-
Notifications
You must be signed in to change notification settings - Fork 45
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Salt: Setup the Dex-to-Kubernetes API server integration
This commit adds the following: Add configuration parameters to the APIserver manifest which is required by Dex Define a way to find the Ingress external IP required by Dex config flags If a minion wants to reference the control-plane Ingress by its external IP(in our case the Dex service), it needs to know the control-plane IP of the bootstrap minion (as it is the one used by Salt master when creating the Service). For posterity, we define a helper that should work even during the initial boostrap. Closes: #2010
- Loading branch information
1 parent
1438c94
commit 859be4e
Showing
3 changed files
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
salt/metalk8s/addons/nginx-ingress-control-plane/control-plane-ip.sls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{# This whole block is used to "know" the Ingress external IP used by Dex. | ||
It will be removed once we can have a known LoadBalancer IP for Ingress. #} | ||
{% if '_errors' in pillar.metalk8s.nodes %} | ||
{# Assume this is the bootstrap Node and we haven't an apiserver yet #} | ||
{%- set bootstrap_id = grains.id %} | ||
{%- elif pillar.metalk8s.nodes | length <= 1 %} | ||
{# Only one node (or even, zero) can/should only happen during bootstrap #} | ||
{%- set bootstrap_id = grains.id %} | ||
{%- else %} | ||
{%- set bootstrap_nodes = salt.metalk8s.minions_by_role('bootstrap') %} | ||
{%- if bootstrap_nodes %} | ||
{%- set bootstrap_id = bootstrap_nodes | first %} | ||
{%- else %} | ||
{{ raise('Missing bootstrap node') }} | ||
{%- endif %} | ||
{%- endif %} | ||
|
||
{%- if bootstrap_id is none %} | ||
{{ raise('Missing bootstrap Node in pillar, cannot proceed.') }} | ||
{%- elif bootstrap_id == grains.id %} | ||
{%- set bootstrap_control_plane_ip = grains.metalk8s.control_plane_ip %} | ||
{%- else %} | ||
{%- set bootstrap_control_plane_ip = salt['mine.get'](bootstrap_id, | ||
'control_plane_ip')[bootstrap_id] | ||
%} | ||
{%- endif %} | ||
|
||
{%- set ingress_control_plane = bootstrap_control_plane_ip ~ ':8443' %} | ||
{# (end of Ingress URL retrieval) #} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters