From ddea79f0f00422a39565551653afd3a90e9950f1 Mon Sep 17 00:00:00 2001
From: Eric Lake <ericlake@gmail.com>
Date: Thu, 23 Sep 2021 10:37:22 -0500
Subject: [PATCH] Issue 8004: Fix typha prometheus (#8005)
The typha prometheus settings were in the `volumeMounts` section of the
spec and not in the `envs` section. This was cauing the deployment to
fail because it was looking for a volumeMount.
```
failed: [controller-001.a2.da.dev.logdna.net] (item=calico-typha.yml) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": true, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "dest": "/etc/kubernetes/calico-typha.yml", "diff": [], "failed": false, "gid": 0, "group": "root", "invocation": {"module_args": {"_original_basename": "calico-typha.yml.j2", "attributes": null, "backup": false, "checksum": "598ac79530749e8e2110793b53fc49ac208e7130", "content": null, "delimiter": null, "dest": "/etc/kubernetes/calico-typha.yml", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "unsafe_writes": null, "validate": null}}, "item": {"file": "calico-typha.yml", "name": "calico", "type": "typha"}, "md5sum": "53c00ac7f562cf9ecbbfd27899ea066d", "mode": "0644", "owner": "root", "size": 5378, "src": "/home/core/.ansible/tmp/ansible-tmp-1632349768.56-75434-32452975679246/source", "state": "file", "uid": 0}, "msg": "error running kubectl (/opt/bin/kubectl --namespace=kube-system apply --force --filename=/etc/kubernetes/calico-typha.yml) command (rc=1), out='service/calico-typha unchanged\n', err='error: error validating \"/etc/kubernetes/calico-typha.yml\": error validating data: [ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[2]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): unknown field \"value\" in io.k8s.api.core.v1.VolumeMount, ValidationError(Deployment.spec.template.spec.containers[0].volumeMounts[3]): missing required field \"mountPath\" in io.k8s.api.core.v1.VolumeMount]; if you choose to ignore these errors, turn validation off with --validate=false\n'"}
```
---
.../calico/templates/calico-typha.yml.j2 | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/roles/network_plugin/calico/templates/calico-typha.yml.j2 b/roles/network_plugin/calico/templates/calico-typha.yml.j2
index f14f9b38d..b9dee1168 100644
--- a/roles/network_plugin/calico/templates/calico-typha.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-typha.yml.j2
@@ -108,14 +108,6 @@ spec:
value: /etc/typha/server_certificate.pem
- name: TYPHA_SERVERKEYFILE
value: /etc/typha/server_key.pem
- volumeMounts:
- - mountPath: /etc/typha
- name: typha-server
- readOnly: true
- - mountPath: /etc/ca/ca.crt
- subPath: ca.crt
- name: cacert
- readOnly: true
{% endif %}
{% if typha_prometheusmetricsenabled %}
# Since Typha is host-networked,
@@ -124,6 +116,16 @@ spec:
value: "true"
- name: TYPHA_PROMETHEUSMETRICSPORT
value: "{{ typha_prometheusmetricsport }}"
+{% endif %}
+{% if typha_secure %}
+ volumeMounts:
+ - mountPath: /etc/typha
+ name: typha-server
+ readOnly: true
+ - mountPath: /etc/ca/ca.crt
+ subPath: ca.crt
+ name: cacert
+ readOnly: true
{% endif %}
# Needed for version >=3.7 when the 'host-local' ipam is used
# Should never happen given templates/cni-calico.conflist.j2
--
GitLab