Use display_external_ip as ClusterIP in ingress-nginx-init of bootstrap.values.yaml
What does this MR do and why?
On a real baremetals deployment, we experienced the following error message when deploying the mgmt-cluster:
errorMessage: 'Image provisioning failed: Failed to prepare to deploy: Validation
of image href https://172.XY.XX.YY/opensuse-15-6-plain-rke2-1-31-8-0.4.12.raw
failed, reason: HTTPSConnectionPool(host=''172.20.86.120'', port=443): Max retries exceeded with url: /opensuse-15-6-plain-rke2-1-31-8-0.4.12.raw (Caused by SSLError(CertificateError("hostname
''172.XY.XX.YY'' doesn''t match either of ''localhost'', ''127.0.0.1'', ''172.18.0.2''")))'172.18.0.2 is the Kind cluster ip
172.XY.XX.YY is the server IP which host my bootstrap clusterIP
It's seems that the certificate contains the wrong bootstrapcluster ip (172.18.0.2) which is not used by the os-image-server.
We should use display_external_ip as ClusterIP in ingress-nginx-init as it's in values.yaml https://gitlab.com/sylva-projects/sylva-core/-/blob/main/charts/sylva-units/values.yaml?ref_type=heads#L4176.
In the case of capm3-libvirt (in CI), we set use_os_image_server_service_urls, which means that https is not used from bootstrap<->mgmt for os-image-server.
Fixed in collaboration with @mederic.deverdilhac
Related reference(s)
Close #2414 (closed)
Test coverage
Tested in CI (capm3-libvirt) and in a real baremetals deployment environment
CI configuration
Below you can choose test deployment variants to run in this MR's CI.
Click to open to CI configuration
Legend:
| Icon | Meaning | Available values |
|---|---|---|
| Infra Provider |
capd, capo, capm3
|
|
| Bootstrap Provider |
kubeadm (alias kadm), rke2
|
|
| Node OS |
ubuntu, suse
|
|
| Deployment Options |
light-deploy, dev-sources, ha, misc, maxsurge-0, logging, no-logging
|
|
| Pipeline Scenarios | Available scenario list and description |
-
🎬 preview☁️ capd🚀 kadm🐧 ubuntu -
🎬 preview☁️ capo🚀 rke2🐧 suse -
🎬 preview☁️ capm3🚀 rke2🐧 ubuntu -
☁️ capd🚀 kadm🛠️ light-deploy🐧 ubuntu -
☁️ capd🚀 rke2🛠️ light-deploy🐧 suse -
☁️ capo🚀 rke2🐧 suse -
☁️ capo🚀 kadm🐧 ubuntu -
☁️ capo🚀 rke2🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capo🚀 kadm🎬 wkld-k8s-upgrade🐧 ubuntu -
☁️ capo🚀 rke2🎬 rolling-update-no-wkld🛠️ ha🐧 suse -
☁️ capo🚀 rke2🎬 sylva-upgrade-from-1.3.x🛠️ ha🐧 ubuntu -
☁️ capo🚀 rke2🎬 sylva-upgrade-from-1.3.x🛠️ ha,misc🐧 ubuntu -
☁️ capo🚀 rke2🛠️ ha,misc🐧 ubuntu -
☁️ capm3🚀 rke2🐧 suse -
☁️ capm3🚀 kadm🐧 ubuntu -
☁️ capm3🚀 kadm🎬 rolling-update-no-wkld🛠️ ha,misc🐧 ubuntu -
☁️ capm3🚀 rke2🎬 wkld-k8s-upgrade🛠️ ha🐧 suse -
☁️ capm3🚀 kadm🎬 rolling-update🛠️ ha🐧 ubuntu -
☁️ capm3🚀 rke2🎬 sylva-upgrade-from-1.3.x🛠️ ha🐧 suse -
☁️ capm3🚀 rke2🛠️ misc,ha🐧 suse -
☁️ capm3🚀 rke2🎬 sylva-upgrade-from-1.3.x🛠️ ha,misc🐧 suse -
☁️ capm3🚀 kadm🎬 rolling-update🛠️ ha🐧 suse -
☁️ capm3🚀 ck8s🎬 no-wkld🛠️ light-deploy,k8s-1.31🐧 ubuntu
Global config for deployment pipelines
-
autorun pipelines -
allow failure on pipelines -
record sylvactl events
Notes:
- Enabling
autorunwill make deployment pipelines to be run automatically without human interaction - Disabling
allow failurewill make deployment pipelines mandatory for pipeline success. - if both
autorunandallow failureare disabled, deployment pipelines will need manual triggering but will be blocking the pipeline
Be aware: after configuration change, pipeline is not triggered automatically.
Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.