node labeling: don't ignore unknown roles

We were silently ignoring unknown roles, which makes it hard to know when our expectations aren't met. It looks like the rename of the role from "Master" to "ControlPlane" may have caused some drift against our expectations also.
2023-06-18 14:21:24 -04:00 · 2023-06-18 14:21:24 -04:00 · 36a763c88f
parent 75c4051116
commit 36a763c88f
5 changed files with 40 additions and 10 deletions
--- a/cmd/kops-controller/controllers/legacy_node_controller.go
+++ b/cmd/kops-controller/controllers/legacy_node_controller.go
@ -111,7 +111,10 @@ func (r *LegacyNodeReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, fmt.Errorf("unable to load instance group object for node %s: %v", node.Name, err)
 	}

-	labels := nodelabels.BuildNodeLabels(cluster, ig)
+	labels, err := nodelabels.BuildNodeLabels(cluster, ig)
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("error building node labels for node %q: %w", node.Name, err)
+	}

 	lifecycle, err := r.getInstanceLifecycle(ctx, node)
 	if err != nil {
--- a/pkg/model/context.go
+++ b/pkg/model/context.go
@ -157,7 +157,11 @@ func (b *KopsModelContext) CloudTagsForInstanceGroup(ig *kops.InstanceGroup) (ma
 	}

 	// Apply labels for cluster autoscaler node labels
-	for k, v := range nodelabels.BuildNodeLabels(b.Cluster, ig) {
+	nodeLabels, err := nodelabels.BuildNodeLabels(b.Cluster, ig)
+	if err != nil {
+		return nil, fmt.Errorf("error building node labels: %w", err)
+	}
+	for k, v := range nodeLabels {
 		labels[nodeidentityaws.ClusterAutoscalerNodeTemplateLabel+k] = v
 	}

--- a/pkg/nodelabels/builder.go
+++ b/pkg/nodelabels/builder.go
@ -17,6 +17,8 @@ limitations under the License.
 package nodelabels

 import (
+	"fmt"
+
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/featureflag"
 	"k8s.io/kops/util/pkg/reflectutils"
@ -37,10 +39,22 @@ const (

 // BuildNodeLabels returns the node labels for the specified instance group
 // This moved from the kubelet to a central controller in kubernetes 1.16
-func BuildNodeLabels(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) map[string]string {
-	isControlPlane := instanceGroup.Spec.Role == kops.InstanceGroupRoleControlPlane
-
-	isAPIServer := instanceGroup.Spec.Role == kops.InstanceGroupRoleAPIServer
+func BuildNodeLabels(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (map[string]string, error) {
+	isControlPlane := false
+	isAPIServer := false
+	isNode := false
+	switch instanceGroup.Spec.Role {
+	case kops.InstanceGroupRoleControlPlane:
+		isControlPlane = true
+	case kops.InstanceGroupRoleAPIServer:
+		isAPIServer = true
+	case kops.InstanceGroupRoleNode:
+		isNode = true
+	case kops.InstanceGroupRoleBastion:
+		// no labels to add
+	default:
+		return nil, fmt.Errorf("unhandled instanceGroup role %q", instanceGroup.Spec.Role)
+	}

 	// Merge KubeletConfig for NodeLabels
 	c := &kops.KubeletConfigSpec{}
@ -70,7 +84,9 @@ func BuildNodeLabels(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) m
 		if cluster.IsKubernetesLT("1.24") {
 			nodeLabels[RoleLabelName15] = RoleAPIServerLabelValue15
 		}
-	} else {
+	}
+
+	if isNode {
 		if nodeLabels == nil {
 			nodeLabels = make(map[string]string)
 		}
@ -104,7 +120,7 @@ func BuildNodeLabels(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) m
 		nodeLabels["karpenter.sh/provisioner-name"] = instanceGroup.ObjectMeta.Name
 	}

-	return nodeLabels
+	return nodeLabels, nil
 }

 // BuildMandatoryControlPlaneLabels returns the list of labels all CP nodes must have
--- a/pkg/nodelabels/builder_test.go
+++ b/pkg/nodelabels/builder_test.go
@ -115,7 +115,10 @@ func TestBuildNodeLabels(t *testing.T) {

 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			out := BuildNodeLabels(test.cluster, test.ig)
+			out, err := BuildNodeLabels(test.cluster, test.ig)
+			if err != nil {
+				t.Fatalf("unexpected error from BuildNodeLabels: %v", err)
+			}
 			if !reflect.DeepEqual(out, test.expected) {
 				t.Fatalf("Actual result:\n%v\nExpect:\n%v", out, test.expected)
 			}
--- a/upup/pkg/fi/cloudup/populate_instancegroup_spec.go
+++ b/upup/pkg/fi/cloudup/populate_instancegroup_spec.go
@ -258,7 +258,11 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup,

 	// We include the NodeLabels in the userdata even for Kubernetes 1.16 and later so that
 	// rolling update will still replace nodes when they change.
-	igKubeletConfig.NodeLabels = nodelabels.BuildNodeLabels(cluster, ig)
+	nodeLabels, err := nodelabels.BuildNodeLabels(cluster, ig)
+	if err != nil {
+		return nil, fmt.Errorf("error building node labels: %w", err)
+	}
+	igKubeletConfig.NodeLabels = nodeLabels

 	useSecureKubelet := fi.ValueOf(igKubeletConfig.AnonymousAuth)