Enable templating within systemd unit files (#351)

* Enable templating within systemd unit files Signed-off-by: Marcus Noble <[email protected]> * Removed haskey conditional Signed-off-by: Marcus Noble <[email protected]> * support multiple fields for dependency ordering * pass global values to systemd unit templating functions * Update changelog * Update README with systemd templating info * tiniest nitpick --------- Signed-off-by: Marcus Noble <[email protected]> Co-authored-by: Simon Weald <[email protected]>
giantswarm · Oct 1, 2024 · 0809adf · 0809adf
1 parent a4fdaae
commit 0809adf
Show file tree

Hide file tree

Showing 8 changed files with 213 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Added support for `Service` section in custom systemd configuration
+- Added support for `After`, `Requires`, `Wants` and `BindsTo` within unit section of custom systemd configuration
+- Added support for passing Helm templating from provider chart values through to systemd unit templates
+
 ## [1.4.1] - 2024-09-23
 
 ### Fixed

diff --git a/README.md b/README.md
@@ -430,6 +430,64 @@ cluster:
         - echo "workers command after kubeadm"
 ```
 
+### Systemd unit templating
+
+You can pass Helm templating syntax through from cluster-\<provider\> charts which will be rendered by the cluster chart. This is
+written as plain text within the cluster-\<provider\> chart values under the `additionalFields` key. Consider the following:
+
+```
+global:
+  connectivity:
+    network:
+      staticRoutes:
+        - destination: 10.2.3.0/24
+          via: 10.9.8.7
+        - destination: 10.20.30.0/24
+          via: 10.9.8.7
+cluster:
+  providerIntegration:
+    kubeadmConfig:
+      # ignition for both control plane and worker nodes
+      ignition:
+        containerLinuxConfig:
+          additionalConfig:
+            systemd:
+              units:
+                - contents:
+                    install:
+                      wantedBy:
+                        - multi-user.target
+                    service:
+                      additionalFields: |-
+                        {{- if $.global.connectivity.network.staticRoutes }}
+                        {{- range $.global.connectivity.network.staticRoutes }}
+                        ExecStart=/usr/bin/bash -cv 'ip route add {{ .destination }} via {{ .via }}'
+                        {{- end }}
+                        {{- end }}
+                    unit:
+                      requires:
+                        - coreos-metadata.service
+```
+
+This results in the following unit:
+
+```
+[Unit]
+Requires=coreos-metadata.service
+[Service]
+ExecStart=/usr/bin/bash -cv 'ip route add 10.2.3.0/24 via 10.9.8.7'
+ExecStart=/usr/bin/bash -cv 'ip route add 10.20.30.0/24 via 10.9.8.7'
+[Install]
+WantedBy=multi-user.target
+```
+
+The Helm templating syntax is treated as plain text by the provider chart. The cluster chart's templating function has
+access to the values under the provider chart's `.global` key so any values referenced in the template must exist 
+under `.global`.
+
+Note that variable scoping is important here - the templating function does not have access to the root `$.Values` object,
+so any variables under `.global` must be referenced as `$.global.some.var` (not `$.Values.global.some.var`).
+
 ## Workload cluster configuration
 
 Workload clusters can be configured by setting Helm values in two top-level objects:

diff --git a/helm/cluster/README.md b/helm/cluster/README.md
diff --git a/helm/cluster/templates/bastion/_helpers_flatcar.tpl b/helm/cluster/templates/bastion/_helpers_flatcar.tpl
@@ -3,8 +3,9 @@ containerLinuxConfig:
   additionalConfig: |
     systemd:
       {{- if (((((($.Values.providerIntegration.bastion).kubeadmConfig).ignition).containerLinuxConfig).additionalConfig).systemd).units }}
+      {{- $systemdUnitValues := dict "global" $.Values.global "units" $.Values.providerIntegration.bastion.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
       units:
-      {{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $.Values.providerIntegration.bastion.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units | indent 6 }}
+      {{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $systemdUnitValues | indent 6 }}
       {{- else }}
       units: []
       {{- end }}

diff --git a/helm/cluster/templates/clusterapi/_helpers_flatcar.tpl b/helm/cluster/templates/clusterapi/_helpers_flatcar.tpl
@@ -5,7 +5,7 @@
 {{- end }}
 
 {{- define "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" }}
-{{- range . }}
+{{- range .units }}
 - name: {{ .name }}
   {{- if hasKey . "enabled" }}
   enabled: {{ .enabled }}
@@ -21,6 +21,35 @@
     {{- if hasKey .contents.unit "defaultDependencies" }}
     DefaultDependencies={{ if .contents.unit.defaultDependencies }}yes{{ else }}no{{ end }}
     {{- end }}
+    {{- if .contents.unit.after }}
+    {{- range $after := .contents.unit.after }}
+    After={{ $after }}
+    {{- end }}
+    {{- end }}
+    {{- if .contents.unit.requires }}
+    {{- range $requires := .contents.unit.requires }}
+    Requires={{ $requires }}
+    {{- end }}
+    {{- end }}
+    {{- if .contents.unit.wants }}
+    {{- range $wants := .contents.unit.wants }}
+    Wants={{ $wants }}
+    {{- end }}
+    {{- end }}
+    {{- if .contents.unit.bindsTo }}
+    BindsTo={{ .contents.unit.bindsTo }}
+    {{- end }}
+    {{- end }}
+    {{- if .contents.service }}
+    [Service]
+    Type={{ .contents.service.type }}
+    RemainAfterExit={{ .contents.service.remainAfterExit }}
+    {{- if .contents.service.execStart }}
+    ExecStart={{ .contents.service.execStart }}
+    {{- end }}
+    {{- if .contents.service.additionalFields }}
+    {{ tpl .contents.service.additionalFields $ | nindent 4 }}
+    {{- end }}
     {{- end }}
     {{- if .contents.mount }}
     [Mount]

diff --git a/helm/cluster/templates/clusterapi/controlplane/_helpers_flatcar.tpl b/helm/cluster/templates/clusterapi/controlplane/_helpers_flatcar.tpl
@@ -19,10 +19,12 @@ containerLinuxConfig:
 
 {{- define "cluster.internal.controlPlane.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" }}
 {{- if ((((($.Values.providerIntegration.kubeadmConfig).ignition).containerLinuxConfig).additionalConfig).systemd).units }}
-{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $.Values.providerIntegration.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- $systemdUnitValues := dict "global" $.Values.global "units" $.Values.providerIntegration.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $systemdUnitValues }}
 {{- end }}
 {{- if (((((($.Values.providerIntegration.controlPlane).kubeadmConfig).ignition).containerLinuxConfig).additionalConfig).systemd).units }}
-{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $.Values.providerIntegration.controlPlane.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- $systemdUnitValues := dict "global" $.Values.global "units" $.Values.providerIntegration.controlPlane.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $systemdUnitValues }}
 {{- end }}
 {{- end }}
 

diff --git a/helm/cluster/templates/clusterapi/workers/_helpers_flatcar.tpl b/helm/cluster/templates/clusterapi/workers/_helpers_flatcar.tpl
@@ -16,10 +16,12 @@ containerLinuxConfig:
 
 {{- define "cluster.internal.workers.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" }}
 {{- if ((((($.Values.providerIntegration.kubeadmConfig).ignition).containerLinuxConfig).additionalConfig).systemd).units }}
-{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $.Values.providerIntegration.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- $systemdUnitValues := dict "global" $.Values.global "units" $.Values.providerIntegration.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $systemdUnitValues }}
 {{- end }}
 {{- if (((((($.Values.providerIntegration.workers).kubeadmConfig).ignition).containerLinuxConfig).additionalConfig).systemd).units }}
-{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $.Values.providerIntegration.workers.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- $systemdUnitValues := dict "global" $.Values.global "units" $.Values.providerIntegration.workers.kubeadmConfig.ignition.containerLinuxConfig.additionalConfig.systemd.units }}
+{{- include "cluster.internal.kubeadm.ignition.containerLinuxConfig.additionalConfig.systemd.units" $systemdUnitValues }}
 {{- end }}
 {{- end }}
 

diff --git a/helm/cluster/values.schema.json b/helm/cluster/values.schema.json
@@ -926,6 +926,38 @@
                                 }
                             }
                         },
+                        "service": {
+                            "type": "object",
+                            "title": "Service",
+                            "description": "Configuration of the [Service] section.",
+                            "required": [
+                                "type",
+                                "remainAfterExit"
+                            ],
+                            "additionalProperties": false,
+                            "properties": {
+                                "type": {
+                                    "type": "string",
+                                    "title": "Type",
+                                    "description": "systemd service Type."
+                                },
+                                "additionalFields": {
+                                    "type": "string",
+                                    "title": "AdditionalFields",
+                                    "description": "any extra fields to add to the systemd [Service] section."
+                                },
+                                "execStart": {
+                                    "type": "string",
+                                    "title": "ExecStart",
+                                    "description": "systemd service ExecStart."
+                                },
+                                "remainAfterExit": {
+                                    "type": "string",
+                                    "title": "RemainAfterExit",
+                                    "description": "systemd service RemainAfterExit."
+                                }
+                            }
+                        },
                         "unit": {
                             "type": "object",
                             "title": "Unit",
@@ -940,10 +972,39 @@
                                     "title": "Description",
                                     "description": "systemd unit description."
                                 },
+                                "after": {
+                                    "type": "array",
+                                    "title": "After",
+                                    "description": "systemd unit After.",
+                                    "items": {
+                                        "type": "string"
+                                    }
+                                },
+                                "bindsTo": {
+                                    "type": "string",
+                                    "title": "BindsTo",
+                                    "description": "systemd unit BindsTo."
+                                },
                                 "defaultDependencies": {
                                     "type": "boolean",
                                     "title": "DefaultDependencies",
                                     "description": "Flag that indicates if this systemd unit should have the default systemd unit dependencies."
+                                },
+                                "requires": {
+                                    "type": "array",
+                                    "title": "Requires",
+                                    "description": "systemd unit Requires.",
+                                    "items": {
+                                        "type": "string"
+                                    }
+                                },
+                                "wants": {
+                                    "type": "array",
+                                    "title": "Wants",
+                                    "description": "systemd unit Wants.",
+                                    "items": {
+                                        "type": "string"
+                                    }
                                 }
                             }
                         }