From 8859229fbc548b27318d07fc4a7d154b83f753a8 Mon Sep 17 00:00:00 2001 From: Benjamin Elder Date: Wed, 26 Oct 2022 08:42:57 -0700 Subject: [PATCH 01/15] version v0.18.0-alpha --- pkg/cmd/kind/version/version.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/cmd/kind/version/version.go b/pkg/cmd/kind/version/version.go index a2a033376a..0e9347841b 100644 --- a/pkg/cmd/kind/version/version.go +++ b/pkg/cmd/kind/version/version.go @@ -54,11 +54,11 @@ func DisplayVersion() string { } // versionCore is the core portion of the kind CLI version per Semantic Versioning 2.0.0 -const versionCore = "0.17.0" +const versionCore = "0.18.0" // versionPreRelease is the base pre-release portion of the kind CLI version per // Semantic Versioning 2.0.0 -const versionPreRelease = "" +const versionPreRelease = "alpha" // gitCommitCount count the commits since the last release. // It is injected at build time. From 37a3cba81a0f2e400d555c8946fd15f11aad0518 Mon Sep 17 00:00:00 2001 From: Benjamin Elder Date: Wed, 26 Oct 2022 08:52:07 -0700 Subject: [PATCH 02/15] update docs for v0.17.0 --- README.md | 10 +++++----- site/config.toml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3d7a15fcb5..05f0e52a0d 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ kind bootstraps each "node" with [kubeadm][kubeadm]. For more details see [the d For a complete [install guide] see [the documentation here][install guide]. -You can install kind with `GO111MODULE="on" go get sigs.k8s.io/kind@v0.16.0`. +You can install kind with `GO111MODULE="on" go get sigs.k8s.io/kind@v0.17.0`. **NOTE**: please use the latest go to do this. KIND is developed with the latest stable go, see [`.go-version`](./.go-version) for the exact version we're using. @@ -47,7 +47,7 @@ into your `$PATH`: On Linux: ```console -curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.16.0/kind-$(uname)-amd64" +curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.17.0/kind-$(uname)-amd64" chmod +x ./kind sudo mv ./kind /usr/local/bin/kind ``` @@ -68,9 +68,9 @@ On macOS via Bash: ```console # for Intel Macs -[ $(uname -m) = x86_64 ]&& curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-darwin-amd64 +[ $(uname -m) = x86_64 ]&& curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.17.0/kind-darwin-amd64 # for M1 / ARM Macs -[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-darwin-arm64 +[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.17.0/kind-darwin-arm64 chmod +x ./kind mv ./kind /some-dir-in-your-PATH/kind ``` @@ -78,7 +78,7 @@ mv ./kind /some-dir-in-your-PATH/kind On Windows: ```powershell -curl.exe -Lo kind-windows-amd64.exe https://kind.sigs.k8s.io/dl/v0.16.0/kind-windows-amd64 +curl.exe -Lo kind-windows-amd64.exe https://kind.sigs.k8s.io/dl/v0.17.0/kind-windows-amd64 Move-Item .\kind-windows-amd64.exe c:\some-dir-in-your-PATH\kind.exe # OR via Chocolatey (https://chocolatey.org/packages/kind) diff --git a/site/config.toml b/site/config.toml index dc71a8f173..3001160bf5 100644 --- a/site/config.toml +++ b/site/config.toml @@ -67,7 +67,7 @@ baseName = "_redirects" home = ["HTML", "REDIRECTS"] [params] -stable = "v0.16.0" +stable = "v0.17.0" # privacy settings [privacy] From 3f99311bbdef92d67182b84dc144b45cb06bfad2 Mon Sep 17 00:00:00 2001 From: Benjamin Elder Date: Thu, 27 Oct 2022 08:09:09 -0700 Subject: [PATCH 03/15] fix kind version in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 05f0e52a0d..9aedb5139d 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,9 @@ kind is a tool for running local Kubernetes clusters using Docker container "nodes". kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI. -If you have [go] \([1.17+][go-supported]) and [docker] installed `go install sigs.k8s.io/kind@{{< stableVersion >}} && kind create cluster` is all you need! +If you have [go] \([1.17+][go-supported]) and [docker] installed `go install sigs.k8s.io/kind@v0.17.0 && kind create cluster` is all you need! -For older versions use `GO111MODULE="on" go get sigs.k8s.io/kind@{{< stableVersion >}}`. +For older versions use `GO111MODULE="on" go get sigs.k8s.io/kind@v0.17.0`. ![](site/static/images/kind-create-cluster.png) From 197b65602168437432208f1060d7f5765118c21c Mon Sep 17 00:00:00 2001 From: Daman Date: Sat, 29 Oct 2022 16:10:55 +0530 Subject: [PATCH 04/15] comments-update-buildcontext --- pkg/build/nodeimage/buildcontext.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/build/nodeimage/buildcontext.go b/pkg/build/nodeimage/buildcontext.go index 51662396c1..ecbaf6b14e 100644 --- a/pkg/build/nodeimage/buildcontext.go +++ b/pkg/build/nodeimage/buildcontext.go @@ -48,10 +48,10 @@ type buildContext struct { builder kube.Builder } -// Build builds the cluster node image, the sourcedir must be set on +// Build builds the cluster node image, the source dir must be set on // the buildContext func (c *buildContext) Build() (err error) { - // ensure kubernetes build is up to date first + // ensure kubernetes build is up-to-date first c.logger.V(0).Info("Starting to build Kubernetes") bits, err := c.builder.Build() if err != nil { @@ -60,17 +60,17 @@ func (c *buildContext) Build() (err error) { } c.logger.V(0).Info("Finished building Kubernetes") - // then the perform the actual docker image build + // then perform the actual docker image build c.logger.V(0).Info("Building node image ...") return c.buildImage(bits) } func (c *buildContext) buildImage(bits kube.Bits) error { // create build container - // NOTE: we are using docker run + docker commit so we can install + // NOTE: we are using docker run + docker commit, so we can install // debian packages without permanently copying them into the image. // if docker gets proper squash support, we can rm them instead - // This also allows the KubeBit implementations to perform programmatic + // This also allows the KubeBit implementations to programmatically // install in the image containerID, err := c.createBuildContainer() cmder := docker.ContainerCmder(containerID) @@ -144,7 +144,7 @@ func (c *buildContext) buildImage(bits kube.Bits) error { return nil } -// returns a set of image tags that will be sideloaded +// returns a set of image tags that will be side-loaded func (c *buildContext) getBuiltImages(bits kube.Bits) (sets.String, error) { images := sets.NewString() for _, path := range bits.ImagePaths() { @@ -313,7 +313,7 @@ func (c *buildContext) prePullImagesAndWriteManifests(bits kube.Bits, parsedVers func (c *buildContext) createBuildContainer() (id string, err error) { // attempt to explicitly pull the image if it doesn't exist locally - // we don't care if this errors, we'll still try to run which also pulls + // we don't care if this returns error, we'll still try to run which also pulls _ = docker.Pull(c.logger, c.baseImage, dockerBuildOsAndArch(c.arch), 4) // this should be good enough: a specific prefix, the current unix time, // and a little random bits in case we have multiple builds simultaneously @@ -323,7 +323,7 @@ func (c *buildContext) createBuildContainer() (id string, err error) { c.baseImage, []string{ "-d", // make the client exit while the container continues to run - // the container should hang forever so we can exec in it + // the container should hang forever, so we can exec in it "--entrypoint=sleep", "--name=" + id, "--platform=" + dockerBuildOsAndArch(c.arch), From 63eabd223b044a950328c5ea1edc2fe3a9b538cb Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Thu, 18 Jan 2024 18:03:01 +0100 Subject: [PATCH 05/15] Added clusterConfig creation --- .../actions/createworker/createworker.go | 55 ++++++++++++++----- .../create/actions/createworker/provider.go | 20 ++++++- pkg/cluster/internal/create/create.go | 2 +- pkg/cluster/provider.go | 2 +- pkg/cmd/kind/create/cluster/createcluster.go | 4 +- pkg/commons/cluster.go | 21 ++++--- 6 files changed, 76 insertions(+), 28 deletions(-) diff --git a/pkg/cluster/internal/create/actions/createworker/createworker.go b/pkg/cluster/internal/create/actions/createworker/createworker.go index 7e54956703..0aca799ac0 100644 --- a/pkg/cluster/internal/create/actions/createworker/createworker.go +++ b/pkg/cluster/internal/create/actions/createworker/createworker.go @@ -38,7 +38,7 @@ type action struct { avoidCreation bool keosCluster commons.KeosCluster clusterCredentials commons.ClusterCredentials - clusterConfig commons.ClusterConfig + clusterConfig *commons.ClusterConfig } type keosRegistry struct { @@ -73,7 +73,7 @@ var allowCommonEgressNetPol string var rbacInternalLoadBalancing string // NewAction returns a new action for installing default CAPI -func NewAction(vaultPassword string, descriptorPath string, moveManagement bool, avoidCreation bool, keosCluster commons.KeosCluster, clusterCredentials commons.ClusterCredentials, clusterConfig commons.ClusterConfig) actions.Action { +func NewAction(vaultPassword string, descriptorPath string, moveManagement bool, avoidCreation bool, keosCluster commons.KeosCluster, clusterCredentials commons.ClusterCredentials, clusterConfig *commons.ClusterConfig) actions.Action { return &action{ vaultPassword: vaultPassword, descriptorPath: descriptorPath, @@ -121,13 +121,22 @@ func (a *action) Execute(ctx *actions.ActionContext) error { awsEKSEnabled := a.keosCluster.Spec.InfraProvider == "aws" && a.keosCluster.Spec.ControlPlane.Managed isMachinePool := a.keosCluster.Spec.InfraProvider != "aws" && a.keosCluster.Spec.ControlPlane.Managed - privateParams := PrivateParams{ - KeosCluster: a.keosCluster, - KeosRegUrl: keosRegistry.url, - Private: a.clusterConfig.Spec.Private, + var privateParams PrivateParams + if a.clusterConfig != nil { + privateParams = PrivateParams{ + KeosCluster: a.keosCluster, + KeosRegUrl: keosRegistry.url, + Private: a.clusterConfig.Spec.Private, + } + } else { + privateParams = PrivateParams{ + KeosCluster: a.keosCluster, + KeosRegUrl: keosRegistry.url, + Private: false, + } } - if a.clusterConfig.Spec.Private { + if privateParams.Private { ctx.Status.Start("Installing Private CNI 🎖️") defer ctx.Status.End(false) c = `sed -i 's/@sha256:[[:alnum:]_-].*$//g' ` + cniDefaultFile @@ -222,7 +231,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { } } - if a.clusterConfig.Spec.Private { + if privateParams.Private { err = provider.deployCertManager(n, keosRegistry.url, "") if err != nil { return err @@ -295,7 +304,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.Start("Installing keos cluster operator 💻") defer ctx.Status.End(false) - err = provider.deployClusterOperator(n, privateParams, a.clusterCredentials, keosRegistry, "", true) + err = provider.deployClusterOperator(n, privateParams, a.clusterCredentials, keosRegistry, a.clusterConfig, "", true) if err != nil { return errors.Wrap(err, "failed to deploy cluster operator") } @@ -317,11 +326,20 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.Start("Creating the workload cluster 💥") defer ctx.Status.End(false) + if a.clusterConfig != nil { + // Apply cluster manifests + c = "kubectl apply -f " + manifestsPath + "/clusterconfig.yaml" + _, err = commons.ExecuteCommand(n, c) + if err != nil { + return errors.Wrap(err, "failed to apply clusterconfig manifests") + } + } + // Apply cluster manifests c = "kubectl apply -f " + manifestsPath + "/keoscluster.yaml" _, err = commons.ExecuteCommand(n, c) if err != nil { - return errors.Wrap(err, "failed to apply manifests") + return errors.Wrap(err, "failed to apply keoscluster manifests") } time.Sleep(20 * time.Second) @@ -498,7 +516,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.Start("Installing CAPx in workload cluster 🎖️") defer ctx.Status.End(false) - if a.clusterConfig.Spec.Private { + if privateParams.Private { err = provider.deployCertManager(n, keosRegistry.url, kubeconfigPath) if err != nil { return err @@ -592,7 +610,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { " --set clusterAPIMode=incluster-incluster" + " --set replicaCount=2" - if a.clusterConfig.Spec.Private { + if privateParams.Private { c += " --set image.repository=" + keosRegistry.url + "/autoscaling/cluster-autoscaler" } @@ -607,7 +625,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.Start("Installing keos cluster operator in workload cluster 💻") defer ctx.Status.End(false) - err = provider.deployClusterOperator(n, privateParams, a.clusterCredentials, keosRegistry, kubeconfigPath, true) + err = provider.deployClusterOperator(n, privateParams, a.clusterCredentials, keosRegistry, a.clusterConfig, kubeconfigPath, true) if err != nil { return errors.Wrap(err, "failed to deploy cluster operator in workload cluster") } @@ -690,6 +708,15 @@ func (a *action) Execute(ctx *actions.ActionContext) error { return errors.Wrap(err, "failed to wait for keoscluster controller ready") } + if a.clusterConfig != nil { + // Move clusterConfig to workload cluster + c = "kubectl -n " + capiClustersNamespace + " get clusterconfig " + a.clusterConfig.Metadata.Name + " -o json | kubectl apply --kubeconfig " + kubeconfigPath + " -f-" + _, err = commons.ExecuteCommand(n, c) + if err != nil { + return errors.Wrap(err, "failed to move clusterconfig to workload cluster") + } + } + // Move keoscluster to workload cluster c = "kubectl -n " + capiClustersNamespace + " get keoscluster " + a.keosCluster.Metadata.Name + " -o json | jq 'del(.status)' | kubectl apply --kubeconfig " + kubeconfigPath + " -f-" _, err = commons.ExecuteCommand(n, c) @@ -710,7 +737,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { return errors.Wrap(err, "failed to delete keoscluster in management cluster") } - err = provider.deployClusterOperator(n, privateParams, a.clusterCredentials, keosRegistry, "", false) + err = provider.deployClusterOperator(n, privateParams, a.clusterCredentials, keosRegistry, a.clusterConfig, "", false) if err != nil { return errors.Wrap(err, "failed to deploy cluster operator") } diff --git a/pkg/cluster/internal/create/actions/createworker/provider.go b/pkg/cluster/internal/create/actions/createworker/provider.go index c54513e759..6fc71a6123 100644 --- a/pkg/cluster/internal/create/actions/createworker/provider.go +++ b/pkg/cluster/internal/create/actions/createworker/provider.go @@ -56,8 +56,8 @@ const ( scName = "keos" certManagerVersion = "v1.12.3" - clusterOperatorChart = "0.2.0-SNAPSHOT" - clusterOperatorImage = "0.2.0-SNAPSHOT" + clusterOperatorChart = "0.2.0-PR154-SNAPSHOT" + clusterOperatorImage = "0.2.0-PR154-SNAPSHOT" ) const machineHealthCheckWorkerNodePath = "/kind/manifests/machinehealthcheckworkernode.yaml" @@ -273,7 +273,7 @@ func (p *Provider) deployCertManager(n nodes.Node, keosRegistryUrl string, kubec return nil } -func (p *Provider) deployClusterOperator(n nodes.Node, privateParams PrivateParams, clusterCredentials commons.ClusterCredentials, keosRegistry keosRegistry, kubeconfigPath string, firstInstallation bool) error { +func (p *Provider) deployClusterOperator(n nodes.Node, privateParams PrivateParams, clusterCredentials commons.ClusterCredentials, keosRegistry keosRegistry, clusterConfig *commons.ClusterConfig, kubeconfigPath string, firstInstallation bool) error { var c string var err error var helmRepository helmRepository @@ -319,6 +319,20 @@ func (p *Provider) deployClusterOperator(n nodes.Node, privateParams PrivatePara Flavour string `yaml:"flavour,omitempty"` Version string `yaml:"version,omitempty"` }{} + + if clusterConfig != nil { + clusterConfigYAML, err := yaml.Marshal(clusterConfig) + if err != nil { + return err + } + // Write keoscluster file + c = "echo '" + string(clusterConfigYAML) + "' > " + manifestsPath + "/clusterconfig.yaml" + _, err = commons.ExecuteCommand(n, c) + if err != nil { + return errors.Wrap(err, "failed to write the keoscluster file") + } + keosCluster.Spec.ClusterConfigRef.Name = clusterConfig.Metadata.Name + } keosClusterYAML, err := yaml.Marshal(keosCluster) if err != nil { return err diff --git a/pkg/cluster/internal/create/create.go b/pkg/cluster/internal/create/create.go index c54a894b52..04e9feacb5 100644 --- a/pkg/cluster/internal/create/create.go +++ b/pkg/cluster/internal/create/create.go @@ -63,7 +63,7 @@ type ClusterOptions struct { MoveManagement bool AvoidCreation bool KeosCluster commons.KeosCluster - ClusterConfig commons.ClusterConfig + ClusterConfig *commons.ClusterConfig ClusterCredentials commons.ClusterCredentials DockerRegUrl string diff --git a/pkg/cluster/provider.go b/pkg/cluster/provider.go index 7c3806f51b..7f1767008f 100644 --- a/pkg/cluster/provider.go +++ b/pkg/cluster/provider.go @@ -171,7 +171,7 @@ func ProviderWithPodman() ProviderOption { } // Create provisions and starts a kubernetes-in-docker cluster -func (p *Provider) Create(name string, vaultPassword string, descriptorPath string, moveManagement bool, avoidCreation bool, dockerRegUrl string, clusterConfig commons.ClusterConfig, keosCluster commons.KeosCluster, clusterCredentials commons.ClusterCredentials, options ...CreateOption) error { // apply options +func (p *Provider) Create(name string, vaultPassword string, descriptorPath string, moveManagement bool, avoidCreation bool, dockerRegUrl string, clusterConfig *commons.ClusterConfig, keosCluster commons.KeosCluster, clusterCredentials commons.ClusterCredentials, options ...CreateOption) error { // apply options opts := &internalcreate.ClusterOptions{ NameOverride: name, VaultPassword: vaultPassword, diff --git a/pkg/cmd/kind/create/cluster/createcluster.go b/pkg/cmd/kind/create/cluster/createcluster.go index eddc0214cf..e1d27f8ed1 100644 --- a/pkg/cmd/kind/create/cluster/createcluster.go +++ b/pkg/cmd/kind/create/cluster/createcluster.go @@ -188,7 +188,7 @@ func runE(logger log.Logger, streams cmd.IOStreams, flags *flagpole) error { } dockerRegUrl := "" - if clusterConfig.Spec.Private { + if clusterConfig != nil && clusterConfig.Spec.Private { configFile, err := getConfigFile(keosCluster, clusterCredentials) if err != nil { return errors.Wrap(err, "Error getting private kubeadm config") @@ -220,7 +220,7 @@ func runE(logger log.Logger, streams cmd.IOStreams, flags *flagpole) error { flags.MoveManagement, flags.AvoidCreation, dockerRegUrl, - *clusterConfig, + clusterConfig, *keosCluster, clusterCredentials, withConfig, diff --git a/pkg/commons/cluster.go b/pkg/commons/cluster.go index d7826dda4a..3155199d6e 100644 --- a/pkg/commons/cluster.go +++ b/pkg/commons/cluster.go @@ -58,7 +58,11 @@ type Metadata struct { } type ClusterConfigSpec struct { - Private bool `yaml:"private_registry,omitempty"` + Private bool `yaml:"private_registry"` +} + +type ClusterConfigRef struct { + Name string `json:"name,omitempty"` } // Spec represents the YAML structure in the spec field of the descriptor file @@ -109,6 +113,8 @@ type KeosSpec struct { } `yaml:"control_plane"` WorkerNodes WorkerNodes `yaml:"worker_nodes" validate:"required,dive"` + + ClusterConfigRef ClusterConfigRef `yaml:"cluster_config_ref,omitempty" validate:"dive"` } type Networks struct { @@ -372,6 +378,7 @@ func (s KeosSpec) Init() KeosSpec { func GetClusterDescriptor(descriptorPath string) (*KeosCluster, *ClusterConfig, error) { var keosCluster KeosCluster var clusterConfig ClusterConfig + findClusterConfig := false _, err := os.Stat(descriptorPath) if err != nil { @@ -416,6 +423,7 @@ func GetClusterDescriptor(descriptorPath string) (*KeosCluster, *ClusterConfig, keosCluster.Metadata.Namespace = "cluster-" + keosCluster.Metadata.Name case "ClusterConfig": + findClusterConfig = true clusterConfig.Spec = new(ClusterConfigSpec).Init() err = yaml.Unmarshal([]byte(manifest), &clusterConfig) if err != nil { @@ -426,7 +434,7 @@ func GetClusterDescriptor(descriptorPath string) (*KeosCluster, *ClusterConfig, if err != nil { return nil, nil, err } - + clusterConfig.Metadata.Namespace = "cluster-" + keosCluster.Metadata.Name default: return nil, nil, errors.New("Unsupported manifest kind: " + resource.Kind) } @@ -436,13 +444,12 @@ func GetClusterDescriptor(descriptorPath string) (*KeosCluster, *ClusterConfig, if reflect.DeepEqual(keosCluster, KeosCluster{}) { return nil, nil, errors.New("Keoscluster's manifest has not been found.") } - if !reflect.DeepEqual(clusterConfig, ClusterConfig{}) { - if clusterConfig.Metadata.Name != keosCluster.Metadata.Name { - return nil, nil, errors.New("ClusterConfig name does not match keoscluster name.") - } + + if findClusterConfig { + return &keosCluster, &clusterConfig, nil } - return &keosCluster, &clusterConfig, nil + return &keosCluster, nil, nil } func DecryptFile(filePath string, vaultPassword string) (string, error) { From 0555d7270709dcd00f41d6941ebe04680eafbe60 Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Mon, 22 Jan 2024 13:18:34 +0100 Subject: [PATCH 06/15] added clusterconfig move --- .../create/actions/createworker/createworker.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkg/cluster/internal/create/actions/createworker/createworker.go b/pkg/cluster/internal/create/actions/createworker/createworker.go index 0aca799ac0..f83a6cb811 100644 --- a/pkg/cluster/internal/create/actions/createworker/createworker.go +++ b/pkg/cluster/internal/create/actions/createworker/createworker.go @@ -709,12 +709,27 @@ func (a *action) Execute(ctx *actions.ActionContext) error { } if a.clusterConfig != nil { + + c = "kubectl -n " + capiClustersNamespace + " patch clusterconfig " + a.clusterConfig.Metadata.Name + " -p '{\"metadata\":{\"ownerReferences\":null,\"finalizers\":null}}' --type=merge" + _, err = commons.ExecuteCommand(n, c) + if err != nil { + return errors.Wrap(err, "failed to remove clusterconfig ownerReferences and finalizers") + } + // Move clusterConfig to workload cluster c = "kubectl -n " + capiClustersNamespace + " get clusterconfig " + a.clusterConfig.Metadata.Name + " -o json | kubectl apply --kubeconfig " + kubeconfigPath + " -f-" _, err = commons.ExecuteCommand(n, c) if err != nil { return errors.Wrap(err, "failed to move clusterconfig to workload cluster") } + + // Delete clusterconfig in management cluster + c = "kubectl -n " + capiClustersNamespace + " delete clusterconfig " + a.clusterConfig.Metadata.Name + _, err = commons.ExecuteCommand(n, c) + if err != nil { + return errors.Wrap(err, "failed to delete clusterconfig in management cluster") + } + } // Move keoscluster to workload cluster From 105d4e4c8293939c2fd7ae1216f2160422ecab00 Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Mon, 22 Jan 2024 13:27:42 +0100 Subject: [PATCH 07/15] added clusterconfig move --- pkg/cluster/internal/create/actions/createworker/provider.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/cluster/internal/create/actions/createworker/provider.go b/pkg/cluster/internal/create/actions/createworker/provider.go index 6fc71a6123..797cb3c637 100644 --- a/pkg/cluster/internal/create/actions/createworker/provider.go +++ b/pkg/cluster/internal/create/actions/createworker/provider.go @@ -56,8 +56,8 @@ const ( scName = "keos" certManagerVersion = "v1.12.3" - clusterOperatorChart = "0.2.0-PR154-SNAPSHOT" - clusterOperatorImage = "0.2.0-PR154-SNAPSHOT" + clusterOperatorChart = "0.2.0-SNAPSHOT" + clusterOperatorImage = "0.2.0-SNAPSHOT" ) const machineHealthCheckWorkerNodePath = "/kind/manifests/machinehealthcheckworkernode.yaml" From 123b38f2b732642f1c217f3ddd2afabdd2fa287b Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Mon, 22 Jan 2024 17:45:46 +0100 Subject: [PATCH 08/15] integrating private controlplane. fully-private integration --- pkg/cluster/internal/validate/common.go | 23 +++++++++++++++++++- pkg/cluster/internal/validate/validate.go | 3 ++- pkg/cluster/provider.go | 3 ++- pkg/cmd/kind/create/cluster/createcluster.go | 2 ++ pkg/commons/cluster.go | 15 ++++++++----- 5 files changed, 37 insertions(+), 9 deletions(-) diff --git a/pkg/cluster/internal/validate/common.go b/pkg/cluster/internal/validate/common.go index 93a5cdbd74..a7b1f54269 100644 --- a/pkg/cluster/internal/validate/common.go +++ b/pkg/cluster/internal/validate/common.go @@ -34,8 +34,9 @@ const ( var k8sVersionSupported = []string{"1.24", "1.25", "1.26", "1.27", "1.28"} -func validateCommon(spec commons.KeosSpec) error { +func validateCommon(spec commons.KeosSpec, clusterConfig *commons.ClusterConfig) error { var err error + if err = validateK8SVersion(spec.K8SVersion); err != nil { return err } @@ -45,6 +46,26 @@ func validateCommon(spec commons.KeosSpec) error { if err = validateVolumes(spec); err != nil { return err } + if err = validatePublicControlPlane(spec, clusterConfig); err != nil { + return err + } + return nil +} + +func validatePublicControlPlane(spec commons.KeosSpec, clusterConfig *commons.ClusterConfig) error { + if spec.InfraProvider != "aws" { + if !spec.ControlPlane.Public { + return errors.New("spec.control_plane.public only can be false for aws or eks installations") + } + } else if !spec.ControlPlane.Public { + if clusterConfig == nil || !clusterConfig.Spec.Private { + return errors.New("If keoscluster's .spec.control_plane.public is false, clusterConfig .spec.private_registry must be true") + } + if spec.Networks.AdditionalSecurityGroup != "" { + return errors.New("If keoscluster's .spec.control_plane.public is false, its .spec.networks.additional_sg must be indicated. This sg must be created as a requirement and must allow the internal vpc traffic.") + } + } + return nil } diff --git a/pkg/cluster/internal/validate/validate.go b/pkg/cluster/internal/validate/validate.go index 135438a0d1..cf4c8328c3 100644 --- a/pkg/cluster/internal/validate/validate.go +++ b/pkg/cluster/internal/validate/validate.go @@ -24,6 +24,7 @@ type ValidateParams struct { KeosCluster commons.KeosCluster SecretsPath string VaultPassword string + ClusterConfig commons.ClusterConfig } func Cluster(params *ValidateParams) (commons.ClusterCredentials, error) { @@ -35,7 +36,7 @@ func Cluster(params *ValidateParams) (commons.ClusterCredentials, error) { return commons.ClusterCredentials{}, err } - if err := validateCommon(params.KeosCluster.Spec); err != nil { + if err := validateCommon(params.KeosCluster.Spec, ¶ms.ClusterConfig); err != nil { return commons.ClusterCredentials{}, err } diff --git a/pkg/cluster/provider.go b/pkg/cluster/provider.go index 7f1767008f..565240f3a5 100644 --- a/pkg/cluster/provider.go +++ b/pkg/cluster/provider.go @@ -255,9 +255,10 @@ func (p *Provider) CollectLogs(name, dir string) error { return p.provider.CollectLogs(dir, n) } -func (p *Provider) Validate(keosCluster commons.KeosCluster, secretsPath string, vaultPassword string) (commons.ClusterCredentials, error) { +func (p *Provider) Validate(keosCluster commons.KeosCluster, clusterConfig commons.ClusterConfig, secretsPath string, vaultPassword string) (commons.ClusterCredentials, error) { params := &internalvalidate.ValidateParams{ KeosCluster: keosCluster, + ClusterConfig: clusterConfig, SecretsPath: secretsPath, VaultPassword: vaultPassword, } diff --git a/pkg/cmd/kind/create/cluster/createcluster.go b/pkg/cmd/kind/create/cluster/createcluster.go index e1d27f8ed1..ff95d4d74b 100644 --- a/pkg/cmd/kind/create/cluster/createcluster.go +++ b/pkg/cmd/kind/create/cluster/createcluster.go @@ -180,6 +180,7 @@ func runE(logger log.Logger, streams cmd.IOStreams, flags *flagpole) error { clusterCredentials, err := provider.Validate( *keosCluster, + *clusterConfig, secretsDefaultPath, flags.VaultPassword, ) @@ -189,6 +190,7 @@ func runE(logger log.Logger, streams cmd.IOStreams, flags *flagpole) error { dockerRegUrl := "" if clusterConfig != nil && clusterConfig.Spec.Private { + configFile, err := getConfigFile(keosCluster, clusterCredentials) if err != nil { return errors.Wrap(err, "Error getting private kubeadm config") diff --git a/pkg/commons/cluster.go b/pkg/commons/cluster.go index 3155199d6e..ab08e90a13 100644 --- a/pkg/commons/cluster.go +++ b/pkg/commons/cluster.go @@ -110,6 +110,7 @@ type KeosSpec struct { AWS AWSCP `yaml:"aws,omitempty"` Azure AzureCP `yaml:"azure,omitempty"` ExtraVolumes []ExtraVolume `yaml:"extra_volumes,omitempty" validate:"dive"` + Public bool `yaml:"public" validate:"boolean"` } `yaml:"control_plane"` WorkerNodes WorkerNodes `yaml:"worker_nodes" validate:"required,dive"` @@ -118,12 +119,13 @@ type KeosSpec struct { } type Networks struct { - VPCID string `yaml:"vpc_id,omitempty"` - VPCCidrBlock string `yaml:"vpc_cidr,omitempty" validate:"omitempty,cidrv4"` - PodsCidrBlock string `yaml:"pods_cidr,omitempty" validate:"omitempty,cidrv4"` - PodsSubnets []Subnets `yaml:"pods_subnets,omitempty" validate:"dive"` - Subnets []Subnets `yaml:"subnets,omitempty" validate:"dive"` - ResourceGroup string `yaml:"resource_group,omitempty"` + VPCID string `yaml:"vpc_id,omitempty"` + VPCCidrBlock string `yaml:"vpc_cidr,omitempty" validate:"omitempty,cidrv4"` + PodsCidrBlock string `yaml:"pods_cidr,omitempty" validate:"omitempty,cidrv4"` + PodsSubnets []Subnets `yaml:"pods_subnets,omitempty" validate:"dive"` + Subnets []Subnets `yaml:"subnets,omitempty" validate:"dive"` + ResourceGroup string `yaml:"resource_group,omitempty"` + AdditionalSecurityGroup string `yaml:"additional_sg,omitempty"` } type Subnets struct { @@ -349,6 +351,7 @@ func (s ClusterConfigSpec) Init() ClusterConfigSpec { func (s KeosSpec) Init() KeosSpec { highlyAvailable := true s.ControlPlane.HighlyAvailable = &highlyAvailable + s.ControlPlane.Public = true // AKS s.ControlPlane.Azure.Tier = "Paid" From ca58ab70d134ec9d74f875a92c15ed9567c030c0 Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Mon, 22 Jan 2024 17:55:15 +0100 Subject: [PATCH 09/15] integrating docker inspect for private image. fully-private integration --- .../internal/providers/docker/images.go | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pkg/cluster/internal/providers/docker/images.go b/pkg/cluster/internal/providers/docker/images.go index c8eac0c30e..470db66dcc 100644 --- a/pkg/cluster/internal/providers/docker/images.go +++ b/pkg/cluster/internal/providers/docker/images.go @@ -62,16 +62,16 @@ func ensureNodeImages(logger log.Logger, status *cli.Status, cfg *config.Cluster return err } stratioImage := "stratio-capi-image:" + strings.Split(friendlyImageName, ":")[1] - // if dockerRegUrl != "" { - // cmd := exec.Command("docker", "inspect", "--type=image", stratioImage) - // if err := cmd.Run(); err == nil { - // logger.V(1).Infof("stratioImage: %s present locally", image) - // } else { - // err = buildStratioImage(logger, stratioImage, dockerfileDir) - // } - // } else { - // err = buildStratioImage(logger, stratioImage, dockerfileDir) - // } + if dockerRegUrl != "" { + cmd := exec.Command("docker", "inspect", "--type=image", stratioImage) + if err := cmd.Run(); err == nil { + logger.V(1).Infof("stratioImage: %s present locally", image) + } else { + err = buildStratioImage(logger, stratioImage, dockerfileDir) + } + } else { + err = buildStratioImage(logger, stratioImage, dockerfileDir) + } err = buildStratioImage(logger, stratioImage, dockerfileDir) if err != nil { status.End(false) From 23eea02a6090501ca97ed9b47d3f1969099b0ccc Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Tue, 23 Jan 2024 09:51:31 +0100 Subject: [PATCH 10/15] Added new validations. fully-private integration --- pkg/cluster/internal/validate/common.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/cluster/internal/validate/common.go b/pkg/cluster/internal/validate/common.go index a7b1f54269..be70d3f3a5 100644 --- a/pkg/cluster/internal/validate/common.go +++ b/pkg/cluster/internal/validate/common.go @@ -18,6 +18,7 @@ package validate import ( "fmt" + "reflect" "regexp" "strconv" "strings" @@ -61,9 +62,13 @@ func validatePublicControlPlane(spec commons.KeosSpec, clusterConfig *commons.Cl if clusterConfig == nil || !clusterConfig.Spec.Private { return errors.New("If keoscluster's .spec.control_plane.public is false, clusterConfig .spec.private_registry must be true") } - if spec.Networks.AdditionalSecurityGroup != "" { + if spec.Networks.AdditionalSecurityGroup == "" { return errors.New("If keoscluster's .spec.control_plane.public is false, its .spec.networks.additional_sg must be indicated. This sg must be created as a requirement and must allow the internal vpc traffic.") } + if spec.Networks.VPCID == "" || reflect.DeepEqual(spec.Networks.Subnets, commons.Subnets{}) { + return errors.New("If keoscluster's .spec.control_plane.public is false, its .spec.networks.vpc_id and .spec.networks.subnets must be indicated.") + + } } return nil From 9b6009f6655aa9639ec4bf252b9cfa21136a5fed Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Wed, 24 Jan 2024 11:33:39 +0100 Subject: [PATCH 11/15] added sg validations --- pkg/cluster/internal/validate/aws.go | 47 +++++++++++++++++++++++++ pkg/cluster/internal/validate/common.go | 11 +++--- pkg/cluster/internal/validate/utils.go | 4 +++ pkg/commons/cluster.go | 14 ++++---- 4 files changed, 63 insertions(+), 13 deletions(-) diff --git a/pkg/cluster/internal/validate/aws.go b/pkg/cluster/internal/validate/aws.go index 1d949789e7..3ab3380089 100644 --- a/pkg/cluster/internal/validate/aws.go +++ b/pkg/cluster/internal/validate/aws.go @@ -176,6 +176,11 @@ func validateAWSNetwork(ctx context.Context, cfg aws.Config, spec commons.KeosSp } } } + if spec.Networks.AdditionalSecurityGroupId != "" { + if err := validateSecurityGroup(spec.Networks.AdditionalSecurityGroupId, spec.Networks.VPCID, cfg); err != nil { + return err + } + } } else { if len(spec.Networks.Subnets) > 0 { return errors.New("\"vpc_id\": is required when \"subnets\" is set") @@ -183,6 +188,9 @@ func validateAWSNetwork(ctx context.Context, cfg aws.Config, spec commons.KeosSp if len(spec.Networks.PodsSubnets) > 0 { return errors.New("\"vpc_id\": is required when \"pods_subnets\" is set") } + if spec.Networks.AdditionalSecurityGroupId != "" { + return errors.New("\"vpc_id\": is required when \"additional_sg_id\" is set") + } } if len(spec.Networks.Subnets) > 0 { for _, s := range spec.Networks.Subnets { @@ -194,6 +202,7 @@ func validateAWSNetwork(ctx context.Context, cfg aws.Config, spec commons.KeosSp return err } } + return nil } @@ -249,6 +258,44 @@ func getAWSRegions(config aws.Config) ([]string, error) { return regions, nil } +func validateSecurityGroup(sgId string, vpcId string, config aws.Config) error { + findSg := false + ec2Client := ec2.NewFromConfig(config) + params := ec2.DescribeSecurityGroupsInput{ + Filters: []types.Filter{ + { + Name: toPtr[string]("group-id"), + Values: []string{sgId}, + }, + }, + } + if vpcId != "" { + vpcFilter := types.Filter{Name: toPtr[string]("vpc-id"), Values: []string{vpcId}} + params.Filters = append(params.Filters, vpcFilter) + } + sgsOutput, err := ec2Client.DescribeSecurityGroups(context.Background(), ¶ms) + if err != nil { + return err + } + for _, sg := range sgsOutput.SecurityGroups { + if *sg.GroupId == sgId { + findSg = true + continue + } + } + if !findSg { + errMsg := "SecurityGroup with sg_id: " + sgId + " does not exist in" + if vpcId == "" { + errMsg += " default vpc." + } else { + errMsg += " vpc: " + vpcId + "." + } + return errors.New(errMsg) + + } + return nil +} + func getAWSVPCs(config aws.Config) ([]string, error) { vpcs := []string{} diff --git a/pkg/cluster/internal/validate/common.go b/pkg/cluster/internal/validate/common.go index be70d3f3a5..a85c1d48a3 100644 --- a/pkg/cluster/internal/validate/common.go +++ b/pkg/cluster/internal/validate/common.go @@ -18,7 +18,6 @@ package validate import ( "fmt" - "reflect" "regexp" "strconv" "strings" @@ -62,13 +61,13 @@ func validatePublicControlPlane(spec commons.KeosSpec, clusterConfig *commons.Cl if clusterConfig == nil || !clusterConfig.Spec.Private { return errors.New("If keoscluster's .spec.control_plane.public is false, clusterConfig .spec.private_registry must be true") } - if spec.Networks.AdditionalSecurityGroup == "" { - return errors.New("If keoscluster's .spec.control_plane.public is false, its .spec.networks.additional_sg must be indicated. This sg must be created as a requirement and must allow the internal vpc traffic.") - } - if spec.Networks.VPCID == "" || reflect.DeepEqual(spec.Networks.Subnets, commons.Subnets{}) { + if spec.Networks.VPCID == "" || len(spec.Networks.Subnets) == 0 { return errors.New("If keoscluster's .spec.control_plane.public is false, its .spec.networks.vpc_id and .spec.networks.subnets must be indicated.") - } + if spec.Networks.AdditionalSecurityGroupId == "" && spec.ControlPlane.Managed { + return errors.New("If keoscluster's .spec.control_plane.public is false and .spec.control_plane.managed, its .spec.networks.additional_sg must be indicated. This sg must be created as a requirement and must allow the internal vpc traffic.") + } + } return nil diff --git a/pkg/cluster/internal/validate/utils.go b/pkg/cluster/internal/validate/utils.go index dc3fa3e9f0..ee14e71bdf 100644 --- a/pkg/cluster/internal/validate/utils.go +++ b/pkg/cluster/internal/validate/utils.go @@ -72,3 +72,7 @@ func getFieldNames(s interface{}) []string { } return fieldNames } + +func toPtr[T any](v T) *T { + return &v +} diff --git a/pkg/commons/cluster.go b/pkg/commons/cluster.go index ab08e90a13..336a9f836d 100644 --- a/pkg/commons/cluster.go +++ b/pkg/commons/cluster.go @@ -119,13 +119,13 @@ type KeosSpec struct { } type Networks struct { - VPCID string `yaml:"vpc_id,omitempty"` - VPCCidrBlock string `yaml:"vpc_cidr,omitempty" validate:"omitempty,cidrv4"` - PodsCidrBlock string `yaml:"pods_cidr,omitempty" validate:"omitempty,cidrv4"` - PodsSubnets []Subnets `yaml:"pods_subnets,omitempty" validate:"dive"` - Subnets []Subnets `yaml:"subnets,omitempty" validate:"dive"` - ResourceGroup string `yaml:"resource_group,omitempty"` - AdditionalSecurityGroup string `yaml:"additional_sg,omitempty"` + VPCID string `yaml:"vpc_id,omitempty"` + VPCCidrBlock string `yaml:"vpc_cidr,omitempty" validate:"omitempty,cidrv4"` + PodsCidrBlock string `yaml:"pods_cidr,omitempty" validate:"omitempty,cidrv4"` + PodsSubnets []Subnets `yaml:"pods_subnets,omitempty" validate:"dive"` + Subnets []Subnets `yaml:"subnets,omitempty" validate:"dive"` + ResourceGroup string `yaml:"resource_group,omitempty"` + AdditionalSecurityGroupId string `yaml:"additional_sg_id,omitempty"` } type Subnets struct { From fc2296a4b48b2347a2b77be2e5db855692fe20e4 Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Wed, 24 Jan 2024 17:06:19 +0100 Subject: [PATCH 12/15] changed image building --- pkg/cluster/internal/providers/docker/images.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/cluster/internal/providers/docker/images.go b/pkg/cluster/internal/providers/docker/images.go index 470db66dcc..28380f0573 100644 --- a/pkg/cluster/internal/providers/docker/images.go +++ b/pkg/cluster/internal/providers/docker/images.go @@ -72,7 +72,6 @@ func ensureNodeImages(logger log.Logger, status *cli.Status, cfg *config.Cluster } else { err = buildStratioImage(logger, stratioImage, dockerfileDir) } - err = buildStratioImage(logger, stratioImage, dockerfileDir) if err != nil { status.End(false) return err From dd4cf2798a9181a60dba960ce9a0dc18eaf62672 Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Thu, 25 Jan 2024 16:19:03 +0100 Subject: [PATCH 13/15] fixing nil pointer bug --- .../create/actions/createworker/createworker.go | 17 +++++++++-------- .../create/actions/createworker/provider.go | 4 ++-- pkg/cluster/internal/validate/validate.go | 4 ++-- pkg/cluster/provider.go | 2 +- pkg/cmd/kind/create/cluster/createcluster.go | 2 +- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/pkg/cluster/internal/create/actions/createworker/createworker.go b/pkg/cluster/internal/create/actions/createworker/createworker.go index c3bd9d4d05..b9e517a630 100644 --- a/pkg/cluster/internal/create/actions/createworker/createworker.go +++ b/pkg/cluster/internal/create/actions/createworker/createworker.go @@ -759,17 +759,18 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.End(true) // End Moving the cluster-operator } - } - ctx.Status.Start("Executing post-install steps 🎖️") - defer ctx.Status.End(false) + ctx.Status.Start("Executing post-install steps 🎖️") + defer ctx.Status.End(false) - err = infra.postInstallPhase(n, kubeconfigPath) - if err != nil { - return err - } + err = infra.postInstallPhase(n, kubeconfigPath) + if err != nil { + return err + } - ctx.Status.End(true) + ctx.Status.End(true) + + } ctx.Status.Start("Generating the KEOS descriptor 📝") defer ctx.Status.End(false) diff --git a/pkg/cluster/internal/create/actions/createworker/provider.go b/pkg/cluster/internal/create/actions/createworker/provider.go index 48d2e025b6..71fe97fff8 100644 --- a/pkg/cluster/internal/create/actions/createworker/provider.go +++ b/pkg/cluster/internal/create/actions/createworker/provider.go @@ -56,8 +56,8 @@ const ( scName = "keos" certManagerVersion = "v1.12.3" - clusterOperatorChart = "0.2.0-SNAPSHOT" - clusterOperatorImage = "0.2.0-SNAPSHOT" + clusterOperatorChart = "0.2.0-PR157-SNAPSHOT" + clusterOperatorImage = "0.2.0-PR157-SNAPSHOT" postInstallAnnotation = "cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes" ) diff --git a/pkg/cluster/internal/validate/validate.go b/pkg/cluster/internal/validate/validate.go index cf4c8328c3..f82f0c364d 100644 --- a/pkg/cluster/internal/validate/validate.go +++ b/pkg/cluster/internal/validate/validate.go @@ -24,7 +24,7 @@ type ValidateParams struct { KeosCluster commons.KeosCluster SecretsPath string VaultPassword string - ClusterConfig commons.ClusterConfig + ClusterConfig *commons.ClusterConfig } func Cluster(params *ValidateParams) (commons.ClusterCredentials, error) { @@ -36,7 +36,7 @@ func Cluster(params *ValidateParams) (commons.ClusterCredentials, error) { return commons.ClusterCredentials{}, err } - if err := validateCommon(params.KeosCluster.Spec, ¶ms.ClusterConfig); err != nil { + if err := validateCommon(params.KeosCluster.Spec, params.ClusterConfig); err != nil { return commons.ClusterCredentials{}, err } diff --git a/pkg/cluster/provider.go b/pkg/cluster/provider.go index 565240f3a5..cb1a847249 100644 --- a/pkg/cluster/provider.go +++ b/pkg/cluster/provider.go @@ -255,7 +255,7 @@ func (p *Provider) CollectLogs(name, dir string) error { return p.provider.CollectLogs(dir, n) } -func (p *Provider) Validate(keosCluster commons.KeosCluster, clusterConfig commons.ClusterConfig, secretsPath string, vaultPassword string) (commons.ClusterCredentials, error) { +func (p *Provider) Validate(keosCluster commons.KeosCluster, clusterConfig *commons.ClusterConfig, secretsPath string, vaultPassword string) (commons.ClusterCredentials, error) { params := &internalvalidate.ValidateParams{ KeosCluster: keosCluster, ClusterConfig: clusterConfig, diff --git a/pkg/cmd/kind/create/cluster/createcluster.go b/pkg/cmd/kind/create/cluster/createcluster.go index ff95d4d74b..9128505147 100644 --- a/pkg/cmd/kind/create/cluster/createcluster.go +++ b/pkg/cmd/kind/create/cluster/createcluster.go @@ -180,7 +180,7 @@ func runE(logger log.Logger, streams cmd.IOStreams, flags *flagpole) error { clusterCredentials, err := provider.Validate( *keosCluster, - *clusterConfig, + clusterConfig, secretsDefaultPath, flags.VaultPassword, ) From 05ebf8955ec7122bacdc7f530f561421487beaf0 Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Thu, 25 Jan 2024 16:23:47 +0100 Subject: [PATCH 14/15] integrating fully-private azure --- pkg/cluster/internal/validate/common.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/cluster/internal/validate/common.go b/pkg/cluster/internal/validate/common.go index a85c1d48a3..3595a05ff4 100644 --- a/pkg/cluster/internal/validate/common.go +++ b/pkg/cluster/internal/validate/common.go @@ -53,9 +53,9 @@ func validateCommon(spec commons.KeosSpec, clusterConfig *commons.ClusterConfig) } func validatePublicControlPlane(spec commons.KeosSpec, clusterConfig *commons.ClusterConfig) error { - if spec.InfraProvider != "aws" { + if spec.InfraProvider == "gcp" { if !spec.ControlPlane.Public { - return errors.New("spec.control_plane.public only can be false for aws or eks installations") + return errors.New("spec.control_plane.public cannot be false for gcp installations") } } else if !spec.ControlPlane.Public { if clusterConfig == nil || !clusterConfig.Spec.Private { From db78477b3160e41582f1b46021836a06dc7d18a5 Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Tue, 6 Feb 2024 16:42:15 +0100 Subject: [PATCH 15/15] improve docker building --- bin/images/azure/REGISTRY | 2 +- .../azure/imagenes-cloud-controller.txt | 3 ++- bin/images/azure/imagenes-cloud-node.txt | 3 ++- bin/images/commons/REGISTRY | 3 ++- bin/images/commons/imagenes-cert-manager.txt | 2 +- bin/images/commons/imagenes-kind.txt | 1 + .../actions/createworker/createworker.go | 19 ++++++++++++++- .../create/actions/createworker/provider.go | 4 ++-- pkg/cluster/internal/create/create.go | 2 +- .../internal/providers/docker/images.go | 23 ++++++++++++++----- .../internal/providers/docker/provider.go | 4 ++-- .../internal/providers/podman/provider.go | 2 +- pkg/cluster/internal/providers/provider.go | 2 +- pkg/cluster/internal/validate/common.go | 2 +- 14 files changed, 52 insertions(+), 20 deletions(-) diff --git a/bin/images/azure/REGISTRY b/bin/images/azure/REGISTRY index 1be5c30c0e..86aa593bfc 100644 --- a/bin/images/azure/REGISTRY +++ b/bin/images/azure/REGISTRY @@ -1 +1 @@ -eosregistry.azurecr.io/keos/offline \ No newline at end of file +offlineregistry.azurecr.io/keos \ No newline at end of file diff --git a/bin/images/azure/imagenes-cloud-controller.txt b/bin/images/azure/imagenes-cloud-controller.txt index be925266ad..0cbba77bdd 100644 --- a/bin/images/azure/imagenes-cloud-controller.txt +++ b/bin/images/azure/imagenes-cloud-controller.txt @@ -1,2 +1,3 @@ mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.24.22 -mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.14 \ No newline at end of file +mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.14 +mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.27.8 diff --git a/bin/images/azure/imagenes-cloud-node.txt b/bin/images/azure/imagenes-cloud-node.txt index 9e01bbdd3f..32a3a6a5da 100644 --- a/bin/images/azure/imagenes-cloud-node.txt +++ b/bin/images/azure/imagenes-cloud-node.txt @@ -1,2 +1,3 @@ mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.22 -mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.14 \ No newline at end of file +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.14 +mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.8 \ No newline at end of file diff --git a/bin/images/commons/REGISTRY b/bin/images/commons/REGISTRY index 41a81d7923..fb549bb478 100644 --- a/bin/images/commons/REGISTRY +++ b/bin/images/commons/REGISTRY @@ -1,2 +1,3 @@ #963353511234.dkr.ecr.eu-west-1.amazonaws.com/keos/offline -eosregistry.azurecr.io/keos/offline \ No newline at end of file +#eosregistry.azurecr.io/keos/offline +offlineregistry.azurecr.io/keos \ No newline at end of file diff --git a/bin/images/commons/imagenes-cert-manager.txt b/bin/images/commons/imagenes-cert-manager.txt index 9e71989be7..fc343ab52c 100644 --- a/bin/images/commons/imagenes-cert-manager.txt +++ b/bin/images/commons/imagenes-cert-manager.txt @@ -7,4 +7,4 @@ quay.io/jetstack/cert-manager-controller:v1.13.1 quay.io/jetstack/cert-manager-cainjector:v1.13.1 quay.io/jetstack/cert-manager-webhook:v1.13.1 quay.io/jetstack/cert-manager-acmesolver:v1.13.1 -quay.io/jetstack/cert-manager-ctl:v1.13.1 \ No newline at end of file +quay.io/jetstack/cert-manager-ctl:v1.13.1 diff --git a/bin/images/commons/imagenes-kind.txt b/bin/images/commons/imagenes-kind.txt index 23f5e33158..7d3453abab 100644 --- a/bin/images/commons/imagenes-kind.txt +++ b/bin/images/commons/imagenes-kind.txt @@ -1 +1,2 @@ docker.io/kindest/node:v1.27.0 +docker.io/kindest/kindnetd:v20221004-44d545d1 diff --git a/pkg/cluster/internal/create/actions/createworker/createworker.go b/pkg/cluster/internal/create/actions/createworker/createworker.go index b9e517a630..c1dabbcfc4 100644 --- a/pkg/cluster/internal/create/actions/createworker/createworker.go +++ b/pkg/cluster/internal/create/actions/createworker/createworker.go @@ -59,6 +59,7 @@ const ( storageDefaultPath = "/kind/manifests/default-storage.yaml" infraGCPVersion = "v1.4.0" infraAWSVersion = "v2.2.1" + infraAzureVersion = "v1.11.4" ) var PathsToBackupLocally = []string{ @@ -240,20 +241,36 @@ func (a *action) Execute(ctx *actions.ActionContext) error { c = "echo \"images:\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" cluster-api:\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" repository: " + keosRegistry.url + "/cluster-api\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" bootstrap-kubeadm:\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" repository: " + keosRegistry.url + "/cluster-api\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" control-plane-kubeadm:\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" repository: " + keosRegistry.url + "/cluster-api\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" infrastructure-aws:\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" repository: " + keosRegistry.url + "/cluster-api-aws\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" tag: " + infraAWSVersion + "\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" infrastructure-gcp:\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" repository: " + keosRegistry.url + "/cluster-api-gcp\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" tag: " + infraGCPVersion + "\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" infrastructure-azure:\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" repository: " + keosRegistry.url + "/cluster-api-azure\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" infrastructure-azure/azureserviceoperator:\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" repository: " + keosRegistry.url + "/k8s\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" infrastructure-azure/kube-rbac-proxy:\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" repository: " + keosRegistry.url + "/kubebuilder\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" infrastructure-azure/nmi:\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" repository: " + keosRegistry.url + "/oss/azure/aad-pod-identity\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml && " + "echo \" cert-manager:\" >> /root/.cluster-api/clusterctl.yaml && " + - "echo \" repository: " + keosRegistry.url + "/cert-manager\" >> /root/.cluster-api/clusterctl.yaml " + "echo \" repository: " + keosRegistry.url + "/cert-manager\" >> /root/.cluster-api/clusterctl.yaml && " + + "echo \" timeout: 10m\" >> /root/.cluster-api/clusterctl.yaml " _, err = commons.ExecuteCommand(n, c) diff --git a/pkg/cluster/internal/create/actions/createworker/provider.go b/pkg/cluster/internal/create/actions/createworker/provider.go index 71fe97fff8..1eb9ac0f36 100644 --- a/pkg/cluster/internal/create/actions/createworker/provider.go +++ b/pkg/cluster/internal/create/actions/createworker/provider.go @@ -56,8 +56,8 @@ const ( scName = "keos" certManagerVersion = "v1.12.3" - clusterOperatorChart = "0.2.0-PR157-SNAPSHOT" - clusterOperatorImage = "0.2.0-PR157-SNAPSHOT" + clusterOperatorChart = "0.2.0-PR158-SNAPSHOT" + clusterOperatorImage = "0.2.0-PR158-SNAPSHOT" postInstallAnnotation = "cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes" ) diff --git a/pkg/cluster/internal/create/create.go b/pkg/cluster/internal/create/create.go index 04e9feacb5..de096d2ed1 100644 --- a/pkg/cluster/internal/create/create.go +++ b/pkg/cluster/internal/create/create.go @@ -121,7 +121,7 @@ func Cluster(logger log.Logger, p providers.Provider, opts *ClusterOptions) erro logger.V(0).Infof("Creating temporary cluster %q ...\n", opts.Config.Name) // Create node containers implementing defined config Nodes - if err := p.Provision(status, opts.Config, opts.DockerRegUrl); err != nil { + if err := p.Provision(status, opts.Config, opts.DockerRegUrl, !opts.KeosCluster.Spec.ControlPlane.Public); err != nil { // In case of errors nodes are deleted (except if retain is explicitly set) if !opts.Retain { _ = delete.Cluster(logger, p, opts.Config.Name, opts.KubeconfigPath) diff --git a/pkg/cluster/internal/providers/docker/images.go b/pkg/cluster/internal/providers/docker/images.go index 28380f0573..58ea9f4d77 100644 --- a/pkg/cluster/internal/providers/docker/images.go +++ b/pkg/cluster/internal/providers/docker/images.go @@ -40,7 +40,7 @@ var ( // ensureNodeImages ensures that the node images used by the create // configuration are present -func ensureNodeImages(logger log.Logger, status *cli.Status, cfg *config.Cluster, dockerRegUrl string) error { +func ensureNodeImages(logger log.Logger, status *cli.Status, cfg *config.Cluster, dockerRegUrl string, fullyPrivate bool) error { // pull each required image for _, image := range common.RequiredNodeImages(cfg).List() { // prints user friendly message @@ -62,12 +62,18 @@ func ensureNodeImages(logger log.Logger, status *cli.Status, cfg *config.Cluster return err } stratioImage := "stratio-capi-image:" + strings.Split(friendlyImageName, ":")[1] + args := []string{} if dockerRegUrl != "" { - cmd := exec.Command("docker", "inspect", "--type=image", stratioImage) - if err := cmd.Run(); err == nil { - logger.V(1).Infof("stratioImage: %s present locally", image) + args = append(args, "--build-arg=DOCKER_REG="+dockerRegUrl) + if fullyPrivate { + cmd := exec.Command("docker", "inspect", "--type=image", stratioImage) + if err := cmd.Run(); err == nil { + logger.V(1).Infof("stratioImage: %s present locally", image) + } else { + err = buildStratioImage(logger, stratioImage, dockerfileDir, args...) + } } else { - err = buildStratioImage(logger, stratioImage, dockerfileDir) + err = buildStratioImage(logger, stratioImage, dockerfileDir, args...) } } else { err = buildStratioImage(logger, stratioImage, dockerfileDir) @@ -112,8 +118,13 @@ func ensureStratioImageFiles(logger log.Logger) (dir string, err error) { } // buildStratioImage builds the stratio image -func buildStratioImage(logger log.Logger, image string, path string) error { +func buildStratioImage(logger log.Logger, image string, path string, args ...string) error { cmd := exec.Command("docker", "build", "--tag="+image, path) + if len(args) != 0 { + arg := strings.Join(args, " ") + cmd = exec.Command("docker", "build", "--tag="+image, arg, path) + } + if err := cmd.Run(); err != nil { return errors.Wrapf(err, "failed to build image %q", image) } diff --git a/pkg/cluster/internal/providers/docker/provider.go b/pkg/cluster/internal/providers/docker/provider.go index e8c4f8d962..990a74a7e6 100644 --- a/pkg/cluster/internal/providers/docker/provider.go +++ b/pkg/cluster/internal/providers/docker/provider.go @@ -61,10 +61,10 @@ func (p *provider) String() string { } // Provision is part of the providers.Provider interface -func (p *provider) Provision(status *cli.Status, cfg *config.Cluster, dockerRegUrl string) (err error) { +func (p *provider) Provision(status *cli.Status, cfg *config.Cluster, dockerRegUrl string, fullyPrivate bool) (err error) { // TODO: validate cfg // ensure node images are pulled before actually provisioning - if err := ensureNodeImages(p.logger, status, cfg, dockerRegUrl); err != nil { + if err := ensureNodeImages(p.logger, status, cfg, dockerRegUrl, fullyPrivate); err != nil { return err } diff --git a/pkg/cluster/internal/providers/podman/provider.go b/pkg/cluster/internal/providers/podman/provider.go index d969a6a526..c13ec22b1a 100644 --- a/pkg/cluster/internal/providers/podman/provider.go +++ b/pkg/cluster/internal/providers/podman/provider.go @@ -63,7 +63,7 @@ func (p *provider) String() string { } // Provision is part of the providers.Provider interface -func (p *provider) Provision(status *cli.Status, cfg *config.Cluster, dockerRegUrl string) (err error) { +func (p *provider) Provision(status *cli.Status, cfg *config.Cluster, dockerRegUrl string, fullyPrivate bool) (err error) { if err := ensureMinVersion(); err != nil { return err } diff --git a/pkg/cluster/internal/providers/provider.go b/pkg/cluster/internal/providers/provider.go index 881bba6f99..06e58b2871 100644 --- a/pkg/cluster/internal/providers/provider.go +++ b/pkg/cluster/internal/providers/provider.go @@ -28,7 +28,7 @@ import ( type Provider interface { // Provision should create and start the nodes, just short of // actually starting up Kubernetes, based on the given cluster config - Provision(status *cli.Status, cfg *config.Cluster, dockerRegUrl string) error + Provision(status *cli.Status, cfg *config.Cluster, dockerRegUrl string, fullyPrivate bool) error // ListClusters discovers the clusters that currently have resources // under this providers ListClusters() ([]string, error) diff --git a/pkg/cluster/internal/validate/common.go b/pkg/cluster/internal/validate/common.go index 3595a05ff4..da291dba0e 100644 --- a/pkg/cluster/internal/validate/common.go +++ b/pkg/cluster/internal/validate/common.go @@ -64,7 +64,7 @@ func validatePublicControlPlane(spec commons.KeosSpec, clusterConfig *commons.Cl if spec.Networks.VPCID == "" || len(spec.Networks.Subnets) == 0 { return errors.New("If keoscluster's .spec.control_plane.public is false, its .spec.networks.vpc_id and .spec.networks.subnets must be indicated.") } - if spec.Networks.AdditionalSecurityGroupId == "" && spec.ControlPlane.Managed { + if spec.Networks.AdditionalSecurityGroupId == "" && spec.ControlPlane.Managed && spec.InfraProvider == "aws" { return errors.New("If keoscluster's .spec.control_plane.public is false and .spec.control_plane.managed, its .spec.networks.additional_sg must be indicated. This sg must be created as a requirement and must allow the internal vpc traffic.") }