Remove references to ClusterSpec from nodeup sysctls.go

nodeup/pkg/model/kubelet_test.go

@@ -54,7 +54,10 @@ func TestTaintsApplied(t *testing.T) {
 	}
 
 	for _, g := range tests {
-		cluster := &kops.Cluster{Spec: kops.ClusterSpec{KubernetesVersion: g.version}}
+		cluster := &kops.Cluster{Spec: kops.ClusterSpec{
+			KubernetesVersion: g.version,
+			KubeAPIServer:     &kops.KubeAPIServerConfig{},
+		}}
 		input := testutils.BuildMinimalMasterInstanceGroup("eu-central-1a")
 		input.Spec.Taints = g.taints
 

nodeup/pkg/model/sysctls.go

@@ -56,7 +56,7 @@ func (b *SysctlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 			"")
 
 		// See https://github.com/kubernetes/kops/issues/6342
-		portRange := b.Cluster.Spec.KubeAPIServer.ServiceNodePortRange
+		portRange := b.NodeupConfig.ServiceNodePortRange
 		if portRange == "" {
 			portRange = "30000-32767" // Default kube-apiserver ServiceNodePortRange
 		}
@@ -186,29 +186,7 @@ func (b *SysctlBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 			"")
 	}
 
-	if params := b.NodeupConfig.SysctlParameters; len(params) > 0 {
-		sysctls = append(sysctls,
-			"# Custom sysctl parameters from instance group spec",
-			"")
-		for _, param := range params {
-			if !strings.ContainsRune(param, '=') {
-				return fmt.Errorf("invalid SysctlParameter: expected %q to contain '='", param)
-			}
-			sysctls = append(sysctls, param)
-		}
-	}
-
-	if params := b.Cluster.Spec.SysctlParameters; len(params) > 0 {
-		sysctls = append(sysctls,
-			"# Custom sysctl parameters from cluster spec",
-			"")
-		for _, param := range params {
-			if !strings.ContainsRune(param, '=') {
-				return fmt.Errorf("invalid SysctlParameter: expected %q to contain '='", param)
-			}
-			sysctls = append(sysctls, param)
-		}
-	}
+	sysctls = append(sysctls, b.NodeupConfig.SysctlParameters...)
 
 	c.AddTask(&nodetasks.File{
 		Path:            "/etc/sysctl.d/99-k8s-general.conf",

pkg/apis/kops/validation/instancegroup.go

@@ -144,6 +144,12 @@ func ValidateInstanceGroup(g *kops.InstanceGroup, cloud fi.Cloud, strict bool) f
 
 	allErrs = append(allErrs, validateInstanceProfile(g.Spec.IAM, field.NewPath("spec", "iam"))...)
 
+	for i, sysctlParameter := range g.Spec.SysctlParameters {
+		if !strings.ContainsRune(sysctlParameter, '=') {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "sysctlParameters").Index(i), sysctlParameter, "must contain a \"=\" character"))
+		}
+	}
+
 	if g.Spec.RollingUpdate != nil {
 		allErrs = append(allErrs, validateRollingUpdate(g.Spec.RollingUpdate, field.NewPath("spec", "rollingUpdate"), g.Spec.Role == kops.InstanceGroupRoleControlPlane)...)
 	}

pkg/apis/kops/validation/validation.go

@@ -210,6 +210,12 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 		}
 	}
 
+	for i, sysctlParameter := range spec.SysctlParameters {
+		if !strings.ContainsRune(sysctlParameter, '=') {
+			allErrs = append(allErrs, field.Invalid(fieldPath.Child("sysctlParameters").Index(i), sysctlParameter, "must contain a \"=\" character"))
+		}
+	}
+
 	if spec.RollingUpdate != nil {
 		allErrs = append(allErrs, validateRollingUpdate(spec.RollingUpdate, fieldPath.Child("rollingUpdate"), false)...)
 	}

pkg/apis/nodeup/config.go

@@ -70,9 +70,9 @@ type Config struct {
 	UsesKubenet bool `json:",omitempty"`
 	// NTPUnmanaged is true when NTP is not managed by kOps.
 	NTPUnmanaged bool `json:",omitempty"`
-	// SysctlParameters will configure kernel parameters using sysctl(8). When
-	// specified, each parameter must follow the form variable=value, the way
-	// it would appear in sysctl.conf.
+	// ServiceNodePortRange is the service NodePort range.
+	ServiceNodePortRange string `json:",omitempty"`
+	// SysctlParameters will configure kernel parameters using sysctl(8).
 	SysctlParameters []string `json:",omitempty"`
 	// UpdatePolicy determines the policy for applying upgrades automatically.
 	UpdatePolicy string
@@ -195,15 +195,15 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 			NonMasqueradeCIDR:     cluster.Spec.Networking.NonMasqueradeCIDR,
 			ServiceClusterIPRange: cluster.Spec.Networking.ServiceClusterIPRange,
 		},
-		UsesKubenet:      cluster.Spec.Networking.UsesKubenet(),
-		SysctlParameters: instanceGroup.Spec.SysctlParameters,
-		VolumeMounts:     instanceGroup.Spec.VolumeMounts,
-		FileAssets:       append(filterFileAssets(instanceGroup.Spec.FileAssets, role), filterFileAssets(cluster.Spec.FileAssets, role)...),
-		Hooks:            [][]kops.HookSpec{igHooks, clusterHooks},
-		ContainerRuntime: cluster.Spec.ContainerRuntime,
-		Docker:           cluster.Spec.Docker,
-		UsesLegacyGossip: cluster.UsesLegacyGossip(),
-		UsesNoneDNS:      cluster.UsesNoneDNS(),
+		UsesKubenet:          cluster.Spec.Networking.UsesKubenet(),
+		ServiceNodePortRange: cluster.Spec.KubeAPIServer.ServiceNodePortRange,
+		VolumeMounts:         instanceGroup.Spec.VolumeMounts,
+		FileAssets:           append(filterFileAssets(instanceGroup.Spec.FileAssets, role), filterFileAssets(cluster.Spec.FileAssets, role)...),
+		Hooks:                [][]kops.HookSpec{igHooks, clusterHooks},
+		ContainerRuntime:     cluster.Spec.ContainerRuntime,
+		Docker:               cluster.Spec.Docker,
+		UsesLegacyGossip:     cluster.UsesLegacyGossip(),
+		UsesNoneDNS:          cluster.UsesNoneDNS(),
 	}
 
 	bootConfig := BootConfig{
@@ -312,6 +312,20 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 		config.Networking.EgressProxy = cluster.Spec.Networking.EgressProxy
 	}
 
+	if len(instanceGroup.Spec.SysctlParameters) > 0 {
+		config.SysctlParameters = append(config.SysctlParameters,
+			"# Custom sysctl parameters from instance group spec",
+			"")
+		config.SysctlParameters = append(config.SysctlParameters, instanceGroup.Spec.SysctlParameters...)
+	}
+
+	if len(cluster.Spec.SysctlParameters) > 0 {
+		config.SysctlParameters = append(config.SysctlParameters,
+			"# Custom sysctl parameters from cluster spec",
+			"")
+		config.SysctlParameters = append(config.SysctlParameters, cluster.Spec.SysctlParameters...)
+	}
+
 	return &config, &bootConfig
 }
 

tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data

@@ -267,7 +267,7 @@ ClusterName: complex.example.com
 ConfigBase: memfs://clusters.example.com/complex.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: WXHgaSWNiZgZDuXaleFp8ChsNM9KgZlve1lLOp+KzhY=
+NodeupConfigHash: cNloBK/3TsTihoCnSsS0/tA1jUTT3u566K3IazjRfRI=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/complex/data/aws_launch_template_nodes.complex.example.com_user_data

@@ -186,7 +186,7 @@ ConfigServer:
   - https://kops-controller.internal.complex.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: nqKc7rtUy7/gqhuWD7794tEZ6+Vq8cncOjX9IIXgFrk=
+NodeupConfigHash: J+dibci70qHTs7IPZIMTGImBa78EmKVe4eN2GG3k0rs=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/complex/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -286,6 +286,7 @@ KubernetesVersion: 1.24.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
+ServiceNodePortRange: 28000-32767
 UpdatePolicy: automatic
 channels:
 - memfs://clusters.example.com/complex.example.com/addons/bootstrap-channel.yaml

tests/integration/update_cluster/complex/data/aws_s3_object_nodeupconfig-nodes_content

@@ -50,6 +50,7 @@ KubernetesVersion: 1.24.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
+ServiceNodePortRange: 28000-32767
 UpdatePolicy: automatic
 channels:
 - memfs://clusters.example.com/complex.example.com/addons/bootstrap-channel.yaml

tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data

@@ -254,7 +254,7 @@ ClusterName: externalpolicies.example.com
 ConfigBase: memfs://clusters.example.com/externalpolicies.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: w2FB4S/PEQ8c3xk58nodE9yzPDRamh9obqceiTU1XTI=
+NodeupConfigHash: Ls7wjfJXPUjjEaRqQ92ytpZ1G9P2ET3kECUB8KNkFfk=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data

@@ -177,7 +177,7 @@ ConfigServer:
   - https://kops-controller.internal.externalpolicies.example.com:3988/
 InstanceGroupName: nodes
 InstanceGroupRole: Node
-NodeupConfigHash: vx0PmQlG28QvvQS8nBTG4z1jPvaEOMtKDmrwarH6e8M=
+NodeupConfigHash: /xUe4MHbfrSantuCCFP6zCnipjHmy5QD8ec/AOPgOWc=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -280,6 +280,7 @@ KubernetesVersion: 1.26.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
+ServiceNodePortRange: 28000-32767
 UpdatePolicy: automatic
 channels:
 - memfs://clusters.example.com/externalpolicies.example.com/addons/bootstrap-channel.yaml

tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content

@@ -50,6 +50,7 @@ KubernetesVersion: 1.26.0
 Networking:
   nonMasqueradeCIDR: 100.64.0.0/10
   serviceClusterIPRange: 100.64.0.0/13
+ServiceNodePortRange: 28000-32767
 UpdatePolicy: automatic
 channels:
 - memfs://clusters.example.com/externalpolicies.example.com/addons/bootstrap-channel.yaml