diff --git a/pkg/cmd/init.go b/pkg/cmd/init.go index e17d82d73d..2178197549 100644 --- a/pkg/cmd/init.go +++ b/pkg/cmd/init.go @@ -19,6 +19,7 @@ import ( "net" "github.com/openshift/microshift/pkg/config" + "github.com/openshift/microshift/pkg/controllers" "github.com/openshift/microshift/pkg/util" ctrl "k8s.io/kubernetes/pkg/controlplane" @@ -134,14 +135,7 @@ func initCerts(cfg *config.MicroshiftConfig) error { } func initServerConfig(cfg *config.MicroshiftConfig) error { - if err := config.OpenShiftAPIServerConfig(cfg); err != nil { - return err - } - - if err := config.OpenShiftControllerManagerConfig(cfg); err != nil { - return err - } - return nil + return controllers.OpenShiftAPIServerConfig(cfg) } func initKubeconfig(cfg *config.MicroshiftConfig) error { diff --git a/pkg/config/ocp-config.go b/pkg/config/ocp-config.go deleted file mode 100644 index 6319376eb9..0000000000 --- a/pkg/config/ocp-config.go +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright © 2021 Microshift Contributors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -package config - -import ( - "io/ioutil" - "os" - "path/filepath" - "text/template" -) - -// OpenShiftAPIServerConfig creates a config for openshift-apiserver to use -func OpenShiftAPIServerConfig(cfg *MicroshiftConfig) error { - data := []byte(`apiVersion: openshiftcontrolplane.config.openshift.io/v1 -kind: OpenShiftAPIServerConfig -aggregatorConfig: - allowedNames: - - kube-apiserver - - system:kube-apiserver - - kube-apiserver-proxy - - system:kube-apiserver-proxy - - system:openshift-aggregator - - system:admin - extraHeaderPrefixes: - - X-Remote-Extra- - groupHeaders: - - X-Remote-Group - usernameHeaders: - - X-Remote-User -kubeClientConfig: - kubeConfig: ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig -apiServerArguments: - minimal-shutdown-duration: - - 30s - anonymous-auth: - - "false" - authorization-kubeconfig: - - ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig - authentication-kubeconfig: - - ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig - audit-log-format: - - json - audit-log-maxbackup: - - "10" - audit-log-maxsize: - - "100" - authorization-mode: - - Scope - - SystemMasters - - RBAC - - Node -auditConfig: - auditFilePath: "` + cfg.LogDir + `/openshift-apiserver/audit.log" - enabled: true - logFormat: json - maximumFileSizeMegabytes: 100 - maximumRetainedFiles: 10 - policyFile: "` + cfg.DataDir + `/resources/openshift-apiserver/config/policy.yaml" - policyConfiguration: - apiVersion: audit.k8s.io/v1 - kind: Policy - omitStages: - - RequestReceived - rules: - - level: None - resources: - - group: '' - resources: - - events - - level: None - resources: - - group: oauth.openshift.io - resources: - - oauthaccesstokens - - oauthauthorizetokens - - level: None - nonResourceURLs: - - "/api*" - - "/version" - - "/healthz" - userGroups: - - system:authenticated - - system:unauthenticated - - level: Metadata - omitStages: - - RequestReceived -imagePolicyConfig: - internalRegistryHostname: image-registry.openshift-image-registry.svc:5000 -projectConfig: - projectRequestMessage: '' -routingConfig: - subdomain: ` + cfg.Cluster.Domain + ` -servingInfo: - bindAddress: "0.0.0.0:8444" - certFile: ` + cfg.DataDir + `/resources/ocp-apiserver/secrets/tls.crt - keyFile: ` + cfg.DataDir + `/resources/ocp-apiserver/secrets/tls.key - ca: ` + cfg.DataDir + `/certs/ca-bundle/ca-bundle.crt -storageConfig: - urls: - - https://127.0.0.1:2379 - certFile: ` + cfg.DataDir + `/resources/kube-apiserver/secrets/etcd-client/tls.crt - keyFile: ` + cfg.DataDir + `/resources/kube-apiserver/secrets/etcd-client/tls.key - ca: ` + cfg.DataDir + `/certs/ca-bundle/ca-bundle.crt - `) - os.MkdirAll(filepath.Dir(cfg.DataDir+"/resources/openshift-apiserver/config/config.yaml"), os.FileMode(0755)) - return ioutil.WriteFile(cfg.DataDir+"/resources/openshift-apiserver/config/config.yaml", data, 0644) -} - -func OpenShiftControllerManagerConfig(cfg *MicroshiftConfig) error { - configTemplate := template.Must(template.New("controller-manager-config.yaml").Parse(` -apiVersion: openshiftcontrolplane.config.openshift.io/v1 -kind: OpenShiftControllerManagerConfig -kubeClientConfig: - kubeConfig: ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig -servingInfo: - bindAddress: "0.0.0.0:8445" - certFile: ` + cfg.DataDir + `/resources/ocp-controller-manager/secrets/tls.crt - keyFile: ` + cfg.DataDir + `/resources/ocp-controller-manager/secrets/tls.key - clientCA: ` + cfg.DataDir + `/certs/ca-bundle/ca-bundle.crt`)) - - data := struct { //TODO - KubeConfig, BuilderImage, DeployerName, ImageRegistryUrl string - }{ - //KubeConfig: , - BuilderImage: "docker-build", - DeployerName: "docker-build", - ImageRegistryUrl: "image-registry.openshift-image-registry.svc:5000", - } - os.MkdirAll(filepath.Dir(cfg.DataDir+"/resources/openshift-controller-manager/config/config.yaml"), os.FileMode(0755)) - output, err := os.Create(cfg.DataDir + "/resources/openshift-controller-manager/config/config.yaml") - if err != nil { - return err - } - defer output.Close() - - return configTemplate.Execute(output, &data) -} diff --git a/pkg/controllers/ocp-controllers.go b/pkg/controllers/openshift-apiserver.go similarity index 60% rename from pkg/controllers/ocp-controllers.go rename to pkg/controllers/openshift-apiserver.go index 6365dc7d60..55c8bea298 100644 --- a/pkg/controllers/ocp-controllers.go +++ b/pkg/controllers/openshift-apiserver.go @@ -18,9 +18,10 @@ package controllers import ( "context" "fmt" - "io" + "io/ioutil" "net/http" "os" + "path/filepath" "strconv" "time" @@ -32,10 +33,8 @@ import ( "k8s.io/client-go/tools/clientcmd" openshift_apiserver "github.com/openshift/openshift-apiserver/pkg/cmd/openshift-apiserver" - openshift_controller_manager "github.com/openshift/openshift-controller-manager/pkg/cmd/openshift-controller-manager" "github.com/openshift/microshift/pkg/config" - "github.com/openshift/microshift/pkg/util" ) func newOpenshiftApiServerCommand(stopCh <-chan struct{}) *cobra.Command { @@ -151,88 +150,100 @@ func waitForOCPAPIServer(client kubernetes.Interface, timeout time.Duration) err return nil } -func newOpenShiftControllerManagerCommand() *cobra.Command { - cmd := &cobra.Command{ - Use: "openshift-controller-manager", - Short: "Command for the OpenShift Controllers", - Run: func(cmd *cobra.Command, args []string) { - cmd.Help() - os.Exit(1) - }, - } - start := openshift_controller_manager.NewOpenShiftControllerManagerCommand("start", os.Stdout, os.Stderr) - cmd.AddCommand(start) - return cmd -} - -type OCPControllerManager struct { - ConfigFilePath string - Output io.Writer -} - -const ( - // OCPControllerManager component name - componentOCM = "ocp-controller-manager" -) - -func NewOpenShiftControllerManager(cfg *config.MicroshiftConfig) *OCPControllerManager { - s := &OCPControllerManager{} - s.configure(cfg) - return s -} - -func (s *OCPControllerManager) Name() string { return componentOCM } -func (s *OCPControllerManager) Dependencies() []string { return []string{"kube-apiserver"} } - -func (s *OCPControllerManager) configure(cfg *config.MicroshiftConfig) error { - var configFilePath = cfg.DataDir + "/resources/openshift-controller-manager/config/config.yaml" - - if err := config.OpenShiftControllerManagerConfig(cfg); err != nil { - logrus.Infof("Failed to create a new ocp-controller-manager configuration: %v", err) - return err - } - args := []string{ - "--config=" + configFilePath, - } - - options := openshift_controller_manager.OpenShiftControllerManager{Output: os.Stdout} - options.ConfigFilePath = configFilePath - - cmd := &cobra.Command{ - Use: componentOCM, - Long: componentOCM, - SilenceUsage: true, - RunE: func(cmd *cobra.Command, args []string) error { return nil }, - } - - flags := cmd.Flags() - cmd.SetArgs(args) - flags.StringVar(&options.ConfigFilePath, "config", options.ConfigFilePath, "Location of the master configuration file to run from.") - cmd.MarkFlagFilename("config", "yaml", "yml") - cmd.MarkFlagRequired("config") - - s.ConfigFilePath = options.ConfigFilePath - s.Output = options.Output - - return nil -} - -func (s *OCPControllerManager) Run(ctx context.Context, ready chan<- struct{}, stopped chan<- struct{}) error { - defer close(stopped) - - // run readiness check - go func() { - healthcheckStatus := util.RetryTCPConnection("127.0.0.1", "8445") - if !healthcheckStatus { - logrus.Fatalf("%s failed to start", s.Name()) - } - logrus.Infof("%s is ready", s.Name()) - close(ready) - }() - options := openshift_controller_manager.OpenShiftControllerManager{Output: os.Stdout} - options.ConfigFilePath = s.ConfigFilePath - if err := options.StartControllerManager(); err != nil { - logrus.Fatalf("Failed to start ocp-controller-manager %v", err) - } - return ctx.Err() +func OpenShiftAPIServerConfig(cfg *config.MicroshiftConfig) error { + data := []byte(`apiVersion: openshiftcontrolplane.config.openshift.io/v1 +kind: OpenShiftAPIServerConfig +aggregatorConfig: + allowedNames: + - kube-apiserver + - system:kube-apiserver + - kube-apiserver-proxy + - system:kube-apiserver-proxy + - system:openshift-aggregator + - system:admin + extraHeaderPrefixes: + - X-Remote-Extra- + groupHeaders: + - X-Remote-Group + usernameHeaders: + - X-Remote-User +kubeClientConfig: + kubeConfig: ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig +apiServerArguments: + minimal-shutdown-duration: + - 30s + anonymous-auth: + - "false" + authorization-kubeconfig: + - ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig + authentication-kubeconfig: + - ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig + audit-log-format: + - json + audit-log-maxbackup: + - "10" + audit-log-maxsize: + - "100" + authorization-mode: + - Scope + - SystemMasters + - RBAC + - Node +auditConfig: + auditFilePath: "` + cfg.LogDir + `/openshift-apiserver/audit.log" + enabled: true + logFormat: json + maximumFileSizeMegabytes: 100 + maximumRetainedFiles: 10 + policyFile: "` + cfg.DataDir + `/resources/openshift-apiserver/config/policy.yaml" + policyConfiguration: + apiVersion: audit.k8s.io/v1 + kind: Policy + omitStages: + - RequestReceived + rules: + - level: None + resources: + - group: '' + resources: + - events + - level: None + resources: + - group: oauth.openshift.io + resources: + - oauthaccesstokens + - oauthauthorizetokens + - level: None + nonResourceURLs: + - "/api*" + - "/version" + - "/healthz" + userGroups: + - system:authenticated + - system:unauthenticated + - level: Metadata + omitStages: + - RequestReceived +imagePolicyConfig: + internalRegistryHostname: image-registry.openshift-image-registry.svc:5000 +projectConfig: + projectRequestMessage: '' +routingConfig: + subdomain: ` + cfg.Cluster.Domain + ` +servingInfo: + bindAddress: "0.0.0.0:8444" + certFile: ` + cfg.DataDir + `/resources/ocp-apiserver/secrets/tls.crt + keyFile: ` + cfg.DataDir + `/resources/ocp-apiserver/secrets/tls.key + ca: ` + cfg.DataDir + `/certs/ca-bundle/ca-bundle.crt +storageConfig: + urls: + - https://127.0.0.1:2379 + certFile: ` + cfg.DataDir + `/resources/kube-apiserver/secrets/etcd-client/tls.crt + keyFile: ` + cfg.DataDir + `/resources/kube-apiserver/secrets/etcd-client/tls.key + ca: ` + cfg.DataDir + `/certs/ca-bundle/ca-bundle.crt + `) + + path := filepath.Join(cfg.DataDir, "resources", "openshift-apiserver", "config", "config.yaml") + os.MkdirAll(filepath.Dir(path), os.FileMode(0755)) + return ioutil.WriteFile(path, data, 0644) } diff --git a/pkg/controllers/openshift-controller-manager.go b/pkg/controllers/openshift-controller-manager.go new file mode 100644 index 0000000000..597f0bde5d --- /dev/null +++ b/pkg/controllers/openshift-controller-manager.go @@ -0,0 +1,119 @@ +/* +Copyright © 2021 Microshift Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package controllers + +import ( + "context" + "io" + "io/ioutil" + "os" + "path/filepath" + + "github.com/sirupsen/logrus" + "github.com/spf13/cobra" + + openshift_controller_manager "github.com/openshift/openshift-controller-manager/pkg/cmd/openshift-controller-manager" + + "github.com/openshift/microshift/pkg/config" + "github.com/openshift/microshift/pkg/util" +) + +type OCPControllerManager struct { + ConfigFilePath string + Output io.Writer +} + +const ( + // OCPControllerManager component name + componentOCM = "openshift-controller-manager" +) + +func NewOpenShiftControllerManager(cfg *config.MicroshiftConfig) *OCPControllerManager { + s := &OCPControllerManager{} + s.configure(cfg) + return s +} + +func (s *OCPControllerManager) Name() string { return componentOCM } +func (s *OCPControllerManager) Dependencies() []string { return []string{"kube-apiserver"} } + +func (s *OCPControllerManager) configure(cfg *config.MicroshiftConfig) error { + if err := s.writeConfig(cfg); err != nil { + logrus.Fatalf("Failed to write openshift-controller-manager config: %v", err) + } + + var configFilePath = cfg.DataDir + "/resources/openshift-controller-manager/config/config.yaml" + args := []string{ + "--config=" + configFilePath, + } + + options := openshift_controller_manager.OpenShiftControllerManager{Output: os.Stdout} + options.ConfigFilePath = configFilePath + + cmd := &cobra.Command{ + Use: componentOCM, + Long: componentOCM, + SilenceUsage: true, + RunE: func(cmd *cobra.Command, args []string) error { return nil }, + } + + flags := cmd.Flags() + cmd.SetArgs(args) + flags.StringVar(&options.ConfigFilePath, "config", options.ConfigFilePath, "Location of the master configuration file to run from.") + cmd.MarkFlagFilename("config", "yaml", "yml") + cmd.MarkFlagRequired("config") + + s.ConfigFilePath = options.ConfigFilePath + s.Output = options.Output + + return nil +} + +func (s *OCPControllerManager) writeConfig(cfg *config.MicroshiftConfig) error { + data := []byte(`apiVersion: openshiftcontrolplane.config.openshift.io/v1 +kind: OpenShiftControllerManagerConfig +kubeClientConfig: + kubeConfig: ` + cfg.DataDir + `/resources/kubeadmin/kubeconfig +servingInfo: + bindAddress: "0.0.0.0:8445" + certFile: ` + cfg.DataDir + `/resources/ocp-controller-manager/secrets/tls.crt + keyFile: ` + cfg.DataDir + `/resources/ocp-controller-manager/secrets/tls.key + clientCA: ` + cfg.DataDir + `/certs/ca-bundle/ca-bundle.crt`) + + path := filepath.Join(cfg.DataDir, "resources", "openshift-controller-manager", "config", "config.yaml") + os.MkdirAll(filepath.Dir(path), os.FileMode(0755)) + return ioutil.WriteFile(path, data, 0644) +} + +func (s *OCPControllerManager) Run(ctx context.Context, ready chan<- struct{}, stopped chan<- struct{}) error { + defer close(stopped) + + // run readiness check + go func() { + healthcheckStatus := util.RetryTCPConnection("127.0.0.1", "8445") + if !healthcheckStatus { + logrus.Fatalf("%s failed to start", s.Name()) + } + logrus.Infof("%s is ready", s.Name()) + close(ready) + }() + options := openshift_controller_manager.OpenShiftControllerManager{Output: os.Stdout} + options.ConfigFilePath = s.ConfigFilePath + if err := options.StartControllerManager(); err != nil { + logrus.Fatalf("Failed to start openshift-controller-manager %v", err) + } + return ctx.Err() +}