Upgrade to Kubernetes 1.8.5 (#132)

* Upgrade to Kubernetes 1.8.5 This commit upgrades the helm chart and ignition template to use 1.8.5. Currently, this assumes that klusters without version information in the spec are on 1.7.5. All new klusters must provide a version. With 1.8.5 the default behaviour of the Openstack LoadBalancer creation changed. Instead of defaulting to an internal LoadBalancer it now creates an external LB by default. This requires the external network to be configured in the cloud-provider config. Fixes #62 * removes v from versions * fixes logging in case of error while creating kluster struct * uses one version for new klusters only
sapcc · Dec 20, 2017 · 142d149 · 142d149
1 parent 6d03605
commit 142d149
Show file tree

Hide file tree

Showing 18 changed files with 524 additions and 32 deletions.
diff --git a/charts/kube-master/Chart.yaml b/charts/kube-master/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v1
 description: A Helm chart for Kubernetes
 name: kube-master
-version: 0.1.0
+version: 1.8.5-kubernikus.0
diff --git a/charts/kube-master/templates/_openstack.config.tpl b/charts/kube-master/templates/_openstack.config.tpl
@@ -13,6 +13,7 @@ region = {{ .Values.openstack.region }}
 [LoadBalancer]
 lb-version=v2
 subnet-id= {{ required "missing openstack.lbSubnetID" .Values.openstack.lbSubnetID }}
+floating-network-id= {{ required "missing openstack.lbFloatingNetworkID" .Values.openstack.lbFloatingNetworkID }}
 create-monitor = yes
 monitor-delay = 1m
 monitor-timeout = 30s

diff --git a/charts/kube-master/templates/api.yaml b/charts/kube-master/templates/api.yaml
@@ -107,9 +107,9 @@ spec:
             - --authorization-mode=Node,RBAC
             - --cloud-config=/etc/kubernetes/cloudprovider/openstack.config
             - --cloud-provider=openstack
-            - --experimental-bootstrap-token-auth=true
+            - --enable-bootstrap-token-auth=true
+            - --external-hostname={{ required "missing .api.apiserverHost" .Values.api.apiserverHost }}
             - --token-auth-file=/etc/kubernetes/bootstrap/token.csv
-            - --runtime-config=rbac.authorization.k8s.io/v1alpha1,extensions/v1beta1=true,extensions/v1beta1/thirdpartyresources=true
             - --service-cluster-ip-range={{ .Values.serviceCIDR }}
             - --kubelet-preferred-address-types=InternalIP
             #Cert Spratz
@@ -144,7 +144,7 @@ spec:
           resources:
 {{ toYaml .Values.api.resources | indent 12 }}
         - name: wormhole
-          image: sapcc/kubernikus:{{ required ".version missing" .Values.version }}
+          image: sapcc/kubernikus:{{ required ".version.kubernikus missing" .Values.version.kubernikus }}
           args:
             - wormhole
             - server

diff --git a/charts/kube-master/values.yaml b/charts/kube-master/values.yaml
@@ -3,7 +3,7 @@
 # Declare variables to be passed into your templates.
 image:
   repository: quay.io/coreos/hyperkube
-  tag: v1.7.5_coreos.0
+  tag: v1.8.5_coreos.0
   pullPolicy: IfNotPresent
 
 # Settings for the openstack cloudprovider
@@ -15,6 +15,7 @@ openstack: {}
   #projectID:
   #region:
   #lbSubnetID:
+  #lbFloatingNetworkID
   #routerID:
   #region
 
@@ -29,7 +30,10 @@ clusterCIDR: 198.19.0.0/16
 serviceCIDR: 198.18.128.0/17
 advertiseAddress: 198.18.128.1
 #bootstrapToken
-#version:
+
+version:
+# kubernikus:
+  kubernetes: 1.8.5
 
 api:
   replicaCount: 1

diff --git a/pkg/api/handlers/create_cluster.go b/pkg/api/handlers/create_cluster.go
@@ -39,6 +39,14 @@ func (d *createCluster) Handle(params operations.CreateClusterParams, principal
 		}
 	}
 	kluster, err := kubernikus.NewKlusterFactory().KlusterFor(spec)
+	if err != nil {
+		logger.Log(
+			"msg", "failed to create cluster",
+			"kluster", name,
+			"project", principal.Account,
+			"err", err)
+		return NewErrorResponse(&operations.CreateClusterDefault{}, 400, err.Error())
+	}
 
 	kluster.ObjectMeta = metav1.ObjectMeta{
 		Name:        qualifiedName(name, principal.Account),

diff --git a/pkg/api/models/kluster_spec.go b/pkg/api/models/kluster_spec.go
diff --git a/pkg/api/models/openstack_spec.go b/pkg/api/models/openstack_spec.go
diff --git a/pkg/api/spec/embedded_spec.go b/pkg/api/spec/embedded_spec.go
diff --git a/pkg/apis/kubernikus/factory.go b/pkg/apis/kubernikus/factory.go
@@ -8,6 +8,7 @@ import (
 	"github.com/sapcc/kubernikus/pkg/api/spec"
 	"github.com/sapcc/kubernikus/pkg/apis/kubernikus/v1"
 	"github.com/sapcc/kubernikus/pkg/controller/ground/bootstrap/dns"
+	"github.com/sapcc/kubernikus/pkg/util"
 	"github.com/sapcc/kubernikus/pkg/util/ip"
 	"github.com/sapcc/kubernikus/pkg/version"
 )
@@ -74,6 +75,18 @@ func (klusterFactory) KlusterFor(spec models.KlusterSpec) (*v1.Kluster, error) {
 		k.Spec.DNSDomain = dns.DEFAULT_DOMAIN
 	}
 
+	if k.Spec.Version == "" {
+		k.Spec.Version = util.DEFAULT_KUBERNETES_VERSION
+	}
+
+	if k.Spec.Version == "" {
+		k.Spec.Version = util.DEFAULT_KUBERNETES_VERSION
+	}
+
+	if k.Spec.Version != util.DEFAULT_KUBERNETES_VERSION {
+		return nil, fmt.Errorf("Unabled to create cluster. Unsupported Kubernetes version.")
+	}
+
 	if k.ObjectMeta.Name == "" {
 		k.ObjectMeta.Name = spec.Name
 	}

diff --git a/pkg/client/openstack/client.go b/pkg/client/openstack/client.go
@@ -75,8 +75,9 @@ type Project struct {
 }
 
 type Router struct {
-	ID       string
-	Networks []Network
+	ID                string
+	ExternalNetworkID string
+	Networks          []Network
 }
 
 type Network struct {
@@ -312,7 +313,7 @@ func (c *client) GetRouters(project_id string) ([]Router, error) {
 			return false, err
 		}
 		for _, router := range routers {
-			resultRouter := Router{ID: router.ID}
+			resultRouter := Router{ID: router.ID, ExternalNetworkID: router.GatewayInfo.NetworkID}
 			networkIDs, err := getRouterNetworks(networkClient, router.ID)
 			if err != nil {
 				return false, err

diff --git a/pkg/controller/ground.go b/pkg/controller/ground.go
@@ -449,7 +449,8 @@ func (op *GroundControl) requiresOpenstackInfo(kluster *v1.Kluster) bool {
 	return kluster.Spec.Openstack.ProjectID == "" ||
 		kluster.Spec.Openstack.RouterID == "" ||
 		kluster.Spec.Openstack.NetworkID == "" ||
-		kluster.Spec.Openstack.LBSubnetID == ""
+		kluster.Spec.Openstack.LBSubnetID == "" ||
+		kluster.Spec.Openstack.LBFloatingNetworkID == ""
 }
 
 func (op *GroundControl) requiresKubernikusInfo(kluster *v1.Kluster) bool {
@@ -594,6 +595,23 @@ func (op *GroundControl) discoverOpenstackInfo(kluster *v1.Kluster) error {
 		}
 	}
 
+	if floatingNetworkID := copy.Spec.Openstack.LBFloatingNetworkID; floatingNetworkID != "" {
+		if selectedRouter.ExternalNetworkID != "" && floatingNetworkID != selectedRouter.ExternalNetworkID {
+			return fmt.Errorf("External network missmatch. Router is configured with %s but config specifies %s", selectedRouter.ExternalNetworkID, floatingNetworkID)
+		}
+	} else {
+		if selectedRouter.ExternalNetworkID == "" {
+			return fmt.Errorf("Selected router %s doesn't have an external network ID set", selectedRouter.ID)
+		} else {
+			copy.Spec.Openstack.LBFloatingNetworkID = selectedRouter.ExternalNetworkID
+			op.Logger.Log(
+				"msg", "discovered LBFloatingNetworkID",
+				"id", copy.Spec.Openstack.LBFloatingNetworkID,
+				"kluster", kluster.GetName(),
+				"project", kluster.Account())
+		}
+	}
+
 	if securityGroupID := copy.Spec.Openstack.SecurityGroupID; securityGroupID != "" {
 		//TODO: Validate that the securitygroup id exists
 

diff --git a/pkg/templates/ignition.go b/pkg/templates/ignition.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"strings"
 	"text/template"
 
 	"github.com/Masterminds/sprig"
@@ -36,14 +37,24 @@ var Ignition = &ignition{
 	},
 }
 
+func (i *ignition) getIgnitionTemplate(kluster *kubernikusv1.Kluster) string {
+	switch {
+	case strings.HasPrefix(kluster.Spec.Version, "1.8"):
+		return Node_1_8
+	default:
+		return Node_1_7
+	}
+}
+
 func (i *ignition) GenerateNode(kluster *kubernikusv1.Kluster, secret *v1.Secret, logger log.Logger) ([]byte, error) {
 	for _, field := range i.requiredNodeSecrets {
 		if _, ok := secret.Data[field]; !ok {
 			return nil, fmt.Errorf("Field %s missing in secret", field)
 		}
 	}
 
-	tmpl, err := template.New("node").Funcs(sprig.TxtFuncMap()).Parse(Node)
+	ignition := i.getIgnitionTemplate(kluster)
+	tmpl, err := template.New("node").Funcs(sprig.TxtFuncMap()).Parse(ignition)
 	if err != nil {
 		return nil, err
 	}
@@ -65,6 +76,7 @@ func (i *ignition) GenerateNode(kluster *kubernikusv1.Kluster, secret *v1.Secret
 		OpenstackDomain                    string
 		OpenstackRegion                    string
 		OpenstackLBSubnetID                string
+		OpenstackLBFloatingNetworkID       string
 		OpenstackRouterID                  string
 		KubernikusImage                    string
 		KubernikusImageTag                 string
@@ -85,6 +97,7 @@ func (i *ignition) GenerateNode(kluster *kubernikusv1.Kluster, secret *v1.Secret
 		OpenstackDomain:                    string(secret.Data["openstack-domain-name"]),
 		OpenstackRegion:                    string(secret.Data["openstack-region"]),
 		OpenstackLBSubnetID:                kluster.Spec.Openstack.LBSubnetID,
+		OpenstackLBFloatingNetworkID:       kluster.Spec.Openstack.LBFloatingNetworkID,
 		OpenstackRouterID:                  kluster.Spec.Openstack.RouterID,
 		KubernikusImage:                    "sapcc/kubernikus",
 		KubernikusImageTag:                 version.GitCommit,

diff --git a/pkg/templates/ignition_test.go b/pkg/templates/ignition_test.go
@@ -26,8 +26,9 @@ func TestGenerateNode(t *testing.T) {
 			DNSAddress:       "2.2.2.2",
 			DNSDomain:        "cluster.local",
 			Openstack: models.OpenstackSpec{
-				LBSubnetID: "lb-id",
-				RouterID:   "router-id",
+				LBSubnetID:          "lb-id",
+				LBFloatingNetworkID: "lb-fipid",
+				RouterID:            "router-id",
 			},
 		},
 		Status: models.KlusterStatus{

diff --git a/pkg/templates/node.go → pkg/templates/node_1.7.go b/pkg/templates/node.go → pkg/templates/node_1.7.go
@@ -2,7 +2,7 @@
 
 package templates
 
-var Node = `
+var Node_1_7 = `
 passwd:
   users:
     - name:          core