Make Control Plane Ingress IP configurable #3415
Conversation
During bootstrap we need an up to date pillar to have all `mine_function` in the minion pillar before doing a `mine.update`. Since by default `saltutil.refresh_pillar` is asynchrone just add a `wait: true` so that this refresh properly wait for the pillar to be refreshed
Hello teddyandrieux,My role is to assist you with the merge of this Status report is not available. |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
TeddyAndrieux
force-pushed
the
improvement/refactore-cp-ingress-ep-definition
branch
from
9e57620
to
bb8052a
Compare
| - cp_ingress_ip_ret: "Error because of banana" | ||
| raises: true | ||
| result: "Error because of banana" |
There was a problem hiding this comment.
This error happens to me all the time, I'm glad it's tested ! 👍
TeddyAndrieux
force-pushed
the
improvement/refactore-cp-ingress-ep-definition
branch
from
bb8052a
to
4eac18e
Compare
salt/metalk8s/addons/nginx-ingress-control-plane/certs/server.sls
Outdated
Show resolved
Hide resolved
| root@bootstrap $ kubectl --kubeconfig=/etc/kubernetes/admin.conf \ | ||
| get svc -n metalk8s-ingress ingress-nginx-control-plane-controller \ | ||
| -o=jsonpath='{.spec.externalIPs[0]}{"\n"}' | ||
| <the ingress control plane IP> |
There was a problem hiding this comment.
It's just to check that it's the IP we want, you do not like it ?
There was a problem hiding this comment.
Most of our commands are getting super verbose (same for running a command in the salt-master)... Not saying it's wrong 😉, just that it'd be nice if we could wrap those calls in some kubectl plugin... 😇
There was a problem hiding this comment.
Yess I agree
| will sit on a working master Node. The default value for this | ||
| Ingress IP is the control plane IP of the Bootstrap node (which means | ||
| that if you lose the Bootstrap node, you no longer have access to any | ||
| control plane component). |
There was a problem hiding this comment.
...through the Ingress controller. But some components also listen on host ports directly, no? Especially K8s API, which is useful to access in case of Bootstrap issues.
There was a problem hiding this comment.
Right, but if you lose bootstrap you do not have access to OIDC so access to Kubernetes APIServer (should) do not work as well (if we generated kubeconfig specific to each user 😉)
But agree, I will replace "control plane component" with OIDC and various Control Plane UIs
| --kubeconfig=/etc/kubernetes/admin.conf \\ | ||
| $(kubectl --kubeconfig=/etc/kubernetes/admin.conf get pod \\ | ||
| -l "app.kubernetes.io/name=salt-master" \\ | ||
| --namespace=kube-system -o jsonpath='{.items[0].metadata.name}') \\ |
There was a problem hiding this comment.
Hmm right I could use it 🤔
It will have strange behavior if for whatever reason you have multiple salt-master running, maybe better to keep this one for the moment (so that this procedure may be compatible with future Bootstrap HA 😄 😉 )
There was a problem hiding this comment.
Haha good point 👌 We'll have to make these commands simpler anyway, so if we change how we deploy things, we don't have to update it in hundreds of places across our docs.
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
The following reviewers are expecting changes from the author, or must review again: |
Instead of hardcode Control Plane Ingress Endpoint at several places in the salt states, add a new Salt module to "compute" it and use this salt module everywhere in our salt states
Instead of hardcode Ingress port in tests and use Bootstrap Control Plane IP to compute the Control Plane Ingress Endpoint, retrieve it using the Kubernetes Service
Update the command to retrieve the IP using Kubernetes API and Control Plane Ingress Service to get the external IP
Make the IP used to reach the UI and other Control Plane components configurable from Bootstrap config file Refs: #2381
Move `we are on a multi node cluster` from test registry to conftest, so that it can be used in other tests
TeddyAndrieux
force-pushed
the
improvement/refactore-cp-ingress-ep-definition
branch
from
4eac18e
to
d3e36a4
Compare
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
Add a simple orchestrate and small procedure in the documentation to change the Control Plane Ingress IP
TeddyAndrieux
force-pushed
the
improvement/refactore-cp-ingress-ep-definition
branch
from
d3e36a4
to
4fe7cac
Compare
|
/approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye teddyandrieux. |
Component:
'salt', 'tests'
Context:
Being able to choose which IP will be used for Ingress Control Plane, so that user can manage them self HA of this IP through all Control Plane nodes.
Summary:
Sees: #2381
NOTE: It's only the first part of Control Plane Ingress HA, as we also want to add an optional MetalLB deployment as part of MetalK8s, so that if it's possible in the user environment HA of Control Plane Ingress can be managed by MetalLB directly.