Skip to content

Commit

Permalink
Initial work on hiera-ifying and Puppet 8 support
Browse files Browse the repository at this point in the history
The code is ugly, but should mean that etcd can still be installed both as
part of the control-plane as well as on standalone nodes
  • Loading branch information
ananace committed Jul 10, 2023
1 parent 0fb4b1a commit b174ec9
Show file tree
Hide file tree
Showing 6 changed files with 197 additions and 105 deletions.
60 changes: 28 additions & 32 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,9 +95,9 @@ The following parameters are available in the `k8s` class:
* [`uid`](#-k8s--uid)
* [`gid`](#-k8s--gid)
* [`etcd_cluster_name`](#-k8s--etcd_cluster_name)
* [`native_packaging`](#-k8s--native_packaging)
* [`version`](#-k8s--version)
* [`etcd_version`](#-k8s--etcd_version)
* [`native_packaging`](#-k8s--native_packaging)
* [`container_registry`](#-k8s--container_registry)
* [`container_image_tag`](#-k8s--container_image_tag)
* [`container_manager`](#-k8s--container_manager)
Expand Down Expand Up @@ -212,29 +212,25 @@ name of the etcd cluster for searching its nodes in the puppetdb

Default value: `'default'`

##### <a name="-k8s--native_packaging"></a>`native_packaging`

Data type: `K8s::Native_packaging`
##### <a name="-k8s--version"></a>`version`

Data type: `String[1]`


Default value: `'loose'`

##### <a name="-k8s--version"></a>`version`
##### <a name="-k8s--etcd_version"></a>`etcd_version`

Data type: `String[1]`



Default value: `'1.26.1'`

##### <a name="-k8s--etcd_version"></a>`etcd_version`
##### <a name="-k8s--native_packaging"></a>`native_packaging`

Data type: `String[1]`
Data type: `K8s::Native_packaging`



Default value: `'3.5.1'`
Default value: `'loose'`

##### <a name="-k8s--container_registry"></a>`container_registry`

Expand Down Expand Up @@ -1961,11 +1957,11 @@ Default value: `"${cert_path}/client-ca.key"`

##### <a name="-k8s--server--etcd--cluster_name"></a>`cluster_name`

Data type: `String[1]`
Data type: `Optional[String[1]]`

name of the etcd cluster for searching its nodes in the puppetdb
name of the etcd cluster for searching its nodes in the puppetdb, will use k8s::etcd_cluster_name unless otherwise specified

Default value: `pick($k8s::server::etcd_cluster_name, 'default')`
Default value: `undef`

##### <a name="-k8s--server--etcd--ensure"></a>`ensure`

Expand All @@ -1981,7 +1977,7 @@ Data type: `Optional[K8s::Firewall]`

define the type of firewall to use

Default value: `$k8s::server::firewall_type`
Default value: `undef`

##### <a name="-k8s--server--etcd--generate_ca"></a>`generate_ca`

Expand Down Expand Up @@ -2041,11 +2037,11 @@ Default value: `"${cert_path}/peer-ca.key"`

##### <a name="-k8s--server--etcd--puppetdb_discovery_tag"></a>`puppetdb_discovery_tag`

Data type: `String[1]`
Data type: `Optional[String[1]]`

enable puppetdb resource searching

Default value: `pick($k8s::server::puppetdb_discovery_tag, $cluster_name)`
Default value: `$cluster_name`

##### <a name="-k8s--server--etcd--self_signed_tls"></a>`self_signed_tls`

Expand All @@ -2057,11 +2053,11 @@ Default value: `false`

##### <a name="-k8s--server--etcd--version"></a>`version`

Data type: `String[1]`
Data type: `Optional[String[1]]`

version of ectd to install
version of ectd to install, will use k8s::etcd_version unless otherwise specified

Default value: `pick($k8s::etcd_version, '3.5.1')`
Default value: `undef`

##### <a name="-k8s--server--etcd--user"></a>`user`

Expand Down Expand Up @@ -2147,11 +2143,11 @@ Default value: `undef`

##### <a name="-k8s--server--etcd--setup--auto_tls"></a>`auto_tls`

Data type: `Boolean`
Data type: `Optional[Boolean]`



Default value: `$k8s::server::etcd::self_signed_tls`
Default value: `undef`

##### <a name="-k8s--server--etcd--setup--binary_path"></a>`binary_path`

Expand Down Expand Up @@ -2187,11 +2183,11 @@ Default value: `"${etcd_name}.etcd"`

##### <a name="-k8s--server--etcd--setup--ensure"></a>`ensure`

Data type: `K8s::Ensure`
Data type: `Optional[K8s::Ensure]`

set ensure for installation or deinstallation

Default value: `$k8s::server::etcd::ensure`
Default value: `undef`

##### <a name="-k8s--server--etcd--setup--etcd_name"></a>`etcd_name`

Expand Down Expand Up @@ -2219,11 +2215,11 @@ Default value: `undef`

##### <a name="-k8s--server--etcd--setup--group"></a>`group`

Data type: `String[1]`
Data type: `Optional[String[1]]`

etcd system user group

Default value: `$k8s::server::etcd::group`
Default value: `undef`

##### <a name="-k8s--server--etcd--setup--initial_advertise_peer_urls"></a>`initial_advertise_peer_urls`

Expand Down Expand Up @@ -2299,11 +2295,11 @@ Default value: `'etcd'`

##### <a name="-k8s--server--etcd--setup--peer_auto_tls"></a>`peer_auto_tls`

Data type: `Boolean`
Data type: `Optional[Boolean]`



Default value: `$k8s::server::etcd::self_signed_tls`
Default value: `undef`

##### <a name="-k8s--server--etcd--setup--peer_cert_file"></a>`peer_cert_file`

Expand Down Expand Up @@ -2371,19 +2367,19 @@ Default value: `undef`

##### <a name="-k8s--server--etcd--setup--user"></a>`user`

Data type: `String[1]`
Data type: `Optional[String[1]]`

etcd system user

Default value: `$k8s::server::etcd::user`
Default value: `undef`

##### <a name="-k8s--server--etcd--setup--version"></a>`version`

Data type: `String[1]`
Data type: `Optional[String[1]]`

The ectd version to install

Default value: `$k8s::server::etcd::version`
Default value: `undef`

### <a name="k8s--server--resources"></a>`k8s::server::resources`

Expand Down
2 changes: 2 additions & 0 deletions data/common.yaml
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
---
k8s::version: 1.26.1
k8s::etcd_version: 3.5.1
10 changes: 7 additions & 3 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,13 @@
# @param etcd_cluster_name name of the etcd cluster for searching its nodes in the puppetdb
#
class k8s (
# Stored in Hiera data
String[1] $version,
String[1] $etcd_version,

K8s::Ensure $ensure = 'present',
Enum['container', 'native'] $packaging = 'native',
K8s::Native_packaging $native_packaging = 'loose',
String[1] $version = '1.26.1',
String[1] $etcd_version = '3.5.1',

String[1] $container_registry = 'registry.k8s.io',
Optional[String[1]] $container_image_tag = undef,
Expand Down Expand Up @@ -164,7 +166,9 @@
ensure_packages([$_conntrack,])
}

include k8s::install::cni_plugins
if $role != 'none' {
include k8s::install::cni_plugins
}

if $role == 'server' {
include k8s::server
Expand Down
45 changes: 31 additions & 14 deletions manifests/server/etcd.pp
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# @param cert_path path to cert files
# @param client_ca_cert
# @param client_ca_key
# @param cluster_name name of the etcd cluster for searching its nodes in the puppetdb
# @param cluster_name name of the etcd cluster for searching its nodes in the puppetdb, will use k8s::etcd_cluster_name unless otherwise specified
# @param ensure set ensure for installation or deinstallation
# @param firewall_type define the type of firewall to use
# @param generate_ca whether to generate a own ca or not
Expand All @@ -16,17 +16,17 @@
# @param peer_ca_key
# @param puppetdb_discovery_tag enable puppetdb resource searching
# @param self_signed_tls
# @param version version of ectd to install
# @param version version of ectd to install, will use k8s::etcd_version unless otherwise specified
#
class k8s::server::etcd (
K8s::Ensure $ensure = 'present',
String[1] $version = pick($k8s::etcd_version, '3.5.1'),
K8s::Ensure $ensure = 'present',
Optional[String[1]] $version = undef,

Boolean $manage_setup = true,
Boolean $manage_firewall = false,
Boolean $manage_members = false,
String[1] $cluster_name = pick($k8s::server::etcd_cluster_name, 'default'),
String[1] $puppetdb_discovery_tag = pick($k8s::server::puppetdb_discovery_tag, $cluster_name),
Boolean $manage_setup = true,
Boolean $manage_firewall = false,
Boolean $manage_members = false,
Optional[String[1]] $cluster_name = undef,
Optional[String[1]] $puppetdb_discovery_tag = $cluster_name,

Boolean $self_signed_tls = false,
Boolean $manage_certs = true,
Expand All @@ -40,7 +40,8 @@
Stdlib::Unixpath $client_ca_key = "${cert_path}/client-ca.key",
Stdlib::Unixpath $client_ca_cert = "${cert_path}/client-ca.pem",

Optional[K8s::Firewall] $firewall_type = $k8s::server::firewall_type,
Optional[K8s::Firewall] $firewall_type = undef,

String[1] $user = 'etcd',
String[1] $group = 'etcd',
) {
Expand Down Expand Up @@ -120,6 +121,17 @@
}

if $ensure == 'present' and $manage_members {
if defined(Class['k8s']) {
$_k8s_cluster_name = $k8s::etcd_cluster_name
$_k8s_puppetdb_discovery_tag = $k8s::puppetdb_discovery_tag
} else {
$_k8s_cluster_name = lookup('k8s::cluster_name', undef, undef, undef)
$_k8s_puppetdb_discovery_tag = lookup('k8s::puppetdb_discovery_tag', undef, undef, undef)
}

$_cluster_name = pick($cluster_name, $_k8s_cluster_name, 'default')
$_puppetdb_discovery_tag = pick($puppetdb_discovery_tag, $cluster_name, $_k8s_puppetdb_discovery_tag, 'default')

# Needs the PuppetDB terminus installed
$pql_query = [
'resources[certname,parameters] {',
Expand All @@ -129,8 +141,8 @@
' resources {',
' type = \'Class\' and',
' title = \'K8s::Server::Etcd\' and',
" parameters.cluster_name = '${cluster_name}' and",
" parameters.puppetdb_discovery_tag = '${puppetdb_discovery_tag}' and",
" parameters.cluster_name = '${_cluster_name}' and",
" parameters.puppetdb_discovery_tag = '${_puppetdb_discovery_tag}' and",
" certname != '${trusted[certname]}'",
' }',
' }',
Expand Down Expand Up @@ -162,10 +174,15 @@
}

if $manage_firewall {
if defined(Class['k8s']) {
$_k8s_firewall_type = $k8s::firewall_type
} else {
$_k8s_firewall_type = lookup('k8s::firewall_type', undef, undef, undef)
}
if $facts['firewalld_version'] {
$_firewall_type = pick($firewall_type, 'firewalld')
$_firewall_type = pick($firewall_type, $_k8s_firewall_type, 'firewalld')
} else {
$_firewall_type = pick($firewall_type, 'iptables')
$_firewall_type = pick($firewall_type, $_k8s_firewall_type, 'iptables')
}

case $_firewall_type {
Expand Down
Loading

0 comments on commit b174ec9

Please sign in to comment.