vendor updates

2025-06-14 18:53:35 +00:00 · 2018-03-06 17:33:18 -05:00
parent 4b3ebc171b
commit e9033989a0
5854 changed files with 248382 additions and 119809 deletions
--- a/vendor/k8s.io/kubernetes/cluster/juju/layers/kubeapi-load-balancer/config.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/juju/layers/kubeapi-load-balancer/config.yaml
@ -9,3 +9,7 @@ options:
    description: |
      Space-separated list of extra SAN entries to add to the x509 certificate
      created for the load balancers.
+  proxy_read_timeout:
+    type: int
+    default: 90
+    description: Timeout in seconds for reading a response from proxy server.
--- a/vendor/k8s.io/kubernetes/cluster/juju/layers/kubeapi-load-balancer/reactive/load_balancer.py
+++ b/vendor/k8s.io/kubernetes/cluster/juju/layers/kubeapi-load-balancer/reactive/load_balancer.py
@ -21,6 +21,7 @@ import subprocess
 from charms import layer
 from charms.reactive import when, when_any, when_not
 from charms.reactive import set_state, remove_state
+from charms.reactive import hook
 from charmhelpers.core import hookenv
 from charmhelpers.core import host
 from charmhelpers.contrib.charmsupport import nrpe
@ -35,8 +36,43 @@ from subprocess import STDOUT
 from subprocess import CalledProcessError


-@when('certificates.available')
-def request_server_certificates(tls):
+apilb_nginx = """/var/log/nginx.*.log {
+    daily
+    missingok
+    rotate 14
+    compress
+    delaycompress
+    notifempty
+    create 0640 www-data adm
+    sharedscripts
+    prerotate
+        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \\
+            run-parts /etc/logrotate.d/httpd-prerotate; \\
+        fi \\
+    endscript
+    postrotate
+        invoke-rc.d nginx rotate >/dev/null 2>&1
+    endscript
+}"""
+
+
+def get_ingress_address(relation):
+    try:
+        network_info = hookenv.network_get(relation.relation_name)
+    except NotImplementedError:
+        network_info = []
+
+    if network_info and 'ingress-addresses' in network_info:
+        # just grab the first one for now, maybe be more robust here?
+        return network_info['ingress-addresses'][0]
+    else:
+        # if they don't have ingress-addresses they are running a juju that
+        # doesn't support spaces, so just return the private address
+        return hookenv.unit_get('private-address')
+
+
+@when('certificates.available', 'website.available')
+def request_server_certificates(tls, website):
    '''Send the data that is required to create a server certificate for
    this server.'''
    # Use the public ip of this unit as the Common Name for the certificate.
@ -44,7 +80,7 @@ def request_server_certificates(tls):
    # Create SANs that the tls layer will add to the server cert.
    sans = [
        hookenv.unit_public_ip(),
-        hookenv.unit_private_ip(),
+        get_ingress_address(website),
        socket.gethostname(),
    ]
    # maybe they have extra names they want as SANs
@ -57,12 +93,13 @@ def request_server_certificates(tls):
    tls.request_server_cert(common_name, sans, certificate_name)


-@when('config.changed.extra_sans', 'certificates.available')
-def update_certificate(tls):
+@when('config.changed.extra_sans', 'certificates.available',
+      'website.available')
+def update_certificate(tls, website):
    # Using the config.changed.extra_sans flag to catch changes.
    # IP changes will take ~5 minutes or so to propagate, but
    # it will update.
-    request_server_certificates(tls)
+    request_server_certificates(tls, website)


@when('certificates.server.cert.available',
@ -89,6 +126,14 @@ def close_old_port():
        hookenv.log('Port %d already closed, skipping.' % old_port)


+def maybe_write_apilb_logrotate_config():
+    filename = '/etc/logrotate.d/apilb_nginx'
+    if not os.path.exists(filename):
+        # Set log rotation for apilb log file
+        with open(filename, 'w+') as fp:
+            fp.write(apilb_nginx)
+
+
@when('nginx.available', 'apiserver.available',
      'certificates.server.cert.available')
 def install_load_balancer(apiserver, tls):
@ -122,10 +167,18 @@ def install_load_balancer(apiserver, tls):
                port=port,
                server_certificate=server_cert_path,
                server_key=server_key_path,
+                proxy_read_timeout=hookenv.config('proxy_read_timeout')
        )
+
+        maybe_write_apilb_logrotate_config()
        hookenv.status_set('active', 'Loadbalancer ready.')


+@hook('upgrade-charm')
+def upgrade_charm():
+    maybe_write_apilb_logrotate_config()
+
+
@when('nginx.available')
 def set_nginx_version():
    ''' Surface the currently deployed version of nginx to Juju '''
--- a/vendor/k8s.io/kubernetes/cluster/juju/layers/kubeapi-load-balancer/templates/apilb.conf
+++ b/vendor/k8s.io/kubernetes/cluster/juju/layers/kubeapi-load-balancer/templates/apilb.conf
@ -36,6 +36,6 @@ server {
      add_header              X-Stream-Protocol-Version $upstream_http_x_stream_protocol_version;

      proxy_pass              https://target_service;
-      proxy_read_timeout      90;
+      proxy_read_timeout      {{ proxy_read_timeout }};
    }
 }