @@ -29,8 +29,9 @@ replacements: fieldrefs: ["{.values.hostsToGenerate}"] - source: objref: - name: common-networking-catalogue - fieldref: "{.commonNetworking}" + kind: VariableCatalogue + name: networking + fieldref: "{.commonHostNetworking}" target: objref: kind: Templater diff --git a/manifests/function/k8scontrol/README.md b/manifests/function/k8scontrol/README.md index 3a68a719a..390d8a44e 100644 --- a/manifests/function/k8scontrol/README.md +++ b/manifests/function/k8scontrol/README.md @@ -7,6 +7,12 @@ resources. Optional: a ``versions-airshipctl`` VariableCatalogue may be used to override the default Kubernetes version and controlplane disk image. -A base example for this catalogue can be found in the ``airshipctl-catalogues`` +A base example for this catalogue can be found in the ``airshipctl-base-catalogues`` function. If using the catalogue, apply the ``replacements/`` entrypoint at the site level, as a Kubernetes transformer. + +Optional: a ``networking`` VariableCatalogue may be used to +override some Kubernetes networking configuration. +A base example for this catalogue can be found in the ``airshipctl-base-catalogues`` +function. If using the catalogue, apply the ``replacements/`` entrypoint +at the site level, as a Kustomize transformer. diff --git a/manifests/function/k8scontrol/cluster.yaml b/manifests/function/k8scontrol/cluster.yaml index 16af8a097..574bfb453 100644 --- a/manifests/function/k8scontrol/cluster.yaml +++ b/manifests/function/k8scontrol/cluster.yaml @@ -15,8 +15,10 @@ metadata: spec: clusterNetwork: services: + # Overrideable via the `replacements` entrypoint and networking catalogue cidrBlocks: ["10.96.0.0/12"] pods: + # Overrideable via the `replacements` entrypoint and networking catalogue cidrBlocks: ["192.168.0.0/18"] serviceDomain: "cluster.local" infrastructureRef: @@ -33,6 +35,7 @@ kind: Metal3Cluster metadata: name: target-cluster spec: + # Overrideable via the `replacements` entrypoint and networking catalogue controlPlaneEndpoint: host: 10.23.25.102 port: 6443 diff --git a/manifests/function/k8scontrol/controlplane.yaml b/manifests/function/k8scontrol/controlplane.yaml index 8b23d4a7e..c5fd4d1ac 100644 --- a/manifests/function/k8scontrol/controlplane.yaml +++ b/manifests/function/k8scontrol/controlplane.yaml @@ -20,6 +20,7 @@ spec: Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY" Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY" Environment="NO_PROXY=REPLACEMENT_NO_PROXY" + # TODO: add download sources to the versions catalogue preKubeadmCommands: - echo 'root:r00tme' | chpasswd - echo 'ubuntu:r00tme' | chpasswd diff --git a/manifests/function/k8scontrol/replacements/kustomization.yaml b/manifests/function/k8scontrol/replacements/kustomization.yaml index 9006bf484..3269310cb 100644 --- a/manifests/function/k8scontrol/replacements/kustomization.yaml +++ b/manifests/function/k8scontrol/replacements/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - versions.yaml - k8scontrol-env-vars.yaml + - networking.yaml diff --git a/manifests/function/k8scontrol/replacements/networking.yaml b/manifests/function/k8scontrol/replacements/networking.yaml new file mode 100644 index 000000000..10985f20c --- /dev/null +++ b/manifests/function/k8scontrol/replacements/networking.yaml @@ -0,0 +1,41 @@ +# These rules inject networking info into the k8scontrol function. +# Note! They are applied to Cluster object(s) regardless of name, so +# that they can be defined/used generically. If more than one Cluster +# needs to be submitted to a management cluster, these tranformation +# rules should be applied to each Cluster in isolation, and then +# the results "mixed together" via kustomize. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: k8scontrol-networking-replacements +replacements: +# Replace the pod & service networks +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: kubernetes.serviceCidr + target: + objref: + kind: Cluster + fieldrefs: ["spec.clusterNetwork.services.cidrBlocks.0"] +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: kubernetes.podCidr + target: + objref: + kind: Cluster + fieldrefs: ["spec.clusterNetwork.pods.cidrBlocks.0"] + +# Replace the k8s controlplane host endpoint +- source: + objref: + kind: VariableCatalogue + name: networking + fieldref: kubernetes.controlPlaneEndpoint + target: + objref: + kind: Metal3Cluster + fieldrefs: ["spec.controlPlaneEndpoint"] diff --git a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml index ea23edf11..cc7ec4e2a 100644 --- a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml @@ -4,7 +4,7 @@ resources: # TODO: these two should move up to type level in the future - ../../../../../function/hostgenerator-m3 - ../../../../../function/hardwareprofile-example - - ../../../shared/catalogues/ + - ../../catalogues - host-generation.yaml transformers: diff --git a/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml b/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml index 958812999..753fbd6e6 100644 --- a/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../../type/gating - - ../../../../function/airshipctl-catalogues + - ../../../../function/ephemeral + - ../catalogues generators: - hostgenerator diff --git a/manifests/site/test-site/ephemeral/catalogues/README.md b/manifests/site/test-site/ephemeral/catalogues/README.md new file mode 100755 index 000000000..84a918e7f --- /dev/null +++ b/manifests/site/test-site/ephemeral/catalogues/README.md @@ -0,0 +1,4 @@ +# Catalogue Definitions for Ephemeral Cluster + +This inherits Site-level catalogues from the neighboring target cluster's +`catalogues` kustomization, and tweaks a few values for the ephemeral cluster. diff --git a/manifests/site/test-site/ephemeral/catalogues/kustomization.yaml b/manifests/site/test-site/ephemeral/catalogues/kustomization.yaml new file mode 100644 index 000000000..96d54ad4f --- /dev/null +++ b/manifests/site/test-site/ephemeral/catalogues/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../target/catalogues +patches: + - networking.yaml diff --git a/manifests/site/test-site/ephemeral/catalogues/networking.yaml b/manifests/site/test-site/ephemeral/catalogues/networking.yaml new file mode 100644 index 000000000..448134876 --- /dev/null +++ b/manifests/site/test-site/ephemeral/catalogues/networking.yaml @@ -0,0 +1,20 @@ +# This makes a couple small networking tweaks that are specific to the +# ephemeral cluster, on top of the target cluster networking definition. +# These values can be overridden at the site, type, etc levels as appropriate. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: networking + +# The catalogue should be overridden as appropriate for different kubernetes +# clusters, e.g. ephemeral vs target vs tenant +kubernetes: + podCidr: "192.168.0.0/24" + controlPlaneEndpoint: + host: "10.23.25.101" + apiserverCertSANs: "[10.23.25.101, 10.23.24.101]" + +ironic: + provisioningIp: "10.23.24.101" + dhcpRange: "10.23.24.200,10.23.24.250" + diff --git a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml index ea23edf11..cc7ec4e2a 100644 --- a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml @@ -4,7 +4,7 @@ resources: # TODO: these two should move up to type level in the future - ../../../../../function/hostgenerator-m3 - ../../../../../function/hardwareprofile-example - - ../../../shared/catalogues/ + - ../../catalogues - host-generation.yaml transformers: diff --git a/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml b/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml index df964e4fb..927f23c1b 100644 --- a/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml @@ -3,12 +3,9 @@ kind: Kustomization resources: # TODO (dukov) It's recocommended to upload BareMetalHost objects separately # otherwise nodes will hang in 'registering' state for quite a long time - - nodes - - ../../../../function/airshipctl-catalogues - ../../../../function/k8scontrol - -patchesStrategicMerge: - - versions-catalogue-patch.yaml + - ../../target/catalogues # NOTE: use target networking for this phase + - nodes transformers: - ../../../../function/k8scontrol/replacements diff --git a/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml b/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml index 74c22d13f..12fa7caf4 100644 --- a/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml @@ -1,11 +1,8 @@ resources: - - ../../../../composite/infra - - ../../../../function/clusterctl - - ../../../../function/airshipctl-catalogues - ../../../../function/baremetal-operator - -patchesStrategicMerge: - - patch_bmo_config.yaml + - ../../../../function/clusterctl + - ../../../../composite/infra + - ../catalogues commonLabels: airshipit.org/stage: initinfra diff --git a/manifests/site/test-site/ephemeral/initinfra/patch_bmo_config.yaml b/manifests/site/test-site/ephemeral/initinfra/patch_bmo_config.yaml deleted file mode 100644 index 807852aa8..000000000 --- a/manifests/site/test-site/ephemeral/initinfra/patch_bmo_config.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -kind: ConfigMap -apiVersion: v1 -metadata: - labels: - name: ironic-vars -data: - PROVISIONING_IP: "10.23.24.101" - DHCP_RANGE: "10.23.24.200,10.23.24.250" diff --git a/manifests/site/test-site/target/catalogues/README.md b/manifests/site/test-site/target/catalogues/README.md new file mode 100755 index 000000000..2cf4557b1 --- /dev/null +++ b/manifests/site/test-site/target/catalogues/README.md @@ -0,0 +1,5 @@ +# Catalogue Definitions for Target Cluster + +This inherits Type-level catalogues, and adds in Site-specific values. +The neighboring ephemeral cluster's `catalogues` entrypoint applies further +customizations on top of this for ephemeral use. diff --git a/manifests/site/test-site/shared/catalogues/hosts.yaml b/manifests/site/test-site/target/catalogues/hosts.yaml similarity index 96% rename from manifests/site/test-site/shared/catalogues/hosts.yaml rename to manifests/site/test-site/target/catalogues/hosts.yaml index 22d368c3b..abbf90e45 100644 --- a/manifests/site/test-site/shared/catalogues/hosts.yaml +++ b/manifests/site/test-site/target/catalogues/hosts.yaml @@ -4,6 +4,9 @@ apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue metadata: name: host-catalogue + labels: + airshipit.org/deploy-k8s: "false" + hosts: m3: node01: diff --git a/manifests/site/test-site/shared/catalogues/kustomization.yaml b/manifests/site/test-site/target/catalogues/kustomization.yaml similarity index 69% rename from manifests/site/test-site/shared/catalogues/kustomization.yaml rename to manifests/site/test-site/target/catalogues/kustomization.yaml index 23e790c2d..80f427553 100644 --- a/manifests/site/test-site/shared/catalogues/kustomization.yaml +++ b/manifests/site/test-site/target/catalogues/kustomization.yaml @@ -1,5 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - ../../../../type/gating/shared/catalogues - hosts.yaml + +patches: + - versions-airshipctl.yaml + - networking.yaml diff --git a/manifests/site/test-site/target/catalogues/networking.yaml b/manifests/site/test-site/target/catalogues/networking.yaml new file mode 100644 index 000000000..83795898a --- /dev/null +++ b/manifests/site/test-site/target/catalogues/networking.yaml @@ -0,0 +1,19 @@ +# This makes a couple small networking tweaks that are specific to the +# ephemeral cluster, on top of the target cluster networking definition. +# These values can be overridden at the site, type, etc levels as appropriate. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: networking + +# The catalogue should be overridden as appropriate for different kubernetes +# clusters, e.g. ephemeral vs target vs tenant +kubernetes: + controlPlaneEndpoint: + host: "10.23.25.102" + apiserverCertSANs: "[10.23.25.102, 10.23.24.102]" + +ironic: + provisioningIp: "10.23.24.102" + dhcpRange: "10.23.24.200,10.23.24.250" + diff --git a/manifests/site/test-site/ephemeral/controlplane/versions-catalogue-patch.yaml b/manifests/site/test-site/target/catalogues/versions-airshipctl.yaml similarity index 65% rename from manifests/site/test-site/ephemeral/controlplane/versions-catalogue-patch.yaml rename to manifests/site/test-site/target/catalogues/versions-airshipctl.yaml index 6794e12bf..d41f3c55f 100644 --- a/manifests/site/test-site/ephemeral/controlplane/versions-catalogue-patch.yaml +++ b/manifests/site/test-site/target/catalogues/versions-airshipctl.yaml @@ -1,11 +1,12 @@ -# Patch the versions catalogue to use the site-specific local image URL -# TODO: patch this in from a site-networking catalogue in the future +# Override default controlplane image location apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue metadata: name: versions-airshipctl + files: k8scontrol: + # Host the image in a locally served location for CI cluster_controlplane_image: url: http://10.23.24.1:8099/target-image.qcow2 checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum diff --git a/manifests/site/test-site/target/controlplane/control-machine-template-patch.yaml b/manifests/site/test-site/target/controlplane/control-machine-template-patch.yaml deleted file mode 100644 index ee37cf2c5..000000000 --- a/manifests/site/test-site/target/controlplane/control-machine-template-patch.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 -kind: Metal3MachineTemplate -metadata: - name: cluster-controlplane -spec: - template: - spec: - image: - url: http://10.23.24.1:8099/target-image.qcow2 - checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum diff --git a/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml b/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml index c71287e40..793017f5e 100644 --- a/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - ../../../../../function/hostgenerator-m3 - ../../../../../function/hardwareprofile-example - - ../../../shared/catalogues/ + - ../../catalogues - host-generation.yaml transformers: diff --git a/manifests/site/test-site/target/controlplane/kustomization.yaml b/manifests/site/test-site/target/controlplane/kustomization.yaml index 47b9564e8..9b13977d3 100644 --- a/manifests/site/test-site/target/controlplane/kustomization.yaml +++ b/manifests/site/test-site/target/controlplane/kustomization.yaml @@ -4,11 +4,11 @@ resources: # TODO (dukov) It's recocommended to upload BareMetalHost objects separately # otherwise nodes will hang in 'registering' state for quite a long time - nodes - - ../../../../function/airshipctl-catalogues - ../../../../function/k8scontrol - -patchesStrategicMerge: - - control-machine-template-patch.yaml + - ../catalogues commonLabels: airshipit.org/stage: initinfra + +transformers: + - ../../../../function/k8scontrol/replacements diff --git a/manifests/site/test-site/target/initinfra/kustomization.yaml b/manifests/site/test-site/target/initinfra/kustomization.yaml index 90e853d91..7d2bf3955 100644 --- a/manifests/site/test-site/target/initinfra/kustomization.yaml +++ b/manifests/site/test-site/target/initinfra/kustomization.yaml @@ -1,12 +1,9 @@ resources: - - ../../../../composite/infra - - ../../../../function/clusterctl - - ../../../../function/airshipctl-catalogues - ../../../../function/baremetal-operator + - ../../../../function/clusterctl - ../../../../function/helm-operator - -patchesStrategicMerge: - - patch_bmo_config.yaml + - ../../../../composite/infra + - ../catalogues commonLabels: airshipit.org/stage: initinfra diff --git a/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml b/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml index 8de561b8c..c4eddc556 100644 --- a/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../../../../function/hostgenerator-m3 - - ../../../shared/catalogues/ + - ../../catalogues - host-generation.yaml transformers: diff --git a/manifests/type/gating/kustomization.yaml b/manifests/type/gating/kustomization.yaml deleted file mode 100644 index 508581e48..000000000 --- a/manifests/type/gating/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - ../../function/ephemeral diff --git a/manifests/type/gating/shared/catalogues/kustomization.yaml b/manifests/type/gating/shared/catalogues/kustomization.yaml index 420c49366..b908d4155 100644 --- a/manifests/type/gating/shared/catalogues/kustomization.yaml +++ b/manifests/type/gating/shared/catalogues/kustomization.yaml @@ -1,4 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - common-networking.yaml + - ../../../../function/airshipctl-base-catalogues +patches: + - networking.yaml + diff --git a/manifests/type/gating/shared/catalogues/common-networking.yaml b/manifests/type/gating/shared/catalogues/networking.yaml similarity index 60% rename from manifests/type/gating/shared/catalogues/common-networking.yaml rename to manifests/type/gating/shared/catalogues/networking.yaml index 38f855bee..240809b14 100644 --- a/manifests/type/gating/shared/catalogues/common-networking.yaml +++ b/manifests/type/gating/shared/catalogues/networking.yaml @@ -1,10 +1,17 @@ -# Type-level networking catalogue. This info feeds the Templater -# kustomize plugin config in the hostgenerator-m3 function. +# The default networking catalogue for site- and operator-specific networking. +# These values can be overridden at the site, type, etc levels as appropriate. apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue metadata: - name: common-networking-catalogue -commonNetworking: + name: networking + labels: + airshipit.org/deploy-k8s: "false" + +# This section is only relevant when using Metal3 BareMetalHosts, and +# is consumed by the `hostgenerator-m3` function. +# It defines host-level networking that is common across all BMHs in a site, +# and will typically be fully overridden at the Type and Site level. +commonHostNetworking: links: - id: oam name: oam @@ -36,4 +43,3 @@ commonNetworking: type: dns - address: 8.8.4.4 type: dns -