From 390c9fee225b8df3b47654dce6b354a851ec33c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Mon, 9 Dec 2024 15:17:48 +0100 Subject: [PATCH 01/13] f-145: updates oneke to v1.31 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/config.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index a4218a34..e465c450 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -6,13 +6,13 @@ require_relative '../lib/helpers.rb' end -ONE_SERVICE_VERSION = env :ONE_SERVICE_VERSION, '1.29' +ONE_SERVICE_VERSION = env :ONE_SERVICE_VERSION, '1.31' ONE_SERVICE_AIRGAPPED = env :ONE_SERVICE_AIRGAPPED, 'NO' ONE_SERVICE_SETUP_DIR = env :ONE_SERVICE_SETUP_DIR, '/opt/one-appliance' -ONE_SERVICE_RKE2_RELEASE = env :ONE_SERVICE_RKE2_RELEASE, "#{ONE_SERVICE_VERSION}.4" +ONE_SERVICE_RKE2_RELEASE = env :ONE_SERVICE_RKE2_RELEASE, "#{ONE_SERVICE_VERSION}.2" ONE_SERVICE_RKE2_VERSION = env :ONE_SERVICE_RKE2_VERSION, "v#{ONE_SERVICE_RKE2_RELEASE}+rke2r1" -ONE_SERVICE_HELM_VERSION = env :ONE_SERVICE_HELM_VERSION, '3.14.4' +ONE_SERVICE_HELM_VERSION = env :ONE_SERVICE_HELM_VERSION, '3.16.3' ONEAPP_K8S_MULTUS_ENABLED = env :ONEAPP_K8S_MULTUS_ENABLED, 'NO' ONEAPP_K8S_MULTUS_CONFIG = env :ONEAPP_K8S_MULTUS_CONFIG, nil @@ -21,14 +21,14 @@ ONEAPP_K8S_CNI_CONFIG = env :ONEAPP_K8S_CNI_CONFIG, nil ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' } .values -ONEAPP_K8S_LONGHORN_CHART_VERSION = env :ONEAPP_K8S_LONGHORN_CHART_VERSION, '1.6.1' +ONEAPP_K8S_LONGHORN_CHART_VERSION = env :ONEAPP_K8S_LONGHORN_CHART_VERSION, '1.7.2' ONEAPP_K8S_LONGHORN_ENABLED = env :ONEAPP_K8S_LONGHORN_ENABLED, 'NO' ONEAPP_STORAGE_DEVICE = env :ONEAPP_STORAGE_DEVICE, nil # for example '/dev/vdb' ONEAPP_STORAGE_FILESYSTEM = env :ONEAPP_STORAGE_FILESYSTEM, 'xfs' ONEAPP_STORAGE_MOUNTPOINT = env :ONEAPP_STORAGE_MOUNTPOINT, '/var/lib/longhorn' -ONEAPP_K8S_METALLB_CHART_VERSION = env :ONEAPP_K8S_METALLB_CHART_VERSION, '0.14.5' +ONEAPP_K8S_METALLB_CHART_VERSION = env :ONEAPP_K8S_METALLB_CHART_VERSION, '0.14.8' ONEAPP_K8S_METALLB_ENABLED = env :ONEAPP_K8S_METALLB_ENABLED, 'NO' ONEAPP_K8S_METALLB_CONFIG = env :ONEAPP_K8S_METALLB_CONFIG, nil ONEAPP_K8S_METALLB_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_METALLB_RANGE' } .values From 14b62053d80fc168684da7a5bae4c25d6991dd03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Mon, 9 Dec 2024 15:18:30 +0100 Subject: [PATCH 02/13] f-145: adds custom cloud controller flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/config.rb | 2 ++ appliances/OneKE/kubernetes.rb | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index e465c450..c75b7839 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -38,6 +38,8 @@ ONEAPP_K8S_RUBY_VERSION = env :ONEAPP_K8S_RUBY_VERSION, '3.3-alpine3.18' +ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER = env :ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER, 'NO' + ONEAPP_VROUTER_ETH0_VIP0 = env :ONEAPP_VROUTER_ETH0_VIP0, nil ONEAPP_VROUTER_ETH1_VIP0 = env :ONEAPP_VROUTER_ETH1_VIP0, nil diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb index 8d5dc9df..622ba0eb 100644 --- a/appliances/OneKE/kubernetes.rb +++ b/appliances/OneKE/kubernetes.rb @@ -192,7 +192,8 @@ def init_master 'node-taint' => ['CriticalAddonsOnly=true:NoExecute'], 'disable' => ['rke2-ingress-nginx'], 'cni' => cni, - 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium' + 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', + 'disable-cloud-controller' => ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER } msg :info, 'Prepare initial rke2-server config' @@ -246,7 +247,8 @@ def join_master(token, retries = RETRIES, seconds = SECONDS) 'node-taint' => ['CriticalAddonsOnly=true:NoExecute'], 'disable' => ['rke2-ingress-nginx'], 'cni' => cni, - 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium' + 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', + 'disable-cloud-controller' => ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER } msg :info, 'Prepare rke2-server config' From e412c68151b608f9b0b66d58e13382268478baf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Wed, 11 Dec 2024 13:39:03 +0100 Subject: [PATCH 03/13] f-145: Updates to rke v1.31.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/config.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index c75b7839..f03f1b23 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -10,7 +10,7 @@ ONE_SERVICE_AIRGAPPED = env :ONE_SERVICE_AIRGAPPED, 'NO' ONE_SERVICE_SETUP_DIR = env :ONE_SERVICE_SETUP_DIR, '/opt/one-appliance' -ONE_SERVICE_RKE2_RELEASE = env :ONE_SERVICE_RKE2_RELEASE, "#{ONE_SERVICE_VERSION}.2" +ONE_SERVICE_RKE2_RELEASE = env :ONE_SERVICE_RKE2_RELEASE, "#{ONE_SERVICE_VERSION}.3" ONE_SERVICE_RKE2_VERSION = env :ONE_SERVICE_RKE2_VERSION, "v#{ONE_SERVICE_RKE2_RELEASE}+rke2r1" ONE_SERVICE_HELM_VERSION = env :ONE_SERVICE_HELM_VERSION, '3.16.3' From dd7abcd51645477239f96e4c344d9cff06c86bb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Wed, 11 Dec 2024 13:39:56 +0100 Subject: [PATCH 04/13] f-145: Adds HTTP_PROXY capabilities for rke2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/config.rb | 5 +++++ appliances/OneKE/kubernetes.rb | 39 ++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index f03f1b23..9795cb52 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -58,6 +58,11 @@ ONEAPP_K8S_CONTROL_PLANE_EP = env :ONEAPP_K8S_CONTROL_PLANE_EP, "#{ONEAPP_VROUTER_ETH0_VIP0}:#{ONEAPP_VNF_HAPROXY_LB1_PORT}" ONEAPP_K8S_EXTRA_SANS = env :ONEAPP_K8S_EXTRA_SANS, 'localhost,127.0.0.1' +# Proxy config for RKE2: https://docs.rke2.io/advanced#configuring-an-http-proxy +ONEAPP_K8S_HTTP_PROXY = env :ONEAPP_K8S_HTTP_PROXY, nil +ONEAPP_K8S_HTTPS_PROXY = env :ONEAPP_K8S_HTTPS_PROXY, nil +ONEAPP_K8S_NO_PROXY = env :ONEAPP_K8S_NO_PROXY, nil + FALLBACK_GW = env :FALLBACK_GW, nil FALLBACK_DNS = env :FALLBACK_DNS, nil diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb index 622ba0eb..7877ef46 100644 --- a/appliances/OneKE/kubernetes.rb +++ b/appliances/OneKE/kubernetes.rb @@ -199,6 +199,8 @@ def init_master msg :info, 'Prepare initial rke2-server config' file '/etc/rancher/rke2/config.yaml', YAML.dump(server_config), overwrite: false + configure_rke2_proxy 'master' + msg :info, "Initialize first master: #{name}" bash 'systemctl enable rke2-server.service --now' @@ -305,6 +307,8 @@ def join_worker(token) msg :info, 'Prepare rke2-agent config' file '/etc/rancher/rke2/config.yaml', YAML.dump(agent_config), overwrite: true + configure_rke2_proxy 'worker' + msg :info, "Join worker: #{name}" bash 'systemctl enable rke2-agent.service --now' end @@ -329,6 +333,8 @@ def join_storage(token) msg :info, 'Prepare rke2-agent config' file '/etc/rancher/rke2/config.yaml', YAML.dump(agent_config), overwrite: true + configure_rke2_proxy 'worker' + msg :info, "Join storage: #{name}" bash 'systemctl enable rke2-agent.service --now' end @@ -361,3 +367,36 @@ def detect_node msg :debug, "detect_node / #{results}" results end + +def configure_rke2_proxy(current_role) + if ONEAPP_K8S_HTTP_PROXY.to_s.empty? && ONEAPP_K8S_HTTPS_PROXY.to_s.empty? + return + end + + rke2_role = current_role == 'master' ? 'server' : 'agent' + filepath = "/etc/default/rke2-#{rke2_role}" + + msg :info, "Prepare rke2-#{rke2_role} proxy config in #{filepath}" + + proxy_config = String.new + proxy_config << "HTTP_PROXY=#{ONEAPP_K8S_HTTP_PROXY}\n" unless ONEAPP_K8S_HTTP_PROXY.nil? + proxy_config << "HTTPS_PROXY=#{ONEAPP_K8S_HTTPS_PROXY}\n" unless ONEAPP_K8S_HTTPS_PROXY.nil? + if ONEAPP_K8S_NO_PROXY.to_s.empty? + no_proxy = ['127.0.0.1/32', 'localhost'] + no_proxy << retrieve_endpoint_host(ONEAPP_K8S_CONTROL_PLANE_EP) if ONEAPP_K8S_CONTROL_PLANE_EP + no_proxy << retrieve_endpoint_host(ONEAPP_RKE2_SUPERVISOR_EP) if ONEAPP_RKE2_SUPERVISOR_EP + proxy_config << "NO_PROXY=#{no_proxy.uniq.join(',')}\n" + else + proxy_config << "NO_PROXY=#{ONEAPP_K8S_NO_PROXY}\n" + end + + file filepath, proxy_config, overwrite: true + +end + +def retrieve_endpoint_host(endpoint) + uri = URI.parse(endpoint.include?('://') ? endpoint : "http://#{endpoint}") + host = uri.host + host = "#{host}/32" if host =~ Resolv::IPv4::Regex + host +end From e8c47689992c7077788be15320fde2189cfc0337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Wed, 11 Dec 2024 13:40:36 +0100 Subject: [PATCH 05/13] f-145: Adapt code to cilium 1.16 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/cilium.rb | 7 ++++--- appliances/OneKE/cilium_spec.rb | 15 +++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/appliances/OneKE/cilium.rb b/appliances/OneKE/cilium.rb index c35ddec3..c86e6e57 100644 --- a/appliances/OneKE/cilium.rb +++ b/appliances/OneKE/cilium.rb @@ -24,7 +24,7 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT namespace: kube-system spec: valuesContent: |- - kubeProxyReplacement: strict + kubeProxyReplacement: true k8sServiceHost: "#{ep.host}" k8sServicePort: #{ep.port} cni: @@ -39,14 +39,15 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT name: default namespace: kube-system spec: - cidrs: {} + blocks: {} + allowFirstLastIPs: "No" MANIFEST unless ONEAPP_K8S_CILIUM_RANGES.empty? ip_address_pool = documents.find do |doc| doc['kind'] == 'CiliumLoadBalancerIPPool' && doc.dig('metadata', 'name') == 'default' end - ip_address_pool['spec']['cidrs'] = extract_cilium_ranges.map do |item| + ip_address_pool['spec']['blocks'] = extract_cilium_ranges.map do |item| { 'cidr' => item.join('/') } end end diff --git a/appliances/OneKE/cilium_spec.rb b/appliances/OneKE/cilium_spec.rb index 89279d16..ea1fe6ae 100644 --- a/appliances/OneKE/cilium_spec.rb +++ b/appliances/OneKE/cilium_spec.rb @@ -49,7 +49,7 @@ namespace: kube-system spec: valuesContent: |- - kubeProxyReplacement: strict + kubeProxyReplacement: true k8sServiceHost: "192.168.150.86" k8sServicePort: 6443 cni: @@ -64,7 +64,8 @@ name: default namespace: kube-system spec: - cidrs: {} + blocks: {} + allowFirstLastIPs: "No" MANIFEST Dir.mktmpdir do |temp_dir| configure_cilium temp_dir @@ -86,7 +87,7 @@ namespace: kube-system spec: valuesContent: |- - kubeProxyReplacement: strict + kubeProxyReplacement: true k8sServiceHost: "192.168.150.86" k8sServicePort: 6443 cni: @@ -101,9 +102,10 @@ name: default namespace: kube-system spec: - cidrs: + blocks: - cidr: 192.168.150.128/25 - cidr: 10.11.12.0/24 + allowFirstLastIPs: "No" MANIFEST Dir.mktmpdir do |temp_dir| configure_cilium temp_dir @@ -122,7 +124,7 @@ namespace: kube-system spec: valuesContent: |- - kubeProxyReplacement: strict + kubeProxyReplacement: true k8sServiceHost: "192.168.150.86" k8sServicePort: 6443 cni: @@ -137,9 +139,10 @@ name: default namespace: kube-system spec: - cidrs: + blocks: - cidr: 192.168.150.128/25 - cidr: 10.11.12.0/24 + allowFirstLastIPs: "No" MANIFEST stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' stub_const 'ONEAPP_K8S_CNI_CONFIG', Base64.encode64(manifest) From 5fac53f823c58d4481a53c70aacdd4ad27ed21c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Thu, 12 Dec 2024 10:45:13 +0100 Subject: [PATCH 06/13] f-145: Refactors ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/config.rb | 2 +- appliances/OneKE/kubernetes.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index 9795cb52..733b2a09 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -38,7 +38,7 @@ ONEAPP_K8S_RUBY_VERSION = env :ONEAPP_K8S_RUBY_VERSION, '3.3-alpine3.18' -ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER = env :ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER, 'NO' +ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER = env :ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER, 'YES' ONEAPP_VROUTER_ETH0_VIP0 = env :ONEAPP_VROUTER_ETH0_VIP0, nil ONEAPP_VROUTER_ETH1_VIP0 = env :ONEAPP_VROUTER_ETH1_VIP0, nil diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb index 7877ef46..47446812 100644 --- a/appliances/OneKE/kubernetes.rb +++ b/appliances/OneKE/kubernetes.rb @@ -193,7 +193,7 @@ def init_master 'disable' => ['rke2-ingress-nginx'], 'cni' => cni, 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', - 'disable-cloud-controller' => ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER + 'disable-cloud-controller' => ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER == false } msg :info, 'Prepare initial rke2-server config' @@ -250,7 +250,7 @@ def join_master(token, retries = RETRIES, seconds = SECONDS) 'disable' => ['rke2-ingress-nginx'], 'cni' => cni, 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', - 'disable-cloud-controller' => ONEAPP_K8S_CUSTOM_CLOUD_CONTROLLER + 'disable-cloud-controller' => ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER == false } msg :info, 'Prepare rke2-server config' From f0293540736c7f40d102f7661605cfd99dcbfac5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Mon, 16 Dec 2024 15:45:21 +0100 Subject: [PATCH 07/13] Disables cilium as default LBIPAM service --- appliances/OneKE/cilium.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/appliances/OneKE/cilium.rb b/appliances/OneKE/cilium.rb index c86e6e57..014fc512 100644 --- a/appliances/OneKE/cilium.rb +++ b/appliances/OneKE/cilium.rb @@ -32,6 +32,7 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT exclusive: false bgpControlPlane: enabled: true + defaultLBServiceIPAM: none --- apiVersion: cilium.io/v2alpha1 kind: CiliumLoadBalancerIPPool From 88b66ebfaaff7d7ad16ee371722b7bda260602fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Mon, 16 Dec 2024 15:57:40 +0100 Subject: [PATCH 08/13] f-145: parameterizes metallb LoadBalancerClass name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/config.rb | 1 + appliances/OneKE/metallb.rb | 1 + 2 files changed, 2 insertions(+) diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index 733b2a09..5c9d388b 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -29,6 +29,7 @@ ONEAPP_STORAGE_MOUNTPOINT = env :ONEAPP_STORAGE_MOUNTPOINT, '/var/lib/longhorn' ONEAPP_K8S_METALLB_CHART_VERSION = env :ONEAPP_K8S_METALLB_CHART_VERSION, '0.14.8' +ONEAPP_K8S_METALLB_CLASS = env :ONEAPP_K8S_METALLB_CLASS, 'metallb' ONEAPP_K8S_METALLB_ENABLED = env :ONEAPP_K8S_METALLB_ENABLED, 'NO' ONEAPP_K8S_METALLB_CONFIG = env :ONEAPP_K8S_METALLB_CONFIG, nil ONEAPP_K8S_METALLB_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_METALLB_RANGE' } .values diff --git a/appliances/OneKE/metallb.rb b/appliances/OneKE/metallb.rb index d290d40b..f413df1c 100644 --- a/appliances/OneKE/metallb.rb +++ b/appliances/OneKE/metallb.rb @@ -82,6 +82,7 @@ def fetch_metallb(addon_dir = ONE_ADDON_DIR) speaker: image: pullPolicy: IfNotPresent + loadBalancerClass: #{ONEAPP_K8S_METALLB_CLASS} MANIFEST msg :info, "Generate MetalLB addon manifest: #{ONEAPP_K8S_METALLB_CHART_VERSION}" From d6ea0d4765796ec3ad7cd8926c551942419f7928 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Tue, 17 Dec 2024 10:50:42 +0100 Subject: [PATCH 09/13] f-145: adds ONEAPP_K8S_CILIUM_ENABLE_BGP flag for disabling cilium bgp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/cilium.rb | 46 +++++++++++++++++++++------------ appliances/OneKE/cilium_spec.rb | 32 +++++++++++++++++++++++ appliances/OneKE/config.rb | 1 + 3 files changed, 62 insertions(+), 17 deletions(-) diff --git a/appliances/OneKE/cilium.rb b/appliances/OneKE/cilium.rb index 014fc512..1c2b9584 100644 --- a/appliances/OneKE/cilium.rb +++ b/appliances/OneKE/cilium.rb @@ -7,6 +7,14 @@ require_relative 'config.rb' require_relative 'helpers.rb' +# NOTE: We added the ONEAPP_K8S_CILIUM_ENABLE_BGP flag for being able to disable +# BGP control plane and CiliumLoadBalancerIPPool CRD creation in order to avoid +# conflicts with other LB controllers managing services without LBClass set. +# From cilium v1.17, we will be able to add `defaultLBServiceIPAM: none` in the +# HelmChartConfig for letting cilium ignoring services without LBClass set. +# More info: https://github.com/cilium/cilium/pull/33351 +# and https://docs.cilium.io/en/latest/network/lb-ipam/#loadbalancerclass + def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONTROL_PLANE_EP) msg :info, 'Configure Cilium' @@ -31,27 +39,31 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT chainingMode: "none" exclusive: false bgpControlPlane: - enabled: true - defaultLBServiceIPAM: none - --- - apiVersion: cilium.io/v2alpha1 - kind: CiliumLoadBalancerIPPool - metadata: - name: default - namespace: kube-system - spec: - blocks: {} - allowFirstLastIPs: "No" + enabled: #{ONEAPP_K8S_CILIUM_ENABLE_BGP} MANIFEST - unless ONEAPP_K8S_CILIUM_RANGES.empty? - ip_address_pool = documents.find do |doc| - doc['kind'] == 'CiliumLoadBalancerIPPool' && doc.dig('metadata', 'name') == 'default' - end - ip_address_pool['spec']['blocks'] = extract_cilium_ranges.map do |item| - { 'cidr' => item.join('/') } + if ONEAPP_K8S_CILIUM_ENABLE_BGP and ONEAPP_K8S_CILIUM_RANGES.is_a?(Array) + documents += YAML.load_stream <<~MANIFEST + --- + apiVersion: cilium.io/v2alpha1 + kind: CiliumLoadBalancerIPPool + metadata: + name: default + namespace: kube-system + spec: + blocks: {} + allowFirstLastIPs: "No" + MANIFEST + unless ONEAPP_K8S_CILIUM_RANGES.empty? + ip_address_pool = documents.find do |doc| + doc['kind'] == 'CiliumLoadBalancerIPPool' && doc.dig('metadata', 'name') == 'default' + end + ip_address_pool['spec']['blocks'] = extract_cilium_ranges.map do |item| + { 'cidr' => item.join('/') } + end end end + else msg :info, 'Use Cilium user-provided config' documents = YAML.load_stream Base64.decode64 ONEAPP_K8S_CNI_CONFIG diff --git a/appliances/OneKE/cilium_spec.rb b/appliances/OneKE/cilium_spec.rb index ea1fe6ae..346a7bec 100644 --- a/appliances/OneKE/cilium_spec.rb +++ b/appliances/OneKE/cilium_spec.rb @@ -39,6 +39,7 @@ stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' stub_const 'ONEAPP_K8S_CNI_CONFIG', nil + stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', true stub_const 'ONEAPP_K8S_CILIUM_RANGES', [] output = YAML.load_stream <<~MANIFEST --- @@ -77,6 +78,7 @@ it 'should apply user-defined ranges' do stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' + stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', true stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] output = YAML.load_stream <<~MANIFEST --- @@ -114,6 +116,36 @@ end end + it 'should disable bgpControlPlane and not define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is false' do + stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' + stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' + stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', false + stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] + output = YAML.load_stream <<~MANIFEST + --- + apiVersion: helm.cattle.io/v1 + kind: HelmChartConfig + metadata: + name: rke2-cilium + namespace: kube-system + spec: + valuesContent: |- + kubeProxyReplacement: true + k8sServiceHost: "192.168.150.86" + k8sServicePort: 6443 + cni: + chainingMode: "none" + exclusive: false + bgpControlPlane: + enabled: false + MANIFEST + Dir.mktmpdir do |temp_dir| + configure_cilium temp_dir + result = YAML.load_stream File.read "#{temp_dir}/rke2-cilium-config.yaml" + expect(result).to eq output + end + end + it 'should apply user-defined config manifest (and ignore user-defined ranges)' do manifest = <<~MANIFEST --- diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index 5c9d388b..2d83709d 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -19,6 +19,7 @@ ONEAPP_K8S_CNI_PLUGIN = env :ONEAPP_K8S_CNI_PLUGIN, 'cilium' ONEAPP_K8S_CNI_CONFIG = env :ONEAPP_K8S_CNI_CONFIG, nil +ONEAPP_K8S_CILIUM_ENABLE_BGP = env :ONEAPP_K8S_CILIUM_ENABLE_BGP, 'NO' ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' } .values ONEAPP_K8S_LONGHORN_CHART_VERSION = env :ONEAPP_K8S_LONGHORN_CHART_VERSION, '1.7.2' From 4a587483eaea740af2f48cace1c2effb28d0b7bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Tue, 17 Dec 2024 13:48:59 +0100 Subject: [PATCH 10/13] f-145: corrects cilium BGP ip pools setting corrections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/cilium.rb | 7 ++-- appliances/OneKE/cilium_spec.rb | 59 +++++++++++++++++++++++++++------ appliances/OneKE/config.rb | 2 +- 3 files changed, 55 insertions(+), 13 deletions(-) diff --git a/appliances/OneKE/cilium.rb b/appliances/OneKE/cilium.rb index 1c2b9584..1dcf6189 100644 --- a/appliances/OneKE/cilium.rb +++ b/appliances/OneKE/cilium.rb @@ -23,6 +23,9 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT if ONEAPP_K8S_CNI_CONFIG.nil? msg :info, 'Create Cilium CRD config from user-provided ranges' + enable_bgp = ONEAPP_K8S_CILIUM_ENABLE_BGP \ + || (ONEAPP_K8S_CILIUM_ENABLE_BGP.nil? && !ONEAPP_K8S_CILIUM_RANGES.empty?) + documents = YAML.load_stream <<~MANIFEST --- apiVersion: helm.cattle.io/v1 @@ -39,10 +42,10 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT chainingMode: "none" exclusive: false bgpControlPlane: - enabled: #{ONEAPP_K8S_CILIUM_ENABLE_BGP} + enabled: #{enable_bgp} MANIFEST - if ONEAPP_K8S_CILIUM_ENABLE_BGP and ONEAPP_K8S_CILIUM_RANGES.is_a?(Array) + if enable_bgp documents += YAML.load_stream <<~MANIFEST --- apiVersion: cilium.io/v2alpha1 diff --git a/appliances/OneKE/cilium_spec.rb b/appliances/OneKE/cilium_spec.rb index 346a7bec..98818982 100644 --- a/appliances/OneKE/cilium_spec.rb +++ b/appliances/OneKE/cilium_spec.rb @@ -35,12 +35,10 @@ end RSpec.describe 'configure_cilium' do - it 'should apply user-defined ranges (empty)' do + it 'should apply user-defined ranges' do stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' - stub_const 'ONEAPP_K8S_CNI_CONFIG', nil - stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', true - stub_const 'ONEAPP_K8S_CILIUM_RANGES', [] + stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] output = YAML.load_stream <<~MANIFEST --- apiVersion: helm.cattle.io/v1 @@ -65,7 +63,9 @@ name: default namespace: kube-system spec: - blocks: {} + blocks: + - cidr: 192.168.150.128/25 + - cidr: 10.11.12.0/24 allowFirstLastIPs: "No" MANIFEST Dir.mktmpdir do |temp_dir| @@ -75,7 +75,37 @@ end end - it 'should apply user-defined ranges' do + it 'should not define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is false and ONEAPP_K8S_CILIUM_RANGES is not empty' do + stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' + stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' + stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', false + stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] + output = YAML.load_stream <<~MANIFEST + --- + apiVersion: helm.cattle.io/v1 + kind: HelmChartConfig + metadata: + name: rke2-cilium + namespace: kube-system + spec: + valuesContent: |- + kubeProxyReplacement: true + k8sServiceHost: "192.168.150.86" + k8sServicePort: 6443 + cni: + chainingMode: "none" + exclusive: false + bgpControlPlane: + enabled: false + MANIFEST + Dir.mktmpdir do |temp_dir| + configure_cilium temp_dir + result = YAML.load_stream File.read "#{temp_dir}/rke2-cilium-config.yaml" + expect(result).to eq output + end + end + + it 'should define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is true and ONEAPP_K8S_CILIUM_RANGES is not empty' do stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', true @@ -116,11 +146,11 @@ end end - it 'should disable bgpControlPlane and not define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is false' do + it 'should define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is true and ONEAPP_K8S_CILIUM_RANGES is empty' do stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' - stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', false - stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] + stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', true + stub_const 'ONEAPP_K8S_CILIUM_RANGES', [] output = YAML.load_stream <<~MANIFEST --- apiVersion: helm.cattle.io/v1 @@ -137,7 +167,16 @@ chainingMode: "none" exclusive: false bgpControlPlane: - enabled: false + enabled: true + --- + apiVersion: cilium.io/v2alpha1 + kind: CiliumLoadBalancerIPPool + metadata: + name: default + namespace: kube-system + spec: + blocks: {} + allowFirstLastIPs: "No" MANIFEST Dir.mktmpdir do |temp_dir| configure_cilium temp_dir diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index 2d83709d..d27490a7 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -19,7 +19,7 @@ ONEAPP_K8S_CNI_PLUGIN = env :ONEAPP_K8S_CNI_PLUGIN, 'cilium' ONEAPP_K8S_CNI_CONFIG = env :ONEAPP_K8S_CNI_CONFIG, nil -ONEAPP_K8S_CILIUM_ENABLE_BGP = env :ONEAPP_K8S_CILIUM_ENABLE_BGP, 'NO' +ONEAPP_K8S_CILIUM_ENABLE_BGP = env :ONEAPP_K8S_CILIUM_ENABLE_BGP, nil ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' } .values ONEAPP_K8S_LONGHORN_CHART_VERSION = env :ONEAPP_K8S_LONGHORN_CHART_VERSION, '1.7.2' From 88e47b11c9070114e65d82323ceb79736c75abe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Ram=C3=ADrez?= Date: Wed, 18 Dec 2024 19:19:49 +0100 Subject: [PATCH 11/13] f-157: replaces ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER by ONEAPP_K8S_RKE2_CLOUD_CONTROLLER_ENABLED MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aleix Ramírez --- appliances/OneKE/config.rb | 2 +- appliances/OneKE/kubernetes.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index d27490a7..492ebfbb 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -40,7 +40,7 @@ ONEAPP_K8S_RUBY_VERSION = env :ONEAPP_K8S_RUBY_VERSION, '3.3-alpine3.18' -ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER = env :ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER, 'YES' +ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED = env :ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED, 'YES' ONEAPP_VROUTER_ETH0_VIP0 = env :ONEAPP_VROUTER_ETH0_VIP0, nil ONEAPP_VROUTER_ETH1_VIP0 = env :ONEAPP_VROUTER_ETH1_VIP0, nil diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb index 47446812..bfe4bb1a 100644 --- a/appliances/OneKE/kubernetes.rb +++ b/appliances/OneKE/kubernetes.rb @@ -193,7 +193,7 @@ def init_master 'disable' => ['rke2-ingress-nginx'], 'cni' => cni, 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', - 'disable-cloud-controller' => ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER == false + 'disable-cloud-controller' => ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED == false } msg :info, 'Prepare initial rke2-server config' @@ -250,7 +250,7 @@ def join_master(token, retries = RETRIES, seconds = SECONDS) 'disable' => ['rke2-ingress-nginx'], 'cni' => cni, 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', - 'disable-cloud-controller' => ONEAPP_K8S_ENABLE_CLOUD_CONTROLLER == false + 'disable-cloud-controller' => ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED == false } msg :info, 'Prepare rke2-server config' From 4e4fd2d9d4e55890019dacdc353b3638eef8e607 Mon Sep 17 00:00:00 2001 From: Michal Opala Date: Wed, 18 Dec 2024 21:08:58 +0100 Subject: [PATCH 12/13] Add basic fixes for OneKE 1.31 --- appliances/OneKE/cilium.rb | 6 ++-- appliances/OneKE/cilium_spec.rb | 12 ++++---- appliances/OneKE/config.rb | 12 ++++---- appliances/OneKE/kubernetes.rb | 49 ++++++++++++++++----------------- 4 files changed, 38 insertions(+), 41 deletions(-) diff --git a/appliances/OneKE/cilium.rb b/appliances/OneKE/cilium.rb index 1dcf6189..c6c0153b 100644 --- a/appliances/OneKE/cilium.rb +++ b/appliances/OneKE/cilium.rb @@ -7,7 +7,7 @@ require_relative 'config.rb' require_relative 'helpers.rb' -# NOTE: We added the ONEAPP_K8S_CILIUM_ENABLE_BGP flag for being able to disable +# NOTE: We added the ONEAPP_K8S_CILIUM_BGP_ENABLED flag for being able to disable # BGP control plane and CiliumLoadBalancerIPPool CRD creation in order to avoid # conflicts with other LB controllers managing services without LBClass set. # From cilium v1.17, we will be able to add `defaultLBServiceIPAM: none` in the @@ -23,8 +23,8 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT if ONEAPP_K8S_CNI_CONFIG.nil? msg :info, 'Create Cilium CRD config from user-provided ranges' - enable_bgp = ONEAPP_K8S_CILIUM_ENABLE_BGP \ - || (ONEAPP_K8S_CILIUM_ENABLE_BGP.nil? && !ONEAPP_K8S_CILIUM_RANGES.empty?) + enable_bgp = ONEAPP_K8S_CILIUM_BGP_ENABLED \ + || (ONEAPP_K8S_CILIUM_BGP_ENABLED.nil? && !ONEAPP_K8S_CILIUM_RANGES.empty?) documents = YAML.load_stream <<~MANIFEST --- diff --git a/appliances/OneKE/cilium_spec.rb b/appliances/OneKE/cilium_spec.rb index 98818982..0b463444 100644 --- a/appliances/OneKE/cilium_spec.rb +++ b/appliances/OneKE/cilium_spec.rb @@ -75,10 +75,10 @@ end end - it 'should not define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is false and ONEAPP_K8S_CILIUM_RANGES is not empty' do + it 'should not define ip ranges when ONEAPP_K8S_CILIUM_BGP_ENABLED is false and ONEAPP_K8S_CILIUM_RANGES is not empty' do stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' - stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', false + stub_const 'ONEAPP_K8S_CILIUM_BGP_ENABLED', false stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] output = YAML.load_stream <<~MANIFEST --- @@ -105,10 +105,10 @@ end end - it 'should define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is true and ONEAPP_K8S_CILIUM_RANGES is not empty' do + it 'should define ip ranges when ONEAPP_K8S_CILIUM_BGP_ENABLED is true and ONEAPP_K8S_CILIUM_RANGES is not empty' do stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' - stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', true + stub_const 'ONEAPP_K8S_CILIUM_BGP_ENABLED', true stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] output = YAML.load_stream <<~MANIFEST --- @@ -146,10 +146,10 @@ end end - it 'should define ip ranges when ONEAPP_K8S_CILIUM_ENABLE_BGP is true and ONEAPP_K8S_CILIUM_RANGES is empty' do + it 'should define ip ranges when ONEAPP_K8S_CILIUM_BGP_ENABLED is true and ONEAPP_K8S_CILIUM_RANGES is empty' do stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' - stub_const 'ONEAPP_K8S_CILIUM_ENABLE_BGP', true + stub_const 'ONEAPP_K8S_CILIUM_BGP_ENABLED', true stub_const 'ONEAPP_K8S_CILIUM_RANGES', [] output = YAML.load_stream <<~MANIFEST --- diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index 492ebfbb..a51b4f7b 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -17,10 +17,10 @@ ONEAPP_K8S_MULTUS_ENABLED = env :ONEAPP_K8S_MULTUS_ENABLED, 'NO' ONEAPP_K8S_MULTUS_CONFIG = env :ONEAPP_K8S_MULTUS_CONFIG, nil -ONEAPP_K8S_CNI_PLUGIN = env :ONEAPP_K8S_CNI_PLUGIN, 'cilium' -ONEAPP_K8S_CNI_CONFIG = env :ONEAPP_K8S_CNI_CONFIG, nil -ONEAPP_K8S_CILIUM_ENABLE_BGP = env :ONEAPP_K8S_CILIUM_ENABLE_BGP, nil -ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' } .values +ONEAPP_K8S_CNI_PLUGIN = env :ONEAPP_K8S_CNI_PLUGIN, 'cilium' +ONEAPP_K8S_CNI_CONFIG = env :ONEAPP_K8S_CNI_CONFIG, nil +ONEAPP_K8S_CILIUM_BGP_ENABLED = env :ONEAPP_K8S_CILIUM_BGP_ENABLED, nil +ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' } .values ONEAPP_K8S_LONGHORN_CHART_VERSION = env :ONEAPP_K8S_LONGHORN_CHART_VERSION, '1.7.2' ONEAPP_K8S_LONGHORN_ENABLED = env :ONEAPP_K8S_LONGHORN_ENABLED, 'NO' @@ -61,9 +61,9 @@ ONEAPP_K8S_EXTRA_SANS = env :ONEAPP_K8S_EXTRA_SANS, 'localhost,127.0.0.1' # Proxy config for RKE2: https://docs.rke2.io/advanced#configuring-an-http-proxy -ONEAPP_K8S_HTTP_PROXY = env :ONEAPP_K8S_HTTP_PROXY, nil +ONEAPP_K8S_HTTP_PROXY = env :ONEAPP_K8S_HTTP_PROXY, nil ONEAPP_K8S_HTTPS_PROXY = env :ONEAPP_K8S_HTTPS_PROXY, nil -ONEAPP_K8S_NO_PROXY = env :ONEAPP_K8S_NO_PROXY, nil +ONEAPP_K8S_NO_PROXY = env :ONEAPP_K8S_NO_PROXY, nil FALLBACK_GW = env :FALLBACK_GW, nil FALLBACK_DNS = env :FALLBACK_DNS, nil diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb index bfe4bb1a..1f909876 100644 --- a/appliances/OneKE/kubernetes.rb +++ b/appliances/OneKE/kubernetes.rb @@ -186,13 +186,13 @@ def init_master sans << cp.host server_config = { - 'node-name' => name, - 'token' => SecureRandom.uuid, - 'tls-san' => sans.uniq, - 'node-taint' => ['CriticalAddonsOnly=true:NoExecute'], - 'disable' => ['rke2-ingress-nginx'], - 'cni' => cni, - 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', + 'node-name' => name, + 'token' => SecureRandom.uuid, + 'tls-san' => sans.uniq, + 'node-taint' => ['CriticalAddonsOnly=true:NoExecute'], + 'disable' => ['rke2-ingress-nginx'], + 'cni' => cni, + 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', 'disable-cloud-controller' => ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED == false } @@ -242,14 +242,14 @@ def join_master(token, retries = RETRIES, seconds = SECONDS) sans << cp.host server_config = { - 'node-name' => name, - 'server' => "https://#{ONEAPP_RKE2_SUPERVISOR_EP}", - 'token' => token, - 'tls-san' => sans.uniq, - 'node-taint' => ['CriticalAddonsOnly=true:NoExecute'], - 'disable' => ['rke2-ingress-nginx'], - 'cni' => cni, - 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', + 'node-name' => name, + 'server' => "https://#{ONEAPP_RKE2_SUPERVISOR_EP}", + 'token' => token, + 'tls-san' => sans.uniq, + 'node-taint' => ['CriticalAddonsOnly=true:NoExecute'], + 'disable' => ['rke2-ingress-nginx'], + 'cni' => cni, + 'disable-kube-proxy' => ONEAPP_K8S_CNI_PLUGIN == 'cilium', 'disable-cloud-controller' => ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED == false } @@ -369,29 +369,26 @@ def detect_node end def configure_rke2_proxy(current_role) - if ONEAPP_K8S_HTTP_PROXY.to_s.empty? && ONEAPP_K8S_HTTPS_PROXY.to_s.empty? - return - end + return if ONEAPP_K8S_HTTP_PROXY.to_s.empty? && ONEAPP_K8S_HTTPS_PROXY.to_s.empty? rke2_role = current_role == 'master' ? 'server' : 'agent' - filepath = "/etc/default/rke2-#{rke2_role}" + filepath = "/etc/default/rke2-#{rke2_role}" msg :info, "Prepare rke2-#{rke2_role} proxy config in #{filepath}" - proxy_config = String.new - proxy_config << "HTTP_PROXY=#{ONEAPP_K8S_HTTP_PROXY}\n" unless ONEAPP_K8S_HTTP_PROXY.nil? - proxy_config << "HTTPS_PROXY=#{ONEAPP_K8S_HTTPS_PROXY}\n" unless ONEAPP_K8S_HTTPS_PROXY.nil? + proxy_config = [] + proxy_config << "HTTP_PROXY=#{ONEAPP_K8S_HTTP_PROXY}" unless ONEAPP_K8S_HTTP_PROXY.nil? + proxy_config << "HTTPS_PROXY=#{ONEAPP_K8S_HTTPS_PROXY}" unless ONEAPP_K8S_HTTPS_PROXY.nil? if ONEAPP_K8S_NO_PROXY.to_s.empty? no_proxy = ['127.0.0.1/32', 'localhost'] no_proxy << retrieve_endpoint_host(ONEAPP_K8S_CONTROL_PLANE_EP) if ONEAPP_K8S_CONTROL_PLANE_EP no_proxy << retrieve_endpoint_host(ONEAPP_RKE2_SUPERVISOR_EP) if ONEAPP_RKE2_SUPERVISOR_EP - proxy_config << "NO_PROXY=#{no_proxy.uniq.join(',')}\n" + proxy_config << "NO_PROXY=#{no_proxy.uniq.join(',')}" else - proxy_config << "NO_PROXY=#{ONEAPP_K8S_NO_PROXY}\n" + proxy_config << "NO_PROXY=#{ONEAPP_K8S_NO_PROXY}" end - file filepath, proxy_config, overwrite: true - + file filepath, proxy_config.join("\n"), overwrite: true end def retrieve_endpoint_host(endpoint) From b724f08b7dd763def5a4b8073e3436d80f53045c Mon Sep 17 00:00:00 2001 From: Michal Opala Date: Thu, 19 Dec 2024 12:22:00 +0100 Subject: [PATCH 13/13] Revert the over-complicated cilium BGP/range logic --- appliances/OneKE/cilium.rb | 7 ++---- appliances/OneKE/cilium_spec.rb | 42 --------------------------------- appliances/OneKE/config.rb | 2 +- 3 files changed, 3 insertions(+), 48 deletions(-) diff --git a/appliances/OneKE/cilium.rb b/appliances/OneKE/cilium.rb index c6c0153b..799305ef 100644 --- a/appliances/OneKE/cilium.rb +++ b/appliances/OneKE/cilium.rb @@ -23,9 +23,6 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT if ONEAPP_K8S_CNI_CONFIG.nil? msg :info, 'Create Cilium CRD config from user-provided ranges' - enable_bgp = ONEAPP_K8S_CILIUM_BGP_ENABLED \ - || (ONEAPP_K8S_CILIUM_BGP_ENABLED.nil? && !ONEAPP_K8S_CILIUM_RANGES.empty?) - documents = YAML.load_stream <<~MANIFEST --- apiVersion: helm.cattle.io/v1 @@ -42,10 +39,10 @@ def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONT chainingMode: "none" exclusive: false bgpControlPlane: - enabled: #{enable_bgp} + enabled: #{ONEAPP_K8S_CILIUM_BGP_ENABLED} MANIFEST - if enable_bgp + if ONEAPP_K8S_CILIUM_BGP_ENABLED documents += YAML.load_stream <<~MANIFEST --- apiVersion: cilium.io/v2alpha1 diff --git a/appliances/OneKE/cilium_spec.rb b/appliances/OneKE/cilium_spec.rb index 0b463444..c6f77531 100644 --- a/appliances/OneKE/cilium_spec.rb +++ b/appliances/OneKE/cilium_spec.rb @@ -43,47 +43,6 @@ --- apiVersion: helm.cattle.io/v1 kind: HelmChartConfig - metadata: - name: rke2-cilium - namespace: kube-system - spec: - valuesContent: |- - kubeProxyReplacement: true - k8sServiceHost: "192.168.150.86" - k8sServicePort: 6443 - cni: - chainingMode: "none" - exclusive: false - bgpControlPlane: - enabled: true - --- - apiVersion: cilium.io/v2alpha1 - kind: CiliumLoadBalancerIPPool - metadata: - name: default - namespace: kube-system - spec: - blocks: - - cidr: 192.168.150.128/25 - - cidr: 10.11.12.0/24 - allowFirstLastIPs: "No" - MANIFEST - Dir.mktmpdir do |temp_dir| - configure_cilium temp_dir - result = YAML.load_stream File.read "#{temp_dir}/rke2-cilium-config.yaml" - expect(result).to eq output - end - end - - it 'should not define ip ranges when ONEAPP_K8S_CILIUM_BGP_ENABLED is false and ONEAPP_K8S_CILIUM_RANGES is not empty' do - stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443' - stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium' - stub_const 'ONEAPP_K8S_CILIUM_BGP_ENABLED', false - stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24'] - output = YAML.load_stream <<~MANIFEST - --- - apiVersion: helm.cattle.io/v1 - kind: HelmChartConfig metadata: name: rke2-cilium namespace: kube-system @@ -225,5 +184,4 @@ expect(result).to eq output end end - end diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb index a51b4f7b..1813b43d 100644 --- a/appliances/OneKE/config.rb +++ b/appliances/OneKE/config.rb @@ -19,7 +19,7 @@ ONEAPP_K8S_CNI_PLUGIN = env :ONEAPP_K8S_CNI_PLUGIN, 'cilium' ONEAPP_K8S_CNI_CONFIG = env :ONEAPP_K8S_CNI_CONFIG, nil -ONEAPP_K8S_CILIUM_BGP_ENABLED = env :ONEAPP_K8S_CILIUM_BGP_ENABLED, nil +ONEAPP_K8S_CILIUM_BGP_ENABLED = env :ONEAPP_K8S_CILIUM_BGP_ENABLED, 'NO' ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' } .values ONEAPP_K8S_LONGHORN_CHART_VERSION = env :ONEAPP_K8S_LONGHORN_CHART_VERSION, '1.7.2'