feat: introduce kind Immutable#513
Draft
ralgozino wants to merge 66 commits into
Draft
Conversation
This was referenced May 15, 2026
…ration and validation
- Created multiple YAML files to test various invalid configurations for the Immutable kind in KFD v1alpha2, including: - Invalid kind specification - Empty metadata name - Exceeding maximum length for metadata name - Empty distribution version - Missing SSH configuration - Empty nodes array - Invalid bond mode - Invalid CIDR format - Missing port in control plane address - Invalid networking type - Invalid ingress base domain - Additional properties in metadata - Added valid configurations for minimum viable and large clusters to ensure proper functionality.
… balancer, and worker nodes
- Cleaned up import statements in schema.go for better readability. - Consolidated constant declarations for resource behaviors and types in schema.go. - Introduced new "arch" field in immutable-kfd-v1alpha2.json to specify CPU architecture. - Added "version" and "loadBalancers" fields in Kubernetes cluster configuration. - Created new "Spec.Kubernetes.LoadBalancers" schema for load balancer configuration. - Updated Butane templates for control plane, etcd, load balancer, and worker nodes to support architecture-specific sysext paths. - Added new templates for Matchbox groups and profiles to facilitate MAC address mapping and boot profiles.
- Updated example paths in immutable-full-example.yaml to reflect the new iPXE server structure. - Modified schema.go files across various packages to reorder imports for consistency. - Consolidated constant declarations in schema.go files for better readability. - Enhanced comments and descriptions in the schema to clarify the purpose of fields related to the iPXE server. - Adjusted JSON schema for immutable-kfd-v1alpha2 to align with updated descriptions for iPXE server URL and paths.
…keyPath - Removed the mandatory keyPath field and replaced it with privateKeyPath. - Updated JSON schema to reflect the deprecation of keyPath. - Added a new rules file for immutable infrastructure settings. - Introduced a Butane template for Flatcar installation. - Enhanced various Butane templates to include sysext configurations for Kubernetes and etcd. - Updated mise.toml to comment out jq dependency. - Refactored imports in schema.go files for better organization. - Consolidated constant declarations in schema.go files for improved readability.
…nhance SSH configuration
…ailed configuration examples and schema updates
Add templates for Immutable kind preflight phase. Add Immutable to models.go so it gets exposed to furyctl
- Add templates needed for the kubernetes phase for Immutable kind - Add missing fields needed for the kubernetes phase to the Immutable kind schema - Add missing fields to the kfd.yaml file with versions for the Immutable installer
Port missing advanced parameters from onpremises to the immutable kind schema.
- Fix distribution phase schema in the Immutable kind, align it with the options present in OnPremises. Add support for the new Immutable kind in the disitribution templates and helpers.
Move loadBalancers configuration from the kubernetes phase to the infrastructure phase. Adjust schema and templates
Add support for toolsConfiguration and support to pass advanced configuration to ansible
Point to the new name of the flatcar installation ignition file.
Rename bootstrap.bu.tmpl to install-flatcar.bu.tpl for consistency with final ignition files.
Add retry logic to the gather node labels and annotations task in the kubernetes phase. Sometimes loadbalancers take a few minutes to realize that the API server is ready and won't forward the traffic to it, making the kubectl get secret command fail even if ansible thinks that API server is ready. We add a retry logic with 3 attemps and 5 seconds delay so we don't fail immediately.
Set hostname and add banner to the tty console with useful info for the user
- Support advanced network configurations instead of only static IPs - Support injecting systemd units - Support injecting storage.files and storage.links
- Add fields to configure passwd for each node for additional users and groups via ignition. - Add missing schema options for storage.files and storage.links
Backport all the features added in SD 1.34.0 to OnPremises kind to the Immutable kind for feature parity. Some defaults have been changed regarding OnPrem, for example NGINX is not mandatory for Immutable and we default to haproxy.
Pass the right flags to the flatcar-install command so it downloads the flatcar image from furyctl's embedded server instead of from Internet.
Make the schema enforce having at least 2 members when enabling keepalived on the load balancers or the control plane
The fetching of the admin.conf file from the masters was being done for all the control planes when doing it just once will suffice. Doing it more than once and simultaneously produced random errors on the check because the local file was being simultaneously written by the 3 parallel fetchs resulting in the checksum of the file to change.
Patch sshd configuration to include Post Quantum Key Exchange Algorithms, get rids of a security warning while sshing into the machines.
Add migration rules for blocking changes to fields in the infra phase that require the recreation of the nodes using the Immutable kind.
Use the new ** recursive rules notation to simplify rules and add missing rules for some fields of the Immutable kind
Use the right variable name for passing kernel parameters to the sysctl ansible role.
ralgozino
force-pushed
the
feat/kind-immutable
branch
from
f5dfa76 to
7dd9ab0
Compare
`kubernetes` in `index .spec.kubernetes` should be a second argument instead. Change from index to hasKeyAny that is more adequate to want we want to check. Fixes #518
use installer v1.34.8 and installer v1.34.8-rc.0
Remove remaining references to the infrastructure.loadbalancers.enabled field that has been deprecated in favour of checking if loadbalancer members are defined.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary 💡
Caution
Work in progress
Introduce a new
Immutablekind, based on Flatcar Container Linux, in alpha status. Note that all the usual features for a kind are supported yet (notably updates).This PR relies on the related PR below for furyctl that adds support to all the several commands.
Relates:
Description 📝
Breaking Changes 💔
None
Tests performed 🧪
common.customPatcheskubernetes.advanced.registrykubernetes.advanced.controllerManagerkubernetes.advanced.EventRateLimits.spec.infrastrcture.loadbalancers.haproxy... and more.
Future work 🔧
This PR is notably missing handling cluster upgrades, it will follow in other PRs.