From 05ea004f0b294d03132c90d5b3b5d2f0933a2088 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Tue, 7 Jan 2025 10:46:07 +0100 Subject: [PATCH] Changes required for running Gardener in the mini-lab. (#365) Co-authored-by: Robert Volkmann <20912167+robertvolkmann@users.noreply.github.com> --- control-plane/roles/gardener/README.md | 2 ++ control-plane/roles/gardener/defaults/main/virtual_garden.yaml | 3 +++ .../roles/gardener/files/kube-apiserver/templates/_helpers.tpl | 2 +- control-plane/roles/gardener/files/kube-apiserver/values.yaml | 1 + control-plane/roles/gardener/tasks/gardener.yaml | 2 +- control-plane/roles/gardener/tasks/virtual_garden.yaml | 2 +- control-plane/roles/gardener/templates/etcd-values.j2 | 2 +- .../roles/gardener/templates/kube-apiserver-values.j2 | 3 +++ 8 files changed, 13 insertions(+), 4 deletions(-) diff --git a/control-plane/roles/gardener/README.md b/control-plane/roles/gardener/README.md index 83a71529..c31b08da 100644 --- a/control-plane/roles/gardener/README.md +++ b/control-plane/roles/gardener/README.md @@ -50,6 +50,8 @@ The deployment chart is taken from [garden-setup](https://github.com/gardener/ga | ---------------------------------------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | gardener_virtual_api_server_svc_cluster_ip_add | | An integer to "guess" a free IP for the service that allows the soil to internally communicate with the virtual garden | | gardener_virtual_api_server_public_dns | | The DNS domain to reach the virtual garden API server on | +| gardener_virtual_api_server_public_port | | The port on which the virtual garden API server is available | +| gardener_virtual_api_replicas | | The amount of replicas of the virtual garden API server | | gardener_virtual_api_server_healthcheck_static_token | yes | A static token for healthchecking the virtual garden API server | | gardener_etcd_backup_schedule | | The backup schedule for the virtual garden ETCD | | gardener_etcd_snapshot_period | | The snapshot period for the virtual garden ETCD | diff --git a/control-plane/roles/gardener/defaults/main/virtual_garden.yaml b/control-plane/roles/gardener/defaults/main/virtual_garden.yaml index eaa8260c..c20b50d4 100644 --- a/control-plane/roles/gardener/defaults/main/virtual_garden.yaml +++ b/control-plane/roles/gardener/defaults/main/virtual_garden.yaml @@ -1,6 +1,7 @@ --- gardener_virtual_api_server_svc_cluster_ip_add: 20 gardener_virtual_api_server_public_dns: gardener-kube-apiserver.{{ metal_control_plane_ingress_dns }} +gardener_virtual_api_server_public_port: 443 gardener_virtual_api_server_healthcheck_static_token: gardener_etcd_backup_schedule: "0,5,10,15,20,25,30,35,40,45,50,55 * * * *" @@ -15,6 +16,8 @@ gardener_etcd_resources: cpu: 800m memory: 8Gi +gardener_virtual_api_replicas: 3 + gardener_virtual_api_oidc_issuer_url: gardener_virtual_api_oidc_client_id: gardener_virtual_api_oidc_username_claim: diff --git a/control-plane/roles/gardener/files/kube-apiserver/templates/_helpers.tpl b/control-plane/roles/gardener/files/kube-apiserver/templates/_helpers.tpl index 4ade798d..28ff4926 100644 --- a/control-plane/roles/gardener/files/kube-apiserver/templates/_helpers.tpl +++ b/control-plane/roles/gardener/files/kube-apiserver/templates/_helpers.tpl @@ -66,7 +66,7 @@ contexts: clusters: - cluster: certificate-authority-data: {{ .Values.tls.kubeAPIServer.ca.crt | b64enc }} - server: https://{{ .Values.apiServer.hostname }}:443 + server: https://{{ .Values.apiServer.hostname }}:{{ .Values.apiServer.adminKubeconfigPort }} name: garden users: - name: admin diff --git a/control-plane/roles/gardener/files/kube-apiserver/values.yaml b/control-plane/roles/gardener/files/kube-apiserver/values.yaml index 5a33b572..94cada94 100644 --- a/control-plane/roles/gardener/files/kube-apiserver/values.yaml +++ b/control-plane/roles/gardener/files/kube-apiserver/values.yaml @@ -22,6 +22,7 @@ replicas: 3 apiServer: hostname: 127.0.0.1 serviceName: garden-kube-apiserver + adminKubeconfigPort: 443 oidc: issuerURL: diff --git a/control-plane/roles/gardener/tasks/gardener.yaml b/control-plane/roles/gardener/tasks/gardener.yaml index 77ffa1ba..bc684f61 100644 --- a/control-plane/roles/gardener/tasks/gardener.yaml +++ b/control-plane/roles/gardener/tasks/gardener.yaml @@ -68,5 +68,5 @@ delay: 6 until: - lookup('k8s', api_version='apps/v1', kind='Deployment', namespace='garden', resource_name='gardener-apiserver').get('status', {}).get('readyReplicas', 0) >= 1 - - lookup('k8s', api_version='apps/v1', kind='Deployment', namespace='garden', resource_name='garden-kube-apiserver').get('status', {}).get('readyReplicas', 0) >= 3 + - lookup('k8s', api_version='apps/v1', kind='Deployment', namespace='garden', resource_name='garden-kube-apiserver').get('status', {}).get('readyReplicas', 0) >= gardener_virtual_api_replicas - lookup('k8s', api_version='apps/v1', kind='Deployment', namespace='garden', resource_name='gardener-controller-manager').get('status', {}).get('readyReplicas', 0) >= 1 diff --git a/control-plane/roles/gardener/tasks/virtual_garden.yaml b/control-plane/roles/gardener/tasks/virtual_garden.yaml index 0bb41d50..c386e5de 100644 --- a/control-plane/roles/gardener/tasks/virtual_garden.yaml +++ b/control-plane/roles/gardener/tasks/virtual_garden.yaml @@ -46,5 +46,5 @@ - name: Wait for garden-kube-apiserver wait_for: host: "{{ gardener_virtual_api_server_public_dns }}" - port: "443" + port: "{{ gardener_virtual_api_server_public_port }}" timeout: 60 diff --git a/control-plane/roles/gardener/templates/etcd-values.j2 b/control-plane/roles/gardener/templates/etcd-values.j2 index 59639fb8..6319ae2b 100644 --- a/control-plane/roles/gardener/templates/etcd-values.j2 +++ b/control-plane/roles/gardener/templates/etcd-values.j2 @@ -14,7 +14,7 @@ backup: ecs: endpoint: "{{ gardener_backup_infrastructure_secret.endpoint | b64decode }}" accessKeyID: "{{ gardener_backup_infrastructure_secret.accessKeyID | b64decode }}" - secretAccessKey: "{{ gardener_backup_infrastructure_secret.secretAccessKey | b64decode}}" + secretAccessKey: "{{ gardener_backup_infrastructure_secret.secretAccessKey | b64decode }}" {% endif %} {% endif %} diff --git a/control-plane/roles/gardener/templates/kube-apiserver-values.j2 b/control-plane/roles/gardener/templates/kube-apiserver-values.j2 index 418d5b66..b36c5c55 100644 --- a/control-plane/roles/gardener/templates/kube-apiserver-values.j2 +++ b/control-plane/roles/gardener/templates/kube-apiserver-values.j2 @@ -3,9 +3,12 @@ images: apiserver: {{ gardener_virtual_api_server_image_name }}:{{ gardener_virtual_api_server_image_tag }} controllermanager: {{ gardener_virtual_controller_manager_image_name }}:{{ gardener_virtual_controller_manager_image_tag }} +replicas: {{ gardener_virtual_api_replicas }} + apiServer: hostname: {{ gardener_virtual_api_server_public_dns }} serviceName: garden-kube-apiserver + adminKubeconfigPort: {{ gardener_virtual_api_server_public_port }} oidc: issuerURL: {% if gardener_virtual_api_oidc_issuer_url %}{{ gardener_virtual_api_oidc_issuer_url }}{% endif %}