Merge pull request #142 from gianarb/feature/multi-master

k8s-ci-robot · web-flow · commit 620918fca25e · 2020-07-02T04:32:49.000-07:00
Kubernetes HA with multi control plane
diff --git a/controllers/packetcluster_controller.go b/controllers/packetcluster_controller.go
@@ -18,7 +18,6 @@ package controllers
 
 import (
 	"context"
-	"fmt"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -33,6 +32,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
+	"github.com/packethost/cluster-api-provider-packet/api/v1alpha3"
 	infrastructurev1alpha3 "github.com/packethost/cluster-api-provider-packet/api/v1alpha3"
 	packet "github.com/packethost/cluster-api-provider-packet/pkg/cloud/packet"
 	"github.com/packethost/cluster-api-provider-packet/pkg/cloud/packet/scope"
@@ -102,28 +102,42 @@ func (r *PacketClusterReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, re
 		}
 	}()
 
-	clusterScope.PacketCluster.Status.Ready = true
+	// Handle deleted clusters
+	if !cluster.DeletionTimestamp.IsZero() {
+		return r.reconcileDelete(clusterScope)
+	}
 
-	address, err := r.getIP(clusterScope.PacketCluster)
-	_, isNoMachine := err.(*MachineNotFound)
-	_, isNoIP := err.(*MachineNoIP)
-	switch {
-	case err != nil && isNoMachine:
-		logger.Info("Control plane device not found. Requeueing...")
-		return ctrl.Result{Requeue: true, RequeueAfter: 30 * time.Second}, nil
-	case err != nil && isNoIP:
-		logger.Info("Control plane device not found. Requeueing...")
-		return ctrl.Result{Requeue: true, RequeueAfter: 30 * time.Second}, nil
-	case err != nil:
-		logger.Error(err, "error getting a control plane ip")
-		return ctrl.Result{}, err
-	case err == nil:
+	return r.reconcileNormal(packetcluster, clusterScope)
+}
+
+func (r *PacketClusterReconciler) reconcileNormal(packetcluster *v1alpha3.PacketCluster, clusterScope *scope.ClusterScope) (ctrl.Result, error) {
+	if ipReserv, err := r.PacketClient.GetIPByClusterIdentifier(clusterScope.Namespace(), clusterScope.Name(), packetcluster.Spec.ProjectID); err == packet.ErrControlPlanEndpointNotFound {
+		// There is not an ElasticIP with the right tags, at this point we can create one
+		ip, err := r.PacketClient.CreateIP(clusterScope.Namespace(), clusterScope.Name(), packetcluster.Spec.ProjectID, packetcluster.Spec.Facility)
+		if err != nil {
+			r.Log.Error(err, "error reserving an ip")
+			return ctrl.Result{}, err
+		}
 		clusterScope.PacketCluster.Spec.ControlPlaneEndpoint = clusterv1.APIEndpoint{
-			Host: address,
+			Host: ip.To4().String(),
+			Port: 6443,
+		}
+	} else {
+		// If there is an ElasticIP with the right tag just use it again
+		clusterScope.PacketCluster.Spec.ControlPlaneEndpoint = clusterv1.APIEndpoint{
+			Host: ipReserv.Address,
 			Port: 6443,
 		}
 	}
+	clusterScope.PacketCluster.Status.Ready = true
+	return ctrl.Result{}, nil
+}
 
+func (r *PacketClusterReconciler) reconcileDelete(clusterScope *scope.ClusterScope) (ctrl.Result, error) {
+	// Initially I created this handler to remove an elastic IP when a cluster
+	// gets delete, but it does not sound like a good idea.  It is better to
+	// leave to the users the ability to decide if they want to keep and resign
+	// the IP or if they do not need it anymore
 	return ctrl.Result{}, nil
 }
 
@@ -139,30 +153,6 @@ func (r *PacketClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Complete(r)
 }
 
-func (r *PacketClusterReconciler) getIP(cluster *infrastructurev1alpha3.PacketCluster) (string, error) {
-	if cluster == nil {
-		return "", fmt.Errorf("cannot get IP of machine in nil cluster")
-	}
-	tags := []string{
-		packet.GenerateClusterTag(string(cluster.Name)),
-		infrastructurev1alpha3.MasterTag,
-	}
-	device, err := r.PacketClient.GetDeviceByTags(cluster.Spec.ProjectID, tags)
-	if err != nil {
-		return "", fmt.Errorf("error retrieving machine: %v", err)
-	}
-	if device == nil {
-		return "", &MachineNotFound{err: fmt.Sprintf("machine does not exist")}
-	}
-	if device.Network == nil || len(device.Network) == 0 || device.Network[0].Address == "" {
-		return "", &MachineNoIP{err: "machine does not yet have an IP address"}
-	}
-	// TODO: validate that this address exists, so we don't hit nil pointer
-	// TODO: check which address to return
-	// TODO: check address format (cidr, subnet, etc.)
-	return device.Network[0].Address, nil
-}
-
 // MachineNotFound error representing that the requested device was not yet found
 type MachineNotFound struct {
 	err string
diff --git a/controllers/packetmachine_controller.go b/controllers/packetmachine_controller.go
@@ -22,6 +22,8 @@ import (
 	"net/http"
 	"time"
 
+	corev1 "k8s.io/api/core/v1"
+
 	"github.com/go-logr/logr"
 	"github.com/google/uuid"
 	"github.com/packethost/packngo"
@@ -47,6 +49,7 @@ import (
 
 const (
 	providerName = "packet"
+	force        = true
 )
 
 // PacketMachineReconciler reconciles a PacketMachine object
@@ -192,8 +195,10 @@ func (r *PacketMachineReconciler) reconcile(ctx context.Context, machineScope *s
 
 	providerID := machineScope.GetInstanceID()
 	var (
-		dev *packngo.Device
-		err error
+		dev                  *packngo.Device
+		addrs                []corev1.NodeAddress
+		err                  error
+		controlPlaneEndpoint packngo.IPAddressReservation
 	)
 	// if we have no provider ID, then we are creating
 	if providerID != "" {
@@ -203,17 +208,35 @@ func (r *PacketMachineReconciler) reconcile(ctx context.Context, machineScope *s
 		}
 	}
 	if dev == nil {
-		// generate a unique UID that will survive pivot, i.e. is not tied to the cluster itself
 		mUID := uuid.New().String()
 		tags := []string{
 			packet.GenerateMachineTag(mUID),
 			packet.GenerateClusterTag(clusterScope.Name()),
 		}
 
-		name := machineScope.Name()
-		dev, err = r.PacketClient.NewDevice(name, clusterScope.PacketCluster.Spec.ProjectID, machineScope, tags)
+		// when the node is a control plan we should check if the elastic ip
+		// for this cluster is not assigned. If it is free we can prepare the
+		// current node to use it.
+		if machineScope.IsControlPlane() {
+			controlPlaneEndpoint, _ = r.PacketClient.GetIPByClusterIdentifier(
+				clusterScope.Namespace(),
+				clusterScope.Name(),
+				clusterScope.PacketCluster.Spec.ProjectID)
+			if len(controlPlaneEndpoint.Assignments) == 0 {
+				a := corev1.NodeAddress{
+					Type:    corev1.NodeExternalIP,
+					Address: controlPlaneEndpoint.Address,
+				}
+				addrs = append(addrs, a)
+				// This tag is currently not used. I placed it there to easely localize the device that currently has the IP attached.
+				// Probably it is not neeed but I wil get back to it when working at #141.
+				tags = append(tags, fmt.Sprintf("capp.control-plane-endpoint=%s", controlPlaneEndpoint.Address))
+			}
+		}
+
+		dev, err = r.PacketClient.NewDevice(machineScope, tags)
 		if err != nil {
-			errs := fmt.Errorf("failed to create machine %s: %v", name, err)
+			errs := fmt.Errorf("failed to create machine %s: %v", machineScope.Name(), err)
 			machineScope.SetErrorReason(capierrors.CreateMachineError)
 			machineScope.SetErrorMessage(errs)
 			return ctrl.Result{}, errs
@@ -224,12 +247,13 @@ func (r *PacketMachineReconciler) reconcile(ctx context.Context, machineScope *s
 	machineScope.SetProviderID(dev.ID)
 	machineScope.SetInstanceStatus(infrastructurev1alpha3.PacketResourceStatus(dev.State))
 
-	addrs, err := r.PacketClient.GetDeviceAddresses(dev)
+	deviceAddr, err := r.PacketClient.GetDeviceAddresses(dev)
 	if err != nil {
 		machineScope.SetErrorMessage(errors.New("failed to getting device addresses"))
 		return ctrl.Result{}, err
 	}
-	machineScope.SetAddresses(addrs)
+
+	machineScope.SetAddresses(append(addrs, deviceAddr...))
 
 	// Proceed to reconcile the PacketMachine state.
 	var result = ctrl.Result{}
@@ -240,6 +264,25 @@ func (r *PacketMachineReconciler) reconcile(ctx context.Context, machineScope *s
 		result = ctrl.Result{RequeueAfter: 10 * time.Second}
 	case infrastructurev1alpha3.PacketResourceStatusRunning:
 		machineScope.Info("Machine instance is active", "instance-id", machineScope.GetInstanceID())
+
+		// This logic is here because an elastic ip can be assigned only an
+		// active node. It needs to be a control plane and the IP should not be
+		// assigned to anything at this point.
+		controlPlaneEndpoint, _ = r.PacketClient.GetIPByClusterIdentifier(
+			clusterScope.Namespace(),
+			clusterScope.Name(),
+			clusterScope.PacketCluster.Spec.ProjectID)
+		if len(controlPlaneEndpoint.Assignments) == 0 && machineScope.IsControlPlane() {
+			if _, _, err := r.PacketClient.DeviceIPs.Assign(dev.ID, &packngo.AddressStruct{
+				Address: controlPlaneEndpoint.Address,
+			}); err != nil {
+				r.Log.Error(err, "err assigining elastic ip to control plane. retrying...")
+				return ctrl.Result{
+					Requeue:      true,
+					RequeueAfter: time.Second * 20,
+				}, nil
+			}
+		}
 		machineScope.SetReady()
 		result = ctrl.Result{}
 	default:
@@ -279,7 +322,7 @@ func (r *PacketMachineReconciler) reconcileDelete(ctx context.Context, machineSc
 		return ctrl.Result{}, fmt.Errorf("machine does not exist: %s", packetmachine.Name)
 	}
 
-	_, err = r.PacketClient.Devices.Delete(device.ID)
+	_, err = r.PacketClient.Devices.Delete(device.ID, force)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to delete the machine: %v", err)
 	}
diff --git a/docs/concepts/cluster.md b/docs/concepts/cluster.md
@@ -0,0 +1,38 @@
+The PacketCluster is the CRD that contains information about where to place the
+Kubernetes cluster: facility and project.
+
+We do not support cross facilities or multi projects cluster. If you need so my
+suggestion is to look for what it is called [federation](k8s-federation).
+
+## Topology
+
+Each cluster we create leverages at least two Packet features: Device and ElasticIP.
+
+Kubernetes node is a Device and each cluster has an
+[ElasticIP](elastic-ip-packet) that is tagged with the name of the cluster.
+
+The ElasticIP guarantees a stable endpoint even when the control plane(s) are
+recycling during a Kubernetes version update or an outages.
+
+## ElasticIP lifecycle
+
+Every cluster has its own ElasticIP. It is tagged with the name of the cluster and
+it does not get removed when a cluster is terminated. You have to remove it manually.
+
+This is a safety feature in this way you can re-assign the IP to another
+cluster with the same name.
+
+## FAQ
+
+**Does cluster-api work with only Ubuntu/Debian?**
+
+Currently the cluster-template only supports Ubuntu because it uses `apt` and it
+does a couple of assumptions around networking. This does not mean that you
+can't use `cluster-api-provier-packet` with other templates, but you will have
+to make your own cluster specification in order to make the installation process
+to work as you want. We have an open issue about this: ["Figure out where we
+stand about operating systems"](os-issue).
+
+[k8s-federation]: https://kubernetes.io/blog/2018/12/12/kubernetes-federation-evolution/
+[elastic-ip-packet]: https://www.packet.com/developers/docs/network/basic/elastic-ips/
+[os-issue]: https://github.com/kubernetes-sigs/cluster-api-provider-packet/issues/118
diff --git a/docs/concepts/kubeadmcontrolplane.md b/docs/concepts/kubeadmcontrolplane.md
@@ -0,0 +1,10 @@
+[KubeadmControlPlane](kubeadmcontrolplane-book) is a CRD provided by the cluster-api kubeadm bootstrapped.
+It manages the control planes lifecycle.
+
+We use this CRD when deploying a Kubernetes Cluster in High Availability because
+you can use the field `replicas` to specify how many control plans you need.
+
+It is a good idea to use it even when you have only one control plane because it
+manages Kubernetes updates.
+
+[kubeadmcontrolplane-book]: https://cluster-api.sigs.k8s.io/developer/architecture/controllers/control-plane.html
diff --git a/docs/concepts/machine.md b/docs/concepts/machine.md
@@ -10,8 +10,6 @@ metadata:
   name: "qa-master-0"
 spec:
   OS: "ubuntu_18_04"
-  facility:
-  - "dfw2"
   billingCycle: hourly
   machineType: "t2.small"
   sshKeys:
diff --git a/go.mod b/go.mod
@@ -17,3 +17,5 @@ require (
 	sigs.k8s.io/cluster-api v0.3.5
 	sigs.k8s.io/controller-runtime v0.5.2
 )
+
+replace github.com/packethost/packngo => github.com/deitch/packngo v0.2.1-0.20200628082620-d644bb21e1f3
diff --git a/go.sum b/go.sum
@@ -74,6 +74,8 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deitch/packngo v0.2.1-0.20200628082620-d644bb21e1f3 h1:ph32bLs6ix+iPhSP4oapLhlpIwW1n9I9e7wELpnvBfI=
+github.com/deitch/packngo v0.2.1-0.20200628082620-d644bb21e1f3/go.mod h1:erURcsqYzwc9wSb04TX4so+s6F3uZtbXUil0W1LCGHA=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
@@ -210,6 +212,12 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM=
+github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/golang-lru v0.0.0-20180201235237-0fb14efe8c47/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -314,8 +322,6 @@ github.com/onsi/gomega v1.9.0 h1:R1uwffexN6Pr340GtYRIdZmAiN4J+iw6WG4wog1DUXg=
 github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/packethost/packngo v0.2.0 h1:mSlzOof8PsOWCy78sBMt/PwMJTEjjQ/rRvMixu4Nm6c=
-github.com/packethost/packngo v0.2.0/go.mod h1:RQHg5xR1F614BwJyepfMqrKN+32IH0i7yX+ey43rEeQ=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.6.0 h1:aetoXYr0Tv7xRU/V4B4IZJ2QcbtMUFoNb3ORp7TzIK4=
@@ -397,6 +403,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
@@ -439,6 +447,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200420201142-3c4aac89819a h1:y6sBfNd1b9Wy08a6K1Z1DZc4aXABUN5TKjkYhz7UKmo=
+golang.org/x/crypto v0.0.0-20200420201142-3c4aac89819a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
diff --git a/pkg/cloud/packet/client.go b/pkg/cloud/packet/client.go
diff --git a/scripts/generate-cluster.sh b/scripts/generate-cluster.sh
diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml

Original file line number	Diff line number	Diff line change
`@@ -17,3 +17,5 @@ require (`
`17`	`17`	`sigs.k8s.io/cluster-api v0.3.5`
`18`	`18`	`sigs.k8s.io/controller-runtime v0.5.2`
`19`	`19`	`)`
	`20`	`+`
	`21`	`+replace github.com/packethost/packngo => github.com/deitch/packngo v0.2.1-0.20200628082620-d644bb21e1f3`