From d46c74bfd1e83b9356499b8718b47ad40b563dd4 Mon Sep 17 00:00:00 2001 From: Miguel Angel Ajo Date: Wed, 7 Dec 2022 15:56:21 +0100 Subject: [PATCH 1/5] Re-introduce PR#1030 baseDomain patch Co-authored-by: Vu Dinh Co-authored-by: Damien Grisonnet --- docs/howto_config.md | 8 +++++--- pkg/config/config.go | 17 ++++++++++++++--- test/config.yaml | 3 ++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/docs/howto_config.md b/docs/howto_config.md index cd1d9402f5..0c7091d52e 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -15,13 +15,14 @@ subjectAltNames: nodeName: "" nodeIP: "" url: "" -clusterDomain: "" network: clusterNetwork: - cidr: "" serviceNetwork: - "" serviceNodePortRange: "" +dns: + baseDomain: "" debugging: logLevel: "" ``` @@ -33,7 +34,7 @@ The configuration settings alongside with the supported command line arguments a | cidr (clusterNetwork) | --cluster-cidr | MICROSHIFT_CLUSTER_CLUSTERCIDR | A block of IP addresses from which Pod IP addresses are allocated | serviceNetwork | --service-cidr | MICROSHIFT_CLUSTER_SERVICECIDR | A block of virtual IP addresses for Kubernetes services | serviceNodePortRange | --service-node-port-range | MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE | The port range allowed for Kubernetes services of type NodePort -| clusterDomain | --cluster-domain | MICROSHIFT_CLUSTER_DOMAIN | Base DNS domain used to construct fully qualified pod and service domain names +| baseDomain | --cluster-domain | MICROSHIFT_CLUSTER_DOMAIN | Base DNS domain used to construct fully qualified pod and service domain names | url | --url | MICROSHIFT_CLUSTER_URL | URL of the API server for the cluster. | nodeIP | --node-ip | MICROSHIFT_NODEIP | The IP address of the node, defaults to IP of the default route | nodeName | --node-name | MICROSHIFT_NODENAME | The name of the node, defaults to hostname @@ -48,13 +49,14 @@ In case `config.yaml` is not provided, the following default settings will be us nodeName: "" nodeIP: "" url: https://127.0.0.1:6443 -clusterDomain: cluster.local network: clusterNetwork: - cidr: 10.42.0.0/16 serviceNetwork: - 10.43.0.0/16 serviceNodePortRange: 30000-32767 +dns: + baseDomain: cluster.local debugging: logLevel: "Normal" ``` diff --git a/pkg/config/config.go b/pkg/config/config.go index e9ab8b6f54..143cf911df 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -75,8 +75,8 @@ type Config struct { NodeName string `json:"nodeName"` NodeIP string `json:"nodeIP"` URL string `json:"url"` - ClusterDomain string `json:"clusterDomain"` Network Network `json:"network"` + DNS DNS `json:"dns"` Debugging Debugging `json:"debugging"` SubjectAltNames []string `json:"subjectAltNames"` } @@ -106,6 +106,17 @@ type ClusterNetworkEntry struct { CIDR string `json:"cidr,omitempty"` } +type DNS struct { + // baseDomain is the base domain of the cluster. All managed DNS records will + // be sub-domains of this base. + // + // For example, given the base domain `openshift.example.com`, an API server + // DNS record may be created for `cluster-api.openshift.example.com`. + // + // Once set, this field cannot be changed. + BaseDomain string `json:"baseDomain"` +} + type Debugging struct { // Valid values are: "Normal", "Debug", "Trace", "TraceAll". // Defaults to "Normal". @@ -333,8 +344,8 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { if config.Network.ServiceNodePortRange != "" { c.Cluster.ServiceNodePortRange = config.Network.ServiceNodePortRange } - if config.ClusterDomain != "" { - c.Cluster.Domain = config.ClusterDomain + if config.DNS.BaseDomain != "" { + c.Cluster.Domain = config.DNS.BaseDomain } if len(config.SubjectAltNames) > 0 { c.SubjectAltNames = config.SubjectAltNames diff --git a/test/config.yaml b/test/config.yaml index a5cac9158b..83950e595b 100644 --- a/test/config.yaml +++ b/test/config.yaml @@ -4,12 +4,13 @@ subjectAltNames: nodeName: node1 nodeIP: '1.2.3.4' url: https://127.0.0.1:6443 -clusterDomain: 'cluster.local' network: clusterNetwork: - cidr: '10.20.30.40/16' serviceNetwork: - '40.30.20.10/16' serviceNodePortRange: 30000-32767 +dns: + baseDomain: 'cluster.local' debugging: logLevel: 'Debug' From 5147e3fac8b87e1096d3fc0c51bc9788c003f87c Mon Sep 17 00:00:00 2001 From: Miguel Angel Ajo Date: Wed, 7 Dec 2022 17:31:09 +0100 Subject: [PATCH 2/5] USHIFT-664 Backend logic to baseDomain ClusterDomain is removed in the previous commit, since OpenShift seems to always hardcode "cluster.local" in the DNS operator. BaseDomain is propagated down to the right places, like TLS certificate generation, and injected into the router pod. --- .../openshift-router/deployment.yaml | 4 ++-- docs/howto_config.md | 2 +- pkg/cmd/init.go | 12 ++++++++-- pkg/cmd/run.go | 5 +++-- pkg/components/render.go | 14 ++++++------ pkg/config/config.go | 22 +++++++++---------- pkg/config/config_test.go | 13 ++++++----- pkg/controllers/kube-apiserver.go | 2 +- pkg/node/kubelet.go | 2 +- test/config.yaml | 2 +- 10 files changed, 44 insertions(+), 34 deletions(-) diff --git a/assets/components/openshift-router/deployment.yaml b/assets/components/openshift-router/deployment.yaml index ec142540b7..60d3d5ad8b 100644 --- a/assets/components/openshift-router/deployment.yaml +++ b/assets/components/openshift-router/deployment.yaml @@ -34,7 +34,7 @@ spec: - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME - value: router-default.apps.{{ .ClusterDomain }} + value: router-default.apps.{{ .BaseDomain }} - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES @@ -62,7 +62,7 @@ spec: - name: GRACEFUL_SHUTDOWN_DELAY value: 1s - name: ROUTER_DOMAIN - value: apps.{{ .ClusterDomain }} + value: apps.{{ .BaseDomain }} livenessProbe: httpGet: path: /healthz diff --git a/docs/howto_config.md b/docs/howto_config.md index 0c7091d52e..908cce4707 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -34,7 +34,7 @@ The configuration settings alongside with the supported command line arguments a | cidr (clusterNetwork) | --cluster-cidr | MICROSHIFT_CLUSTER_CLUSTERCIDR | A block of IP addresses from which Pod IP addresses are allocated | serviceNetwork | --service-cidr | MICROSHIFT_CLUSTER_SERVICECIDR | A block of virtual IP addresses for Kubernetes services | serviceNodePortRange | --service-node-port-range | MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE | The port range allowed for Kubernetes services of type NodePort -| baseDomain | --cluster-domain | MICROSHIFT_CLUSTER_DOMAIN | Base DNS domain used to construct fully qualified pod and service domain names +| baseDomain | --base-domain | MICROSHIFT_BASEDOMAIN | Base DNS domain used to construct fully qualified pod and service domain names | url | --url | MICROSHIFT_CLUSTER_URL | URL of the API server for the cluster. | nodeIP | --node-ip | MICROSHIFT_NODEIP | The IP address of the node, defaults to IP of the default route | nodeName | --node-name | MICROSHIFT_NODENAME | The name of the node, defaults to hostname diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index a2fa6072c9..81056940e7 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -214,7 +214,8 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays, }, Hostnames: []string{ - "router-default.apps." + cfg.Cluster.Domain, + "router-default.apps." + cfg.BaseDomain, + "*.apps." + cfg.BaseDomain, // wildcard for any additional auto-generated domains }, }, ), @@ -231,7 +232,13 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err Name: "kube-external-serving", ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays, }, - Hostnames: append(cfg.SubjectAltNames, cfg.NodeName), + Hostnames: append( + cfg.SubjectAltNames, + cfg.NodeName, + "api."+cfg.BaseDomain, + // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + // but we don't have a ClusterName parameter yet. + ), }, ), @@ -271,6 +278,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err "openshift.default", "openshift.default.svc", "openshift.default.svc.cluster.local", + "api-int." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain apiServerServiceIP.String(), }, }, diff --git a/pkg/cmd/run.go b/pkg/cmd/run.go index f00d96c356..e3ebb96981 100644 --- a/pkg/cmd/run.go +++ b/pkg/cmd/run.go @@ -36,7 +36,7 @@ func addRunFlags(cmd *cobra.Command, cfg *config.MicroshiftConfig) { flags.String("cluster-cidr", cfg.Cluster.ClusterCIDR, "The IP range in CIDR notation for pods in the cluster.") flags.String("service-cidr", cfg.Cluster.ServiceCIDR, "The IP range in CIDR notation for services in the cluster.") flags.String("service-node-port-range", cfg.Cluster.ServiceNodePortRange, "The port range to reserve for services with NodePort visibility. This must not overlap with the ephemeral port range on nodes.") - flags.String("cluster-domain", cfg.Cluster.Domain, "Domain for this cluster.") + flags.String("base-domain", cfg.BaseDomain, "Base domain for this cluster.") } func NewRunMicroshiftCommand() *cobra.Command { @@ -75,7 +75,8 @@ func RunMicroshift(cfg *config.MicroshiftConfig, flags *pflag.FlagSet) error { cfg.Cluster.ClusterCIDR, cfg.Cluster.ServiceCIDR, ".svc", - "."+cfg.Cluster.Domain); err != nil { + ".cluster.local", + "."+cfg.BaseDomain); err != nil { klog.Fatal(err) } diff --git a/pkg/components/render.go b/pkg/components/render.go index 9638ac84e0..5aa52d0cc7 100755 --- a/pkg/components/render.go +++ b/pkg/components/render.go @@ -22,13 +22,13 @@ var templateFuncs = map[string]interface{}{ func renderParamsFromConfig(cfg *config.MicroshiftConfig, extra assets.RenderParams) assets.RenderParams { params := map[string]interface{}{ - "ReleaseImage": release.Image, - "NodeName": cfg.NodeName, - "NodeIP": cfg.NodeIP, - "ClusterCIDR": cfg.Cluster.ClusterCIDR, - "ServiceCIDR": cfg.Cluster.ServiceCIDR, - "ClusterDNS": cfg.Cluster.DNS, - "ClusterDomain": cfg.Cluster.Domain, + "ReleaseImage": release.Image, + "NodeName": cfg.NodeName, + "NodeIP": cfg.NodeIP, + "ClusterCIDR": cfg.Cluster.ClusterCIDR, + "ServiceCIDR": cfg.Cluster.ServiceCIDR, + "ClusterDNS": cfg.Cluster.DNS, + "BaseDomain": cfg.BaseDomain, } for k, v := range extra { params[k] = v diff --git a/pkg/config/config.go b/pkg/config/config.go index 143cf911df..49496e9a84 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -50,7 +50,6 @@ type ClusterConfig struct { ServiceCIDR string `json:"serviceCIDR"` ServiceNodePortRange string `json:"serviceNodePortRange"` DNS string `json:"-"` - Domain string `json:"domain"` } type IngressConfig struct { @@ -61,21 +60,22 @@ type IngressConfig struct { type MicroshiftConfig struct { LogVLevel int `json:"logVLevel"` - SubjectAltNames []string `json:"subjectAltNames"` - NodeName string `json:"nodeName"` - NodeIP string `json:"nodeIP"` - - Cluster ClusterConfig `json:"cluster"` + SubjectAltNames []string `json:"subjectAltNames"` + NodeName string `json:"nodeName"` + NodeIP string `json:"nodeIP"` + BaseDomain string `json:"baseDomain"` + Cluster ClusterConfig `json:"cluster"` Ingress IngressConfig `json:"-"` } -// Top level config +// Top level config file type Config struct { NodeName string `json:"nodeName"` NodeIP string `json:"nodeIP"` URL string `json:"url"` Network Network `json:"network"` + ClusterName string `json:"clusterName"` DNS DNS `json:"dns"` Debugging Debugging `json:"debugging"` SubjectAltNames []string `json:"subjectAltNames"` @@ -191,12 +191,12 @@ func NewMicroshiftConfig() *MicroshiftConfig { SubjectAltNames: subjectAltNames, NodeName: nodeName, NodeIP: nodeIP, + BaseDomain: "openshift.example.com", Cluster: ClusterConfig{ URL: "https://127.0.0.1:6443", ClusterCIDR: "10.42.0.0/16", ServiceCIDR: "10.43.0.0/16", ServiceNodePortRange: "30000-32767", - Domain: "cluster.local", }, } } @@ -345,7 +345,7 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { c.Cluster.ServiceNodePortRange = config.Network.ServiceNodePortRange } if config.DNS.BaseDomain != "" { - c.Cluster.Domain = config.DNS.BaseDomain + c.BaseDomain = config.DNS.BaseDomain } if len(config.SubjectAltNames) > 0 { c.SubjectAltNames = config.SubjectAltNames @@ -386,8 +386,8 @@ func (c *MicroshiftConfig) ReadFromCmdLine(flags *pflag.FlagSet) error { if s, err := flags.GetString("service-node-port-range"); err == nil && flags.Changed("service-node-port-range") { c.Cluster.ServiceNodePortRange = s } - if s, err := flags.GetString("cluster-domain"); err == nil && flags.Changed("cluster-domain") { - c.Cluster.Domain = s + if s, err := flags.GetString("base-domain"); err == nil && flags.Changed("base-domain") { + c.BaseDomain = s } return nil diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index fb6c8e6af0..b1879e0e87 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -62,12 +62,12 @@ func TestCommandLineConfig(t *testing.T) { SubjectAltNames: []string{"node1"}, NodeName: "node1", NodeIP: "1.2.3.4", + BaseDomain: "openshift.example.com", Cluster: ClusterConfig{ URL: "https://1.2.3.4:6443", ClusterCIDR: "10.20.30.40/16", ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", - Domain: "cluster.local", }, }, err: nil, @@ -87,7 +87,7 @@ func TestCommandLineConfig(t *testing.T) { flags.String("cluster-cidr", config.Cluster.ClusterCIDR, "") flags.String("service-cidr", config.Cluster.ServiceCIDR, "") flags.String("service-node-port-range", config.Cluster.ServiceNodePortRange, "") - flags.String("cluster-domain", config.Cluster.Domain, "") + flags.String("base-domain", config.BaseDomain, "") // parse the flags var err error @@ -100,7 +100,7 @@ func TestCommandLineConfig(t *testing.T) { "--cluster-cidr=" + tt.config.Cluster.ClusterCIDR, "--service-cidr=" + tt.config.Cluster.ServiceCIDR, "--service-node-port-range=" + tt.config.Cluster.ServiceNodePortRange, - "--cluster-domain=" + tt.config.Cluster.Domain, + "--base-domain=" + tt.config.BaseDomain, }) if err != nil { t.Errorf("failed to parse command line flags: %s", err) @@ -134,12 +134,12 @@ func TestEnvironmentVariableConfig(t *testing.T) { SubjectAltNames: []string{"node1", "node2"}, NodeName: "node1", NodeIP: "1.2.3.4", + BaseDomain: "openshift.example.com", Cluster: ClusterConfig{ URL: "https://cluster.com:4343/endpoint", ClusterCIDR: "10.20.30.40/16", ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", - Domain: "cluster.local", }, }, err: nil, @@ -151,11 +151,11 @@ func TestEnvironmentVariableConfig(t *testing.T) { {"MICROSHIFT_NODENAME", "node1"}, {"MICROSHIFT_SUBJECTALTNAMES", "node1,node2"}, {"MICROSHIFT_NODEIP", "1.2.3.4"}, + {"MICROSHIFT_BASEDOMAIN", "openshift.example.com"}, {"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"}, {"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"}, {"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"}, {"MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE", "1024-32767"}, - {"MICROSHIFT_CLUSTER_DOMAIN", "cluster.local"}, }, }, { @@ -164,12 +164,12 @@ func TestEnvironmentVariableConfig(t *testing.T) { SubjectAltNames: []string{"node1"}, NodeName: "node1", NodeIP: "1.2.3.4", + BaseDomain: "another.example.com", Cluster: ClusterConfig{ URL: "https://cluster.com:4343/endpoint", ClusterCIDR: "10.20.30.40/16", ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", - Domain: "cluster.local", }, }, err: nil, @@ -181,6 +181,7 @@ func TestEnvironmentVariableConfig(t *testing.T) { {"MICROSHIFT_NODENAME", "node1"}, {"MICROSHIFT_SUBJECTALTNAMES", "node1"}, {"MICROSHIFT_NODEIP", "1.2.3.4"}, + {"MICROSHIFT_BASEDOMAIN", "another.example.com"}, {"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"}, {"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"}, {"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"}, diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index cbf9a7bd36..663d418d98 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -165,7 +165,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) error { APIVersion: "route.openshift.io/v1", Kind: "HostAssignmentAdmissionConfig", }, - Domain: cfg.Cluster.Domain, + Domain: cfg.BaseDomain, }, }, }, diff --git a/pkg/node/kubelet.go b/pkg/node/kubelet.go index b67dddadf6..c08258acd4 100644 --- a/pkg/node/kubelet.go +++ b/pkg/node/kubelet.go @@ -113,7 +113,7 @@ failSwapOn: false volumePluginDir: ` + microshiftDataDir + `/kubelet-plugins/volume/exec clusterDNS: - ` + cfg.Cluster.DNS + ` -clusterDomain: ` + cfg.Cluster.Domain + ` +clusterDomain: cluster.local containerLogMaxSize: 50Mi maxPods: 250 kubeAPIQPS: 50 diff --git a/test/config.yaml b/test/config.yaml index 83950e595b..ed1c176987 100644 --- a/test/config.yaml +++ b/test/config.yaml @@ -11,6 +11,6 @@ network: - '40.30.20.10/16' serviceNodePortRange: 30000-32767 dns: - baseDomain: 'cluster.local' + baseDomain: 'openshift.example.com' debugging: logLevel: 'Debug' From e100d17a790bb56c262bcf76dac13fd42a06808e Mon Sep 17 00:00:00 2001 From: Miguel Angel Ajo Date: Thu, 8 Dec 2022 15:53:50 +0100 Subject: [PATCH 3/5] Apply reviewer comments --- assets/components/openshift-router/deployment.yaml | 4 ++-- docs/howto_config.md | 2 +- pkg/cmd/init.go | 11 ++++++----- pkg/config/config.go | 10 ++++------ pkg/config/config_test.go | 6 +++--- test/config.yaml | 2 +- 6 files changed, 17 insertions(+), 18 deletions(-) diff --git a/assets/components/openshift-router/deployment.yaml b/assets/components/openshift-router/deployment.yaml index 60d3d5ad8b..e2ee338333 100644 --- a/assets/components/openshift-router/deployment.yaml +++ b/assets/components/openshift-router/deployment.yaml @@ -34,7 +34,7 @@ spec: - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME - value: router-default.apps.{{ .BaseDomain }} + value: router-default.apps.microshift.{{ .BaseDomain }} - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES @@ -62,7 +62,7 @@ spec: - name: GRACEFUL_SHUTDOWN_DELAY value: 1s - name: ROUTER_DOMAIN - value: apps.{{ .BaseDomain }} + value: apps.microshift.{{ .BaseDomain }} livenessProbe: httpGet: path: /healthz diff --git a/docs/howto_config.md b/docs/howto_config.md index 908cce4707..006e1a9dc5 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -56,7 +56,7 @@ network: - 10.43.0.0/16 serviceNodePortRange: 30000-32767 dns: - baseDomain: cluster.local + baseDomain: microshift.example.com debugging: logLevel: "Normal" ``` diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index 81056940e7..85d64cea0f 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -214,8 +214,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays, }, Hostnames: []string{ - "router-default.apps." + cfg.BaseDomain, - "*.apps." + cfg.BaseDomain, // wildcard for any additional auto-generated domains + "*.apps.microshift." + cfg.BaseDomain, // wildcard for any additional auto-generated domains }, }, ), @@ -235,9 +234,10 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err Hostnames: append( cfg.SubjectAltNames, cfg.NodeName, - "api."+cfg.BaseDomain, + "api.microshift."+cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain - // but we don't have a ClusterName parameter yet. + // but we don't have a ClusterName parameter yet, using microshift + // for now ), }, ), @@ -278,7 +278,8 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err "openshift.default", "openshift.default.svc", "openshift.default.svc.cluster.local", - "api-int." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + "api.microshift." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + "api-int.microshift." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain apiServerServiceIP.String(), }, }, diff --git a/pkg/config/config.go b/pkg/config/config.go index 49496e9a84..383d010d84 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -44,8 +44,7 @@ var ( ) type ClusterConfig struct { - URL string `json:"url"` - + URL string `json:"url"` ClusterCIDR string `json:"clusterCIDR"` ServiceCIDR string `json:"serviceCIDR"` ServiceNodePortRange string `json:"serviceNodePortRange"` @@ -75,7 +74,6 @@ type Config struct { NodeIP string `json:"nodeIP"` URL string `json:"url"` Network Network `json:"network"` - ClusterName string `json:"clusterName"` DNS DNS `json:"dns"` Debugging Debugging `json:"debugging"` SubjectAltNames []string `json:"subjectAltNames"` @@ -110,8 +108,8 @@ type DNS struct { // baseDomain is the base domain of the cluster. All managed DNS records will // be sub-domains of this base. // - // For example, given the base domain `openshift.example.com`, an API server - // DNS record may be created for `cluster-api.openshift.example.com`. + // For example, given the base domain `microshift.example.com`, an API server + // DNS record may be created for `cluster-api.microshift.example.com`. // // Once set, this field cannot be changed. BaseDomain string `json:"baseDomain"` @@ -191,7 +189,7 @@ func NewMicroshiftConfig() *MicroshiftConfig { SubjectAltNames: subjectAltNames, NodeName: nodeName, NodeIP: nodeIP, - BaseDomain: "openshift.example.com", + BaseDomain: "microshift.example.com", Cluster: ClusterConfig{ URL: "https://127.0.0.1:6443", ClusterCIDR: "10.42.0.0/16", diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index b1879e0e87..6983b000df 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -62,7 +62,7 @@ func TestCommandLineConfig(t *testing.T) { SubjectAltNames: []string{"node1"}, NodeName: "node1", NodeIP: "1.2.3.4", - BaseDomain: "openshift.example.com", + BaseDomain: "microshift.example.com", Cluster: ClusterConfig{ URL: "https://1.2.3.4:6443", ClusterCIDR: "10.20.30.40/16", @@ -134,7 +134,7 @@ func TestEnvironmentVariableConfig(t *testing.T) { SubjectAltNames: []string{"node1", "node2"}, NodeName: "node1", NodeIP: "1.2.3.4", - BaseDomain: "openshift.example.com", + BaseDomain: "microshift.example.com", Cluster: ClusterConfig{ URL: "https://cluster.com:4343/endpoint", ClusterCIDR: "10.20.30.40/16", @@ -151,7 +151,7 @@ func TestEnvironmentVariableConfig(t *testing.T) { {"MICROSHIFT_NODENAME", "node1"}, {"MICROSHIFT_SUBJECTALTNAMES", "node1,node2"}, {"MICROSHIFT_NODEIP", "1.2.3.4"}, - {"MICROSHIFT_BASEDOMAIN", "openshift.example.com"}, + {"MICROSHIFT_BASEDOMAIN", "microshift.example.com"}, {"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"}, {"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"}, {"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"}, diff --git a/test/config.yaml b/test/config.yaml index ed1c176987..e3c22aabc4 100644 --- a/test/config.yaml +++ b/test/config.yaml @@ -11,6 +11,6 @@ network: - '40.30.20.10/16' serviceNodePortRange: 30000-32767 dns: - baseDomain: 'openshift.example.com' + baseDomain: 'microshift.example.com' debugging: logLevel: 'Debug' From 210f0492ba7f2c32068621193703872eb98a6737 Mon Sep 17 00:00:00 2001 From: Miguel Angel Ajo Date: Fri, 9 Dec 2022 12:26:58 +0100 Subject: [PATCH 4/5] Apply comments from reviewers --- assets/components/openshift-router/deployment.yaml | 4 ++-- docs/howto_config.md | 4 ++-- pkg/components/render.go | 1 + pkg/config/config.go | 9 ++++++--- pkg/config/config_test.go | 6 +++--- pkg/controllers/kube-apiserver.go | 2 +- test/config.yaml | 2 +- 7 files changed, 16 insertions(+), 12 deletions(-) diff --git a/assets/components/openshift-router/deployment.yaml b/assets/components/openshift-router/deployment.yaml index e2ee338333..f34ff7a8cf 100644 --- a/assets/components/openshift-router/deployment.yaml +++ b/assets/components/openshift-router/deployment.yaml @@ -34,7 +34,7 @@ spec: - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME - value: router-default.apps.microshift.{{ .BaseDomain }} + value: router-default.apps.{{ .ClusterName }}.{{ .BaseDomain }} - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES @@ -62,7 +62,7 @@ spec: - name: GRACEFUL_SHUTDOWN_DELAY value: 1s - name: ROUTER_DOMAIN - value: apps.microshift.{{ .BaseDomain }} + value: apps.{{ .ClusterName }}.{{ .BaseDomain }} livenessProbe: httpGet: path: /healthz diff --git a/docs/howto_config.md b/docs/howto_config.md index 006e1a9dc5..12b0ecfd53 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -34,7 +34,7 @@ The configuration settings alongside with the supported command line arguments a | cidr (clusterNetwork) | --cluster-cidr | MICROSHIFT_CLUSTER_CLUSTERCIDR | A block of IP addresses from which Pod IP addresses are allocated | serviceNetwork | --service-cidr | MICROSHIFT_CLUSTER_SERVICECIDR | A block of virtual IP addresses for Kubernetes services | serviceNodePortRange | --service-node-port-range | MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE | The port range allowed for Kubernetes services of type NodePort -| baseDomain | --base-domain | MICROSHIFT_BASEDOMAIN | Base DNS domain used to construct fully qualified pod and service domain names +| baseDomain | --base-domain | MICROSHIFT_BASEDOMAIN | Base DNS domain used to construct fully qualified router and API domain names. | url | --url | MICROSHIFT_CLUSTER_URL | URL of the API server for the cluster. | nodeIP | --node-ip | MICROSHIFT_NODEIP | The IP address of the node, defaults to IP of the default route | nodeName | --node-name | MICROSHIFT_NODENAME | The name of the node, defaults to hostname @@ -56,7 +56,7 @@ network: - 10.43.0.0/16 serviceNodePortRange: 30000-32767 dns: - baseDomain: microshift.example.com + baseDomain: example.com debugging: logLevel: "Normal" ``` diff --git a/pkg/components/render.go b/pkg/components/render.go index 5aa52d0cc7..1a79780050 100755 --- a/pkg/components/render.go +++ b/pkg/components/render.go @@ -29,6 +29,7 @@ func renderParamsFromConfig(cfg *config.MicroshiftConfig, extra assets.RenderPar "ServiceCIDR": cfg.Cluster.ServiceCIDR, "ClusterDNS": cfg.Cluster.DNS, "BaseDomain": cfg.BaseDomain, + "ClusterName": config.DefaultClusterName, } for k, v := range extra { params[k] = v diff --git a/pkg/config/config.go b/pkg/config/config.go index 383d010d84..6e61b389d1 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,6 +35,7 @@ const ( defaultManifestDirEtc = "/etc/microshift/manifests" // for files embedded in ostree. i.e. cni/other component customizations defaultManifestDirLib = "/usr/lib/microshift/manifests" + DefaultClusterName = "microshift" ) var ( @@ -108,8 +109,10 @@ type DNS struct { // baseDomain is the base domain of the cluster. All managed DNS records will // be sub-domains of this base. // - // For example, given the base domain `microshift.example.com`, an API server - // DNS record may be created for `cluster-api.microshift.example.com`. + // For example, given the base domain `example.com`, router exposed + // domains will be formed as `*.apps.microshift.example.com` by default, + // and API service will have a DNS entry for `api.microshift.example.com`, + // as well as "api-int.microshift.example.com" for internal k8s API access. // // Once set, this field cannot be changed. BaseDomain string `json:"baseDomain"` @@ -189,7 +192,7 @@ func NewMicroshiftConfig() *MicroshiftConfig { SubjectAltNames: subjectAltNames, NodeName: nodeName, NodeIP: nodeIP, - BaseDomain: "microshift.example.com", + BaseDomain: "example.com", Cluster: ClusterConfig{ URL: "https://127.0.0.1:6443", ClusterCIDR: "10.42.0.0/16", diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 6983b000df..6b0de119ec 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -62,7 +62,7 @@ func TestCommandLineConfig(t *testing.T) { SubjectAltNames: []string{"node1"}, NodeName: "node1", NodeIP: "1.2.3.4", - BaseDomain: "microshift.example.com", + BaseDomain: "example.com", Cluster: ClusterConfig{ URL: "https://1.2.3.4:6443", ClusterCIDR: "10.20.30.40/16", @@ -134,7 +134,7 @@ func TestEnvironmentVariableConfig(t *testing.T) { SubjectAltNames: []string{"node1", "node2"}, NodeName: "node1", NodeIP: "1.2.3.4", - BaseDomain: "microshift.example.com", + BaseDomain: "example.com", Cluster: ClusterConfig{ URL: "https://cluster.com:4343/endpoint", ClusterCIDR: "10.20.30.40/16", @@ -151,7 +151,7 @@ func TestEnvironmentVariableConfig(t *testing.T) { {"MICROSHIFT_NODENAME", "node1"}, {"MICROSHIFT_SUBJECTALTNAMES", "node1,node2"}, {"MICROSHIFT_NODEIP", "1.2.3.4"}, - {"MICROSHIFT_BASEDOMAIN", "microshift.example.com"}, + {"MICROSHIFT_BASEDOMAIN", "example.com"}, {"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"}, {"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"}, {"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"}, diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index 663d418d98..802a75a061 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -165,7 +165,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) error { APIVersion: "route.openshift.io/v1", Kind: "HostAssignmentAdmissionConfig", }, - Domain: cfg.BaseDomain, + Domain: config.DefaultClusterName + "." + cfg.BaseDomain, }, }, }, diff --git a/test/config.yaml b/test/config.yaml index e3c22aabc4..02f0d38f61 100644 --- a/test/config.yaml +++ b/test/config.yaml @@ -11,6 +11,6 @@ network: - '40.30.20.10/16' serviceNodePortRange: 30000-32767 dns: - baseDomain: 'microshift.example.com' + baseDomain: 'example.com' debugging: logLevel: 'Debug' From 9f7fff8332cb25b38763bf78ba157d5a66fa1aaf Mon Sep 17 00:00:00 2001 From: Miguel Angel Ajo Date: Fri, 9 Dec 2022 15:43:36 +0100 Subject: [PATCH 5/5] Use constant for clustername in all places --- pkg/cmd/init.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index 85d64cea0f..51f75cc173 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -234,7 +234,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err Hostnames: append( cfg.SubjectAltNames, cfg.NodeName, - "api.microshift."+cfg.BaseDomain, + "api."+config.DefaultClusterName+"."+cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain // but we don't have a ClusterName parameter yet, using microshift // for now @@ -278,8 +278,8 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err "openshift.default", "openshift.default.svc", "openshift.default.svc.cluster.local", - "api.microshift." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain - "api-int.microshift." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + "api." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + "api-int." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain apiServerServiceIP.String(), }, },