From b964398612791b8585629d8e80470a9c5763ae9a Mon Sep 17 00:00:00 2001 From: lreciomelero Date: Tue, 17 Sep 2024 16:32:50 +0200 Subject: [PATCH] GKE changes --- .../actions/createworker/createworker.go | 22 ++++----- .../create/actions/createworker/gcp.go | 9 ++-- .../create/actions/createworker/provider.go | 47 +++++++++---------- 3 files changed, 38 insertions(+), 40 deletions(-) diff --git a/pkg/cluster/internal/create/actions/createworker/createworker.go b/pkg/cluster/internal/create/actions/createworker/createworker.go index ed7bf4371b..3d991d80ad 100644 --- a/pkg/cluster/internal/create/actions/createworker/createworker.go +++ b/pkg/cluster/internal/create/actions/createworker/createworker.go @@ -96,7 +96,6 @@ var rbacAWSNode string //go:embed files/gcp/coredns_*.yaml var gcpCoreDNSDeploy embed.FS - // NewAction returns a new action for installing default CAPI func NewAction(vaultPassword string, descriptorPath string, moveManagement bool, avoidCreation bool, keosCluster commons.KeosCluster, clusterCredentials commons.ClusterCredentials, clusterConfig *commons.ClusterConfig) actions.Action { return &action{ @@ -536,7 +535,6 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.Start("Preparing nodes in workload cluster 📦") defer ctx.Status.End(false) - if awsEKSEnabled { c = "kubectl -n capa-system rollout restart deployment capa-controller-manager" _, err = commons.ExecuteCommand(n, c, 5, 3) @@ -633,7 +631,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { combinedCoreDNS := combinedCoreDNSContents.String() coreDNSTemplate := "/kind/coredns-configmap.yaml" - coreDNSConfigmap, err := getManifest(a.keosCluster.Spec.InfraProvider, "coredns_configmap.tmpl", majorVersion,a.keosCluster.Spec) + coreDNSConfigmap, err := getManifest(a.keosCluster.Spec.InfraProvider, "coredns_configmap.tmpl", majorVersion, a.keosCluster.Spec) if err != nil { return errors.Wrap(err, "failed to get CoreDNS file") } @@ -676,12 +674,12 @@ func (a *action) Execute(ctx *actions.ActionContext) error { } // Ensure CoreDNS replicas are assigned to different nodes - // once more than 2 control planes or workers are running - c = "kubectl --kubeconfig " + kubeconfigPath + " -n kube-system rollout restart deployment coredns" - _, err = commons.ExecuteCommand(n, c, 3, 5) - if err != nil { - return errors.Wrap(err, "failed to restart coredns deployment") - } + // once more than 2 control planes or workers are running + c = "kubectl --kubeconfig " + kubeconfigPath + " -n kube-system rollout restart deployment coredns" + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to restart coredns deployment") + } // Wait for CoreDNS deployment to be ready c = "kubectl --kubeconfig " + kubeconfigPath + " -n kube-system rollout status deployment coredns" @@ -719,8 +717,8 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.Start("Reconciling the existing Helm charts in workload cluster 🧲") defer ctx.Status.End(false) - - err = reconcileCharts(n, kubeconfigPath, privateParams, a.keosCluster.Spec, chartsList, awsEKSEnabled) + + err = reconcileCharts(n, kubeconfigPath, privateParams, a.keosCluster.Spec, chartsList, awsEKSEnabled || gcpGKEEnabled) if err != nil { return errors.Wrap(err, "failed to reconcile with Flux the existing Helm charts in workload cluster") } @@ -745,7 +743,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { if err != nil { return errors.Wrap(err, "failed to apply tigera-operator egress NetworkPolicy") } - // Allow egress in calico-system namespace + // Allow egress in calico-system namespace c = "kubectl --kubeconfig " + kubeconfigPath + " -n calico-system apply -f " + allowCommonEgressNetPolPath _, err = commons.ExecuteCommand(n, c, 5, 3) if err != nil { diff --git a/pkg/cluster/internal/create/actions/createworker/gcp.go b/pkg/cluster/internal/create/actions/createworker/gcp.go index 49cc2dabd7..558d0f81b7 100644 --- a/pkg/cluster/internal/create/actions/createworker/gcp.go +++ b/pkg/cluster/internal/create/actions/createworker/gcp.go @@ -49,7 +49,6 @@ type GCPBuilder struct { csiNamespace string } - var googleCharts = ChartsDictionary{ Charts: map[string]map[string]map[string]commons.ChartEntry{ "28": { @@ -67,12 +66,14 @@ var googleCharts = ChartsDictionary{ }, }, "30": { - "managed": {}, + "managed": { + "tigera-operator": {Repository: "https://docs.projectcalico.org/charts", Version: "v3.27.3", Namespace: "tigera-operator", Pull: true}, + }, "unmanaged": { // "default" repository defaults to the descriptor Helm repository "gcp-cloud-controller-manager": {Repository: "default", Version: "1.30.0", Namespace: "kube-system", Pull: true}, - "cluster-autoscaler": {Repository: "https://kubernetes.github.io/autoscaler", Version: "9.37.0", Namespace: "kube-system", Pull: false}, - "tigera-operator": {Repository: "https://docs.projectcalico.org/charts", Version: "v3.27.3", Namespace: "tigera-operator", Pull: true}, + "cluster-autoscaler": {Repository: "https://kubernetes.github.io/autoscaler", Version: "9.37.0", Namespace: "kube-system", Pull: false}, + "tigera-operator": {Repository: "https://docs.projectcalico.org/charts", Version: "v3.27.3", Namespace: "tigera-operator", Pull: true}, }, }, }, diff --git a/pkg/cluster/internal/create/actions/createworker/provider.go b/pkg/cluster/internal/create/actions/createworker/provider.go index f0092c10d4..87592f5d4b 100644 --- a/pkg/cluster/internal/create/actions/createworker/provider.go +++ b/pkg/cluster/internal/create/actions/createworker/provider.go @@ -159,7 +159,7 @@ type calicoHelmParams struct { KeosRegUrl string Private bool IsNetPolEngine bool - Annotations map[string]string + Annotations map[string]string } type commonHelmParams struct { @@ -462,7 +462,6 @@ func (p *Provider) deployCertManager(n nodes.Node, keosRegistryUrl string, kubec return nil } - func (p *Provider) deployClusterOperator(n nodes.Node, privateParams PrivateParams, clusterCredentials commons.ClusterCredentials, keosRegistry KeosRegistry, clusterConfig *commons.ClusterConfig, kubeconfigPath string, firstInstallation bool, helmRepoCreds HelmRegistry) error { var c string var err error @@ -686,7 +685,7 @@ func installCalico(n nodes.Node, k string, privateParams PrivateParams, isNetPol KeosRegUrl: privateParams.KeosRegUrl, Private: privateParams.Private, IsNetPolEngine: isNetPolEngine, - Annotations: map[string]string{ + Annotations: map[string]string{ postInstallAnnotation: "var-lib-calico", }, } @@ -890,14 +889,14 @@ func configureFlux(n nodes.Node, k string, privateParams PrivateParams, helmRepo return nil } -func reconcileCharts(n nodes.Node, k string, privateParams PrivateParams, keosClusterSpec commons.KeosSpec, chartsList map[string]commons.ChartEntry, awsEKSEnabled bool) error { +func reconcileCharts(n nodes.Node, k string, privateParams PrivateParams, keosClusterSpec commons.KeosSpec, chartsList map[string]commons.ChartEntry, enabledNetPol bool) error { var c string var err error // Iterate through charts and create Helm repositories and releases for name, entry := range chartsList { // Create fluxHelmReleaseParams for the current entry - fluxHelmReleaseParams := fluxHelmReleaseParams { + fluxHelmReleaseParams := fluxHelmReleaseParams{ ChartRepoRef: "keos", } // Update fluxHelmRepositoryParams if not private @@ -913,7 +912,7 @@ func reconcileCharts(n nodes.Node, k string, privateParams PrivateParams, keosCl fluxHelmReleaseParams.ChartNamespace = entry.Namespace fluxHelmReleaseParams.ChartVersion = entry.Version // tigera-operator-helm-values.yaml is required to install Calico as Network Policy engine - if name == "tigera-operator" && awsEKSEnabled { + if name == "tigera-operator" && enabledNetPol { if err := installCalico(n, k, privateParams, false, true); err != nil { return err } @@ -984,20 +983,20 @@ func configureHelmRelease(n nodes.Node, k string, templatePath string, params fl var defaultHelmReleaseSourceInterval = "1m" completedfluxHelmReleaseParams := struct { - ChartName string + ChartName string ChartNamespace string ChartRepoRef string - ChartVersion string + ChartVersion string HelmReleaseInterval string HelmReleaseRetries int HelmReleaseSourceInterval string }{ - ChartName: params.ChartName, - ChartNamespace: params.ChartNamespace, - ChartRepoRef: params.ChartRepoRef, - ChartVersion: params.ChartVersion, - HelmReleaseInterval: defaultHelmReleaseInterval, - HelmReleaseRetries: defaultHelmReleaseRetries, + ChartName: params.ChartName, + ChartNamespace: params.ChartNamespace, + ChartRepoRef: params.ChartRepoRef, + ChartVersion: params.ChartVersion, + HelmReleaseInterval: defaultHelmReleaseInterval, + HelmReleaseRetries: defaultHelmReleaseRetries, HelmReleaseSourceInterval: defaultHelmReleaseSourceInterval, } @@ -1484,20 +1483,20 @@ func installCorednsPdb(n nodes.Node) error { func pullCharts(n nodes.Node, charts map[string]commons.ChartEntry, keosSpec commons.KeosSpec, clusterCredentials commons.ClusterCredentials) error { for name, chart := range charts { - // Set default repository if needed - if chart.Repository == "default" { - chart.Repository = keosSpec.HelmRepository.URL - } + // Set default repository if needed + if chart.Repository == "default" { + chart.Repository = keosSpec.HelmRepository.URL + } // Check if the chart needs to be pulled if chart.Pull { var c string - if strings.HasPrefix(chart.Repository, "oci://") { - c = "helm pull " + chart.Repository + "/" + name + " --version " + chart.Version + " --untar --untardir /stratio/helm" - } else { - c = "helm pull " + name + " --version " + chart.Version + " --repo " + chart.Repository + " --untar --untardir /stratio/helm" - } + if strings.HasPrefix(chart.Repository, "oci://") { + c = "helm pull " + chart.Repository + "/" + name + " --version " + chart.Version + " --untar --untardir /stratio/helm" + } else { + c = "helm pull " + name + " --version " + chart.Version + " --repo " + chart.Repository + " --untar --untardir /stratio/helm" + } // Add authentication if required - if chart.Repository == keosSpec.HelmRepository.URL && keosSpec.HelmRepository.AuthRequired { + if chart.Repository == keosSpec.HelmRepository.URL && keosSpec.HelmRepository.AuthRequired { if keosSpec.HelmRepository.AuthRequired { c = c + " --username " + clusterCredentials.HelmRepositoryCredentials["User"] + " --password " + clusterCredentials.HelmRepositoryCredentials["Pass"] }