diff --git a/pkg/providers/cloudstack/config/template-cp.yaml b/pkg/providers/cloudstack/config/template-cp.yaml index ee9115402b308..1c9e00cacb0b2 100644 --- a/pkg/providers/cloudstack/config/template-cp.yaml +++ b/pkg/providers/cloudstack/config/template-cp.yaml @@ -309,10 +309,12 @@ spec: criSocket: /var/run/containerd/containerd.sock kubeletExtraArgs: provider-id: cloudstack:///'{{`{{ ds.meta_data.instance_id }}`}}' +{{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} +{{- end }} {{- end }} name: "{{`{{ ds.meta_data.hostname }}`}}" {{- if .controlPlaneTaints }} @@ -335,10 +337,12 @@ spec: criSocket: /var/run/containerd/containerd.sock kubeletExtraArgs: provider-id: cloudstack:///'{{`{{ ds.meta_data.instance_id }}`}}' +{{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} +{{- end }} {{- end }} name: "{{`{{ ds.meta_data.hostname }}`}}" {{- if .controlPlaneTaints }} diff --git a/pkg/providers/cloudstack/config/template-md.yaml b/pkg/providers/cloudstack/config/template-md.yaml index 4229bbe63874f..f558c2a97095e 100644 --- a/pkg/providers/cloudstack/config/template-md.yaml +++ b/pkg/providers/cloudstack/config/template-md.yaml @@ -27,10 +27,12 @@ spec: {{- end }} kubeletExtraArgs: provider-id: cloudstack:///'{{`{{ ds.meta_data.instance_id }}`}}' +{{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 12 }} +{{- end }} {{- end }} name: "{{`{{ ds.meta_data.hostname }}`}}" {{- if or (or .proxyConfig .registryMirrorMap) .kubeletConfiguration }} diff --git a/pkg/providers/cloudstack/template.go b/pkg/providers/cloudstack/template.go index eb6cb5fdf0812..f8effa07cfc9b 100644 --- a/pkg/providers/cloudstack/template.go +++ b/pkg/providers/cloudstack/template.go @@ -118,9 +118,6 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro etcdExtraArgs := clusterapi.SecureEtcdTlsCipherSuitesExtraArgs() sharedExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs() - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). - Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig). Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)). Append(clusterapi.APIServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.APIServerExtraArgs)). @@ -190,7 +187,6 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro "podCidrs": clusterSpec.Cluster.Spec.ClusterNetwork.Pods.CidrBlocks, "serviceCidrs": clusterSpec.Cluster.Spec.ClusterNetwork.Services.CidrBlocks, "apiserverExtraArgs": apiServerExtraArgs.ToPartialYaml(), - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "etcdExtraArgs": etcdExtraArgs.ToPartialYaml(), "etcdCipherSuites": crypto.SecureCipherSuitesString(), "controllermanagerExtraArgs": controllerManagerExtraArgs.ToPartialYaml(), @@ -266,8 +262,12 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro if err != nil { return nil, fmt.Errorf("error marshaling %v", err) } - values["kubeletConfiguration"] = string(kcString) + } else { + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). + Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } return values, nil @@ -349,9 +349,6 @@ func fillProxyConfigurations(values map[string]interface{}, clusterSpec *cluster func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupConfiguration v1alpha1.WorkerNodeGroupConfiguration) (map[string]interface{}, error) { versionsBundle := clusterSpec.WorkerNodeGroupVersionsBundle(workerNodeGroupConfiguration) format := "cloud-config" - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)) workerNodeGroupMachineSpec := workerMachineConfig(clusterSpec, workerNodeGroupConfiguration).Spec workerUser := workerNodeGroupMachineSpec.Users[0] @@ -376,7 +373,6 @@ func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupConfiguration "workerSshUsername": workerNodeGroupMachineSpec.Users[0].Name, "cloudstackWorkerSshAuthorizedKey": workerSSHKey, "format": format, - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "eksaSystemNamespace": constants.EksaSystemNamespace, "workerNodeGroupName": fmt.Sprintf("%s-%s", clusterSpec.Cluster.Name, workerNodeGroupConfiguration.Name), "workerNodeGroupTaints": workerNodeGroupConfiguration.Taints, @@ -410,6 +406,11 @@ func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupConfiguration } values["kubeletConfiguration"] = string(kcString) + } else { + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)) + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } return values, nil diff --git a/pkg/providers/docker/config/template-cp.yaml b/pkg/providers/docker/config/template-cp.yaml index b9f8434e7bc92..fbc99698e3cab 100644 --- a/pkg/providers/docker/config/template-cp.yaml +++ b/pkg/providers/docker/config/template-cp.yaml @@ -222,11 +222,13 @@ spec: {{- end }} nodeRegistration: criSocket: /var/run/containerd/containerd.sock +{{- if not .kubeletConfiguration }} kubeletExtraArgs: eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} {{- end }} +{{- end }} {{- if not .workerNodeGroupConfigurations }} taints: [] {{- end }} @@ -247,11 +249,13 @@ spec: {{- end }} nodeRegistration: criSocket: /var/run/containerd/containerd.sock +{{- if not .kubeletConfiguration }} kubeletExtraArgs: eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} {{- end }} +{{- end }} {{- if not .workerNodeGroupConfigurations }} taints: [] {{- end }} diff --git a/pkg/providers/docker/config/template-md.yaml b/pkg/providers/docker/config/template-md.yaml index b0e9cc8592ce1..14a63ca3a0e00 100644 --- a/pkg/providers/docker/config/template-md.yaml +++ b/pkg/providers/docker/config/template-md.yaml @@ -25,11 +25,13 @@ spec: {{- else}} taints: [] {{- end }} +{{- if not .kubeletConfiguration }} kubeletExtraArgs: eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 12 }} {{- end }} +{{- end }} {{- if or .registryMirrorMap .kubeletConfiguration }} files: {{- end }} diff --git a/pkg/providers/docker/controlplane_test.go b/pkg/providers/docker/controlplane_test.go index 7d2205139eda7..b3930909dad33 100644 --- a/pkg/providers/docker/controlplane_test.go +++ b/pkg/providers/docker/controlplane_test.go @@ -98,18 +98,6 @@ func TestControlPlaneSpecNewCluster(t *testing.T) { g.Expect(cp.EtcdMachineTemplate).To(Equal(wantEtcdMachineTemplate)) } -func TestControlPlaneSpecNoKubeVersion(t *testing.T) { - g := NewWithT(t) - logger := test.NewNullLogger() - ctx := context.Background() - client := test.NewFakeKubeClient() - spec := testClusterSpec() - spec.Cluster.Spec.KubernetesVersion = "" - - _, err := docker.ControlPlaneSpec(ctx, logger, client, spec) - g.Expect(err).To(MatchError(ContainSubstring("generating docker control plane yaml spec"))) -} - func TestControlPlaneSpecUpdateMachineTemplates(t *testing.T) { g := NewWithT(t) logger := test.NewNullLogger() diff --git a/pkg/providers/docker/docker.go b/pkg/providers/docker/docker.go index 77e91dd9d908c..c6aad6b5e1998 100644 --- a/pkg/providers/docker/docker.go +++ b/pkg/providers/docker/docker.go @@ -281,17 +281,6 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro versionsBundle := clusterSpec.RootVersionsBundle() etcdExtraArgs := clusterapi.SecureEtcdTlsCipherSuitesExtraArgs() sharedExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs() - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). - Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) - - cgroupDriverArgs, err := kubeletCgroupDriverExtraArgs(clusterSpec.Cluster.Spec.KubernetesVersion) - if err != nil { - return nil, err - } - if cgroupDriverArgs != nil { - kubeletExtraArgs.Append(cgroupDriverArgs) - } apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig). Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)). @@ -316,7 +305,6 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro "apiserverExtraArgs": apiServerExtraArgs.ToPartialYaml(), "controllermanagerExtraArgs": controllerManagerExtraArgs.ToPartialYaml(), "schedulerExtraArgs": sharedExtraArgs.ToPartialYaml(), - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "externalEtcdVersion": versionsBundle.KubeDistro.EtcdVersion, "eksaSystemNamespace": constants.EksaSystemNamespace, "podCidrs": clusterSpec.Cluster.Spec.ClusterNetwork.Pods.CidrBlocks, @@ -367,34 +355,34 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro } values["kubeletConfiguration"] = string(kcString) + + } else { + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). + Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) + + cgroupDriverArgs, err := kubeletCgroupDriverExtraArgs(clusterSpec.Cluster.Spec.KubernetesVersion) + if err != nil { + return nil, err + } + if cgroupDriverArgs != nil { + kubeletExtraArgs.Append(cgroupDriverArgs) + } + + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } return values, nil } func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupConfiguration v1alpha1.WorkerNodeGroupConfiguration) (map[string]interface{}, error) { - kubeVersion := clusterSpec.Cluster.Spec.KubernetesVersion - if workerNodeGroupConfiguration.KubernetesVersion != nil { - kubeVersion = *workerNodeGroupConfiguration.KubernetesVersion - } versionsBundle := clusterSpec.WorkerNodeGroupVersionsBundle(workerNodeGroupConfiguration) - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)) - cgroupDriverArgs, err := kubeletCgroupDriverExtraArgs(kubeVersion) - if err != nil { - return nil, err - } - if cgroupDriverArgs != nil { - kubeletExtraArgs.Append(cgroupDriverArgs) - } values := map[string]interface{}{ "clusterName": clusterSpec.Cluster.Name, "kubernetesVersion": versionsBundle.KubeDistro.Kubernetes.Tag, "kindNodeImage": versionsBundle.EksD.KindNode.VersionedImage(), "eksaSystemNamespace": constants.EksaSystemNamespace, - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "workerReplicas": *workerNodeGroupConfiguration.Count, "workerNodeGroupName": fmt.Sprintf("%s-%s", clusterSpec.Cluster.Name, workerNodeGroupConfiguration.Name), "workerNodeGroupTaints": workerNodeGroupConfiguration.Taints, @@ -416,6 +404,24 @@ func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupConfiguration } values["kubeletConfiguration"] = string(kcString) + } else { + kubeVersion := clusterSpec.Cluster.Spec.KubernetesVersion + if workerNodeGroupConfiguration.KubernetesVersion != nil { + kubeVersion = *workerNodeGroupConfiguration.KubernetesVersion + } + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)) + + cgroupDriverArgs, err := kubeletCgroupDriverExtraArgs(kubeVersion) + if err != nil { + return nil, err + } + if cgroupDriverArgs != nil { + kubeletExtraArgs.Append(cgroupDriverArgs) + } + + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } return values, nil diff --git a/pkg/providers/docker/docker_test.go b/pkg/providers/docker/docker_test.go index 774ee109f1e49..7cddf8f4fc5d0 100644 --- a/pkg/providers/docker/docker_test.go +++ b/pkg/providers/docker/docker_test.go @@ -827,17 +827,6 @@ func TestDockerTemplateBuilderGenerateCAPISpecControlPlane(t *testing.T) { }, wantErr: nil, }, - { - name: "kube version not specified", - args: args{ - clusterSpec: test.NewClusterSpec(func(s *cluster.Spec) { - s.Cluster.Name = "test-cluster" - s.Cluster.Spec.KubernetesVersion = "" - }), - buildOptions: nil, - }, - wantErr: fmt.Errorf("error building template map for CP "), - }, { name: "kubelet config specified", args: args{ @@ -922,16 +911,6 @@ func TestDockerTemplateBuilderGenerateCAPISpecWorkers(t *testing.T) { args args wantErr error }{ - { - name: "kube version not specified", - args: args{ - clusterSpec: test.NewClusterSpec(func(s *cluster.Spec) { - s.Cluster.Name = "test-cluster" - s.Cluster.Spec.KubernetesVersion = "" - }), - }, - wantErr: fmt.Errorf("error building template map for MD "), - }, { name: "kubelet config specified", args: args{ diff --git a/pkg/providers/docker/reconciler/reconciler_test.go b/pkg/providers/docker/reconciler/reconciler_test.go index f8d0487694c5d..90bbc921188a4 100644 --- a/pkg/providers/docker/reconciler/reconciler_test.go +++ b/pkg/providers/docker/reconciler/reconciler_test.go @@ -336,15 +336,6 @@ func TestReconcileControlPlaneUnstackedEtcdSuccess(t *testing.T) { ) } -func TestReconcilerReconcileControlPlaneFailure(t *testing.T) { - tt := newReconcilerTest(t) - tt.createAllObjs() - spec := tt.buildSpec() - spec.Cluster.Spec.KubernetesVersion = "" - _, err := tt.reconciler().ReconcileControlPlane(tt.ctx, test.NewNullLogger(), spec) - tt.Expect(err).To(MatchError(ContainSubstring("generating docker control plane yaml spec"))) -} - type reconcilerTest struct { t testing.TB *WithT diff --git a/pkg/providers/nutanix/config/cp-template.yaml b/pkg/providers/nutanix/config/cp-template.yaml index 82acdc53dc66d..d400bc827b203 100644 --- a/pkg/providers/nutanix/config/cp-template.yaml +++ b/pkg/providers/nutanix/config/cp-template.yaml @@ -337,10 +337,12 @@ spec: # We have to pin the cgroupDriver to cgroupfs as kubeadm >=1.21 defaults to systemd # kind will implement systemd support in: https://github.com/kubernetes-sigs/kind/issues/1726 #cgroup-driver: cgroupfs +{{- if not .kubeletConfiguration }} eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} {{- end }} +{{- end }} {{- if .controlPlaneTaints }} taints: {{- range .controlPlaneTaints}} @@ -361,11 +363,13 @@ spec: criSocket: /var/run/containerd/containerd.sock kubeletExtraArgs: cloud-provider: external +{{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} {{- end }} +{{- end }} {{- if .controlPlaneTaints }} taints: {{- range .controlPlaneTaints}} diff --git a/pkg/providers/nutanix/config/md-template.yaml b/pkg/providers/nutanix/config/md-template.yaml index ac63a9ffff750..0ce5fa463258d 100644 --- a/pkg/providers/nutanix/config/md-template.yaml +++ b/pkg/providers/nutanix/config/md-template.yaml @@ -121,10 +121,12 @@ spec: # We have to pin the cgroupDriver to cgroupfs as kubeadm >=1.21 defaults to systemd # kind will implement systemd support in: https://github.com/kubernetes-sigs/kind/issues/1726 #cgroup-driver: cgroupfs +{{- if not .kubeletConfiguration }} eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 12 }} {{- end }} +{{- end }} {{- if .workerNodeGroupTaints }} taints: {{- range .workerNodeGroupTaints}} diff --git a/pkg/providers/nutanix/template.go b/pkg/providers/nutanix/template.go index 24e93dcc03b2b..c7d52d9fcad7b 100644 --- a/pkg/providers/nutanix/template.go +++ b/pkg/providers/nutanix/template.go @@ -168,9 +168,6 @@ func buildTemplateMapCP( Append(clusterapi.APIServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.APIServerExtraArgs)). Append(clusterapi.EtcdEncryptionExtraArgs(clusterSpec.Cluster.Spec.EtcdEncryption)) clusterapi.SetPodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig, apiServerExtraArgs) - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). - Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) auditPolicy, err := common.GetAuditPolicy(clusterSpec.Cluster.Spec.KubernetesVersion) if err != nil { @@ -200,7 +197,6 @@ func buildTemplateMapCP( "corednsVersion": versionsBundle.KubeDistro.CoreDNS.Tag, "etcdRepository": versionsBundle.KubeDistro.Etcd.Repository, "etcdImageTag": versionsBundle.KubeDistro.Etcd.Tag, - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "kubeVipImage": versionsBundle.Nutanix.KubeVip.VersionedImage(), "kubeVipSvcEnable": false, "kubeVipLBEnable": false, @@ -328,6 +324,11 @@ func buildTemplateMapCP( } values["kubeletConfiguration"] = string(kcString) + } else { + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). + Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } return values, nil @@ -337,9 +338,6 @@ func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupMachineSpec v1 versionsBundle := clusterSpec.WorkerNodeGroupVersionsBundle(workerNodeGroupConfiguration) format := "cloud-config" - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). - Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)) values := map[string]interface{}{ "clusterName": clusterSpec.Cluster.Name, "eksaSystemNamespace": constants.EksaSystemNamespace, @@ -356,7 +354,6 @@ func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupMachineSpec v1 "imageIDType": workerNodeGroupMachineSpec.Image.Type, "imageName": workerNodeGroupMachineSpec.Image.Name, "imageUUID": workerNodeGroupMachineSpec.Image.UUID, - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "nutanixPEClusterIDType": workerNodeGroupMachineSpec.Cluster.Type, "nutanixPEClusterName": workerNodeGroupMachineSpec.Cluster.Name, "nutanixPEClusterUUID": workerNodeGroupMachineSpec.Cluster.UUID, @@ -414,6 +411,11 @@ func buildTemplateMapMD(clusterSpec *cluster.Spec, workerNodeGroupMachineSpec v1 } values["kubeletConfiguration"] = string(kcString) + } else { + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). + Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)) + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } return values, nil } diff --git a/pkg/providers/vsphere/config/template-cp.yaml b/pkg/providers/vsphere/config/template-cp.yaml index 3715e523b0226..e3904896c6a29 100644 --- a/pkg/providers/vsphere/config/template-cp.yaml +++ b/pkg/providers/vsphere/config/template-cp.yaml @@ -408,10 +408,12 @@ spec: criSocket: /var/run/containerd/containerd.sock kubeletExtraArgs: cloud-provider: external +{{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} +{{- end }} {{- end }} name: '{{`{{ ds.meta_data.hostname }}`}}' {{- if .controlPlaneTaints }} @@ -478,10 +480,12 @@ spec: criSocket: /var/run/containerd/containerd.sock kubeletExtraArgs: cloud-provider: external +{{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 10 }} +{{- end }} {{- end }} name: '{{`{{ ds.meta_data.hostname }}`}}' {{- if .controlPlaneTaints }} diff --git a/pkg/providers/vsphere/config/template-md.yaml b/pkg/providers/vsphere/config/template-md.yaml index 164b6c2de1a8a..4a4fece1e2f61 100644 --- a/pkg/providers/vsphere/config/template-md.yaml +++ b/pkg/providers/vsphere/config/template-md.yaml @@ -71,6 +71,7 @@ spec: {{- end }} kubeletExtraArgs: cloud-provider: external +{{- if not .kubeletConfiguration }} read-only-port: "0" anonymous-auth: "false" {{- if .cgroupDriverSystemd}} @@ -78,6 +79,7 @@ spec: {{- end }} {{- if .kubeletExtraArgs }} {{ .kubeletExtraArgs.ToYaml | indent 12 }} +{{- end }} {{- end }} name: '{{"{{"}} ds.meta_data.hostname {{"}}"}}' {{- if or (and (ne .format "bottlerocket") (or .proxyConfig .registryMirrorMap)) .kubeletConfiguration }} diff --git a/pkg/providers/vsphere/template.go b/pkg/providers/vsphere/template.go index cbd6faac1b3f3..3389253723ce5 100644 --- a/pkg/providers/vsphere/template.go +++ b/pkg/providers/vsphere/template.go @@ -140,9 +140,7 @@ func buildTemplateMapCP( format := "cloud-config" etcdExtraArgs := clusterapi.SecureEtcdTlsCipherSuitesExtraArgs() sharedExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs() - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). - Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) + apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig). Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)). Append(clusterapi.APIServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.APIServerExtraArgs)). @@ -202,7 +200,6 @@ func buildTemplateMapCP( "apiserverExtraArgs": apiServerExtraArgs.ToPartialYaml(), "controllerManagerExtraArgs": controllerManagerExtraArgs.ToPartialYaml(), "schedulerExtraArgs": sharedExtraArgs.ToPartialYaml(), - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "format": format, "externalEtcdVersion": versionsBundle.KubeDistro.EtcdVersion, "etcdImage": versionsBundle.KubeDistro.EtcdImage.VersionedImage(), @@ -358,13 +355,16 @@ func buildTemplateMapCP( if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration != nil { cpKubeletConfig := clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration.Object - kcString, err := yaml.Marshal(cpKubeletConfig) if err != nil { return nil, fmt.Errorf("error marshaling %v", err) } - values["kubeletConfiguration"] = string(kcString) + } else { + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)). + Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)) + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy != nil { @@ -390,9 +390,6 @@ func buildTemplateMapMD( return nil, fmt.Errorf("could not find VersionsBundle") } format := "cloud-config" - kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). - Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)). - Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)) firstUser := workerNodeGroupMachineSpec.Users[0] sshKey, err := common.StripSshAuthorizedKeyComment(firstUser.SshAuthorizedKeys[0]) @@ -420,7 +417,6 @@ func buildTemplateMapMD( "vsphereWorkerSshAuthorizedKey": sshKey, "format": format, "eksaSystemNamespace": constants.EksaSystemNamespace, - "kubeletExtraArgs": kubeletExtraArgs.ToPartialYaml(), "workerReplicas": *workerNodeGroupConfiguration.Count, "workerNodeGroupName": fmt.Sprintf("%s-%s", clusterSpec.Cluster.Name, workerNodeGroupConfiguration.Name), "workerNodeGroupTaints": workerNodeGroupConfiguration.Taints, @@ -509,6 +505,11 @@ func buildTemplateMapMD( } values["kubeletConfiguration"] = string(kcString) + } else { + kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs(). + Append(clusterapi.WorkerNodeLabelsExtraArgs(workerNodeGroupConfiguration)). + Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)) + values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml() } return values, nil