Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Isolated clusters #38

Merged
merged 22 commits into from
Jan 30, 2024
Merged

Isolated clusters #38

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
155768c
Update to g/g 1.26 and all other deps as well
majst01 Jul 14, 2021
1b2a8b4
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Jul 15, 2021
c357792
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Oct 19, 2021
d0d8a8a
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Oct 8, 2022
c0a7c13
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Feb 10, 2023
edf240a
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Apr 11, 2023
a0a9942
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Aug 30, 2023
12f1fab
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Oct 26, 2023
166d8ff
Merge branch 'master' of https://github.com/metal-stack/os-metal-exte…
majst01 Dec 11, 2023
2b5fe83
At least have a start
majst01 Dec 19, 2023
ccb5492
Make it compile
majst01 Jan 8, 2024
967181e
feat: apply network isolation
vknabel Jan 9, 2024
747a0af
feat(networkisolation): docker mirror
vknabel Jan 10, 2024
43c4a84
fix: docker mirror not possible
vknabel Jan 10, 2024
01f3ebe
fix: https-hostname
vknabel Jan 10, 2024
d35abb9
feat: upgrade gepm to use endpoint
vknabel Jan 11, 2024
236004c
fix: bump gepm
vknabel Jan 15, 2024
b1e106b
test: network isolation
vknabel Jan 16, 2024
5112a15
fix: use new image provider config for network isolation
vknabel Jan 16, 2024
4f38b47
refactor: rename marshal
vknabel Jan 29, 2024
60e61be
fix: generated by os-extension-metal
vknabel Jan 29, 2024
756931d
Pin
majst01 Jan 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
126 changes: 104 additions & 22 deletions pkg/generator/ignition/generator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package ignition
import (
"encoding/json"
"fmt"
"strings"
"text/template"

gardenv1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
Expand All @@ -25,7 +26,7 @@ const (
ExecStart=
ExecStart=/usr/bin/containerd --config=/etc/containerd/config.toml
`
containerdConfig = `
containerdBaselineConfig = `
# created by os-extension-metal
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
Expand Down Expand Up @@ -72,6 +73,15 @@ func (t *IgnitionGenerator) Generate(logr logr.Logger, config *generator.Operati
// Therefore we must update ignition to 2.0.0 in the images and transform the gardener config to the ignition config types instead.
func ignitionFromOperatingSystemConfig(config *generator.OperatingSystemConfig) ([]byte, error) {
cfg := types.Config{}

networkIsolation := &metalextensionv1alpha1.NetworkIsolation{}
if config.Object != nil && config.Object.Spec.ProviderConfig != nil {
err := decodeProviderConfig(config.Object.Spec.ProviderConfig, networkIsolation)
if err != nil {
return nil, fmt.Errorf("unable to decode providerConfig")
}
}

cfg.Systemd = types.Systemd{}
for _, u := range config.Units {
contents := string(u.Content)
Expand Down Expand Up @@ -109,6 +119,12 @@ func ignitionFromOperatingSystemConfig(config *generator.OperatingSystemConfig)
cfg.Storage.Files = append(cfg.Storage.Files, ignitionFile)
}

dnsFiles := additionalDNSConfFiles(networkIsolation.DNSServers)
cfg.Storage.Files = append(cfg.Storage.Files, dnsFiles...)

ntpFiles := additionalNTPConfFiles(networkIsolation.NTPServers)
cfg.Storage.Files = append(cfg.Storage.Files, ntpFiles...)

if config.CRI != nil {
cri := config.CRI
if cri.Name == extensionsv1alpha1.CRINameContainerD {
Expand All @@ -123,30 +139,10 @@ func ignitionFromOperatingSystemConfig(config *generator.OperatingSystemConfig)
},
}
cfg.Systemd.Units = append(cfg.Systemd.Units, containerdSystemdService)

containerdConfigFile := types.File{
Path: "/etc/containerd/config.toml",
Filesystem: "root",
Mode: &types.DefaultFileMode,
Contents: types.FileContents{
Inline: containerdConfig,
},
}
cfg.Storage.Files = append(cfg.Storage.Files, containerdConfigFile)
cfg.Storage.Files = append(cfg.Storage.Files, additionalContainterdConfigFile(networkIsolation.RegistryMirrors))
}
}

if config.Object != nil && config.Object.Spec.ProviderConfig != nil {
networkIsolation := &metalextensionv1alpha1.NetworkIsolation{}
// This does not work because NetworkIsolation is not a RuntimeObject because it is missing ObjectMeta and TypeMeta
err := decodeProviderConfig(config.Object.Spec.ProviderConfig, networkIsolation)
if err != nil {
return nil, fmt.Errorf("unable to decode providerConfig")
}

fmt.Printf("networkIsolation:%#v", networkIsolation)
}

outCfg, report := types.Convert(cfg, "", nil)
if report.IsFatal() {
return nil, fmt.Errorf("could not transpile ignition config: %s", report.String())
Expand Down Expand Up @@ -181,3 +177,89 @@ func getGardenerDecoder() runtime.Decoder {
}
return decoder
}

func additionalContainterdConfigFile(mirrors []metalextensionv1alpha1.RegistryMirror) types.File {
containerdConfig := types.File{
Path: "/etc/containerd/config.toml",
Filesystem: "root",
Mode: &types.DefaultFileMode,
Contents: types.FileContents{
Inline: containerdBaselineConfig,
},
}
if len(mirrors) == 0 {
return containerdConfig
}

renderedContent := `# Generated by os-extension-metal
imports = ["/etc/containerd/conf.d/*.toml"]
version = 2

[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
`
for _, m := range mirrors {
for _, of := range m.MirrorOf {
renderedContent += fmt.Sprintf(` [plugins."io.containerd.grpc.v1.cri".registry.mirrors.%q]
majst01 marked this conversation as resolved.
Show resolved Hide resolved
endpoint = [%q]
`, of, m.Hostname)
}
}

containerdConfig.Contents.Inline = renderedContent
return containerdConfig
}

func additionalDNSConfFiles(dnsServers []string) []types.File {
if len(dnsServers) == 0 {
return nil
}
resolveDNS := strings.Join(dnsServers, " ")
systemdResolvedConfd := fmt.Sprintf(`# Generated by os-extension-metal

[Resolve]
DNS=%s
Domain=~.

`, resolveDNS)
resolvConf := "# Generated by gardener-extension-provider-metal\n"
vknabel marked this conversation as resolved.
Show resolved Hide resolved
for _, ip := range dnsServers {
resolvConf += fmt.Sprintf("nameserver %s\n", ip)
}

ulrichSchreiner marked this conversation as resolved.
Show resolved Hide resolved
return []types.File{
{
Path: "/etc/systemd/resolved.conf.d/dns.conf",
Contents: types.FileContents{
Inline: systemdResolvedConfd,
},
},
{
Path: "/etc/resolv.conf",
Contents: types.FileContents{
Inline: resolvConf,
},
},
}
}

func additionalNTPConfFiles(ntpServers []string) []types.File {
if len(ntpServers) == 0 {
return nil
}
ntps := strings.Join(ntpServers, " ")
renderedContent := fmt.Sprintf(`# Generated by os-extension-metal

[Time]
NTP=%s
`, ntps)

return []types.File{
{
Path: "/etc/systemd/timesyncd.conf",
Contents: types.FileContents{
Inline: renderedContent,
},
},
}
}
2 changes: 1 addition & 1 deletion pkg/generator/ignition/generator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func TestIgnitionFromOperatingSystemConfig(t *testing.T) {
Filesystem: "root",
Path: "/etc/containerd/config.toml",
Contents: types.FileContents{
Inline: containerdConfig,
Inline: containerdBaselineConfig,
},
Mode: pointer.Int(0644),
},
Expand Down
Loading