Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use etcd cluster name also in apiserver to collect only the matching etcd cluster #46

Merged
merged 6 commits into from
Apr 26, 2023
Merged

use etcd cluster name also in apiserver to collect only the matching etcd cluster #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8691603
set etcd cluster name in main class
rwaffen Apr 18, 2023
8ae0269
add pick to class default, add more docu strings
rwaffen Apr 18, 2023
79283cc
update REFERENCE.md
rwaffen Apr 18, 2023
e9b4f12
add ectd_cluster_name to server class
rwaffen Apr 19, 2023
5879c05
fix bug in pql query
rwaffen Apr 26, 2023
578fc17
fix broken REFERENCE.md after rebase
rwaffen Apr 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
159 changes: 93 additions & 66 deletions REFERENCE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ The following parameters are available in the `k8s` class:
* [`group`](#-k8s--group)
* [`uid`](#-k8s--uid)
* [`gid`](#-k8s--gid)
* [`etcd_cluster_name`](#-k8s--etcd_cluster_name)
* [`native_packaging`](#-k8s--native_packaging)
* [`version`](#-k8s--version)
* [`etcd_version`](#-k8s--etcd_version)
Expand Down Expand Up @@ -204,6 +205,14 @@ group id for kubernetes files and services

Default value: `888`

##### <a name="-k8s--etcd_cluster_name"></a>`etcd_cluster_name`

Data type: `String[1]`

name of the etcd cluster for searching its nodes in the puppetdb

Default value: `'default'`

##### <a name="-k8s--native_packaging"></a>`native_packaging`

Data type: `K8s::Native_packaging`
Expand Down Expand Up @@ -1279,6 +1288,7 @@ The following parameters are available in the `k8s::server` class:
* [`direct_master`](#-k8s--server--direct_master)
* [`dns_service_address`](#-k8s--server--dns_service_address)
* [`ensure`](#-k8s--server--ensure)
* [`etcd_cluster_name`](#-k8s--server--etcd_cluster_name)
* [`etcd_servers`](#-k8s--server--etcd_servers)
* [`firewall_type`](#-k8s--server--firewall_type)
* [`generate_ca`](#-k8s--server--generate_ca)
Expand Down Expand Up @@ -1382,6 +1392,14 @@ set ensure for installation or deinstallation

Default value: `$k8s::ensure`

##### <a name="-k8s--server--etcd_cluster_name"></a>`etcd_cluster_name`

Data type: `String[1]`

name of the etcd cluster for searching its nodes in the puppetdb

Default value: `$k8s::etcd_cluster_name`

##### <a name="-k8s--server--etcd_servers"></a>`etcd_servers`

Data type: `Optional[Array[Stdlib::HTTPUrl]]`
Expand Down Expand Up @@ -1515,6 +1533,7 @@ The following parameters are available in the `k8s::server::apiserver` class:
* [`ensure`](#-k8s--server--apiserver--ensure)
* [`etcd_ca`](#-k8s--server--apiserver--etcd_ca)
* [`etcd_cert`](#-k8s--server--apiserver--etcd_cert)
* [`etcd_cluster_name`](#-k8s--server--apiserver--etcd_cluster_name)
* [`etcd_key`](#-k8s--server--apiserver--etcd_key)
* [`etcd_servers`](#-k8s--server--apiserver--etcd_servers)
* [`firewall_type`](#-k8s--server--apiserver--firewall_type)
Expand Down Expand Up @@ -1630,6 +1649,14 @@ path to the etcd cert file

Default value: `"${cert_path}/etcd.pem"`

##### <a name="-k8s--server--apiserver--etcd_cluster_name"></a>`etcd_cluster_name`

Data type: `String[1]`

name of the etcd cluster for searching its nodes in the puppetdb

Default value: `$k8s::server::etcd_cluster_name`

##### <a name="-k8s--server--apiserver--etcd_key"></a>`etcd_key`

Data type: `Stdlib::Unixpath`
Expand Down Expand Up @@ -1817,161 +1844,161 @@ Sets up an etcd cluster node

The following parameters are available in the `k8s::server::etcd` class:

* [`addn_names`](#-k8s--server--etcd--addn_names)
* [`cert_path`](#-k8s--server--etcd--cert_path)
* [`client_ca_cert`](#-k8s--server--etcd--client_ca_cert)
* [`client_ca_key`](#-k8s--server--etcd--client_ca_key)
* [`cluster_name`](#-k8s--server--etcd--cluster_name)
* [`ensure`](#-k8s--server--etcd--ensure)
* [`version`](#-k8s--server--etcd--version)
* [`manage_setup`](#-k8s--server--etcd--manage_setup)
* [`firewall_type`](#-k8s--server--etcd--firewall_type)
* [`generate_ca`](#-k8s--server--etcd--generate_ca)
* [`manage_certs`](#-k8s--server--etcd--manage_certs)
* [`manage_firewall`](#-k8s--server--etcd--manage_firewall)
* [`manage_members`](#-k8s--server--etcd--manage_members)
* [`cluster_name`](#-k8s--server--etcd--cluster_name)
* [`manage_setup`](#-k8s--server--etcd--manage_setup)
* [`peer_ca_cert`](#-k8s--server--etcd--peer_ca_cert)
* [`peer_ca_key`](#-k8s--server--etcd--peer_ca_key)
* [`puppetdb_discovery_tag`](#-k8s--server--etcd--puppetdb_discovery_tag)
* [`self_signed_tls`](#-k8s--server--etcd--self_signed_tls)
* [`manage_certs`](#-k8s--server--etcd--manage_certs)
* [`generate_ca`](#-k8s--server--etcd--generate_ca)
* [`addn_names`](#-k8s--server--etcd--addn_names)
* [`cert_path`](#-k8s--server--etcd--cert_path)
* [`peer_ca_key`](#-k8s--server--etcd--peer_ca_key)
* [`peer_ca_cert`](#-k8s--server--etcd--peer_ca_cert)
* [`client_ca_key`](#-k8s--server--etcd--client_ca_key)
* [`client_ca_cert`](#-k8s--server--etcd--client_ca_cert)
* [`firewall_type`](#-k8s--server--etcd--firewall_type)
* [`version`](#-k8s--server--etcd--version)
* [`user`](#-k8s--server--etcd--user)
* [`group`](#-k8s--server--etcd--group)

##### <a name="-k8s--server--etcd--ensure"></a>`ensure`

Data type: `K8s::Ensure`



Default value: `'present'`

##### <a name="-k8s--server--etcd--version"></a>`version`

Data type: `String[1]`
##### <a name="-k8s--server--etcd--addn_names"></a>`addn_names`

Data type: `K8s::TLS_altnames`

additional names for certificates

Default value: `pick($k8s::etcd_version, '3.5.1')`

##### <a name="-k8s--server--etcd--manage_setup"></a>`manage_setup`
Default value: `[]`

Data type: `Boolean`
##### <a name="-k8s--server--etcd--cert_path"></a>`cert_path`

Data type: `Stdlib::Unixpath`

path to cert files

Default value: `true`
Default value: `'/var/lib/etcd/certs'`

##### <a name="-k8s--server--etcd--manage_firewall"></a>`manage_firewall`
##### <a name="-k8s--server--etcd--client_ca_cert"></a>`client_ca_cert`

Data type: `Boolean`
Data type: `Stdlib::Unixpath`



Default value: `false`
Default value: `"${cert_path}/client-ca.pem"`

##### <a name="-k8s--server--etcd--manage_members"></a>`manage_members`
##### <a name="-k8s--server--etcd--client_ca_key"></a>`client_ca_key`

Data type: `Boolean`
Data type: `Stdlib::Unixpath`



Default value: `false`
Default value: `"${cert_path}/client-ca.key"`

##### <a name="-k8s--server--etcd--cluster_name"></a>`cluster_name`

Data type: `String[1]`

name of the etcd cluster for searching its nodes in the puppetdb

Default value: `pick($k8s::server::etcd_cluster_name, 'default')`

Default value: `'default'`
##### <a name="-k8s--server--etcd--ensure"></a>`ensure`

##### <a name="-k8s--server--etcd--puppetdb_discovery_tag"></a>`puppetdb_discovery_tag`
Data type: `K8s::Ensure`

Data type: `String[1]`
set ensure for installation or deinstallation

Default value: `'present'`

##### <a name="-k8s--server--etcd--firewall_type"></a>`firewall_type`

Default value: `pick($k8s::server::puppetdb_discovery_tag, $cluster_name)`
Data type: `Optional[K8s::Firewall]`

##### <a name="-k8s--server--etcd--self_signed_tls"></a>`self_signed_tls`
define the type of firewall to use

Data type: `Boolean`
Default value: `$k8s::server::firewall_type`

##### <a name="-k8s--server--etcd--generate_ca"></a>`generate_ca`

Data type: `Boolean`

whether to generate a own ca or not

Default value: `false`

##### <a name="-k8s--server--etcd--manage_certs"></a>`manage_certs`

Data type: `Boolean`


whether to manage certs or not

Default value: `true`

##### <a name="-k8s--server--etcd--generate_ca"></a>`generate_ca`
##### <a name="-k8s--server--etcd--manage_firewall"></a>`manage_firewall`

Data type: `Boolean`


whether to manage firewall or not

Default value: `false`

##### <a name="-k8s--server--etcd--addn_names"></a>`addn_names`

Data type: `K8s::TLS_altnames`

##### <a name="-k8s--server--etcd--manage_members"></a>`manage_members`

Data type: `Boolean`

Default value: `[]`
whether to manage the ectd cluster member joining or not

##### <a name="-k8s--server--etcd--cert_path"></a>`cert_path`
Default value: `false`

Data type: `Stdlib::Unixpath`
##### <a name="-k8s--server--etcd--manage_setup"></a>`manage_setup`

Data type: `Boolean`

whether to manage the setup of etcd or not

Default value: `'/var/lib/etcd/certs'`
Default value: `true`

##### <a name="-k8s--server--etcd--peer_ca_key"></a>`peer_ca_key`
##### <a name="-k8s--server--etcd--peer_ca_cert"></a>`peer_ca_cert`

Data type: `Stdlib::Unixpath`



Default value: `"${cert_path}/peer-ca.key"`
Default value: `"${cert_path}/peer-ca.pem"`

##### <a name="-k8s--server--etcd--peer_ca_cert"></a>`peer_ca_cert`
##### <a name="-k8s--server--etcd--peer_ca_key"></a>`peer_ca_key`

Data type: `Stdlib::Unixpath`



Default value: `"${cert_path}/peer-ca.pem"`

##### <a name="-k8s--server--etcd--client_ca_key"></a>`client_ca_key`

Data type: `Stdlib::Unixpath`
Default value: `"${cert_path}/peer-ca.key"`

##### <a name="-k8s--server--etcd--puppetdb_discovery_tag"></a>`puppetdb_discovery_tag`

Data type: `String[1]`

Default value: `"${cert_path}/client-ca.key"`
enable puppetdb resource searching

##### <a name="-k8s--server--etcd--client_ca_cert"></a>`client_ca_cert`
Default value: `pick($k8s::server::puppetdb_discovery_tag, $cluster_name)`

Data type: `Stdlib::Unixpath`
##### <a name="-k8s--server--etcd--self_signed_tls"></a>`self_signed_tls`

Data type: `Boolean`


Default value: `"${cert_path}/client-ca.pem"`

##### <a name="-k8s--server--etcd--firewall_type"></a>`firewall_type`
Default value: `false`

Data type: `Optional[K8s::Firewall]`
##### <a name="-k8s--server--etcd--version"></a>`version`

Data type: `String[1]`

version of ectd to install

Default value: `$k8s::server::firewall_type`
Default value: `pick($k8s::etcd_version, '3.5.1')`

##### <a name="-k8s--server--etcd--user"></a>`user`

Expand Down
2 changes: 2 additions & 0 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
# @param group groupname for kubernetes files and services
# @param uid user id for kubernetes files and services
# @param gid group id for kubernetes files and services
# @param etcd_cluster_name name of the etcd cluster for searching its nodes in the puppetdb
#
class k8s (
K8s::Ensure $ensure = 'present',
Expand Down Expand Up @@ -65,6 +66,7 @@
Stdlib::IP::Address::Nosubnet $api_service_address = k8s::ip_in_cidr($service_cluster_cidr, 'first'),
K8s::IP_addresses $dns_service_address = k8s::ip_in_cidr($service_cluster_cidr, 'second'),
Stdlib::Fqdn $cluster_domain = 'cluster.local',
String[1] $etcd_cluster_name = 'default',
ananace marked this conversation as resolved.
Show resolved Hide resolved

Enum['node','server','none'] $role = 'none',
Optional[K8s::Firewall] $firewall_type = undef,
Expand Down
5 changes: 4 additions & 1 deletion manifests/server.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
# @param direct_master direct clust API connection
# @param dns_service_address cluster dns service address
# @param ensure set ensure for installation or deinstallation
# @param etcd_cluster_name name of the etcd cluster for searching its nodes in the puppetdb
# @param etcd_servers list etcd servers if no puppetdb is used
# @param firewall_type define the type of firewall to use
# @param generate_ca initially generate ca
Expand Down Expand Up @@ -55,7 +56,9 @@
String[1] $puppetdb_discovery_tag = $k8s::puppetdb_discovery_tag,

Optional[Array[Stdlib::HTTPUrl]] $etcd_servers = undef,
Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
String[1] $etcd_cluster_name = $k8s::etcd_cluster_name,

) {
if $manage_etcd {
class { 'k8s::server::etcd':
Expand Down
20 changes: 12 additions & 8 deletions manifests/server/apiserver.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
# @param ensure set ensure for installation or deinstallation
# @param etcd_ca path to the etcd ca cert file
# @param etcd_cert path to the etcd cert file
# @param etcd_cluster_name name of the etcd cluster for searching its nodes in the puppetdb
# @param etcd_key path to the etcd key file
# @param etcd_servers list etcd servers if no puppetdb is used
# @param firewall_type define the type of firewall to use
Expand Down Expand Up @@ -52,6 +53,7 @@

Stdlib::IP::Address::Nosubnet $advertise_address = fact('networking.ip'),
Optional[K8s::Firewall] $firewall_type = $k8s::server::firewall_type,
String[1] $etcd_cluster_name = $k8s::server::etcd_cluster_name,
) {
assert_private()

Expand All @@ -67,16 +69,18 @@
# Needs the PuppetDB terminus installed
$pql_query = [
'resources[certname,parameters] {',
'type = \'Class\' and',
'title = \'K8s::Server::Etcd::Setup\' and',
'nodes {',
' resources {',
' type = \'Class\' and',
' title = \'K8s::Server::Etcd\' and',
" parameters.puppetdb_discovery_tag = '${puppetdb_discovery_tag}'",
' type = \'Class\' and',
' title = \'K8s::Server::Etcd::Setup\' and',
' nodes {',
' resources {',
' type = \'Class\' and',
' title = \'K8s::Server::Etcd\' and',
" parameters.cluster_name = '${etcd_cluster_name}' and",
" parameters.puppetdb_discovery_tag = '${puppetdb_discovery_tag}'",
' }',
' }',
' order by certname',
'}',
'order by certname }',
].join(' ')

$cluster_nodes = puppetdb_query($pql_query)
Expand Down
Loading