metal: copy static manifests to the control plane

Used by the kube-apiserver healthcheck.

pkg/assets/builder.go

@@ -80,6 +80,18 @@ type StaticManifest struct {
 
 	// The static manifest will only be applied to instances matching the specified role
 	Roles []kops.InstanceGroupRole
+
+	// Contents is the contents of the manifest, which may be easier than fetching it from Path
+	Contents []byte
+}
+
+func (m *StaticManifest) AppliesToRole(role kops.InstanceGroupRole) bool {
+	for _, r := range m.Roles {
+		if r == role {
+			return true
+		}
+	}
+	return false
 }
 
 // ImageAsset models an image's location.

pkg/commands/toolbox_enroll.go

@@ -190,7 +190,7 @@ func RunToolboxEnroll(ctx context.Context, f commandutils.Factory, out io.Writer
 	}
 
 	// Build the bootstrap data for this node.
-	bootstrapData, err := buildBootstrapData(ctx, clientset, fullCluster, fullInstanceGroup, wellKnownAddresses)
+	bootstrapData, err := buildBootstrapData(ctx, clientset, fullCluster, fullInstanceGroup, assetBuilder, wellKnownAddresses)
 	if err != nil {
 		return fmt.Errorf("building bootstrap data: %w", err)
 	}
@@ -475,13 +475,10 @@ type bootstrapData struct {
 	configFiles  map[string][]byte
 }
 
-func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster *kops.Cluster, ig *kops.InstanceGroup, wellknownAddresses model.WellKnownAddresses) (*bootstrapData, error) {
+func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster *kops.Cluster, ig *kops.InstanceGroup, assetBuilder *assets.AssetBuilder, wellknownAddresses model.WellKnownAddresses) (*bootstrapData, error) {
 	bootstrapData := &bootstrapData{}
 	bootstrapData.configFiles = make(map[string][]byte)
 
-	getAssets := false
-	assetBuilder := assets.NewAssetBuilder(clientset.VFSContext(), cluster.Spec.Assets, cluster.Spec.KubernetesVersion, getAssets)
-
 	encryptionConfigSecretHash := ""
 	// TODO: Support encryption config?
 	// if fi.ValueOf(c.Cluster.Spec.EncryptionConfig) {
@@ -563,6 +560,15 @@ func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster
 
 		p := filepath.Join("/etc/kubernetes/kops/config", "igconfig", bootConfig.InstanceGroupRole.ToLowerString(), ig.Name, "nodeupconfig.yaml")
 		bootstrapData.configFiles[p] = nodeupConfigBytes
+
+		// Copy any static manifests we need on the control plane
+		for _, staticManifest := range assetBuilder.StaticManifests {
+			if !staticManifest.AppliesToRole(bootConfig.InstanceGroupRole) {
+				continue
+			}
+			p := filepath.Join("/etc/kubernetes/kops/config", staticManifest.Path)
+			bootstrapData.configFiles[p] = staticManifest.Contents
+		}
 	}
 
 	nodeupScriptBytes, err := fi.ResourceAsBytes(nodeupScriptResource)

pkg/model/components/kubeapiserver/model.go

@@ -62,9 +62,10 @@ func (b *KubeApiserverBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 	})
 
 	b.AssetBuilder.StaticManifests = append(b.AssetBuilder.StaticManifests, &assets.StaticManifest{
-		Key:   key,
-		Path:  location,
-		Roles: []kops.InstanceGroupRole{kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleAPIServer},
+		Key:      key,
+		Path:     location,
+		Contents: manifestYAML,
+		Roles:    []kops.InstanceGroupRole{kops.InstanceGroupRoleControlPlane, kops.InstanceGroupRoleAPIServer},
 	})
 	return nil
 }

pkg/nodemodel/nodeupconfigbuilder.go

@@ -399,14 +399,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, wellKnownAddre
 	}
 
 	for _, manifest := range n.assetBuilder.StaticManifests {
-		match := false
-		for _, r := range manifest.Roles {
-			if r == role {
-				match = true
-			}
-		}
-
-		if !match {
+		if !manifest.AppliesToRole(role) {
 			continue
 		}