From 872415db72824be2597eaa26ab8243541d413972 Mon Sep 17 00:00:00 2001 From: Alvaro Aleman Date: Wed, 3 Aug 2022 23:55:59 -0400 Subject: [PATCH] HO: Fix haproxy to have apiserver external address for public clusters This was accidentally removed in https://github.com/openshift/hypershift/pull/1614/files#diff-8d5b507fe367a80159912e2310bc3e7b76a5aa9dd1f12ccee7a1bf3a9bc2ac49 and breaks public clusters. --- .../controllers/nodepool/haproxy.go | 24 +++++++++++++++++++ .../nodepool/nodepool_controller_test.go | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/hypershift-operator/controllers/nodepool/haproxy.go b/hypershift-operator/controllers/nodepool/haproxy.go index b2c2568f1c..368e6af101 100644 --- a/hypershift-operator/controllers/nodepool/haproxy.go +++ b/hypershift-operator/controllers/nodepool/haproxy.go @@ -6,6 +6,7 @@ import ( "embed" "fmt" "html/template" + "net/url" "strconv" "strings" @@ -26,7 +27,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/client-go/tools/clientcmd" "k8s.io/utils/pointer" + crclient "sigs.k8s.io/controller-runtime/pkg/client" ) const ( @@ -62,6 +65,27 @@ func (r *NodePoolReconciler) reconcileHAProxyIgnitionConfig(ctx context.Context, apiServerExternalPort := util.APIPortWithDefaultFromHostedCluster(hcluster, config.DefaultAPIServerPort) if util.IsPrivateHC(hcluster) { apiServerExternalAddress = fmt.Sprintf("api.%s.hypershift.local", hcluster.Name) + } else { + if hcluster.Status.KubeConfig == nil { + return "", true, nil + } + var kubeconfig corev1.Secret + if err := r.Get(ctx, crclient.ObjectKey{Namespace: hcluster.Namespace, Name: hcluster.Status.KubeConfig.Name}, &kubeconfig); err != nil { + return "", true, fmt.Errorf("failed to get kubeconfig: %w", err) + } + kubeconfigBytes, found := kubeconfig.Data["kubeconfig"] + if !found { + return "", true, fmt.Errorf("kubeconfig secret %s has no 'kubeconfig' key", crclient.ObjectKeyFromObject(&kubeconfig)) + } + restConfig, err := clientcmd.RESTConfigFromKubeConfig(kubeconfigBytes) + if err != nil { + return "", true, fmt.Errorf("failed to parse kubeconfig from secret %s: %w", crclient.ObjectKeyFromObject(&kubeconfig), err) + } + hostURL, err := url.Parse(restConfig.Host) + if err != nil { + return "", true, fmt.Errorf("failed to parse host in kubeconfig from secret %s as url: %w", crclient.ObjectKeyFromObject(&kubeconfig), err) + } + apiServerExternalAddress = hostURL.Hostname() } haProxyImage, ok := releaseImage.ComponentImages()[haProxyRouterImageName] diff --git a/hypershift-operator/controllers/nodepool/nodepool_controller_test.go b/hypershift-operator/controllers/nodepool/nodepool_controller_test.go index 3258f3483e..838198ac55 100644 --- a/hypershift-operator/controllers/nodepool/nodepool_controller_test.go +++ b/hypershift-operator/controllers/nodepool/nodepool_controller_test.go @@ -422,7 +422,7 @@ spec: overwrite: true path: /usr/local/bin/teardown-apiserver-ip.sh - contents: - source: data:text/plain;charset=utf-8;base64,Z2xvYmFsCiAgbWF4Y29ubiA3MDAwCiAgbG9nIHN0ZG91dCBsb2NhbDAKICBsb2cgc3Rkb3V0IGxvY2FsMSBub3RpY2UKCmRlZmF1bHRzCiAgbW9kZSB0Y3AKICB0aW1lb3V0IGNsaWVudCAxMG0KICB0aW1lb3V0IHNlcnZlciAxMG0KICB0aW1lb3V0IGNvbm5lY3QgMTBzCiAgdGltZW91dCBjbGllbnQtZmluIDVzCiAgdGltZW91dCBzZXJ2ZXItZmluIDVzCiAgdGltZW91dCBxdWV1ZSA1cwogIHJldHJpZXMgMwoKZnJvbnRlbmQgbG9jYWxfYXBpc2VydmVyCiAgYmluZCAxNzIuMjAuMC4xOjY0NDMKICBsb2cgZ2xvYmFsCiAgbW9kZSB0Y3AKICBvcHRpb24gdGNwbG9nCiAgZGVmYXVsdF9iYWNrZW5kIHJlbW90ZV9hcGlzZXJ2ZXIKCmJhY2tlbmQgcmVtb3RlX2FwaXNlcnZlcgogIG1vZGUgdGNwCiAgbG9nIGdsb2JhbAogIG9wdGlvbiBodHRwY2hrIEdFVCAvdmVyc2lvbgogIG9wdGlvbiBsb2ctaGVhbHRoLWNoZWNrcwogIGRlZmF1bHQtc2VydmVyIGludGVyIDEwcyBmYWxsIDMgcmlzZSAzCiAgc2VydmVyIGNvbnRyb2xwbGFuZSA6NjQ0Mwo= + source: data:text/plain;charset=utf-8;base64,Z2xvYmFsCiAgbWF4Y29ubiA3MDAwCiAgbG9nIHN0ZG91dCBsb2NhbDAKICBsb2cgc3Rkb3V0IGxvY2FsMSBub3RpY2UKCmRlZmF1bHRzCiAgbW9kZSB0Y3AKICB0aW1lb3V0IGNsaWVudCAxMG0KICB0aW1lb3V0IHNlcnZlciAxMG0KICB0aW1lb3V0IGNvbm5lY3QgMTBzCiAgdGltZW91dCBjbGllbnQtZmluIDVzCiAgdGltZW91dCBzZXJ2ZXItZmluIDVzCiAgdGltZW91dCBxdWV1ZSA1cwogIHJldHJpZXMgMwoKZnJvbnRlbmQgbG9jYWxfYXBpc2VydmVyCiAgYmluZCAxNzIuMjAuMC4xOjY0NDMKICBsb2cgZ2xvYmFsCiAgbW9kZSB0Y3AKICBvcHRpb24gdGNwbG9nCiAgZGVmYXVsdF9iYWNrZW5kIHJlbW90ZV9hcGlzZXJ2ZXIKCmJhY2tlbmQgcmVtb3RlX2FwaXNlcnZlcgogIG1vZGUgdGNwCiAgbG9nIGdsb2JhbAogIG9wdGlvbiBodHRwY2hrIEdFVCAvdmVyc2lvbgogIG9wdGlvbiBsb2ctaGVhbHRoLWNoZWNrcwogIGRlZmF1bHQtc2VydmVyIGludGVyIDEwcyBmYWxsIDMgcmlzZSAzCiAgc2VydmVyIGNvbnRyb2xwbGFuZSBsb2NhbGhvc3Q6NjQ0Mwo= mode: 420 overwrite: true path: /etc/kubernetes/apiserver-proxy-config/haproxy.cfg