salt,docs: Make Ingress Control Plane IP configurable

Make the IP used to reach the UI and other Control Plane components configurable from Bootstrap config file Refs: #2381
scality · Jun 7, 2021 · 98c50bf · 98c50bf
1 parent b7c3fd7
commit 98c50bf
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 10 deletions.
diff --git a/docs/installation/bootstrap.rst b/docs/installation/bootstrap.rst
@@ -47,6 +47,7 @@ Configuration
       networks:
         controlPlane:
           cidr: <CIDR-notation>
+          ingressIP: <IP-for-ingress>
         workloadPlane:
           cidr: <CIDR-notation>
           mtu: <network-MTU>
@@ -80,6 +81,15 @@ notation for it's various subfields.
         network. This is an :ref:`advanced configuration<multiple CIDR network>`
         which we do not recommend for non-experts.
 
+      For ``controlPlane`` entry an ``ingressIP`` can also be provided, this
+      IP is the one that will be used to connect to control plane components,
+      like MetalK8s-UI and all the monitoring stack. We suggest to use
+      a `Virtual IP <https://en.wikipedia.org/wiki/Virtual_IP_address>`_ that
+      will sit on a working master Node. The default value for this
+      Ingress IP is the control plane IP of the Bootstrap node (which means
+      that if you lose the Bootstrap node, you no longer have access to any
+      control plane conponent).
+
       For ``workloadPlane`` entry an
       `MTU <https://en.wikipedia.org/wiki/Maximum_transmission_unit>`_ can
       also be provided, this MTU value should be the lowest MTU value accross

diff --git a/salt/_modules/metalk8s_network.py b/salt/_modules/metalk8s_network.py
@@ -229,6 +229,9 @@ def routes():
 
 
 def get_control_plane_ingress_ip():
+    if "ingressIP" in __pillar__["networks"]["control_plane"]:
+        return __pillar__["networks"]["control_plane"]["ingressIP"]
+
     # Use Bootstrap Control Plane IP as Ingress Control plane IP
     bootstrap_id = __salt__["metalk8s.minions_by_role"]("bootstrap")[0]
 

diff --git a/salt/metalk8s/defaults.yaml b/salt/metalk8s/defaults.yaml
@@ -74,9 +74,6 @@ networks:
       control_plane_ip:8080:
         expected: nginx
         description: MetalK8s repository
-      ingress_control_plane_ip:8443:
-        expected: kube-proxy
-        description: Control plane nginx ingress
     master:
       0.0.0.0:6443:
         expected: kube-apiserver
@@ -87,6 +84,9 @@ networks:
       127.0.0.1:7443:
         expected: nginx
         description: Apiserver proxy
+      ingress_control_plane_ip:8443:
+        expected: kube-proxy
+        description: Control plane nginx ingress
       control_plane_ip:10257:
         expected: kube-controller-manager
         description: Kubernetes controller manager

diff --git a/salt/tests/unit/modules/files/test_metalk8s_network.yaml b/salt/tests/unit/modules/files/test_metalk8s_network.yaml
@@ -85,12 +85,19 @@ routes:
       - *simple_route
 
 get_control_plane_ingress_ip:
-  # 1. Nominal bootstrap IP (from Salt minion)
+  # 1. Nominal Ingress IP from pillar
+  - pillar:
+      networks:
+        control_plane:
+          ingressIP: 1.1.1.1
+    result: 1.1.1.1
+
+  # 2. Nominal bootstrap IP (from Salt minion)
   - mine_ret:
       bootstrap: 1.1.1.2
     result: 1.1.1.2
 
-  # 2. Nominal bootstrap IP (from Salt master)
+  # 3. Nominal bootstrap IP (from Salt master)
   - mine_runner_ret:
       bootstrap: 1.1.1.3
     mine_ret:
@@ -99,19 +106,19 @@ get_control_plane_ingress_ip:
       __role: master
     result: 1.1.1.3
 
-  # 3. Nominal bootstrap IP running from bootstrap node
+  # 4. Nominal bootstrap IP running from bootstrap node
   - grains:
       id: bootstrap
       metalk8s:
         control_plane_ip: 1.1.1.4
     result: 1.1.1.4
 
-  # 4. Error unable to get from mine (from Salt minion)
+  # 5. Error unable to get from mine (from Salt minion)
   - mine_ret: {}
     raises: true
     result: "Unable to get bootstrap Control Plane IP: {}"
 
-  # 5. Error unable to get from mine (from Salt master)
+  # 6. Error unable to get from mine (from Salt master)
   - mine_runner_ret: {}
     opts:
       __role: master

diff --git a/salt/tests/unit/modules/test_metalk8s_network.py b/salt/tests/unit/modules/test_metalk8s_network.py
@@ -296,6 +296,7 @@ def test_get_control_plane_ingress_ip(
         self,
         result,
         raises=False,
+        pillar=None,
         opts=None,
         grains=None,
         mine_ret=None,
@@ -304,6 +305,8 @@ def test_get_control_plane_ingress_ip(
         """
         Tests the return of `get_control_plane_ingress_ip` function
         """
+        if pillar is None:
+            pillar = {"networks": {"control_plane": {}}}
         if opts is None:
             opts = {"__role": "minion"}
         if grains is None:
@@ -316,8 +319,10 @@ def test_get_control_plane_ingress_ip(
         }
 
         with patch.dict(metalk8s_network.__salt__, salt_dict), patch.dict(
-            metalk8s_network.__opts__, opts
-        ), patch.dict(metalk8s_network.__grains__, grains):
+            metalk8s_network.__pillar__, pillar
+        ), patch.dict(metalk8s_network.__opts__, opts), patch.dict(
+            metalk8s_network.__grains__, grains
+        ):
             if raises:
                 self.assertRaisesRegex(
                     CommandExecutionError,