search

att-comdev / promenade

This project has moved to OpenStack.
https://www.airshipit.org/
Apache License 2.0
11 stars 15 forks source link

Add configuration bundle for Drydock export #21

Closed mark-burnett closed 7 years ago

mark-burnett commented 7 years ago

This adds an additional output file to the generate sub-command, which dumps a (nearly) complete collection of configuration documents into a single file without duplicates. This should be suitable for upload into Drydock.

This is a bigger change than I expected, because I had been a bit sloppy in my mixing of name and alias in the first pass at this development.

I think we should revisit this in the future and structure the metadata more strictly perhaps even using only label selectors. Then the config queries from templates can do label selection instead of having two kinds of "names".

For now though, the gist is that alias is meant to be like a label selector that can be reused on multiple hosts for different data on each host. This way the templates don't have to do anything complex in their queries -- they just say things like alias='kubelet'.

Additionally, I had validation in place to check that there were no duplicate values of name per kind. I think this is good, and I didn't want to remove that. However, I had again coupled the name field with other data. In this case it was the CN of the certs. For most cases, this wasn't a problem, because they embedded the hostname, but for the kube proxy, it actually needs to use the same CN for all hosts. Maybe the kubernetes authors are expecting it to always be a DaemonSet.

Anyway, I added a specific override for the name in the config.Document when generating a cert, called config_name just to handle the proxy case.

mark-burnett commented 7 years ago

@sh8121att Thanks for looking. When testing with multi-master this morning, I found some gaps. Can you take another look & merge if you're happy with it?

sh8121att commented 7 years ago

Just to validate, when I select which documents to send to a host I should now match the hostname with target and host tags/labels with alias correct?

And agree we will need a normalization effort on schemas for the documents for each UCP service. Probably fits in well w/ Deckhand development.

mark-burnett commented 7 years ago

@sh8121att I think you should only need to look at target right now.

The alias field is used to select, e.g., "proxy" certificate vs "kubelet" certificate once it's already filtered to a given host. I.e., the alias will be repeated for each host that needs that file.