Fix defaults

aws · Jun 10, 2024 · 20c99e5 · 20c99e5
1 parent 887cb94
commit 20c99e5
Show file tree

Hide file tree

Showing 7 changed files with 555 additions and 8 deletions.
diff --git a/pkg/crypto/tls.go b/pkg/crypto/tls.go
@@ -7,10 +7,10 @@ import (
 // This is what we currently support as the default. In the future,
 // we can make this customizable and return a wider range of
 // supported names.
-func secureCipherSuiteNames() []string {
+func SecureCipherSuiteNames() []string {
 	return []string{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}
 }
 
 func SecureCipherSuitesString() string {
-	return strings.Join(secureCipherSuiteNames(), ",")
+	return strings.Join(SecureCipherSuiteNames(), ",")
 }
diff --git a/pkg/providers/tinkerbell/config/template-cp.yaml b/pkg/providers/tinkerbell/config/template-cp.yaml
@@ -162,7 +162,7 @@ spec:
 {{- end }}
     initConfiguration:
 {{- if .kubeletConfiguration }}
-      patches: 
+      patches:
         directory: /etc/kubernetes/patches
 {{- end }}
       nodeRegistration:
@@ -191,7 +191,7 @@ spec:
 {{- end }}
     joinConfiguration:
 {{- if .kubeletConfiguration }}
-      patches: 
+      patches:
         directory: /etc/kubernetes/patches
 {{- end }}
 {{- if (eq .format "bottlerocket") }}

diff --git a/pkg/providers/tinkerbell/config/template-md.yaml b/pkg/providers/tinkerbell/config/template-md.yaml
@@ -76,7 +76,7 @@ spec:
     spec:
       joinConfiguration:
 {{- if .kubeletConfiguration }}
-        patches: 
+        patches:
           directory: /etc/kubernetes/patches
 {{- end }}
 {{- if (eq .format "bottlerocket") }}

diff --git a/pkg/providers/tinkerbell/template.go b/pkg/providers/tinkerbell/template.go
@@ -506,6 +506,16 @@ func buildTemplateMapCP(
 
 	if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration != nil {
 		cpKubeletConfig := clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration.Object
+
+		if _, ok := cpKubeletConfig["tlsCipherSuites"]; !ok {
+			cpKubeletConfig["tlsCipherSuites"] = crypto.SecureCipherSuiteNames()
+		}
+
+		if _, ok := cpKubeletConfig["resolvConf"]; !ok {
+			if clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf != nil {
+				cpKubeletConfig["resolvConf"] = clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf.Path
+			}
+		}
 		kcString, err := yaml.Marshal(cpKubeletConfig)
 		if err != nil {
 			return nil, fmt.Errorf("marshaling control plane node Kubelet Configuration while building CAPI template %v", err)
@@ -593,6 +603,16 @@ func buildTemplateMapMD(
 
 	if workerNodeGroupConfiguration.KubeletConfiguration != nil {
 		wnKubeletConfig := workerNodeGroupConfiguration.KubeletConfiguration.Object
+		if _, ok := wnKubeletConfig["tlsCipherSuites"]; !ok {
+			wnKubeletConfig["tlsCipherSuites"] = crypto.SecureCipherSuiteNames()
+		}
+
+		if _, ok := wnKubeletConfig["resolvConf"]; !ok {
+			if clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf != nil {
+				wnKubeletConfig["resolvConf"] = clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf.Path
+			}
+		}
+
 		kcString, err := yaml.Marshal(wnKubeletConfig)
 		if err != nil {
 			return nil, fmt.Errorf("marshaling Kubelet Configuration for worker node %s: %v", workerNodeGroupConfiguration.Name, err)

diff --git a/pkg/providers/tinkerbell/template_test.go b/pkg/providers/tinkerbell/template_test.go
@@ -205,7 +205,7 @@ func TestTemplateBuilderCPKubeletConfig(t *testing.T) {
 	}{
 		{
 			Input:  "testdata/cluster_tinkerbell_api_server_cert_san_ip.yaml",
-			Output: "testdata/expected_cluster_tinkerbell_api_server_cert_san_ip.yaml",
+			Output: "testdata/expected_kcp.yaml",
 		},
 	} {
 		g := NewWithT(t)
@@ -223,9 +223,17 @@ func TestTemplateBuilderCPKubeletConfig(t *testing.T) {
 			},
 		}
 
+		clusterSpec.Cluster.Spec.ClusterNetwork.DNS = v1alpha1.DNS{
+			ResolvConf: &v1alpha1.ResolvConf{
+				Path: "test-path",
+			},
+		}
+
 		data, err := bldr.GenerateCAPISpecControlPlane(clusterSpec)
 		g.Expect(err).ToNot(HaveOccurred())
 		g.Expect(data).To(ContainSubstring("maxPods"))
+		t.Logf("\n data %v\n", string(data))
+		test.AssertContentToFile(t, string(data), tc.Output)
 	}
 }
 
@@ -236,7 +244,7 @@ func TestTemplateBuilderWNKubeletConfig(t *testing.T) {
 	}{
 		{
 			Input:  "testdata/cluster_tinkerbell_api_server_cert_san_ip.yaml",
-			Output: "testdata/expected_cluster_tinkerbell_api_server_cert_san_ip.yaml",
+			Output: "testdata/expected_kct.yaml",
 		},
 	} {
 		g := NewWithT(t)
@@ -271,13 +279,20 @@ func TestTemplateBuilderWNKubeletConfig(t *testing.T) {
 			},
 		}
 
+		clusterSpec.Cluster.Spec.ClusterNetwork.DNS = v1alpha1.DNS{
+			ResolvConf: &v1alpha1.ResolvConf{
+				Path: "test-path",
+			},
+		}
+
 		cpMachineCfg, _ := getControlPlaneMachineSpec(clusterSpec)
 		wngMachineCfgs, _ := getWorkerNodeGroupMachineSpec(clusterSpec)
 		tinkIPBefore := "0.0.0.0"
 		bldr := NewTemplateBuilder(&clusterSpec.TinkerbellDatacenter.Spec, cpMachineCfg, nil, wngMachineCfgs, tinkIPBefore, time.Now)
 		workerTemplateNames, kubeadmTemplateNames := clusterapi.InitialTemplateNamesForWorkers(clusterSpec)
 		data, err := bldr.GenerateCAPISpecWorkers(clusterSpec, workerTemplateNames, kubeadmTemplateNames)
 		g.Expect(err).ToNot(HaveOccurred())
-		g.Expect(data).To(ContainSubstring("maxPods"))
+		t.Logf("\n data %v\n", string(data))
+		test.AssertContentToFile(t, string(data), tc.Output)
 	}
 }