m/node/allocs: split new package off m/node
The metropolis/node package contains various unrelated things. One of
these things are node-wide allocations of identifiers.
These are moved here to the new metropolis/node/allocs package.
Additionally, the constants are renamed to move the type of identifier
in front.
Change-Id: Ibc841ca64d4450a7054463e6d2d44753a118e07a
Reviewed-on: https://review.monogon.dev/c/monogon/+/4566
Reviewed-by: Tim Windelschmidt <tim@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/node/kubernetes/BUILD.bazel b/metropolis/node/kubernetes/BUILD.bazel
index 3245964..69722b3 100644
--- a/metropolis/node/kubernetes/BUILD.bazel
+++ b/metropolis/node/kubernetes/BUILD.bazel
@@ -21,6 +21,7 @@
"//go/logging",
"//go/net/tinylb",
"//metropolis/node",
+ "//metropolis/node/allocs",
"//metropolis/node/core/consensus",
"//metropolis/node/core/curator/proto/api",
"//metropolis/node/core/curator/watcher",
diff --git a/metropolis/node/kubernetes/apiproxy.go b/metropolis/node/kubernetes/apiproxy.go
index 01990ff..a09796a 100644
--- a/metropolis/node/kubernetes/apiproxy.go
+++ b/metropolis/node/kubernetes/apiproxy.go
@@ -8,7 +8,7 @@
"net"
"source.monogon.dev/go/net/tinylb"
- "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
ipb "source.monogon.dev/metropolis/node/core/curator/proto/api"
"source.monogon.dev/metropolis/node/core/curator/watcher"
"source.monogon.dev/osbase/event/memory"
@@ -39,7 +39,7 @@
},
OnNewUpdated: func(new *ipb.Node) error {
set.Insert(new.Id, &tinylb.SimpleTCPBackend{
- Remote: net.JoinHostPort(new.Status.ExternalAddress, node.KubernetesAPIPort.PortString()),
+ Remote: net.JoinHostPort(new.Status.ExternalAddress, allocs.PortKubernetesAPI.PortString()),
})
val.Set(set.Clone())
return nil
diff --git a/metropolis/node/kubernetes/apiserver.go b/metropolis/node/kubernetes/apiserver.go
index 5471e02..427d059 100644
--- a/metropolis/node/kubernetes/apiserver.go
+++ b/metropolis/node/kubernetes/apiserver.go
@@ -18,7 +18,7 @@
"k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity"
podsecurityadmissionv1 "k8s.io/pod-security-admission/admission/api/v1"
- common "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
"source.monogon.dev/metropolis/node/core/localstorage"
"source.monogon.dev/metropolis/node/kubernetes/pki"
"source.monogon.dev/osbase/fileargs"
@@ -142,7 +142,7 @@
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: s.idCA})),
"--enable-admission-plugins=NodeRestriction",
"--enable-aggregator-routing=true",
- fmt.Sprintf("--secure-port=%d", common.KubernetesAPIPort),
+ fmt.Sprintf("--secure-port=%d", allocs.PortKubernetesAPI),
fmt.Sprintf("--etcd-servers=unix:///%s:0", s.EphemeralConsensusDirectory.ClientSocket.FullPath()),
args.FileOpt("--kubelet-client-certificate", "kubelet-client-cert.pem",
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: s.kubeletClientCert})),
diff --git a/metropolis/node/kubernetes/authproxy/BUILD.bazel b/metropolis/node/kubernetes/authproxy/BUILD.bazel
index 263e846..57d950e 100644
--- a/metropolis/node/kubernetes/authproxy/BUILD.bazel
+++ b/metropolis/node/kubernetes/authproxy/BUILD.bazel
@@ -6,7 +6,7 @@
importpath = "source.monogon.dev/metropolis/node/kubernetes/authproxy",
visibility = ["//visibility:public"],
deps = [
- "//metropolis/node",
+ "//metropolis/node/allocs",
"//metropolis/node/core/identity",
"//metropolis/node/kubernetes/pki",
"//osbase/supervisor",
diff --git a/metropolis/node/kubernetes/authproxy/authproxy.go b/metropolis/node/kubernetes/authproxy/authproxy.go
index 7fdef76..93737ec 100644
--- a/metropolis/node/kubernetes/authproxy/authproxy.go
+++ b/metropolis/node/kubernetes/authproxy/authproxy.go
@@ -20,7 +20,7 @@
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
"source.monogon.dev/metropolis/node/core/identity"
"source.monogon.dev/metropolis/node/kubernetes/pki"
"source.monogon.dev/osbase/supervisor"
@@ -73,7 +73,7 @@
return err
}
- internalAPIServer := net.JoinHostPort("localhost", node.KubernetesAPIPort.PortString())
+ internalAPIServer := net.JoinHostPort("localhost", allocs.PortKubernetesAPI.PortString())
standardProxy := httputil.NewSingleHostReverseProxy(&url.URL{
Scheme: "https",
Host: internalAPIServer,
@@ -119,7 +119,7 @@
clientCAs := x509.NewCertPool()
clientCAs.AddCert(s.Node.ClusterCA())
server := &http.Server{
- Addr: ":" + node.KubernetesAPIWrappedPort.PortString(),
+ Addr: ":" + allocs.PortKubernetesAPIWrapped.PortString(),
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS12,
NextProtos: []string{"h2", "http/1.1"},
diff --git a/metropolis/node/kubernetes/metricsproxy/BUILD.bazel b/metropolis/node/kubernetes/metricsproxy/BUILD.bazel
index 7f89450..186bd57 100644
--- a/metropolis/node/kubernetes/metricsproxy/BUILD.bazel
+++ b/metropolis/node/kubernetes/metricsproxy/BUILD.bazel
@@ -6,7 +6,7 @@
importpath = "source.monogon.dev/metropolis/node/kubernetes/metricsproxy",
visibility = ["//visibility:public"],
deps = [
- "//metropolis/node",
+ "//metropolis/node/allocs",
"//metropolis/node/kubernetes/pki",
"//osbase/supervisor",
"@io_k8s_kubernetes//cmd/kubeadm/app/constants",
diff --git a/metropolis/node/kubernetes/metricsproxy/metricsproxy.go b/metropolis/node/kubernetes/metricsproxy/metricsproxy.go
index 1b98fa8..c098fac 100644
--- a/metropolis/node/kubernetes/metricsproxy/metricsproxy.go
+++ b/metropolis/node/kubernetes/metricsproxy/metricsproxy.go
@@ -17,7 +17,7 @@
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
- "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
"source.monogon.dev/metropolis/node/kubernetes/pki"
"source.monogon.dev/osbase/supervisor"
)
@@ -30,9 +30,9 @@
type kubernetesExporter struct {
Name string
// TargetPort on which this exporter is running.
- TargetPort node.Port
+ TargetPort allocs.Port
// TargetPort on which the unauthenticated exporter should run.
- ListenPort node.Port
+ ListenPort allocs.Port
// ServerName used to verify the tls connection.
ServerName string
}
@@ -42,19 +42,19 @@
{
Name: "kubernetes-scheduler",
TargetPort: constants.KubeSchedulerPort,
- ListenPort: node.MetricsKubeSchedulerListenerPort,
+ ListenPort: allocs.PortMetricsKubeSchedulerListener,
ServerName: "kube-scheduler.local",
},
{
Name: "kubernetes-controller-manager",
TargetPort: constants.KubeControllerManagerPort,
- ListenPort: node.MetricsKubeControllerManagerListenerPort,
+ ListenPort: allocs.PortMetricsKubeControllerManagerListener,
ServerName: "kube-controller-manager.local",
},
{
Name: "kubernetes-apiserver",
- TargetPort: node.KubernetesAPIPort,
- ListenPort: node.MetricsKubeAPIServerListenerPort,
+ TargetPort: allocs.PortKubernetesAPI,
+ ListenPort: allocs.PortMetricsKubeAPIServerListener,
ServerName: "kubernetes",
},
}
diff --git a/metropolis/node/kubernetes/networkpolicy/BUILD.bazel b/metropolis/node/kubernetes/networkpolicy/BUILD.bazel
index 287427e..15fa223 100644
--- a/metropolis/node/kubernetes/networkpolicy/BUILD.bazel
+++ b/metropolis/node/kubernetes/networkpolicy/BUILD.bazel
@@ -8,7 +8,7 @@
visibility = ["//visibility:public"],
deps = [
"//go/logging",
- "//metropolis/node",
+ "//metropolis/node/allocs",
"//osbase/supervisor",
"@io_k8s_api//core/v1:core",
"@io_k8s_client_go//informers",
diff --git a/metropolis/node/kubernetes/networkpolicy/networkpolicy.go b/metropolis/node/kubernetes/networkpolicy/networkpolicy.go
index c43ef40..04a2fcd 100644
--- a/metropolis/node/kubernetes/networkpolicy/networkpolicy.go
+++ b/metropolis/node/kubernetes/networkpolicy/networkpolicy.go
@@ -19,7 +19,7 @@
"k8s.io/kubectl/pkg/scheme"
"source.monogon.dev/go/logging"
- "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
"source.monogon.dev/osbase/supervisor"
)
@@ -75,7 +75,7 @@
eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: c.Kubernetes.CoreV1().Events("")})
recorder := eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: "npc"})
- nft, err := nftctrl.New(recorder, node.LinkGroupK8sPod)
+ nft, err := nftctrl.New(recorder, allocs.LinkGroupK8sPod)
if err != nil {
return fmt.Errorf("failed to create nftables controller: %w", err)
}
diff --git a/metropolis/node/kubernetes/pki/BUILD.bazel b/metropolis/node/kubernetes/pki/BUILD.bazel
index 60121c7..85e0d2f 100644
--- a/metropolis/node/kubernetes/pki/BUILD.bazel
+++ b/metropolis/node/kubernetes/pki/BUILD.bazel
@@ -6,7 +6,7 @@
importpath = "source.monogon.dev/metropolis/node/kubernetes/pki",
visibility = ["//metropolis/node:__subpackages__"],
deps = [
- "//metropolis/node",
+ "//metropolis/node/allocs",
"//metropolis/node/core/consensus",
"//osbase/pki",
"@io_etcd_go_etcd_client_v3//:client",
diff --git a/metropolis/node/kubernetes/pki/kubernetes.go b/metropolis/node/kubernetes/pki/kubernetes.go
index 2d67875..234be44 100644
--- a/metropolis/node/kubernetes/pki/kubernetes.go
+++ b/metropolis/node/kubernetes/pki/kubernetes.go
@@ -26,7 +26,7 @@
"k8s.io/client-go/tools/clientcmd"
configapi "k8s.io/client-go/tools/clientcmd/api"
- common "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
"source.monogon.dev/metropolis/node/core/consensus"
opki "source.monogon.dev/osbase/pki"
)
@@ -225,10 +225,10 @@
// KubernetesAPIEndpointForWorker points Kubernetes workers to connect to a
// locally-running apiproxy, which in turn loadbalances the connection to
// controller nodes running in the cluster.
- KubernetesAPIEndpointForWorker = KubernetesAPIEndpoint(fmt.Sprintf("https://127.0.0.1:%d", common.KubernetesWorkerLocalAPIPort))
+ KubernetesAPIEndpointForWorker = KubernetesAPIEndpoint(fmt.Sprintf("https://127.0.0.1:%d", allocs.PortKubernetesWorkerLocalAPI))
// KubernetesAPIEndpointForController points Kubernetes controllers to connect to
// the locally-running API server.
- KubernetesAPIEndpointForController = KubernetesAPIEndpoint(fmt.Sprintf("https://127.0.0.1:%d", common.KubernetesAPIPort))
+ KubernetesAPIEndpointForController = KubernetesAPIEndpoint(fmt.Sprintf("https://127.0.0.1:%d", allocs.PortKubernetesAPI))
)
// KubeconfigRaw emits a Kubeconfig for a given set of certificates, private key,
diff --git a/metropolis/node/kubernetes/service_worker.go b/metropolis/node/kubernetes/service_worker.go
index 5e28788..0eb6435 100644
--- a/metropolis/node/kubernetes/service_worker.go
+++ b/metropolis/node/kubernetes/service_worker.go
@@ -16,7 +16,7 @@
"k8s.io/client-go/tools/clientcmd"
"source.monogon.dev/go/net/tinylb"
- "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
"source.monogon.dev/metropolis/node/core/localstorage"
"source.monogon.dev/metropolis/node/core/metrics"
"source.monogon.dev/metropolis/node/core/network"
@@ -66,7 +66,7 @@
// available apiservers, and Kubernetes components do not implement client-side
// load-balancing.
err := supervisor.Run(ctx, "apiproxy", func(ctx context.Context) error {
- lis, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", node.KubernetesWorkerLocalAPIPort))
+ lis, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", allocs.PortKubernetesWorkerLocalAPI))
if err != nil {
return fmt.Errorf("failed to listen: %w", err)
}
@@ -95,7 +95,7 @@
ClusterDomain: s.c.ClusterDomain,
KubeletDirectory: &s.c.Root.Data.Kubernetes.Kubelet,
EphemeralDirectory: &s.c.Root.Ephemeral,
- ClusterDNS: []net.IP{node.ContainerDNSIP},
+ ClusterDNS: []net.IP{allocs.IPContainerDNS},
}
// Gather all required material to send over for certficiate issuance to the
@@ -229,16 +229,16 @@
// //metropolis/node/core/roleserve/worker_kubernetes.go.
s.c.Network.DNS.SetHandler("kubernetes", dnsService)
- if err := s.c.Network.AddLoopbackIP(node.ContainerDNSIP); err != nil {
+ if err := s.c.Network.AddLoopbackIP(allocs.IPContainerDNS); err != nil {
return fmt.Errorf("failed to add local IP for container DNS: %w", err)
}
defer func() {
- if err := s.c.Network.ReleaseLoopbackIP(node.ContainerDNSIP); err != nil {
+ if err := s.c.Network.ReleaseLoopbackIP(allocs.IPContainerDNS); err != nil {
supervisor.Logger(ctx).Errorf("Failed to release local IP for container DNS: %v", err)
}
}()
runDNSListener := func(ctx context.Context) error {
- return s.c.Network.DNS.RunListenerAddr(ctx, net.JoinHostPort(node.ContainerDNSIP.String(), "53"))
+ return s.c.Network.DNS.RunListenerAddr(ctx, net.JoinHostPort(allocs.IPContainerDNS.String(), "53"))
}
kvmDevicePlugin := kvmdevice.Plugin{