refactor: convert puppetserver compilers to deployment with configmap integration
- Convert StatefulSet to Deployment for better scaling flexibility - Add initContainer to copy configmaps to shared RWX volume (10GB) - Integrate puppetserver-compiler-config configmap for environment variables - Configure configMapGenerator with stable names (disableNameSuffixHash) - Update HPA to target Deployment instead of StatefulSet - Simplify puppetboard SSL config to skip verification for internal connections
This commit is contained in:
@@ -12,9 +12,7 @@ metadata:
|
|||||||
data:
|
data:
|
||||||
PUPPETDB_HOST: "puppetdb"
|
PUPPETDB_HOST: "puppetdb"
|
||||||
PUPPETDB_PORT: "8081"
|
PUPPETDB_PORT: "8081"
|
||||||
PUPPETDB_SSL_VERIFY: "/opt/puppetboard/ssl/ca.pem"
|
PUPPETDB_SSL_SKIP_VERIFY: "True"
|
||||||
PUPPETDB_KEY: "/opt/puppetboard/ssl/puppetboard.key"
|
|
||||||
PUPPETDB_CERT: "/opt/puppetboard/ssl/puppetboard.pem"
|
|
||||||
LOGLEVEL: "debug"
|
LOGLEVEL: "debug"
|
||||||
PUPPETDB_TIMEOUT: "20"
|
PUPPETDB_TIMEOUT: "20"
|
||||||
UNRESPONSIVE_HOURS: "3"
|
UNRESPONSIVE_HOURS: "3"
|
||||||
|
|||||||
+50
-30
@@ -1,5 +1,5 @@
|
|||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: StatefulSet
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
reloader.stakater.com/auto: "true"
|
reloader.stakater.com/auto: "true"
|
||||||
@@ -11,12 +11,10 @@ metadata:
|
|||||||
name: puppetserver-compiler
|
name: puppetserver-compiler
|
||||||
namespace: puppet
|
namespace: puppet
|
||||||
spec:
|
spec:
|
||||||
podManagementPolicy: OrderedReady
|
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/component: puppetserver-compilers
|
app.kubernetes.io/component: puppetserver-compilers
|
||||||
app.kubernetes.io/name: puppetserver
|
app.kubernetes.io/name: puppetserver
|
||||||
serviceName: puppet-headless
|
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
@@ -41,26 +39,14 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- containerPort: 8140
|
- containerPort: 8140
|
||||||
name: puppetserver
|
name: puppetserver
|
||||||
envFrom: null
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
name: puppetserver-compiler-config
|
||||||
env:
|
env:
|
||||||
- name: OPENVOXSERVER_HOSTNAME
|
- name: OPENVOXSERVER_HOSTNAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: metadata.name
|
fieldPath: metadata.name
|
||||||
- name: OPENVOXSERVER_PORT
|
|
||||||
value: "8140"
|
|
||||||
- name: DNS_ALT_NAMES
|
|
||||||
value: puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net
|
|
||||||
- name: OPENVOXDB_SERVER_URLS
|
|
||||||
value: https://puppetdb:8081
|
|
||||||
- name: CA_ENABLED
|
|
||||||
value: "false"
|
|
||||||
- name: CA_HOSTNAME
|
|
||||||
value: puppetca
|
|
||||||
- name: CA_PORT
|
|
||||||
value: "8140"
|
|
||||||
- name: PUPPETSERVER_JAVA_ARGS
|
|
||||||
value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
|
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
periodSeconds: 30
|
periodSeconds: 30
|
||||||
@@ -109,6 +95,36 @@ spec:
|
|||||||
name: eyaml-keys
|
name: eyaml-keys
|
||||||
readOnly: true
|
readOnly: true
|
||||||
initContainers:
|
initContainers:
|
||||||
|
- name: copy-configmaps
|
||||||
|
image: busybox:1.35
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
echo "Copying configmap files to shared volume..."
|
||||||
|
mkdir -p /etc/puppetlabs/puppet
|
||||||
|
cp /configmaps/puppet.conf /etc/puppetlabs/puppet/puppet.conf
|
||||||
|
cp /configmaps/puppetdb.conf /etc/puppetlabs/puppet/puppetdb.conf
|
||||||
|
cp /configmaps/autosign.conf /etc/puppetlabs/puppet/autosign.conf
|
||||||
|
cp /configmaps/cobbler-enc /etc/puppetlabs/puppet/cobbler-enc
|
||||||
|
chmod +x /etc/puppetlabs/puppet/cobbler-enc
|
||||||
|
echo "Configmap files copied successfully"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/puppetlabs/puppet/
|
||||||
|
name: puppet-puppet-volume
|
||||||
|
- mountPath: /configmaps/puppet.conf
|
||||||
|
name: compiler-puppet-conf
|
||||||
|
subPath: puppet.conf
|
||||||
|
- mountPath: /configmaps/puppetdb.conf
|
||||||
|
name: compiler-puppetdb-conf
|
||||||
|
subPath: puppetdb.conf
|
||||||
|
- mountPath: /configmaps/autosign.conf
|
||||||
|
name: compiler-autosign-conf
|
||||||
|
subPath: autosign.conf
|
||||||
|
- mountPath: /configmaps/cobbler-enc
|
||||||
|
name: puppet-cobbler-enc
|
||||||
|
subPath: cobbler-enc
|
||||||
- args:
|
- args:
|
||||||
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys;
|
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys;
|
||||||
mkdir -p /etc/puppetlabs/code/environments;
|
mkdir -p /etc/puppetlabs/code/environments;
|
||||||
@@ -165,20 +181,24 @@ spec:
|
|||||||
- name: puppet-code-volume
|
- name: puppet-code-volume
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: puppetserver-code-shared
|
claimName: puppetserver-code-shared
|
||||||
|
- name: puppet-puppet-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: puppetserver-compiler-config-shared
|
||||||
- name: eyaml-keys
|
- name: eyaml-keys
|
||||||
secret:
|
secret:
|
||||||
secretName: eyaml-keys
|
secretName: eyaml-keys
|
||||||
defaultMode: 0600
|
defaultMode: 0600
|
||||||
updateStrategy:
|
- name: compiler-puppet-conf
|
||||||
|
configMap:
|
||||||
|
name: compiler-puppet.conf
|
||||||
|
- name: compiler-puppetdb-conf
|
||||||
|
configMap:
|
||||||
|
name: compiler-puppetdb.conf
|
||||||
|
- name: compiler-autosign-conf
|
||||||
|
configMap:
|
||||||
|
name: compiler-autosign.conf
|
||||||
|
- name: puppet-cobbler-enc
|
||||||
|
configMap:
|
||||||
|
name: puppet-cobbler-enc
|
||||||
|
strategy:
|
||||||
type: RollingUpdate
|
type: RollingUpdate
|
||||||
volumeClaimTemplates:
|
|
||||||
- metadata:
|
|
||||||
annotations: null
|
|
||||||
name: puppet-puppet-volume
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 1Gi
|
|
||||||
storageClassName: cephrbd-fast-delete
|
|
||||||
@@ -11,7 +11,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
scaleTargetRef:
|
scaleTargetRef:
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: StatefulSet
|
kind: Deployment
|
||||||
name: puppetserver-compiler
|
name: puppetserver-compiler
|
||||||
minReplicas: 2
|
minReplicas: 2
|
||||||
maxReplicas: 5
|
maxReplicas: 5
|
||||||
|
|||||||
@@ -31,4 +31,26 @@ resources:
|
|||||||
- service_puppetca.yaml
|
- service_puppetca.yaml
|
||||||
- service_puppetboard.yaml
|
- service_puppetboard.yaml
|
||||||
- service_puppetdb.yaml
|
- service_puppetdb.yaml
|
||||||
- statefulset_puppetserver-compiler.yaml
|
- deployment_puppetserver-compiler.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: compiler-autosign.conf
|
||||||
|
files:
|
||||||
|
- resources/compiler/autosign.conf
|
||||||
|
options:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
- name: compiler-puppet.conf
|
||||||
|
files:
|
||||||
|
- resources/compiler/puppet.conf
|
||||||
|
options:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
- name: compiler-puppetdb.conf
|
||||||
|
files:
|
||||||
|
- resources/compiler/puppetdb.conf
|
||||||
|
options:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
- name: puppet-cobbler-enc
|
||||||
|
files:
|
||||||
|
- resources/cobbler-enc
|
||||||
|
options:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
|||||||
@@ -106,3 +106,21 @@ spec:
|
|||||||
requests:
|
requests:
|
||||||
storage: 1Gi
|
storage: 1Gi
|
||||||
storageClassName: cephfs-raid6-delete
|
storageClassName: cephfs-raid6-delete
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/component: puppetserver-compilers
|
||||||
|
app.kubernetes.io/instance: puppetserver
|
||||||
|
app.kubernetes.io/name: puppetserver
|
||||||
|
app.kubernetes.io/version: 8.8.0
|
||||||
|
name: puppetserver-compiler-config-shared
|
||||||
|
namespace: puppet
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
||||||
|
storageClassName: cephfs-raid6-delete
|
||||||
|
|||||||
Executable
+50
@@ -0,0 +1,50 @@
|
|||||||
|
#!/usr/bin/env -S uv run --quiet --script
|
||||||
|
# /// script
|
||||||
|
# requires-python = ">=3.11"
|
||||||
|
# dependencies = ['pyyaml','requests']
|
||||||
|
# ///
|
||||||
|
"""
|
||||||
|
External Node Classifier (ENC) for Puppet.
|
||||||
|
|
||||||
|
If the environment specified in the YAML file is 'testing',
|
||||||
|
the environment is not included in the output.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import yaml
|
||||||
|
import requests
|
||||||
|
|
||||||
|
def fetch_enc_data(cobbler_url: str, hostname: str) -> str:
|
||||||
|
"""
|
||||||
|
Fetches and modifies ENC data from a given URL to ensure classes are in list format.
|
||||||
|
"""
|
||||||
|
url = f"{cobbler_url}/cblr/svc/op/puppet/hostname/{hostname}"
|
||||||
|
try:
|
||||||
|
response = requests.get(url, verify='/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem')
|
||||||
|
response.raise_for_status()
|
||||||
|
except requests.RequestException as e:
|
||||||
|
sys.exit(f"Request failed: {e}")
|
||||||
|
|
||||||
|
data = yaml.safe_load(response.text)
|
||||||
|
data["parameters"] = data.get("parameters", {})
|
||||||
|
|
||||||
|
# Ensure 'classes' is in the desired list format
|
||||||
|
if "classes" in data:
|
||||||
|
if isinstance(data["classes"], dict):
|
||||||
|
data["parameters"]["enc_role"] = list(data["classes"].keys())
|
||||||
|
data["classes"] = list(data["classes"].keys())
|
||||||
|
else:
|
||||||
|
data["parameters"]["enc_role"] = list(data["classes"])
|
||||||
|
data["classes"] = list(data["classes"])
|
||||||
|
|
||||||
|
if "environment" in data:
|
||||||
|
data["parameters"]["enc_env"] = data["environment"]
|
||||||
|
if data["environment"] == "testing":
|
||||||
|
del data["environment"]
|
||||||
|
|
||||||
|
return yaml.dump(data)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
if len(sys.argv) != 2:
|
||||||
|
sys.exit(f"Usage: {sys.argv[0]} <hostname>")
|
||||||
|
print(fetch_enc_data("https://cobbler.main.unkin.net", sys.argv[1]))
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
# Autosign all nodes from these subnets
|
||||||
|
198.18.13.0/24
|
||||||
|
198.18.14.0/24
|
||||||
|
198.18.15.0/24
|
||||||
|
198.18.16.0/24
|
||||||
|
198.18.17.0/24
|
||||||
|
198.18.20.0/24
|
||||||
|
198.18.24.0/24
|
||||||
|
198.18.25.0/24
|
||||||
|
198.18.26.0/24
|
||||||
|
198.18.27.0/24
|
||||||
|
198.18.28.0/24
|
||||||
|
198.18.29.0/24
|
||||||
|
# Autosign all nodes from these domains
|
||||||
|
*.main.unkin.net
|
||||||
@@ -0,0 +1,23 @@
|
|||||||
|
[main]
|
||||||
|
server = puppetserver-compiler
|
||||||
|
serverport = 8140
|
||||||
|
dns_alt_names = puppetserver-compiler,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net
|
||||||
|
|
||||||
|
[server]
|
||||||
|
vardir = /opt/puppetlabs/server/data/puppetserver
|
||||||
|
logdir = /var/log/puppetlabs/puppetserver
|
||||||
|
rundir = /var/run/puppetlabs/puppetserver
|
||||||
|
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
|
||||||
|
codedir = /etc/puppetlabs/code
|
||||||
|
environmentpath = /etc/puppetlabs/code/environments
|
||||||
|
|
||||||
|
[master]
|
||||||
|
node_terminus = exec
|
||||||
|
external_nodes = /usr/local/bin/cobbler-enc
|
||||||
|
autosign = /etc/puppetlabs/puppet/autosign.conf
|
||||||
|
default_manifest = /etc/puppetlabs/code/environments/develop/manifests
|
||||||
|
default_environment = develop
|
||||||
|
storeconfigs = true
|
||||||
|
storeconfigs_backend = puppetdb
|
||||||
|
reports = puppetdb
|
||||||
|
usecacheonfailure = false
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
[main]
|
||||||
|
server_urls = https://puppetdb.k8s.syd1.au.unkin.net
|
||||||
|
soft_write_failure = true
|
||||||
Reference in New Issue
Block a user