diff --git a/assets/components/openshift-router/deployment.yaml b/assets/components/openshift-router/deployment.yaml index f34ff7a8cf..60d3d5ad8b 100644 --- a/assets/components/openshift-router/deployment.yaml +++ b/assets/components/openshift-router/deployment.yaml @@ -34,7 +34,7 @@ spec: - name: ROUTER_ALLOW_WILDCARD_ROUTES value: "false" - name: ROUTER_CANONICAL_HOSTNAME - value: router-default.apps.{{ .ClusterName }}.{{ .BaseDomain }} + value: router-default.apps.{{ .BaseDomain }} - name: ROUTER_CIPHERS value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - name: ROUTER_CIPHERSUITES @@ -62,7 +62,7 @@ spec: - name: GRACEFUL_SHUTDOWN_DELAY value: 1s - name: ROUTER_DOMAIN - value: apps.{{ .ClusterName }}.{{ .BaseDomain }} + value: apps.{{ .BaseDomain }} livenessProbe: httpGet: path: /healthz diff --git a/docs/howto_config.md b/docs/howto_config.md index 12b0ecfd53..3a4ce60fdb 100644 --- a/docs/howto_config.md +++ b/docs/howto_config.md @@ -10,19 +10,20 @@ The MicroShift configuration file must be located at `~/.microshift/config.yaml` The format of the `config.yaml` configuration file is as follows. ```yaml -subjectAltNames: - - "" -nodeName: "" -nodeIP: "" -url: "" +dns: + baseDomain: "" network: clusterNetwork: - cidr: "" serviceNetwork: - "" serviceNodePortRange: "" -dns: - baseDomain: "" +node: + hostnameOverride: "" + nodeIP: "" +apiServer: + subjectAltNames: + - "" debugging: logLevel: "" ``` @@ -34,10 +35,9 @@ The configuration settings alongside with the supported command line arguments a | cidr (clusterNetwork) | --cluster-cidr | MICROSHIFT_CLUSTER_CLUSTERCIDR | A block of IP addresses from which Pod IP addresses are allocated | serviceNetwork | --service-cidr | MICROSHIFT_CLUSTER_SERVICECIDR | A block of virtual IP addresses for Kubernetes services | serviceNodePortRange | --service-node-port-range | MICROSHIFT_CLUSTER_SERVICENODEPORTRANGE | The port range allowed for Kubernetes services of type NodePort -| baseDomain | --base-domain | MICROSHIFT_BASEDOMAIN | Base DNS domain used to construct fully qualified router and API domain names. -| url | --url | MICROSHIFT_CLUSTER_URL | URL of the API server for the cluster. +| baseDomain | --base-domain | MICROSHIFT_BASEDOMAIN | Base domain of the cluster. All managed DNS records will be sub-domains of this base. | nodeIP | --node-ip | MICROSHIFT_NODEIP | The IP address of the node, defaults to IP of the default route -| nodeName | --node-name | MICROSHIFT_NODENAME | The name of the node, defaults to hostname +| hostnameOverride | --hostname-override | MICROSHIFT_HOSTNAMEOVERRIDE | The name of the node, defaults to hostname | logLevel | --v | MICROSHIFT_LOGVLEVEL | Log verbosity (Normal, Debug, Trace, TraceAll) | subjectAltNames | --subject-alt-names | MICROSHIFT_SUBJECTALTNAMES | Subject Alternative Names for apiserver certificates @@ -46,17 +46,19 @@ The configuration settings alongside with the supported command line arguments a In case `config.yaml` is not provided, the following default settings will be used. ```yaml -nodeName: "" -nodeIP: "" -url: https://127.0.0.1:6443 +dns: + baseDomain: microshift.example.com network: clusterNetwork: - cidr: 10.42.0.0/16 serviceNetwork: - 10.43.0.0/16 serviceNodePortRange: 30000-32767 -dns: - baseDomain: example.com +node: + hostnameOverride: "" + nodeIP: '' +apiServer: + subjectAltNames: [] debugging: logLevel: "Normal" ``` diff --git a/packaging/microshift/config.yaml b/packaging/microshift/config.yaml index 71df8ed528..a51ce8f498 100644 --- a/packaging/microshift/config.yaml +++ b/packaging/microshift/config.yaml @@ -1,30 +1,31 @@ -# Cluster settings -cluster: +dns: + # Base domain of the cluster. All managed DNS records will be sub-domains of this base. + #baseDomain: microshift.example.com +network: + clusterNetwork: # IP range for use by the cluster - #clusterCIDR: 10.42.0.0/16 - - # Base DNS domain used to construct fully qualified pod and service domain names - #domain: cluster.local + #- cidr: 10.42.0.0/16 + serviceNetwork: # IP range for services in the cluster - #serviceCIDR: 10.43.0.0/16 + #- 10.43.0.0/16 # Node ports allowed for services #serviceNodePortRange: 30000-32767 - # URL of the API server for the cluster - #url: https://127.0.0.1:6443 - -# Log verbosity (0-5) -#logVLevel: 0 - -# The IP of the node (defaults to IP of default route) -#nodeIP: "" +node: + # If non-empty, use this string to identify the node instead of the hostname + #hostnameOverride: '' -# The name of the node (defaults to hostname) -#nodeName: "" + # IP address of the node, passed to the kubelet. + # If not specified, kubelet will use the node's default IP address. + #nodeIP: '' -# The Subject Alternative Names for the external certificates in API server (defaults to hostname -A) -#subjectAltNames: "" +apiServer: + # The Subject Alternative Names for the external certificates in API server (defaults to hostname -A) + #subjectAltNames: [] +debugging: + # Log verbosity ('Normal', 'Debug', 'Trace', 'TraceAll'): + #logLevel: 'Normal' diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index 51f75cc173..f3605f7e52 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -214,7 +214,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err ValidityDays: cryptomaterial.ShortLivedCertificateValidityDays, }, Hostnames: []string{ - "*.apps.microshift." + cfg.BaseDomain, // wildcard for any additional auto-generated domains + "*.apps." + cfg.BaseDomain, // wildcard for any additional auto-generated domains }, }, ), @@ -234,10 +234,7 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err Hostnames: append( cfg.SubjectAltNames, cfg.NodeName, - "api."+config.DefaultClusterName+"."+cfg.BaseDomain, - // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain - // but we don't have a ClusterName parameter yet, using microshift - // for now + "api."+cfg.BaseDomain, ), }, ), @@ -278,8 +275,8 @@ func certSetup(cfg *config.MicroshiftConfig) (*certchains.CertificateChains, err "openshift.default", "openshift.default.svc", "openshift.default.svc.cluster.local", - "api." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain - "api-int." + config.DefaultClusterName + "." + cfg.BaseDomain, // TODO: OpenShift actually uses api.$ClusterName.$BaseDomain + "api." + cfg.BaseDomain, + "api-int." + cfg.BaseDomain, apiServerServiceIP.String(), }, }, diff --git a/pkg/cmd/run.go b/pkg/cmd/run.go index e3ebb96981..2e1e41f54a 100644 --- a/pkg/cmd/run.go +++ b/pkg/cmd/run.go @@ -30,13 +30,12 @@ const ( func addRunFlags(cmd *cobra.Command, cfg *config.MicroshiftConfig) { flags := cmd.Flags() // All other flags will be read after reading both config file and env vars. - flags.String("node-name", cfg.NodeName, "The hostname of the node.") + flags.String("hostname-override", cfg.NodeName, "The name to use to identify this node instead of the hostname.") flags.String("node-ip", cfg.NodeIP, "The IP address of the node.") - flags.String("url", cfg.Cluster.URL, "The URL of the API server.") flags.String("cluster-cidr", cfg.Cluster.ClusterCIDR, "The IP range in CIDR notation for pods in the cluster.") flags.String("service-cidr", cfg.Cluster.ServiceCIDR, "The IP range in CIDR notation for services in the cluster.") flags.String("service-node-port-range", cfg.Cluster.ServiceNodePortRange, "The port range to reserve for services with NodePort visibility. This must not overlap with the ephemeral port range on nodes.") - flags.String("base-domain", cfg.BaseDomain, "Base domain for this cluster.") + flags.String("base-domain", cfg.BaseDomain, "The base domain for this cluster.") } func NewRunMicroshiftCommand() *cobra.Command { diff --git a/pkg/cmd/showConfig.go b/pkg/cmd/showConfig.go index 5490cbe8d7..da5faf1d90 100644 --- a/pkg/cmd/showConfig.go +++ b/pkg/cmd/showConfig.go @@ -48,9 +48,6 @@ func NewShowConfigCommand(ioStreams genericclioptions.IOStreams) *cobra.Command klog.Fatal("logVLevel out of range [0..%d] %d", len(logLevels)-1, cfg.LogVLevel) } userCfg := config.Config{ - NodeName: cfg.NodeName, - NodeIP: cfg.NodeIP, - URL: cfg.Cluster.URL, Network: config.Network{ ClusterNetwork: []config.ClusterNetworkEntry{ {CIDR: cfg.Cluster.ClusterCIDR}, @@ -61,10 +58,16 @@ func NewShowConfigCommand(ioStreams genericclioptions.IOStreams) *cobra.Command DNS: config.DNS{ BaseDomain: cfg.BaseDomain, }, + Node: config.Node{ + HostnameOverride: cfg.NodeName, + NodeIP: cfg.NodeIP, + }, + ApiServer: config.ApiServer{ + SubjectAltNames: cfg.SubjectAltNames, + }, Debugging: config.Debugging{ LogLevel: logLevels[cfg.LogVLevel], }, - SubjectAltNames: cfg.SubjectAltNames, } marshalled, err := yaml.Marshal(userCfg) cmdutil.CheckErr(err) diff --git a/pkg/components/render.go b/pkg/components/render.go index 1a79780050..5aa52d0cc7 100755 --- a/pkg/components/render.go +++ b/pkg/components/render.go @@ -29,7 +29,6 @@ func renderParamsFromConfig(cfg *config.MicroshiftConfig, extra assets.RenderPar "ServiceCIDR": cfg.Cluster.ServiceCIDR, "ClusterDNS": cfg.Cluster.DNS, "BaseDomain": cfg.BaseDomain, - "ClusterName": config.DefaultClusterName, } for k, v := range extra { params[k] = v diff --git a/pkg/config/config.go b/pkg/config/config.go index 6e61b389d1..31db8c64db 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -35,7 +35,6 @@ const ( defaultManifestDirEtc = "/etc/microshift/manifests" // for files embedded in ostree. i.e. cni/other component customizations defaultManifestDirLib = "/usr/lib/microshift/manifests" - DefaultClusterName = "microshift" ) var ( @@ -45,7 +44,7 @@ var ( ) type ClusterConfig struct { - URL string `json:"url"` + URL string `json:"-"` ClusterCIDR string `json:"clusterCIDR"` ServiceCIDR string `json:"serviceCIDR"` ServiceNodePortRange string `json:"serviceNodePortRange"` @@ -71,13 +70,11 @@ type MicroshiftConfig struct { // Top level config file type Config struct { - NodeName string `json:"nodeName"` - NodeIP string `json:"nodeIP"` - URL string `json:"url"` - Network Network `json:"network"` - DNS DNS `json:"dns"` - Debugging Debugging `json:"debugging"` - SubjectAltNames []string `json:"subjectAltNames"` + DNS DNS `json:"dns"` + Network Network `json:"network"` + Node Node `json:"node"` + ApiServer ApiServer `json:"apiServer"` + Debugging Debugging `json:"debugging"` } type Network struct { @@ -110,14 +107,28 @@ type DNS struct { // be sub-domains of this base. // // For example, given the base domain `example.com`, router exposed - // domains will be formed as `*.apps.microshift.example.com` by default, - // and API service will have a DNS entry for `api.microshift.example.com`, - // as well as "api-int.microshift.example.com" for internal k8s API access. + // domains will be formed as `*.apps.example.com` by default, + // and API service will have a DNS entry for `api.example.com`, + // as well as "api-int.example.com" for internal k8s API access. // // Once set, this field cannot be changed. BaseDomain string `json:"baseDomain"` } +type ApiServer struct { + // SubjectAltNames added to API server certs + SubjectAltNames []string `json:"subjectAltNames"` +} + +type Node struct { + // If non-empty, will use this string to identify the node instead of the hostname + HostnameOverride string `json:"hostnameOverride"` + + // IP address of the node, passed to the kubelet. + // If not specified, kubelet will use the node's default IP address. + NodeIP string `json:"nodeIP"` +} + type Debugging struct { // Valid values are: "Normal", "Debug", "Trace", "TraceAll". // Defaults to "Normal". @@ -188,7 +199,7 @@ func NewMicroshiftConfig() *MicroshiftConfig { } return &MicroshiftConfig{ - LogVLevel: 0, + LogVLevel: 2, SubjectAltNames: subjectAltNames, NodeName: nodeName, NodeIP: nodeIP, @@ -327,14 +338,11 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { // Wire new Config type to existing MicroshiftConfig c.LogVLevel = config.GetVerbosity() - if config.NodeName != "" { - c.NodeName = config.NodeName - } - if config.NodeIP != "" { - c.NodeIP = config.NodeIP + if config.Node.HostnameOverride != "" { + c.NodeName = config.Node.HostnameOverride } - if config.URL != "" { - c.Cluster.URL = config.URL + if config.Node.NodeIP != "" { + c.NodeIP = config.Node.NodeIP } if len(config.Network.ClusterNetwork) != 0 { c.Cluster.ClusterCIDR = config.Network.ClusterNetwork[0].CIDR @@ -348,8 +356,8 @@ func (c *MicroshiftConfig) ReadFromConfigFile(configFile string) error { if config.DNS.BaseDomain != "" { c.BaseDomain = config.DNS.BaseDomain } - if len(config.SubjectAltNames) > 0 { - c.SubjectAltNames = config.SubjectAltNames + if len(config.ApiServer.SubjectAltNames) > 0 { + c.SubjectAltNames = config.ApiServer.SubjectAltNames } return nil @@ -369,15 +377,12 @@ func (c *MicroshiftConfig) ReadFromCmdLine(flags *pflag.FlagSet) error { if s, err := flags.GetStringSlice("subject-alt-names"); err == nil && flags.Changed("subject-alt-names") { c.SubjectAltNames = s } - if s, err := flags.GetString("node-name"); err == nil && flags.Changed("node-name") { + if s, err := flags.GetString("hostname-override"); err == nil && flags.Changed("hostname-override") { c.NodeName = s } if s, err := flags.GetString("node-ip"); err == nil && flags.Changed("node-ip") { c.NodeIP = s } - if s, err := flags.GetString("url"); err == nil && flags.Changed("url") { - c.Cluster.URL = s - } if s, err := flags.GetString("cluster-cidr"); err == nil && flags.Changed("cluster-cidr") { c.Cluster.ClusterCIDR = s } diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 6b0de119ec..45572c3022 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -64,7 +64,7 @@ func TestCommandLineConfig(t *testing.T) { NodeIP: "1.2.3.4", BaseDomain: "example.com", Cluster: ClusterConfig{ - URL: "https://1.2.3.4:6443", + URL: "https://127.0.0.1:6443", ClusterCIDR: "10.20.30.40/16", ServiceCIDR: "40.30.20.10/16", ServiceNodePortRange: "1024-32767", @@ -81,9 +81,8 @@ func TestCommandLineConfig(t *testing.T) { // all other flags unbound (looked up by name) and defaulted flags.Int("v", config.LogVLevel, "") flags.StringSlice("subject-alt-names", config.SubjectAltNames, "") - flags.String("node-name", config.NodeName, "") + flags.String("hostname-override", config.NodeName, "") flags.String("node-ip", config.NodeIP, "") - flags.String("url", config.Cluster.URL, "") flags.String("cluster-cidr", config.Cluster.ClusterCIDR, "") flags.String("service-cidr", config.Cluster.ServiceCIDR, "") flags.String("service-node-port-range", config.Cluster.ServiceNodePortRange, "") @@ -94,9 +93,8 @@ func TestCommandLineConfig(t *testing.T) { err = flags.Parse([]string{ "--v=" + strconv.Itoa(tt.config.LogVLevel), "--subject-alt-names=" + strings.Join(tt.config.SubjectAltNames, ","), - "--node-name=" + tt.config.NodeName, + "--hostname-override=" + tt.config.NodeName, "--node-ip=" + tt.config.NodeIP, - "--url=" + tt.config.Cluster.URL, "--cluster-cidr=" + tt.config.Cluster.ClusterCIDR, "--service-cidr=" + tt.config.Cluster.ServiceCIDR, "--service-node-port-range=" + tt.config.Cluster.ServiceNodePortRange, diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index 194b7c8bf9..6a3075e486 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -165,7 +165,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) error { APIVersion: "route.openshift.io/v1", Kind: "HostAssignmentAdmissionConfig", }, - Domain: "apps." + config.DefaultClusterName + "." + cfg.BaseDomain, + Domain: "apps." + cfg.BaseDomain, }, }, }, diff --git a/pkg/controllers/kube-controller-manager_test.go b/pkg/controllers/kube-controller-manager_test.go index 1613ae57d3..324568c410 100644 --- a/pkg/controllers/kube-controller-manager_test.go +++ b/pkg/controllers/kube-controller-manager_test.go @@ -67,7 +67,7 @@ func TestConfigure(t *testing.T) { "--secure-port=10257", fmt.Sprintf("--service-account-private-key-file=%s", kcmServiceAccountPrivateKeyFile()), "--use-service-account-credentials=true", - "-v=0", + "-v=2", } argsGot := kcm.args diff --git a/scripts/auto-rebase/rebase.sh b/scripts/auto-rebase/rebase.sh index 97f9009649..2afe50b0bf 100755 --- a/scripts/auto-rebase/rebase.sh +++ b/scripts/auto-rebase/rebase.sh @@ -571,7 +571,7 @@ update_manifests() { yq -i '.spec.template.spec.containers[0].env += {"name": "GRACEFUL_SHUTDOWN_DELAY", "value": "1s"}' "${REPOROOT}"/assets/components/openshift-router/deployment.yaml yq -i '.spec.template.spec.containers[0].env += {"name": "ROUTER_DOMAIN", "value": "apps.REPLACE_CLUSTER_DOMAIN"}' "${REPOROOT}"/assets/components/openshift-router/deployment.yaml # 4) Replace MicroShift templating vars (do this last, as yq trips over Go templates) - sed -i 's|REPLACE_CLUSTER_DOMAIN|{{ .ClusterName }}.{{ .BaseDomain }}|g' "${REPOROOT}"/assets/components/openshift-router/deployment.yaml + sed -i 's|REPLACE_CLUSTER_DOMAIN|{{ .BaseDomain }}|g' "${REPOROOT}"/assets/components/openshift-router/deployment.yaml sed -i 's|REPLACE_ROUTER_IMAGE|{{ .ReleaseImage.haproxy_router }}|' "${REPOROOT}"/assets/components/openshift-router/deployment.yaml diff --git a/test/config.yaml b/test/config.yaml index 02f0d38f61..3af330618e 100644 --- a/test/config.yaml +++ b/test/config.yaml @@ -1,9 +1,4 @@ --- -subjectAltNames: - - '1.2.3.40' -nodeName: node1 -nodeIP: '1.2.3.4' -url: https://127.0.0.1:6443 network: clusterNetwork: - cidr: '10.20.30.40/16' @@ -11,6 +6,12 @@ network: - '40.30.20.10/16' serviceNodePortRange: 30000-32767 dns: - baseDomain: 'example.com' + baseDomain: 'microshift.example.com' +node: + hostnameOverride: node1 + nodeIP: '1.2.3.4' +apiServer: + subjectAltNames: + - '1.2.3.40' debugging: logLevel: 'Debug' diff --git a/test/config_bad_subjectaltnames.yaml b/test/config_bad_subjectaltnames.yaml index a6d441f0b4..d5142ec30e 100644 --- a/test/config_bad_subjectaltnames.yaml +++ b/test/config_bad_subjectaltnames.yaml @@ -1,14 +1,19 @@ --- -logVLevel: 4 -subjectAltNames: - - localhost - - '10.43.0.1' - - '1.2.3.4' -nodeName: node1 -nodeIP: '1.2.3.4' -cluster: - url: https://1.2.3.4:6443 - clusterCIDR: '10.20.30.40/16' - serviceCIDR: '40.30.20.10/16' - domain: cluster.local +network: + clusterNetwork: + - cidr: '10.20.30.40/16' + serviceNetwork: + - '40.30.20.10/16' serviceNodePortRange: 30000-32767 +dns: + baseDomain: 'microshift.example.com' +node: + hostnameOverride: node1 + nodeIP: '1.2.3.4' +apiServer: + subjectAltNames: + - localhost + - '10.43.0.1' + - '1.2.3.4' +debugging: + logLevel: 'Debug'