Merge pull request #15493 from justinsb/hetzner_kops_controller

Use kops-controller on hetzner, even with gossip
2023-06-11 08:57:47 -07:00 · 2023-06-11 08:57:47 -07:00 · 38b99df517
parent 79178d93bb abd274b3f9
commit 38b99df517
3 changed files with 50 additions and 27 deletions
--- a/pkg/apis/kops/model/features.go
+++ b/pkg/apis/kops/model/features.go
@ -52,11 +52,14 @@ func UseChallengeCallback(cloudProvider kops.CloudProviderID) bool {
 // UseKopsControllerForNodeConfig checks if nodeup should use kops-controller to get nodeup.Config.
 func UseKopsControllerForNodeConfig(cluster *kops.Cluster) bool {
-	switch cluster.Spec.GetCloudProvider() {
+	if cluster.UsesLegacyGossip() {
-	case kops.CloudProviderGCE:
+		switch cluster.Spec.GetCloudProvider() {
-		// We can use cloud-discovery here.
+		case kops.CloudProviderGCE:
-	default:
+			// We can use cloud-discovery here.
-		if cluster.UsesLegacyGossip() {
+		case kops.CloudProviderHetzner:
 			// We don't have a cloud-discovery mechanism implemented in nodeup for hetzner,
 			// but we assume that we're using a load balancer with a fixed IP address
 		default:
 			return false
 		}
 	}
--- a/pkg/model/hetznermodel/loadbalancer.go
+++ b/pkg/model/hetznermodel/loadbalancer.go
@ -60,7 +60,7 @@ func (b *LoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) error
 		},
 	}
-	if b.Cluster.UsesNoneDNS() {
+	if b.Cluster.UsesNoneDNS() || b.UseKopsControllerForNodeBootstrap() {
 		loadbalancer.Services = append(loadbalancer.Services, &hetznertasks.LoadBalancerService{
 			Protocol:        string(hcloud.LoadBalancerServiceProtocolTCP),
 			ListenerPort:    fi.PtrTo(wellknownports.KopsControllerPort),
--- a/upup/pkg/fi/cloudup/apply_cluster.go
+++ b/upup/pkg/fi/cloudup/apply_cluster.go
@ -1419,44 +1419,64 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
 	}
 	// Set API server address to an IP from the cluster network CIDR
 	var controlPlaneIPs []string
 	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderAWS, kops.CloudProviderHetzner, kops.CloudProviderOpenstack:
 		// Use a private IP address that belongs to the cluster network CIDR (some additional addresses may be FQDNs or public IPs)
 		for _, additionalIP := range apiserverAdditionalIPs {
 			for _, networkCIDR := range append(cluster.Spec.Networking.AdditionalNetworkCIDRs, cluster.Spec.Networking.NetworkCIDR) {
 				_, cidr, err := net.ParseCIDR(networkCIDR)
 				if err != nil {
 					return nil, nil, fmt.Errorf("failed to parse network CIDR %q: %w", networkCIDR, err)
 				}
 				if cidr.Contains(net.ParseIP(additionalIP)) {
 					controlPlaneIPs = append(controlPlaneIPs, additionalIP)
 				}
 			}
 		}
 	case kops.CloudProviderDO, kops.CloudProviderScaleway:
 		// Use any IP address that is found (including public ones)
 		for _, additionalIP := range apiserverAdditionalIPs {
 			controlPlaneIPs = append(controlPlaneIPs, additionalIP)
 		}
 	case kops.CloudProviderGCE:
 		// Use any IP address that is found (including public ones)
 		for _, additionalIP := range apiserverAdditionalIPs {
 			controlPlaneIPs = append(controlPlaneIPs, additionalIP)
 		}
 	}
 	if cluster.UsesNoneDNS() {
 		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderAWS, kops.CloudProviderHetzner, kops.CloudProviderOpenstack:
-			// Use a private IP address that belongs to the cluster network CIDR (some additional addresses may be FQDNs or public IPs)
+			bootConfig.APIServerIPs = controlPlaneIPs
 			for _, additionalIP := range apiserverAdditionalIPs {
 				for _, networkCIDR := range append(cluster.Spec.Networking.AdditionalNetworkCIDRs, cluster.Spec.Networking.NetworkCIDR) {
 					_, cidr, err := net.ParseCIDR(networkCIDR)
 					if err != nil {
 						return nil, nil, fmt.Errorf("failed to parse network CIDR %q: %w", networkCIDR, err)
 					}
 					if cidr.Contains(net.ParseIP(additionalIP)) {
 						bootConfig.APIServerIPs = append(bootConfig.APIServerIPs, additionalIP)
 					}
 				}
 			}
 		case kops.CloudProviderDO, kops.CloudProviderScaleway:
-			// Use any IP address that is found (including public ones)
+			bootConfig.APIServerIPs = controlPlaneIPs
 			for _, additionalIP := range apiserverAdditionalIPs {
 				bootConfig.APIServerIPs = append(bootConfig.APIServerIPs, additionalIP)
 			}
 		case kops.CloudProviderGCE:
-			// Use any IP address that is found (including public ones)
+			bootConfig.APIServerIPs = controlPlaneIPs
-			for _, additionalIP := range apiserverAdditionalIPs {
+
 				bootConfig.APIServerIPs = append(bootConfig.APIServerIPs, additionalIP)
 			}
 		default:
 			return nil, nil, fmt.Errorf("'none' DNS topology is not supported for cloud %q", cluster.Spec.GetCloudProvider())
 		}
 	} else {
 		// If we do have a fixed IP, we use it (on some clouds, initially)
 		switch cluster.Spec.GetCloudProvider() {
 		case kops.CloudProviderHetzner:
 			bootConfig.APIServerIPs = controlPlaneIPs
 		}
 	}
 	useConfigServer := apiModel.UseKopsControllerForNodeConfig(cluster) && !ig.HasAPIServer()
 	if useConfigServer {
 		hosts := []string{"kops-controller.internal." + cluster.ObjectMeta.Name}
-		if cluster.UsesNoneDNS() && len(bootConfig.APIServerIPs) > 0 {
+		if len(bootConfig.APIServerIPs) > 0 {
 			hosts = bootConfig.APIServerIPs
 		}
 		configServer := &nodeup.ConfigServerOptions{
 			CACertificates: config.CAs[fi.CertificateIDCA],
 		}