cluster up support for N-1 clusters

openshift · Dec 5, 2017 · 758e387 · 758e387
1 parent 9776370
commit 758e387
Show file tree

Hide file tree

Showing 10 changed files with 563 additions and 101 deletions.
diff --git a/install/templateservicebroker/apiserver-template.yaml b/install/templateservicebroker/apiserver-template.yaml
@@ -47,7 +47,7 @@ objects:
           - "--audit-log-path=-"
           - "--tls-cert-file=/var/serving-cert/tls.crt"
           - "--tls-private-key-file=/var/serving-cert/tls.key"
-          - "--loglevel=${LOGLEVEL}"
+          - "-v=${LOGLEVEL}"
           - "--config=/var/apiserver-config/apiserver-config.yaml"
           ports:
           - containerPort: 8443

diff --git a/install/templateservicebroker/previous/apiserver-template.yaml b/install/templateservicebroker/previous/apiserver-template.yaml
@@ -0,0 +1,126 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: template-service-broker-apiserver
+parameters:
+- name: IMAGE
+  value: openshift/origin:latest
+- name: NAMESPACE
+  value: openshift-template-service-broker
+- name: LOGLEVEL
+  value: "0"
+- name: API_SERVER_CONFIG
+  value: |
+   kind: TemplateServiceBrokerConfig
+   apiVersion: config.templateservicebroker.openshift.io/v1
+   templateNamespaces:
+   - openshift
+- name: NODE_SELECTOR
+  value: "{}"
+objects:
+
+# to create the tsb server
+- apiVersion: extensions/v1beta1
+  kind: DaemonSet
+  metadata:
+    namespace: ${NAMESPACE}
+    name: apiserver
+    labels:
+      apiserver: "true"
+  spec:
+    template:
+      metadata:
+        name: apiserver
+        labels:
+          apiserver: "true"
+      spec:
+        serviceAccountName: apiserver
+        containers:
+        - name: c
+          image: ${IMAGE}
+          imagePullPolicy: IfNotPresent
+          command:
+          - "/usr/bin/openshift"
+          - "start"
+          - "template-service-broker"
+          - "--secure-port=8443"
+          - "--audit-log-path=-"
+          - "--tls-cert-file=/var/serving-cert/tls.crt"
+          - "--tls-private-key-file=/var/serving-cert/tls.key"
+          - "--loglevel=${LOGLEVEL}"
+          - "--config=/var/apiserver-config/apiserver-config.yaml"
+          ports:
+          - containerPort: 8443
+          volumeMounts:
+          - mountPath: /var/serving-cert
+            name: serving-cert
+          - mountPath: /var/apiserver-config
+            name: apiserver-config
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8443
+              scheme: HTTPS
+        nodeSelector: "${{NODE_SELECTOR}}"
+        volumes:
+        - name: serving-cert
+          secret:
+            defaultMode: 420
+            secretName: apiserver-serving-cert
+        - name: apiserver-config
+          configMap:
+            defaultMode: 420
+            name: apiserver-config
+
+# to create the config for the TSB
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    namespace: ${NAMESPACE}
+    name: apiserver-config
+  data:
+    apiserver-config.yaml: ${API_SERVER_CONFIG}
+
+# to be able to assign powers to the process
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    namespace: ${NAMESPACE}
+    name: apiserver
+
+# to be able to expose TSB inside the cluster
+- apiVersion: v1
+  kind: Service
+  metadata:
+    namespace: ${NAMESPACE}
+    name: apiserver
+    annotations:
+      service.alpha.openshift.io/serving-cert-secret-name: apiserver-serving-cert
+  spec:
+    selector:
+      apiserver: "true"
+    ports:
+    - name: https
+      port: 443
+      targetPort: 8443
+
+# This service account will be granted permission to call the TSB.
+# The token for this SA will be provided to the service catalog for
+# use when calling the TSB.
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    namespace: ${NAMESPACE}
+    name: templateservicebroker-client
+
+# This secret will be populated with a copy of the templateservicebroker-client SA's
+# auth token.  Since this secret has a static name, it can be referenced more
+# easily than the auto-generated secret for the service account.
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    namespace: ${NAMESPACE}
+    name: templateservicebroker-client
+    annotations:
+      kubernetes.io/service-account.name: templateservicebroker-client
+  type: kubernetes.io/service-account-token
diff --git a/pkg/oc/bootstrap/bindata.go b/pkg/oc/bootstrap/bindata.go
diff --git a/pkg/oc/bootstrap/docker/openshift/logging.go b/pkg/oc/bootstrap/docker/openshift/logging.go
@@ -92,7 +92,7 @@ func (h *Helper) InstallLogging(f *clientcmd.Factory, publicHostname, loggerHost
 	}
 
 	// Instantiate logging deployer account template
-	err = instantiateTemplate(templateClient.Template(), clientcmd.ResourceMapper(f), nil, OpenshiftInfraNamespace, loggingDeployerAccountTemplate, loggingNamespace, nil, false)
+	err = instantiateTemplate(templateClient.Template(), f, OpenshiftInfraNamespace, loggingDeployerAccountTemplate, loggingNamespace, nil, false)
 	if err != nil {
 		return errors.NewError("cannot instantiate logger accounts").WithCause(err)
 	}
@@ -144,7 +144,7 @@ func (h *Helper) InstallLogging(f *clientcmd.Factory, publicHostname, loggerHost
 		"IMAGE_PREFIX":  fmt.Sprintf("%s-", imagePrefix),
 		"MODE":          "install",
 	}
-	err = instantiateTemplate(templateClient.Template(), clientcmd.ResourceMapper(f), nil, OpenshiftInfraNamespace, loggingDeployerTemplate, loggingNamespace, deployerParams, false)
+	err = instantiateTemplate(templateClient.Template(), f, OpenshiftInfraNamespace, loggingDeployerTemplate, loggingNamespace, deployerParams, false)
 	if err != nil {
 		return errors.NewError("cannot instantiate logging deployer").WithCause(err)
 	}

diff --git a/pkg/oc/bootstrap/docker/openshift/servicecatalog.go b/pkg/oc/bootstrap/docker/openshift/servicecatalog.go
@@ -70,7 +70,7 @@ func (h *Helper) InstallServiceCatalog(f *clientcmd.Factory, configDir, publicMa
 	glog.V(2).Infof("instantiating service catalog template with parameters %v", params)
 
 	// Stands up the service catalog apiserver, etcd, and controller manager
-	err = instantiateTemplate(templateClient.Template(), clientcmd.ResourceMapper(f), nil, OpenshiftInfraNamespace, catalogTemplate, catalogNamespace, params, true)
+	err = instantiateTemplate(templateClient.Template(), f, OpenshiftInfraNamespace, catalogTemplate, catalogNamespace, params, true)
 	if err != nil {
 		return errors.NewError("cannot instantiate service catalog template").WithCause(err)
 	}

diff --git a/pkg/oc/bootstrap/docker/openshift/templateservicebroker.go b/pkg/oc/bootstrap/docker/openshift/templateservicebroker.go
@@ -13,7 +13,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	kapi "k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/kubectl/resource"
 
 	"github.com/openshift/origin/pkg/cmd/util/variable"
 	"github.com/openshift/origin/pkg/oc/bootstrap/docker/errors"
@@ -43,7 +42,7 @@ func (h *Helper) InstallTemplateServiceBroker(f *clientcmd.Factory, imageFormat
 		return errors.NewError("cannot create template service broker project").WithCause(err)
 	}
 
-	if err = instantiateTemplate(templateClient.Template(), clientcmd.ResourceMapper(f), nil, OpenshiftInfraNamespace, tsbRBACTemplateName, tsbNamespace, map[string]string{}, true); err != nil {
+	if err = instantiateTemplate(templateClient.Template(), f, OpenshiftInfraNamespace, tsbRBACTemplateName, tsbNamespace, map[string]string{}, true); err != nil {
 		return errors.NewError("cannot instantiate template service broker permissions").WithCause(err)
 	}
 
@@ -59,7 +58,7 @@ func (h *Helper) InstallTemplateServiceBroker(f *clientcmd.Factory, imageFormat
 	}
 	glog.V(2).Infof("instantiating template service broker template with parameters %v", params)
 
-	if err = instantiateTemplate(templateClient.Template(), clientcmd.ResourceMapper(f), nil, OpenshiftInfraNamespace, tsbAPIServerTemplateName, tsbNamespace, params, true); err != nil {
+	if err = instantiateTemplate(templateClient.Template(), f, OpenshiftInfraNamespace, tsbAPIServerTemplateName, tsbNamespace, params, true); err != nil {
 		return errors.NewError("cannot instantiate template service broker resources").WithCause(err)
 	}
 
@@ -92,20 +91,12 @@ func (h *Helper) RegisterTemplateServiceBroker(f *clientcmd.Factory, configDir s
 	// Register the template broker with the service catalog
 	glog.V(2).Infof("registering the template broker with the service catalog")
 
-	// dynamic mapper is needed to support the broker resource which isn't part of the api.
-	dynamicMapper, dynamicTyper, err := f.UnstructuredObject()
-	dmapper := &resource.Mapper{
-		RESTMapper:   dynamicMapper,
-		ObjectTyper:  dynamicTyper,
-		ClientMapper: resource.ClientMapperFunc(f.UnstructuredClientForMapping),
-	}
-
 	serviceCABytes, err := ioutil.ReadFile(filepath.Join(configDir, "master", "service-signer.crt"))
 	serviceCAString := base64.StdEncoding.EncodeToString(serviceCABytes)
 	if err != nil {
 		return errors.NewError("unable to read service signer cert").WithCause(err)
 	}
-	if err = instantiateTemplate(templateClient.Template(), clientcmd.ResourceMapper(f), dmapper, OpenshiftInfraNamespace, tsbRegistrationTemplateName, tsbNamespace, map[string]string{
+	if err = instantiateTemplate(templateClient.Template(), f, OpenshiftInfraNamespace, tsbRegistrationTemplateName, tsbNamespace, map[string]string{
 		"TSB_NAMESPACE": tsbNamespace,
 		"CA_BUNDLE":     serviceCAString,
 	}, true); err != nil {