kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor UseKopsControllerForNodeBootstrap()

This commit is contained in:
John Gardiner Myers 2023-07-10 19:52:54 -07:00
parent f831255b90
commit aef6fbdd29
9 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kops/integration_test.go
View File

@ -1503,7 +1503,7 @@ func (i *integrationTest) setupCluster(t *testing.T, ctx context.Context, inputY
secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBfDCCASagAwIBAgIMFo+b23acX0hZEkbkMA0GCSqGSIb3DQEBCwUAMB8xHTAb\nBgNVBAMTFGV0Y2QtcGVlcnMtY2EtY2lsaXVtMB4XDTIxMDcwNTIwMjIzN1oXDTMx\nMDcwNTIwMjIzN1owHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1jaWxpdW0wXDAN\nBgkqhkiG9w0BAQEFAANLADBIAkEAw3T2pyEOgBPBKwofuILLokPxAFplVzdu540f\noREJ4iVqiroUlsz1G90mEwmqR+B7/0kt70ve9i5Z6E7Qz2nQaQIDAQABo0IwQDAO\nBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU0hyEvGir\n2ucsJrojyZaDBIb8JLAwDQYJKoZIhvcNAQELBQADQQA9vQylgkvgROIMspzOlbZr\nZwsTAzp9J2ZxZL06AQ9iWzpvIw/H3oClV63q6zN2aHtpBTkhUOSX3Q4L/X/0MOkj\n-----END CERTIFICATE-----", secondaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBfDCCASagAwIBAgIMFo+b23acX0hZEkbkMA0GCSqGSIb3DQEBCwUAMB8xHTAb\nBgNVBAMTFGV0Y2QtcGVlcnMtY2EtY2lsaXVtMB4XDTIxMDcwNTIwMjIzN1oXDTMx\nMDcwNTIwMjIzN1owHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1jaWxpdW0wXDAN\nBgkqhkiG9w0BAQEFAANLADBIAkEAw3T2pyEOgBPBKwofuILLokPxAFplVzdu540f\noREJ4iVqiroUlsz1G90mEwmqR+B7/0kt70ve9i5Z6E7Qz2nQaQIDAQABo0IwQDAO\nBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU0hyEvGir\n2ucsJrojyZaDBIb8JLAwDQYJKoZIhvcNAQELBQADQQA9vQylgkvgROIMspzOlbZr\nZwsTAzp9J2ZxZL06AQ9iWzpvIw/H3oClV63q6zN2aHtpBTkhUOSX3Q4L/X/0MOkj\n-----END CERTIFICATE-----",
}) })
} }
if !model.UseKopsControllerForNodeBootstrap(cluster) { if !model.UseKopsControllerForNodeBootstrap(cluster.Spec.GetCloudProvider()) {
storeKeyset(t, ctx, keyStore, "kubelet", &testingKeyset{ storeKeyset(t, ctx, keyStore, "kubelet", &testingKeyset{
primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAM6BUO6Gjjskn8s87GdJB8QPpNTx949t5Z/GgQpLVCapj741c1//\nvyH6JPsyqFUVy+lsBXQHSdCz2awMhKd9x5kCAwEAAQJARozbj4Ic2Yvbo92+jlLe\n+la146J/B1tuVbXFpDS0HTi3W94fVfu6R7FR9um1te1hzBAr6I4RqXxBAvipzG9P\n4QIhAPUg1AV/uyzKxELhVNKysAqvz1oLx2NeAh3DewRQn2MNAiEA16n2q69vFDvd\nnoCi2jwfR9/VyuMjloJElRyG1hoqg70CIQDkH/QRVgkcq2uxDkFBgLgiifF/zJx3\n1mJDzsuqfVmH9QIgEP/2z8W+bcviRlJBhA5lMNc2FQ4eigiuu0pKXqolW8kCIBy/\n27C5grBlEqjw1taSKqoSnylUW6SL8N8UR0MJU5up\n-----END RSA PRIVATE KEY-----", primaryKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAM6BUO6Gjjskn8s87GdJB8QPpNTx949t5Z/GgQpLVCapj741c1//\nvyH6JPsyqFUVy+lsBXQHSdCz2awMhKd9x5kCAwEAAQJARozbj4Ic2Yvbo92+jlLe\n+la146J/B1tuVbXFpDS0HTi3W94fVfu6R7FR9um1te1hzBAr6I4RqXxBAvipzG9P\n4QIhAPUg1AV/uyzKxELhVNKysAqvz1oLx2NeAh3DewRQn2MNAiEA16n2q69vFDvd\nnoCi2jwfR9/VyuMjloJElRyG1hoqg70CIQDkH/QRVgkcq2uxDkFBgLgiifF/zJx3\n1mJDzsuqfVmH9QIgEP/2z8W+bcviRlJBhA5lMNc2FQ4eigiuu0pKXqolW8kCIBy/\n27C5grBlEqjw1taSKqoSnylUW6SL8N8UR0MJU5up\n-----END RSA PRIVATE KEY-----",
primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBkzCCAT2gAwIBAgIMFpL6CzllQiBcgTbiMA0GCSqGSIb3DQEBCwUAMBgxFjAU\nBgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzE2MTk0MjIxWhcNMzEwNzE2MTk0\nMjIxWjApMRUwEwYDVQQKEwxzeXN0ZW06bm9kZXMxEDAOBgNVBAMTB2t1YmVsZXQw\nXDANBgkqhkiG9w0BAQEFAANLADBIAkEAzoFQ7oaOOySfyzzsZ0kHxA+k1PH3j23l\nn8aBCktUJqmPvjVzX/+/Ifok+zKoVRXL6WwFdAdJ0LPZrAyEp33HmQIDAQABo1Yw\nVDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/\nBAIwADAfBgNVHSMEGDAWgBTRt81Y03C5ScA7CePyvQ1eyqIVADANBgkqhkiG9w0B\nAQsFAANBAGOPYAM8wEDpRs4Sa+UxSRNM5xt2a0ctNqLxYbN0gsoTXY3vEFb06qLH\npgBJgBLXG8siOEhyEhsFiXSw4klQ/y8=\n-----END CERTIFICATE-----", primaryCertificate: "-----BEGIN CERTIFICATE-----\nMIIBkzCCAT2gAwIBAgIMFpL6CzllQiBcgTbiMA0GCSqGSIb3DQEBCwUAMBgxFjAU\nBgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzE2MTk0MjIxWhcNMzEwNzE2MTk0\nMjIxWjApMRUwEwYDVQQKEwxzeXN0ZW06bm9kZXMxEDAOBgNVBAMTB2t1YmVsZXQw\nXDANBgkqhkiG9w0BAQEFAANLADBIAkEAzoFQ7oaOOySfyzzsZ0kHxA+k1PH3j23l\nn8aBCktUJqmPvjVzX/+/Ifok+zKoVRXL6WwFdAdJ0LPZrAyEp33HmQIDAQABo1Yw\nVDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/\nBAIwADAfBgNVHSMEGDAWgBTRt81Y03C5ScA7CePyvQ1eyqIVADANBgkqhkiG9w0B\nAQsFAANBAGOPYAM8wEDpRs4Sa+UxSRNM5xt2a0ctNqLxYbN0gsoTXY3vEFb06qLH\npgBJgBLXG8siOEhyEhsFiXSw4klQ/y8=\n-----END CERTIFICATE-----",

2
nodeup/pkg/model/context.go
View File

@ -394,7 +394,7 @@ func (c *NodeupModelContext) UseVolumeMounts() bool {
// UseKopsControllerForNodeBootstrap checks if nodeup should use kops-controller to bootstrap. // UseKopsControllerForNodeBootstrap checks if nodeup should use kops-controller to bootstrap.
func (c *NodeupModelContext) UseKopsControllerForNodeBootstrap() bool { func (c *NodeupModelContext) UseKopsControllerForNodeBootstrap() bool {
return model.UseKopsControllerForNodeBootstrap(c.Cluster) return model.UseKopsControllerForNodeBootstrap(c.CloudProvider())
} }
// UseChallengeCallback is true if we should use a callback challenge during node provisioning with kops-controller. // UseChallengeCallback is true if we should use a callback challenge during node provisioning with kops-controller.

21
pkg/apis/kops/model/features.go
View File

@ -21,23 +21,8 @@ import (
) )
// UseKopsControllerForNodeBootstrap is true if nodeup should use kops-controller for bootstrapping. // UseKopsControllerForNodeBootstrap is true if nodeup should use kops-controller for bootstrapping.
func UseKopsControllerForNodeBootstrap(cluster *kops.Cluster) bool { func UseKopsControllerForNodeBootstrap(cloudProvider kops.CloudProviderID) bool {
switch cluster.Spec.GetCloudProvider() { return cloudProvider != kops.CloudProviderAzure
case kops.CloudProviderAWS:
return true
case kops.CloudProviderGCE:
return true
case kops.CloudProviderHetzner:
return true
case kops.CloudProviderOpenstack:
return true
case kops.CloudProviderDO:
return true
case kops.CloudProviderScaleway:
return true
default:
return false
}
} }
// UseChallengeCallback is true if we should use a callback challenge during node provisioning with kops-controller. // UseChallengeCallback is true if we should use a callback challenge during node provisioning with kops-controller.
@ -67,7 +52,7 @@ func UseKopsControllerForNodeConfig(cluster *kops.Cluster) bool {
return false return false
} }
} }
return UseKopsControllerForNodeBootstrap(cluster) return UseKopsControllerForNodeBootstrap(cluster.Spec.GetCloudProvider())
} }
// UseCiliumEtcd is true if we are using the Cilium etcd cluster. // UseCiliumEtcd is true if we are using the Cilium etcd cluster.

4
pkg/model/bootstrapscript.go
View File

@ -255,12 +255,12 @@ func (b *BootstrapScriptBuilder) ResourceNodeUp(c *fi.CloudupModelBuilderContext
} }
} }
if model.UseCiliumEtcd(b.Cluster) && !model.UseKopsControllerForNodeBootstrap(b.Cluster) { if model.UseCiliumEtcd(b.Cluster) && !model.UseKopsControllerForNodeBootstrap(b.Cluster.Spec.GetCloudProvider()) {
keypairs = append(keypairs, "etcd-client-cilium") keypairs = append(keypairs, "etcd-client-cilium")
} }
if ig.HasAPIServer() { if ig.HasAPIServer() {
keypairs = append(keypairs, "apiserver-aggregator-ca", "service-account", "etcd-clients-ca") keypairs = append(keypairs, "apiserver-aggregator-ca", "service-account", "etcd-clients-ca")
} else if !model.UseKopsControllerForNodeBootstrap(b.Cluster) { } else if !model.UseKopsControllerForNodeBootstrap(b.Cluster.Spec.GetCloudProvider()) {
keypairs = append(keypairs, "kubelet", "kube-proxy") keypairs = append(keypairs, "kubelet", "kube-proxy")
if b.Cluster.Spec.Networking.KubeRouter != nil { if b.Cluster.Spec.Networking.KubeRouter != nil {
keypairs = append(keypairs, "kube-router") keypairs = append(keypairs, "kube-router")

2
pkg/model/context.go
View File

@ -253,7 +253,7 @@ func (b *KopsModelContext) CloudTags(name string, shared bool) map[string]string
// UseKopsControllerForNodeBootstrap checks if nodeup should use kops-controller to bootstrap. // UseKopsControllerForNodeBootstrap checks if nodeup should use kops-controller to bootstrap.
func (b *KopsModelContext) UseKopsControllerForNodeBootstrap() bool { func (b *KopsModelContext) UseKopsControllerForNodeBootstrap() bool {
return model.UseKopsControllerForNodeBootstrap(b.Cluster) return model.UseKopsControllerForNodeBootstrap(b.Cluster.Spec.GetCloudProvider())
} }
// UseBootstrapTokens checks if bootstrap tokens are enabled // UseBootstrapTokens checks if bootstrap tokens are enabled

2
pkg/model/iam/iam_builder.go
View File

@ -702,7 +702,7 @@ func ReadableStatePaths(cluster *kops.Cluster, role Subject) ([]string, error) {
"/igconfig/node/*", "/igconfig/node/*",
) )
} }
if !model.UseKopsControllerForNodeBootstrap(cluster) { if !model.UseKopsControllerForNodeBootstrap(cluster.Spec.GetCloudProvider()) {
paths = append(paths, paths = append(paths,
"/secrets/dockerconfig", "/secrets/dockerconfig",
"/pki/private/kube-proxy/*", "/pki/private/kube-proxy/*",

2
upup/pkg/fi/cloudup/apply_cluster.go
View File

@ -1354,7 +1354,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
return nil, nil, err return nil, nil, err
} }
if keysets["etcd-clients-ca-cilium"] != nil { if keysets["etcd-clients-ca-cilium"] != nil {
if err := loadCertificates(keysets, "etcd-clients-ca-cilium", config, hasAPIServer || apiModel.UseKopsControllerForNodeBootstrap(n.cluster)); err != nil { if err := loadCertificates(keysets, "etcd-clients-ca-cilium", config, hasAPIServer || apiModel.UseKopsControllerForNodeBootstrap(n.cluster.Spec.GetCloudProvider())); err != nil {
return nil, nil, err return nil, nil, err
} }
} }

2
upup/pkg/fi/cloudup/dns.go
View File

@ -276,7 +276,7 @@ func buildPrecreateDNSHostnames(cluster *kops.Cluster) []recordKey {
}) })
} }
if apimodel.UseKopsControllerForNodeBootstrap(cluster) { if apimodel.UseKopsControllerForNodeBootstrap(cluster.Spec.GetCloudProvider()) {
name := "kops-controller.internal." + cluster.ObjectMeta.Name name := "kops-controller.internal." + cluster.ObjectMeta.Name
recordKeys = append(recordKeys, recordKey{ recordKeys = append(recordKeys, recordKey{
hostname: name, hostname: name,

20
upup/pkg/fi/cloudup/dns_test.go
View File

@ -31,7 +31,13 @@ func TestPrecreateDNSNames(t *testing.T) {
expected []recordKey expected []recordKey
}{ }{
{ {
cluster: &kops.Cluster{}, cluster: &kops.Cluster{
Spec: kops.ClusterSpec{
CloudProvider: kops.CloudProviderSpec{
Azure: &kops.AzureSpec{},
},
},
},
expected: []recordKey{ expected: []recordKey{
{"api.cluster1.example.com", rrstype.A}, {"api.cluster1.example.com", rrstype.A},
{"api.internal.cluster1.example.com", rrstype.A}, {"api.internal.cluster1.example.com", rrstype.A},
@ -40,6 +46,9 @@ func TestPrecreateDNSNames(t *testing.T) {
{ {
cluster: &kops.Cluster{ cluster: &kops.Cluster{
Spec: kops.ClusterSpec{ Spec: kops.ClusterSpec{
CloudProvider: kops.CloudProviderSpec{
Azure: &kops.AzureSpec{},
},
Networking: kops.NetworkingSpec{ Networking: kops.NetworkingSpec{
NonMasqueradeCIDR: "::/0", NonMasqueradeCIDR: "::/0",
}, },
@ -57,6 +66,9 @@ func TestPrecreateDNSNames(t *testing.T) {
API: kops.APISpec{ API: kops.APISpec{
LoadBalancer: &kops.LoadBalancerAccessSpec{}, LoadBalancer: &kops.LoadBalancerAccessSpec{},
}, },
CloudProvider: kops.CloudProviderSpec{
Azure: &kops.AzureSpec{},
},
}, },
}, },
expected: []recordKey{ expected: []recordKey{
@ -69,6 +81,9 @@ func TestPrecreateDNSNames(t *testing.T) {
API: kops.APISpec{ API: kops.APISpec{
LoadBalancer: &kops.LoadBalancerAccessSpec{}, LoadBalancer: &kops.LoadBalancerAccessSpec{},
}, },
CloudProvider: kops.CloudProviderSpec{
Azure: &kops.AzureSpec{},
},
Networking: kops.NetworkingSpec{ Networking: kops.NetworkingSpec{
NonMasqueradeCIDR: "::/0", NonMasqueradeCIDR: "::/0",
}, },
@ -86,6 +101,9 @@ func TestPrecreateDNSNames(t *testing.T) {
UseForInternalAPI: true, UseForInternalAPI: true,
}, },
}, },
CloudProvider: kops.CloudProviderSpec{
Azure: &kops.AzureSpec{},
},
}, },
}, },
expected: nil, expected: nil,