diff --git a/pkg/controller/template/render.go b/pkg/controller/template/render.go index 231a519373..da9630f575 100644 --- a/pkg/controller/template/render.go +++ b/pkg/controller/template/render.go @@ -27,9 +27,10 @@ type RenderConfig struct { } const ( - filesDir = "files" - unitsDir = "units" - platformBase = "_base" + filesDir = "files" + unitsDir = "units" + platformBase = "_base" + platformOnPrem = "on-prem" ) // generateTemplateMachineConfigs returns MachineConfig objects from the templateDir and a config object @@ -192,7 +193,10 @@ func generateMachineConfigForName(config *RenderConfig, role, name, templateDir, platformDirs := []string{} if !*commonAdded { // Loop over templates/common which applies everywhere - for _, dir := range []string{platformBase, platformString} { + for _, dir := range []string{platformBase, platformOnPrem, platformString} { + if dir == platformOnPrem && !onPremPlatform(config.Infra.Status.PlatformStatus.Type) { + continue + } basePath := filepath.Join(templateDir, "common", dir) exists, err := existsDir(basePath) if err != nil { @@ -205,8 +209,12 @@ func generateMachineConfigForName(config *RenderConfig, role, name, templateDir, } *commonAdded = true } + // And now over the target e.g. templates/master/00-master,01-master-container-runtime,01-master-kubelet - for _, dir := range []string{platformBase, platformString} { + for _, dir := range []string{platformBase, platformOnPrem, platformString} { + if dir == platformOnPrem && !onPremPlatform(config.Infra.Status.PlatformStatus.Type) { + continue + } platformPath := filepath.Join(path, dir) exists, err := existsDir(platformPath) if err != nil { @@ -283,6 +291,10 @@ func renderTemplate(config RenderConfig, path string, b []byte) ([]byte, error) funcs["skip"] = skipMissing funcs["cloudProvider"] = cloudProvider funcs["cloudConfigFlag"] = cloudConfigFlag + funcs["onPremPlatformAPIServerInternalIP"] = onPremPlatformAPIServerInternalIP + funcs["onPremPlatformIngressIP"] = onPremPlatformIngressIP + funcs["onPremPlatformShortName"] = onPremPlatformShortName + funcs["onPremPlatformKeepalivedEnableUnicast"] = onPremPlatformKeepalivedEnableUnicast tmpl, err := template.New(path).Funcs(funcs).Parse(string(b)) if err != nil { return nil, fmt.Errorf("failed to parse template %s: %v", path, err) @@ -356,6 +368,76 @@ func cloudConfigFlag(cfg RenderConfig) interface{} { } } +func onPremPlatformShortName(cfg RenderConfig) interface{} { + if cfg.Infra.Status.PlatformStatus != nil { + switch cfg.Infra.Status.PlatformStatus.Type { + case configv1.BareMetalPlatformType: + return "kni" + case configv1.OvirtPlatformType: + return "ovirt" + case configv1.OpenStackPlatformType: + return "openstack" + case configv1.VSpherePlatformType: + return "vsphere" + default: + return "" + } + } else { + return "" + } +} + +func onPremPlatformKeepalivedEnableUnicast(cfg RenderConfig) (interface{}, error) { + if cfg.Infra.Status.PlatformStatus != nil { + switch cfg.Infra.Status.PlatformStatus.Type { + case configv1.BareMetalPlatformType: + return "yes", nil + default: + return "no", nil + } + } else { + return "no", nil + } +} + +func onPremPlatformIngressIP(cfg RenderConfig) (interface{}, error) { + if cfg.Infra.Status.PlatformStatus != nil { + switch cfg.Infra.Status.PlatformStatus.Type { + case configv1.BareMetalPlatformType: + return cfg.Infra.Status.PlatformStatus.BareMetal.IngressIP, nil + case configv1.OvirtPlatformType: + return cfg.Infra.Status.PlatformStatus.Ovirt.IngressIP, nil + case configv1.OpenStackPlatformType: + return cfg.Infra.Status.PlatformStatus.OpenStack.IngressIP, nil + case configv1.VSpherePlatformType: + return cfg.Infra.Status.PlatformStatus.VSphere.IngressIP, nil + default: + return nil, fmt.Errorf("invalid platform for Ingress IP") + } + } else { + return nil, fmt.Errorf("") + } +} + +func onPremPlatformAPIServerInternalIP(cfg RenderConfig) (interface{}, error) { + if cfg.Infra.Status.PlatformStatus != nil { + switch cfg.Infra.Status.PlatformStatus.Type { + case configv1.BareMetalPlatformType: + return cfg.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP, nil + case configv1.OvirtPlatformType: + return cfg.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP, nil + case configv1.OpenStackPlatformType: + return cfg.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP, nil + case configv1.VSpherePlatformType: + return cfg.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP, nil + default: + return nil, fmt.Errorf("invalid platform for API Server Internal IP") + } + } else { + return nil, fmt.Errorf("") + } +} + // existsDir returns true if path exists and is a directory, false if the path // does not exist, and error if there is a runtime error or the path is not a directory func existsDir(path string) (bool, error) { @@ -371,3 +453,12 @@ func existsDir(path string) (bool, error) { } return true, nil } + +func onPremPlatform(platformString configv1.PlatformType) bool { + switch platformString { + case configv1.BareMetalPlatformType, configv1.OvirtPlatformType, configv1.OpenStackPlatformType, configv1.VSpherePlatformType: + return true + default: + return false + } +} diff --git a/templates/common/baremetal/files/NetworkManager-mdns-hostname.yaml b/templates/common/on-prem/files/NetworkManager-mdns-hostname.yaml similarity index 100% rename from templates/common/baremetal/files/NetworkManager-mdns-hostname.yaml rename to templates/common/on-prem/files/NetworkManager-mdns-hostname.yaml diff --git a/templates/common/baremetal/files/baremetal-NetworkManager-kni-conf.yaml b/templates/common/on-prem/files/NetworkManager-onprem.conf.yaml similarity index 72% rename from templates/common/baremetal/files/baremetal-NetworkManager-kni-conf.yaml rename to templates/common/on-prem/files/NetworkManager-onprem.conf.yaml index 62007be856..2e2eae359d 100644 --- a/templates/common/baremetal/files/baremetal-NetworkManager-kni-conf.yaml +++ b/templates/common/on-prem/files/NetworkManager-onprem.conf.yaml @@ -1,5 +1,5 @@ mode: 0644 -path: "/etc/NetworkManager/conf.d/99-kni.conf" +path: "/etc/NetworkManager/conf.d/99-{{ onPremPlatformShortName . }}.conf" contents: inline: | [main] diff --git a/templates/common/baremetal/files/NetworkManager-resolv-prepender.yaml b/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml similarity index 94% rename from templates/common/baremetal/files/NetworkManager-resolv-prepender.yaml rename to templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml index 4021886175..974406a5c8 100644 --- a/templates/common/baremetal/files/NetworkManager-resolv-prepender.yaml +++ b/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml @@ -47,8 +47,8 @@ contents: {{ .Images.baremetalRuntimeCfgImage }} \ node-ip \ show \ - "{{.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP}}" \ - "{{.Infra.Status.PlatformStatus.BareMetal.IngressIP}}") + "{{ onPremPlatformAPIServerInternalIP . }}" \ + "{{ onPremPlatformIngressIP . }}") DOMAIN="{{.DNS.Spec.BaseDomain}}" if [[ -n "$NAMESERVER_IP" ]]; then >&2 echo "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to /etc/resolv.conf (other nameservers from /var/run/NetworkManager/resolv.conf)" diff --git a/templates/common/baremetal/files/baremetal-coredns-corefile.yaml b/templates/common/on-prem/files/coredns-corefile.yaml similarity index 87% rename from templates/common/baremetal/files/baremetal-coredns-corefile.yaml rename to templates/common/on-prem/files/coredns-corefile.yaml index 03657fe653..58fb6a6b4b 100644 --- a/templates/common/baremetal/files/baremetal-coredns-corefile.yaml +++ b/templates/common/on-prem/files/coredns-corefile.yaml @@ -11,7 +11,7 @@ contents: reload template IN {{`{{ .Cluster.IngressVIPRecordType }}`}} {{ .DNS.Spec.BaseDomain }} { match .*.apps.{{ .DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ onPremPlatformIngressIP . }}" fallthrough } template IN {{`{{ .Cluster.IngressVIPEmptyType }}`}} {{ .DNS.Spec.BaseDomain }} { @@ -20,7 +20,7 @@ contents: } template IN {{`{{ .Cluster.APIVIPRecordType }}`}} {{ .DNS.Spec.BaseDomain }} { match api.{{ .DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ onPremPlatformAPIServerInternalIP . }}" fallthrough } template IN {{`{{ .Cluster.APIVIPEmptyType }}`}} {{ .DNS.Spec.BaseDomain }} { @@ -29,7 +29,7 @@ contents: } template IN {{`{{ .Cluster.APIVIPRecordType }}`}} {{ .DNS.Spec.BaseDomain }} { match api-int.{{ .DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + answer "{{`{{"{{ .Name }}"}}`}} 60 in {{`{{"{{ .Type }}"}}`}} {{ onPremPlatformAPIServerInternalIP . }}" fallthrough } template IN {{`{{ .Cluster.APIVIPEmptyType }}`}} {{ .DNS.Spec.BaseDomain }} { diff --git a/templates/common/baremetal/files/baremetal-coredns.yaml b/templates/common/on-prem/files/coredns.yaml similarity index 89% rename from templates/common/baremetal/files/baremetal-coredns.yaml rename to templates/common/on-prem/files/coredns.yaml index 72abdecfcf..4e4ddf010b 100644 --- a/templates/common/baremetal/files/baremetal-coredns.yaml +++ b/templates/common/on-prem/files/coredns.yaml @@ -6,11 +6,11 @@ contents: apiVersion: v1 metadata: name: coredns - namespace: openshift-kni-infra + namespace: openshift-{{ onPremPlatformShortName . }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: kni-infra-mdns + app: {{ onPremPlatformShortName . }}-infra-mdns spec: volumes: - name: resource-dir @@ -33,9 +33,9 @@ contents: - render - "/etc/kubernetes/kubeconfig" - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP . }}" - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + - "{{ onPremPlatformIngressIP . }}" - "/config" - "--out-dir" - "/etc/coredns" @@ -94,9 +94,9 @@ contents: - "/config/Corefile.tmpl" - "/etc/coredns/Corefile" - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP . }}" - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + - "{{ onPremPlatformIngressIP . }}" resources: requests: cpu: 100m diff --git a/templates/common/baremetal/files/baremetal-keepalived.yaml b/templates/common/on-prem/files/keepalived.yaml similarity index 92% rename from templates/common/baremetal/files/baremetal-keepalived.yaml rename to templates/common/on-prem/files/keepalived.yaml index d0ae8113f2..753cf4c3b2 100644 --- a/templates/common/baremetal/files/baremetal-keepalived.yaml +++ b/templates/common/on-prem/files/keepalived.yaml @@ -6,11 +6,11 @@ contents: apiVersion: v1 metadata: name: keepalived - namespace: openshift-kni-infra + namespace: openshift-{{ onPremPlatformShortName . }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: kni-infra-vrrp + app: {{ onPremPlatformShortName . }}-infra-vrrp spec: volumes: - name: resource-dir @@ -41,9 +41,9 @@ contents: - render - "/etc/kubernetes/kubeconfig" - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP . }}" - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + - "{{ onPremPlatformIngressIP . }}" - "/config" - "--out-dir" - "/etc/keepalived" @@ -124,7 +124,7 @@ contents: image: {{ .Images.baremetalRuntimeCfgImage }} env: - name: ENABLE_UNICAST - value: "yes" + value: "{{ onPremPlatformKeepalivedEnableUnicast . }}" - name: IS_BOOTSTRAP value: "no" command: @@ -133,9 +133,9 @@ contents: - "/config/keepalived.conf.tmpl" - "/etc/keepalived/keepalived.conf" - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP . }}" - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + - "{{ onPremPlatformIngressIP . }}" resources: requests: cpu: 100m diff --git a/templates/common/baremetal/files/baremetal-mdns-publisher.yaml b/templates/common/on-prem/files/mdns-publisher.yaml similarity index 92% rename from templates/common/baremetal/files/baremetal-mdns-publisher.yaml rename to templates/common/on-prem/files/mdns-publisher.yaml index dd888c7b41..03ac02508f 100644 --- a/templates/common/baremetal/files/baremetal-mdns-publisher.yaml +++ b/templates/common/on-prem/files/mdns-publisher.yaml @@ -6,11 +6,11 @@ contents: apiVersion: v1 metadata: name: mdns-publisher - namespace: openshift-kni-infra + namespace: openshift-{{ onPremPlatformShortName . }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: kni-infra-mdns + app: {{ onPremPlatformShortName . }}-infra-mdns spec: volumes: - name: resource-dir @@ -60,9 +60,9 @@ contents: - render - "/etc/kubernetes/kubeconfig" - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}" + - "{{ onPremPlatformAPIServerInternalIP . }}" - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.BareMetal.IngressIP }}" + - "{{ onPremPlatformIngressIP . }}" - "/config" - "--out-dir" - "/etc/mdns" diff --git a/templates/common/openstack/units/afterburn-hostname.service.yaml b/templates/common/on-prem/units/afterburn-hostname.service.yaml similarity index 100% rename from templates/common/openstack/units/afterburn-hostname.service.yaml rename to templates/common/on-prem/units/afterburn-hostname.service.yaml diff --git a/templates/common/baremetal/units/baremetal-system-connections-mount.yaml b/templates/common/on-prem/units/baremetal-system-connections-mount.yaml similarity index 100% rename from templates/common/baremetal/units/baremetal-system-connections-mount.yaml rename to templates/common/on-prem/units/baremetal-system-connections-mount.yaml diff --git a/templates/common/baremetal/units/nodeip-configuration.service.yaml b/templates/common/on-prem/units/nodeip-configuration.service.yaml similarity index 95% rename from templates/common/baremetal/units/nodeip-configuration.service.yaml rename to templates/common/on-prem/units/nodeip-configuration.service.yaml index fa2104bf66..6c693166f3 100644 --- a/templates/common/baremetal/units/nodeip-configuration.service.yaml +++ b/templates/common/on-prem/units/nodeip-configuration.service.yaml @@ -25,7 +25,7 @@ contents: | {{ .Images.baremetalRuntimeCfgImage }} \ node-ip \ set --retry-on-failure \ - {{.Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }}; \ + {{ onPremPlatformAPIServerInternalIP . }}; \ do \ sleep 5; \ done" diff --git a/templates/common/openstack/files/NetworkManager-mdns-hostname.yaml b/templates/common/openstack/files/NetworkManager-mdns-hostname.yaml deleted file mode 100644 index 42c010552f..0000000000 --- a/templates/common/openstack/files/NetworkManager-mdns-hostname.yaml +++ /dev/null @@ -1,21 +0,0 @@ -mode: 0755 -path: "/etc/NetworkManager/dispatcher.d/40-mdns-hostname" -contents: - inline: | - #!/bin/bash - STATUS=$2 - case "$STATUS" in - up|down|dhcp4-change|dhcp6-change|hostname) - logger -s "NM mdns-hostname triggered by ${2}." - set +e - t_hostname=$(hostname) - if [ -z "${t_hostname}" ]; then - t_hostname="localhost" - fi - mkdir -p /etc/mdns - echo "${t_hostname}">/etc/mdns/hostname - logger -s "Hostname changed: ${t_hostname}" - ;; - *) - ;; - esac diff --git a/templates/common/openstack/files/NetworkManager-resolv-prepender.yaml b/templates/common/openstack/files/NetworkManager-resolv-prepender.yaml deleted file mode 100644 index daab1c7f2d..0000000000 --- a/templates/common/openstack/files/NetworkManager-resolv-prepender.yaml +++ /dev/null @@ -1,52 +0,0 @@ -mode: 0755 -path: "/etc/NetworkManager/dispatcher.d/30-resolv-prepender" -contents: - inline: | - #!/bin/bash - set -eo pipefail - IFACE=$1 - STATUS=$2 - - {{if .Proxy -}} - {{if .Proxy.HTTPProxy -}} - HTTP_PROXY={{.Proxy.HTTPProxy}} - {{end -}} - {{if .Proxy.HTTPSProxy -}} - HTTPS_PROXY={{.Proxy.HTTPSProxy}} - {{end -}} - {{if .Proxy.NoProxy -}} - NO_PROXY={{.Proxy.NoProxy}} - {{end -}} - {{end -}} - - case "$STATUS" in - up|down|dhcp4-change|dhcp6-change) - logger -s "NM resolv-prepender triggered by ${1} ${2}." - - # Ensure resolv.conf exists before we try to run podman - if [[ ! -e /etc/resolv.conf ]] || ! grep -q nameserver /etc/resolv.conf; then - cp /var/run/NetworkManager/resolv.conf /etc/resolv.conf - fi - - NAMESERVER_IP=$(/usr/bin/podman run --rm \ - --authfile /var/lib/kubelet/config.json \ - --net=host \ - {{ .Images.baremetalRuntimeCfgImage }} \ - node-ip \ - show \ - "{{.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP}}" \ - "{{.Infra.Status.PlatformStatus.OpenStack.IngressIP}}") - DOMAIN="{{.DNS.Spec.BaseDomain}}" - if [[ -n "$NAMESERVER_IP" ]]; then - logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to /etc/resolv.conf (other nameservers from /var/run/NetworkManager/resolv.conf)" - sed -e "/^search/d" \ - -e "/Generated by/c# Generated by OpenStack resolv prepender NM dispatcher script\nsearch $DOMAIN\nnameserver $NAMESERVER_IP" \ - /var/run/NetworkManager/resolv.conf > /etc/resolv.tmp - fi - # Only leave the first 3 nameservers in /etc/resolv.conf - sed -i ':a $!{N; ba}; s/\(^\|\n\)nameserver/\n# nameserver/4g' /etc/resolv.tmp - mv -f /etc/resolv.tmp /etc/resolv.conf - ;; - *) - ;; - esac diff --git a/templates/common/openstack/files/openstack-coredns-corefile.yaml b/templates/common/openstack/files/coredns-corefile.yaml similarity index 100% rename from templates/common/openstack/files/openstack-coredns-corefile.yaml rename to templates/common/openstack/files/coredns-corefile.yaml diff --git a/templates/common/openstack/files/openstack-NetworkManager-conf.yaml b/templates/common/openstack/files/openstack-NetworkManager-conf.yaml deleted file mode 100644 index 064def6a12..0000000000 --- a/templates/common/openstack/files/openstack-NetworkManager-conf.yaml +++ /dev/null @@ -1,9 +0,0 @@ -mode: 0644 -path: "/etc/NetworkManager/conf.d/99-openstack.conf" -contents: - inline: | - [main] - rc-manager=unmanaged - [connection] - ipv6.dhcp-duid=ll - ipv6.dhcp-iaid=mac diff --git a/templates/common/openstack/files/openstack-coredns-db.yaml b/templates/common/openstack/files/openstack-coredns-db.yaml index aae8f92d87..c06e20bbad 100644 --- a/templates/common/openstack/files/openstack-coredns-db.yaml +++ b/templates/common/openstack/files/openstack-coredns-db.yaml @@ -10,7 +10,7 @@ contents: 1209600 ; expire (2 weeks) 3600 ; minimum (1 hour) ) - api-int IN A {{ .Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }} - api IN A {{ .Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }} + api-int IN A {{ onPremPlatformAPIServerInternalIP . }} + api IN A {{ onPremPlatformAPIServerInternalIP . }} - *.apps IN A {{ .Infra.Status.PlatformStatus.OpenStack.IngressIP }} + *.apps IN A {{ onPremPlatformIngressIP . }} diff --git a/templates/common/openstack/files/openstack-coredns.yaml b/templates/common/openstack/files/openstack-coredns.yaml deleted file mode 100644 index d97341464a..0000000000 --- a/templates/common/openstack/files/openstack-coredns.yaml +++ /dev/null @@ -1,88 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/coredns.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: coredns - namespace: openshift-openstack-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: openstack-infra-mdns - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/coredns" - initContainers: - - name: render-config-coredns - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{.Images.corednsImage}} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/common/openstack/files/openstack-keepalived.yaml b/templates/common/openstack/files/openstack-keepalived.yaml deleted file mode 100644 index 82712ddab7..0000000000 --- a/templates/common/openstack/files/openstack-keepalived.yaml +++ /dev/null @@ -1,159 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/keepalived.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: keepalived - namespace: openshift-openstack-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: openstack-infra-vrrp - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: script-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived/scripts" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes" - - name: kubeconfigvarlib - hostPath: - path: "/var/lib/kubelet" - - name: conf-dir - hostPath: - path: "/etc/keepalived" - - name: run-dir - empty-dir: {} - - name: chroot-host - hostPath: - path: "/" - initContainers: - - name: render-config-keepalived - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes" - - name: script-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/keepalived" - imagePullPolicy: IfNotPresent - containers: - - name: keepalived - securityContext: - privileged: true - image: {{.Images.keepalivedImage}} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /bin/bash - - -c - - | - #/bin/bash - reload_keepalived() - { - if pid=$(pgrep -o keepalived); then - kill -s SIGHUP "$pid" - else - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - } - - msg_handler() - { - while read -r line; do - echo "The client sent: $line" >&2 - # currently only 'reload' msg is supported - if [ "$line" = reload ]; then - reload_keepalived - fi - done - } - - set -ex - declare -r keepalived_sock="/var/run/keepalived/keepalived.sock" - export -f msg_handler - export -f reload_keepalived - if [ -s "/etc/keepalived/keepalived.conf" ]; then - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - - rm -f "$keepalived_sock" - socat UNIX-LISTEN:${keepalived_sock},fork system:'bash -c msg_handler' - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - livenessProbe: - exec: - command: - - /bin/bash - - -c - - | - kill -s SIGUSR1 "$(pgrep -o keepalived)" && ! grep -q "State = FAULT" /tmp/keepalived.data - initialDelaySeconds: 20 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: keepalived-monitor - securityContext: - privileged: true - image: {{ .Images.baremetalRuntimeCfgImage }} - env: - - name: ENABLE_UNICAST - value: "no" - - name: IS_BOOTSTRAP - value: "no" - command: - - dynkeepalived - - "/var/lib/kubelet/kubeconfig" - - "/config/keepalived.conf.tmpl" - - "/etc/keepalived/keepalived.conf" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.IngressIP }}" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfigvarlib - mountPath: "/var/lib/kubelet" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - - name: chroot-host - mountPath: "/host" - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/common/openstack/files/openstack-mdns-publisher.yaml b/templates/common/openstack/files/openstack-mdns-publisher.yaml deleted file mode 100644 index 19d8bca2f3..0000000000 --- a/templates/common/openstack/files/openstack-mdns-publisher.yaml +++ /dev/null @@ -1,104 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/mdns-publisher.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: mdns-publisher - namespace: openshift-openstack-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: openstack-infra-mdns - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/mdns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/mdns" - initContainers: - - name: verify-hostname - image: {{ .Images.baremetalRuntimeCfgImage }} - env: - - name: DEFAULT_LOCAL_HOSTNAME - value: "localhost" - - name: RUNTIMECFG_HOSTNAME_PATH - value: "/etc/mdns/hostname" - command: - - "/bin/bash" - - "-c" - - | - #/bin/bash - function get_hostname() - { - if [[ -s $RUNTIMECFG_HOSTNAME_PATH ]]; then - cat $RUNTIMECFG_HOSTNAME_PATH - else - # if hostname wasn't updated by NM script, read hostname - hostname - fi - } - while [ "$(get_hostname)" == "$DEFAULT_LOCAL_HOSTNAME" ] - do - echo "hostname is still ${DEFAULT_LOCAL_HOSTNAME}" - sleep 1 - done - volumeMounts: - - name: conf-dir - mountPath: "/etc/mdns" - - name: render-config-mdns-publisher - image: {{ .Images.baremetalRuntimeCfgImage }} - env: - - name: RUNTIMECFG_HOSTNAME_PATH - value: "/etc/mdns/hostname" - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.OpenStack.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/mdns" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/mdns" - imagePullPolicy: IfNotPresent - containers: - - name: mdns-publisher - image: {{.Images.mdnsPublisherImage}} - args: - - "--debug" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/mdns" - livenessProbe: - exec: - command: - - pgrep - - mdns-publisher - initialDelaySeconds: 10 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/common/openstack/units/nodeip-configuration.service.yaml b/templates/common/openstack/units/nodeip-configuration.service.yaml deleted file mode 100644 index be2b92b0f4..0000000000 --- a/templates/common/openstack/units/nodeip-configuration.service.yaml +++ /dev/null @@ -1,47 +0,0 @@ -name: nodeip-configuration.service -enabled: true -contents: | - [Unit] - Description=Writes IP address configuration so that kubelet and crio services select a valid node IP - # This only applies to VIP managing environments where the kubelet and crio IP - # address picking logic is flawed and may end up selecting an address from a - # different subnet or a deprecated address - Wants=network-online.target - After=network-online.target ignition-firstboot-complete.service - Before=kubelet.service crio.service - - [Service] - # Need oneshot to delay kubelet - Type=oneshot - # Would prefer to do Restart=on-failure instead of this bash retry loop, but - # the version of systemd we have right now doesn't support it. It should be - # available in systemd v244 and higher. - ExecStart=/bin/bash -c " \ - until \ - /usr/bin/podman run --rm \ - --authfile /var/lib/kubelet/config.json \ - --volume /etc/systemd/system:/etc/systemd/system:z \ - --net=host \ - {{ .Images.baremetalRuntimeCfgImage }} \ - node-ip \ - set --retry-on-failure \ - {{.Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }}; \ - do \ - sleep 5; \ - done" - - {{if .Proxy -}} - {{if .Proxy.HTTPProxy -}} - Environment=HTTP_PROXY={{.Proxy.HTTPProxy}} - {{end -}} - {{if .Proxy.HTTPSProxy -}} - Environment=HTTPS_PROXY={{.Proxy.HTTPSProxy}} - {{end -}} - {{if .Proxy.NoProxy -}} - Environment=NO_PROXY={{.Proxy.NoProxy}} - {{end -}} - {{end -}} - - [Install] - WantedBy=multi-user.target - diff --git a/templates/common/ovirt/files/NetworkManager-resolv-prepender.yaml b/templates/common/ovirt/files/NetworkManager-resolv-prepender.yaml deleted file mode 100644 index 1e56c333c8..0000000000 --- a/templates/common/ovirt/files/NetworkManager-resolv-prepender.yaml +++ /dev/null @@ -1,53 +0,0 @@ -filesystem: "root" -mode: 0755 -path: "/etc/NetworkManager/dispatcher.d/30-resolv-prepender" -contents: - inline: | - #!/bin/bash - set -eo pipefail - IFACE=$1 - STATUS=$2 - - {{if .Proxy -}} - {{if .Proxy.HTTPProxy -}} - HTTP_PROXY={{.Proxy.HTTPProxy}} - {{end -}} - {{if .Proxy.HTTPSProxy -}} - HTTPS_PROXY={{.Proxy.HTTPSProxy}} - {{end -}} - {{if .Proxy.NoProxy -}} - NO_PROXY={{.Proxy.NoProxy}} - {{end -}} - {{end -}} - - case "$STATUS" in - up|down|dhcp4-change|dhcp6-change) - logger -s "NM resolv-prepender triggered by ${1} ${2}." - - # Ensure resolv.conf exists before we try to run podman - if [[ ! -e /etc/resolv.conf ]] || ! grep -q nameserver /etc/resolv.conf; then - cp /var/run/NetworkManager/resolv.conf /etc/resolv.conf - fi - - NAMESERVER_IP=$(/usr/bin/podman run --rm \ - --authfile /var/lib/kubelet/config.json \ - --net=host \ - {{ .Images.baremetalRuntimeCfgImage }} \ - node-ip \ - show \ - "{{.Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP}}" \ - "{{.Infra.Status.PlatformStatus.Ovirt.IngressIP}}") - DOMAIN="{{.DNS.Spec.BaseDomain}}" - if [[ -n "$NAMESERVER_IP" ]]; then - logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to /etc/resolv.conf (other nameservers from /var/run/NetworkManager/resolv.conf)" - sed -e "/^search/d" \ - -e "/Generated by/c# Generated by Ovirt resolv prepender NM dispatcher script\nsearch $DOMAIN\nnameserver $NAMESERVER_IP" \ - /var/run/NetworkManager/resolv.conf > /etc/resolv.tmp - fi - # Only leave the first 3 nameservers in /etc/resolv.conf - sed -i ':a $!{N; ba}; s/\(^\|\n\)nameserver/\n# nameserver/4g' /etc/resolv.tmp - mv -f /etc/resolv.tmp /etc/resolv.conf - ;; - *) - ;; - esac diff --git a/templates/common/ovirt/files/ovirt-coredns-corefile.yaml b/templates/common/ovirt/files/coredns-corefile.yaml similarity index 100% rename from templates/common/ovirt/files/ovirt-coredns-corefile.yaml rename to templates/common/ovirt/files/coredns-corefile.yaml diff --git a/templates/common/ovirt/files/ovirt-NetworkManager-kni-conf.yaml b/templates/common/ovirt/files/ovirt-NetworkManager-kni-conf.yaml deleted file mode 100644 index 5a40b885a8..0000000000 --- a/templates/common/ovirt/files/ovirt-NetworkManager-kni-conf.yaml +++ /dev/null @@ -1,9 +0,0 @@ -mode: 0644 -path: "/etc/NetworkManager/conf.d/99-kni.conf" -contents: - inline: | - [main] - rc-manager=unmanaged - [connection] - ipv6.dhcp-duid=ll - ipv6.dhcp-iaid=mac diff --git a/templates/common/ovirt/files/ovirt-coredns-db.yaml b/templates/common/ovirt/files/ovirt-coredns-db.yaml index e5dff59df8..c06e20bbad 100644 --- a/templates/common/ovirt/files/ovirt-coredns-db.yaml +++ b/templates/common/ovirt/files/ovirt-coredns-db.yaml @@ -10,7 +10,7 @@ contents: 1209600 ; expire (2 weeks) 3600 ; minimum (1 hour) ) - api-int IN A {{ .Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }} - api IN A {{ .Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }} + api-int IN A {{ onPremPlatformAPIServerInternalIP . }} + api IN A {{ onPremPlatformAPIServerInternalIP . }} - *.apps IN A {{ .Infra.Status.PlatformStatus.Ovirt.IngressIP }} + *.apps IN A {{ onPremPlatformIngressIP . }} diff --git a/templates/common/ovirt/files/ovirt-coredns.yaml b/templates/common/ovirt/files/ovirt-coredns.yaml deleted file mode 100644 index 79812743ea..0000000000 --- a/templates/common/ovirt/files/ovirt-coredns.yaml +++ /dev/null @@ -1,88 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/coredns.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: coredns - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: ovirt-infra-mdns - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/coredns" - initContainers: - - name: render-config-coredns - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.Ovirt.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{.Images.corednsImage}} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/common/ovirt/files/ovirt-keepalived.yaml b/templates/common/ovirt/files/ovirt-keepalived.yaml deleted file mode 100644 index 5464488473..0000000000 --- a/templates/common/ovirt/files/ovirt-keepalived.yaml +++ /dev/null @@ -1,115 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/keepalived.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: keepalived - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: ovirt-infra-vrrp - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/keepalived" - - name: run-dir - empty-dir: {} - containers: - - name: keepalived - securityContext: - privileged: true - image: {{.Images.keepalivedImage}} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /bin/bash - - -c - - | - #/bin/bash - reload_keepalived() - { - if pid=$(pgrep -o keepalived); then - kill -s SIGHUP "$pid" - else - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - } - - msg_handler() - { - while read -r line; do - echo "The client sent: $line" >&2 - # currently only 'reload' msg is supported - if [ "$line" = reload ]; then - reload_keepalived - fi - done - } - - set -ex - declare -r keepalived_sock="/var/run/keepalived/keepalived.sock" - export -f msg_handler - export -f reload_keepalived - if [ -s "/etc/keepalived/keepalived.conf" ]; then - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - - rm -f "$keepalived_sock" - socat UNIX-LISTEN:${keepalived_sock},fork system:'bash -c msg_handler' - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - livenessProbe: - exec: - command: - - /bin/sh - - -c - - | - [[ -s /etc/keepalived/keepalived.conf ]] || \ - kill -s SIGUSR1 "$(pgrep -o keepalived)" && ! grep -q "State = FAULT" /tmp/keepalived.data - initialDelaySeconds: 10 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: keepalived-monitor - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - dynkeepalived - - "/etc/kubernetes/kubeconfig" - - "/config/keepalived.conf.tmpl" - - "/etc/keepalived/keepalived.conf" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.Ovirt.IngressIP }}" - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/common/ovirt/files/ovirt-mdns-publisher.yaml b/templates/common/ovirt/files/ovirt-mdns-publisher.yaml deleted file mode 100644 index 8a60d00ec7..0000000000 --- a/templates/common/ovirt/files/ovirt-mdns-publisher.yaml +++ /dev/null @@ -1,72 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/mdns-publisher.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: mdns-publisher - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: ovirt-infra-mdns - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/mdns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/mdns" - initContainers: - - name: render-config-mdns-publisher - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.Ovirt.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/mdns" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/mdns" - imagePullPolicy: IfNotPresent - containers: - - name: mdns-publisher - image: {{.Images.mdnsPublisherImage}} - args: - - "--debug" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/mdns" - livenessProbe: - exec: - command: - - pgrep - - mdns-publisher - initialDelaySeconds: 10 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/common/vsphere/files/NetworkManager-mdns-hostname.yaml b/templates/common/vsphere/files/NetworkManager-mdns-hostname.yaml deleted file mode 100644 index 3fd33389e9..0000000000 --- a/templates/common/vsphere/files/NetworkManager-mdns-hostname.yaml +++ /dev/null @@ -1,31 +0,0 @@ -mode: 0755 -path: "/etc/NetworkManager/dispatcher.d/40-mdns-hostname" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - #!/bin/bash - STATUS=$2 - case "$STATUS" in - up|down|dhcp4-change|dhcp6-change|hostname) - logger -s "NM mdns-hostname triggered by ${2}." - set +e - t_hostname=$(hostname) - if [ -z "${t_hostname}" ]; then - t_hostname="localhost" - fi - mkdir -p /etc/mdns - echo "${t_hostname}">/etc/mdns/hostname - logger -s "Hostname changed: ${t_hostname}" - ;; - *) - ;; - esac - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/common/vsphere/files/NetworkManager-resolv-prepender.yaml b/templates/common/vsphere/files/NetworkManager-resolv-prepender.yaml deleted file mode 100644 index b14e8c6a0a..0000000000 --- a/templates/common/vsphere/files/NetworkManager-resolv-prepender.yaml +++ /dev/null @@ -1,64 +0,0 @@ -mode: 0755 -path: "/etc/NetworkManager/dispatcher.d/30-resolv-prepender" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - #!/bin/bash - set -eo pipefail - IFACE=$1 - STATUS=$2 - - {{if .Proxy -}} - {{if .Proxy.HTTPProxy -}} - HTTP_PROXY={{.Proxy.HTTPProxy}} - {{end -}} - {{if .Proxy.HTTPSProxy -}} - HTTPS_PROXY={{.Proxy.HTTPSProxy}} - {{end -}} - {{if .Proxy.NoProxy -}} - NO_PROXY={{.Proxy.NoProxy}} - {{end -}} - {{end -}} - - # If $DHCP6_FQDN_FQDN is not empty and is not localhost.localdomain - [[ -n "$DHCP6_FQDN_FQDN" && "$DHCP6_FQDN_FQDN" != "localhost.localdomain" && "$DHCP6_FQDN_FQDN" =~ "." ]] && hostnamectl set-hostname --static --transient $DHCP6_FQDN_FQDN - case "$STATUS" in - up|down|dhcp4-change|dhcp6-change) - logger -s "NM resolv-prepender triggered by ${1} ${2}." - - # Ensure resolv.conf exists before we try to run podman - if [[ ! -e /etc/resolv.conf ]] || ! grep -q nameserver /etc/resolv.conf; then - cp /var/run/NetworkManager/resolv.conf /etc/resolv.conf - fi - - NAMESERVER_IP=$(/usr/bin/podman run --rm \ - --authfile /var/lib/kubelet/config.json \ - --net=host \ - {{ .Images.baremetalRuntimeCfgImage }} \ - node-ip \ - show \ - "{{.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP}}" \ - "{{.Infra.Status.PlatformStatus.VSphere.IngressIP}}") - DOMAIN="{{.DNS.Spec.BaseDomain}}" - if [[ -n "$NAMESERVER_IP" ]]; then - logger -s "NM resolv-prepender: Prepending 'nameserver $NAMESERVER_IP' to /etc/resolv.conf (other nameservers from /var/run/NetworkManager/resolv.conf)" - sed -e "/^search/d" \ - -e "/Generated by/c# Generated by KNI resolv prepender NM dispatcher script\nsearch $DOMAIN\nnameserver $NAMESERVER_IP" \ - /var/run/NetworkManager/resolv.conf > /etc/resolv.tmp - fi - # Only leave the first 3 nameservers in /etc/resolv.conf - sed -i ':a $!{N; ba}; s/\(^\|\n\)nameserver/\n# nameserver/4g' /etc/resolv.tmp - mv -f /etc/resolv.tmp /etc/resolv.conf - ;; - *) - ;; - esac - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/common/vsphere/files/coredns-corefile.yaml b/templates/common/vsphere/files/coredns-corefile.yaml new file mode 100644 index 0000000000..7c9f8ad2a8 --- /dev/null +++ b/templates/common/vsphere/files/coredns-corefile.yaml @@ -0,0 +1,24 @@ +mode: 0644 +path: "/etc/kubernetes/static-pod-resources/coredns/Corefile.tmpl" +contents: + inline: | + {{ if (onPremPlatformAPIServerInternalIP .) -}} + . { + errors + health :18080 + mdns {{ .DNS.Spec.BaseDomain }} 0 {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}} + forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} + cache 30 + reload + hosts { + {{ onPremPlatformAPIServerInternalIP . }} api-int.{{ .DNS.Spec.BaseDomain }} + {{ onPremPlatformAPIServerInternalIP . }} api.{{ .DNS.Spec.BaseDomain }} + fallthrough + } + template IN A {{ .DNS.Spec.BaseDomain }} { + match .*.apps.{{ .DNS.Spec.BaseDomain }} + answer "{{`{{"{{ .Name }}"}}`}} 60 in a {{ onPremPlatformIngressIP . }}" + fallthrough + } + } + {{ end -}} diff --git a/templates/common/vsphere/files/vsphere-NetworkManager-kni-conf.yaml b/templates/common/vsphere/files/vsphere-NetworkManager-kni-conf.yaml deleted file mode 100644 index 78dd1be349..0000000000 --- a/templates/common/vsphere/files/vsphere-NetworkManager-kni-conf.yaml +++ /dev/null @@ -1,19 +0,0 @@ -mode: 0644 -path: "/etc/NetworkManager/conf.d/99-kni.conf" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - [main] - rc-manager=unmanaged - [connection] - ipv6.dhcp-duid=ll - ipv6.dhcp-iaid=mac - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/common/vsphere/files/vsphere-coredns-corefile.yaml b/templates/common/vsphere/files/vsphere-coredns-corefile.yaml deleted file mode 100644 index c628002cf7..0000000000 --- a/templates/common/vsphere/files/vsphere-coredns-corefile.yaml +++ /dev/null @@ -1,32 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/coredns/Corefile.tmpl" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - . { - errors - health :18080 - mdns {{ .DNS.Spec.BaseDomain }} 0 {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}} - forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} - cache 30 - reload - hosts { - {{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }} api-int.{{ .DNS.Spec.BaseDomain }} - {{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }} api.{{ .DNS.Spec.BaseDomain }} - fallthrough - } - template IN A {{ .DNS.Spec.BaseDomain }} { - match .*.apps.{{ .DNS.Spec.BaseDomain }} - answer "{{`{{"{{ .Name }}"}}`}} 60 in a {{ .Infra.Status.PlatformStatus.VSphere.IngressIP }}" - fallthrough - } - } - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/common/vsphere/files/vsphere-coredns.yaml b/templates/common/vsphere/files/vsphere-coredns.yaml deleted file mode 100644 index 6b519af3c9..0000000000 --- a/templates/common/vsphere/files/vsphere-coredns.yaml +++ /dev/null @@ -1,128 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/coredns.yaml" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - kind: Pod - apiVersion: v1 - metadata: - name: coredns - namespace: openshift-vsphere-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: vsphere-infra-mdns - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/coredns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/coredns" - - name: nm-resolv - hostPath: - path: "/var/run/NetworkManager" - initContainers: - - name: render-config-coredns - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/coredns" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - imagePullPolicy: IfNotPresent - containers: - - name: coredns - securityContext: - privileged: true - image: {{.Images.corednsImage}} - args: - - "--conf" - - "/etc/coredns/Corefile" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/coredns" - readinessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 10 - livenessProbe: - httpGet: - path: /health - port: 18080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: coredns-monitor - securityContext: - privileged: true - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - corednsmonitor - - "/etc/kubernetes/kubeconfig" - - "/config/Corefile.tmpl" - - "/etc/coredns/Corefile" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.IngressIP }}" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/coredns" - - name: nm-resolv - mountPath: "/var/run/NetworkManager" - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/common/vsphere/files/vsphere-keepalived.yaml b/templates/common/vsphere/files/vsphere-keepalived.yaml deleted file mode 100644 index 077e0b70e2..0000000000 --- a/templates/common/vsphere/files/vsphere-keepalived.yaml +++ /dev/null @@ -1,169 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/keepalived.yaml" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - kind: Pod - apiVersion: v1 - metadata: - name: keepalived - namespace: openshift-vsphere-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: vsphere-infra-vrrp - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived" - - name: script-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/keepalived/scripts" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes" - - name: kubeconfigvarlib - hostPath: - path: "/var/lib/kubelet" - - name: conf-dir - hostPath: - path: "/etc/keepalived" - - name: run-dir - empty-dir: {} - - name: chroot-host - hostPath: - path: "/" - initContainers: - - name: render-config-keepalived - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/keepalived" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes" - - name: script-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/keepalived" - imagePullPolicy: IfNotPresent - containers: - - name: keepalived - securityContext: - privileged: true - image: {{.Images.keepalivedImage}} - env: - - name: NSS_SDB_USE_CACHE - value: "no" - command: - - /bin/bash - - -c - - | - #/bin/bash - reload_keepalived() - { - if pid=$(pgrep -o keepalived); then - kill -s SIGHUP "$pid" - else - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - } - - msg_handler() - { - while read -r line; do - echo "The client sent: $line" >&2 - # currently only 'reload' msg is supported - if [ "$line" = reload ]; then - reload_keepalived - fi - done - } - - set -ex - declare -r keepalived_sock="/var/run/keepalived/keepalived.sock" - export -f msg_handler - export -f reload_keepalived - if [ -s "/etc/keepalived/keepalived.conf" ]; then - /usr/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --vrrp --log-detail --log-console & - fi - - rm -f "$keepalived_sock" - socat UNIX-LISTEN:${keepalived_sock},fork system:'bash -c msg_handler' - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - livenessProbe: - exec: - command: - - /bin/bash - - -c - - | - kill -s SIGUSR1 "$(pgrep -o keepalived)" && ! grep -q "State = FAULT" /tmp/keepalived.data - initialDelaySeconds: 20 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: keepalived-monitor - securityContext: - privileged: true - image: {{ .Images.baremetalRuntimeCfgImage }} - env: - - name: ENABLE_UNICAST - value: "no" - - name: IS_BOOTSTRAP - value: "no" - command: - - dynkeepalived - - "/var/lib/kubelet/kubeconfig" - - "/config/keepalived.conf.tmpl" - - "/etc/keepalived/keepalived.conf" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.IngressIP }}" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: resource-dir - mountPath: "/config" - - name: kubeconfigvarlib - mountPath: "/var/lib/kubelet" - - name: conf-dir - mountPath: "/etc/keepalived" - - name: run-dir - mountPath: "/var/run/keepalived" - - name: chroot-host - mountPath: "/host" - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/common/vsphere/files/vsphere-mdns-publisher.yaml b/templates/common/vsphere/files/vsphere-mdns-publisher.yaml deleted file mode 100644 index 11e0855c63..0000000000 --- a/templates/common/vsphere/files/vsphere-mdns-publisher.yaml +++ /dev/null @@ -1,113 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/mdns-publisher.yaml" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - kind: Pod - apiVersion: v1 - metadata: - name: mdns-publisher - namespace: openshift-vsphere-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: vsphere-infra-mdns - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/mdns" - - name: kubeconfig - hostPath: - path: "/etc/kubernetes/kubeconfig" - - name: conf-dir - hostPath: - path: "/etc/mdns" - initContainers: - - name: verify-hostname - image: {{ .Images.baremetalRuntimeCfgImage }} - env: - - name: RUNTIMECFG_HOSTNAME_PATH - value: "/etc/mdns/hostname" - command: - - "/bin/bash" - - "-c" - - | - #!/bin/bash - set -xv - function get_hostname() - { - if [[ -s $RUNTIMECFG_HOSTNAME_PATH ]]; then - cat $RUNTIMECFG_HOSTNAME_PATH - else - # if hostname wasn't updated by NM script, read hostname - hostname - fi - } - while [[ "$(get_hostname)" =~ ^localhost(.localdomain)?$ ]]; do - echo "hostname is still set to a default value" - sleep 1 - done - volumeMounts: - - name: conf-dir - mountPath: "/etc/mdns" - - name: render-config-mdns-publisher - image: {{ .Images.baremetalRuntimeCfgImage }} - env: - - name: RUNTIMECFG_HOSTNAME_PATH - value: "/etc/mdns/hostname" - command: - - runtimecfg - - render - - "/etc/kubernetes/kubeconfig" - - "--api-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}" - - "--ingress-vip" - - "{{ .Infra.Status.PlatformStatus.VSphere.IngressIP }}" - - "/config" - - "--out-dir" - - "/etc/mdns" - - "--verbose" - resources: {} - volumeMounts: - - name: kubeconfig - mountPath: "/etc/kubernetes/kubeconfig" - - name: resource-dir - mountPath: "/config" - - name: conf-dir - mountPath: "/etc/mdns" - imagePullPolicy: IfNotPresent - containers: - - name: mdns-publisher - image: {{.Images.mdnsPublisherImage}} - args: - - "--debug" - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/mdns" - livenessProbe: - exec: - command: - - pgrep - - mdns-publisher - initialDelaySeconds: 10 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/common/vsphere/units/nodeip-configuration.service.yaml b/templates/common/vsphere/units/nodeip-configuration.service.yaml deleted file mode 100644 index b11dc42a29..0000000000 --- a/templates/common/vsphere/units/nodeip-configuration.service.yaml +++ /dev/null @@ -1,57 +0,0 @@ -name: nodeip-configuration.service -enabled: true -contents: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - [Unit] - Description=Writes IP address configuration so that kubelet and crio services select a valid node IP - # This only applies to VIP managing environments where the kubelet and crio IP - # address picking logic is flawed and may end up selecting an address from a - # different subnet or a deprecated address - Wants=network-online.target - After=network-online.target ignition-firstboot-complete.service - Before=kubelet.service crio.service - - [Service] - # Need oneshot to delay kubelet - Type=oneshot - # Would prefer to do Restart=on-failure instead of this bash retry loop, but - # the version of systemd we have right now doesn't support it. It should be - # available in systemd v244 and higher. - ExecStart=/bin/bash -c " \ - until \ - /usr/bin/podman run --rm \ - --authfile /var/lib/kubelet/config.json \ - --net=host \ - --volume /etc/systemd/system:/etc/systemd/system:z \ - {{ .Images.baremetalRuntimeCfgImage }} \ - node-ip \ - set --retry-on-failure \ - {{.Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }}; \ - do \ - sleep 5; \ - done" - ExecStart=/bin/systemctl daemon-reload - - {{if .Proxy -}} - {{if .Proxy.HTTPProxy -}} - Environment=HTTP_PROXY={{.Proxy.HTTPProxy}} - {{end -}} - {{if .Proxy.HTTPSProxy -}} - Environment=HTTPS_PROXY={{.Proxy.HTTPSProxy}} - {{end -}} - {{if .Proxy.NoProxy -}} - Environment=NO_PROXY={{.Proxy.NoProxy}} - {{end -}} - {{end -}} - - [Install] - WantedBy=multi-user.target - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/master/00-master/baremetal/files/baremetal-haproxy-haproxy.yaml b/templates/master/00-master/on-prem/files/haproxy-haproxy.yaml similarity index 100% rename from templates/master/00-master/baremetal/files/baremetal-haproxy-haproxy.yaml rename to templates/master/00-master/on-prem/files/haproxy-haproxy.yaml diff --git a/templates/master/00-master/baremetal/files/baremetal-haproxy.yaml b/templates/master/00-master/on-prem/files/haproxy.yaml similarity index 95% rename from templates/master/00-master/baremetal/files/baremetal-haproxy.yaml rename to templates/master/00-master/on-prem/files/haproxy.yaml index f5d8bb05af..e24c26738f 100644 --- a/templates/master/00-master/baremetal/files/baremetal-haproxy.yaml +++ b/templates/master/00-master/on-prem/files/haproxy.yaml @@ -6,11 +6,11 @@ contents: apiVersion: v1 metadata: name: haproxy - namespace: openshift-kni-infra + namespace: openshift-{{ onPremPlatformShortName . }}-infra creationTimestamp: deletionGracePeriodSeconds: 65 labels: - app: kni-infra-api-lb + app: {{ onPremPlatformShortName . }}-infra-api-lb spec: volumes: - name: resource-dir @@ -113,7 +113,7 @@ contents: - "-c" - | cp /host/etc/resolv.conf /etc/resolv.conf - monitor /var/lib/kubelet/kubeconfig /config/haproxy.cfg.tmpl /etc/haproxy/haproxy.cfg --api-vip {{ .Infra.Status.PlatformStatus.BareMetal.APIServerInternalIP }} + monitor /var/lib/kubelet/kubeconfig /config/haproxy.cfg.tmpl /etc/haproxy/haproxy.cfg --api-vip {{ onPremPlatformAPIServerInternalIP . }} resources: requests: cpu: 100m diff --git a/templates/master/00-master/baremetal/files/baremetal-keepalived-keepalived.yaml b/templates/master/00-master/on-prem/files/keepalived-keepalived.yaml similarity index 100% rename from templates/master/00-master/baremetal/files/baremetal-keepalived-keepalived.yaml rename to templates/master/00-master/on-prem/files/keepalived-keepalived.yaml diff --git a/templates/master/00-master/baremetal/files/baremetal-keepalived-script-both.yaml b/templates/master/00-master/on-prem/files/keepalived-script-both.yaml similarity index 100% rename from templates/master/00-master/baremetal/files/baremetal-keepalived-script-both.yaml rename to templates/master/00-master/on-prem/files/keepalived-script-both.yaml diff --git a/templates/master/00-master/baremetal/files/baremetal-keepalived-script.yaml b/templates/master/00-master/on-prem/files/keepalived-script.yaml similarity index 100% rename from templates/master/00-master/baremetal/files/baremetal-keepalived-script.yaml rename to templates/master/00-master/on-prem/files/keepalived-script.yaml diff --git a/templates/master/00-master/baremetal/files/baremetal-mdns-config.yaml b/templates/master/00-master/on-prem/files/mdns-config.yaml similarity index 100% rename from templates/master/00-master/baremetal/files/baremetal-mdns-config.yaml rename to templates/master/00-master/on-prem/files/mdns-config.yaml diff --git a/templates/master/00-master/openstack/files/openstack-haproxy-haproxy.yaml b/templates/master/00-master/openstack/files/openstack-haproxy-haproxy.yaml deleted file mode 100644 index 0dc35d4b0d..0000000000 --- a/templates/master/00-master/openstack/files/openstack-haproxy-haproxy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/haproxy/haproxy.cfg.tmpl" -contents: - inline: | - defaults - maxconn 20000 - mode tcp - log /var/run/haproxy/haproxy-log.sock local0 - option dontlognull - retries 3 - timeout http-request 10s - timeout queue 1m - timeout connect 10s - timeout client 86400s - timeout server 86400s - timeout tunnel 86400s - frontend main - bind :::{{`{{ .LBConfig.LbPort }}`}} v4v6 - default_backend masters - listen health_check_http_url - bind :::50936 v4v6 - mode http - monitor-uri /haproxy_ready - option dontlognull - listen stats - bind localhost:{{`{{ .LBConfig.StatPort }}`}} - mode http - stats enable - stats hide-version - stats uri /haproxy_stats - stats refresh 30s - stats auth Username:Password - backend masters - option httpchk GET /readyz HTTP/1.0 - option log-health-checks - balance roundrobin - {{`{{- range .LBConfig.Backends }} - server {{ .Host }} {{ .Address }}:{{ .Port }} weight 1 verify none check check-ssl inter 1s fall 2 rise 3 - {{- end }}`}} diff --git a/templates/master/00-master/openstack/files/openstack-haproxy.yaml b/templates/master/00-master/openstack/files/openstack-haproxy.yaml deleted file mode 100644 index c28e20466f..0000000000 --- a/templates/master/00-master/openstack/files/openstack-haproxy.yaml +++ /dev/null @@ -1,144 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/haproxy.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: haproxy - namespace: openshift-openstack-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: openstack-infra-api-lb - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/haproxy" - - name: kubeconfigvarlib - hostPath: - path: "/var/lib/kubelet" - - name: run-dir - empty-dir: {} - - name: conf-dir - hostPath: - path: "/etc/haproxy" - - name: chroot-host - hostPath: - path: "/" - containers: - - name: haproxy - image: {{.Images.haproxyImage}} - env: - - name: OLD_HAPROXY_PS_FORCE_DEL_TIMEOUT - value: "120" - command: - - "/bin/bash" - - "-c" - - | - #/bin/bash - verify_old_haproxy_ps_being_deleted() - { - local prev_pids - prev_pids="$1" - sleep $OLD_HAPROXY_PS_FORCE_DEL_TIMEOUT - cur_pids=$(pidof haproxy) - for val in $prev_pids; do - if [[ $cur_pids =~ (^|[[:space:]])"$val"($|[[:space:]]) ]] ; then - kill $val - fi - done - } - - reload_haproxy() - { - old_pids=$(pidof haproxy) - if [ -n "$old_pids" ]; then - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid -x /var/lib/haproxy/run/haproxy.sock -sf $old_pids & - #There seems to be some cases where HAProxy doesn't drain properly. - #To handle that case, SIGTERM signal being sent to old HAProxy processes which haven't terminated. - verify_old_haproxy_ps_being_deleted "$old_pids" & - else - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid & - fi - } - - msg_handler() - { - while read -r line; do - echo "The client send: $line" >&2 - # currently only 'reload' msg is supported - if [ "$line" = reload ]; then - reload_haproxy - fi - done - } - set -ex - declare -r haproxy_sock="/var/run/haproxy/haproxy-master.sock" - declare -r haproxy_log_sock="/var/run/haproxy/haproxy-log.sock" - export -f msg_handler - export -f reload_haproxy - export -f verify_old_haproxy_ps_being_deleted - rm -f "$haproxy_sock" "$haproxy_log_sock" - socat UNIX-RECV:${haproxy_log_sock} STDOUT & - if [ -s "/etc/haproxy/haproxy.cfg" ]; then - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid & - fi - socat UNIX-LISTEN:${haproxy_sock},fork system:'bash -c msg_handler' - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/haproxy" - - name: run-dir - mountPath: "/var/run/haproxy" - livenessProbe: - initialDelaySeconds: 50 - httpGet: - path: /haproxy_ready - port: 50936 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: haproxy-monitor - securityContext: - privileged: true - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - "/bin/bash" - - "-c" - - | - cp /host/etc/resolv.conf /etc/resolv.conf - monitor /var/lib/kubelet/kubeconfig /config/haproxy.cfg.tmpl /etc/haproxy/haproxy.cfg --api-vip {{ .Infra.Status.PlatformStatus.OpenStack.APIServerInternalIP }} - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/haproxy" - - name: run-dir - mountPath: "/var/run/haproxy" - - name: resource-dir - mountPath: "/config" - - name: chroot-host - mountPath: "/host" - - name: kubeconfigvarlib - mountPath: "/var/lib/kubelet" - livenessProbe: - initialDelaySeconds: 10 - exec: - command: - - /bin/bash - - -c - - | - cmp /host/etc/resolv.conf /etc/resolv.conf - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/master/00-master/openstack/files/openstack-keepalived-keepalived.yaml b/templates/master/00-master/openstack/files/openstack-keepalived-keepalived.yaml deleted file mode 100644 index e7a6034830..0000000000 --- a/templates/master/00-master/openstack/files/openstack-keepalived-keepalived.yaml +++ /dev/null @@ -1,80 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.tmpl" -contents: - inline: | - global_defs { - enable_script_security - script_user root - } - - # These are separate checks to provide the following behavior: - # If the loadbalanced endpoint is responding then all is well regardless - # of what the local api status is. Both checks will return success and - # we'll have the maximum priority. This means as long as there is a node - # with a functional loadbalancer it will get the VIP. - # If all of the loadbalancers go down but the local api is still running, - # the _both check will still succeed and allow any node with a functional - # api to take the VIP. This isn't preferred because it means all api - # traffic will go through one node, but at least it keeps the api available. - vrrp_script chk_ocp_lb { - script "/usr/bin/timeout 1.9 /etc/keepalived/chk_ocp_script.sh" - interval 2 - weight 20 - rise 3 - fall 2 - } - - vrrp_script chk_ocp_both { - script "/usr/bin/timeout 1.9 /etc/keepalived/chk_ocp_script_both.sh" - interval 2 - # Use a smaller weight for this check so it won't trigger the move from - # bootstrap to master by itself. - weight 5 - rise 3 - fall 2 - } - - # TODO: Improve this check. The port is assumed to be alive. - # Need to assess what is the ramification if the port is not there. - vrrp_script chk_ingress { - script "/usr/bin/timeout 0.9 /usr/bin/curl -o /dev/null -Lfs http://localhost:1936/healthz/ready" - interval 1 - weight 50 - } - - vrrp_instance {{`{{ .Cluster.Name }}`}}_API { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.APIVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_api_vip - } - virtual_ipaddress { - {{`{{ .Cluster.APIVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ocp_lb - chk_ocp_both - } - } - - vrrp_instance {{`{{ .Cluster.Name }}`}}_INGRESS { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.IngressVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_ingress_vip - } - virtual_ipaddress { - {{`{{ .Cluster.IngressVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ingress - } - } diff --git a/templates/master/00-master/openstack/files/openstack-keepalived-script-both.yaml b/templates/master/00-master/openstack/files/openstack-keepalived-script-both.yaml deleted file mode 100644 index 1b4e597711..0000000000 --- a/templates/master/00-master/openstack/files/openstack-keepalived-script-both.yaml +++ /dev/null @@ -1,6 +0,0 @@ -mode: 0755 -path: "/etc/kubernetes/static-pod-resources/keepalived/scripts/chk_ocp_script_both.sh.tmpl" -contents: - inline: | - #!/bin/bash - /usr/bin/curl -o /dev/null -kLfs https://localhost:{{`{{ .LBConfig.LbPort }}`}}/readyz && [ -e /var/run/keepalived/iptables-rule-exists ] || /usr/bin/curl -kLfs https://localhost:{{`{{ .LBConfig.ApiPort }}`}}/readyz diff --git a/templates/master/00-master/openstack/files/openstack-keepalived-script.yaml b/templates/master/00-master/openstack/files/openstack-keepalived-script.yaml deleted file mode 100644 index c500a60d2f..0000000000 --- a/templates/master/00-master/openstack/files/openstack-keepalived-script.yaml +++ /dev/null @@ -1,6 +0,0 @@ -mode: 0755 -path: "/etc/kubernetes/static-pod-resources/keepalived/scripts/chk_ocp_script.sh.tmpl" -contents: - inline: | - #!/bin/bash - /usr/bin/curl -o /dev/null -kLfs https://localhost:{{`{{ .LBConfig.LbPort }}`}}/readyz && [ -e /var/run/keepalived/iptables-rule-exists ] diff --git a/templates/master/00-master/openstack/files/openstack-mdns-config.yaml b/templates/master/00-master/openstack/files/openstack-mdns-config.yaml deleted file mode 100644 index ad82c2e45d..0000000000 --- a/templates/master/00-master/openstack/files/openstack-mdns-config.yaml +++ /dev/null @@ -1,14 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/mdns/config.hcl.tmpl" -contents: - inline: | - bind_address = "{{`{{ .NonVirtualIP }}`}}" - collision_avoidance = "hostname" - service { - name = "{{`{{ .Cluster.Name }}`}} Workstation" - host_name = "{{`{{ .ShortHostname }}`}}.local." - type = "_workstation._tcp" - domain = "local." - port = 42424 - ttl = 3200 - } diff --git a/templates/master/00-master/ovirt/files/ovirt-haproxy-haproxy.yaml b/templates/master/00-master/ovirt/files/ovirt-haproxy-haproxy.yaml deleted file mode 100644 index d8eefab317..0000000000 --- a/templates/master/00-master/ovirt/files/ovirt-haproxy-haproxy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/haproxy/haproxy.cfg.tmpl" -contents: - inline: | - defaults - maxconn 20000 - mode tcp - log /var/run/haproxy/haproxy-log.sock local0 - option dontlognull - retries 3 - timeout http-request 10s - timeout queue 1m - timeout connect 10s - timeout client 86400s - timeout server 86400s - timeout tunnel 86400s - frontend main - bind :::{{`{{ .LBConfig.LbPort }}`}} v4v6 - default_backend masters - listen health_check_http_url - bind :::50936 v4v6 - mode http - monitor-uri /readyz - option dontlognull - listen stats - bind 127.0.0.1:{{`{{ .LBConfig.StatPort }}`}} - mode http - stats enable - stats hide-version - stats uri /haproxy_stats - stats refresh 30s - stats auth Username:Password - backend masters - option httpchk GET /readyz HTTP/1.0 - option log-health-checks - balance roundrobin - {{`{{- range .LBConfig.Backends }} - server {{ .Host }} {{ .Address }}:{{ .Port }} weight 1 verify none check check-ssl inter 3s fall 2 rise 3 - {{- end }}`}} diff --git a/templates/master/00-master/ovirt/files/ovirt-haproxy.yaml b/templates/master/00-master/ovirt/files/ovirt-haproxy.yaml deleted file mode 100644 index 1d06ad28d0..0000000000 --- a/templates/master/00-master/ovirt/files/ovirt-haproxy.yaml +++ /dev/null @@ -1,124 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/haproxy.yaml" -contents: - inline: | - kind: Pod - apiVersion: v1 - metadata: - name: haproxy - namespace: openshift-ovirt-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: ovirt-infra-api-lb - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/haproxy" - - name: kubeconfigvarlib - hostPath: - path: "/var/lib/kubelet" - - name: run-dir - empty-dir: {} - - name: conf-dir - hostPath: - path: "/etc/haproxy" - - name: chroot-host - hostPath: - path: "/" - containers: - - name: haproxy - image: {{.Images.haproxyImage}} - command: - - "/bin/bash" - - "-c" - - | - #/bin/bash - reload_haproxy() - { - old_pids=$(pidof haproxy) - if [ -n "$old_pids" ]; then - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid -x /var/lib/haproxy/run/haproxy.sock -sf $old_pids & - else - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid & - fi - } - - msg_handler() - { - while read -r line; do - echo "The client send: $line" >&2 - # currently only 'reload' msg is supported - if [ "$line" = reload ]; then - reload_haproxy - fi - done - } - set -ex - declare -r haproxy_sock="/var/run/haproxy/haproxy-master.sock" - declare -r haproxy_log_sock="/var/run/haproxy/haproxy-log.sock" - export -f msg_handler - export -f reload_haproxy - rm -f "$haproxy_sock" "$haproxy_log_sock" - socat UNIX-RECV:${haproxy_log_sock} STDOUT & - if [ -s "/etc/haproxy/haproxy.cfg" ]; then - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid & - fi - socat UNIX-LISTEN:${haproxy_sock},fork system:'bash -c msg_handler' - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/haproxy" - - name: run-dir - mountPath: "/var/run/haproxy" - livenessProbe: - initialDelaySeconds: 50 - httpGet: - path: /readyz - port: 50936 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: haproxy-monitor - securityContext: - privileged: true - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - "/bin/bash" - - "-c" - - | - cp /host/etc/resolv.conf /etc/resolv.conf - monitor /var/lib/kubelet/kubeconfig /config/haproxy.cfg.tmpl /etc/haproxy/haproxy.cfg --api-vip {{ .Infra.Status.PlatformStatus.Ovirt.APIServerInternalIP }} - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/haproxy" - - name: run-dir - mountPath: "/var/run/haproxy" - - name: resource-dir - mountPath: "/config" - - name: chroot-host - mountPath: "/host" - - name: kubeconfigvarlib - mountPath: "/var/lib/kubelet" - livenessProbe: - initialDelaySeconds: 10 - exec: - command: - - /bin/bash - - -c - - | - cmp /host/etc/resolv.conf /etc/resolv.conf - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} diff --git a/templates/master/00-master/ovirt/files/ovirt-keepalived-keepalived.yaml b/templates/master/00-master/ovirt/files/ovirt-keepalived-keepalived.yaml deleted file mode 100644 index e879638f98..0000000000 --- a/templates/master/00-master/ovirt/files/ovirt-keepalived-keepalived.yaml +++ /dev/null @@ -1,58 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.tmpl" -contents: - inline: | - global_defs { - enable_script_security - script_user root - } - - vrrp_script chk_ocp { - script "/usr/bin/timeout 0.9 /etc/keepalived/chk_ocp_script.sh" - interval 1 - weight 50 - } - - # TODO: Improve this check. The port is assumed to be alive. - # Need to assess what is the ramification if the port is not there. - vrrp_script chk_ingress { - script "/usr/bin/timeout 0.9 /usr/bin/curl -o /dev/null -Lfs http://localhost:1936/healthz/ready" - interval 1 - weight 50 - } - - vrrp_instance {{`{{ .Cluster.Name }}`}}_API { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.APIVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_api_vip - } - virtual_ipaddress { - {{`{{ .Cluster.APIVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ocp - } - } - - vrrp_instance {{`{{ .Cluster.Name }}`}}_INGRESS { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.IngressVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_ingress_vip - } - virtual_ipaddress { - {{`{{ .Cluster.IngressVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ingress - } - } diff --git a/templates/master/00-master/ovirt/files/ovirt-keepalived-script.yaml b/templates/master/00-master/ovirt/files/ovirt-keepalived-script.yaml deleted file mode 100644 index e0d45b34bf..0000000000 --- a/templates/master/00-master/ovirt/files/ovirt-keepalived-script.yaml +++ /dev/null @@ -1,6 +0,0 @@ -mode: 0755 -path: "/etc/keepalived/chk_ocp_script.sh" -contents: - inline: | - #!/bin/bash - /usr/bin/curl -o /dev/null -kLfs https://localhost:6443/readyz && /usr/bin/curl -o /dev/null -kLfs http://localhost:50936/readyz diff --git a/templates/master/00-master/vsphere/files/vsphere-haproxy-haproxy.yaml b/templates/master/00-master/vsphere/files/vsphere-haproxy-haproxy.yaml deleted file mode 100644 index 9aca92d169..0000000000 --- a/templates/master/00-master/vsphere/files/vsphere-haproxy-haproxy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/haproxy/haproxy.cfg.tmpl" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - defaults - maxconn 20000 - mode tcp - log /var/run/haproxy/haproxy-log.sock local0 - option dontlognull - retries 3 - timeout http-request 10s - timeout queue 1m - timeout connect 10s - timeout client 86400s - timeout server 86400s - timeout tunnel 86400s - frontend main - bind :::{{`{{ .LBConfig.LbPort }}`}} v4v6 - default_backend masters - listen health_check_http_url - bind :::50936 v4v6 - mode http - monitor-uri /haproxy_ready - option dontlognull - listen stats - bind localhost:{{`{{ .LBConfig.StatPort }}`}} - mode http - stats enable - stats hide-version - stats uri /haproxy_stats - stats refresh 30s - stats auth Username:Password - backend masters - option httpchk GET /readyz HTTP/1.0 - option log-health-checks - balance roundrobin - {{`{{- range .LBConfig.Backends }} - server {{ .Host }} {{ .Address }}:{{ .Port }} weight 1 verify none check check-ssl inter 1s fall 2 rise 3 - {{- end }}`}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/master/00-master/vsphere/files/vsphere-haproxy.yaml b/templates/master/00-master/vsphere/files/vsphere-haproxy.yaml deleted file mode 100644 index cb4580a276..0000000000 --- a/templates/master/00-master/vsphere/files/vsphere-haproxy.yaml +++ /dev/null @@ -1,156 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/manifests/haproxy.yaml" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - kind: Pod - apiVersion: v1 - metadata: - name: haproxy - namespace: openshift-vsphere-infra - creationTimestamp: - deletionGracePeriodSeconds: 65 - labels: - app: vsphere-infra-api-lb - spec: - volumes: - - name: resource-dir - hostPath: - path: "/etc/kubernetes/static-pod-resources/haproxy" - - name: kubeconfigvarlib - hostPath: - path: "/var/lib/kubelet" - - name: run-dir - empty-dir: {} - - name: conf-dir - hostPath: - path: "/etc/haproxy" - - name: chroot-host - hostPath: - path: "/" - containers: - - name: haproxy - image: {{.Images.haproxyImage}} - env: - - name: OLD_HAPROXY_PS_FORCE_DEL_TIMEOUT - value: "120" - command: - - "/bin/bash" - - "-c" - - | - #/bin/bash - verify_old_haproxy_ps_being_deleted() - { - local prev_pids - - prev_pids="$1" - sleep $OLD_HAPROXY_PS_FORCE_DEL_TIMEOUT - cur_pids=$(pidof haproxy) - - for val in $prev_pids; do - if [[ $cur_pids =~ (^|[[:space:]])"$val"($|[[:space:]]) ]] ; then - kill $val - fi - done - } - - reload_haproxy() - { - old_pids=$(pidof haproxy) - if [ -n "$old_pids" ]; then - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid -x /var/lib/haproxy/run/haproxy.sock -sf $old_pids & - #There seems to be some cases where HAProxy doesn't drain properly. - #To handle that case, SIGTERM signal being sent to old HAProxy processes which haven't terminated. - verify_old_haproxy_ps_being_deleted "$old_pids" & - else - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid & - fi - } - - msg_handler() - { - while read -r line; do - echo "The client send: $line" >&2 - # currently only 'reload' msg is supported - if [ "$line" = reload ]; then - reload_haproxy - fi - done - } - set -ex - declare -r haproxy_sock="/var/run/haproxy/haproxy-master.sock" - declare -r haproxy_log_sock="/var/run/haproxy/haproxy-log.sock" - export -f msg_handler - export -f reload_haproxy - export -f verify_old_haproxy_ps_being_deleted - rm -f "$haproxy_sock" "$haproxy_log_sock" - socat UNIX-RECV:${haproxy_log_sock} STDOUT & - if [ -s "/etc/haproxy/haproxy.cfg" ]; then - /usr/sbin/haproxy -W -db -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/run/haproxy.pid & - fi - socat UNIX-LISTEN:${haproxy_sock},fork system:'bash -c msg_handler' - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/haproxy" - - name: run-dir - mountPath: "/var/run/haproxy" - livenessProbe: - initialDelaySeconds: 50 - httpGet: - path: /haproxy_ready - port: 50936 - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - - name: haproxy-monitor - securityContext: - privileged: true - image: {{ .Images.baremetalRuntimeCfgImage }} - command: - - "/bin/bash" - - "-c" - - | - cp /host/etc/resolv.conf /etc/resolv.conf - monitor /var/lib/kubelet/kubeconfig /config/haproxy.cfg.tmpl /etc/haproxy/haproxy.cfg --api-vip {{ .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP }} - resources: - requests: - cpu: 100m - memory: 200Mi - volumeMounts: - - name: conf-dir - mountPath: "/etc/haproxy" - - name: run-dir - mountPath: "/var/run/haproxy" - - name: resource-dir - mountPath: "/config" - - name: chroot-host - mountPath: "/host" - - name: kubeconfigvarlib - mountPath: "/var/lib/kubelet" - livenessProbe: - initialDelaySeconds: 10 - exec: - command: - - /bin/bash - - -c - - | - cmp /host/etc/resolv.conf /etc/resolv.conf - terminationMessagePolicy: FallbackToLogsOnError - imagePullPolicy: IfNotPresent - hostNetwork: true - tolerations: - - operator: Exists - priorityClassName: system-node-critical - status: {} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/master/00-master/vsphere/files/vsphere-keepalived-keepalived.yaml b/templates/master/00-master/vsphere/files/vsphere-keepalived-keepalived.yaml deleted file mode 100644 index 313eebe867..0000000000 --- a/templates/master/00-master/vsphere/files/vsphere-keepalived-keepalived.yaml +++ /dev/null @@ -1,109 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.tmpl" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - global_defs { - enable_script_security - script_user root - } - - # These are separate checks to provide the following behavior: - # If the loadbalanced endpoint is responding then all is well regardless - # of what the local api status is. Both checks will return success and - # we'll have the maximum priority. This means as long as there is a node - # with a functional loadbalancer it will get the VIP. - # If all of the loadbalancers go down but the local api is still running, - # the _both check will still succeed and allow any node with a functional - # api to take the VIP. This isn't preferred because it means all api - # traffic will go through one node, but at least it keeps the api available. - vrrp_script chk_ocp_lb { - script "/usr/bin/timeout 1.9 /etc/keepalived/chk_ocp_script.sh" - interval 2 - weight 20 - rise 3 - fall 2 - } - - vrrp_script chk_ocp_both { - script "/usr/bin/timeout 1.9 /etc/keepalived/chk_ocp_script_both.sh" - interval 2 - # Use a smaller weight for this check so it won't trigger the move from - # bootstrap to master by itself. - weight 5 - rise 3 - fall 2 - } - - # TODO: Improve this check. The port is assumed to be alive. - # Need to assess what is the ramification if the port is not there. - vrrp_script chk_ingress { - script "/usr/bin/timeout 0.9 /usr/bin/curl -o /dev/null -Lfs http://localhost:1936/healthz/ready" - interval 1 - weight 50 - } - - {{`{{$nonVirtualIP := .NonVirtualIP}}`}} - - vrrp_instance {{`{{ .Cluster.Name }}`}}_API { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.APIVirtualRouterID }}`}} - priority 40 - advert_int 1 - {{`{{if .EnableUnicast}}`}} - unicast_src_ip {{`{{.NonVirtualIP}}`}} - unicast_peer { - {{`{{ .BootstrapIP }}`}} - {{`{{range .LBConfig.Backends}} - {{if ne $nonVirtualIP .Address}}{{.Address}}{{end}} - {{end}}`}} - } - {{`{{end}}`}} - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_api_vip - } - virtual_ipaddress { - {{`{{ .Cluster.APIVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ocp_lb - chk_ocp_both - } - } - - vrrp_instance {{`{{ .Cluster.Name }}`}}_INGRESS { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.IngressVirtualRouterID }}`}} - priority 40 - advert_int 1 - {{`{{if .EnableUnicast}}`}} - unicast_src_ip {{`{{.NonVirtualIP}}`}} - unicast_peer { - {{`{{range .IngressConfig.Peers}} - {{if ne $nonVirtualIP .}}{{.}}{{end}} - {{end}}`}} - } - {{`{{end}}`}} - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_ingress_vip - } - virtual_ipaddress { - {{`{{ .Cluster.IngressVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ingress - } - } - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/master/00-master/vsphere/files/vsphere-keepalived-script-both.yaml b/templates/master/00-master/vsphere/files/vsphere-keepalived-script-both.yaml deleted file mode 100644 index 1b4e597711..0000000000 --- a/templates/master/00-master/vsphere/files/vsphere-keepalived-script-both.yaml +++ /dev/null @@ -1,6 +0,0 @@ -mode: 0755 -path: "/etc/kubernetes/static-pod-resources/keepalived/scripts/chk_ocp_script_both.sh.tmpl" -contents: - inline: | - #!/bin/bash - /usr/bin/curl -o /dev/null -kLfs https://localhost:{{`{{ .LBConfig.LbPort }}`}}/readyz && [ -e /var/run/keepalived/iptables-rule-exists ] || /usr/bin/curl -kLfs https://localhost:{{`{{ .LBConfig.ApiPort }}`}}/readyz diff --git a/templates/master/00-master/vsphere/files/vsphere-keepalived-script.yaml b/templates/master/00-master/vsphere/files/vsphere-keepalived-script.yaml deleted file mode 100644 index c500a60d2f..0000000000 --- a/templates/master/00-master/vsphere/files/vsphere-keepalived-script.yaml +++ /dev/null @@ -1,6 +0,0 @@ -mode: 0755 -path: "/etc/kubernetes/static-pod-resources/keepalived/scripts/chk_ocp_script.sh.tmpl" -contents: - inline: | - #!/bin/bash - /usr/bin/curl -o /dev/null -kLfs https://localhost:{{`{{ .LBConfig.LbPort }}`}}/readyz && [ -e /var/run/keepalived/iptables-rule-exists ] diff --git a/templates/master/00-master/vsphere/files/vsphere-mdns-config.yaml b/templates/master/00-master/vsphere/files/vsphere-mdns-config.yaml deleted file mode 100644 index 082d8c2453..0000000000 --- a/templates/master/00-master/vsphere/files/vsphere-mdns-config.yaml +++ /dev/null @@ -1,25 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/mdns/config.hcl.tmpl" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - bind_address = "{{`{{ .NonVirtualIP }}`}}" - collision_avoidance = "hostname" - - service { - name = "{{`{{ .Cluster.Name }}`}} Workstation" - host_name = "{{`{{ .ShortHostname }}`}}.local." - type = "_workstation._tcp" - domain = "local." - port = 42424 - ttl = 3200 - } - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/master/01-master-kubelet/baremetal/units/kubelet.service.yaml b/templates/master/01-master-kubelet/on-prem/units/kubelet.service.yaml similarity index 100% rename from templates/master/01-master-kubelet/baremetal/units/kubelet.service.yaml rename to templates/master/01-master-kubelet/on-prem/units/kubelet.service.yaml diff --git a/templates/master/01-master-kubelet/openstack/units/kubelet.service.yaml b/templates/master/01-master-kubelet/openstack/units/kubelet.service.yaml deleted file mode 100644 index 726075348b..0000000000 --- a/templates/master/01-master-kubelet/openstack/units/kubelet.service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -name: kubelet.service -enabled: true -contents: | - [Unit] - Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target crio.service - After=network-online.target crio.service - - [Service] - Type=notify - ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests - ExecStartPre=/bin/rm -f /var/lib/kubelet/cpu_manager_state - Environment="KUBELET_LOG_LEVEL=4" - EnvironmentFile=/etc/os-release - EnvironmentFile=-/etc/kubernetes/kubelet-workaround - EnvironmentFile=-/etc/kubernetes/kubelet-env - - ExecStart=/usr/bin/hyperkube \ - kubelet \ - --config=/etc/kubernetes/kubelet.conf \ - --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \ - --kubeconfig=/var/lib/kubelet/kubeconfig \ - --container-runtime=remote \ - --container-runtime-endpoint=/var/run/crio/crio.sock \ - --runtime-cgroups=/system.slice/crio.service \ - --node-labels=node-role.kubernetes.io/master,node.openshift.io/os_id=${ID} \ - --node-ip=${KUBELET_NODE_IP} \ - --address=${KUBELET_NODE_IP} \ - --minimum-container-ttl-duration=6m0s \ - --cloud-provider={{cloudProvider .}} \ - --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec \ - {{cloudConfigFlag . }} \ - --register-with-taints=node-role.kubernetes.io/master=:NoSchedule \ - --pod-infra-container-image={{.Images.infraImageKey}} \ - --v=${KUBELET_LOG_LEVEL} - - Restart=always - RestartSec=10 - - [Install] - WantedBy=multi-user.target diff --git a/templates/master/01-master-kubelet/vsphere/units/kubelet.service.yaml b/templates/master/01-master-kubelet/vsphere/units/kubelet.service.yaml deleted file mode 100644 index fae4c529ae..0000000000 --- a/templates/master/01-master-kubelet/vsphere/units/kubelet.service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -name: kubelet.service -enabled: true -contents: | - [Unit] - Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target crio.service - After=network-online.target crio.service - - [Service] - Type=notify - ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests - ExecStartPre=/bin/rm -f /var/lib/kubelet/cpu_manager_state - Environment="KUBELET_LOG_LEVEL=4" - EnvironmentFile=/etc/os-release - EnvironmentFile=-/etc/kubernetes/kubelet-workaround - EnvironmentFile=-/etc/kubernetes/kubelet-env - - ExecStart=/usr/bin/hyperkube \ - kubelet \ - --config=/etc/kubernetes/kubelet.conf \ - --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \ - --kubeconfig=/var/lib/kubelet/kubeconfig \ - --container-runtime=remote \ - --container-runtime-endpoint=/var/run/crio/crio.sock \ - --runtime-cgroups=/system.slice/crio.service \ - --node-labels=node-role.kubernetes.io/master,node.openshift.io/os_id=${ID} \ - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - --node-ip=${KUBELET_NODE_IP} \ - --address=${KUBELET_NODE_IP} \ - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - --minimum-container-ttl-duration=6m0s \ - --cloud-provider={{cloudProvider .}} \ - --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec \ - {{cloudConfigFlag . }} \ - --register-with-taints=node-role.kubernetes.io/master=:NoSchedule \ - --pod-infra-container-image={{.Images.infraImageKey}} \ - --v=${KUBELET_LOG_LEVEL} - - Restart=always - RestartSec=10 - - [Install] - WantedBy=multi-user.target diff --git a/templates/worker/00-worker/baremetal/files/baremetal-mdns-config.yaml b/templates/worker/00-worker/baremetal/files/baremetal-mdns-config.yaml deleted file mode 100644 index a050972ac6..0000000000 --- a/templates/worker/00-worker/baremetal/files/baremetal-mdns-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/mdns/config.hcl.tmpl" -contents: - inline: | - bind_address = "{{`{{ .NonVirtualIP }}`}}" - collision_avoidance = "hostname" - - service { - name = "{{`{{ .Cluster.Name }}`}} Workstation" - host_name = "{{`{{ .ShortHostname }}`}}.local." - type = "_workstation._tcp" - domain = "local." - port = 42424 - ttl = 3200 - } diff --git a/templates/worker/00-worker/baremetal/files/baremetal-keepalived-keepalived.yaml b/templates/worker/00-worker/on-prem/files/keepalived-keepalived.yaml similarity index 100% rename from templates/worker/00-worker/baremetal/files/baremetal-keepalived-keepalived.yaml rename to templates/worker/00-worker/on-prem/files/keepalived-keepalived.yaml diff --git a/templates/master/00-master/ovirt/files/ovirt-mdns-config.yaml b/templates/worker/00-worker/on-prem/files/mdns-config.yaml similarity index 100% rename from templates/master/00-master/ovirt/files/ovirt-mdns-config.yaml rename to templates/worker/00-worker/on-prem/files/mdns-config.yaml diff --git a/templates/worker/00-worker/openstack/files/openstack-keepalived-keepalived.yaml b/templates/worker/00-worker/openstack/files/openstack-keepalived-keepalived.yaml deleted file mode 100644 index d5ec06da0a..0000000000 --- a/templates/worker/00-worker/openstack/files/openstack-keepalived-keepalived.yaml +++ /dev/null @@ -1,28 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.tmpl" -contents: - inline: | - # TODO: Improve this check. The port is assumed to be alive. - # Need to assess what is the ramification if the port is not there. - vrrp_script chk_ingress { - script "/usr/bin/timeout 0.9 /usr/bin/curl -o /dev/null -Lfs http://localhost:1936/healthz/ready" - interval 1 - weight 50 - } - vrrp_instance {{`{{ .Cluster.Name }}`}}_INGRESS { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.IngressVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_ingress_vip - } - virtual_ipaddress { - {{`{{ .Cluster.IngressVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ingress - } - } diff --git a/templates/worker/00-worker/openstack/files/openstack-mdns-config.yaml b/templates/worker/00-worker/openstack/files/openstack-mdns-config.yaml deleted file mode 100644 index ad82c2e45d..0000000000 --- a/templates/worker/00-worker/openstack/files/openstack-mdns-config.yaml +++ /dev/null @@ -1,14 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/mdns/config.hcl.tmpl" -contents: - inline: | - bind_address = "{{`{{ .NonVirtualIP }}`}}" - collision_avoidance = "hostname" - service { - name = "{{`{{ .Cluster.Name }}`}} Workstation" - host_name = "{{`{{ .ShortHostname }}`}}.local." - type = "_workstation._tcp" - domain = "local." - port = 42424 - ttl = 3200 - } diff --git a/templates/worker/00-worker/ovirt/files/ovirt-keepalived-keepalived.yaml b/templates/worker/00-worker/ovirt/files/ovirt-keepalived-keepalived.yaml deleted file mode 100644 index 37f64d04f7..0000000000 --- a/templates/worker/00-worker/ovirt/files/ovirt-keepalived-keepalived.yaml +++ /dev/null @@ -1,29 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.tmpl" -contents: - inline: | - # TODO: Improve this check. The port is assumed to be alive. - # Need to assess what is the ramification if the port is not there. - vrrp_script chk_ingress { - script "/usr/bin/timeout 0.9 /usr/bin/curl -o /dev/null -Lfs http://localhost:1936/healthz/ready" - interval 1 - weight 50 - } - - vrrp_instance {{`{{ .Cluster.Name }}`}}_INGRESS { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.IngressVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_ingress_vip - } - virtual_ipaddress { - {{`{{ .Cluster.IngressVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ingress - } - } diff --git a/templates/worker/00-worker/ovirt/files/ovirt-mdns-config.yaml b/templates/worker/00-worker/ovirt/files/ovirt-mdns-config.yaml deleted file mode 100644 index a050972ac6..0000000000 --- a/templates/worker/00-worker/ovirt/files/ovirt-mdns-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/mdns/config.hcl.tmpl" -contents: - inline: | - bind_address = "{{`{{ .NonVirtualIP }}`}}" - collision_avoidance = "hostname" - - service { - name = "{{`{{ .Cluster.Name }}`}} Workstation" - host_name = "{{`{{ .ShortHostname }}`}}.local." - type = "_workstation._tcp" - domain = "local." - port = 42424 - ttl = 3200 - } diff --git a/templates/worker/00-worker/vsphere/files/vsphere-keepalived-keepalived.yaml b/templates/worker/00-worker/vsphere/files/vsphere-keepalived-keepalived.yaml deleted file mode 100644 index 1a430edfcb..0000000000 --- a/templates/worker/00-worker/vsphere/files/vsphere-keepalived-keepalived.yaml +++ /dev/null @@ -1,39 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.tmpl" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - # TODO: Improve this check. The port is assumed to be alive. - # Need to assess what is the ramification if the port is not there. - vrrp_script chk_ingress { - script "/usr/bin/timeout 0.9 /usr/bin/curl -o /dev/null -Lfs http://localhost:1936/healthz/ready" - interval 1 - weight 50 - } - - vrrp_instance {{`{{ .Cluster.Name }}`}}_INGRESS { - state BACKUP - interface {{`{{ .VRRPInterface }}`}} - virtual_router_id {{`{{ .Cluster.IngressVirtualRouterID }}`}} - priority 40 - advert_int 1 - authentication { - auth_type PASS - auth_pass {{`{{ .Cluster.Name }}`}}_ingress_vip - } - virtual_ipaddress { - {{`{{ .Cluster.IngressVIP }}`}}/{{`{{ .Cluster.VIPNetmask }}`}} - } - track_script { - chk_ingress - } - } - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/worker/00-worker/vsphere/files/vsphere-mdns-config.yaml b/templates/worker/00-worker/vsphere/files/vsphere-mdns-config.yaml deleted file mode 100644 index 082d8c2453..0000000000 --- a/templates/worker/00-worker/vsphere/files/vsphere-mdns-config.yaml +++ /dev/null @@ -1,25 +0,0 @@ -mode: 0644 -path: "/etc/kubernetes/static-pod-resources/mdns/config.hcl.tmpl" -contents: - inline: | - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - bind_address = "{{`{{ .NonVirtualIP }}`}}" - collision_avoidance = "hostname" - - service { - name = "{{`{{ .Cluster.Name }}`}} Workstation" - host_name = "{{`{{ .ShortHostname }}`}}.local." - type = "_workstation._tcp" - domain = "local." - port = 42424 - ttl = 3200 - } - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} diff --git a/templates/worker/01-worker-kubelet/baremetal/units/kubelet.service.yaml b/templates/worker/01-worker-kubelet/on-prem/units/kubelet.service.yaml similarity index 100% rename from templates/worker/01-worker-kubelet/baremetal/units/kubelet.service.yaml rename to templates/worker/01-worker-kubelet/on-prem/units/kubelet.service.yaml diff --git a/templates/worker/01-worker-kubelet/openstack/units/kubelet.service.yaml b/templates/worker/01-worker-kubelet/openstack/units/kubelet.service.yaml deleted file mode 100644 index 00375bc825..0000000000 --- a/templates/worker/01-worker-kubelet/openstack/units/kubelet.service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: kubelet.service -enabled: true -contents: | - [Unit] - Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target crio.service - After=network-online.target crio.service - - [Service] - Type=notify - ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests - ExecStartPre=/bin/rm -f /var/lib/kubelet/cpu_manager_state - Environment="KUBELET_LOG_LEVEL=4" - EnvironmentFile=/etc/os-release - EnvironmentFile=-/etc/kubernetes/kubelet-workaround - EnvironmentFile=-/etc/kubernetes/kubelet-env - - ExecStart=/usr/bin/hyperkube \ - kubelet \ - --config=/etc/kubernetes/kubelet.conf \ - --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \ - --kubeconfig=/var/lib/kubelet/kubeconfig \ - --container-runtime=remote \ - --container-runtime-endpoint=/var/run/crio/crio.sock \ - --runtime-cgroups=/system.slice/crio.service \ - --node-labels=node-role.kubernetes.io/worker,node.openshift.io/os_id=${ID} \ - --node-ip=${KUBELET_NODE_IP} \ - --address=${KUBELET_NODE_IP} \ - --minimum-container-ttl-duration=6m0s \ - --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec \ - --cloud-provider={{cloudProvider .}} \ - {{cloudConfigFlag . }} \ - --pod-infra-container-image={{.Images.infraImageKey}} \ - --v=${KUBELET_LOG_LEVEL} - - Restart=always - RestartSec=10 - - [Install] - WantedBy=multi-user.target diff --git a/templates/worker/01-worker-kubelet/vsphere/units/kubelet.service.yaml b/templates/worker/01-worker-kubelet/vsphere/units/kubelet.service.yaml deleted file mode 100644 index 281a0183c7..0000000000 --- a/templates/worker/01-worker-kubelet/vsphere/units/kubelet.service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: kubelet.service -enabled: true -contents: | - [Unit] - Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target crio.service - After=network-online.target crio.service - - [Service] - Type=notify - ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests - ExecStartPre=/bin/rm -f /var/lib/kubelet/cpu_manager_state - Environment="KUBELET_LOG_LEVEL=4" - EnvironmentFile=/etc/os-release - EnvironmentFile=-/etc/kubernetes/kubelet-workaround - EnvironmentFile=-/etc/kubernetes/kubelet-env - - ExecStart=/usr/bin/hyperkube \ - kubelet \ - --config=/etc/kubernetes/kubelet.conf \ - --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \ - --kubeconfig=/var/lib/kubelet/kubeconfig \ - --container-runtime=remote \ - --container-runtime-endpoint=/var/run/crio/crio.sock \ - --runtime-cgroups=/system.slice/crio.service \ - --node-labels=node-role.kubernetes.io/worker,node.openshift.io/os_id=${ID} \ - {{ if .Infra -}} - {{ if .Infra.Status -}} - {{ if .Infra.Status.PlatformStatus -}} - {{ if .Infra.Status.PlatformStatus.VSphere -}} - {{ if .Infra.Status.PlatformStatus.VSphere.APIServerInternalIP -}} - --node-ip=${KUBELET_NODE_IP} \ - --address=${KUBELET_NODE_IP} \ - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - {{ end -}} - --minimum-container-ttl-duration=6m0s \ - --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec \ - --cloud-provider={{cloudProvider .}} \ - {{cloudConfigFlag . }} \ - --pod-infra-container-image={{.Images.infraImageKey}} \ - --v=${KUBELET_LOG_LEVEL} - - Restart=always - RestartSec=10 - - [Install] - WantedBy=multi-user.target