f-145: Adds HTTP_PROXY capabilities for rke2

Signed-off-by: Aleix Ramírez <[email protected]>
OpenNebula · Dec 11, 2024 · dd7abcd · dd7abcd
1 parent e412c68
commit dd7abcd
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb
@@ -58,6 +58,11 @@
 ONEAPP_K8S_CONTROL_PLANE_EP = env :ONEAPP_K8S_CONTROL_PLANE_EP, "#{ONEAPP_VROUTER_ETH0_VIP0}:#{ONEAPP_VNF_HAPROXY_LB1_PORT}"
 ONEAPP_K8S_EXTRA_SANS       = env :ONEAPP_K8S_EXTRA_SANS, 'localhost,127.0.0.1'
 
+# Proxy config for RKE2: https://docs.rke2.io/advanced#configuring-an-http-proxy
+ONEAPP_K8S_HTTP_PROXY = env :ONEAPP_K8S_HTTP_PROXY, nil
+ONEAPP_K8S_HTTPS_PROXY = env :ONEAPP_K8S_HTTPS_PROXY, nil
+ONEAPP_K8S_NO_PROXY = env :ONEAPP_K8S_NO_PROXY, nil
+
 FALLBACK_GW  = env :FALLBACK_GW, nil
 FALLBACK_DNS = env :FALLBACK_DNS, nil
 

diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb
@@ -199,6 +199,8 @@ def init_master
     msg :info, 'Prepare initial rke2-server config'
     file '/etc/rancher/rke2/config.yaml', YAML.dump(server_config), overwrite: false
 
+    configure_rke2_proxy 'master'
+
     msg :info, "Initialize first master: #{name}"
     bash 'systemctl enable rke2-server.service --now'
 
@@ -305,6 +307,8 @@ def join_worker(token)
     msg :info, 'Prepare rke2-agent config'
     file '/etc/rancher/rke2/config.yaml', YAML.dump(agent_config), overwrite: true
 
+    configure_rke2_proxy 'worker'
+
     msg :info, "Join worker: #{name}"
     bash 'systemctl enable rke2-agent.service --now'
 end
@@ -329,6 +333,8 @@ def join_storage(token)
     msg :info, 'Prepare rke2-agent config'
     file '/etc/rancher/rke2/config.yaml', YAML.dump(agent_config), overwrite: true
 
+    configure_rke2_proxy 'worker'
+
     msg :info, "Join storage: #{name}"
     bash 'systemctl enable rke2-agent.service --now'
 end
@@ -361,3 +367,36 @@ def detect_node
     msg :debug, "detect_node / #{results}"
     results
 end
+
+def configure_rke2_proxy(current_role)
+    if ONEAPP_K8S_HTTP_PROXY.to_s.empty? && ONEAPP_K8S_HTTPS_PROXY.to_s.empty?
+        return
+    end
+
+    rke2_role = current_role == 'master' ? 'server' : 'agent'
+    filepath = "/etc/default/rke2-#{rke2_role}"
+
+    msg :info, "Prepare rke2-#{rke2_role} proxy config in #{filepath}"
+
+    proxy_config = String.new
+    proxy_config << "HTTP_PROXY=#{ONEAPP_K8S_HTTP_PROXY}\n" unless ONEAPP_K8S_HTTP_PROXY.nil?
+    proxy_config << "HTTPS_PROXY=#{ONEAPP_K8S_HTTPS_PROXY}\n" unless ONEAPP_K8S_HTTPS_PROXY.nil?
+    if ONEAPP_K8S_NO_PROXY.to_s.empty?
+        no_proxy = ['127.0.0.1/32', 'localhost']
+        no_proxy << retrieve_endpoint_host(ONEAPP_K8S_CONTROL_PLANE_EP) if ONEAPP_K8S_CONTROL_PLANE_EP
+        no_proxy << retrieve_endpoint_host(ONEAPP_RKE2_SUPERVISOR_EP) if ONEAPP_RKE2_SUPERVISOR_EP
+        proxy_config << "NO_PROXY=#{no_proxy.uniq.join(',')}\n"
+    else
+        proxy_config << "NO_PROXY=#{ONEAPP_K8S_NO_PROXY}\n"
+    end
+
+    file filepath, proxy_config, overwrite: true
+
+end
+
+def retrieve_endpoint_host(endpoint)
+    uri = URI.parse(endpoint.include?('://') ? endpoint : "http://#{endpoint}")
+    host = uri.host
+    host = "#{host}/32" if host =~ Resolv::IPv4::Regex
+    host
+end