Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make Control Plane Ingress IP configurable #3415

Merged

Conversation

TeddyAndrieux
Copy link
Collaborator

Component:

'salt', 'tests'

Context:

Being able to choose which IP will be used for Ingress Control Plane, so that user can manage them self HA of this IP through all Control Plane nodes.

Summary:

  • Define Control Plane Ingress IP and Endpoint at a single place
  • Male this Control Plane Ingress IP configurable in the Bootstrap Configuration
  • Some docs and tests for this

Sees: #2381


NOTE: It's only the first part of Control Plane Ingress HA, as we also want to add an optional MetalLB deployment as part of MetalK8s, so that if it's possible in the user environment HA of Control Plane Ingress can be managed by MetalLB directly.

During bootstrap we need an up to date pillar to have all
`mine_function` in the minion pillar before doing a `mine.update`.
Since by default `saltutil.refresh_pillar` is asynchrone just add a
`wait: true` so that this refresh properly wait for the pillar to be
refreshed
@TeddyAndrieux TeddyAndrieux requested a review from a team June 8, 2021 07:59
@bert-e
Copy link
Contributor

bert-e commented Jun 8, 2021

Hello teddyandrieux,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Status report is not available.

@bert-e
Copy link
Contributor

bert-e commented Jun 8, 2021

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

@TeddyAndrieux TeddyAndrieux force-pushed the improvement/refactore-cp-ingress-ep-definition branch from 9e57620 to bb8052a Compare June 8, 2021 08:00
@TeddyAndrieux TeddyAndrieux linked an issue Jun 8, 2021 that may be closed by this pull request
Comment on lines +127 to +137
- cp_ingress_ip_ret: "Error because of banana"
raises: true
result: "Error because of banana"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error happens to me all the time, I'm glad it's tested ! 👍

@NicolasT NicolasT self-requested a review June 8, 2021 08:10
CHANGELOG.md Outdated Show resolved Hide resolved
docs/installation/bootstrap.rst Outdated Show resolved Hide resolved
docs/operation/changing_control_plane_ingress_ip.rst Outdated Show resolved Hide resolved
docs/operation/changing_control_plane_ingress_ip.rst Outdated Show resolved Hide resolved
@TeddyAndrieux TeddyAndrieux force-pushed the improvement/refactore-cp-ingress-ep-definition branch from bb8052a to 4eac18e Compare June 10, 2021 08:44
Copy link
Contributor

@gdemonet gdemonet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few minor changes, most important IMO is the configuration format to build as future-proof as possible.

salt/_modules/metalk8s_network.py Outdated Show resolved Hide resolved
tests/post/steps/test_ui.py Show resolved Hide resolved
Comment on lines +19 to +22
root@bootstrap $ kubectl --kubeconfig=/etc/kubernetes/admin.conf \
get svc -n metalk8s-ingress ingress-nginx-control-plane-controller \
-o=jsonpath='{.spec.externalIPs[0]}{"\n"}'
<the ingress control plane IP>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😢

Copy link
Collaborator Author

@TeddyAndrieux TeddyAndrieux Jun 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's just to check that it's the IP we want, you do not like it ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most of our commands are getting super verbose (same for running a command in the salt-master)... Not saying it's wrong 😉, just that it'd be nice if we could wrap those calls in some kubectl plugin... 😇

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yess I agree

CHANGELOG.md Outdated Show resolved Hide resolved
docs/installation/bootstrap.rst Outdated Show resolved Hide resolved
will sit on a working master Node. The default value for this
Ingress IP is the control plane IP of the Bootstrap node (which means
that if you lose the Bootstrap node, you no longer have access to any
control plane component).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...through the Ingress controller. But some components also listen on host ports directly, no? Especially K8s API, which is useful to access in case of Bootstrap issues.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, but if you lose bootstrap you do not have access to OIDC so access to Kubernetes APIServer (should) do not work as well (if we generated kubeconfig specific to each user 😉)
But agree, I will replace "control plane component" with OIDC and various Control Plane UIs

--kubeconfig=/etc/kubernetes/admin.conf \\
$(kubectl --kubeconfig=/etc/kubernetes/admin.conf get pod \\
-l "app.kubernetes.io/name=salt-master" \\
--namespace=kube-system -o jsonpath='{.items[0].metadata.name}') \\
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-o name?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm right I could use it 🤔
It will have strange behavior if for whatever reason you have multiple salt-master running, maybe better to keep this one for the moment (so that this procedure may be compatible with future Bootstrap HA 😄 😉 )

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haha good point 👌 We'll have to make these commands simpler anyway, so if we change how we deploy things, we don't have to update it in hundreds of places across our docs.

@bert-e
Copy link
Contributor

bert-e commented Jun 17, 2021

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

The following reviewers are expecting changes from the author, or must review again:

Instead of hardcode Control Plane Ingress Endpoint at several places in
the salt states, add a new Salt module to "compute" it and use this salt
module everywhere in our salt states
Instead of hardcode Ingress port in tests and use Bootstrap Control
Plane IP to compute the Control Plane Ingress Endpoint, retrieve it
using the Kubernetes Service
Update the command to retrieve the IP using Kubernetes API and Control
Plane Ingress Service to get the external IP
Make the IP used to reach the UI and other Control Plane components
configurable from Bootstrap config file

Refs: #2381
Move `we are on a multi node cluster` from test registry to conftest, so
that it can be used in other tests
@TeddyAndrieux TeddyAndrieux force-pushed the improvement/refactore-cp-ingress-ep-definition branch from 4eac18e to d3e36a4 Compare June 21, 2021 13:23
gdemonet
gdemonet previously approved these changes Jun 23, 2021
Copy link
Contributor

@gdemonet gdemonet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(minor typos) 🚀

docs/operation/changing_control_plane_ingress_ip.rst Outdated Show resolved Hide resolved
docs/operation/changing_control_plane_ingress_ip.rst Outdated Show resolved Hide resolved
@bert-e
Copy link
Contributor

bert-e commented Jun 23, 2021

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

Add a simple orchestrate and small procedure in the documentation to
change the Control Plane Ingress IP
@TeddyAndrieux TeddyAndrieux force-pushed the improvement/refactore-cp-ingress-ep-definition branch from d3e36a4 to 4fe7cac Compare June 23, 2021 09:16
@TeddyAndrieux
Copy link
Collaborator Author

/approve

@bert-e
Copy link
Contributor

bert-e commented Jun 23, 2021

In the queue

The changeset has received all authorizations and has been added to the
relevant queue(s). The queue(s) will be merged in the target development
branch(es) as soon as builds have passed.

The changeset will be merged in:

  • ✔️ development/2.10

The following branches will NOT be impacted:

  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6
  • development/2.7
  • development/2.8
  • development/2.9

There is no action required on your side. You will be notified here once
the changeset has been merged. In the unlikely event that the changeset
fails permanently on the queue, a member of the admin team will
contact you to help resolve the matter.

IMPORTANT

Please do not attempt to modify this pull request.

  • Any commit you add on the source branch will trigger a new cycle after the
    current queue is merged.
  • Any commit you add on one of the integration branches will be lost.

If you need this pull request to be removed from the queue, please contact a
member of the admin team now.

The following options are set: approve

@bert-e
Copy link
Contributor

bert-e commented Jun 23, 2021

I have successfully merged the changeset of this pull request
into targetted development branches:

  • ✔️ development/2.10

The following branches have NOT changed:

  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6
  • development/2.7
  • development/2.8
  • development/2.9

Please check the status of the associated issue None.

Goodbye teddyandrieux.

@bert-e bert-e merged commit 5806039 into development/2.10 Jun 23, 2021
@bert-e bert-e deleted the improvement/refactore-cp-ingress-ep-definition branch June 23, 2021 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Control plane Ingress controller is tied to Bootstrap
4 participants