Merge pull request #1291 from hexfusion/etcd_metrics

pkg/asset/tls: add etcd metrics assets
openshift · Mar 5, 2019 · c91cdbc · c91cdbc
2 parents 04516f6 + cb4bbec
commit c91cdbc
Show file tree

Hide file tree

Showing 10 changed files with 330 additions and 8 deletions.
diff --git a/data/data/manifests/bootkube/etcd-service.yaml b/data/data/manifests/bootkube/etcd-service.yaml
@@ -13,3 +13,6 @@ spec:
   - name: etcd
     port: 2379
     protocol: TCP
+  - name: etcd-metrics
+    port: 9979
+    protocol: TCP
diff --git a/.../data/manifests/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.yaml.template b/.../data/manifests/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.yaml.template
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: etcd-metrics-serving-ca
+  namespace: openshift-config
+data:
+  ca-bundle.crt: |
+    {{.EtcdMetricsCaCert | indent 4}}
diff --git a/data/data/manifests/bootkube/openshift-config-secret-etcd-metrics-client.yaml.template b/data/data/manifests/bootkube/openshift-config-secret-etcd-metrics-client.yaml.template
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: etcd-metrics-client
+  namespace: openshift-config
+type: SecretTypeTLS
+data:
+  tls.crt: {{ .EtcdMetricsClientCert }}
+  tls.key: {{ .EtcdMetricsClientKey }}
diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go
@@ -76,6 +76,9 @@ func (a *Bootstrap) Dependencies() []asset.Asset {
 		&tls.EtcdCA{},
 		&tls.EtcdCABundle{},
 		&tls.EtcdClientCertKey{},
+		&tls.EtcdMetricsCABundle{},
+		&tls.EtcdMetricsSignerClientCertKey{},
+		&tls.EtcdMetricsSignerServerCertKey{},
 		&tls.EtcdSignerCertKey{},
 		&tls.EtcdSignerClientCertKey{},
 		&tls.JournalCertKey{},
@@ -384,6 +387,9 @@ func (a *Bootstrap) addParentFiles(dependencies asset.Parents) {
 		&tls.EtcdCA{},
 		&tls.EtcdCABundle{},
 		&tls.EtcdClientCertKey{},
+		&tls.EtcdMetricsCABundle{},
+		&tls.EtcdMetricsSignerClientCertKey{},
+		&tls.EtcdMetricsSignerServerCertKey{},
 		&tls.EtcdSignerCertKey{},
 		&tls.EtcdSignerClientCertKey{},
 		&tls.KubeAPIServerLBCABundle{},

diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go
@@ -61,6 +61,8 @@ func (m *Manifests) Dependencies() []asset.Asset {
 		&tls.RootCA{},
 		&tls.EtcdCA{},
 		&tls.EtcdClientCertKey{},
+		&tls.EtcdMetricsCABundle{},
+		&tls.EtcdMetricsSignerClientCertKey{},
 		&tls.MCSCertKey{},
 
 		&bootkube.KubeCloudConfig{},
@@ -71,6 +73,8 @@ func (m *Manifests) Dependencies() []asset.Asset {
 		&bootkube.KubeSystemConfigmapEtcdServingCA{},
 		&bootkube.KubeSystemConfigmapRootCA{},
 		&bootkube.KubeSystemSecretEtcdClient{},
+		&bootkube.OpenshiftConfigSecretEtcdMetricsClient{},
+		&bootkube.OpenshiftConfigConfigmapEtcdMetricsServingCA{},
 
 		&bootkube.OpenshiftMachineConfigOperator{},
 		&bootkube.EtcdServiceKubeSystem{},
@@ -125,12 +129,16 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 	etcdCA := &tls.EtcdCA{}
 	mcsCertKey := &tls.MCSCertKey{}
 	etcdClientCertKey := &tls.EtcdClientCertKey{}
+	etcdMetricsCABundle := &tls.EtcdMetricsCABundle{}
+	etcdMetricsSignerClientCertKey := &tls.EtcdMetricsSignerClientCertKey{}
 	rootCA := &tls.RootCA{}
 	dependencies.Get(
 		clusterID,
 		installConfig,
 		etcdCA,
 		etcdClientCertKey,
+		etcdMetricsCABundle,
+		etcdMetricsSignerClientCertKey,
 		mcsCertKey,
 		rootCA,
 	)
@@ -145,6 +153,9 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 		EtcdCaCert:                      string(etcdCA.Cert()),
 		EtcdClientCert:                  base64.StdEncoding.EncodeToString(etcdClientCertKey.Cert()),
 		EtcdClientKey:                   base64.StdEncoding.EncodeToString(etcdClientCertKey.Key()),
+		EtcdMetricsCaCert:               string(etcdMetricsCABundle.Cert()),
+		EtcdMetricsClientCert:           base64.StdEncoding.EncodeToString(etcdMetricsSignerClientCertKey.Cert()),
+		EtcdMetricsClientKey:            base64.StdEncoding.EncodeToString(etcdMetricsSignerClientCertKey.Key()),
 		McsTLSCert:                      base64.StdEncoding.EncodeToString(mcsCertKey.Cert()),
 		McsTLSKey:                       base64.StdEncoding.EncodeToString(mcsCertKey.Key()),
 		PullSecretBase64:                base64.StdEncoding.EncodeToString([]byte(installConfig.Config.PullSecret)),
@@ -162,6 +173,8 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 	kubeSystemConfigmapEtcdServingCA := &bootkube.KubeSystemConfigmapEtcdServingCA{}
 	kubeSystemConfigmapRootCA := &bootkube.KubeSystemConfigmapRootCA{}
 	kubeSystemSecretEtcdClient := &bootkube.KubeSystemSecretEtcdClient{}
+	openshiftConfigSecretEtcdMetricsClient := &bootkube.OpenshiftConfigSecretEtcdMetricsClient{}
+	openshiftConfigConfigmapEtcdMetricsServingCA := &bootkube.OpenshiftConfigConfigmapEtcdMetricsServingCA{}
 
 	openshiftMachineConfigOperator := &bootkube.OpenshiftMachineConfigOperator{}
 	etcdServiceKubeSystem := &bootkube.EtcdServiceKubeSystem{}
@@ -175,19 +188,23 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 		kubeSystemConfigmapEtcdServingCA,
 		kubeSystemConfigmapRootCA,
 		kubeSystemSecretEtcdClient,
+		openshiftConfigSecretEtcdMetricsClient,
+		openshiftConfigConfigmapEtcdMetricsServingCA,
 		openshiftMachineConfigOperator,
 		etcdServiceKubeSystem,
 		hostEtcdServiceKubeSystem,
 	)
 	assetData := map[string][]byte{
-		"kube-cloud-config.yaml":                     applyTemplateData(kubeCloudConfig.Files()[0].Data, templateData),
-		"machine-config-server-tls-secret.yaml":      applyTemplateData(machineConfigServerTLSSecret.Files()[0].Data, templateData),
-		"pull.json":                                  applyTemplateData(pull.Files()[0].Data, templateData),
-		"cvo-overrides.yaml":                         applyTemplateData(cVOOverrides.Files()[0].Data, templateData),
-		"host-etcd-service-endpoints.yaml":           applyTemplateData(hostEtcdServiceEndpointsKubeSystem.Files()[0].Data, templateData),
-		"kube-system-configmap-etcd-serving-ca.yaml": applyTemplateData(kubeSystemConfigmapEtcdServingCA.Files()[0].Data, templateData),
-		"kube-system-configmap-root-ca.yaml":         applyTemplateData(kubeSystemConfigmapRootCA.Files()[0].Data, templateData),
-		"kube-system-secret-etcd-client.yaml":        applyTemplateData(kubeSystemSecretEtcdClient.Files()[0].Data, templateData),
+		"kube-cloud-config.yaml":                                  applyTemplateData(kubeCloudConfig.Files()[0].Data, templateData),
+		"machine-config-server-tls-secret.yaml":                   applyTemplateData(machineConfigServerTLSSecret.Files()[0].Data, templateData),
+		"pull.json":                                               applyTemplateData(pull.Files()[0].Data, templateData),
+		"cvo-overrides.yaml":                                      applyTemplateData(cVOOverrides.Files()[0].Data, templateData),
+		"host-etcd-service-endpoints.yaml":                        applyTemplateData(hostEtcdServiceEndpointsKubeSystem.Files()[0].Data, templateData),
+		"kube-system-configmap-etcd-serving-ca.yaml":              applyTemplateData(kubeSystemConfigmapEtcdServingCA.Files()[0].Data, templateData),
+		"kube-system-configmap-root-ca.yaml":                      applyTemplateData(kubeSystemConfigmapRootCA.Files()[0].Data, templateData),
+		"kube-system-secret-etcd-client.yaml":                     applyTemplateData(kubeSystemSecretEtcdClient.Files()[0].Data, templateData),
+		"openshift-config-secret-etcd-metrics-client.yaml":        applyTemplateData(openshiftConfigSecretEtcdMetricsClient.Files()[0].Data, templateData),
+		"openshift-config-configmap-etcd-metrics-serving-ca.yaml": applyTemplateData(openshiftConfigConfigmapEtcdMetricsServingCA.Files()[0].Data, templateData),
 
 		"04-openshift-machine-config-operator.yaml": []byte(openshiftMachineConfigOperator.Files()[0].Data),
 		"etcd-service.yaml":                         []byte(etcdServiceKubeSystem.Files()[0].Data),

diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go
@@ -21,6 +21,9 @@ type bootkubeTemplateData struct {
 	EtcdCaCert                      string
 	EtcdClientCert                  string
 	EtcdClientKey                   string
+	EtcdMetricsCaCert               string
+	EtcdMetricsClientCert           string
+	EtcdMetricsClientKey            string
 	McsTLSCert                      string
 	McsTLSKey                       string
 	PullSecretBase64                string

diff --git a/pkg/asset/targets/targets.go b/pkg/asset/targets/targets.go
@@ -40,6 +40,8 @@ var (
 		&bootkube.OpenshiftMachineConfigOperator{},
 		&bootkube.EtcdServiceKubeSystem{},
 		&bootkube.HostEtcdServiceKubeSystem{},
+		&bootkube.OpenshiftConfigSecretEtcdMetricsClient{},
+		&bootkube.OpenshiftConfigConfigmapEtcdMetricsServingCA{},
 		&openshift.BindingDiscovery{},
 		&openshift.CloudCredsSecret{},
 		&openshift.KubeadminPasswordSecret{},

diff --git a/pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.go b/pkg/asset/templates/content/bootkube/openshift-config-configmap-etcd-metrics-serving-ca.go
@@ -0,0 +1,64 @@
+package bootkube
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/templates/content"
+)
+
+const (
+	openshiftConfigConfigmapEtcdMetricsServingCAFileName = "openshift-config-configmap-etcd-metrics-serving-ca.yaml.template"
+)
+
+var _ asset.WritableAsset = (*OpenshiftConfigConfigmapEtcdMetricsServingCA)(nil)
+
+// OpenshiftConfigConfigmapEtcdMetricsServingCA is the constant to represent contents of openshift-config-configmap-etcd-metrics-serving-ca.yaml.template file.
+type OpenshiftConfigConfigmapEtcdMetricsServingCA struct {
+	FileList []*asset.File
+}
+
+// Dependencies returns all of the dependencies directly needed by the asset
+func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Dependencies() []asset.Asset {
+	return []asset.Asset{}
+}
+
+// Name returns the human-friendly name of the asset.
+func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Name() string {
+	return "OpenshiftConfigConfigmapEtcdMetricsServingCA"
+}
+
+// Generate generates the actual files by this asset
+func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Generate(parents asset.Parents) error {
+	fileName := openshiftConfigConfigmapEtcdMetricsServingCAFileName
+	data, err := content.GetBootkubeTemplate(fileName)
+	if err != nil {
+		return err
+	}
+	t.FileList = []*asset.File{
+		{
+			Filename: filepath.Join(content.TemplateDir, fileName),
+			Data:     []byte(data),
+		},
+	}
+	return nil
+}
+
+// Files returns the files generated by the asset.
+func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Files() []*asset.File {
+	return t.FileList
+}
+
+// Load returns the asset from disk.
+func (t *OpenshiftConfigConfigmapEtcdMetricsServingCA) Load(f asset.FileFetcher) (bool, error) {
+	file, err := f.FetchByName(filepath.Join(content.TemplateDir, openshiftConfigConfigmapEtcdMetricsServingCAFileName))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	t.FileList = []*asset.File{file}
+	return true, nil
+}
diff --git a/pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metrics-client.go b/pkg/asset/templates/content/bootkube/openshift-config-secret-etcd-metrics-client.go
@@ -0,0 +1,64 @@
+package bootkube
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/templates/content"
+)
+
+const (
+	openshiftConfigSecretEtcdMetricsClientFileName = "openshift-config-secret-etcd-metrics-client.yaml.template"
+)
+
+var _ asset.WritableAsset = (*OpenshiftConfigSecretEtcdMetricsClient)(nil)
+
+// OpenshiftConfigSecretEtcdMetricsClient is the constant to represent contents of openshift-config-secret-etcd-metrics-client.yaml.template file.
+type OpenshiftConfigSecretEtcdMetricsClient struct {
+	FileList []*asset.File
+}
+
+// Dependencies returns all of the dependencies directly needed by the asset
+func (t *OpenshiftConfigSecretEtcdMetricsClient) Dependencies() []asset.Asset {
+	return []asset.Asset{}
+}
+
+// Name returns the human-friendly name of the asset.
+func (t *OpenshiftConfigSecretEtcdMetricsClient) Name() string {
+	return "OpenshiftConfigSecretEtcdMetricsClient"
+}
+
+// Generate generates the actual files by this asset
+func (t *OpenshiftConfigSecretEtcdMetricsClient) Generate(parents asset.Parents) error {
+	fileName := openshiftConfigSecretEtcdMetricsClientFileName
+	data, err := content.GetBootkubeTemplate(fileName)
+	if err != nil {
+		return err
+	}
+	t.FileList = []*asset.File{
+		{
+			Filename: filepath.Join(content.TemplateDir, fileName),
+			Data:     []byte(data),
+		},
+	}
+	return nil
+}
+
+// Files returns the files generated by the asset.
+func (t *OpenshiftConfigSecretEtcdMetricsClient) Files() []*asset.File {
+	return t.FileList
+}
+
+// Load returns the asset from disk.
+func (t *OpenshiftConfigSecretEtcdMetricsClient) Load(f asset.FileFetcher) (bool, error) {
+	file, err := f.FetchByName(filepath.Join(content.TemplateDir, openshiftConfigSecretEtcdMetricsClientFileName))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	t.FileList = []*asset.File{file}
+	return true, nil
+}