Skip to content

Commit

Permalink
Use dns cluster info from lib common get function
Browse files Browse the repository at this point in the history
Openshift coreDNS creates the domain name using an string
located in dnses.operator.openshift.io. This string can
change in the future, calling lib-common/GetDNSClusterDomain
the responsability of gathering this information correctly
only falls under lib-common intead of all operators.

Depends-on: openstack-k8s-operators/lib-common#580
  • Loading branch information
averdagu committed Dec 2, 2024
1 parent c8ed999 commit e05e973
Show file tree
Hide file tree
Showing 9 changed files with 39 additions and 24 deletions.
9 changes: 4 additions & 5 deletions pkg/openstack/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1"
"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/route"
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
Expand Down Expand Up @@ -58,9 +59,6 @@ const (
// overrides
ooAppSelector = "osctlplane-service"

// ClusterInternalDomain - cluster internal dns domain
ClusterInternalDomain = "cluster.local"

// serviceCertSelector selector passed to cert-manager to set on the service cert secret
serviceCertSelector = "service-cert"

Expand Down Expand Up @@ -209,6 +207,7 @@ func EnsureEndpointConfig(
endpoints := Endpoints{
EndpointDetails: map[service.Endpoint]EndpointDetail{},
}
clusterDomain := clusterdns.GetDNSClusterDomain()

for _, svc := range svcs.Items {
ed := EndpointDetail{
Expand Down Expand Up @@ -316,7 +315,7 @@ func EnsureEndpointConfig(
CertName: ed.Service.TLS.CertName,
Hostnames: []string{
fmt.Sprintf("%s.%s.svc", ed.Name, instance.Namespace),
fmt.Sprintf("%s.%s.svc.%s", ed.Name, instance.Namespace, ClusterInternalDomain),
fmt.Sprintf("%s.%s.svc.%s", ed.Name, instance.Namespace, clusterDomain),
},
Ips: nil,
Annotations: ed.Annotations,
Expand Down Expand Up @@ -366,7 +365,7 @@ func EnsureEndpointConfig(
CertName: ed.Service.TLS.CertName,
Hostnames: []string{
fmt.Sprintf("%s.%s.svc", ed.Name, instance.Namespace),
fmt.Sprintf("%s.%s.svc.%s", ed.Name, instance.Namespace, ClusterInternalDomain),
fmt.Sprintf("%s.%s.svc.%s", ed.Name, instance.Namespace, clusterDomain),
},
Ips: nil,
Annotations: ed.Annotations,
Expand Down
10 changes: 6 additions & 4 deletions pkg/openstack/galera.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"

Expand Down Expand Up @@ -41,6 +42,7 @@ func ReconcileGaleras(

var failures = []string{}
var inprogress = []string{}
clusterDomain := clusterdns.GetDNSClusterDomain()

if instance.Spec.Galera.Templates == nil {
instance.Spec.Galera.Templates = ptr.To(map[string]mariadbv1.GaleraSpecCore{})
Expand All @@ -57,19 +59,19 @@ func ReconcileGaleras(
CertName: fmt.Sprintf("galera-%s-svc", name),
Hostnames: []string{
hostname,
fmt.Sprintf("%s.%s", hostname, ClusterInternalDomain),
fmt.Sprintf("%s.%s", hostname, clusterDomain),
hostnameHeadless,
fmt.Sprintf("%s.%s", hostnameHeadless, ClusterInternalDomain),
fmt.Sprintf("%s.%s", hostnameHeadless, clusterDomain),
fmt.Sprintf("*.%s", hostnameHeadless),
fmt.Sprintf("*.%s.%s", hostnameHeadless, ClusterInternalDomain),
fmt.Sprintf("*.%s.%s", hostnameHeadless, clusterDomain),
},
// Note (dciabrin) from https://github.com/openstack-k8s-operators/openstack-operator/pull/678#issuecomment-1952459166
// the certificate created for galera should populate the 'organization' field,
// otherwise this trip the SST transfer setup done by wsrep_sst_rsync. This will not show
// at the initial deployment because there is no SST involved when the DB is bootstrapped
// as there are no data to be transferred yet.
Subject: &certmgrv1.X509Subject{
Organizations: []string{fmt.Sprintf("%s.%s", instance.Namespace, ClusterInternalDomain)},
Organizations: []string{fmt.Sprintf("%s.%s", instance.Namespace, clusterDomain)},
},
Usages: []certmgrv1.KeyUsage{
"key encipherment",
Expand Down
6 changes: 4 additions & 2 deletions pkg/openstack/memcached.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
memcachedv1 "github.com/openstack-k8s-operators/infra-operator/apis/memcached/v1beta1"
"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"

Expand Down Expand Up @@ -168,14 +169,15 @@ func reconcileMemcached(
tlsCert := ""
if instance.Spec.TLS.PodLevel.Enabled {
Log.Info("Reconciling Memcached TLS", "Memcached.Namespace", instance.Namespace, "Memcached.Name", name)
clusterDomain := clusterdns.GetDNSClusterDomain()
certRequest := certmanager.CertificateRequest{
IssuerName: instance.GetInternalIssuer(),
CertName: fmt.Sprintf("%s-svc", memcached.Name),
Hostnames: []string{
fmt.Sprintf("%s.%s.svc", name, instance.Namespace),
fmt.Sprintf("*.%s.%s.svc", name, instance.Namespace),
fmt.Sprintf("%s.%s.svc.%s", name, instance.Namespace, ClusterInternalDomain),
fmt.Sprintf("*.%s.%s.svc.%s", name, instance.Namespace, ClusterInternalDomain),
fmt.Sprintf("%s.%s.svc.%s", name, instance.Namespace, clusterDomain),
fmt.Sprintf("*.%s.%s.svc.%s", name, instance.Namespace, clusterDomain),
},
Labels: map[string]string{serviceCertSelector: ""},
}
Expand Down
4 changes: 3 additions & 1 deletion pkg/openstack/neutron.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
Expand Down Expand Up @@ -68,13 +69,14 @@ func ReconcileNeutron(ctx context.Context, instance *corev1beta1.OpenStackContro
instance.Spec.Neutron.Template.TLS = neutronAPI.Spec.TLS

serviceName := "neutron"
clusterDomain := clusterdns.GetDNSClusterDomain()
// create ovndb client certificate for neutron
certRequest := certmanager.CertificateRequest{
IssuerName: instance.GetOvnIssuer(),
CertName: fmt.Sprintf("%s-ovndbs", serviceName),
Hostnames: []string{
fmt.Sprintf("%s.%s.svc", serviceName, instance.Namespace),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, "cluster.local"),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, clusterDomain),
},
Ips: nil,
Usages: []certmgrv1.KeyUsage{
Expand Down
6 changes: 4 additions & 2 deletions pkg/openstack/nova.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (

"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
Expand Down Expand Up @@ -273,6 +274,7 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl

// create novncproxy vencrypt cert
if instance.Spec.TLS.PodLevel.Enabled {
clusterDomain := coredns.GetDNSClusterDomain()
serviceName := endpointDetails.EndpointDetails[service.EndpointPublic].Service.Spec.Name
hostname := fmt.Sprintf("%s.%s.svc", serviceName, instance.Namespace)
certRequest := certmanager.CertificateRequest{
Expand All @@ -281,10 +283,10 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl
CommonName: ptr.To(serviceName), // common name has a max length of 64bytes, therefore just set the short name
Hostnames: []string{
hostname,
fmt.Sprintf("%s.%s", hostname, ClusterInternalDomain),
fmt.Sprintf("%s.%s", hostname, clusterDomain),
},
Subject: &certmgrv1.X509Subject{
Organizations: []string{fmt.Sprintf("%s.%s", instance.Namespace, ClusterInternalDomain)},
Organizations: []string{fmt.Sprintf("%s.%s", instance.Namespace, clusterDomain)},
},
Usages: []certmgrv1.KeyUsage{
certmgrv1.UsageKeyEncipherment,
Expand Down
4 changes: 3 additions & 1 deletion pkg/openstack/octavia.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
Expand Down Expand Up @@ -81,6 +82,7 @@ func ReconcileOctavia(ctx context.Context, instance *corev1beta1.OpenStackContro

// preserve any previously set TLS certs, set CA cert
if instance.Spec.TLS.PodLevel.Enabled {
clusterDomain := clusterdns.GetDNSClusterDomain()
instance.Spec.Octavia.Template.OctaviaAPI.TLS = octavia.Spec.OctaviaAPI.TLS

serviceName := "octavia"
Expand All @@ -90,7 +92,7 @@ func ReconcileOctavia(ctx context.Context, instance *corev1beta1.OpenStackContro
CertName: fmt.Sprintf("%s-ovndbs", serviceName),
Hostnames: []string{
fmt.Sprintf("%s.%s.svc", serviceName, instance.Namespace),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, ClusterInternalDomain),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, clusterDomain),
},
Ips: nil,
Usages: []certmgrv1.KeyUsage{
Expand Down
8 changes: 5 additions & 3 deletions pkg/openstack/ovn.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"

"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"

Expand Down Expand Up @@ -73,6 +74,7 @@ func ReconcileOVN(ctx context.Context, instance *corev1beta1.OpenStackControlPla

func ReconcileOVNDbClusters(ctx context.Context, instance *corev1beta1.OpenStackControlPlane, version *corev1beta1.OpenStackVersion, helper *helper.Helper) (bool, error) {
Log := GetLogger(ctx)
dnsSuffix := clusterdns.GetDNSClusterDomain()

OVNDBClustersReady := len(instance.Spec.Ovn.Template.OVNDBCluster) != 0
for name, dbcluster := range instance.Spec.Ovn.Template.OVNDBCluster {
Expand Down Expand Up @@ -111,7 +113,7 @@ func ReconcileOVNDbClusters(ctx context.Context, instance *corev1beta1.OpenStack
// Cert needs to be valid for the individual pods in the statefulset so make this a wildcard cert
Hostnames: []string{
fmt.Sprintf("*.%s.svc", instance.Namespace),
fmt.Sprintf("*.%s.svc.%s", instance.Namespace, ovnv1.DNSSuffix),
fmt.Sprintf("*.%s.svc.%s", instance.Namespace, dnsSuffix),
},
Ips: nil,
Usages: []certmgrv1.KeyUsage{
Expand Down Expand Up @@ -225,7 +227,7 @@ func ReconcileOVNNorthd(ctx context.Context, instance *corev1beta1.OpenStackCont
CertName: fmt.Sprintf("%s-ovndbs", "ovnnorthd"),
Hostnames: []string{
fmt.Sprintf("%s.%s.svc", serviceName, instance.Namespace),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, ovnv1.DNSSuffix),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, dnsSuffix),
},
Ips: nil,
Usages: []certmgrv1.KeyUsage{
Expand Down Expand Up @@ -347,7 +349,7 @@ func ReconcileOVNController(ctx context.Context, instance *corev1beta1.OpenStack
CertName: fmt.Sprintf("%s-ovndbs", "ovncontroller"),
Hostnames: []string{
fmt.Sprintf("%s.%s.svc", serviceName, instance.Namespace),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, ovnv1.DNSSuffix),
fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, dnsSuffix),
},
Ips: nil,
Usages: []certmgrv1.KeyUsage{
Expand Down
8 changes: 5 additions & 3 deletions pkg/openstack/rabbitmq.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
networkv1 "github.com/openstack-k8s-operators/infra-operator/apis/network/v1beta1"
"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/configmap"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
Expand Down Expand Up @@ -259,13 +260,14 @@ func reconcileRabbitMQ(
},
}

clusterDomain := coredns.GetDNSClusterDomain()
hostname := fmt.Sprintf("%s.%s.svc", name, instance.Namespace)
hostnameHeadless := fmt.Sprintf("%s-nodes.%s.svc", name, instance.Namespace)
hostnames := []string{
hostname,
fmt.Sprintf("%s.%s", hostname, ClusterInternalDomain),
fmt.Sprintf("%s.%s", hostname, clusterDomain),
hostnameHeadless,
fmt.Sprintf("%s.%s", hostnameHeadless, ClusterInternalDomain),
fmt.Sprintf("%s.%s", hostnameHeadless, clusterDomain),
}
for i := 0; i < int(*spec.Replicas); i++ {
hostnames = append(hostnames, fmt.Sprintf("%s-server-%d.%s-nodes.%s", name, i, name, instance.Namespace))
Expand All @@ -278,7 +280,7 @@ func reconcileRabbitMQ(
CertName: fmt.Sprintf("%s-svc", rabbitmq.Name),
Hostnames: hostnames,
Subject: &certmgrv1.X509Subject{
Organizations: []string{fmt.Sprintf("%s.%s", rabbitmq.Namespace, ClusterInternalDomain)},
Organizations: []string{fmt.Sprintf("%s.%s", rabbitmq.Namespace, clusterDomain)},
},
Usages: []certmgrv1.KeyUsage{
certmgrv1.UsageKeyEncipherment,
Expand Down
8 changes: 5 additions & 3 deletions pkg/openstack/redis.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
redisv1 "github.com/openstack-k8s-operators/infra-operator/apis/redis/v1beta1"
"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
"github.com/openstack-k8s-operators/lib-common/modules/common/clusterdns"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
Expand Down Expand Up @@ -180,17 +181,18 @@ func reconcileRedis(

tlsCert := ""
if instance.Spec.TLS.PodLevel.Enabled {
clusterDomain := coredns.GetDNSClusterDomain()
certRequest := certmanager.CertificateRequest{
IssuerName: instance.GetInternalIssuer(),
CertName: fmt.Sprintf("%s-svc", redis.Name),
Hostnames: []string{
fmt.Sprintf("redis-%s.%s.svc", name, instance.Namespace),
fmt.Sprintf("*.redis-%s.%s.svc", name, instance.Namespace),
fmt.Sprintf("redis-%s.%s.svc.%s", name, instance.Namespace, ClusterInternalDomain),
fmt.Sprintf("*.redis-%s.%s.svc.%s", name, instance.Namespace, ClusterInternalDomain),
fmt.Sprintf("redis-%s.%s.svc.%s", name, instance.Namespace, clusterDomain),
fmt.Sprintf("*.redis-%s.%s.svc.%s", name, instance.Namespace, clusterDomain),
},
Subject: &certmgrv1.X509Subject{
Organizations: []string{fmt.Sprintf("%s.%s", instance.Namespace, ClusterInternalDomain)},
Organizations: []string{fmt.Sprintf("%s.%s", instance.Namespace, clusterDomain)},
},
Usages: []certmgrv1.KeyUsage{
"key encipherment",
Expand Down

0 comments on commit e05e973

Please sign in to comment.