From f3d01aae49ab5792aa6cb0de3e82ce87120c956e Mon Sep 17 00:00:00 2001 From: Corey O'Brien Date: Thu, 27 Jul 2017 10:54:16 -0400 Subject: [PATCH 01/46] openstack: Restrict security groups for insecure and internal ports --- modules/openstack/secgroups/rules/etcd/secgroup.tf | 4 ++-- modules/openstack/secgroups/rules/etcd/variables.tf | 4 ++++ modules/openstack/secgroups/rules/k8s/secgroup.tf | 4 ++-- modules/openstack/secgroups/rules/k8s/variables.tf | 4 ++++ modules/openstack/secgroups/secgroup.tf | 12 +++++++----- modules/openstack/secgroups/variables.tf | 4 ++++ platforms/openstack/neutron/main.tf | 1 + 7 files changed, 24 insertions(+), 9 deletions(-) diff --git a/modules/openstack/secgroups/rules/etcd/secgroup.tf b/modules/openstack/secgroups/rules/etcd/secgroup.tf index a58d6c61ba..c496c91cc0 100644 --- a/modules/openstack/secgroups/rules/etcd/secgroup.tf +++ b/modules/openstack/secgroups/rules/etcd/secgroup.tf @@ -4,7 +4,7 @@ resource "openstack_networking_secgroup_rule_v2" "etcd" { port_range_min = 2379 port_range_max = 2380 protocol = "tcp" - remote_ip_prefix = "0.0.0.0/0" + remote_ip_prefix = "${var.cluster_cidr}" security_group_id = "${var.secgroup_id}" } @@ -15,6 +15,6 @@ resource "openstack_networking_secgroup_rule_v2" "bootstrap_etcd" { port_range_min = 12379 port_range_max = 12380 protocol = "tcp" - remote_ip_prefix = "0.0.0.0/0" + remote_ip_prefix = "${var.cluster_cidr}" security_group_id = "${var.secgroup_id}" } diff --git a/modules/openstack/secgroups/rules/etcd/variables.tf b/modules/openstack/secgroups/rules/etcd/variables.tf index 96ee6ebbff..027d12fc93 100644 --- a/modules/openstack/secgroups/rules/etcd/variables.tf +++ b/modules/openstack/secgroups/rules/etcd/variables.tf @@ -5,3 +5,7 @@ variable "secgroup_id" { variable "self_hosted" { default = false } + +variable "cluster_cidr" { + type = "string" +} diff --git a/modules/openstack/secgroups/rules/k8s/secgroup.tf b/modules/openstack/secgroups/rules/k8s/secgroup.tf index 313203f734..0dbcbd2da5 100644 --- a/modules/openstack/secgroups/rules/k8s/secgroup.tf +++ b/modules/openstack/secgroups/rules/k8s/secgroup.tf @@ -14,7 +14,7 @@ resource "openstack_networking_secgroup_rule_v2" "cAdvisor" { port_range_min = 4194 port_range_max = 4194 protocol = "tcp" - remote_ip_prefix = "0.0.0.0/0" + remote_ip_prefix = "${var.cluster_cidr}" security_group_id = "${var.secgroup_id}" } @@ -24,7 +24,7 @@ resource "openstack_networking_secgroup_rule_v2" "flannel" { port_range_min = 4789 port_range_max = 4789 protocol = "udp" - remote_ip_prefix = "0.0.0.0/0" + remote_ip_prefix = "${var.cluster_cidr}" security_group_id = "${var.secgroup_id}" } diff --git a/modules/openstack/secgroups/rules/k8s/variables.tf b/modules/openstack/secgroups/rules/k8s/variables.tf index 69a764b14c..bea462dbd4 100644 --- a/modules/openstack/secgroups/rules/k8s/variables.tf +++ b/modules/openstack/secgroups/rules/k8s/variables.tf @@ -1,3 +1,7 @@ variable "secgroup_id" { type = "string" } + +variable "cluster_cidr" { + type = "string" +} diff --git a/modules/openstack/secgroups/secgroup.tf b/modules/openstack/secgroups/secgroup.tf index a42fe17daf..299f6d2478 100644 --- a/modules/openstack/secgroups/secgroup.tf +++ b/modules/openstack/secgroups/secgroup.tf @@ -15,8 +15,9 @@ resource "openstack_networking_secgroup_v2" "k8s" { } module "k8s" { - source = "rules/k8s" - secgroup_id = "${openstack_networking_secgroup_v2.k8s.id}" + source = "rules/k8s" + secgroup_id = "${openstack_networking_secgroup_v2.k8s.id}" + cluster_cidr = "${var.cluster_cidr}" } resource "openstack_networking_secgroup_v2" "etcd" { @@ -26,7 +27,8 @@ resource "openstack_networking_secgroup_v2" "etcd" { } module "etcd" { - source = "rules/etcd" - secgroup_id = "${openstack_networking_secgroup_v2.etcd.id}" - self_hosted = "${var.tectonic_experimental}" + source = "rules/etcd" + secgroup_id = "${openstack_networking_secgroup_v2.etcd.id}" + self_hosted = "${var.tectonic_experimental}" + cluster_cidr = "${var.cluster_cidr}" } diff --git a/modules/openstack/secgroups/variables.tf b/modules/openstack/secgroups/variables.tf index 44ad63877c..c46624c9fb 100644 --- a/modules/openstack/secgroups/variables.tf +++ b/modules/openstack/secgroups/variables.tf @@ -5,3 +5,7 @@ variable "cluster_name" { variable "tectonic_experimental" { default = false } + +variable "cluster_cidr" { + type = "string" +} diff --git a/platforms/openstack/neutron/main.tf b/platforms/openstack/neutron/main.tf index 2472f8d33c..c7cd4c3ac5 100644 --- a/platforms/openstack/neutron/main.tf +++ b/platforms/openstack/neutron/main.tf @@ -177,6 +177,7 @@ module "secrets" { module "secgroups" { source = "../../../modules/openstack/secgroups" cluster_name = "${var.tectonic_cluster_name}" + cluster_cidr = "${var.tectonic_openstack_subnet_cidr}" tectonic_experimental = "${var.tectonic_experimental}" } From ee9b51c75cb6b4c5f1a2633bc1f85557296b3e89 Mon Sep 17 00:00:00 2001 From: Beth Wright Date: Tue, 8 Aug 2017 10:45:24 -0700 Subject: [PATCH 02/46] docs: fixing broken links. --- images/tectonic-builder/README.md | 4 ++-- images/tectonic-error-server/README.md | 2 +- platforms/aws/variables.tf | 2 +- platforms/azure/variables.tf | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/tectonic-builder/README.md b/images/tectonic-builder/README.md index 9ebd97d29f..29a963b895 100644 --- a/images/tectonic-builder/README.md +++ b/images/tectonic-builder/README.md @@ -3,6 +3,6 @@ [![Container Repository on Quay](https://quay.io/repository/coreos/tectonic-builder/status "Container Repository on Quay")](https://quay.io/repository/coreos/tectonic-builder) This container image contains the environment required to build and test the -[Tectonic Installer](../installer) and aims at facilitating the implementation +[Tectonic Installer](../../installer) and aims at facilitating the implementation of CI/CD pipelines. More particularly, this image is used in several Jenkins -jobs today for testing purposes. \ No newline at end of file +jobs today for testing purposes. diff --git a/images/tectonic-error-server/README.md b/images/tectonic-error-server/README.md index d2df1bc295..4170378b4a 100644 --- a/images/tectonic-error-server/README.md +++ b/images/tectonic-error-server/README.md @@ -10,7 +10,7 @@ The `X-Code` value in the header indicates the HTTP error code encountered by th ## Usage -Run the `build-docker` script followed by the `push` script to build and push a docker image to the [coreos/tectonic-error-server] (https://quay.io/repository/coreos/tectonic-error-server) repo on quay.io. +Run the `build-docker` script followed by the `push` script to build and push a docker image to the [coreos/tectonic-error-server](https://quay.io/repository/coreos/tectonic-error-server) repo on quay.io. ``` ./build-docker diff --git a/platforms/aws/variables.tf b/platforms/aws/variables.tf index 7ad06eecc5..91734562ca 100644 --- a/platforms/aws/variables.tf +++ b/platforms/aws/variables.tf @@ -28,7 +28,7 @@ variable "tectonic_aws_etcd_ec2_type" { type = "string" description = <,%,&,\,?,/' or control characters. +NOTE: Tags MUST NOT contain reserved characters '<,>,%,&,\,?,/' or control characters. EOF default = {} From 1abef6ea89d83cb8d8532115df708e6dfcd698c6 Mon Sep 17 00:00:00 2001 From: Aleks Saul Date: Tue, 8 Aug 2017 11:43:03 -0700 Subject: [PATCH 03/46] docs: vmware - multiple DNS server use in vmware Add a note to vars & examples regarding use of multiple DNS servers that gets fed into systemd-networkd on Virtual Machines. --- Documentation/variables/vmware.md | 2 +- examples/terraform.tfvars.vmware | 2 +- platforms/vmware/variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/variables/vmware.md b/Documentation/variables/vmware.md index ca367b892d..4d265e13f9 100644 --- a/Documentation/variables/vmware.md +++ b/Documentation/variables/vmware.md @@ -24,7 +24,7 @@ This document gives an overview of variables used in the VMware platform of the | tectonic_vmware_master_memory | Master node(s) Memory Size in MB | string | `4096` | | tectonic_vmware_master_vcpu | Master node(s) vCPU count | string | `1` | | tectonic_vmware_network | Portgroup to attach the cluster nodes | string | - | -| tectonic_vmware_node_dns | DNS Server to be useddd by Virtual Machine(s) | string | - | +| tectonic_vmware_node_dns | DNS Server to be useddd by Virtual Machine(s). Multiple DNS servers can be seperated by whitespace. Example: `"192.168.1.1 192.168.2.1"` | string | - | | tectonic_vmware_server | vCenter Server IP/FQDN | string | - | | tectonic_vmware_ssh_authorized_key | SSH public key to use as an authorized key. Example: `"ssh-rsa AAAB3N..."` | string | - | | tectonic_vmware_ssh_private_key_path | SSH private key file in .pem format corresponding to tectonic_vmware_ssh_authorized_key. If not provided, SSH agent will be used. | string | `` | diff --git a/examples/terraform.tfvars.vmware b/examples/terraform.tfvars.vmware index d0df1e5a28..5b238d192c 100644 --- a/examples/terraform.tfvars.vmware +++ b/examples/terraform.tfvars.vmware @@ -212,7 +212,7 @@ tectonic_vmware_master_vcpu = "1" // Portgroup to attach the cluster nodes tectonic_vmware_network = "" -// DNS Server to be useddd by Virtual Machine(s) +// DNS Server to be useddd by Virtual Machine(s). Multiple DNS servers can be seperated by whitespace. Example: `"192.168.1.1 192.168.2.1"` tectonic_vmware_node_dns = "" // vCenter Server IP/FQDN diff --git a/platforms/vmware/variables.tf b/platforms/vmware/variables.tf index 2a292b3461..3d975b47f1 100644 --- a/platforms/vmware/variables.tf +++ b/platforms/vmware/variables.tf @@ -55,7 +55,7 @@ variable "tectonic_vmware_ssh_private_key_path" { variable "tectonic_vmware_node_dns" { type = "string" - description = "DNS Server to be useddd by Virtual Machine(s)" + description = "DNS Server to be useddd by Virtual Machine(s). Multiple DNS servers can be seperated by whitespace. Example: `\"192.168.1.1 192.168.2.1\"`" } variable "tectonic_vmware_controller_domain" { From 52709912dbd163601132124707173b1bc339c763 Mon Sep 17 00:00:00 2001 From: Aleks Saul Date: Tue, 8 Aug 2017 14:33:01 -0700 Subject: [PATCH 04/46] docs:vmware - variable tectonic_vmware_node_dns fix typos in description --- Documentation/variables/vmware.md | 2 +- examples/terraform.tfvars.vmware | 2 +- platforms/vmware/variables.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Documentation/variables/vmware.md b/Documentation/variables/vmware.md index 4d265e13f9..358d39578d 100644 --- a/Documentation/variables/vmware.md +++ b/Documentation/variables/vmware.md @@ -24,7 +24,7 @@ This document gives an overview of variables used in the VMware platform of the | tectonic_vmware_master_memory | Master node(s) Memory Size in MB | string | `4096` | | tectonic_vmware_master_vcpu | Master node(s) vCPU count | string | `1` | | tectonic_vmware_network | Portgroup to attach the cluster nodes | string | - | -| tectonic_vmware_node_dns | DNS Server to be useddd by Virtual Machine(s). Multiple DNS servers can be seperated by whitespace. Example: `"192.168.1.1 192.168.2.1"` | string | - | +| tectonic_vmware_node_dns | DNS Server to be used by Virtual Machine(s). Multiple DNS servers can be separated by whitespace. Example: `"192.168.1.1 192.168.2.1"` | string | - | | tectonic_vmware_server | vCenter Server IP/FQDN | string | - | | tectonic_vmware_ssh_authorized_key | SSH public key to use as an authorized key. Example: `"ssh-rsa AAAB3N..."` | string | - | | tectonic_vmware_ssh_private_key_path | SSH private key file in .pem format corresponding to tectonic_vmware_ssh_authorized_key. If not provided, SSH agent will be used. | string | `` | diff --git a/examples/terraform.tfvars.vmware b/examples/terraform.tfvars.vmware index 5b238d192c..612d6eec46 100644 --- a/examples/terraform.tfvars.vmware +++ b/examples/terraform.tfvars.vmware @@ -212,7 +212,7 @@ tectonic_vmware_master_vcpu = "1" // Portgroup to attach the cluster nodes tectonic_vmware_network = "" -// DNS Server to be useddd by Virtual Machine(s). Multiple DNS servers can be seperated by whitespace. Example: `"192.168.1.1 192.168.2.1"` +// DNS Server to be used by Virtual Machine(s). Multiple DNS servers can be separated by whitespace. Example: `"192.168.1.1 192.168.2.1"` tectonic_vmware_node_dns = "" // vCenter Server IP/FQDN diff --git a/platforms/vmware/variables.tf b/platforms/vmware/variables.tf index 3d975b47f1..6cb3ef71ed 100644 --- a/platforms/vmware/variables.tf +++ b/platforms/vmware/variables.tf @@ -55,7 +55,7 @@ variable "tectonic_vmware_ssh_private_key_path" { variable "tectonic_vmware_node_dns" { type = "string" - description = "DNS Server to be useddd by Virtual Machine(s). Multiple DNS servers can be seperated by whitespace. Example: `\"192.168.1.1 192.168.2.1\"`" + description = "DNS Server to be used by Virtual Machine(s). Multiple DNS servers can be separated by whitespace. Example: `\"192.168.1.1 192.168.2.1\"`" } variable "tectonic_vmware_controller_domain" { From 3b3e38f110b962b4c22899d3f0f62dc080544cae Mon Sep 17 00:00:00 2001 From: Aleks Saul Date: Wed, 9 Aug 2017 09:33:37 -0700 Subject: [PATCH 05/46] docs: vmware cleanup + ssh-agent clean node variables descriptions and update documentation to note ssh-agent setup --- .../install/vmware/vmware-terraform.md | 43 +++++++++++++++---- modules/vmware/node/variables.tf | 10 ++--- 2 files changed, 39 insertions(+), 14 deletions(-) diff --git a/Documentation/install/vmware/vmware-terraform.md b/Documentation/install/vmware/vmware-terraform.md index 05914c3b65..b6df0cca4b 100644 --- a/Documentation/install/vmware/vmware-terraform.md +++ b/Documentation/install/vmware/vmware-terraform.md @@ -11,9 +11,8 @@ Generally, the VMware platform templates adhere to the standards defined by the 1. Resize the Virtual Machine Disk size to 30 GB or larger 1. Convert the Container Linux image into a Virtual Machine template. 1. Pre-Allocated IP addresses for the cluster and pre-create DNS records -1. Register for Tectonic [Account][account] -## DNS and IP address allocation +### DNS and IP address allocation Prior to the start of setup create required DNS records. Below is a sample table of 3 etcd nodes, 2 master nodes and 2 worker nodes. @@ -33,19 +32,45 @@ Prior to the start of setup create required DNS records. Below is a sample table See [Tectonic on Baremetal DNS documentation][baremetaldns] for general DNS Requirements. -## Getting Started +### Tectonic Account -Below steps need to be executed on machine that has network connectivity to VMware vCenter API and SSH access to Tectonic Master Server(s). +Register for a [Tectonic Account][register], which is free for up to 10 nodes. You must provide the cluster license and pull secret during installation. -First, [download][downloadterraform] and install Terraform. +### ssh-agent + +Ensure `ssh-agent` is running: +``` +$ eval $(ssh-agent) +``` -After downloading, source this new binary in the `$PATH` of the machine. Run this command to add it to path: +Add the SSH key that will be used for the Tectonic installation to `ssh-agent`: +``` +$ ssh-add +``` +Verify that the SSH key identity is available to the ssh-agent: ``` -$ export PATH=/path/to/terraform:$PATH +$ ssh-add -L ``` -Now we're ready to specify our cluster configuration. +Reference the absolute path of the **_public_** component of the SSH key in `tectonic_vmware_ssh_authorized_key`. + +Without this, terraform is not able to SSH copy the assets and start bootkube. +Also make sure that the SSH known_hosts file doesn't have old records of the API DNS name (fingerprints will not match). + +## Getting Started + +Below steps need to be executed on machine that has network connectivity to VMware vCenter API and SSH access to Tectonic Master Server(s). + +### Download and extract Tectonic Installer + +Open a new terminal, and run the following commands to download and extract Tectonic Installer. + +```bash +$ curl -O https://releases.tectonic.com/tectonic-1.7.1-tectonic.1.tar.gz # download +$ tar xzvf tectonic-1.7.1-tectonic.1.tar.gz # extract the tarball +$ cd tectonic +``` ## Customize the deployment @@ -156,7 +181,7 @@ To delete Tectonic cluster, run: $ terraform destroy ../../platforms/vmware ``` -[account]: https://account.coreos.com +[register]: https://account.coreos.com/signup/summary/tectonic-2016-12 [baremetaldns]: https://coreos.com/tectonic/docs/latest/install/bare-metal/#dns [conventions]: ../../conventions.md [generic]: ../../generic-platform.md diff --git a/modules/vmware/node/variables.tf b/modules/vmware/node/variables.tf index ac5fd292ce..41124769f4 100644 --- a/modules/vmware/node/variables.tf +++ b/modules/vmware/node/variables.tf @@ -83,27 +83,27 @@ variable vmware_cluster { variable vm_vcpu { type = "string" - description = "ETCD VMs vCPU count" + description = "VMs vCPU count" } variable vm_memory { type = "string" - description = "ETCD VMs Memory size in MB" + description = "VMs Memory size in MB" } variable vm_network_label { type = "string" - description = "ETCD VMs PortGroup" + description = "VMs PortGroup" } variable vm_disk_datastore { type = "string" - description = "Datastore to create ETCD VM in " + description = "Datastore to create VM(s) in " } variable vm_disk_template { type = "string" - description = "Disk template to use for cloning ETCD VM CoreOS Container Linux" + description = "Disk template to use for cloning CoreOS Container Linux" } variable vm_disk_template_folder { From 7c57d5ee8b0f8a9d7ff6b6d1cce00185ec52df8c Mon Sep 17 00:00:00 2001 From: Aleks Saul Date: Wed, 9 Aug 2017 10:12:15 -0700 Subject: [PATCH 06/46] docs: vmware install updates Changes per review --- Documentation/install/vmware/vmware-terraform.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/install/vmware/vmware-terraform.md b/Documentation/install/vmware/vmware-terraform.md index b6df0cca4b..62ba245107 100644 --- a/Documentation/install/vmware/vmware-terraform.md +++ b/Documentation/install/vmware/vmware-terraform.md @@ -60,7 +60,7 @@ Also make sure that the SSH known_hosts file doesn't have old records of the API ## Getting Started -Below steps need to be executed on machine that has network connectivity to VMware vCenter API and SSH access to Tectonic Master Server(s). +The following steps must be executed on a machine that has network connectivity to VMware vCenter API and SSH access to Tectonic Master Server(s). ### Download and extract Tectonic Installer @@ -181,7 +181,7 @@ To delete Tectonic cluster, run: $ terraform destroy ../../platforms/vmware ``` -[register]: https://account.coreos.com/signup/summary/tectonic-2016-12 +[register]: https://account.coreos.com [baremetaldns]: https://coreos.com/tectonic/docs/latest/install/bare-metal/#dns [conventions]: ../../conventions.md [generic]: ../../generic-platform.md From a01cbe6623a2163dbf73cc6deb32703721c946be Mon Sep 17 00:00:00 2001 From: Beth Wright Date: Thu, 10 Aug 2017 15:34:40 -0700 Subject: [PATCH 07/46] docs: clarifying bare metal requirments lists. --- .../install/bare-metal/metal-terraform.md | 33 +++++++++---------- .../install/bare-metal/requirements.md | 19 +++++++++-- 2 files changed, 32 insertions(+), 20 deletions(-) diff --git a/Documentation/install/bare-metal/metal-terraform.md b/Documentation/install/bare-metal/metal-terraform.md index fbff894c2e..980736fb9e 100644 --- a/Documentation/install/bare-metal/metal-terraform.md +++ b/Documentation/install/bare-metal/metal-terraform.md @@ -1,19 +1,19 @@ -# Install Tectonic on Bare-Metal with Terraform +# Install Tectonic on bare metal with Terraform -Following this guide will deploy a Tectonic cluster on virtual or physical hardware. +Use this guide to deploy a Tectonic cluster on virtual or physical hardware using the command line and Terraform. ## Prerequisites -* Terraform: Tectonic Installer includes and requires a specific version of Terraform. This is included in the Tectonic Installer tarball. See the [Tectonic Installer release notes][release-notes] for information about which Terraform versions are compatible. -* [Matchbox v0.6+](https://github.com/coreos/matchbox/releases) installation with the gRPC API enabled. See [installation](https://coreos.com/matchbox/docs/latest/deployment.html). -* Matchbox TLS client credentials -* PXE network boot environment with DHCP, TFTP, and DNS services. See [network-setup](https://coreos.com/matchbox/docs/latest/network-setup.html). -* DNS records for the Kubernetes controller(s) and Tectonic Ingress worker(s). See [DNS](https://coreos.com/tectonic/docs/latest/install/bare-metal#networking). +For a complete list of requirements, see [Bare Metal Installation requirements][bare-requirements]. + +* [Tectonic Account][register]. +* The Terraform version included in the Tectonic Installer tarball. See the [Tectonic Installer release notes][release-notes] for information about which Terraform versions are compatible. +* [Matchbox v0.6+][matchbox-latest] installation with TLS client credentials and the gRPC API enabled. +* [PXE network boot environment][network-setup] with DHCP, TFTP, and DNS services. +* [DNS][dns] records for the Kubernetes controller(s) and Tectonic Ingress worker(s). * Machines with BIOS options set to boot from disk normally, but PXE prior to installation. * Machines with known MAC addresses and stable domain names. -* Tectonic Account - Register for a [Tectonic Account][register], which is free for up to 10 nodes. You will need to provide the cluster license and pull secret below. -* `ipmitool` or `virt-install` will be used to actually boot the machines. -* A SSH keypair whose private key is present in your system's ssh-agent. +* A SSH keypair whose private key is present in your system's [ssh-agent][ssh-agent]. ## Getting Started @@ -49,7 +49,7 @@ Next, get the modules that Terraform will use to create the cluster resources: $ terraform get ./platforms/metal ``` -Now we're ready to specify our cluster configuration. +Now, specify the cluster configuration. ## Customize the deployment @@ -69,7 +69,7 @@ Customizations should be made to `build/${CLUSTER}/terraform.tfvars`. Edit the f * `tectonic_matchbox_client_key` * `tectonic_matchboc_ca` -Edit additional variables to specify DNS records, list machines, and set a SSH key and Tectonic Console email and password. +Edit additional variables to specify DNS records, list machines, and set an SSH key and Tectonic Console email and password. Several variables are currently required, but their values are not used. @@ -106,7 +106,7 @@ ipmitool -H node1.example.com -U USER -P PASS power on Terraform will wait for the disk installation and reboot to complete and then be able to copy credentials to the nodes to bootstrap the cluster. You may see `null_resource.kubeconfig.X: Still creating...` during this time. -Run `terraform apply` until all tasks complete. Your Tectonic cluster should be ready. If you encounter any issues, check the known issues and workarounds below. +Run `terraform apply` until all tasks complete. Your Tectonic cluster should be ready. If you encounter any issues, check the [Tectonic troubleshooting guides][troubleshooting]. ## Access the cluster @@ -123,10 +123,6 @@ $ kubectl cluster-info For more information on working with installed clusters, see [Scaling Tectonic bare metal clusters][scale-metal], and [Uninstalling Tectonic][uninstall]. -## Known issues and workarounds - -See the [troubleshooting][troubleshooting] document for workarounds for bugs that are being tracked. - [conventions]: ../../conventions.md [generic]: ../../generic-platform.md @@ -137,3 +133,6 @@ See the [troubleshooting][troubleshooting] document for workarounds for bugs tha [uninstall]: uninstall.md [scale-metal]: ../../admin/bare-metal-scale.md [release-notes]: https://coreos.com/tectonic/releases/ +[ssh-agent]: requirements.md#ssh-agent +[bare-requirements]: requirements.md +[network-setup]: https://coreos.com/matchbox/docs/latest/network-setup.html diff --git a/Documentation/install/bare-metal/requirements.md b/Documentation/install/bare-metal/requirements.md index fdc0329dac..44a18c34ae 100644 --- a/Documentation/install/bare-metal/requirements.md +++ b/Documentation/install/bare-metal/requirements.md @@ -2,7 +2,16 @@ The Tectonic Installer creates bare metal Tectonic clusters within networks with PXE infrastructure and the `matchbox` service. -For more information about `matchbox`, refer to the [`matchbox` documentation][matchbox]. +Installation requires the following items, which are discussed in more detail below: + +* [Tectonic Account][register]. Register for a Tectonic Account, which is free for up to 10 nodes. The cluster license and pull secret are required during installation of Tectonic. +* Terraform. Tectonic Installer includes and requires a specific version of Terraform. This is included in the Tectonic Installer tarball. See the [Tectonic Installer release notes][release-notes] for information about which Terraform versions are compatible. +* [Matchbox v0.6+][matchbox-latest] installation with TLS client credentials and the gRPC API enabled. For more information, see the Matchbox [installation guide][matchbox-install]. +* PXE network boot environment with DHCP, TFTP, and DNS services. For more information, see [Network setup][network-setup]. +* DNS records for the Kubernetes controller(s) and Tectonic Ingress worker(s). See [DNS][dns]. +* Machines with BIOS options set to boot from disk normally, but PXE prior to installation. `ipmitool` or `virt-install` will be used to actually boot the machines. +* Machines with known MAC addresses and stable domain names. +* A SSH keypair whose private key is present in your system's [ssh-agent][ssh-agent]. ## Tectonic Installer @@ -22,7 +31,7 @@ User machines must: Bare metal Tectonic clusters are provisioned in a PXE network environment. Cluster nodes will PXE boot from the `matchbox` service running on a provisioner node. Familiarity with your network topology is required. -Tectonic bare metal clusters store credentials in `user-data`, and etcd peer to peer communication is not currently encrypted with TLS. To restrict access to sensitive information, provision bare metal machines within a trusted network and ensure that a firewall exists between cluster controllers and the public internet. +Tectonic bare metal clusters store credentials in `user-data`. etcd peer-to-peer communication is not currently encrypted with TLS. To restrict access to sensitive information, provision bare metal machines within a trusted network and ensure that a firewall exists between cluster controllers and the public internet. ### Services @@ -106,7 +115,11 @@ The provisioner must: [daemonset]: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ [reprovision]: uninstall.md -[matchbox-dnsmasq]: https://github.com/coreos/matchbox/tree/master/contrib/dnsmasq [matchbox]: https://coreos.com/matchbox +[matchbox-dnsmasq]: https://github.com/coreos/matchbox/tree/master/contrib/dnsmasq +[matchbox-install]: https://coreos.com/matchbox/docs/latest/deployment.html +[matchbox-latest]: https://github.com/coreos/matchbox/releases [quay.io]: https://quay.io [ssh-agent]: https://www.freebsd.org/cgi/man.cgi?query=ssh-agent&sektion=1 +[network-setup]: https://coreos.com/matchbox/docs/latest/network-setup.html +[dns]: bare-metal#networking From d456496e509bf9cfb16b9ce3a3c506a6f7402cfd Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Sat, 12 Aug 2017 01:44:57 -0400 Subject: [PATCH 08/46] azure: Remove hardcoded CL ver (`versions["container_linux"]`) --- config.tf | 15 +++++++-------- modules/azure/etcd/etcd.tf | 2 +- modules/azure/master-as/master.tf | 2 +- modules/azure/worker-as/workers.tf | 2 +- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/config.tf b/config.tf index fd59acd371..84a5e991ab 100644 --- a/config.tf +++ b/config.tf @@ -70,14 +70,13 @@ variable "tectonic_versions" { type = "map" default = { - alertmanager = "v0.7.1" - container_linux = "1353.8.0" - etcd = "3.1.8" - kubernetes = "1.7.1+tectonic.1" - monitoring = "1.4.1" - prometheus = "v1.7.1" - tectonic = "1.7.1-tectonic.1" - tectonic-etcd = "0.0.1" + alertmanager = "v0.7.1" + etcd = "3.1.8" + kubernetes = "1.7.1+tectonic.1" + monitoring = "1.4.1" + prometheus = "v1.7.1" + tectonic = "1.7.1-tectonic.1" + tectonic-etcd = "0.0.1" } } diff --git a/modules/azure/etcd/etcd.tf b/modules/azure/etcd/etcd.tf index 43f6ae20b7..35467e3541 100644 --- a/modules/azure/etcd/etcd.tf +++ b/modules/azure/etcd/etcd.tf @@ -24,7 +24,7 @@ resource "azurerm_virtual_machine" "etcd_node" { publisher = "CoreOS" offer = "CoreOS" sku = "${var.cl_channel}" - version = "${var.versions["container_linux"]}" + version = "latest" } storage_os_disk { diff --git a/modules/azure/master-as/master.tf b/modules/azure/master-as/master.tf index 57cba2d239..5ff4e2e2a6 100644 --- a/modules/azure/master-as/master.tf +++ b/modules/azure/master-as/master.tf @@ -23,7 +23,7 @@ resource "azurerm_virtual_machine" "tectonic_master" { publisher = "CoreOS" offer = "CoreOS" sku = "${var.cl_channel}" - version = "${var.versions["container_linux"]}" + version = "latest" } storage_os_disk { diff --git a/modules/azure/worker-as/workers.tf b/modules/azure/worker-as/workers.tf index 5959e70161..49438d3fbd 100644 --- a/modules/azure/worker-as/workers.tf +++ b/modules/azure/worker-as/workers.tf @@ -28,7 +28,7 @@ resource "azurerm_virtual_machine" "tectonic_worker" { publisher = "CoreOS" offer = "CoreOS" sku = "${var.cl_channel}" - version = "${var.versions["container_linux"]}" + version = "latest" } storage_os_disk { name = "worker-${count.index}-os-${var.storage_id}" From 278a3b07c8587ae02fd3e7d9bca323341dc5aa63 Mon Sep 17 00:00:00 2001 From: Beth Wright Date: Mon, 14 Aug 2017 10:48:51 -0700 Subject: [PATCH 09/46] docs: cleaning up links. --- Documentation/install/bare-metal/metal-terraform.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/install/bare-metal/metal-terraform.md b/Documentation/install/bare-metal/metal-terraform.md index 980736fb9e..98c79deaa3 100644 --- a/Documentation/install/bare-metal/metal-terraform.md +++ b/Documentation/install/bare-metal/metal-terraform.md @@ -6,7 +6,7 @@ Use this guide to deploy a Tectonic cluster on virtual or physical hardware usin For a complete list of requirements, see [Bare Metal Installation requirements][bare-requirements]. -* [Tectonic Account][register]. +* [Tectonic Account][account]. * The Terraform version included in the Tectonic Installer tarball. See the [Tectonic Installer release notes][release-notes] for information about which Terraform versions are compatible. * [Matchbox v0.6+][matchbox-latest] installation with TLS client credentials and the gRPC API enabled. * [PXE network boot environment][network-setup] with DHCP, TFTP, and DNS services. @@ -126,7 +126,6 @@ For more information on working with installed clusters, see [Scaling Tectonic b [conventions]: ../../conventions.md [generic]: ../../generic-platform.md -[register]: https://account.coreos.com/signup/summary/tectonic-2016-12 [account]: https://account.coreos.com [vars]: ../../variables/config.md [troubleshooting]: ../../troubleshooting/faq.md @@ -136,3 +135,4 @@ For more information on working with installed clusters, see [Scaling Tectonic b [ssh-agent]: requirements.md#ssh-agent [bare-requirements]: requirements.md [network-setup]: https://coreos.com/matchbox/docs/latest/network-setup.html +[matchbox]: https://coreos.com/matchbox/docs/latest/ From 012cd7b750337cf5c271aa8b3094c9c750273e38 Mon Sep 17 00:00:00 2001 From: Levi Blackstone Date: Fri, 16 Jun 2017 14:06:43 -0500 Subject: [PATCH 10/46] platforms/openstack/neutron: Add LBaaSv2 for masters Add LBaaSv2 load balancer to balance traffic for k8s masters. DNS record for the API is updated to point to the load balancer rather than the masters directly. A floating IP is associated with the load balancer to provide internet connectivity. --- platforms/openstack/neutron/lbaas.tf | 36 ++++++++++++++++++++++++++ platforms/openstack/neutron/main.tf | 2 +- platforms/openstack/neutron/network.tf | 5 ++++ platforms/openstack/neutron/nodes.tf | 1 + 4 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 platforms/openstack/neutron/lbaas.tf diff --git a/platforms/openstack/neutron/lbaas.tf b/platforms/openstack/neutron/lbaas.tf new file mode 100644 index 0000000000..060898b929 --- /dev/null +++ b/platforms/openstack/neutron/lbaas.tf @@ -0,0 +1,36 @@ +resource "openstack_lb_loadbalancer_v2" "master_lb" { + vip_subnet_id = "${openstack_networking_subnet_v2.subnet.id}" + name = "${var.tectonic_cluster_name}_master" +} + +resource "openstack_lb_pool_v2" "master_lb_pool" { + lb_method = "ROUND_ROBIN" + protocol = "TCP" + name = "https" + loadbalancer_id = "${openstack_lb_loadbalancer_v2.master_lb.id}" +} + +resource "openstack_lb_listener_v2" "master_lb_listener" { + default_pool_id = "${openstack_lb_pool_v2.master_lb_pool.id}" + loadbalancer_id = "${openstack_lb_loadbalancer_v2.master_lb.id}" + protocol = "TCP" + protocol_port = 443 + name = "https" +} + +resource "openstack_lb_monitor_v2" "master_lb_monitor" { + delay = 30 + max_retries = 3 + pool_id = "${openstack_lb_pool_v2.master_lb_pool.id}" + timeout = 5 + type = "TCP" + name = "https" +} + +resource "openstack_lb_member_v2" "master_lb_members" { + count = "${var.tectonic_master_count}" + address = "${element(openstack_networking_port_v2.master.*.all_fixed_ips[count.index], 0)}" + pool_id = "${openstack_lb_pool_v2.master_lb_pool.id}" + protocol_port = 443 + subnet_id = "${openstack_networking_subnet_v2.subnet.id}" +} diff --git a/platforms/openstack/neutron/main.tf b/platforms/openstack/neutron/main.tf index 4e5d995fc2..9a1e6294a1 100644 --- a/platforms/openstack/neutron/main.tf +++ b/platforms/openstack/neutron/main.tf @@ -188,7 +188,7 @@ module "dns" { admin_email = "${var.tectonic_admin_email}" - api_ips = "${openstack_networking_floatingip_v2.master.*.address}" + api_ips = "${openstack_networking_floatingip_v2.loadbalancer.*.address}" etcd_count = "${var.tectonic_experimental ? 0 : var.tectonic_etcd_count}" etcd_ips = "${openstack_networking_port_v2.etcd.*.all_fixed_ips}" etcd_tls_enabled = "${var.tectonic_etcd_tls_enabled}" diff --git a/platforms/openstack/neutron/network.tf b/platforms/openstack/neutron/network.tf index 12cf88d06c..5bf0ce1eb9 100644 --- a/platforms/openstack/neutron/network.tf +++ b/platforms/openstack/neutron/network.tf @@ -90,3 +90,8 @@ resource "openstack_networking_floatingip_v2" "worker" { count = "${var.tectonic_worker_count}" pool = "${var.tectonic_openstack_floatingip_pool}" } + +resource "openstack_networking_floatingip_v2" "loadbalancer" { + pool = "${var.tectonic_openstack_floatingip_pool}" + port_id = "${openstack_lb_loadbalancer_v2.master_lb.vip_port_id}" +} diff --git a/platforms/openstack/neutron/nodes.tf b/platforms/openstack/neutron/nodes.tf index 0f4f0f9bb9..835ff22d4d 100644 --- a/platforms/openstack/neutron/nodes.tf +++ b/platforms/openstack/neutron/nodes.tf @@ -124,6 +124,7 @@ resource "null_resource" "tectonic" { "openstack_compute_instance_v2.master_node", "openstack_networking_port_v2.master", "openstack_networking_floatingip_v2.master", + "openstack_networking_floatingip_v2.loadbalancer", ] connection { From 3d3b0a6730b4e274632c1039fd7ed9aeb65a299b Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Tue, 15 Aug 2017 21:12:00 +0900 Subject: [PATCH 11/46] frontend: Bring back tooltip for CIDR inputs --- installer/frontend/components/cidr.jsx | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/installer/frontend/components/cidr.jsx b/installer/frontend/components/cidr.jsx index 196b978ae6..7dfc0f9d24 100644 --- a/installer/frontend/components/cidr.jsx +++ b/installer/frontend/components/cidr.jsx @@ -1,9 +1,24 @@ +import _ from 'lodash'; import React from 'react'; +import { connect } from 'react-redux'; import { Deselect, Input, WithClusterConfig } from './ui'; import { validate } from '../validate'; import { DESELECTED_FIELDS } from '../cluster-config.js'; +const CIDRTooltip = connect( + ({clusterConfig}, {field}) => ({clusterConfig: clusterConfig, value: _.get(clusterConfig, field)}) +)(({value}) => { + if (validate.CIDR(value)) { + return null; + } + const [, bits] = value.split('/'); + // javascript's bit shifting only works on signed 32bit ints so <<31 + // would be negative :( + const addresses = Math.pow(2, 32 - parseInt(bits, 10)); + return
{addresses} IP address{addresses > 1 && 'es'}
; +}); + export const CIDR = ({field, name, disabled, placeholder, autoFocus, validator, selectable, fieldName}) => { fieldName = fieldName || field; return
@@ -12,9 +27,12 @@ export const CIDR = ({field, name, disabled, placeholder, autoFocus, validator,
- - - +
+ + + + +
; }; From 71ab020e6bf5786085fad5c5898428e9cd13679e Mon Sep 17 00:00:00 2001 From: Beth Wright Date: Tue, 15 Aug 2017 11:17:18 -0700 Subject: [PATCH 12/46] docs: adding link. --- Documentation/install/bare-metal/requirements.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Documentation/install/bare-metal/requirements.md b/Documentation/install/bare-metal/requirements.md index 44a18c34ae..c04f6da2cc 100644 --- a/Documentation/install/bare-metal/requirements.md +++ b/Documentation/install/bare-metal/requirements.md @@ -4,7 +4,7 @@ The Tectonic Installer creates bare metal Tectonic clusters within networks with Installation requires the following items, which are discussed in more detail below: -* [Tectonic Account][register]. Register for a Tectonic Account, which is free for up to 10 nodes. The cluster license and pull secret are required during installation of Tectonic. +* [Tectonic Account][account]. Register for a Tectonic Account, which is free for up to 10 nodes. The cluster license and pull secret are required during installation of Tectonic. * Terraform. Tectonic Installer includes and requires a specific version of Terraform. This is included in the Tectonic Installer tarball. See the [Tectonic Installer release notes][release-notes] for information about which Terraform versions are compatible. * [Matchbox v0.6+][matchbox-latest] installation with TLS client credentials and the gRPC API enabled. For more information, see the Matchbox [installation guide][matchbox-install]. * PXE network boot environment with DHCP, TFTP, and DNS services. For more information, see [Network setup][network-setup]. @@ -113,6 +113,7 @@ The provisioner must: * Serve CoreOS PXE and install images +[account]: https://account.coreos.com [daemonset]: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ [reprovision]: uninstall.md [matchbox]: https://coreos.com/matchbox From 6a37f2e365094165254679d3cac100ab7e20f143 Mon Sep 17 00:00:00 2001 From: Diego Pontoriero Date: Fri, 11 Aug 2017 17:46:07 -0700 Subject: [PATCH 13/46] Use kubernetes version for anti-affinity. We don't always upgrade the control plane when bumping tectonic versions (e.g. from 1.6.7-tectonic.1 to 1.6.7-tectonic.2). I think it only makes sense to enforce the anti-affinity when we are actually bumping kubernetes. Right now we have a divergence where 1.6.7-tectonic.2 clusters that were installed from that version will have '1.6.7-tectonic.2' anti-affinity in their manifests, whereas anything prior will have '1.6.7-tectonic.1'. This also adds explicit selectors since defaulting doesn't work well for upgrades. This has no impact for installation but helps when these manifests are used to construct patches. --- modules/bootkube/assets.tf | 2 +- .../resources/manifests/kube-controller-manager.yaml | 9 +++++++-- modules/bootkube/resources/manifests/kube-scheduler.yaml | 9 +++++++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf index b518ed953c..8623771d55 100644 --- a/modules/bootkube/assets.tf +++ b/modules/bootkube/assets.tf @@ -106,7 +106,7 @@ resource "template_dir" "bootkube" { etcd_client_cert = "${base64encode(data.template_file.etcd_client_crt.rendered)}" etcd_client_key = "${base64encode(data.template_file.etcd_client_key.rendered)}" - tectonic_version = "${var.versions["tectonic"]}" + kubernetes_version = "${var.versions["kubernetes"]}" master_count = "${var.master_count}" node_monitor_grace_period = "${var.node_monitor_grace_period}" diff --git a/modules/bootkube/resources/manifests/kube-controller-manager.yaml b/modules/bootkube/resources/manifests/kube-controller-manager.yaml index b1d49d0633..50aa92aa04 100644 --- a/modules/bootkube/resources/manifests/kube-controller-manager.yaml +++ b/modules/bootkube/resources/manifests/kube-controller-manager.yaml @@ -17,7 +17,7 @@ spec: labels: tier: control-plane k8s-app: kube-controller-manager - pod-anti-affinity: kube-controller-manager-${tectonic_version} + pod-anti-affinity: kube-controller-manager-${kubernetes_version} annotations: scheduler.alpha.kubernetes.io/critical-pod: "" spec: @@ -26,7 +26,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - pod-anti-affinity: kube-controller-manager-${tectonic_version} + pod-anti-affinity: kube-controller-manager-${kubernetes_version} namespaces: - kube-system topologyKey: kubernetes.io/hostname @@ -67,6 +67,11 @@ spec: securityContext: runAsNonRoot: true runAsUser: 65534 + selector: + matchLabels: + k8s-app: kube-controller-manager + pod-anti-affinity: kube-controller-manager-${kubernetes_version} + tier: control-plane tolerations: - key: "CriticalAddonsOnly" operator: "Exists" diff --git a/modules/bootkube/resources/manifests/kube-scheduler.yaml b/modules/bootkube/resources/manifests/kube-scheduler.yaml index 62dca2a550..88914d8e83 100644 --- a/modules/bootkube/resources/manifests/kube-scheduler.yaml +++ b/modules/bootkube/resources/manifests/kube-scheduler.yaml @@ -17,7 +17,7 @@ spec: labels: tier: control-plane k8s-app: kube-scheduler - pod-anti-affinity: kube-scheduler-${tectonic_version} + pod-anti-affinity: kube-scheduler-${kubernetes_version} annotations: scheduler.alpha.kubernetes.io/critical-pod: "" spec: @@ -26,7 +26,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - pod-anti-affinity: kube-scheduler-${tectonic_version} + pod-anti-affinity: kube-scheduler-${kubernetes_version} namespaces: - kube-system topologyKey: kubernetes.io/hostname @@ -48,6 +48,11 @@ spec: securityContext: runAsNonRoot: true runAsUser: 65534 + selector: + matchLabels: + k8s-app: kube-scheduler + pod-anti-affinity: kube-scheduler-${kubernetes_version} + tier: control-plane tolerations: - key: "CriticalAddonsOnly" operator: "Exists" From fd7c849af910f31d14e2a9ea9ac1c6b1d072952a Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Wed, 16 Aug 2017 10:35:17 +0900 Subject: [PATCH 14/46] frontend/tests: Fix ETCD test --- installer/frontend/ui-tests/tests/bareMetalInstaller.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installer/frontend/ui-tests/tests/bareMetalInstaller.js b/installer/frontend/ui-tests/tests/bareMetalInstaller.js index 2b4e4781f5..fa116e87b1 100644 --- a/installer/frontend/ui-tests/tests/bareMetalInstaller.js +++ b/installer/frontend/ui-tests/tests/bareMetalInstaller.js @@ -18,7 +18,7 @@ module.exports = { const matchboxCredentialsPage = client.page.matchboxCredentialsPage(); const defineMastersPage = client.page.defineMastersPage(); const defineWorkersPage = client.page.defineWorkersPage(); - const etcdConnectionPage = client.page.networkConfigurationPage(); + const etcdConnectionPage = client.page.etcdConnectionPage(); const networkConfigurationPage = client.page.networkConfigurationPage(); const sshKeysPage = client.page.sshKeysPage(); const consoleLoginPage = client.page.consoleLoginPage(); From b5092663a18156944eb11ea508c170a820276548 Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Wed, 16 Aug 2017 15:27:01 +0900 Subject: [PATCH 15/46] frontend/tests: Add Nightwatch tests for CIDR inputs --- .../ui-tests/pages/networkConfigurationPage.js | 17 +++++++++++++++++ .../frontend/ui-tests/pages/networkingPage.js | 14 ++++++++++++++ .../ui-tests/tests/bareMetalInstaller.js | 2 +- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/installer/frontend/ui-tests/pages/networkConfigurationPage.js b/installer/frontend/ui-tests/pages/networkConfigurationPage.js index 604913bae8..17d20a29ba 100644 --- a/installer/frontend/ui-tests/pages/networkConfigurationPage.js +++ b/installer/frontend/ui-tests/pages/networkConfigurationPage.js @@ -1,5 +1,22 @@ +const installerInput = require('../utils/bareMetalInstallerInput'); +const inputJson = installerInput.buildExpectedJson(); + +const networkConfigurationPageCommands = { + enterCIDRs() { + return this + .clearValue('#podCIDR') + .setValue('#podCIDR', inputJson.tectonic_cluster_cidr) + .assert.value('#podCIDR', inputJson.tectonic_cluster_cidr) + .clearValue('#serviceCIDR') + .setValue('#serviceCIDR', inputJson.tectonic_service_cidr) + .assert.value('#serviceCIDR', inputJson.tectonic_service_cidr) + .click('@nextStep'); + }, +}; + module.exports = { url: '', + commands: [networkConfigurationPageCommands], elements: { nextStep: { selector: '//*[text()[contains(.,"Next Step")]]', diff --git a/installer/frontend/ui-tests/pages/networkingPage.js b/installer/frontend/ui-tests/pages/networkingPage.js index 524f37ff58..cc7c4b9f46 100644 --- a/installer/frontend/ui-tests/pages/networkingPage.js +++ b/installer/frontend/ui-tests/pages/networkingPage.js @@ -1,8 +1,18 @@ +const installerInput = require('../utils/bareMetalInstallerInput'); +const inputJson = installerInput.buildExpectedJson(); + const networkingPageCommands = { provideNetworkingDetails() { return this .waitForElementPresent('@domain', 10000) .click('@domain') + .click('@advanced') + .clearValue('#podCIDR') + .setValue('#podCIDR', inputJson.tectonic_cluster_cidr) + .assert.value('#podCIDR', inputJson.tectonic_cluster_cidr) + .clearValue('#serviceCIDR') + .setValue('#serviceCIDR', inputJson.tectonic_service_cidr) + .assert.value('#serviceCIDR', inputJson.tectonic_service_cidr) .click('@nextStep'); }, }; @@ -11,6 +21,10 @@ module.exports = { url: '', commands: [networkingPageCommands], elements: { + advanced: { + selector: '//*[text()[contains(.,"Advanced Settings")]]', + locateStrategy: 'xpath', + }, domain: { selector: 'option[value=Z1ILIMNSJGTMO2]', }, diff --git a/installer/frontend/ui-tests/tests/bareMetalInstaller.js b/installer/frontend/ui-tests/tests/bareMetalInstaller.js index fa116e87b1..e8bd302fcf 100644 --- a/installer/frontend/ui-tests/tests/bareMetalInstaller.js +++ b/installer/frontend/ui-tests/tests/bareMetalInstaller.js @@ -30,7 +30,7 @@ module.exports = { certificateAuthorityPage.click('@nextStep'); matchboxAddressPage.enterMatchBoxEndPoints(); matchboxCredentialsPage.enterMatchBoxCredentials(); - networkConfigurationPage.click('@nextStep'); + networkConfigurationPage.enterCIDRs(); defineMastersPage.enterMastersDnsNames(); defineWorkersPage.enterWorkersDnsNames(); etcdConnectionPage.click('@nextStep'); From 7f56d94a6fd25e198eecd1d82daf04a00404862f Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Wed, 16 Aug 2017 17:13:01 +0900 Subject: [PATCH 16/46] frontend/tests: Add BM test error for missing environment variables --- installer/frontend/ui-tests/tests/awsInstaller.js | 4 +--- installer/frontend/ui-tests/tests/bareMetalInstaller.js | 8 ++++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/installer/frontend/ui-tests/tests/awsInstaller.js b/installer/frontend/ui-tests/tests/awsInstaller.js index 774163ca30..8fa236b85c 100644 --- a/installer/frontend/ui-tests/tests/awsInstaller.js +++ b/installer/frontend/ui-tests/tests/awsInstaller.js @@ -1,5 +1,3 @@ -const _ = require('lodash'); - const log = require('../utils/log'); const installerInput = require('../utils/awsInstallerInput'); const tfvarsUtil = require('../utils/terraformTfvars'); @@ -13,7 +11,7 @@ module.exports = { }, 'Tectonic Installer AWS Test': (client) => { - const missing = _.filter(REQUIRED_ENV_VARS, ev => !process.env[ev]); + const missing = REQUIRED_ENV_VARS.filter(ev => !process.env[ev]); if (missing.length) { console.error(`Missing environment variables: ${missing.join(', ')}.\n`); process.exit(1); diff --git a/installer/frontend/ui-tests/tests/bareMetalInstaller.js b/installer/frontend/ui-tests/tests/bareMetalInstaller.js index 2b4e4781f5..f82d0fb21f 100644 --- a/installer/frontend/ui-tests/tests/bareMetalInstaller.js +++ b/installer/frontend/ui-tests/tests/bareMetalInstaller.js @@ -2,6 +2,8 @@ const log = require('../utils/log'); const installerInput = require('../utils/bareMetalInstallerInput'); const tfvarsUtil = require('../utils/terraformTfvars'); +const REQUIRED_ENV_VARS = ['TF_VAR_tectonic_license_path', 'TF_VAR_tectonic_pull_secret_path']; + module.exports = { after (client) { client.getLog('browser', log.logger); @@ -9,6 +11,12 @@ module.exports = { }, 'Tectonic Installer BareMetal Test': (client) => { + const missing = REQUIRED_ENV_VARS.filter(ev => !process.env[ev]); + if (missing.length) { + console.error(`Missing environment variables: ${missing.join(', ')}.\n`); + process.exit(1); + } + const expectedJson = installerInput.buildExpectedJson(); const platformPage = client.page.platformPage(); const clusterInfoPage = client.page.clusterInfoPage(); From 9c459056364068fac03af05cebfbadf199d7ba6c Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Sat, 12 Aug 2017 13:17:26 +0900 Subject: [PATCH 17/46] frontend: Fix some indents --- installer/frontend/components/aws-vpc.jsx | 104 ++++++------- installer/frontend/components/base.jsx | 12 +- installer/frontend/components/etcd.jsx | 36 ++--- installer/frontend/components/tf-poweron.jsx | 146 +++++++++---------- 4 files changed, 149 insertions(+), 149 deletions(-) diff --git a/installer/frontend/components/aws-vpc.jsx b/installer/frontend/components/aws-vpc.jsx index eba6a53586..adcd6aa6e7 100644 --- a/installer/frontend/components/aws-vpc.jsx +++ b/installer/frontend/components/aws-vpc.jsx @@ -356,20 +356,20 @@ export const AWS_VPC = connect(stateToProps, dispatchToProps)( {/* privateZone && -
-
- - - -

- See AWS Split-View DNS documentation  -

+
+
+ + + +

+ See AWS Split-View DNS documentation  +

+
-
- */} + */} @@ -385,51 +385,51 @@ export const AWS_VPC = connect(stateToProps, dispatchToProps)( } {awsCreateVpc && -
-
- - The installer will create your EC2 instances within the following CIDR ranges. -

- Safe defaults have been chosen for you. - If you make changes, the ranges must not overlap and subnets must be within the VPC CIDR. - -
-
- Specify a range of IPv4 addresses for the VPC in the form of a CIDR block. Safe defaults have been chosen for you. +
+
+ + The installer will create your EC2 instances within the following CIDR ranges. +

+ Safe defaults have been chosen for you. + If you make changes, the ranges must not overlap and subnets must be within the VPC CIDR. + +
+
+ Specify a range of IPv4 addresses for the VPC in the form of a CIDR block. Safe defaults have been chosen for you. +
+
- -
} {!awsCreateVpc && -
-
- -
-
-
- this.validateVPC()}> - { - this.props.getVpcs(); - if (awsVpcId) { - this.props.getVpcSubnets(awsVpcId); - } - }} - onChange={vpcID => { - if (vpcID !== awsVpcId) { - this.props.reset(); - } - this.props.getVpcSubnets(vpcID); - }} - /> - +
+
+ +
+
+
+ this.validateVPC()}> + { + this.props.getVpcs(); + if (awsVpcId) { + this.props.getVpcSubnets(awsVpcId); + } + }} + onChange={vpcID => { + if (vpcID !== awsVpcId) { + this.props.reset(); + } + this.props.getVpcSubnets(vpcID); + }} + /> + +
-
} {(controllerSubnets || workerSubnets) &&
} diff --git a/installer/frontend/components/base.jsx b/installer/frontend/components/base.jsx index c14096f482..77c4d133ea 100644 --- a/installer/frontend/components/base.jsx +++ b/installer/frontend/components/base.jsx @@ -177,14 +177,14 @@ const Wizard = withNav(withRouter(connect(stateToProps)(
diff --git a/installer/frontend/components/etcd.jsx b/installer/frontend/components/etcd.jsx index 2110993f11..3a6d2e4460 100644 --- a/installer/frontend/components/etcd.jsx +++ b/installer/frontend/components/etcd.jsx @@ -95,29 +95,29 @@ export const Etcd = connect(({clusterConfig}) => ({
{etcdOption === ETCD_OPTIONS.EXTERNAL &&
} {etcdOption === ETCD_OPTIONS.EXTERNAL && -
-
-
- -
-
- - http://} - placeholder="etcd.example.com:2379" /> - -

Hostname and port of etcd client endpoint

+
+
+
+ +
+
+ + http://} + placeholder="etcd.example.com:2379" /> + +

Hostname and port of etcd client endpoint

+
-
} {isAWS && etcdOption === ETCD_OPTIONS.PROVISIONED &&
} {isAWS && etcdOption === ETCD_OPTIONS.PROVISIONED && -
- -
+
+ +
}
); diff --git a/installer/frontend/components/tf-poweron.jsx b/installer/frontend/components/tf-poweron.jsx index f87a92852c..e27a3e3406 100644 --- a/installer/frontend/components/tf-poweron.jsx +++ b/installer/frontend/components/tf-poweron.jsx @@ -216,29 +216,29 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( return
{!isBareMetal && -

- Kubernetes is starting up. We're committing your cluster details. - Grab some tea and sit tight. This process can take up to 20 minutes. - Status updates will appear below. -

+

+ Kubernetes is starting up. We're committing your cluster details. + Grab some tea and sit tight. This process can take up to 20 minutes. + Status updates will appear below. +

} {isBareMetal && -
-
- Power on the nodes +
+
+ Power on the nodes +
+
+ After powering up, your nodes will provision themselves automatically. + This process can take up to 30 minutes, while the following happens. +
+
+
    +
  • Container Linux is downloaded and installed to disk (about 200 MB)
    • +
  • Cluster software is downloaded (about 500 MB)
    • +
  • One or two reboots may occur
    • +
+
-
- After powering up, your nodes will provision themselves automatically. - This process can take up to 30 minutes, while the following happens. -
-
-
    -
  • Container Linux is downloaded and installed to disk (about 200 MB)
    • -
  • Cluster software is downloaded (about 500 MB)
    • -
  • One or two reboots may occur
    • -
-
-
}
@@ -247,66 +247,66 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( Terraform {action} {statusMsg} {output && !isApplySuccess && - + }
{isAWS && isApply && statusMsg !== 'success' && } {showLogs && output && !isApplySuccess && -
-
-
Terraform logs
-
-
-
-
this.outputNode = node}> -
{output}
+
+
+
Terraform logs
+
+
+
+
this.outputNode = node}> +
{output}
+
-
} {state.xhrError && {state.xhrError}} {tfError && {tfError.toString()}} {tfError && !isTFRunning && - - {_.startCase(action)} Failed. Your installation is blocked. To continue: -
    -
  1. Save your logs for debugging purposes.
    2. -
  2. Destroy your cluster to clear anything that may have been created.
    3. -
  3. Reapply Terraform.
    4. -
- {btnDestroy}{btnRetry} - + + {_.startCase(action)} Failed. Your installation is blocked. To continue: +
    +
  1. Save your logs for debugging purposes.
    2. +
  2. Destroy your cluster to clear anything that may have been created.
    3. +
  3. Reapply Terraform.
    4. +
+ {btnDestroy}{btnRetry} + } {isDestroySuccess && - - Destroy Succeeded -

To continue, make a fresh start with Tectonic Installer, or simply close the browser tab to quit.

- {btnStartOver}{btnRetry} - + + Destroy Succeeded +

To continue, make a fresh start with Tectonic Installer, or simply close the browser tab to quit.

+ {btnStartOver}{btnRetry} + } {isApplySuccess && -
- You can save Terraform logs, or destroy your cluster if you change your mind:  - this.destroy()], - ['Retry Terraform Apply', () => this.retry()], - ['Save Terraform Log', saveLog], - ]} - /> -
+
+ You can save Terraform logs, or destroy your cluster if you change your mind:  + this.destroy()], + ['Retry Terraform Apply', () => this.retry()], + ['Save Terraform Log', saveLog], + ]} + /> +
}
{consoleSubsteps} @@ -315,16 +315,16 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)(

{!isDestroySuccess && - ; } From 9ccd70d3fa0515b514a3c42dbceddbb1d87f3aba Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Sat, 12 Aug 2017 19:32:20 +0900 Subject: [PATCH 18/46] frontend: Fix Starting Tectonic install step state on initial render --- installer/frontend/components/tf-poweron.jsx | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/installer/frontend/components/tf-poweron.jsx b/installer/frontend/components/tf-poweron.jsx index e27a3e3406..9a2923ffdc 100644 --- a/installer/frontend/components/tf-poweron.jsx +++ b/installer/frontend/components/tf-poweron.jsx @@ -86,7 +86,7 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( } } - componentWillReceiveProps ({tectonic, terraform}) { + updateStatus ({tectonic, terraform}) { if (terraform.action === 'apply') { const services = (tectonic.isEtcdSelfHosted ? [{key: 'etcd', name: 'Etcd'}] : []).concat([ {key: 'kubernetes', name: 'Kubernetes'}, @@ -114,6 +114,14 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( } } + componentWillMount () { + this.updateStatus(this.props); + } + + componentWillReceiveProps (nextProps) { + this.updateStatus(nextProps); + } + componentWillUpdate ({terraform}) { if (this.isOutputSame(terraform) || this.state.showLogs === false) { this.shouldScroll = false; From 4734330eb60b2ef7d38cc237c3f03b785c24f3e9 Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Sat, 12 Aug 2017 20:19:10 +0900 Subject: [PATCH 19/46] frontend: Fix ProgressBar property name --- installer/frontend/components/tf-poweron.jsx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installer/frontend/components/tf-poweron.jsx b/installer/frontend/components/tf-poweron.jsx index 9a2923ffdc..368ee4e289 100644 --- a/installer/frontend/components/tf-poweron.jsx +++ b/installer/frontend/components/tf-poweron.jsx @@ -13,8 +13,8 @@ import { CLUSTER_NAME, PLATFORM_TYPE, getTectonicDomain } from '../cluster-confi import { AWS_TF, BARE_METAL_TF } from '../platforms'; import { commitToServer, observeClusterStatus } from '../server'; -const ProgressBar = ({progress, isStalled}) =>
-
+const ProgressBar = ({progress, isActive}) =>
+
; // Estimate the Terraform action progress based on the log output. The intention is to replace this in the future with @@ -268,7 +268,7 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( }
- {isAWS && isApply && statusMsg !== 'success' && } + {isAWS && isApply && statusMsg !== 'success' && } {showLogs && output && !isApplySuccess &&
From 3c168b451953116556b8dc502d5c6caedb18808e Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Tue, 8 Aug 2017 14:40:11 +0900 Subject: [PATCH 20/46] frontend: Clean up installation steps code Rename WaitingLi to Step and move to tf-poweron.jsx. Clean up steps CSS a bit. --- installer/assets/frontend/css/styles.css | 35 +++++--------- installer/frontend/components/tf-poweron.jsx | 48 ++++++++++++++------ installer/frontend/components/ui.jsx | 23 ---------- 3 files changed, 47 insertions(+), 59 deletions(-) diff --git a/installer/assets/frontend/css/styles.css b/installer/assets/frontend/css/styles.css index 4bbe591963..b5642fad72 100644 --- a/installer/assets/frontend/css/styles.css +++ b/installer/assets/frontend/css/styles.css @@ -156,24 +156,13 @@ input[type="text"].wiz-node-field { margin: 5px 0 10px 0; } -.wiz-launch-progress__substep { - list-style: none; - margin: 0 0 10px 0; - font-size: 14px; -} - .wiz-launch-progress__step { - list-style: none; margin: 0 0 10px 0; padding: 0; } -.wiz-launch-progress__step:last-child { - margin: 0; -} - -ul.service-launch-progress__steps { - margin: 10px 0 0 15px; +.wiz-launch-progress__step--substep { + font-size: 14px; } .wiz-minitable__header { @@ -396,6 +385,7 @@ ul.service-launch-progress__steps { -moz-user-select: all; -webkit-user-select: all; } + .wiz-shell-example:hover { cursor: copy; } @@ -424,16 +414,12 @@ input.wiz-super-short-input { color: #777; } -.wiz-success-fg.wiz-launch-progress__substep { - color: #333333; +.wiz-launch-progress__step--substep.wiz-success-fg { + color: #333; } -.wiz-error-fg.wiz-launch-progress__substep { - color: #D64456; -} - -.wiz-running-fg.wiz-launch-progress__substep { - color: #999999; +.wiz-launch-progress__step--substep.wiz-running-fg { + color: #999; } .wiz-ssh-key-container { @@ -448,21 +434,26 @@ input.wiz-super-short-input { padding: 10px; padding-bottom: 7px; } + .alert a { text-decoration: underline; } + .alert-info { background-color: #e9f6ff; color: #154a6d; } + .alert-info .btn-info { border-color: #419eda; color: #419eda; } + .alert-info .btn-info:active, .alert-info .btn-info:focus, .alert-info .btn-info:hover { background-color: #419eda; color: #fff; } + .alert-error { background-color: #FDF4F5; border: 1px solid #DC415E; @@ -717,7 +708,6 @@ span.spacer { color: #52A3D9; } - .tectonic-footer > a:hover { color: #52A3D9; } @@ -845,7 +835,6 @@ span.spacer { background-clip: padding-box; } - .dropdown-menu--dark { background-color: rgba(33, 33, 33, 0.85); box-shadow: 0 3px 2px rgba(0, 0, 0, 0.25); diff --git a/installer/frontend/components/tf-poweron.jsx b/installer/frontend/components/tf-poweron.jsx index 368ee4e289..33ae8032a1 100644 --- a/installer/frontend/components/tf-poweron.jsx +++ b/installer/frontend/components/tf-poweron.jsx @@ -5,7 +5,7 @@ import { connect } from 'react-redux'; import { saveAs } from 'file-saver'; import { Alert } from './alert'; -import { DropdownInline, WaitingLi } from './ui'; +import { DropdownInline } from './ui'; import { AWS_DomainValidation } from './aws-domain-validation'; import { ResetButton } from './reset-button'; import { TFDestroy } from '../aws-actions'; @@ -37,6 +37,28 @@ const estimateTerraformProgress = terraform => { return _.clamp(done.length / total, 0.01, 0.99); }; +const Step = ({pending, done, error, cancel, children, substep}) => { + const progressClasses = classNames('wiz-launch-progress__step', { + 'wiz-launch-progress__step--substep': substep, + 'wiz-pending-fg': pending, + 'wiz-error-fg': error, + 'wiz-success-fg': done && !error, + 'wiz-cancel-fg': !done && !error && cancel, + 'wiz-running-fg': !done && !error && !cancel && !pending, + }); + const iconClasses = classNames('fa', 'fa-fw', { + 'fa-circle-o': pending, + 'fa-exclamation-circle': error, + 'fa-check-circle': done && !error, + 'fa-ban': !done && !error && cancel, + 'fa-spin fa-circle-o-notch': !done && !error && !cancel && !pending, + }); + + return
+ {!substep && }{children} +
; +}; + const stateToProps = ({cluster, clusterConfig}) => { const status = cluster.status || {terraform: {}}; const { terraform, tectonic } = status; @@ -185,9 +207,9 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( const dnsReady = tectonic.console.success || ((tectonic.console.message || '').search('no such host') === -1); consoleSubsteps.push( - - Resolving {tectonicDomain} - + + Resolving {tectonicDomain} + ); const anyFailed = _.some(state.services, s => tectonic[s.key].failed); @@ -197,17 +219,17 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( const tectonicRunning = (!allDone || anyFailed) && !isTFRunning; if (tectonicRunning) { - tectonicSubsteps = _.map(state.services, service => - Starting {service.name} - ); + tectonicSubsteps = _.map(state.services, service => + Starting {service.name} + ); } consoleSubsteps.push( - - Starting Tectonic + + Starting Tectonic {tectonicRunning && } -
    {tectonicSubsteps}
- +
{tectonicSubsteps}
+ ); } @@ -252,7 +274,7 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)(
    - + Terraform {action} {statusMsg} {output && !isApplySuccess &&
    @@ -266,7 +288,7 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)(
    } -     +
    {isAWS && isApply && statusMsg !== 'success' && } {showLogs && output && !isApplySuccess && diff --git a/installer/frontend/components/ui.jsx b/installer/frontend/components/ui.jsx index ba3b20804d..51875a9564 100644 --- a/installer/frontend/components/ui.jsx +++ b/installer/frontend/components/ui.jsx @@ -606,29 +606,6 @@ export const PrivateKeyArea = (props) => { return ; }; -export const WaitingLi = ({pending, done, error, cancel, children, substep}) => { - const progressClasses = classNames({ - 'wiz-launch-progress__step': !substep, - 'wiz-launch-progress__substep': substep, - 'wiz-pending-fg': pending, - 'wiz-error-fg': error, - 'wiz-success-fg': done && !error, - 'wiz-cancel-fg': !done && !error && cancel, - 'wiz-running-fg': !done && !error && !cancel && !pending, - }); - const iconClasses = classNames('fa', 'fa-fw', { - 'fa-circle-o': pending, - 'fa-exclamation-circle': error, - 'fa-check-circle': done && !error, - 'fa-ban': !done && !error && cancel, - 'fa-spin fa-circle-o-notch': !done && !error && !cancel && !pending, - }); - - return
  • - {!substep && }{children} -
    • ; -}; - export class AsyncSelect extends React.Component { componentDidMount () { const { onChange, onRefresh, value } = this.props; From dc305438cb3eba74dd5879a4151bb8e738dba445 Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Wed, 16 Aug 2017 22:23:08 +0900 Subject: [PATCH 21/46] frontend: Fix "Go to my Tectonic Console" button for bare metal --- installer/frontend/components/success.jsx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/installer/frontend/components/success.jsx b/installer/frontend/components/success.jsx index e49c211f12..e30b756761 100644 --- a/installer/frontend/components/success.jsx +++ b/installer/frontend/components/success.jsx @@ -9,6 +9,9 @@ const handleAllDone = (platformType) => TectonicGA.sendEvent('Installer Button', const stateToProps = ({cluster, clusterConfig}) => { let tectonicConsole = _.get(cluster, ['status', 'tectonicConsole', 'instance']); + if (!tectonicConsole) { + tectonicConsole = clusterConfig.tectonicDomain; + } if (!tectonicConsole) { // TODO: (kans) add this to the terraform status response const hostedZoneID = clusterConfig[AWS_HOSTED_ZONE_ID]; From a8a01309403a8f29e9940cae1d35f9f22f87a64d Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Sat, 12 Aug 2017 19:49:56 +0900 Subject: [PATCH 22/46] frontend: Change install step icon for failed state --- installer/frontend/components/tf-poweron.jsx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/installer/frontend/components/tf-poweron.jsx b/installer/frontend/components/tf-poweron.jsx index 33ae8032a1..64d743f8f5 100644 --- a/installer/frontend/components/tf-poweron.jsx +++ b/installer/frontend/components/tf-poweron.jsx @@ -48,9 +48,8 @@ const Step = ({pending, done, error, cancel, children, substep}) => { }); const iconClasses = classNames('fa', 'fa-fw', { 'fa-circle-o': pending, - 'fa-exclamation-circle': error, 'fa-check-circle': done && !error, - 'fa-ban': !done && !error && cancel, + 'fa-ban': error || (cancel && !done), 'fa-spin fa-circle-o-notch': !done && !error && !cancel && !pending, }); From db2cd76797e4d749112b234252ee99cfd7a7f8d0 Mon Sep 17 00:00:00 2001 From: Everett Toews Date: Wed, 16 Aug 2017 12:39:49 -0500 Subject: [PATCH 23/46] openstack: Configurable nameservers (#1449) * openstack: Configurable nameservers Make the nameservers configurable so users can choose whatever nameservers they need to use. Also makes the nameserver usage consistent for both the nodes and the generated OpenStack subnet resource. The same defaults of the Google nameservers are still used. * Include nameserver defaults * Use one variable for multiple nameservers --- Documentation/variables/openstack-neutron.md | 2 +- examples/terraform.tfvars.openstack-neutron | 4 +++- platforms/openstack/neutron/main.tf | 9 +++------ platforms/openstack/neutron/variables.tf | 6 ++++-- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Documentation/variables/openstack-neutron.md b/Documentation/variables/openstack-neutron.md index eb5717ca28..f04d710567 100644 --- a/Documentation/variables/openstack-neutron.md +++ b/Documentation/variables/openstack-neutron.md @@ -6,7 +6,7 @@ This document gives an overview of variables used in the Openstack/Neutron platf | Name | Description | Type | Default | |------|-------------|:----:|:-----:| -| tectonic_openstack_dns_nameservers | The DNS servers assigned to the generated OpenStack subnet resource. | list | `` | +| tectonic_openstack_dns_nameservers | The nameservers used by the nodes and the generated OpenStack subnet resource.

    Example: `["8.8.8.8", "8.8.4.4"]` | list | `` | | tectonic_openstack_etcd_flavor_id | (optional) The flavor id for etcd instances as given in `openstack flavor list`. Specifies the size (CPU/Memory/Drive) of the VM.

    Note: Set either tectonic_openstack_etcd_flavor_name or tectonic_openstack_etcd_flavor_id. Note: This value is ignored for self-hosted etcd. | string | `` | | tectonic_openstack_etcd_flavor_name | (optional) The flavor name for etcd instances as given in `openstack flavor list`. Specifies the size (CPU/Memory/Drive) of the VM.

    Note: Set either tectonic_openstack_etcd_flavor_name or tectonic_openstack_etcd_flavor_id. Note: This value is ignored for self-hosted etcd. | string | `` | | tectonic_openstack_external_gateway_id | The ID of the network to be used as the external internet gateway as given in `openstack network list`. | string | - | diff --git a/examples/terraform.tfvars.openstack-neutron b/examples/terraform.tfvars.openstack-neutron index 28ffb06691..cdacab7629 100644 --- a/examples/terraform.tfvars.openstack-neutron +++ b/examples/terraform.tfvars.openstack-neutron @@ -126,7 +126,9 @@ tectonic_license_path = "" // This applies only to cloud platforms. tectonic_master_count = "1" -// The DNS servers assigned to the generated OpenStack subnet resource. +// The nameservers used by the nodes and the generated OpenStack subnet resource. +// +// Example: `["8.8.8.8", "8.8.4.4"]` tectonic_openstack_dns_nameservers = "" // (optional) The flavor id for etcd instances as given in `openstack flavor list`. Specifies the size (CPU/Memory/Drive) of the VM. diff --git a/platforms/openstack/neutron/main.tf b/platforms/openstack/neutron/main.tf index ec8d159632..5e444dc79b 100644 --- a/platforms/openstack/neutron/main.tf +++ b/platforms/openstack/neutron/main.tf @@ -89,8 +89,7 @@ module "etcd" { resolv_conf_content = < Date: Wed, 16 Aug 2017 16:26:36 -0700 Subject: [PATCH 24/46] modules/tectonic/resources/manifests/updater: Change all AppVersion TPRs to CRDs. --- .../manifests/updater/app-version-kind.yaml | 15 +++++++++------ .../app_versions/app-version-kubernetes.yaml | 2 +- .../app-version-tectonic-cluster.yaml | 2 +- .../app_versions/app-version-tectonic-etcd.yaml | 2 +- .../app-version-tectonic-monitoring.yaml | 2 +- .../manifests/updater/migration-status-kind.yaml | 15 +++++++++------ .../updater/tectonic-channel-operator-kind.yaml | 15 +++++++++------ 7 files changed, 31 insertions(+), 22 deletions(-) diff --git a/modules/tectonic/resources/manifests/updater/app-version-kind.yaml b/modules/tectonic/resources/manifests/updater/app-version-kind.yaml index 33fd020a6e..ebcd04e9eb 100644 --- a/modules/tectonic/resources/manifests/updater/app-version-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/app-version-kind.yaml @@ -1,7 +1,10 @@ -apiVersion: "extensions/v1beta1" -kind: "ThirdPartyResource" +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: "CustomResourceDefinition" metadata: - name: "app-version.coreos.com" -description: "An experimental specification for Tectonic components' versions" -versions: - - name: "v1" \ No newline at end of file + name: "appversions.tco.coreos.com" +spec: + group: "tco.coreos.com" + version: "v1" + names: + plural: "appversions" + kind: "AppVersion" diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml index 1dfe83d670..f05d0cd2a9 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml @@ -1,4 +1,4 @@ -apiVersion: coreos.com/v1 +apiVersion: tco.coreos.com/v1 kind: AppVersion metadata: name: kubernetes diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml index f9ea8b7648..82cefbd5b3 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml @@ -1,4 +1,4 @@ -apiVersion: coreos.com/v1 +apiVersion: tco.coreos.com/v1 kind: AppVersion metadata: name: tectonic-cluster diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml index 5fe1f26684..1159409208 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml @@ -1,4 +1,4 @@ -apiVersion: coreos.com/v1 +apiVersion: tco.coreos.com/v1 kind: AppVersion metadata: name: tectonic-etcd diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml index 15bd6ae2cb..e9c2366a98 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml @@ -1,4 +1,4 @@ -apiVersion: coreos.com/v1 +apiVersion: tco.coreos.com/v1 kind: AppVersion metadata: name: tectonic-monitoring diff --git a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml index cecad4043c..d4cd6587d6 100644 --- a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml @@ -1,7 +1,10 @@ -apiVersion: "extensions/v1beta1" -kind: "ThirdPartyResource" +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: "CustomResourceDefinition" metadata: - name: "migration-status.coreos.com" -description: "Resource to track migrations that have ran for a particular version." -versions: -- name: "v1" \ No newline at end of file + name: "migrationstatuses.kvo.coreos.com" +spec: + group: "tco.coreos.com" + version: "v1" + names: + plural: "migrationstatuses" + kind: "MigrationStatus" diff --git a/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml b/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml index 28a65f286a..a92fa94281 100644 --- a/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml @@ -1,7 +1,10 @@ -apiVersion: "extensions/v1beta1" -kind: "ThirdPartyResource" +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: "CustomResourceDefinition" metadata: - name: "channel-operator-config.coreos.com" -description: "Tectonic Channel Operator Config" -versions: - - name: "v1" \ No newline at end of file + name: "channeloperatorconfigs.tco.coreos.com" +spec: + group: "tco.coreos.com" + version: "v1" + names: + plural: "channeloperatorconfigs" + kind: "ChannelOperatorConfig" From b2a33955bc844572d0bf11ffddd99a8f3507ccd0 Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Wed, 16 Aug 2017 16:23:39 -0700 Subject: [PATCH 25/46] Documentation: fix documentation that is breaking PRs --- Documentation/variables/aws.md | 2 +- Documentation/variables/azure.md | 2 +- examples/terraform.tfvars.aws | 2 +- examples/terraform.tfvars.azure | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Documentation/variables/aws.md b/Documentation/variables/aws.md index 715dc2961b..eaa6cba806 100644 --- a/Documentation/variables/aws.md +++ b/Documentation/variables/aws.md @@ -8,7 +8,7 @@ This document gives an overview of variables used in the AWS platform of the Tec |------|-------------|:----:|:-----:| | tectonic_autoscaling_group_extra_tags | (optional) Extra AWS tags to be applied to created autoscaling group resources. This is a list of maps having the keys `key`, `value` and `propagate_at_launch`.

    Example: `[ { key = "foo", value = "bar", propagate_at_launch = true } ]` | list | `` | | tectonic_aws_config_version | (internal) This declares the version of the AWS configuration variables. It has no impact on generated assets but declares the version contract of the configuration. | string | `1.0` | -| tectonic_aws_etcd_ec2_type | Instance size for the etcd node(s). Example: `t2.medium`. Read the [etcd recommended hardware] (https://coreos.com/etcd/docs/latest/op-guide/hardware.html) guide for best performance | string | `t2.medium` | +| tectonic_aws_etcd_ec2_type | Instance size for the etcd node(s). Example: `t2.medium`. Read the [etcd recommended hardware](https://coreos.com/etcd/docs/latest/op-guide/hardware.html) guide for best performance | string | `t2.medium` | | tectonic_aws_etcd_extra_sg_ids | (optional) List of additional security group IDs for etcd nodes.

    Example: `["sg-51530134", "sg-b253d7cc"]` | list | `` | | tectonic_aws_etcd_root_volume_iops | The amount of provisioned IOPS for the root block device of etcd nodes. | string | `100` | | tectonic_aws_etcd_root_volume_size | The size of the volume in gigabytes for the root block device of etcd nodes. | string | `30` | diff --git a/Documentation/variables/azure.md b/Documentation/variables/azure.md index 03a3a2a63d..16da30a995 100644 --- a/Documentation/variables/azure.md +++ b/Documentation/variables/azure.md @@ -20,7 +20,7 @@ This document gives an overview of variables used in the Azure platform of the T | tectonic_azure_external_resource_group | (optional) Name of an external resource group to place created resources in. Leave blank to have a new one created. | string | `` | | tectonic_azure_external_vnet_id | (optional) Resource ID of an existing Virtual Network to launch nodes into. Leave blank to create a new Virtual Network.

    Note this is the complete ID as returned in the "id" field by the Azure client, not just the name of the resource.

    Example: /subscriptions/b520eabf-d6c0-4757-8a5e-0fa7d2fe12b5/resourceGroups/my-k8s-cluster/providers/Microsoft.Network/virtualNetworks/my-k8s-vnet | string | `` | | tectonic_azure_external_worker_subnet_id | (optional) Subnet ID within an existing VNet to deploy worker nodes into. Required to use an existing VNet.

    Note this is the complete ID as returned in the "id" field by the Azure client, not just the name of the resource.

    Example: "/subscriptions/b520eabf-d6c0-4757-8a5e-0fa7d2fe12b5/resourceGroups/my-k8s-cluster/providers/Microsoft.Network/virtualNetworks/test-pre-vnet/subnets/my-k8s-subnet | string | `` | -| tectonic_azure_extra_tags | (optional) A map of extra Azure tags to be applied to created resources. [CAVEAT] Tags MUST NOT contain reserved characters '<,>,%,&,\,?,/' or control characters. | map | `` | +| tectonic_azure_extra_tags | (optional) A map of extra Azure tags to be applied to created resources. NOTE: Tags MUST NOT contain reserved characters '<,>,%,&,\,?,/' or control characters. | map | `` | | tectonic_azure_location | An Azure location where the cluster will be built. | string | - | | tectonic_azure_master_storage_type | (optional) Storage account type for the master node(s). Example: Premium_LRS. Using Premium storage is constrained by the of instance specified in 'tectonic_azure_master_vm_size'. See https://docs.microsoft.com/en-us/azure/storage/storage-premium-storage#supported-vms | string | `Premium_LRS` | | tectonic_azure_master_vm_size | (optional) Instance size for the master node(s). Example: Standard_DS2_v2. | string | `Standard_DS2_v2` | diff --git a/examples/terraform.tfvars.aws b/examples/terraform.tfvars.aws index 2e61064a86..dfaee32b1e 100644 --- a/examples/terraform.tfvars.aws +++ b/examples/terraform.tfvars.aws @@ -18,7 +18,7 @@ tectonic_admin_password_hash = "" // Example: `[ { key = "foo", value = "bar", propagate_at_launch = true } ]` // tectonic_autoscaling_group_extra_tags = "" -// Instance size for the etcd node(s). Example: `t2.medium`. Read the [etcd recommended hardware] (https://coreos.com/etcd/docs/latest/op-guide/hardware.html) guide for best performance +// Instance size for the etcd node(s). Example: `t2.medium`. Read the [etcd recommended hardware](https://coreos.com/etcd/docs/latest/op-guide/hardware.html) guide for best performance tectonic_aws_etcd_ec2_type = "t2.medium" // (optional) List of additional security group IDs for etcd nodes. diff --git a/examples/terraform.tfvars.azure b/examples/terraform.tfvars.azure index 9e7f827b13..74de9965bc 100644 --- a/examples/terraform.tfvars.azure +++ b/examples/terraform.tfvars.azure @@ -98,7 +98,7 @@ tectonic_azure_client_secret = "" // tectonic_azure_external_worker_subnet_id = "" // (optional) A map of extra Azure tags to be applied to created resources. -// [CAVEAT] Tags MUST NOT contain reserved characters '<,>,%,&,\,?,/' or control characters. +// NOTE: Tags MUST NOT contain reserved characters '<,>,%,&,\,?,/' or control characters. // tectonic_azure_extra_tags = "" // An Azure location where the cluster will be built. From f8e87f1b74860e5f064dc368e7ee2e46e2053cbf Mon Sep 17 00:00:00 2001 From: Quentin MACHU Date: Wed, 16 Aug 2017 16:45:57 -0700 Subject: [PATCH 26/46] config.tf: update update channel to tectonic-1.7-production --- Documentation/variables/config.md | 2 +- config.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/variables/config.md b/Documentation/variables/config.md index 57e638ad60..a010ecb6ae 100644 --- a/Documentation/variables/config.md +++ b/Documentation/variables/config.md @@ -36,7 +36,7 @@ This document gives an overview of variables used in all platforms of the Tecton | tectonic_service_cidr | This declares the IP range to assign Kubernetes service cluster IPs in CIDR notation. The maximum size of this IP range is /12 | string | `10.3.0.0/16` | | tectonic_stats_url | The Tectonic statistics collection URL to which to report. | string | `https://stats-collector.tectonic.com` | | tectonic_update_app_id | (internal) The Tectonic Omaha update App ID | string | `6bc7b986-4654-4a0f-94b3-84ce6feb1db4` | -| tectonic_update_channel | (internal) The Tectonic Omaha update channel | string | `tectonic-1.6` | +| tectonic_update_channel | (internal) The Tectonic Omaha update channel | string | `tectonic-1.7-production` | | tectonic_update_server | (internal) The URL of the Tectonic Omaha update server | string | `https://tectonic.update.core-os.net` | | tectonic_vanilla_k8s | If set to true, a vanilla Kubernetes cluster will be deployed, omitting any Tectonic assets. | string | `false` | | tectonic_versions | (internal) Versions of the components to use | map | `` | diff --git a/config.tf b/config.tf index 40f2508da5..48ec4c8112 100644 --- a/config.tf +++ b/config.tf @@ -256,7 +256,7 @@ variable "tectonic_update_server" { variable "tectonic_update_channel" { type = "string" - default = "tectonic-1.6" + default = "tectonic-1.7-production" description = "(internal) The Tectonic Omaha update channel" } From 596fd963cc0a09241be96e113e1a347cec1b8d2d Mon Sep 17 00:00:00 2001 From: Yifan Gu Date: Wed, 16 Aug 2017 17:04:30 -0700 Subject: [PATCH 27/46] make-update-payload.sh: Include AppVersion's metadata in desired versions. This copies the appversion's metadata in the payload so we can decide whether to create an appversion by looking at its annotation in the payload. --- modules/update-payload/make-update-payload.sh | 4 ++-- modules/update-payload/payload.json | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/modules/update-payload/make-update-payload.sh b/modules/update-payload/make-update-payload.sh index 808284df31..cf495b1752 100755 --- a/modules/update-payload/make-update-payload.sh +++ b/modules/update-payload/make-update-payload.sh @@ -98,13 +98,13 @@ for f in ${ASSETS_DIR}/app_versions/*.yaml; do fi tmpfile=$(mktemp /tmp/desiredVersion.XXXXXX) # shellcheck disable=SC2086 - name=$(yaml2json < ${f} | jq .metadata.name) + metadata=$(yaml2json < ${f} | jq .metadata) # shellcheck disable=SC2086 desiredVersion=$(yaml2json < ${f} | jq .status.currentVersion) # shellcheck disable=SC2086 cat < ${tmpfile} { - "name": ${name}, + "metadata": ${metadata}, "version": ${desiredVersion} } EOF diff --git a/modules/update-payload/payload.json b/modules/update-payload/payload.json index 5b54e6e074..68a755e075 100644 --- a/modules/update-payload/payload.json +++ b/modules/update-payload/payload.json @@ -311,11 +311,23 @@ "version": "1.7.1+tectonic.1" }, { - "name": "tectonic-etcd", + "metadata": { + "labels": { + "managed-by-channel-operator": "true" + }, + "name": "tectonic-etcd", + "namespace": "tectonic-system" + }, "version": "0.0.1" }, { - "name": "tectonic-monitoring", + "metadata": { + "labels": { + "managed-by-channel-operator": "true" + }, + "name": "tectonic-monitoring", + "namespace": "tectonic-system" + }, "version": "1.4.1" } ] From 35c5377237a64b635343dc9dc7226f72ef5526bc Mon Sep 17 00:00:00 2001 From: Erik Stidham Date: Wed, 9 Aug 2017 14:13:59 -0500 Subject: [PATCH 28/46] Update Calico to v2.4.1 - Updating image versions - Updating RBAC - Add liveness and readiness probes --- config.tf | 4 +-- .../resources/manifests/kube-calico.yaml | 29 +++++++++++++++++-- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/config.tf b/config.tf index 56dd8f2248..451ab6afff 100644 --- a/config.tf +++ b/config.tf @@ -29,8 +29,8 @@ variable "tectonic_container_images" { alertmanager = "quay.io/prometheus/alertmanager:v0.7.1" awscli = "quay.io/coreos/awscli:025a357f05242fdad6a81e8a6b520098aa65a600" bootkube = "quay.io/coreos/bootkube:v0.5.0" - calico = "quay.io/calico/node:v1.3.0" - calico_cni = "quay.io/calico/cni:v1.9.1-4-g23fcd5f" + calico = "quay.io/calico/node:v2.4.1" + calico_cni = "quay.io/calico/cni:v1.10.0" config_reload = "quay.io/coreos/configmap-reload:v0.0.1" container_linux_update_operator = "quay.io/coreos/container-linux-update-operator:v0.2.2" console = "quay.io/coreos/tectonic-console:v1.8.6" diff --git a/modules/net/calico-network-policy/resources/manifests/kube-calico.yaml b/modules/net/calico-network-policy/resources/manifests/kube-calico.yaml index 0ae2ba593e..2897239e09 100644 --- a/modules/net/calico-network-policy/resources/manifests/kube-calico.yaml +++ b/modules/net/calico-network-policy/resources/manifests/kube-calico.yaml @@ -1,6 +1,6 @@ # Calico Kubernetes Datastore Hosted Install # Calico policy-only with user-supplied networking -# http://docs.projectcalico.org/v2.2/getting-started/kubernetes/installation/hosted/kubernetes-datastore/ +# http://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubernetes-datastore/ # # This ConfigMap is used to configure a self-hosted Calico installation. apiVersion: v1 @@ -10,7 +10,7 @@ metadata: namespace: kube-system data: # The CNI network configuration to install on each node. - # http://docs.projectcalico.org/v2.2/reference/cni-plugin/configuration + # http://docs.projectcalico.org/v2.4/reference/cni-plugin/configuration # https://github.com/containernetworking/cni/blob/master/SPEC.md#network-configuration # depends on flannel to perform networking cni_network_config: |- @@ -86,18 +86,24 @@ rules: - apiGroups: ["projectcalico.org"] resources: - globalconfigs + - globalbgpconfigs verbs: - create - get - list - update - watch + - apiGroups: ["projectcalico.org"] + resources: + - globalbgppeers + verbs: + - get + - list - apiGroups: ["projectcalico.org"] resources: - ippools verbs: - create - - delete - get - list - update @@ -174,6 +180,9 @@ spec: # Don't enable BGP. - name: CALICO_NETWORKING_BACKEND value: "none" + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: "tectonic,canal" # Disable file logging so `kubectl logs` works. - name: CALICO_DISABLE_FILE_LOGGING value: "true" @@ -192,6 +201,8 @@ spec: # Enable IPIP - name: CALICO_IPV4POOL_IPIP value: "always" + - name: FELIX_HEALTHENABLED + value: "true" # Set based on the k8s node name. - name: NODENAME valueFrom: @@ -205,6 +216,18 @@ spec: resources: requests: cpu: 250m + livenessProbe: + httpGet: + path: /liveness + port: 9099 + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /readiness + port: 9099 + periodSeconds: 10 volumeMounts: - mountPath: /var/run/calico name: var-run-calico From afddbf53e2f69532a76ac9bc46387ee97c0618b2 Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Thu, 17 Aug 2017 14:34:52 -0700 Subject: [PATCH 29/46] modules/tectonic: fix CRD API group This commit fixes the API group of the Migration Status CRD. The correct API group is `kvo.coreos.com`. The incorrect group was causing the Tectonic systemd unit to fail to bring up all the components. --- .../resources/manifests/updater/migration-status-kind.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml index d4cd6587d6..546baa04e9 100644 --- a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: name: "migrationstatuses.kvo.coreos.com" spec: - group: "tco.coreos.com" + group: "kvo.coreos.com" version: "v1" names: plural: "migrationstatuses" From 202e4737d92330b2a62e311f7c5e457dd2e43af6 Mon Sep 17 00:00:00 2001 From: Yifan Gu Date: Thu, 17 Aug 2017 15:19:58 -0700 Subject: [PATCH 30/46] make-update-payload.sh Fix the payload for kubernetes desired version. --- modules/update-payload/make-update-payload.sh | 4 ++-- modules/update-payload/payload.json | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/update-payload/make-update-payload.sh b/modules/update-payload/make-update-payload.sh index cf495b1752..9ecef6be0a 100755 --- a/modules/update-payload/make-update-payload.sh +++ b/modules/update-payload/make-update-payload.sh @@ -79,13 +79,13 @@ kubernetes_appversion="app-version-kubernetes.yaml" f="${ASSETS_DIR}/app_versions/${kubernetes_appversion}" tmpfile=$(mktemp /tmp/desiredVersion.XXXXXX) # shellcheck disable=SC2086 -name=$(yaml2json < ${f} | jq .metadata.name) +metadata=$(yaml2json < ${f} | jq .metadata) # shellcheck disable=SC2086 desiredVersion=$(yaml2json < ${f} | jq .status.currentVersion) # shellcheck disable=SC2086 cat < ${tmpfile} { - "name": ${name}, + "metadata": ${metadata}, "version": ${desiredVersion} } EOF diff --git a/modules/update-payload/payload.json b/modules/update-payload/payload.json index 68a755e075..d5d4b5d151 100644 --- a/modules/update-payload/payload.json +++ b/modules/update-payload/payload.json @@ -307,7 +307,13 @@ ], "desiredVersions": [ { - "name": "kubernetes", + "metadata": { + "labels": { + "managed-by-channel-operator": "true" + }, + "name": "kubernetes", + "namespace": "tectonic-system" + }, "version": "1.7.1+tectonic.1" }, { From 621fd37d2de1dc594fbff8292bd6665c5e3e7ac2 Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Thu, 17 Aug 2017 16:11:25 -0700 Subject: [PATCH 31/46] Revert "modules/tectonic: fix CRD API group" This reverts commit afddbf53e2f69532a76ac9bc46387ee97c0618b2. --- .../resources/manifests/updater/migration-status-kind.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml index 546baa04e9..d4cd6587d6 100644 --- a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: name: "migrationstatuses.kvo.coreos.com" spec: - group: "kvo.coreos.com" + group: "tco.coreos.com" version: "v1" names: plural: "migrationstatuses" From e79c79cd4fe769dd5a880cf146ea1333669fab6d Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Thu, 17 Aug 2017 16:11:31 -0700 Subject: [PATCH 32/46] Revert "modules/tectonic/resources/manifests/updater: Change all AppVersion TPRs to CRDs." This reverts commit ae7907f8620247515a4bd13729ab2b414cc55f16. --- .../manifests/updater/app-version-kind.yaml | 15 ++++++--------- .../app_versions/app-version-kubernetes.yaml | 2 +- .../app-version-tectonic-cluster.yaml | 2 +- .../app_versions/app-version-tectonic-etcd.yaml | 2 +- .../app-version-tectonic-monitoring.yaml | 2 +- .../manifests/updater/migration-status-kind.yaml | 15 ++++++--------- .../updater/tectonic-channel-operator-kind.yaml | 15 ++++++--------- 7 files changed, 22 insertions(+), 31 deletions(-) diff --git a/modules/tectonic/resources/manifests/updater/app-version-kind.yaml b/modules/tectonic/resources/manifests/updater/app-version-kind.yaml index ebcd04e9eb..33fd020a6e 100644 --- a/modules/tectonic/resources/manifests/updater/app-version-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/app-version-kind.yaml @@ -1,10 +1,7 @@ -apiVersion: "apiextensions.k8s.io/v1beta1" -kind: "CustomResourceDefinition" +apiVersion: "extensions/v1beta1" +kind: "ThirdPartyResource" metadata: - name: "appversions.tco.coreos.com" -spec: - group: "tco.coreos.com" - version: "v1" - names: - plural: "appversions" - kind: "AppVersion" + name: "app-version.coreos.com" +description: "An experimental specification for Tectonic components' versions" +versions: + - name: "v1" \ No newline at end of file diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml index f05d0cd2a9..1dfe83d670 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-kubernetes.yaml @@ -1,4 +1,4 @@ -apiVersion: tco.coreos.com/v1 +apiVersion: coreos.com/v1 kind: AppVersion metadata: name: kubernetes diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml index 82cefbd5b3..f9ea8b7648 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-cluster.yaml @@ -1,4 +1,4 @@ -apiVersion: tco.coreos.com/v1 +apiVersion: coreos.com/v1 kind: AppVersion metadata: name: tectonic-cluster diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml index 1159409208..5fe1f26684 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-etcd.yaml @@ -1,4 +1,4 @@ -apiVersion: tco.coreos.com/v1 +apiVersion: coreos.com/v1 kind: AppVersion metadata: name: tectonic-etcd diff --git a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml index e9c2366a98..15bd6ae2cb 100644 --- a/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml +++ b/modules/tectonic/resources/manifests/updater/app_versions/app-version-tectonic-monitoring.yaml @@ -1,4 +1,4 @@ -apiVersion: tco.coreos.com/v1 +apiVersion: coreos.com/v1 kind: AppVersion metadata: name: tectonic-monitoring diff --git a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml index d4cd6587d6..cecad4043c 100644 --- a/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/migration-status-kind.yaml @@ -1,10 +1,7 @@ -apiVersion: "apiextensions.k8s.io/v1beta1" -kind: "CustomResourceDefinition" +apiVersion: "extensions/v1beta1" +kind: "ThirdPartyResource" metadata: - name: "migrationstatuses.kvo.coreos.com" -spec: - group: "tco.coreos.com" - version: "v1" - names: - plural: "migrationstatuses" - kind: "MigrationStatus" + name: "migration-status.coreos.com" +description: "Resource to track migrations that have ran for a particular version." +versions: +- name: "v1" \ No newline at end of file diff --git a/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml b/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml index a92fa94281..28a65f286a 100644 --- a/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml +++ b/modules/tectonic/resources/manifests/updater/tectonic-channel-operator-kind.yaml @@ -1,10 +1,7 @@ -apiVersion: "apiextensions.k8s.io/v1beta1" -kind: "CustomResourceDefinition" +apiVersion: "extensions/v1beta1" +kind: "ThirdPartyResource" metadata: - name: "channeloperatorconfigs.tco.coreos.com" -spec: - group: "tco.coreos.com" - version: "v1" - names: - plural: "channeloperatorconfigs" - kind: "ChannelOperatorConfig" + name: "channel-operator-config.coreos.com" +description: "Tectonic Channel Operator Config" +versions: + - name: "v1" \ No newline at end of file From 5fdfe446711368484edddf5c8770f295aee16af2 Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Thu, 17 Aug 2017 16:20:48 -0700 Subject: [PATCH 33/46] Revert "Use kubernetes version for anti-affinity." This reverts commit 6a37f2e365094165254679d3cac100ab7e20f143. --- modules/bootkube/assets.tf | 2 +- .../resources/manifests/kube-controller-manager.yaml | 9 ++------- modules/bootkube/resources/manifests/kube-scheduler.yaml | 9 ++------- 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf index 8623771d55..b518ed953c 100644 --- a/modules/bootkube/assets.tf +++ b/modules/bootkube/assets.tf @@ -106,7 +106,7 @@ resource "template_dir" "bootkube" { etcd_client_cert = "${base64encode(data.template_file.etcd_client_crt.rendered)}" etcd_client_key = "${base64encode(data.template_file.etcd_client_key.rendered)}" - kubernetes_version = "${var.versions["kubernetes"]}" + tectonic_version = "${var.versions["tectonic"]}" master_count = "${var.master_count}" node_monitor_grace_period = "${var.node_monitor_grace_period}" diff --git a/modules/bootkube/resources/manifests/kube-controller-manager.yaml b/modules/bootkube/resources/manifests/kube-controller-manager.yaml index 50aa92aa04..b1d49d0633 100644 --- a/modules/bootkube/resources/manifests/kube-controller-manager.yaml +++ b/modules/bootkube/resources/manifests/kube-controller-manager.yaml @@ -17,7 +17,7 @@ spec: labels: tier: control-plane k8s-app: kube-controller-manager - pod-anti-affinity: kube-controller-manager-${kubernetes_version} + pod-anti-affinity: kube-controller-manager-${tectonic_version} annotations: scheduler.alpha.kubernetes.io/critical-pod: "" spec: @@ -26,7 +26,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - pod-anti-affinity: kube-controller-manager-${kubernetes_version} + pod-anti-affinity: kube-controller-manager-${tectonic_version} namespaces: - kube-system topologyKey: kubernetes.io/hostname @@ -67,11 +67,6 @@ spec: securityContext: runAsNonRoot: true runAsUser: 65534 - selector: - matchLabels: - k8s-app: kube-controller-manager - pod-anti-affinity: kube-controller-manager-${kubernetes_version} - tier: control-plane tolerations: - key: "CriticalAddonsOnly" operator: "Exists" diff --git a/modules/bootkube/resources/manifests/kube-scheduler.yaml b/modules/bootkube/resources/manifests/kube-scheduler.yaml index 88914d8e83..62dca2a550 100644 --- a/modules/bootkube/resources/manifests/kube-scheduler.yaml +++ b/modules/bootkube/resources/manifests/kube-scheduler.yaml @@ -17,7 +17,7 @@ spec: labels: tier: control-plane k8s-app: kube-scheduler - pod-anti-affinity: kube-scheduler-${kubernetes_version} + pod-anti-affinity: kube-scheduler-${tectonic_version} annotations: scheduler.alpha.kubernetes.io/critical-pod: "" spec: @@ -26,7 +26,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - pod-anti-affinity: kube-scheduler-${kubernetes_version} + pod-anti-affinity: kube-scheduler-${tectonic_version} namespaces: - kube-system topologyKey: kubernetes.io/hostname @@ -48,11 +48,6 @@ spec: securityContext: runAsNonRoot: true runAsUser: 65534 - selector: - matchLabels: - k8s-app: kube-scheduler - pod-anti-affinity: kube-scheduler-${kubernetes_version} - tier: control-plane tolerations: - key: "CriticalAddonsOnly" operator: "Exists" From 408604bb70950516497512973cb5e2b37bb8994a Mon Sep 17 00:00:00 2001 From: hasbro17 Date: Mon, 14 Aug 2017 13:46:56 -0700 Subject: [PATCH 34/46] *: separate etcd-operators, self-hosted vs as a service --- modules/bootkube/assets.tf | 9 ++-- .../manifests/etcd-operator.yaml | 0 modules/tectonic/assets.tf | 1 + .../manifests/etcd/etcd-operator.yaml | 42 +++++++++++++++++++ modules/tectonic/resources/tectonic.sh | 4 ++ 5 files changed, 50 insertions(+), 6 deletions(-) rename modules/bootkube/resources/{ => experimental}/manifests/etcd-operator.yaml (100%) create mode 100644 modules/tectonic/resources/manifests/etcd/etcd-operator.yaml diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf index b518ed953c..723ec536bb 100644 --- a/modules/bootkube/assets.tf +++ b/modules/bootkube/assets.tf @@ -4,8 +4,9 @@ resource "template_dir" "experimental" { destination_dir = "./generated/experimental" vars { - etcd_service_ip = "${cidrhost(var.service_cidr, 15)}" - kenc_image = "${var.container_images["kenc"]}" + etcd_operator_image = "${var.container_images["etcd_operator"]}" + etcd_service_ip = "${cidrhost(var.service_cidr, 15)}" + kenc_image = "${var.container_images["kenc"]}" etcd_ca_cert = "${base64encode(data.template_file.etcd_ca_cert_pem.rendered)}" @@ -55,10 +56,6 @@ resource "template_dir" "bootkube" { kubednsmasq_image = "${var.container_images["kubednsmasq"]}" kubedns_sidecar_image = "${var.container_images["kubedns_sidecar"]}" - // The etcd operator should always be deployed, even if k8s etcd is *not* - // self-hosted. This was cluster users can still manage hosted clusters. - etcd_operator_image = "${var.container_images["etcd_operator"]}" - # Choose the etcd endpoints to use. # 1. If experimental mode is enabled (self-hosted etcd), then use # var.etcd_service_ip. diff --git a/modules/bootkube/resources/manifests/etcd-operator.yaml b/modules/bootkube/resources/experimental/manifests/etcd-operator.yaml similarity index 100% rename from modules/bootkube/resources/manifests/etcd-operator.yaml rename to modules/bootkube/resources/experimental/manifests/etcd-operator.yaml diff --git a/modules/tectonic/assets.tf b/modules/tectonic/assets.tf index b9f40a9086..53bcdb5c8d 100644 --- a/modules/tectonic/assets.tf +++ b/modules/tectonic/assets.tf @@ -22,6 +22,7 @@ resource "template_dir" "tectonic" { node_exporter_image = "${var.container_images["node_exporter"]}" kube_state_metrics_image = "${var.container_images["kube_state_metrics"]}" prometheus_operator_image = "${var.container_images["prometheus_operator"]}" + etcd_operator_image = "${var.container_images["etcd_operator"]}" tectonic_monitoring_auth_image = "${var.container_images["tectonic_monitoring_auth"]}" prometheus_image = "${var.container_images["prometheus"]}" prometheus_config_reload_image = "${var.container_images["prometheus_config_reload"]}" diff --git a/modules/tectonic/resources/manifests/etcd/etcd-operator.yaml b/modules/tectonic/resources/manifests/etcd/etcd-operator.yaml new file mode 100644 index 0000000000..c3cd6b9ba0 --- /dev/null +++ b/modules/tectonic/resources/manifests/etcd/etcd-operator.yaml @@ -0,0 +1,42 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + k8s-app: etcd-operator + name: etcd-operator + namespace: tectonic-system +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 1 + replicas: 1 + template: + metadata: + labels: + k8s-app: etcd-operator + spec: + containers: + - env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: HOME + value: /tmp + image: ${etcd_operator_image} + name: etcd-operator + nodeSelector: + node-role.kubernetes.io/master: "" + securityContext: + runAsNonRoot: true + runAsUser: 65534 + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule diff --git a/modules/tectonic/resources/tectonic.sh b/modules/tectonic/resources/tectonic.sh index cd23612efc..1613ecc8e2 100755 --- a/modules/tectonic/resources/tectonic.sh +++ b/modules/tectonic/resources/tectonic.sh @@ -201,6 +201,10 @@ kubectl create -f monitoring/tectonic-monitoring-auth-prometheus-deployment.yaml kubectl create -f monitoring/tectonic-monitoring-auth-prometheus-svc.yaml kubectl create -f monitoring/tectonic-monitoring-ingress.yaml +echo "Creating Etcd Operator" +# Operator in the tectonic-system namespace used for etcd as a service +kubectl create -f etcd/etcd-operator.yaml + echo "Creating Heapster / Stats Emitter" kubectl create -f heapster/service.yaml kubectl create -f heapster/deployment.yaml From 3e0d3546a50bc9b2736a07b750acb764290d93a2 Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Wed, 16 Aug 2017 18:09:04 -0700 Subject: [PATCH 35/46] modules/tectonic/resources: pin components to masters This commit pins the identity, ingress, and console components to master nodes and configures them with `preferred` anti-affinity to promote HA configurations. --- .../manifests/console/deployment.yaml | 15 ++++++++ .../manifests/identity/deployment.yaml | 35 +++++++++++++------ .../ingress/default-backend/deployment.yaml | 17 ++++++++- .../ingress/nodeport/deployment.yaml | 15 ++++++++ 4 files changed, 71 insertions(+), 11 deletions(-) diff --git a/modules/tectonic/resources/manifests/console/deployment.yaml b/modules/tectonic/resources/manifests/console/deployment.yaml index e0d415626c..d386a5297d 100644 --- a/modules/tectonic/resources/manifests/console/deployment.yaml +++ b/modules/tectonic/resources/manifests/console/deployment.yaml @@ -25,6 +25,15 @@ spec: component: ui name: tectonic-console spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + k8s-app: tectonic-console + topologyKey: kubernetes.io/hostname containers: - command: - /opt/bridge/bin/bridge @@ -163,3 +172,9 @@ spec: - name: tectonic-identity-grpc-client-secret secret: secretName: tectonic-identity-grpc-client-secret + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" diff --git a/modules/tectonic/resources/manifests/identity/deployment.yaml b/modules/tectonic/resources/manifests/identity/deployment.yaml index 7ee7a2ef1b..f59f4c1af7 100644 --- a/modules/tectonic/resources/manifests/identity/deployment.yaml +++ b/modules/tectonic/resources/manifests/identity/deployment.yaml @@ -23,16 +23,15 @@ spec: k8s-app: tectonic-identity component: identity spec: - volumes: - - name: config - configMap: - name: tectonic-identity - items: - - key: config.yaml - path: config.yaml - - name: tectonic-identity-grpc-server-secret - secret: - secretName: tectonic-identity-grpc-server-secret + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + k8s-app: tectonic-identity + topologyKey: kubernetes.io/hostname containers: - name: tectonic-identity imagePullPolicy: IfNotPresent @@ -66,6 +65,22 @@ spec: # private registry. imagePullSecrets: - name: coreos-pull-secret + nodeSelector: + node-role.kubernetes.io/master: "" securityContext: runAsNonRoot: true runAsUser: 65534 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + volumes: + - name: config + configMap: + name: tectonic-identity + items: + - key: config.yaml + path: config.yaml + - name: tectonic-identity-grpc-server-secret + secret: + secretName: tectonic-identity-grpc-server-secret diff --git a/modules/tectonic/resources/manifests/ingress/default-backend/deployment.yaml b/modules/tectonic/resources/manifests/ingress/default-backend/deployment.yaml index 728d621ea9..da858b0339 100644 --- a/modules/tectonic/resources/manifests/ingress/default-backend/deployment.yaml +++ b/modules/tectonic/resources/manifests/ingress/default-backend/deployment.yaml @@ -10,7 +10,15 @@ spec: labels: k8s-app: default-http-backend spec: - terminationGracePeriodSeconds: 60 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + k8s-app: default-http-backend + topologyKey: kubernetes.io/hostname containers: - name: default-http-backend # Any image is permissable as long as: @@ -35,3 +43,10 @@ spec: memory: 20Mi imagePullSecrets: - name: coreos-pull-secret + nodeSelector: + node-role.kubernetes.io/master: "" + terminationGracePeriodSeconds: 60 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" diff --git a/modules/tectonic/resources/manifests/ingress/nodeport/deployment.yaml b/modules/tectonic/resources/manifests/ingress/nodeport/deployment.yaml index 6bbe5db05d..971c8029e4 100644 --- a/modules/tectonic/resources/manifests/ingress/nodeport/deployment.yaml +++ b/modules/tectonic/resources/manifests/ingress/nodeport/deployment.yaml @@ -16,6 +16,15 @@ spec: component: ingress-controller type: nginx spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + k8s-app: tectonic-lb + topologyKey: kubernetes.io/hostname containers: - name: nginx-ingress-lb image: ${ingress_controller_image} @@ -55,5 +64,11 @@ spec: port: 10254 scheme: HTTP dnsPolicy: ClusterFirst + nodeSelector: + node-role.kubernetes.io/master: "" restartPolicy: Always terminationGracePeriodSeconds: 60 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" From b3e32924b802fc845793a39430e5190d9dfccb90 Mon Sep 17 00:00:00 2001 From: Alex Somesan Date: Fri, 18 Aug 2017 16:48:53 +0200 Subject: [PATCH 36/46] Azure: correct API endpoint FQDN when using external DNS --- modules/azure/vnet/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/azure/vnet/outputs.tf b/modules/azure/vnet/outputs.tf index 43a8ba58c3..d6b12dc596 100644 --- a/modules/azure/vnet/outputs.tf +++ b/modules/azure/vnet/outputs.tf @@ -73,5 +73,5 @@ output "ingress_fqdn" { } output "api_fqdn" { - value = "${azurerm_public_ip.api_ip.fqdn}" + value = "${var.base_domain == "" ? azurerm_public_ip.api_ip.fqdn : "${var.cluster_name}-api.${var.base_domain}"}" } From a8ab3931fd1354af726b14c7c1d6ec8f485d6301 Mon Sep 17 00:00:00 2001 From: German Eichberger Date: Thu, 17 Aug 2017 15:12:46 -0700 Subject: [PATCH 37/46] Users should be able to use port 80 with their installs. We were running a load balancer on port 80 forwarding to 30080 on each worker but the kube-proxy would load balance traffic to port 80 on the other workers. Hence, to support HTTP on port 80 this port needs to be open inside the cluster. --- modules/openstack/secgroups/output.tf | 2 ++ .../openstack/secgroups/rules/k8s_nodes/secgroup.tf | 9 +++++++++ .../openstack/secgroups/rules/k8s_nodes/variables.tf | 7 +++++++ modules/openstack/secgroups/secgroup.tf | 12 ++++++++++++ 4 files changed, 30 insertions(+) create mode 100644 modules/openstack/secgroups/rules/k8s_nodes/secgroup.tf create mode 100644 modules/openstack/secgroups/rules/k8s_nodes/variables.tf diff --git a/modules/openstack/secgroups/output.tf b/modules/openstack/secgroups/output.tf index 1c064fee59..1e809e766b 100644 --- a/modules/openstack/secgroups/output.tf +++ b/modules/openstack/secgroups/output.tf @@ -25,6 +25,8 @@ output "secgroup_node_ids" { value = [ "${openstack_networking_secgroup_v2.base.id}", "${openstack_networking_secgroup_v2.k8s.id}", + "${openstack_networking_secgroup_v2.k8s_nodes.id}", + ] } diff --git a/modules/openstack/secgroups/rules/k8s_nodes/secgroup.tf b/modules/openstack/secgroups/rules/k8s_nodes/secgroup.tf new file mode 100644 index 0000000000..02bca1838f --- /dev/null +++ b/modules/openstack/secgroups/rules/k8s_nodes/secgroup.tf @@ -0,0 +1,9 @@ +resource "openstack_networking_secgroup_rule_v2" "http" { + direction = "ingress" + ethertype = "IPv4" + port_range_min = 80 + port_range_max = 80 + protocol = "tcp" + remote_ip_prefix = "${var.cluster_cidr}" + security_group_id = "${var.secgroup_id}" +} diff --git a/modules/openstack/secgroups/rules/k8s_nodes/variables.tf b/modules/openstack/secgroups/rules/k8s_nodes/variables.tf new file mode 100644 index 0000000000..bea462dbd4 --- /dev/null +++ b/modules/openstack/secgroups/rules/k8s_nodes/variables.tf @@ -0,0 +1,7 @@ +variable "secgroup_id" { + type = "string" +} + +variable "cluster_cidr" { + type = "string" +} diff --git a/modules/openstack/secgroups/secgroup.tf b/modules/openstack/secgroups/secgroup.tf index 299f6d2478..7d8d0eadd9 100644 --- a/modules/openstack/secgroups/secgroup.tf +++ b/modules/openstack/secgroups/secgroup.tf @@ -20,6 +20,18 @@ module "k8s" { cluster_cidr = "${var.cluster_cidr}" } +resource "openstack_networking_secgroup_v2" "k8s_nodes" { + name = "${var.cluster_name}_k8s_nodes" + description = "Ports needed by Kubernetes nodes" + delete_default_rules = true +} + +module "k8s_nodes" { + source = "rules/k8s_nodes" + secgroup_id = "${openstack_networking_secgroup_v2.k8s_nodes.id}" + cluster_cidr = "${var.cluster_cidr}" +} + resource "openstack_networking_secgroup_v2" "etcd" { name = "${var.cluster_name}_etcd" description = "Ports needed by etcd" From aaa69fa77edc885ab4262b82f115009692bdff1a Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Fri, 18 Aug 2017 11:27:21 -0700 Subject: [PATCH 38/46] modules/openstack: terraform fmt openstack --- modules/openstack/secgroups/output.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/openstack/secgroups/output.tf b/modules/openstack/secgroups/output.tf index 1e809e766b..b0178a96b2 100644 --- a/modules/openstack/secgroups/output.tf +++ b/modules/openstack/secgroups/output.tf @@ -26,7 +26,6 @@ output "secgroup_node_ids" { "${openstack_networking_secgroup_v2.base.id}", "${openstack_networking_secgroup_v2.k8s.id}", "${openstack_networking_secgroup_v2.k8s_nodes.id}", - ] } From 0535269158d406c4ab86b7f2cfac08c3aac5ff37 Mon Sep 17 00:00:00 2001 From: Yifan Gu Date: Thu, 17 Aug 2017 18:25:41 -0700 Subject: [PATCH 39/46] module/bootkube: Fix anti-affinity labels / selectors for controller manager and scheduler. The anti-affinity label should match the kubernetes version instead of the tectonic version. The selector of the controller manager and scheduler should not contain the anti-affinity label. --- modules/bootkube/assets.tf | 2 +- .../resources/manifests/kube-controller-manager.yaml | 8 ++++++-- modules/bootkube/resources/manifests/kube-scheduler.yaml | 8 ++++++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/modules/bootkube/assets.tf b/modules/bootkube/assets.tf index 723ec536bb..0d3250e7f4 100644 --- a/modules/bootkube/assets.tf +++ b/modules/bootkube/assets.tf @@ -103,7 +103,7 @@ resource "template_dir" "bootkube" { etcd_client_cert = "${base64encode(data.template_file.etcd_client_crt.rendered)}" etcd_client_key = "${base64encode(data.template_file.etcd_client_key.rendered)}" - tectonic_version = "${var.versions["tectonic"]}" + kubernetes_version = "${replace(var.versions["kubernetes"], "+", "-")}" master_count = "${var.master_count}" node_monitor_grace_period = "${var.node_monitor_grace_period}" diff --git a/modules/bootkube/resources/manifests/kube-controller-manager.yaml b/modules/bootkube/resources/manifests/kube-controller-manager.yaml index b1d49d0633..4c87f16247 100644 --- a/modules/bootkube/resources/manifests/kube-controller-manager.yaml +++ b/modules/bootkube/resources/manifests/kube-controller-manager.yaml @@ -12,12 +12,16 @@ spec: type: RollingUpdate rollingUpdate: maxUnavailable: 0 + selector: + matchLabels: + tier: control-plane + k8s-app: kube-controller-manager template: metadata: labels: tier: control-plane k8s-app: kube-controller-manager - pod-anti-affinity: kube-controller-manager-${tectonic_version} + pod-anti-affinity: kube-controller-manager-${kubernetes_version} annotations: scheduler.alpha.kubernetes.io/critical-pod: "" spec: @@ -26,7 +30,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - pod-anti-affinity: kube-controller-manager-${tectonic_version} + pod-anti-affinity: kube-controller-manager-${kubernetes_version} namespaces: - kube-system topologyKey: kubernetes.io/hostname diff --git a/modules/bootkube/resources/manifests/kube-scheduler.yaml b/modules/bootkube/resources/manifests/kube-scheduler.yaml index 62dca2a550..5da66859d2 100644 --- a/modules/bootkube/resources/manifests/kube-scheduler.yaml +++ b/modules/bootkube/resources/manifests/kube-scheduler.yaml @@ -12,12 +12,16 @@ spec: type: RollingUpdate rollingUpdate: maxUnavailable: 0 + selector: + matchLabels: + tier: control-plane + k8s-app: kube-scheduler template: metadata: labels: tier: control-plane k8s-app: kube-scheduler - pod-anti-affinity: kube-scheduler-${tectonic_version} + pod-anti-affinity: kube-scheduler-${kubernetes_version} annotations: scheduler.alpha.kubernetes.io/critical-pod: "" spec: @@ -26,7 +30,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - pod-anti-affinity: kube-scheduler-${tectonic_version} + pod-anti-affinity: kube-scheduler-${kubernetes_version} namespaces: - kube-system topologyKey: kubernetes.io/hostname From a20f8b3bcf6546b292f3841f0056fa875e6db3a0 Mon Sep 17 00:00:00 2001 From: Andy Pickering Date: Thu, 17 Aug 2017 22:23:43 +0900 Subject: [PATCH 40/46] frontend: Add warning for small pod IP address ranges --- installer/frontend/components/cidr.jsx | 18 ++++---- installer/frontend/components/k8s-cidrs.jsx | 46 ++++++++++++++++++++- 2 files changed, 56 insertions(+), 8 deletions(-) diff --git a/installer/frontend/components/cidr.jsx b/installer/frontend/components/cidr.jsx index 7dfc0f9d24..4b0b3b2571 100644 --- a/installer/frontend/components/cidr.jsx +++ b/installer/frontend/components/cidr.jsx @@ -6,16 +6,20 @@ import { Deselect, Input, WithClusterConfig } from './ui'; import { validate } from '../validate'; import { DESELECTED_FIELDS } from '../cluster-config.js'; +export const cidrSize = cidr => { + if (validate.CIDR(cidr)) { + return null; + } + const [, bits] = cidr.split('/'); + + // JavaScript's bit shifting only works on signed 32bit ints so <<31 would be negative :( + return Math.pow(2, 32 - parseInt(bits, 10)); +}; + const CIDRTooltip = connect( ({clusterConfig}, {field}) => ({clusterConfig: clusterConfig, value: _.get(clusterConfig, field)}) )(({value}) => { - if (validate.CIDR(value)) { - return null; - } - const [, bits] = value.split('/'); - // javascript's bit shifting only works on signed 32bit ints so <<31 - // would be negative :( - const addresses = Math.pow(2, 32 - parseInt(bits, 10)); + const addresses = cidrSize(value); return
    {addresses} IP address{addresses > 1 && 'es'}
    ; }); diff --git a/installer/frontend/components/k8s-cidrs.jsx b/installer/frontend/components/k8s-cidrs.jsx index f4eaf72584..827aad616c 100644 --- a/installer/frontend/components/k8s-cidrs.jsx +++ b/installer/frontend/components/k8s-cidrs.jsx @@ -1,15 +1,59 @@ +import _ from 'lodash'; +import pluralize from 'pluralize'; import React from 'react'; +import { connect } from 'react-redux'; -import { CIDR } from './cidr'; +import { AWS_TF } from '../platforms'; +import { Alert } from './alert'; +import { CIDR, cidrSize } from './cidr'; import { + AWS_CONTROLLERS, + AWS_WORKERS, + NUMBER_OF_INSTANCES, + PLATFORM_TYPE, POD_CIDR, SERVICE_CIDR, } from '../cluster-config'; +const PodRangeWarning = connect( + ({clusterConfig}) => ({clusterConfig}) +)(({clusterConfig}) => { + const size = cidrSize(_.get(clusterConfig, POD_CIDR)); + + // Currently, we only expect to have the node count for AWS because of the wizard screen order + if (!size || clusterConfig[PLATFORM_TYPE] !== AWS_TF) { + return null; + } + + // Flannel assigns a minimum network size of /24 (256 IP addresses) + const maxNodes = Math.floor(size / 256); + + const controllers = _.get(clusterConfig, `${AWS_CONTROLLERS}-${NUMBER_OF_INSTANCES}`, 0); + const workers = _.get(clusterConfig, `${AWS_WORKERS}-${NUMBER_OF_INSTANCES}`, 0); + const nodes = controllers + workers; + const utilization = nodes / maxNodes; + + if (utilization < 0.75) { + return null; + } + + if (utilization > 1) { + return + Pod Range Too Small
    + {maxNodes === 0 ? 'No nodes' : `Only ${maxNodes} of your ${nodes} ${pluralize('node', nodes)}`} can fit within the pod range, since each node requires a minimum of 256 IP addresses. +     ; + } + return + Pod Range Mostly Assigned
    + Only {maxNodes} {pluralize('node', maxNodes)} can fit within the pod range, since each node requires a minimum of 256 IP addresses. You have selected {nodes} {pluralize('node', nodes)}. +     ; +}); + export const KubernetesCIDRs = ({validator}) =>

    Kubernetes

    +
    ; From 55a70e4c33321996ba8a9b376aeba94c49049435 Mon Sep 17 00:00:00 2001 From: Sergiusz Urbaniak Date: Sat, 19 Aug 2017 06:22:28 +0200 Subject: [PATCH 41/46] examples: make tectonic_pull_secret_path clear in examples (#1430) Fixes #172 --- Documentation/variables/config.md | 4 ++-- config.tf | 12 ++++++++++++ examples/terraform.tfvars.aws | 12 ++++++++++++ examples/terraform.tfvars.azure | 12 ++++++++++++ examples/terraform.tfvars.metal | 12 ++++++++++++ examples/terraform.tfvars.openstack-neutron | 12 ++++++++++++ examples/terraform.tfvars.vmware | 12 ++++++++++++ 7 files changed, 74 insertions(+), 2 deletions(-) diff --git a/Documentation/variables/config.md b/Documentation/variables/config.md index a010ecb6ae..0067f2f1f5 100644 --- a/Documentation/variables/config.md +++ b/Documentation/variables/config.md @@ -30,9 +30,9 @@ This document gives an overview of variables used in all platforms of the Tecton | tectonic_etcd_tls_enabled | (optional) If set to `true`, TLS secure communication for self-provisioned etcd. will be used.

    Note: If `tectonic_experimental` is set to `true` this variable has no effect, because the experimental self-hosted etcd always uses TLS. | string | `true` | | tectonic_experimental | If set to true, experimental Tectonic assets are being deployed. | string | `false` | | tectonic_image_re | (internal) Regular expression used to extract repo and tag components | string | `/^([^/]+/[^/]+/[^/]+):(.*)$/` | -| tectonic_license_path | The path to the tectonic licence file.

    Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` | +| tectonic_license_path | The path to the tectonic licence file. You can download the Tectonic license file from your Account overview page at [1].

    [1] https://account.coreos.com/overview

    Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` | | tectonic_master_count | The number of master nodes to be created. This applies only to cloud platforms. | string | `1` | -| tectonic_pull_secret_path | The path the pull secret file in JSON format.

    Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` | +| tectonic_pull_secret_path | The path the pull secret file in JSON format. This is known to be a "Docker pull secret" as produced by the docker login [1] command. A sample JSON content is shown in [2]. You can download the pull secret from your Account overview page at [3].

    [1] https://docs.docker.com/engine/reference/commandline/login/

    [2] https://coreos.com/os/docs/latest/registry-authentication.html#manual-registry-auth-setup

    [3] https://account.coreos.com/overview

    Note: This field MUST be set manually prior to creating the cluster unless `tectonic_vanilla_k8s` is set to `true`. | string | `` | | tectonic_service_cidr | This declares the IP range to assign Kubernetes service cluster IPs in CIDR notation. The maximum size of this IP range is /12 | string | `10.3.0.0/16` | | tectonic_stats_url | The Tectonic statistics collection URL to which to report. | string | `https://stats-collector.tectonic.com` | | tectonic_update_app_id | (internal) The Tectonic Omaha update App ID | string | `6bc7b986-4654-4a0f-94b3-84ce6feb1db4` | diff --git a/config.tf b/config.tf index 63868aff32..3ef26ba572 100644 --- a/config.tf +++ b/config.tf @@ -221,6 +221,15 @@ variable "tectonic_pull_secret_path" { description = < Date: Tue, 27 Jun 2017 16:06:00 -0700 Subject: [PATCH 42/46] Documentation: update lifecycle doc to be more accurate --- Documentation/platform-lifecycle.md | 191 +++++++++++++++++++++------- 1 file changed, 143 insertions(+), 48 deletions(-) diff --git a/Documentation/platform-lifecycle.md b/Documentation/platform-lifecycle.md index efad7364dc..12039f5521 100644 --- a/Documentation/platform-lifecycle.md +++ b/Documentation/platform-lifecycle.md @@ -1,92 +1,187 @@ -## Platform Stability +## Platform Stability Lifecycle + +Each platform is marked as either Pre-Alpha, Alpha, Beta, or Stable. This document outlines the rough criteria for each. +Each lifecycle phase is cumulative and assumes all previous phase criteria are included. -Each platform is marked as either pre-alpha, alpha, beta, or stable. This document outlines the rough criteria for each. ### Pre-Alpha -*Requirements* +Initial platform assets are added to this repository and are undergoing active development. + +*Feature Requirements* + +- None + +*Intended Usage* + +- Developer workflows -- Initial static Terraform assets are added to this repo and underging active development -- No installer integration +*Suitable Environments* + +- Developer sandbox + +*Testing* + +- Manual developer testing *Packaging* - None -*User Flow* +*Support* + +- None + +*Updates Supported* + +- No + +*Docs* + +- None -Development workflows only ### Alpha -- Manually tested and can reliably produce minimally functioning clusters - - Kuberntes API works - - Authenticated Tectonic Console works +Can reliably produce minimally functioning clusters with manual testing. + +*Feature Requirements* + +- Kubernetes API works +- Authenticated Tectonic Console works +- All Kubernetes and Tectonic components function consistently + +*Intended Usage* + +- Developer workflows + +*Suitable Environments* + +- Developer sandbox +- Testing in select environments + +*Testing* + +- Smoke tests pass for one common configuration for all supported releases +- Smoke tests are integrated into testing framework and _can be_ run on pull requests *Packaging* -- Assets are packaged into the official Tectonic Installer tarball with every Tectonic release. +- None + +*Support* + +- Informal + +*Updates Supported* -*User Flow* +- No -1. Manually create `terraform.tfvars` file -1. Use static Terraform assets contained in installer tarball -1. Manually run Terraform +*Docs* + +- Basic developer usage documentation + - README + - General usage + - Platform caveats +- Variable documentation is auto-generated +- Example tfvars file is auto-generated ### Beta -*Requirements* +*Feature Requirements* -- Best practices for platform implemented - - Network security - - Automated testing results are published - - DNS & Load Balancing +- Best practices implemented for platform: + - Network Security + - DNS + - Load Balancing - Generates HA / Multi-AZ infrastructure -- Automated testing results are published - - Kubernetes e2e and conformance tests pass - - Tectonic smoke tests work -- Cloud Provider enabled for the platform -- Tectonic automated updates work -- README documents all customizations -- Two documented platform users +- Cloud Provider enabled for the platform (if applicable) + +*Intended Usage* + +- Developer workflows +- CLI-based install from official release package + +*Suitable Environments* + +- Developer sandboxes +- Development environments +- Pre-production + +*Testing* + +- Smoke, Kubernetes conformance, and Tectonic integration tests are automated to run nightly on master for 3 most common configurations (using appropriate cloud-provider if applicable) +- Smoke, Kubernetes conformance, and Tectonic integration tests pass for 3 most common configurations for all supported releases (using appropriate cloud-provider if applicable) *Packaging* -- Assets are packaged into the official Tectonic Installer tarball with every Tectonic release. -- (Optional) Installer UI is built to guide user through the configuration process. +- Assets are packaged into each official Tectonic Installer release + +*Support* -*User Flow* +- Formal for paying customers +- Informal for non-paying customers -1. Use GUI installer to generate `terraform.tfvars` file, or manually create it. -1. Use static Terraform assets contained in installer tarball -1. Manually run terraform +*Updates Supported* + +- Best effort + +*Docs* + +- User-facing documentation is committed, and covers all topics: + - installation requirements + - installation + - troubleshooting + - un-installation + - all available customizations ### Stable + *Requirements* -- Automated tests pass for all supported releases -- Tectonic Installer UI for platform (optional) +- Adheres 100% to the [generic platform specification](generic-platform.md) +- All manifests are vetted and certified to not significantly diverge from other stable platform manifests, so much that cluster updates are not compromised +- All code follows style and testing guidelines +- (Optional) Tectonic Installer UI built for platform + +*Intended Usage* + +- Developer workflows +- CLI-based install from official release package +- Integration into CI systems +- (Optional) GUI-based install from official release package + +*Suitable Environments* + +- Developer sandboxes +- Development environments +- Pre-production +- Production + +*Testing* + +- Cluster upgrade tests pass for all supported releases *Packaging* -- (Optional) GUI Installer reads Terraform assets -- (Optional) GUI Installer backend runs equivalent of `terraform apply` on behalf of the user via Go client libraries -- (Optional) GUI shows status info and links to Console once complete +- Assets are packaged into each official Tectonic Installer release +- (Optional) GUI Installer performs complete installation flow +- (Optional) GUI Installer is certified by CoreOS UX Team + +*Support* + +- Formal for paying customers +- Informal for non-paying customers -*User Flow* +*Updates Supported* -GUI Only +- Yes -1. Use GUI installer configure cluster -1. Click to provision cluster -1. GUI shows status info -1. Click to go directly to Tectonic Console +*Docs* -Non-GUI +- Documentation is certified by CoreOS Documentation team +- Documentation is published on coreos.com -1. Manually create `terraform.tfvars` file -1. Use static Terraform assets contained in installer tarball -1. Manually run Terraform From 0da6c676f4298f3c2b2d7a863e5e5760b5f81715 Mon Sep 17 00:00:00 2001 From: Sudha Ponnaganti Date: Wed, 16 Aug 2017 13:59:44 -0700 Subject: [PATCH 43/46] Updated config.tf for Tectonic - 1.7.3 Release --- config.tf | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/config.tf b/config.tf index 3ef26ba572..be9507b551 100644 --- a/config.tf +++ b/config.tf @@ -25,37 +25,37 @@ variable "tectonic_container_images" { type = "map" default = { - addon_resizer = "gcr.io/google_containers/addon-resizer:2.0" - alertmanager = "quay.io/prometheus/alertmanager:v0.7.1" + addon_resizer = "gcr.io/google_containers/addon-resizer:2.1" + alertmanager = "quay.io/prometheus/alertmanager:v0.8.0" awscli = "quay.io/coreos/awscli:025a357f05242fdad6a81e8a6b520098aa65a600" - bootkube = "quay.io/coreos/bootkube:v0.5.0" + bootkube = "quay.io/coreos/bootkube:v0.6.1" calico = "quay.io/calico/node:v2.4.1" calico_cni = "quay.io/calico/cni:v1.10.0" config_reload = "quay.io/coreos/configmap-reload:v0.0.1" container_linux_update_operator = "quay.io/coreos/container-linux-update-operator:v0.2.2" - console = "quay.io/coreos/tectonic-console:v1.8.6" + console = "quay.io/coreos/tectonic-console:v1.9.1" error_server = "quay.io/coreos/tectonic-error-server:1.0" etcd = "quay.io/coreos/etcd:v3.1.8" etcd_operator = "quay.io/coreos/etcd-operator:v0.4.2" flannel = "quay.io/coreos/flannel:v0.8.0-amd64" flannel_cni = "quay.io/coreos/flannel-cni:0.1.0" - heapster = "gcr.io/google_containers/heapster:v1.4.0" - hyperkube = "quay.io/coreos/hyperkube:v1.7.2_coreos.0" - identity = "quay.io/coreos/dex:v2.5.0" + heapster = "gcr.io/google_containers/heapster:v1.4.1" + hyperkube = "quay.io/coreos/hyperkube:v1.7.3_coreos.0" + identity = "quay.io/coreos/dex:v2.6.0" ingress_controller = "gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11" kenc = "quay.io/coreos/kenc:0.0.2" kubedns = "gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4" kubednsmasq = "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4" kubedns_sidecar = "gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4" - kube_state_metrics = "quay.io/coreos/kube-state-metrics:v0.5.0" + kube_state_metrics = "quay.io/coreos/kube-state-metrics:v1.0.0" kube_version = "quay.io/coreos/kube-version:0.1.0" kube_version_operator = "quay.io/coreos/kube-version-operator:v1.7.1-kvo.6" node_agent = "quay.io/coreos/node-agent:c021a4959943b63c463410a038efe344939d5455" node_exporter = "quay.io/prometheus/node-exporter:v0.14.0" - pod_checkpointer = "quay.io/coreos/pod-checkpointer:980d1b4b4b8374240c240fb0f85e3a8d9c51663c" + pod_checkpointer = "quay.io/coreos/pod-checkpointer:3517908b1a1837e78cfd041a0e51e61c7835d85f" prometheus = "quay.io/prometheus/prometheus:v1.7.1" prometheus_config_reload = "quay.io/coreos/prometheus-config-reloader:v0.0.2" - prometheus_operator = "quay.io/coreos/prometheus-operator:v0.11.0" + prometheus_operator = "quay.io/coreos/prometheus-operator:v0.11.1" stats_emitter = "quay.io/coreos/tectonic-stats:6e882361357fe4b773adbf279cddf48cb50164c1" stats_extender = "quay.io/coreos/tectonic-stats-extender:487b3da4e175da96dabfb44fba65cdb8b823db2e" tectonic_channel_operator = "quay.io/coreos/tectonic-channel-operator:0.4.1" @@ -70,12 +70,12 @@ variable "tectonic_versions" { type = "map" default = { - alertmanager = "v0.7.1" + alertmanager = "v0.8.0" etcd = "3.1.8" - kubernetes = "1.7.1+tectonic.1" + kubernetes = "1.7.3+tectonic.1" monitoring = "1.4.1" prometheus = "v1.7.1" - tectonic = "1.7.1-tectonic.1" + tectonic = "1.7.3-tectonic.1" tectonic-etcd = "0.0.1" } } From 7179ae16eba8701a074cf6ded6cce0cc1772bd69 Mon Sep 17 00:00:00 2001 From: Lucas Serven Date: Mon, 21 Aug 2017 17:15:40 -0700 Subject: [PATCH 44/46] modules/tectonic/resources: remove creation timestamp from console deployment --- modules/tectonic/resources/manifests/console/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/tectonic/resources/manifests/console/deployment.yaml b/modules/tectonic/resources/manifests/console/deployment.yaml index d386a5297d..2296a0007c 100644 --- a/modules/tectonic/resources/manifests/console/deployment.yaml +++ b/modules/tectonic/resources/manifests/console/deployment.yaml @@ -19,7 +19,6 @@ spec: type: RollingUpdate template: metadata: - creationTimestamp: null labels: k8s-app: tectonic-console component: ui From fdc56acacab368e3b89e3e8b04b80a03f460dbf8 Mon Sep 17 00:00:00 2001 From: Geoff Greer Date: Tue, 22 Aug 2017 10:26:09 -0700 Subject: [PATCH 45/46] frontend: Show error if retry tf apply fails. --- installer/frontend/components/tf-poweron.jsx | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/installer/frontend/components/tf-poweron.jsx b/installer/frontend/components/tf-poweron.jsx index 64d743f8f5..569fab30d8 100644 --- a/installer/frontend/components/tf-poweron.jsx +++ b/installer/frontend/components/tf-poweron.jsx @@ -8,6 +8,7 @@ import { Alert } from './alert'; import { DropdownInline } from './ui'; import { AWS_DomainValidation } from './aws-domain-validation'; import { ResetButton } from './reset-button'; +import { commitPhases } from '../actions'; import { TFDestroy } from '../aws-actions'; import { CLUSTER_NAME, PLATFORM_TYPE, getTectonicDomain } from '../cluster-config'; import { AWS_TF, BARE_METAL_TF } from '../platforms'; @@ -58,7 +59,7 @@ const Step = ({pending, done, error, cancel, children, substep}) => {
    ; }; -const stateToProps = ({cluster, clusterConfig}) => { +const stateToProps = ({cluster, clusterConfig, commitState}) => { const status = cluster.status || {terraform: {}}; const { terraform, tectonic } = status; return { @@ -69,6 +70,7 @@ const stateToProps = ({cluster, clusterConfig}) => { statusMsg: terraform.status ? terraform.status.toLowerCase() : '', }, clusterName: clusterConfig[CLUSTER_NAME], + commitState, isAWS: clusterConfig[PLATFORM_TYPE] === AWS_TF, isBareMetal: clusterConfig[PLATFORM_TYPE] === BARE_METAL_TF, tectonic: tectonic || {}, @@ -187,7 +189,8 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)( } render () { - const {clusterName, isAWS, isBareMetal, terraform, tectonic, tectonicDomain} = this.props; + const {clusterName, commitState, isAWS, isBareMetal, terraform, tectonic, tectonicDomain} = this.props; + const commitPhase = _.get(commitState, 'phase'); const {action, tfError, output, statusMsg} = terraform; const state = this.state; const showLogs = state.showLogs === null ? statusMsg !== 'success' : state.showLogs; @@ -305,6 +308,7 @@ export const TF_PowerOn = connect(stateToProps, dispatchToProps)(
} {state.xhrError && {state.xhrError}} + {commitPhase === commitPhases.FAILED && {commitState.response}} {tfError && {tfError.toString()}} {tfError && !isTFRunning && From a50c4ff27f5ea5a6abd001686fca26cfdc014130 Mon Sep 17 00:00:00 2001 From: Quentin MACHU Date: Tue, 22 Aug 2017 11:03:39 -0700 Subject: [PATCH 46/46] modules/update-payload/payload.json: fix after #1699 --- modules/update-payload/payload.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/update-payload/payload.json b/modules/update-payload/payload.json index d5d4b5d151..838a663529 100644 --- a/modules/update-payload/payload.json +++ b/modules/update-payload/payload.json @@ -1,5 +1,5 @@ { - "version": "1.7.1-tectonic.1", + "version": "1.7.3-tectonic.1", "deployments": [ { "apiVersion": "extensions/v1beta1", @@ -314,7 +314,7 @@ "name": "kubernetes", "namespace": "tectonic-system" }, - "version": "1.7.1+tectonic.1" + "version": "1.7.3+tectonic.1" }, { "metadata": {