Move NonMasqueradeCIDR to nodeup.Config

2023-01-14 17:33:41 -08:00 · 2023-01-14 17:33:41 -08:00 · da881fb320
parent 8486e4f220
commit da881fb320
6 changed files with 25 additions and 11 deletions
--- a/nodeup/pkg/model/containerd.go
+++ b/nodeup/pkg/model/containerd.go
@ -407,12 +407,12 @@ iptables -w -t nat -A IP-MASQ -d {{.NonMasqueradeCIDR}} -m comment --comment "ip
 iptables -w -t nat -A IP-MASQ -m comment --comment "ip-masq: outbound traffic is subject to MASQUERADE (must be last in chain)" -j MASQUERADE
 `

-	if b.Cluster.Spec.Networking.NonMasqueradeCIDR == "" {
+	if b.NodeupConfig.Networking.NonMasqueradeCIDR == "" {
 		// We could fall back to the pod CIDR, that is likely more correct anyway
 		return fmt.Errorf("NonMasqueradeCIDR is not set")
 	}

-	script = strings.ReplaceAll(script, "{{.NonMasqueradeCIDR}}", b.Cluster.Spec.Networking.NonMasqueradeCIDR)
+	script = strings.ReplaceAll(script, "{{.NonMasqueradeCIDR}}", b.NodeupConfig.Networking.NonMasqueradeCIDR)

 	c.AddTask(&nodetasks.File{
 		Path:     "/opt/kops/bin/cni-iptables-setup",
--- a/nodeup/pkg/model/context.go
+++ b/nodeup/pkg/model/context.go
@ -38,6 +38,7 @@ import (
 	"k8s.io/kops/pkg/systemd"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
+	"k8s.io/kops/upup/pkg/fi/utils"
 	"k8s.io/kops/util/pkg/architectures"
 	"k8s.io/kops/util/pkg/distributions"
 	"k8s.io/kops/util/pkg/vfs"
@ -114,6 +115,14 @@ func (c *NodeupModelContext) APIInternalName() string {
 	return "api.internal." + c.NodeupConfig.ClusterName
 }

+func (c *NodeupModelContext) IsIPv6Only() bool {
+	return utils.IsIPv6CIDR(c.NodeupConfig.Networking.NonMasqueradeCIDR)
+}
+
+func (c *NodeupModelContext) IsKopsControllerIPAM() bool {
+	return c.IsIPv6Only()
+}
+
 // SSLHostPaths returns the TLS paths for the distribution
 func (c *NodeupModelContext) SSLHostPaths() []string {
 	paths := []string{"/etc/ssl", "/etc/pki/tls", "/etc/pki/ca-trust"}
--- a/nodeup/pkg/model/kubelet.go
+++ b/nodeup/pkg/model/kubelet.go
@ -325,7 +325,7 @@ func (b *KubeletBuilder) buildSystemdEnvironmentFile(kubeletConfig *kops.Kubelet
 		flags += " --tls-private-key-file=" + b.PathSrvKubernetes() + "/kubelet-server.key"
 	}

-	if b.Cluster.Spec.IsIPv6Only() {
+	if b.IsIPv6Only() {
 		flags += " --node-ip=::"
 	}

--- a/nodeup/pkg/model/prefix.go
+++ b/nodeup/pkg/model/prefix.go
@ -28,7 +28,7 @@ type PrefixBuilder struct {
 var _ fi.NodeupModelBuilder = &PrefixBuilder{}

 func (b *PrefixBuilder) Build(c *fi.NodeupModelBuilderContext) error {
-	if !b.Cluster.Spec.IsKopsControllerIPAM() {
+	if !b.IsKopsControllerIPAM() {
 		return nil
 	}
 	c.AddTask(&nodetasks.Prefix{
--- a/nodeup/pkg/model/sysctls.go
+++ b/nodeup/pkg/model/sysctls.go
@ -147,7 +147,7 @@ func (b *SysctlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 		}
 	}

-	if b.Cluster.Spec.IsIPv6Only() {
+	if b.IsIPv6Only() {
 		if b.Distribution == distributions.DistributionDebian11 {
 			// Accepting Router Advertisements must be enabled for each existing network interface to take effect.
 			// net.ipv6.conf.all.accept_ra takes effect only for newly created network interfaces.
--- a/pkg/apis/nodeup/config.go
+++ b/pkg/apis/nodeup/config.go
@ -61,6 +61,8 @@ type Config struct {
 	KubeletConfig kops.KubeletConfigSpec
 	// KubeProxy defines the kube-proxy configuration.
 	KubeProxy *kops.KubeProxyConfig
+	// Networking configures networking.
+	Networking kops.NetworkingSpec
 	// NTPUnmanaged is true when NTP is not managed by kOps.
 	NTPUnmanaged bool `json:",omitempty"`
 	// SysctlParameters will configure kernel parameters using sysctl(8). When
@ -178,12 +180,15 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 		KubernetesVersion: cluster.Spec.KubernetesVersion,
 		CAs:               map[string]string{},
 		KeypairIDs:        map[string]string{},
-		SysctlParameters:  instanceGroup.Spec.SysctlParameters,
-		VolumeMounts:      instanceGroup.Spec.VolumeMounts,
-		FileAssets:        append(filterFileAssets(instanceGroup.Spec.FileAssets, role), filterFileAssets(cluster.Spec.FileAssets, role)...),
-		Hooks:             [][]kops.HookSpec{igHooks, clusterHooks},
-		ContainerRuntime:  cluster.Spec.ContainerRuntime,
-		Docker:            cluster.Spec.Docker,
+		Networking: kops.NetworkingSpec{
+			NonMasqueradeCIDR: cluster.Spec.Networking.NonMasqueradeCIDR,
+		},
+		SysctlParameters: instanceGroup.Spec.SysctlParameters,
+		VolumeMounts:     instanceGroup.Spec.VolumeMounts,
+		FileAssets:       append(filterFileAssets(instanceGroup.Spec.FileAssets, role), filterFileAssets(cluster.Spec.FileAssets, role)...),
+		Hooks:            [][]kops.HookSpec{igHooks, clusterHooks},
+		ContainerRuntime: cluster.Spec.ContainerRuntime,
+		Docker:           cluster.Spec.Docker,
 	}

 	bootConfig := BootConfig{