diff --git a/charts/openstack-cluster/README.md b/charts/openstack-cluster/README.md index 9d1c73e1a..6ac92dcf2 100644 --- a/charts/openstack-cluster/README.md +++ b/charts/openstack-cluster/README.md @@ -222,3 +222,63 @@ clusterctl get kubeconfig my-cluster > kubeconfig.my-cluster # Use that kubeconfig to list pods on the workload cluster kubectl --kubeconfig=./kubeconfig.my-cluster get po -A ``` + + + + +## Flatcar + +To deploy clusters which use Ignition such as Flatcar, you will need to override the following settings in your local `values.yaml`: + +```yaml +ignitionBasedOS: true + +controlPlane.kubeadmConfigSpec.initConfiguration.nodeRegistration.name: ${COREOS_OPENSTACK_HOSTNAME} +controlPlane.kubeadmConfigSpec.clusterConfiguration.joinConfiguration.nodeRegistration.name: ${COREOS_OPENSTACK_HOSTNAME} +controlPlane.kubeadmConfigSpec.clusterConfiguration.preKubeadmCommands: + - export COREOS_OPENSTACK_HOSTNAME=${COREOS_OPENSTACK_HOSTNAME%.*} + - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp + - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml +controlPlane.kubeadmConfigSpec.clusterConfiguration.format: ignition +controlPlane.kubeadmConfigSpec.clusterConfiguration.ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: coreos-metadata-sshkeys@.service + enabled: true + - name: kubeadm.service + enabled: true + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + Requires=containerd.service coreos-metadata.service + After=containerd.service coreos-metadata.service + [Service] + EnvironmentFile=/run/metadata/flatcar + +nodeGroupDefaults.kubeadmConfigSpec.format: ignition +nodeGroupDefaults.kubeadmConfigSpec.ignition: + containerLinuxConfig: + additionalConfig: | + systemd: + units: + - name: coreos-metadata-sshkeys@.service + enabled: true + - name: kubeadm.service + enabled: true + dropins: + - name: 10-flatcar.conf + contents: | + [Unit] + Requires=containerd.service coreos-metadata.service + After=containerd.service coreos-metadata.service + [Service] + EnvironmentFile=/run/metadata/flatcar +nodeGroupDefaults.kubeadmConfigSpec.joinConfiguration.nodeRegistration.name: ${COREOS_OPENSTACK_HOSTNAME} +nodeGroupDefaults.kubeadmConfigSpec.preKubeadmCommands: + - export COREOS_OPENSTACK_HOSTNAME=${COREOS_OPENSTACK_HOSTNAME%.*} + - envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp + - mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml +``` diff --git a/charts/openstack-cluster/templates/_helpers.tpl b/charts/openstack-cluster/templates/_helpers.tpl index e29b3dae0..18d7966f0 100644 --- a/charts/openstack-cluster/templates/_helpers.tpl +++ b/charts/openstack-cluster/templates/_helpers.tpl @@ -203,10 +203,11 @@ files: # This file is created by the capi-helm-chart to ensure that its parent directory exists owner: root:root permissions: "0644" - - path: /etc/containerd/config.toml + - path: /etc/containerd/config.d/containerd-certs.toml content: | - [plugins."io.containerd.grpc.v1.cri".registry] - config_path = "/etc/containerd/certs.d" + [plugins] + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/certs.d" owner: root:root permissions: "0644" append: true diff --git a/charts/openstack-cluster/templates/control-plane/kubeadm-control-plane.yaml b/charts/openstack-cluster/templates/control-plane/kubeadm-control-plane.yaml index 704580418..beeeee3d5 100644 --- a/charts/openstack-cluster/templates/control-plane/kubeadm-control-plane.yaml +++ b/charts/openstack-cluster/templates/control-plane/kubeadm-control-plane.yaml @@ -21,6 +21,22 @@ preKubeadmCommands: {{- end }} {{- end }} +{{- define "openstack-cluster.controlplane.kubeadmConfigSpec.ignitionKubeProxyConfiguration" -}} +{{- with .kubeProxyConfiguration }} +files: + - path: /etc/kube-proxy-configuration.yaml + content: | + --- + apiVersion: kubeproxy.config.k8s.io/v1alpha1 + kind: KubeProxyConfiguration + {{- toYaml . | nindent 6 }} + owner: root:root + permissions: "0644" +preKubeadmCommands: + - cat /etc/kube-proxy-configuration.yaml >> /run/kubeadm.yml +{{- end }} +{{- end }} + --- apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane @@ -47,6 +63,22 @@ spec: nodeDrainTimeout: {{ .Values.controlPlane.nodeDrainTimeout }} nodeVolumeDetachTimeout: {{ .Values.controlPlane.nodeVolumeDetachTimeout }} nodeDeletionTimeout: {{ .Values.controlPlane.nodeDeletionTimeout }} + {{- if .Values.ignitionBasedOS }} + kubeadmConfigSpec: {{ + omit + ( + list + (include "openstack-cluster.controlplane.kubeadmConfigSpec.nodeLabels" . | fromYaml) + (include "openstack-cluster.kubeadmConfigSpec" (list . .Values.controlPlane.kubeadmConfigSpec) | fromYaml) + (include "openstack-cluster.controlplane.kubeadmConfigSpec.ignitionKubeProxyConfiguration" .Values.controlPlane.kubeadmConfigSpec | fromYaml) | + include "openstack-cluster.mergeConcatMany" | + fromYaml + ) + "kubeProxyConfiguration" | + toYaml | + nindent 4 + }} + {{- else }} kubeadmConfigSpec: {{ omit ( @@ -61,3 +93,4 @@ spec: toYaml | nindent 4 }} + {{- end }} diff --git a/charts/openstack-cluster/values.yaml b/charts/openstack-cluster/values.yaml index 196dbafe9..c6611a7ca 100644 --- a/charts/openstack-cluster/values.yaml +++ b/charts/openstack-cluster/values.yaml @@ -115,6 +115,10 @@ apiServer: # The port to use for the API server port: 6443 + +# Set ignition based OS +# ignitionBasedOS: + # Settings for the control plane controlPlane: # The failure domains to use for control plane nodes