Integrate Ignition-based OS with helm chart

* Flag to activate integration with kubeadmconfigspec * deactivate containerd registry mirror config for now * alternate location for kube-proxy-configuration.yaml * alternate location for kubeadm.yml
azimuth-cloud · Oct 24, 2023 · 2e5f05c · 2e5f05c
1 parent e8e754f
commit 2e5f05c
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 94 deletions.
diff --git a/charts/openstack-cluster/README.md b/charts/openstack-cluster/README.md
@@ -228,57 +228,8 @@ kubectl --kubeconfig=./kubeconfig.my-cluster get po -A
 
 ## Flatcar
 
-To deploy clusters which use Ignition such as Flatcar, you will need to override the following settings in your local `values.yaml`:
+To deploy clusters which use Ignition such as Flatcar, you will need to override the following setting in your local `values.yaml`:
 
 ```yaml
 ignitionBasedOS: true 
-
-controlPlane.kubeadmConfigSpec.initConfiguration.nodeRegistration.name: ${COREOS_OPENSTACK_HOSTNAME}
-controlPlane.kubeadmConfigSpec.clusterConfiguration.joinConfiguration.nodeRegistration.name: ${COREOS_OPENSTACK_HOSTNAME}
-controlPlane.kubeadmConfigSpec.clusterConfiguration.preKubeadmCommands:
-  - export COREOS_OPENSTACK_HOSTNAME=${COREOS_OPENSTACK_HOSTNAME%.*}
-  - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp
-  - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml
-controlPlane.kubeadmConfigSpec.clusterConfiguration.format: ignition
-controlPlane.kubeadmConfigSpec.clusterConfiguration.ignition:
-  containerLinuxConfig:
-    additionalConfig: |
-      systemd:
-        units:
-        - name: [email protected]
-          enabled: true
-        - name: kubeadm.service
-          enabled: true
-          dropins:
-          - name: 10-flatcar.conf
-            contents: |
-              [Unit]
-              Requires=containerd.service coreos-metadata.service
-              After=containerd.service coreos-metadata.service
-              [Service]
-              EnvironmentFile=/run/metadata/flatcar
-
-nodeGroupDefaults.kubeadmConfigSpec.format: ignition
-nodeGroupDefaults.kubeadmConfigSpec.ignition:
-  containerLinuxConfig:
-    additionalConfig: |
-      systemd:
-        units:
-        - name: [email protected]
-          enabled: true
-        - name: kubeadm.service
-          enabled: true
-          dropins:
-          - name: 10-flatcar.conf
-            contents: |
-              [Unit]
-              Requires=containerd.service coreos-metadata.service
-              After=containerd.service coreos-metadata.service
-              [Service]
-              EnvironmentFile=/run/metadata/flatcar
-nodeGroupDefaults.kubeadmConfigSpec.joinConfiguration.nodeRegistration.name: ${COREOS_OPENSTACK_HOSTNAME}
-nodeGroupDefaults.kubeadmConfigSpec.preKubeadmCommands:
-  - export COREOS_OPENSTACK_HOSTNAME=${COREOS_OPENSTACK_HOSTNAME%.*}
-  - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp
-  - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml
 ```
diff --git a/charts/openstack-cluster/templates/_helpers.tpl b/charts/openstack-cluster/templates/_helpers.tpl
@@ -203,14 +203,15 @@ files:
       # This file is created by the capi-helm-chart to ensure that its parent directory exists
     owner: root:root
     permissions: "0644"
-  - path: /etc/containerd/config.d/containerd-certs.toml
+{{- if not (.Values.ignitionBasedOS | default false) }}
+  - path: /etc/containerd/config.toml
     content: |
-      [plugins]
-        [plugins."io.containerd.grpc.v1.cri".registry]
-        config_path = "/etc/containerd/certs.d"
+      [plugins."io.containerd.grpc.v1.cri".registry]
+      config_path = "/etc/containerd/certs.d"
     owner: root:root
     permissions: "0644"
     append: true
+{{- end }}
 {{- with .Values.registryMirrors }}
 {{- range $registry, $registrySpec := . }}
   - path: /etc/containerd/certs.d/{{ $registry }}/hosts.toml
@@ -276,3 +277,14 @@ Produces the spec for a KubeadmConfig object.
   include "openstack-cluster.mergeConcatMany"
 }}
 {{- end }}
+
+{{/*
+Produces the spec for an Ignition based OS specific KubeadmConfig object conditional on ignitionBasedOS flag being true.
+*/}}
+{{- define "openstack-cluster.ignitionKubeadmConfigSpec" -}}
+{{- $ignitionKubeadmConfigSpec := index . 0 }}
+{{- $ignitionBasedOS := (index . 1 | default false) }}
+{{- if $ignitionBasedOS }}
+{{ $ignitionKubeadmConfigSpec | toYaml }}
+{{- end }}
+{{- end }}
diff --git a/charts/openstack-cluster/templates/control-plane/kubeadm-control-plane.yaml b/charts/openstack-cluster/templates/control-plane/kubeadm-control-plane.yaml
@@ -6,9 +6,13 @@ joinConfiguration: {{ include "openstack-cluster.nodeRegistration.nodeLabels" .
 {{- end }}
 
 {{- define "openstack-cluster.controlplane.kubeadmConfigSpec.kubeProxyConfiguration" -}}
-{{- with .kubeProxyConfiguration }}
+{{- $ctx := index . 0 }}
+{{- $ignitionBasedOS := (index . 1 | default false) }}
+{{- $kubeProxyConfigurationPath := ternary "/etc/kube-proxy-configuration.yaml" "/run/kubeadm/kube-proxy-configuration.yaml" $ignitionBasedOS }}
+{{- $kubeadmPath := ternary "/etc/kubeadm.yml" "/run/kubeadm/kubeadm.yaml" $ignitionBasedOS }}
+{{- with $ctx.kubeProxyConfiguration }}
 files:
-  - path: /run/kubeadm/kube-proxy-configuration.yaml
+  - path: {{ $kubeProxyConfigurationPath }}
     content: |
       ---
       apiVersion: kubeproxy.config.k8s.io/v1alpha1
@@ -17,23 +21,7 @@ files:
     owner: root:root
     permissions: "0644"
 preKubeadmCommands:
-  - cat /run/kubeadm/kube-proxy-configuration.yaml >> /run/kubeadm/kubeadm.yaml
-{{- end }}
-{{- end }}
-
-{{- define "openstack-cluster.controlplane.kubeadmConfigSpec.ignitionKubeProxyConfiguration" -}}
-{{- with .kubeProxyConfiguration }}
-files:
-  - path: /etc/kube-proxy-configuration.yaml
-    content: |
-      ---
-      apiVersion: kubeproxy.config.k8s.io/v1alpha1
-      kind: KubeProxyConfiguration
-      {{- toYaml . | nindent 6 }}
-    owner: root:root
-    permissions: "0644"
-preKubeadmCommands:
-  - cat /etc/kube-proxy-configuration.yaml >> /run/kubeadm.yml
+  - cat {{ $kubeProxyConfigurationPath }} >> {{ $kubeadmPath }}
 {{- end }}
 {{- end }}
 
@@ -63,34 +51,18 @@ spec:
     nodeDrainTimeout: {{ .Values.controlPlane.nodeDrainTimeout }}
     nodeVolumeDetachTimeout: {{ .Values.controlPlane.nodeVolumeDetachTimeout }}
     nodeDeletionTimeout: {{ .Values.controlPlane.nodeDeletionTimeout }}
-  {{- if .Values.ignitionBasedOS }}
-  kubeadmConfigSpec: {{
-    omit
-      (
-        list
-          (include "openstack-cluster.controlplane.kubeadmConfigSpec.nodeLabels" . | fromYaml)
-          (include "openstack-cluster.kubeadmConfigSpec" (list . .Values.controlPlane.kubeadmConfigSpec) | fromYaml) 
-          (include "openstack-cluster.controlplane.kubeadmConfigSpec.ignitionKubeProxyConfiguration" .Values.controlPlane.kubeadmConfigSpec | fromYaml) |
-        include "openstack-cluster.mergeConcatMany" |
-        fromYaml
-      )
-      "kubeProxyConfiguration" |
-    toYaml |
-    nindent 4
-  }}
-  {{- else }}
   kubeadmConfigSpec: {{
     omit
       (
         list
           (include "openstack-cluster.controlplane.kubeadmConfigSpec.nodeLabels" . | fromYaml)
           (include "openstack-cluster.kubeadmConfigSpec" (list . .Values.controlPlane.kubeadmConfigSpec) | fromYaml)
-          (include "openstack-cluster.controlplane.kubeadmConfigSpec.kubeProxyConfiguration" .Values.controlPlane.kubeadmConfigSpec | fromYaml) |
+          (include "openstack-cluster.ignitionKubeadmConfigSpec" (list .Values.ignitionKubeadmConfigSpec .Values.ignitionBasedOS) | fromYaml)
+          (include "openstack-cluster.controlplane.kubeadmConfigSpec.kubeProxyConfiguration" (list .Values.controlPlane.kubeadmConfigSpec .Values.ignitionBasedOS) | fromYaml) |
         include "openstack-cluster.mergeConcatMany" |
         fromYaml
       )
       "kubeProxyConfiguration" |
     toYaml |
     nindent 4
   }}
-  {{- end }}
diff --git a/charts/openstack-cluster/templates/node-group/kubeadm-config-template.yaml b/charts/openstack-cluster/templates/node-group/kubeadm-config-template.yaml
@@ -22,11 +22,14 @@ joinConfiguration: {{ include "openstack-cluster.nodeRegistration.nodeLabels" $n
 {{- define "openstack-cluster.nodegroup.kct.spec" -}}
 {{- $ctx := index . 0 }}
 {{- $nodeGroup := index . 1 }}
+{{- $ignitionBasedOS := ($ctx.Values.ignitionBasedOS | default false) }}
+{{- $ignitionKubeadmConfigSpec := omit $ctx.Values.ignitionKubeadmConfigSpec "initConfiguration" }}
 {{-
   list
     (include "openstack-cluster.nodegroup.kct.spec.nodeLabels" (list $ctx $nodeGroup) | fromYaml)
-    (include "openstack-cluster.kubeadmConfigSpec" (list $ctx $nodeGroup.kubeadmConfigSpec) | fromYaml) |
-  include "openstack-cluster.mergeConcat" |
+    (include "openstack-cluster.kubeadmConfigSpec" (list $ctx $nodeGroup.kubeadmConfigSpec) | fromYaml)
+    (include "openstack-cluster.ignitionKubeadmConfigSpec" (list $ignitionKubeadmConfigSpec $ignitionBasedOS) | fromYaml) |
+  include "openstack-cluster.mergeConcatMany" |
   fromYaml |
   toYaml
 }}

diff --git a/charts/openstack-cluster/values.yaml b/charts/openstack-cluster/values.yaml
@@ -122,7 +122,36 @@ apiServer:
 
 # Set ignition based OS
 # ignitionBasedOS:
-
+# Ignition Based OS specific configuration. 
+ignitionKubeadmConfigSpec:
+  initConfiguration:
+    nodeRegistration:
+      name: ${COREOS_OPENSTACK_HOSTNAME}
+  joinConfiguration:
+    nodeRegistration:
+      name: ${COREOS_OPENSTACK_HOSTNAME}
+  preKubeadmCommands:
+    - export COREOS_OPENSTACK_HOSTNAME=${COREOS_OPENSTACK_HOSTNAME%.*}
+    - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp
+    - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml
+  format: ignition
+  ignition:
+    containerLinuxConfig:
+      additionalConfig: |
+        systemd:
+          units:
+          - name: [email protected]
+            enabled: true
+          - name: kubeadm.service
+            enabled: true
+            dropins:
+            - name: 10-flatcar.conf
+              contents: |
+                [Unit]
+                Requires=containerd.service coreos-metadata.service
+                After=containerd.service coreos-metadata.service
+                [Service]
+                EnvironmentFile=/run/metadata/flatcar
 # Settings for the control plane
 controlPlane:
   # The failure domains to use for control plane nodes