Merge pull request #28 from vshn/fixes/controlplane_split

Improvements for split control plane

.github/workflows/build.yml

@@ -9,17 +9,10 @@ on:
       - master
 
 jobs:
-  vshnpostgresql:
+  vshnall:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
 
-      - name: Run vshnpostgresql
-        run: make vshnpostgresql
-  vshnredis:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Run vshnredis
-        run: make vshnredis
+      - name: Run vshnall
+        run: make vshnall

Makefile

@@ -17,8 +17,17 @@ include kind/kind.mk
 appcat-apiserver: vshnpostgresql ## Install appcat-apiserver dependencies
 
 .PHONY: vshnall
+vshnall: vcluster=true
 vshnall: vshnpostgresql vshnredis
 
+.PHONY: converged
+converged: vcluster=false
+converged: vshnpostgresql vshnredis
+
+.PHONY: vcluster
+vcluster: vcluster=true
+vcluster: vshnall
+
 .PHONY: vshnpostgresql
 vshnpostgresql: shared-setup stackgres-setup ## Install vshn postgres dependencies
 
@@ -107,6 +116,12 @@ minio-setup: kind-storage ## Install Minio Crossplane implementation
 	kubectl apply -f minio/gui-ingress.yaml
 	kubectl create ns syn-crossplane || true
 	kubectl apply -f minio/credentials.yaml
+	if $(vcluster); then \
+		$(vcluster_bin) connect controlplane --namespace vcluster; \
+		kubectl create ns syn-crossplane || true ; \
+		kubectl apply -f minio/credentials.yaml ; \
+		$(vcluster_bin) disconnect; \
+	fi
 	@echo -e "***\n*** Installed minio in http://minio.127.0.0.1.nip.io:8088\n***"
 	@echo -e "***\n*** use with mc:\n mc alias set localnip http://minio.127.0.0.1.nip.io:8088 minioadmin minioadmin\n***"
 	@echo -e "***\n*** console access http://minio-gui.127.0.0.1.nip.io:8088\n***"
@@ -191,7 +206,10 @@ $(metallb_sentinel):
 		--for=condition=ready pod \
 		--selector=app=metallb \
 		--timeout=90s
-	kubectl apply -f metallb/config.yaml
+	HOSTIP=$$(docker inspect kindev-control-plane | jq -r '.[0].NetworkSettings.Networks.kind.Gateway') && \
+	export range="$${HOSTIP}00-$${HOSTIP}50" && \
+	cat metallb/config.yaml | cat metallb/config.yaml| yq 'select(document_index == 0) | .spec.addresses = [strenv(range)]' | kubectl apply -f -
+	cat metallb/config.yaml | cat metallb/config.yaml| yq 'select(document_index == 1)' | kubectl apply -f -
 	touch $@
 
 komoplane-setup: $(komoplane_sentinel) ## Install komoplane crossplane troubleshooter
@@ -281,22 +299,31 @@ $(vcluster_bin): | $(go_bin)
 
 .PHONY: vcluster-setup
 vcluster-setup: export KUBECONFIG = $(KIND_KUBECONFIG)
-vcluster-setup: install-vcluster-bin
-	if $(vcluster); then \
-		$(vcluster_bin) create controlplane --namespace vcluster --connect=false -f vclusterconfig/values.yaml || true; \
+vcluster-setup: install-vcluster-bin metallb-setup
+	if ! ($(vcluster_bin) list | grep controlplane ) && $(vcluster) ; then \
+		$(vcluster_bin) create controlplane --namespace vcluster --connect=false -f vclusterconfig/values.yaml --expose ; \
+		kubectl apply -f vclusterconfig/ingress.yaml; \
+		$(vcluster_bin) connect controlplane --namespace vcluster --print --server=https://vcluster.127.0.0.1.nip.io:8443 > .kind/vcluster-config; \
+		kubectl -n ingress-nginx patch deployment ingress-nginx-controller --type "json" -p '[{"op":"add","path":"/spec/template/spec/containers/0/args/-","value":"--enable-ssl-passthrough"}]'; \
 	fi
 
 .PHONY: vcluster-in-cluster-kubeconfig
 vcluster-in-cluster-kubeconfig: export KUBECONFIG = $(KIND_KUBECONFIG) ## Prints out a kubeconfig for use within the main cluster
 vcluster-in-cluster-kubeconfig:
 	@export KUBECONFIG=$(KIND_KUBECONFIG) ; \
-	$(vcluster_bin) connect controlplane --namespace vcluster --print | yq '.clusters[0].cluster.server = "https://controlplane.vcluster"'
+	$(vcluster_bin) connect controlplane --namespace vcluster --print --server=https://controlplane.vcluster | yq
 
 .PHONY: vcluster-local-cluster-kubeconfig
 vcluster-local-cluster-kubeconfig: export KUBECONFIG = $(KIND_KUBECONFIG) ## Prints out a kubeconfig for use on the local machine
 vcluster-local-cluster-kubeconfig:
 	@export KUBECONFIG=$(KIND_KUBECONFIG) ; \
-	$(vcluster_bin) connect controlplane --namespace vcluster --print | yq
+	$(vcluster_bin) connect controlplane --namespace vcluster --print --server=https://vcluster.127.0.0.1.nip.io:8443 | yq
+
+.PHONY: vcluster-host-kubeconfig
+vcluster-host-kubeconfig: export KUBECONFIG = $(KIND_KUBECONFIG) ## Prints out the kube config to connect from the vcluster to the host cluster
+vcluster-host-kubeconfig:
+	@export KUBECONFIG=$(KIND_KUBECONFIG) ; \
+	cat .kind/kind-config | yq '.clusters[0].cluster.server = "https://kubernetes-host.default.svc"' | yq '.clusters[0].cluster.insecure-skip-tls-verify = true' | yq 'del(.clusters[0].cluster.certificate-authority-data)'
 
 .PHONY: vcluster-clean
 vcluster-clean: ## If you break Crossplane hard enough just remove the whole vcluster

README.md

@@ -38,6 +38,7 @@ Currently following apps are configured to use the ingress:
 - [Komoplane](https://github.com/komodorio/komoplane) (make komoplane-setup): http://komoplane.127.0.0.1.nip.io:8088/
 - Forgejo: http://forgejo.127.0.0.1.nip.io:8088/
 - ArgoCD: http://argocd.127.0.0.1.nip.io:8088/
+- Vcluster: https://vcluster.127.0.0.1.nip.io:8443/
 
 For minio access from the localhost just use this alias:
 
@@ -49,12 +50,13 @@ Minio console access: http://minio-gui.127.0.0.1.nip.io:8088
 
 ## Vcluster
 
-To toggle the vcluster support please use `-e vcluster=true`. Any make target that has support for the vcluster will then automatically use the vcluster.
+`vshnall` will now run in a non-converged setup by default. If you want to have a converged setup, please run the target `converged`.
 
 There are also some helper targets for the vcluster:
 * vcluster-clean: will remove the vluster. Helpful if Crossplane broke completely
+* vcluster-host-kubeconfig: generates a kubeconfig that points from the vcluster to the host cluster. Used mainly for development in the component.
 * vcluster-in-cluster-kubeconfig: generates a kubeconfig that can be used from within the main cluster. E.g. when deploying the controller or sli-exporter so it can connect to the control plane.
-* vcluster-local-cluster-kubeconfig: same as the above, but will point to the vcluster proxy endpoint. Useful for debugging purpose.
+* vcluster-local-cluster-kubeconfig: same as the above, but will point to the vcluster ingress endpoint. Useful for development as claims need to be applied to the service instance.
 
 ### How to use it in make
 

metallb/config.yaml

@@ -6,7 +6,7 @@ metadata:
   namespace: metallb-system
 spec:
   addresses:
-  - 172.18.0.200-172.18.0.250
+  - 172.19.0.200-172.19.0.250 # examples, correct range will be injected via make
 ---
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement

vclusterconfig/ingress.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    # We need the ingress to pass through ssl traffic to the vCluster
+    # This only works for the nginx-ingress (enable via --enable-ssl-passthrough
+    # https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough )
+    # for other ingress controllers please check their respective documentation.
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  name: vcluster
+  namespace: vcluster
+spec:
+  ingressClassName: nginx # use your ingress class name
+  rules:
+  - host: vcluster.127.0.0.1.nip.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: controlplane
+            port:
+              number: 443
+        path: /
+        pathType: ImplementationSpecific

vclusterconfig/values.yaml

@@ -1,6 +1,16 @@
 # Vcluster uses sqlite by default and basically just dies with our dev env
 controlPlane:
+  proxy:
+    extraSANs:
+    - vcluster.127.0.0.1.nip.io
   backingStore:
     etcd:
       deploy:
         enabled: true
+networking:
+  replicateServices:
+    fromHost:
+    - from: minio/minio-server
+      to: minio/minio-server
+    - from: default/kubernetes
+      to: default/kubernetes-host