diff --git a/assets/components/openshift-router/deployment.yaml b/assets/components/openshift-router/deployment.yaml index ec142540b7..f34ff7a8cf 100644 --- a/assets/components/openshift-router/deployment.yaml +++ b/assets/components/openshift-router/deployment.yaml @@ -34,7 +34,7 @@ spec: - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME - value: router-default.apps.{{ .ClusterDomain }} + value: router-default.apps.{{ .ClusterName }}.{{ .BaseDomain }} - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES @@ -62,7 +62,7 @@ spec: - name: GRACEFUL_SHUTDOWN_DELAY value: 1s - name: ROUTER_DOMAIN - value: apps.{{ .ClusterDomain }} + value: apps.{{ .ClusterName }}.{{ .BaseDomain }} livenessProbe: httpGet: path: /healthz diff --git a/docs/howto_config.md b/docs/howto_config.md index cd1d9402f5..12b0ecfd53 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -15,13 +15,14 @@ subjectAltNames: nodeName: "" nodeIP: "" url: "" -clusterDomain: "" network: clusterNetwork: - cidr: "" serviceNetwork: - "" serviceNodePortRange: "" +dns: + baseDomain: "" debugging: logLevel: "" ``` @@ -33,7 +34,7 @@ The configuration settings alongside with the supported command line arguments a | cidr (clusterNetwork) | --cluster-cidr | MICROSHIFT_CLUSTER_CLUSTERCIDR | A block of IP addresses from which Pod IP addresses are allocated | serviceNetwork | --service-cidr | MICROSHIFT_CLUSTER_SERVICECIDR | A block of virtual IP addresses for Kubernetes services | serviceNodePortRange | --service-node-port-range | MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE | The port range allowed for Kubernetes services of type NodePort -| clusterDomain | --cluster-domain | MICROSHIFT_CLUSTER_DOMAIN | Base DNS domain used to construct fully qualified pod and service domain names +| baseDomain | --base-domain | MICROSHIFT_BASEDOMAIN | Base DNS domain used to construct fully qualified router and API domain names. | url | --url | MICROSHIFT_CLUSTER_URL | URL of the API server for the cluster. | nodeIP | --node-ip | MICROSHIFT_NODEIP | The IP address of the node, defaults to IP of the default route | nodeName | --node-name | MICROSHIFT_NODENAME | The name of the node, defaults to hostname @@ -48,13 +49,14 @@ In case `config.yaml` is not provided, the following default settings will be us nodeName: "" nodeIP: "" url: https://127.0.0.1:6443 -clusterDomain: cluster.local network: clusterNetwork: - cidr: 10.42.0.0/16 serviceNetwork: - 10.43.0.0/16 serviceNodePortRange: 30000-32767 +dns: + baseDomain: example.com debugging: logLevel: "Normal" ``` diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index a2fa6072c9..51f75cc173 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -214,7 +214,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays, }, Hostnames: []string{ - "router-default.apps." + cfg.Cluster.Domain, + "*.apps.microshift." + cfg.BaseDomain, // wildcard for any additional auto-generated domains }, }, ), @@ -231,7 +231,14 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err Name: "kube-external-serving", ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays, }, - Hostnames: append(cfg.SubjectAltNames, cfg.NodeName), + Hostnames: append( + cfg.SubjectAltNames, + cfg.NodeName, + "api."+config.DefaultClusterName+"."+cfg.BaseDomain, + // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + // but we don't have a ClusterName parameter yet, using microshift + // for now + ), }, ), @@ -271,6 +278,8 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err "openshift.default", "openshift.default.svc", "openshift.default.svc.cluster.local", + "api." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + "api-int." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain apiServerServiceIP.String(), }, }, diff --git a/pkg/cmd/run.go b/pkg/cmd/run.go index f00d96c356..e3ebb96981 100644 --- a/pkg/cmd/run.go +++ b/pkg/cmd/run.go @@ -36,7 +36,7 @@ func addRunFlags(cmd *cobra.Command, cfg *config.MicroshiftConfig) { flags.String("cluster-cidr", cfg.Cluster.ClusterCIDR, "The IP range in CIDR notation for pods in the cluster.") flags.String("service-cidr", cfg.Cluster.ServiceCIDR, "The IP range in CIDR notation for services in the cluster.") flags.String("service-node-port-range", cfg.Cluster.ServiceNodePortRange, "The port range to reserve for services with NodePort visibility. This must not overlap with the ephemeral port range on nodes.") - flags.String("cluster-domain", cfg.Cluster.Domain, "Domain for this cluster.") + flags.String("base-domain", cfg.BaseDomain, "Base domain for this cluster.") } func NewRunMicroshiftCommand() *cobra.Command { @@ -75,7 +75,8 @@ func RunMicroshift(cfg *config.MicroshiftConfig, flags *pflag.FlagSet) error { cfg.Cluster.ClusterCIDR, cfg.Cluster.ServiceCIDR, ".svc", - "."+cfg.Cluster.Domain); err != nil { + ".cluster.local", + "."+cfg.BaseDomain); err != nil { klog.Fatal(err) } diff --git a/pkg/components/render.go b/pkg/components/render.go index 9638ac84e0..1a79780050 100755 --- a/pkg/components/render.go +++ b/pkg/components/render.go @@ -22,13 +22,14 @@ var templateFuncs = map[string]interface{}{ func renderParamsFromConfig(cfg *config.MicroshiftConfig, extra assets.RenderParams) assets.RenderParams { params := map[string]interface{}{ - "ReleaseImage": release.Image, - "NodeName": cfg.NodeName, - "NodeIP": cfg.NodeIP, - "ClusterCIDR": cfg.Cluster.ClusterCIDR, - "ServiceCIDR": cfg.Cluster.ServiceCIDR, - "ClusterDNS": cfg.Cluster.DNS, - "ClusterDomain": cfg.Cluster.Domain, + "ReleaseImage": release.Image, + "NodeName": cfg.NodeName, + "NodeIP": cfg.NodeIP, + "ClusterCIDR": cfg.Cluster.ClusterCIDR, + "ServiceCIDR": cfg.Cluster.ServiceCIDR, + "ClusterDNS": cfg.Cluster.DNS, + "BaseDomain": cfg.BaseDomain, + "ClusterName": config.DefaultClusterName, } for k, v := range extra { params[k] = v diff --git a/pkg/config/config.go b/pkg/config/config.go index e9ab8b6f54..6e61b389d1 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,6 +35,7 @@ const ( defaultManifestDirEtc = "/etc/microshift/manifests" // for files embedded in ostree. i.e. cni/other component customizations defaultManifestDirLib = "/usr/lib/microshift/manifests" + DefaultClusterName = "microshift" ) var ( @@ -44,13 +45,11 @@ var ( ) type ClusterConfig struct { - URL string `json:"url"` - + URL string `json:"url"` ClusterCIDR string `json:"clusterCIDR"` ServiceCIDR string `json:"serviceCIDR"` ServiceNodePortRange string `json:"serviceNodePortRange"` DNS string `json:"-"` - Domain string `json:"domain"` } type IngressConfig struct { @@ -61,22 +60,22 @@ type IngressConfig struct { type MicroshiftConfig struct { LogVLevel int `json:"logVLevel"` - SubjectAltNames []string `json:"subjectAltNames"` - NodeName string `json:"nodeName"` - NodeIP string `json:"nodeIP"` - - Cluster ClusterConfig `json:"cluster"` + SubjectAltNames []string `json:"subjectAltNames"` + NodeName string `json:"nodeName"` + NodeIP string `json:"nodeIP"` + BaseDomain string `json:"baseDomain"` + Cluster ClusterConfig `json:"cluster"` Ingress IngressConfig `json:"-"` } -// Top level config +// Top level config file type Config struct { NodeName string `json:"nodeName"` NodeIP string `json:"nodeIP"` URL string `json:"url"` - ClusterDomain string `json:"clusterDomain"` Network Network `json:"network"` + DNS DNS `json:"dns"` Debugging Debugging `json:"debugging"` SubjectAltNames []string `json:"subjectAltNames"` } @@ -106,6 +105,19 @@ type ClusterNetworkEntry struct { CIDR string `json:"cidr,omitempty"` } +type DNS struct { + // baseDomain is the base domain of the cluster. All managed DNS records will + // be sub-domains of this base. + // + // For example, given the base domain `example.com`, router exposed + // domains will be formed as `*.apps.microshift.example.com` by default, + // and API service will have a DNS entry for `api.microshift.example.com`, + // as well as "api-int.microshift.example.com" for internal k8s API access. + // + // Once set, this field cannot be changed. + BaseDomain string `json:"baseDomain"` +} + type Debugging struct { // Valid values are: "Normal", "Debug", "Trace", "TraceAll". // Defaults to "Normal". @@ -180,12 +192,12 @@ func NewMicroshiftConfig() *MicroshiftConfig { SubjectAltNames: subjectAltNames, NodeName: nodeName, NodeIP: nodeIP, + BaseDomain: "example.com", Cluster: ClusterConfig{ URL: "https://127.0.0.1:6443", ClusterCIDR: "10.42.0.0/16", ServiceCIDR: "10.43.0.0/16", ServiceNodePortRange: "30000-32767", - Domain: "cluster.local", }, } } @@ -333,8 +345,8 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { if config.Network.ServiceNodePortRange != "" { c.Cluster.ServiceNodePortRange = config.Network.ServiceNodePortRange } - if config.ClusterDomain != "" { - c.Cluster.Domain = config.ClusterDomain + if config.DNS.BaseDomain != "" { + c.BaseDomain = config.DNS.BaseDomain } if len(config.SubjectAltNames) > 0 { c.SubjectAltNames = config.SubjectAltNames @@ -375,8 +387,8 @@ func (c *MicroshiftConfig) ReadFromCmdLine(flags *pflag.FlagSet) error { if s, err := flags.GetString("service-node-port-range"); err == nil && flags.Changed("service-node-port-range") { c.Cluster.ServiceNodePortRange = s } - if s, err := flags.GetString("cluster-domain"); err == nil && flags.Changed("cluster-domain") { - c.Cluster.Domain = s + if s, err := flags.GetString("base-domain"); err == nil && flags.Changed("base-domain") { + c.BaseDomain = s } return nil diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index fb6c8e6af0..6b0de119ec 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -62,12 +62,12 @@ func TestCommandLineConfig(t *testing.T) { SubjectAltNames: []string{"node1"}, NodeName: "node1", NodeIP: "1.2.3.4", + BaseDomain: "example.com", Cluster: ClusterConfig{ URL: "https://1.2.3.4:6443", ClusterCIDR: "10.20.30.40/16", ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", - Domain: "cluster.local", }, }, err: nil, @@ -87,7 +87,7 @@ func TestCommandLineConfig(t *testing.T) { flags.String("cluster-cidr", config.Cluster.ClusterCIDR, "") flags.String("service-cidr", config.Cluster.ServiceCIDR, "") flags.String("service-node-port-range", config.Cluster.ServiceNodePortRange, "") - flags.String("cluster-domain", config.Cluster.Domain, "") + flags.String("base-domain", config.BaseDomain, "") // parse the flags var err error @@ -100,7 +100,7 @@ func TestCommandLineConfig(t *testing.T) { "--cluster-cidr=" + tt.config.Cluster.ClusterCIDR, "--service-cidr=" + tt.config.Cluster.ServiceCIDR, "--service-node-port-range=" + tt.config.Cluster.ServiceNodePortRange, - "--cluster-domain=" + tt.config.Cluster.Domain, + "--base-domain=" + tt.config.BaseDomain, }) if err != nil { t.Errorf("failed to parse command line flags: %s", err) @@ -134,12 +134,12 @@ func TestEnvironmentVariableConfig(t *testing.T) { SubjectAltNames: []string{"node1", "node2"}, NodeName: "node1", NodeIP: "1.2.3.4", + BaseDomain: "example.com", Cluster: ClusterConfig{ URL: "https://cluster.com:4343/endpoint", ClusterCIDR: "10.20.30.40/16", ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", - Domain: "cluster.local", }, }, err: nil, @@ -151,11 +151,11 @@ func TestEnvironmentVariableConfig(t *testing.T) { {"MICROSHIFT_NODENAME", "node1"}, {"MICROSHIFT_SUBJECTALTNAMES", "node1,node2"}, {"MICROSHIFT_NODEIP", "1.2.3.4"}, + {"MICROSHIFT_BASEDOMAIN", "example.com"}, {"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"}, {"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"}, {"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"}, {"MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE", "1024-32767"}, - {"MICROSHIFT_CLUSTER_DOMAIN", "cluster.local"}, }, }, { @@ -164,12 +164,12 @@ func TestEnvironmentVariableConfig(t *testing.T) { SubjectAltNames: []string{"node1"}, NodeName: "node1", NodeIP: "1.2.3.4", + BaseDomain: "another.example.com", Cluster: ClusterConfig{ URL: "https://cluster.com:4343/endpoint", ClusterCIDR: "10.20.30.40/16", ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", - Domain: "cluster.local", }, }, err: nil, @@ -181,6 +181,7 @@ func TestEnvironmentVariableConfig(t *testing.T) { {"MICROSHIFT_NODENAME", "node1"}, {"MICROSHIFT_SUBJECTALTNAMES", "node1"}, {"MICROSHIFT_NODEIP", "1.2.3.4"}, + {"MICROSHIFT_BASEDOMAIN", "another.example.com"}, {"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"}, {"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"}, {"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"}, diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index cbf9a7bd36..802a75a061 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -165,7 +165,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) error { APIVersion: "route.openshift.io/v1", Kind: "HostAssignmentAdmissionConfig", }, - Domain: cfg.Cluster.Domain, + Domain: config.DefaultClusterName + "." + cfg.BaseDomain, }, }, }, diff --git a/pkg/node/kubelet.go b/pkg/node/kubelet.go index b67dddadf6..c08258acd4 100644 --- a/pkg/node/kubelet.go +++ b/pkg/node/kubelet.go @@ -113,7 +113,7 @@ failSwapOn: false volumePluginDir: ` + microshiftDataDir + `/kubelet-plugins/volume/exec clusterDNS: - ` + cfg.Cluster.DNS + ` -clusterDomain: ` + cfg.Cluster.Domain + ` +clusterDomain: cluster.local containerLogMaxSize: 50Mi maxPods: 250 kubeAPIQPS: 50 diff --git a/test/config.yaml b/test/config.yaml index a5cac9158b..02f0d38f61 100644 --- a/test/config.yaml +++ b/test/config.yaml @@ -4,12 +4,13 @@ subjectAltNames: nodeName: node1 nodeIP: '1.2.3.4' url: https://127.0.0.1:6443 -clusterDomain: 'cluster.local' network: clusterNetwork: - cidr: '10.20.30.40/16' serviceNetwork: - '40.30.20.10/16' serviceNodePortRange: 30000-32767 +dns: + baseDomain: 'example.com' debugging: logLevel: 'Debug'