From bfbd0739063ca97b45544534a701f44a91be0656 Mon Sep 17 00:00:00 2001 From: Maxime Dufour Date: Thu, 14 Mar 2024 14:11:29 +0000 Subject: [PATCH 1/2] Expose PublicIp for Node Signed-off-by: Maxime Dufour --- controllers/oscmachine_vm_controller.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/controllers/oscmachine_vm_controller.go b/controllers/oscmachine_vm_controller.go index dae57290d..2f614746b 100644 --- a/controllers/oscmachine_vm_controller.go +++ b/controllers/oscmachine_vm_controller.go @@ -437,6 +437,13 @@ func reconcileVm(ctx context.Context, clusterScope *scope.ClusterScope, machineS Address: *privateIp, }, ) + // Expose Public IP if one is set + if publicIp, ok := vm.GetPublicIpOk(); ok { + addresses = append(addresses, corev1.NodeAddress{ + Type: corev1.NodeExternalIP, + Address: *publicIp, + }) + } machineScope.SetAddresses(addresses) err = vmSvc.AddCcmTag(clusterName, *privateDnsName, vmId) if err != nil { From 2f5fb6e2d5a12be438710306195aac950ee33674 Mon Sep 17 00:00:00 2001 From: Maxime Dufour Date: Thu, 14 Mar 2024 14:20:30 +0000 Subject: [PATCH 2/2] Fix Build Signed-off-by: Maxime Dufour --- example/rke2/ccm-rke2.yaml | 11 +++---- .../rke2/image-builder/script/bootstrap.sh | 15 ++++++++- example/rke2/osc-rke2-clusterctl.yaml | 32 +++++++++---------- 3 files changed, 34 insertions(+), 24 deletions(-) diff --git a/example/rke2/ccm-rke2.yaml b/example/rke2/ccm-rke2.yaml index f4b19c632..4a829bcd3 100644 --- a/example/rke2/ccm-rke2.yaml +++ b/example/rke2/ccm-rke2.yaml @@ -5,8 +5,8 @@ metadata: name: osc-secret namespace: kube-system stringData: - key_id: OSC_ACCESS_KEY - access_key: OSC_SECRET_KEY + key_id: OSC_ACCESS_KEY + access_key: OSC_SECRET_KEY aws_default_region: eu-west-2 aws_availability_zones: MY_AWS_AVAILABILITY_ZONES osc_account_id: MY_OSC_ACCOUNT_ID @@ -26,8 +26,7 @@ spec: valuesContent: |- tolerations: - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - operator: Exists + effect: NoSchedule + operator: Exists - key: node-role.kubernetes.io/etcd - effect: NoExecute - + effect: NoExecute \ No newline at end of file diff --git a/example/rke2/image-builder/script/bootstrap.sh b/example/rke2/image-builder/script/bootstrap.sh index 716b781a7..ef3688043 100644 --- a/example/rke2/image-builder/script/bootstrap.sh +++ b/example/rke2/image-builder/script/bootstrap.sh @@ -1,4 +1,17 @@ -#!/usr/bin/env bash +#!/bin/bash +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -o errexit set -o nounset set -o pipefail diff --git a/example/rke2/osc-rke2-clusterctl.yaml b/example/rke2/osc-rke2-clusterctl.yaml index 82851143d..0b68aee20 100644 --- a/example/rke2/osc-rke2-clusterctl.yaml +++ b/example/rke2/osc-rke2-clusterctl.yaml @@ -1,4 +1,3 @@ - apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: @@ -12,7 +11,7 @@ spec: clusterNetwork: pods: cidrBlocks: - - 192.168.0.0/16 + - 192.168.0.0/16 controlPlaneRef: apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: RKE2ControlPlane @@ -96,7 +95,7 @@ spec: - name: rke2-osc-securitygrouprule-api-kubelet-kw flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.3.0/24" fromPortRange: 10250 toPortRange: 10250 @@ -115,21 +114,21 @@ spec: - name: rke2-osc-securitygrouprule-api-kubelet-kcp flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.4.0/24" fromPortRange: 10250 toPortRange: 10250 - name: rke2-osc-securitygrouprule-kcp-nodeip-kw flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.3.0/24" fromPortRange: 30000 toPortRange: 32767 - name: rke2-osc-securitygrouprule-kcp-nodeip-kcp flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.4.0/24" fromPortRange: 30000 toPortRange: 32767 @@ -157,28 +156,28 @@ spec: - name: rke2-osc-securitygrouprule-api-kw flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.3.0/24" fromPortRange: 6443 toPortRange: 6443 - name: rke2-osc-securitygrouprule-api-kcp flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.4.0/24" fromPortRange: 6443 toPortRange: 6443 - name: rke2-osc-securitygrouprule-etcd flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.4.0/24" fromPortRange: 2378 toPortRange: 2381 - name: rke2-osc-securitygrouprule-kubelet-kcp flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.4.0/24" fromPortRange: 10250 toPortRange: 10252 @@ -191,14 +190,14 @@ spec: - name: rke2-osc-securitygrouprule-kw-nodeip-kw flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.3.0/24" fromPortRange: 30000 toPortRange: 32767 - name: rke2-osc-securitygrouprule-kw-nodeip-kcp flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "10.0.4.0/24" fromPortRange: 30000 toPortRange: 32767 @@ -208,7 +207,7 @@ spec: - name: rke2-osc-securitygrouprule-lb flow: Inbound ipProtocol: tcp -# IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. + # IpRange to authorize access to kubernetes endpoints (kube-apiserver), you must keep it and change it with a CIDR that best suits with your environment. ipRange: "0.0.0.0/0" fromPortRange: 6443 toPortRange: 6443 @@ -273,7 +272,7 @@ spec: name: rke2-osc-control-plane nodeDrainTimeout: 2m preRKE2Commands: - - sudo hostnamectl set-hostname $(curl -s http://169.254.169.254/1.0/meta-data/hostname) + - sudo hostnamectl set-hostname $(curl -s http://169.254.169.254/1.0/meta-data/hostname) replicas: 1 serverConfig: cloudProviderName: external @@ -290,7 +289,7 @@ spec: node: clusterName: rke2-osc image: - name: ubuntu-2204-2204-rke2-v1.27.9-rke2r1 + name: ubuntu-2204-2204-rke2-v1.27.9-rke2r1 keypair: name: rke2-osc deleteKeypair: false @@ -376,7 +375,6 @@ spec: template: spec: preRKE2Commands: - - sudo hostnamectl set-hostname $(curl -s http://169.254.169.254/1.0/meta-data/hostname) + - sudo hostnamectl set-hostname $(curl -s http://169.254.169.254/1.0/meta-data/hostname) agentConfig: version: v1.27.9+rke2r1 -