Skip to content

Instantly share code, notes, and snippets.

@alexandreroman

alexandreroman/overlay-contour-fix-ipv6.yaml

Last active May 9, 2024 07:07
Show Gist options
  • Save alexandreroman/c1fdbf0117612ce546ba72c8e67f41c2 to your computer and use it in GitHub Desktop.
Save alexandreroman/c1fdbf0117612ce546ba72c8e67f41c2 to your computer and use it in GitHub Desktop.
Download ZIP
Deploying Tanzu Application Platform on top of TKGI
Raw
overlay-contour-fix-ipv6.yaml
apiVersion: v1
kind: Secret
metadata:
name: overlay-contour-fix-ipv6
namespace: tap-install
stringData:
overlay-contour-fix-ipv6.yml: |
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"kind": "Deployment"}),expects=1
---
spec:
template:
spec:
containers:
#@overlay/match by=overlay.map_key("name")
- name: contour
#@overlay/replace
args:
- serve
- --incluster
- '--xds-address=0.0.0.0'
- --xds-port=8001
- '--stats-address=0.0.0.0'
- '--http-address=0.0.0.0'
- '--envoy-service-http-address=0.0.0.0'
- '--envoy-service-https-address=0.0.0.0'
- '--health-address=0.0.0.0'
- --contour-cafile=/certs/ca.crt
- --contour-cert-file=/certs/tls.crt
- --contour-key-file=/certs/tls.key
- --config-path=/config/contour.yaml
Raw
overlay-contour.yaml
apiVersion: v1
kind: Secret
metadata:
name: overlay-contour
namespace: tap-install
stringData:
overlay-contour.yml: |
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.subset({"metadata": { "name": "contour" }, "kind": "PackageInstall"}),expects=1
---
metadata:
annotations:
#@overlay/match missing_ok=True
ext.packaging.carvel.dev/ytt-paths-from-secret-name.0: overlay-contour-fix-ipv6
Raw
tap-tkgi.md

Deploying Tanzu Application Platform on top of TKGI

Use this overlay to fix the configuration for the Contour package when deploying Tanzu Application Platform on top of TKGI.

The default package configuration does not work with TKGI, since it requires IPv6 networking for nodes (TKGI is IPv4 only).

Using this overlay the configuration is updated to use IPv4 only.

How to use it?

You have two options to apply this overlay.

Option 1: edit existing TAP package

This option is the easiest way to deploy these overlays, by editing an existing TAP package deployed in your cluster.

First of all, you should deploy overlays to your cluster:

kubectl apply -f overlay-contour.yaml -f overlay-contour-fix-ipv6.yaml

Run this command to edit the TAP package:

kubectl annotate -n tap-install pkgi tap "ext.packaging.carvel.dev/ytt-paths-from-secret-name.0=overlay-contour"

The TAP package should start reconciling after running this command.

Option 2: edit TAP configuration to include the overlay

Using this option makes your installation more reliable, since the overlay is part of your installation.

Make sure you deploy the Contour overlay to your cluster (or include this file as part of your deployment):

kubectl apply -f overlay-contour-fix-ipv6.yaml

Edit your TAP configuration (tap-values.yaml) by adding this section:

package_overlays:
- name: contour
  secrets:
  - name: overlay-fix-contour-ipv6

From now on, the next time you install or upgrade your TAP installation, the Contour overlay will be applied.

You can now enjoy using TAP on top of your TKGI cluster.

Hope it helps!

@scottgai
Copy link

scottgai commented May 9, 2024

Thanks for the write-up. It really helps!
I tried option 2 when installing TAP 1.9.0 on a TKGi v1.19.0 cluster today and hit the below error.

usefulErrorMessage: |-
    kapp: Error: waiting on reconcile packageinstall/contour (packaging.carvel.dev/v1alpha1) namespace: tap-install:
      Finished unsuccessfully (Reconcile failed:  (message: ytt: Error: Overlaying (in following order: overlays/00-remove-certgen-job.yaml, overlays/01-add-placeholder-secret.yaml, overlays/01-add-psa-label.yaml, overlays/02-update-contour-configmap.yaml, overlays/02-update-contour-deployment.yaml, overlays/02-update-contour-service.yaml, overlays/02-update-envoy-daemonset.yaml, overlays/02-update-envoy-service.yaml, overlays/02-update-role-contour-psp.yaml, overlays/02-update-role-envoy-psp.yaml, overlays/03-convert-envoy-to-deployment.yaml, overlays/03-update-namespace.yaml, overlay-contour-fix-ipv6.yml):
      Document on line overlay-contour-fix-ipv6.yml:3:
        Expected number of matched nodes to be 1, but was 2 (lines: upstream/contour.yaml:8552, upstream/contour.yaml:8657)

It seems now 2 deployments contour/envoy will be matched. So to fix the issue I changed the overlay.subset() by adding deployment name as shown below.

$ cat overlay-contour-fix-ipv6.yaml
apiVersion: v1
kind: Secret
metadata:
  name: overlay-contour-fix-ipv6
  namespace: tap-install
stringData:
  overlay-contour-fix-ipv6.yml: |
    #@ load("@ytt:overlay", "overlay")
    #@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"contour"}}),expects=1
    ---
    spec:
      template:
        spec:
          containers:
          #@overlay/match by=overlay.map_key("name")
          - name: contour
            #@overlay/replace
            args:
            - serve
            - --incluster
            - '--xds-address=0.0.0.0'
            - --xds-port=8001
            - '--stats-address=0.0.0.0'
            - '--http-address=0.0.0.0'
            - '--envoy-service-http-address=0.0.0.0'
            - '--envoy-service-https-address=0.0.0.0'
            - '--health-address=0.0.0.0'
            - --contour-cafile=/certs/ca.crt
            - --contour-cert-file=/certs/tls.crt
            - --contour-key-file=/certs/tls.key
            - --config-path=/config/contour.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment