Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61 / . / metropolis / node / kubernetes / service.go
blob: bd0d21152762a919a5f484dfe4fd7e453501e1a9 [file] [log] [blame]
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]1// Copyright 2020 The Monogon Project Authors.
2//
3// SPDX-License-Identifier: Apache-2.0
4//
5// Licensed under the Apache License, Version 2.0 (the "License");
6// you may not use this file except in compliance with the License.
7// You may obtain a copy of the License at
8//
9// http://www.apache.org/licenses/LICENSE-2.0
10//
11// Unless required by applicable law or agreed to in writing, software
12// distributed under the License is distributed on an "AS IS" BASIS,
13// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14// See the License for the specific language governing permissions and
15// limitations under the License.
16
17package kubernetes
18
19import (
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]20 "context"
Serge Bazanskidbfc6382020-06-19 20:35:43 +0200[diff] [blame]21 "fmt"
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]22 "net"
Serge Bazanskidbfc6382020-06-19 20:35:43 +0200[diff] [blame]23 "os"
Lorenz Brunb15abad2020-04-16 11:17:12 +0200[diff] [blame]24 "time"
25
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]26 "google.golang.org/grpc/codes"
27 "google.golang.org/grpc/status"
Lorenz Brunf042e6f2020-06-24 16:46:09 +0200[diff] [blame]28 "k8s.io/client-go/informers"
Lorenz Brunb15abad2020-04-16 11:17:12 +0200[diff] [blame]29 "k8s.io/client-go/kubernetes"
Lorenz Brunf042e6f2020-06-24 16:46:09 +0200[diff] [blame]30 "k8s.io/client-go/tools/clientcmd"
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]31
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]32 "source.monogon.dev/metropolis/node/core/localstorage"
33 "source.monogon.dev/metropolis/node/core/network/dns"
34 "source.monogon.dev/metropolis/node/kubernetes/clusternet"
35 "source.monogon.dev/metropolis/node/kubernetes/nfproxy"
36 "source.monogon.dev/metropolis/node/kubernetes/pki"
Lorenz Brun4e090352021-03-17 17:44:41 +0100[diff] [blame^]37 "source.monogon.dev/metropolis/node/kubernetes/plugins/kvmdevice"
Serge Bazanski31370b02021-01-07 16:31:14 +0100[diff] [blame]38 "source.monogon.dev/metropolis/node/kubernetes/reconciler"
39 "source.monogon.dev/metropolis/pkg/supervisor"
40 apb "source.monogon.dev/metropolis/proto/api"
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]41)
42
43type Config struct {
44 AdvertiseAddress net.IP
45 ServiceIPRange net.IPNet
46 ClusterNet net.IPNet
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]47
Serge Bazanski9411f7c2021-03-10 13:12:53 +0100[diff] [blame]48 KPKI *pki.PKI
Lorenz Brunfa5c2fc2020-09-28 13:32:12 +0200[diff] [blame]49 Root *localstorage.Root
50 CorednsRegistrationChan chan *dns.ExtraDirective
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]51}
52
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]53type Service struct {
Serge Bazanski967be212020-11-02 11:26:59 +0100[diff] [blame]54 c Config
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]55}
Serge Bazanskidbfc6382020-06-19 20:35:43 +0200[diff] [blame]56
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]57func New(c Config) *Service {
58 s := &Service{
59 c: c,
60 }
61 return s
62}
63
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]64func (s *Service) Run(ctx context.Context) error {
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]65 controllerManagerConfig, err := getPKIControllerManagerConfig(ctx, s.c.KPKI)
66 if err != nil {
67 return fmt.Errorf("could not generate controller manager pki config: %w", err)
68 }
69 controllerManagerConfig.clusterNet = s.c.ClusterNet
70 schedulerConfig, err := getPKISchedulerConfig(ctx, s.c.KPKI)
71 if err != nil {
72 return fmt.Errorf("could not generate scheduler pki config: %w", err)
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]73 }
Serge Bazanskidbfc6382020-06-19 20:35:43 +0200[diff] [blame]74
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]75 masterKubeconfig, err := s.c.KPKI.Kubeconfig(ctx, pki.Master)
76 if err != nil {
77 return fmt.Errorf("could not generate master kubeconfig: %w", err)
78 }
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]79
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]80 rawClientConfig, err := clientcmd.NewClientConfigFromBytes(masterKubeconfig)
81 if err != nil {
82 return fmt.Errorf("could not generate kubernetes client config: %w", err)
83 }
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]84
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]85 clientConfig, err := rawClientConfig.ClientConfig()
86 clientSet, err := kubernetes.NewForConfig(clientConfig)
87 if err != nil {
88 return fmt.Errorf("could not generate kubernetes client: %w", err)
89 }
90
91 informerFactory := informers.NewSharedInformerFactory(clientSet, 5*time.Minute)
92
93 hostname, err := os.Hostname()
94 if err != nil {
95 return fmt.Errorf("failed to get hostname: %w", err)
96 }
97
Lorenz Brun339582b2020-07-29 18:13:35 +0200[diff] [blame]98 dnsHostIP := s.c.AdvertiseAddress // TODO: Which IP to use
99
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]100 apiserver := &apiserverService{
101 KPKI: s.c.KPKI,
102 AdvertiseAddress: s.c.AdvertiseAddress,
103 ServiceIPRange: s.c.ServiceIPRange,
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]104 EphemeralConsensusDirectory: &s.c.Root.Ephemeral.Consensus,
105 }
106
107 kubelet := kubeletService{
108 NodeName: hostname,
Lorenz Brun339582b2020-07-29 18:13:35 +0200[diff] [blame]109 ClusterDNS: []net.IP{dnsHostIP},
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]110 KubeletDirectory: &s.c.Root.Data.Kubernetes.Kubelet,
111 EphemeralDirectory: &s.c.Root.Ephemeral,
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]112 KPKI: s.c.KPKI,
113 }
114
115 csiPlugin := csiPluginServer{
116 KubeletDirectory: &s.c.Root.Data.Kubernetes.Kubelet,
117 VolumesDirectory: &s.c.Root.Data.Volumes,
118 }
119
120 csiProvisioner := csiProvisionerServer{
121 NodeName: hostname,
122 Kubernetes: clientSet,
123 InformerFactory: informerFactory,
124 VolumesDirectory: &s.c.Root.Data.Volumes,
125 }
126
127 clusternet := clusternet.Service{
128 NodeName: hostname,
129 Kubernetes: clientSet,
130 ClusterNet: s.c.ClusterNet,
131 InformerFactory: informerFactory,
132 DataDirectory: &s.c.Root.Data.Kubernetes.ClusterNetworking,
133 }
134
Lorenz Brunb682ba52020-07-08 14:51:36 +0200[diff] [blame]135 nfproxy := nfproxy.Service{
136 ClusterCIDR: s.c.ClusterNet,
137 ClientSet: clientSet,
138 }
139
Lorenz Brun4e090352021-03-17 17:44:41 +0100[diff] [blame^]140 kvmDevicePlugin := kvmdevice.Plugin{
141 KubeletDirectory: &s.c.Root.Data.Kubernetes.Kubelet,
142 }
143
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]144 for _, sub := range []struct {
145 name string
146 runnable supervisor.Runnable
147 }{
148 {"apiserver", apiserver.Run},
Serge Bazanski967be212020-11-02 11:26:59 +0100[diff] [blame]149 {"controller-manager", runControllerManager(*controllerManagerConfig)},
150 {"scheduler", runScheduler(*schedulerConfig)},
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]151 {"kubelet", kubelet.Run},
152 {"reconciler", reconciler.Run(clientSet)},
153 {"csi-plugin", csiPlugin.Run},
154 {"csi-provisioner", csiProvisioner.Run},
155 {"clusternet", clusternet.Run},
Lorenz Brunb682ba52020-07-08 14:51:36 +0200[diff] [blame]156 {"nfproxy", nfproxy.Run},
Lorenz Brun4e090352021-03-17 17:44:41 +0100[diff] [blame^]157 {"kvmdeviceplugin", kvmDevicePlugin.Run},
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]158 } {
159 err := supervisor.Run(ctx, sub.name, sub.runnable)
160 if err != nil {
161 return fmt.Errorf("could not run sub-service %q: %w", sub.name, err)
162 }
163 }
164
Lorenz Brunfa5c2fc2020-09-28 13:32:12 +0200[diff] [blame]165 supervisor.Logger(ctx).Info("Registering K8s CoreDNS")
166 clusterDNSDirective := dns.NewKubernetesDirective("cluster.local", masterKubeconfig)
167 s.c.CorednsRegistrationChan <- clusterDNSDirective
168
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]169 supervisor.Signal(ctx, supervisor.SignalHealthy)
Lorenz Brunfa5c2fc2020-09-28 13:32:12 +0200[diff] [blame]170 <-ctx.Done()
171 s.c.CorednsRegistrationChan <- dns.CancelDirective(clusterDNSDirective)
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]172 return nil
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]173}
174
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]175// GetDebugKubeconfig issues a kubeconfig for an arbitrary given identity. Useful for debugging and testing.
Serge Bazanskic2c7ad92020-07-13 17:20:09 +0200[diff] [blame]176func (s *Service) GetDebugKubeconfig(ctx context.Context, request *apb.GetDebugKubeconfigRequest) (*apb.GetDebugKubeconfigResponse, error) {
Serge Bazanski9411f7c2021-03-10 13:12:53 +0100[diff] [blame]177 client, err := s.c.KPKI.VolatileClient(ctx, request.Id, request.Groups)
178 if err != nil {
179 return nil, status.Errorf(codes.Unavailable, "Failed to get volatile client certificate: %v", err)
180 }
181 kubeconfig, err := pki.Kubeconfig(ctx, s.c.KPKI.KV, client)
Lorenz Brun878f5f92020-05-12 16:15:39 +0200[diff] [blame]182 if err != nil {
183 return nil, status.Errorf(codes.Unavailable, "Failed to generate kubeconfig: %v", err)
184 }
Serge Bazanski9411f7c2021-03-10 13:12:53 +0100[diff] [blame]185 return &apb.GetDebugKubeconfigResponse{DebugKubeconfig: string(kubeconfig)}, nil
Lorenz Brun6e8f69c2019-11-18 10:44:24 +0100[diff] [blame]186}