Skip to content

Re-introduce PR#1030 baseDomain patch and add backend logic #1176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 5 commits into from
Dec 9, 2022
Merged

Re-introduce PR#1030 baseDomain patch and add backend logic #1176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d46c74b
Re-introduce PR#1030 baseDomain patch
mangelajo Dec 7, 2022
5147e3f
USHIFT-664 Backend logic to baseDomain
mangelajo Dec 7, 2022
e100d17
Apply reviewer comments
mangelajo Dec 8, 2022
210f049
Apply comments from reviewers
mangelajo Dec 9, 2022
9f7fff8
Use constant for clustername in all places
mangelajo Dec 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions assets/components/openshift-router/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ spec:
- name: ROUTER_ALLOW_WILDCARD_ROUTES
value: "false"
- name: ROUTER_CANONICAL_HOSTNAME
value: router-default.apps.{{ .ClusterDomain }}
value: router-default.apps.{{ .ClusterName }}.{{ .BaseDomain }}
- name: ROUTER_CIPHERS
value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- name: ROUTER_CIPHERSUITES
Expand Down Expand Up @@ -62,7 +62,7 @@ spec:
- name: GRACEFUL_SHUTDOWN_DELAY
value: 1s
- name: ROUTER_DOMAIN
value: apps.{{ .ClusterDomain }}
value: apps.{{ .ClusterName }}.{{ .BaseDomain }}
livenessProbe:
httpGet:
path: /healthz
Expand Down
8 changes: 5 additions & 3 deletions docs/howto_config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,14 @@ subjectAltNames:
nodeName: ""
nodeIP: ""
url: ""
clusterDomain: ""
network:
clusterNetwork:
- cidr: ""
serviceNetwork:
- ""
serviceNodePortRange: ""
dns:
baseDomain: ""
debugging:
logLevel: ""
```
Expand All @@ -33,7 +34,7 @@ The configuration settings alongside with the supported command line arguments a
| cidr (clusterNetwork) | --cluster-cidr | MICROSHIFT_CLUSTER_CLUSTERCIDR | A block of IP addresses from which Pod IP addresses are allocated
| serviceNetwork | --service-cidr | MICROSHIFT_CLUSTER_SERVICECIDR | A block of virtual IP addresses for Kubernetes services
| serviceNodePortRange | --service-node-port-range | MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE | The port range allowed for Kubernetes services of type NodePort
| clusterDomain | --cluster-domain | MICROSHIFT_CLUSTER_DOMAIN | Base DNS domain used to construct fully qualified pod and service domain names
| baseDomain | --base-domain | MICROSHIFT_BASEDOMAIN | Base DNS domain used to construct fully qualified router and API domain names.
| url | --url | MICROSHIFT_CLUSTER_URL | URL of the API server for the cluster.
| nodeIP | --node-ip | MICROSHIFT_NODEIP | The IP address of the node, defaults to IP of the default route
| nodeName | --node-name | MICROSHIFT_NODENAME | The name of the node, defaults to hostname
Expand All @@ -48,13 +49,14 @@ In case `config.yaml` is not provided, the following default settings will be us
nodeName: ""
nodeIP: ""
url: https://127.0.0.1:6443
clusterDomain: cluster.local
network:
clusterNetwork:
- cidr: 10.42.0.0/16
serviceNetwork:
- 10.43.0.0/16
serviceNodePortRange: 30000-32767
dns:
baseDomain: example.com
debugging:
logLevel: "Normal"
```
Expand Down
13 changes: 11 additions & 2 deletions pkg/cmd/init.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err
ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays,
},
Hostnames: []string{
"router-default.apps." + cfg.Cluster.Domain,
"*.apps.microshift." + cfg.BaseDomain, // wildcard for any additional auto-generated domains
Comment thread
fzdarsky marked this conversation as resolved.
},
},
),
Expand All @@ -231,7 +231,14 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err
Name: "kube-external-serving",
ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays,
},
Hostnames: append(cfg.SubjectAltNames, cfg.NodeName),
Hostnames: append(
cfg.SubjectAltNames,
cfg.NodeName,
"api."+config.DefaultClusterName+"."+cfg.BaseDomain,
// TODO: OpenShift actually uses api.$ClusterName.$BaseDomain
// but we don't have a ClusterName parameter yet, using microshift
// for now
),
},
),

Expand Down Expand Up @@ -271,6 +278,8 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err
"openshift.default",
"openshift.default.svc",
"openshift.default.svc.cluster.local",
"api." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain
"api-int." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain
apiServerServiceIP.String(),
},
},
Expand Down
5 changes: 3 additions & 2 deletions pkg/cmd/run.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func addRunFlags(cmd *cobra.Command, cfg *config.MicroshiftConfig) {
flags.String("cluster-cidr", cfg.Cluster.ClusterCIDR, "The IP range in CIDR notation for pods in the cluster.")
flags.String("service-cidr", cfg.Cluster.ServiceCIDR, "The IP range in CIDR notation for services in the cluster.")
flags.String("service-node-port-range", cfg.Cluster.ServiceNodePortRange, "The port range to reserve for services with NodePort visibility. This must not overlap with the ephemeral port range on nodes.")
flags.String("cluster-domain", cfg.Cluster.Domain, "Domain for this cluster.")
flags.String("base-domain", cfg.BaseDomain, "Base domain for this cluster.")
}

func NewRunMicroshiftCommand() *cobra.Command {
Expand Down Expand Up @@ -75,7 +75,8 @@ func RunMicroshift(cfg *config.MicroshiftConfig, flags *pflag.FlagSet) error {
cfg.Cluster.ClusterCIDR,
cfg.Cluster.ServiceCIDR,
".svc",
"."+cfg.Cluster.Domain); err != nil {
".cluster.local",
"."+cfg.BaseDomain); err != nil {
klog.Fatal(err)
}

Expand Down
15 changes: 8 additions & 7 deletions pkg/components/render.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,14 @@ var templateFuncs = map[string]interface{}{

func renderParamsFromConfig(cfg *config.MicroshiftConfig, extra assets.RenderParams) assets.RenderParams {
params := map[string]interface{}{
"ReleaseImage": release.Image,
"NodeName": cfg.NodeName,
"NodeIP": cfg.NodeIP,
"ClusterCIDR": cfg.Cluster.ClusterCIDR,
"ServiceCIDR": cfg.Cluster.ServiceCIDR,
"ClusterDNS": cfg.Cluster.DNS,
"ClusterDomain": cfg.Cluster.Domain,
"ReleaseImage": release.Image,
"NodeName": cfg.NodeName,
"NodeIP": cfg.NodeIP,
"ClusterCIDR": cfg.Cluster.ClusterCIDR,
"ServiceCIDR": cfg.Cluster.ServiceCIDR,
"ClusterDNS": cfg.Cluster.DNS,
"BaseDomain": cfg.BaseDomain,
"ClusterName": config.DefaultClusterName,
}
for k, v := range extra {
params[k] = v
Expand Down
42 changes: 27 additions & 15 deletions pkg/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ const (
defaultManifestDirEtc = "/etc/microshift/manifests"
// for files embedded in ostree. i.e. cni/other component customizations
defaultManifestDirLib = "/usr/lib/microshift/manifests"
DefaultClusterName = "microshift"
)

var (
Expand All @@ -44,13 +45,11 @@ var (
)

type ClusterConfig struct {
URL string `json:"url"`

URL string `json:"url"`
ClusterCIDR string `json:"clusterCIDR"`
ServiceCIDR string `json:"serviceCIDR"`
ServiceNodePortRange string `json:"serviceNodePortRange"`
DNS string `json:"-"`
Domain string `json:"domain"`
Comment thread
mangelajo marked this conversation as resolved.
}

type IngressConfig struct {
Expand All @@ -61,22 +60,22 @@ type IngressConfig struct {
type MicroshiftConfig struct {
LogVLevel int `json:"logVLevel"`

SubjectAltNames []string `json:"subjectAltNames"`
NodeName string `json:"nodeName"`
NodeIP string `json:"nodeIP"`

Cluster ClusterConfig `json:"cluster"`
SubjectAltNames []string `json:"subjectAltNames"`
NodeName string `json:"nodeName"`
NodeIP string `json:"nodeIP"`
BaseDomain string `json:"baseDomain"`
Cluster ClusterConfig `json:"cluster"`

Ingress IngressConfig `json:"-"`
}

// Top level config
// Top level config file
type Config struct {
NodeName string `json:"nodeName"`
NodeIP string `json:"nodeIP"`
URL string `json:"url"`
ClusterDomain string `json:"clusterDomain"`
Network Network `json:"network"`
DNS DNS `json:"dns"`
Comment thread
fzdarsky marked this conversation as resolved.
Debugging Debugging `json:"debugging"`
SubjectAltNames []string `json:"subjectAltNames"`
}
Expand Down Expand Up @@ -106,6 +105,19 @@ type ClusterNetworkEntry struct {
CIDR string `json:"cidr,omitempty"`
}

type DNS struct {
// baseDomain is the base domain of the cluster. All managed DNS records will
// be sub-domains of this base.
//
// For example, given the base domain `example.com`, router exposed
// domains will be formed as `*.apps.microshift.example.com` by default,
// and API service will have a DNS entry for `api.microshift.example.com`,
// as well as "api-int.microshift.example.com" for internal k8s API access.
//
// Once set, this field cannot be changed.
Copy link
Copy Markdown
Contributor

@dhellmann dhellmann Dec 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need another ticket to protect against the value changing?

Copy link
Copy Markdown
Member

@dgrisonnet dgrisonnet Dec 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that this is a comment inherited from the OCP config API: https://github.com/openshift/api/blob/master/config/v1/types_dns.go#L27-L34

We might want to update it if it doesn't apply to MicroShift

Copy link
Copy Markdown
Contributor

@fzdarsky fzdarsky Dec 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does apply to MicroShift, too, I think @dhellmann 's concern was more where/how this is enforced.

Copy link
Copy Markdown
Contributor Author

@mangelajo mangelajo Dec 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to enforce against changes, I agree.

BaseDomain string `json:"baseDomain"`
}

type Debugging struct {
// Valid values are: "Normal", "Debug", "Trace", "TraceAll".
// Defaults to "Normal".
Expand Down Expand Up @@ -180,12 +192,12 @@ func NewMicroshiftConfig() *MicroshiftConfig {
SubjectAltNames: subjectAltNames,
NodeName: nodeName,
NodeIP: nodeIP,
BaseDomain: "example.com",
Cluster: ClusterConfig{
URL: "https://127.0.0.1:6443",
ClusterCIDR: "10.42.0.0/16",
ServiceCIDR: "10.43.0.0/16",
ServiceNodePortRange: "30000-32767",
Domain: "cluster.local",
},
}
}
Expand Down Expand Up @@ -333,8 +345,8 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error {
if config.Network.ServiceNodePortRange != "" {
c.Cluster.ServiceNodePortRange = config.Network.ServiceNodePortRange
}
if config.ClusterDomain != "" {
c.Cluster.Domain = config.ClusterDomain
if config.DNS.BaseDomain != "" {
c.BaseDomain = config.DNS.BaseDomain
}
if len(config.SubjectAltNames) > 0 {
c.SubjectAltNames = config.SubjectAltNames
Expand Down Expand Up @@ -375,8 +387,8 @@ func (c *MicroshiftConfig) ReadFromCmdLine(flags *pflag.FlagSet) error {
if s, err := flags.GetString("service-node-port-range"); err == nil && flags.Changed("service-node-port-range") {
c.Cluster.ServiceNodePortRange = s
}
if s, err := flags.GetString("cluster-domain"); err == nil && flags.Changed("cluster-domain") {
c.Cluster.Domain = s
if s, err := flags.GetString("base-domain"); err == nil && flags.Changed("base-domain") {
c.BaseDomain = s
}

return nil
Expand Down
13 changes: 7 additions & 6 deletions pkg/config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,12 @@ func TestCommandLineConfig(t *testing.T) {
SubjectAltNames: []string{"node1"},
NodeName: "node1",
NodeIP: "1.2.3.4",
BaseDomain: "example.com",
Cluster: ClusterConfig{
URL: "https://1.2.3.4:6443",
ClusterCIDR: "10.20.30.40/16",
ServiceCIDR: "40.30.20.10/16",
ServiceNodePortRange: "1024-32767",
Domain: "cluster.local",
},
},
err: nil,
Expand All @@ -87,7 +87,7 @@ func TestCommandLineConfig(t *testing.T) {
flags.String("cluster-cidr", config.Cluster.ClusterCIDR, "")
flags.String("service-cidr", config.Cluster.ServiceCIDR, "")
flags.String("service-node-port-range", config.Cluster.ServiceNodePortRange, "")
flags.String("cluster-domain", config.Cluster.Domain, "")
flags.String("base-domain", config.BaseDomain, "")

// parse the flags
var err error
Expand All @@ -100,7 +100,7 @@ func TestCommandLineConfig(t *testing.T) {
"--cluster-cidr=" + tt.config.Cluster.ClusterCIDR,
"--service-cidr=" + tt.config.Cluster.ServiceCIDR,
"--service-node-port-range=" + tt.config.Cluster.ServiceNodePortRange,
"--cluster-domain=" + tt.config.Cluster.Domain,
"--base-domain=" + tt.config.BaseDomain,
})
if err != nil {
t.Errorf("failed to parse command line flags: %s", err)
Expand Down Expand Up @@ -134,12 +134,12 @@ func TestEnvironmentVariableConfig(t *testing.T) {
SubjectAltNames: []string{"node1", "node2"},
NodeName: "node1",
NodeIP: "1.2.3.4",
BaseDomain: "example.com",
Cluster: ClusterConfig{
URL: "https://cluster.com:4343/endpoint",
ClusterCIDR: "10.20.30.40/16",
ServiceCIDR: "40.30.20.10/16",
ServiceNodePortRange: "1024-32767",
Domain: "cluster.local",
},
},
err: nil,
Expand All @@ -151,11 +151,11 @@ func TestEnvironmentVariableConfig(t *testing.T) {
{"MICROSHIFT_NODENAME", "node1"},
{"MICROSHIFT_SUBJECTALTNAMES", "node1,node2"},
{"MICROSHIFT_NODEIP", "1.2.3.4"},
{"MICROSHIFT_BASEDOMAIN", "example.com"},
{"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"},
{"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"},
{"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"},
{"MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE", "1024-32767"},
{"MICROSHIFT_CLUSTER_DOMAIN", "cluster.local"},
},
},
{
Expand All @@ -164,12 +164,12 @@ func TestEnvironmentVariableConfig(t *testing.T) {
SubjectAltNames: []string{"node1"},
NodeName: "node1",
NodeIP: "1.2.3.4",
BaseDomain: "another.example.com",
Cluster: ClusterConfig{
URL: "https://cluster.com:4343/endpoint",
ClusterCIDR: "10.20.30.40/16",
ServiceCIDR: "40.30.20.10/16",
ServiceNodePortRange: "1024-32767",
Domain: "cluster.local",
},
},
err: nil,
Expand All @@ -181,6 +181,7 @@ func TestEnvironmentVariableConfig(t *testing.T) {
{"MICROSHIFT_NODENAME", "node1"},
{"MICROSHIFT_SUBJECTALTNAMES", "node1"},
{"MICROSHIFT_NODEIP", "1.2.3.4"},
{"MICROSHIFT_BASEDOMAIN", "another.example.com"},
{"MICROSHIFT_CLUSTER_URL", "https://cluster.com:4343/endpoint"},
{"MICROSHIFT_CLUSTER_CLUSTERCIDR", "10.20.30.40/16"},
{"MICROSHIFT_CLUSTER_SERVICECIDR", "40.30.20.10/16"},
Expand Down
2 changes: 1 addition & 1 deletion pkg/controllers/kube-apiserver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) error {
APIVersion: "route.openshift.io/v1",
Kind: "HostAssignmentAdmissionConfig",
},
Domain: cfg.Cluster.Domain,
Domain: config.DefaultClusterName + "." + cfg.BaseDomain,
},
},
},
Expand Down
2 changes: 1 addition & 1 deletion pkg/node/kubelet.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ failSwapOn: false
volumePluginDir: ` + microshiftDataDir + `/kubelet-plugins/volume/exec
clusterDNS:
- ` + cfg.Cluster.DNS + `
clusterDomain: ` + cfg.Cluster.Domain + `
clusterDomain: cluster.local
containerLogMaxSize: 50Mi
maxPods: 250
kubeAPIQPS: 50
Expand Down
3 changes: 2 additions & 1 deletion test/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ subjectAltNames:
nodeName: node1
nodeIP: '1.2.3.4'
url: https://127.0.0.1:6443
clusterDomain: 'cluster.local'
network:
clusterNetwork:
- cidr: '10.20.30.40/16'
serviceNetwork:
- '40.30.20.10/16'
serviceNodePortRange: 30000-32767
dns:
baseDomain: 'example.com'
debugging:
logLevel: 'Debug'