Skip to content

Commit

Permalink
Controller manager args for clusterapi (#2387)
Browse files Browse the repository at this point in the history
  • Loading branch information
mitalipaygude authored Jun 13, 2022
1 parent c96cc72 commit 20ab30a
Show file tree
Hide file tree
Showing 8 changed files with 121 additions and 19 deletions.
6 changes: 3 additions & 3 deletions pkg/clusterapi/apibuilder.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,17 +140,17 @@ func KubeadmControlPlane(clusterSpec *cluster.Spec, infrastructureObject APIObje
},
},
ControllerManager: bootstrapv1.ControlPlaneComponent{
ExtraArgs: map[string]string{},
ExtraArgs: ControllerManagerArgs(clusterSpec),
},
},
InitConfiguration: &bootstrapv1.InitConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: SecureTlsCipherSuitesExtraArgs(),
},
},
JoinConfiguration: &bootstrapv1.JoinConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: SecureTlsCipherSuitesExtraArgs(),
},
},
PreKubeadmCommands: []string{},
Expand Down
6 changes: 3 additions & 3 deletions pkg/clusterapi/apibuilder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -225,17 +225,17 @@ func wantKubeadmControlPlane() *controlplanev1.KubeadmControlPlane {
},
},
ControllerManager: bootstrapv1.ControlPlaneComponent{
ExtraArgs: map[string]string{},
ExtraArgs: tlsCipherSuitesArgs(),
},
},
InitConfiguration: &bootstrapv1.InitConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
JoinConfiguration: &bootstrapv1.JoinConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
PreKubeadmCommands: []string{},
Expand Down
10 changes: 10 additions & 0 deletions pkg/clusterapi/controllermanagerargs.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
package clusterapi

import (
"github.com/aws/eks-anywhere/pkg/cluster"
)

func ControllerManagerArgs(clusterSpec *cluster.Spec) ExtraArgs {
return SecureTlsCipherSuitesExtraArgs().
Append(NodeCIDRMaskExtraArgs(&clusterSpec.Cluster.Spec.ClusterNetwork))
}
81 changes: 81 additions & 0 deletions pkg/clusterapi/controllermanagerargs_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package clusterapi_test

import (
"reflect"
"testing"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

"github.com/aws/eks-anywhere/internal/test"
"github.com/aws/eks-anywhere/pkg/api/v1alpha1"
"github.com/aws/eks-anywhere/pkg/cluster"
"github.com/aws/eks-anywhere/pkg/clusterapi"
)

func TestSetControllerManagerArgs(t *testing.T) {
tests := []struct {
name string
clusterSpec *cluster.Spec
want clusterapi.ExtraArgs
}{
{
name: "without Node CIDR mask",
clusterSpec: givenClusterSpec(),
want: map[string]string{"tls-cipher-suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
},
{
name: "with Node CIDR mask",
clusterSpec: givenClusterSpecWithNodeCIDR(),
want: map[string]string{"node-cidr-mask-size": "28", "tls-cipher-suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := clusterapi.ControllerManagerArgs(tt.clusterSpec)
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("ControllerManagerArgs()/%s got = %v, want %v", tt.name, got, tt.want)
}
})
}
}

func givenClusterSpecWithNodeCIDR() *cluster.Spec {
cluster := givenClusterSpec()
nodeCidrMaskSize := new(int)
*nodeCidrMaskSize = 28
cluster.Cluster.Spec.ClusterNetwork = v1alpha1.ClusterNetwork{
Nodes: &v1alpha1.Nodes{CIDRMaskSize: nodeCidrMaskSize},
}
return cluster
}

func givenClusterSpec() *cluster.Spec {
return test.NewClusterSpec(func(s *cluster.Spec) {
s.Cluster = &v1alpha1.Cluster{
ObjectMeta: metav1.ObjectMeta{
Name: "snow-test",
Namespace: "test-namespace",
},
Spec: v1alpha1.ClusterSpec{
ClusterNetwork: v1alpha1.ClusterNetwork{
CNI: v1alpha1.Cilium,
Pods: v1alpha1.Pods{
CidrBlocks: []string{
"10.1.0.0/16",
},
},
Services: v1alpha1.Services{
CidrBlocks: []string{
"10.96.0.0/12",
},
},
},
},
}
})
}

func tlsCipherSuitesArgs() map[string]string {
return map[string]string{"tls-cipher-suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}
}
18 changes: 9 additions & 9 deletions pkg/clusterapi/identity_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,17 +105,17 @@ func TestConfigureAWSIAMAuthInKubeadmControlPlane(t *testing.T) {
},
},
ControllerManager: bootstrapv1.ControlPlaneComponent{
ExtraArgs: map[string]string{},
ExtraArgs: tlsCipherSuitesArgs(),
},
},
InitConfiguration: &bootstrapv1.InitConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
JoinConfiguration: &bootstrapv1.JoinConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
PreKubeadmCommands: []string{},
Expand Down Expand Up @@ -273,17 +273,17 @@ func TestConfigureOIDCInKubeadmControlPlane(t *testing.T) {
},
},
ControllerManager: bootstrapv1.ControlPlaneComponent{
ExtraArgs: map[string]string{},
ExtraArgs: tlsCipherSuitesArgs(),
},
},
InitConfiguration: &bootstrapv1.InitConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
JoinConfiguration: &bootstrapv1.JoinConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
PreKubeadmCommands: []string{},
Expand Down Expand Up @@ -368,17 +368,17 @@ func TestConfigurePodIamAuthInKubeadmControlPlane(t *testing.T) {
},
},
ControllerManager: bootstrapv1.ControlPlaneComponent{
ExtraArgs: map[string]string{},
ExtraArgs: tlsCipherSuitesArgs(),
},
},
InitConfiguration: &bootstrapv1.InitConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
JoinConfiguration: &bootstrapv1.JoinConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{},
KubeletExtraArgs: tlsCipherSuitesArgs(),
},
},
PreKubeadmCommands: []string{},
Expand Down
1 change: 1 addition & 0 deletions pkg/clusterapi/systemctl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ func TestRestartContainerdInKubeadmControlPlane(t *testing.T) {
clusterapi.RestartContainerdInKubeadmControlPlane(got, tt.cluster)
want := wantKubeadmControlPlane()
want.Spec.KubeadmConfigSpec.PreKubeadmCommands = tt.want

g.Expect(got).To(Equal(want))
})
}
Expand Down
12 changes: 9 additions & 3 deletions pkg/providers/snow/apibuilder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,20 +128,22 @@ func wantKubeadmControlPlane() *controlplanev1.KubeadmControlPlane {
},
},
ControllerManager: bootstrapv1.ControlPlaneComponent{
ExtraArgs: map[string]string{},
ExtraArgs: tlsCipherSuitesArgs(),
},
},
InitConfiguration: &bootstrapv1.InitConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{
"provider-id": "aws-snow:////'{{ ds.meta_data.instance_id }}'",
"provider-id": "aws-snow:////'{{ ds.meta_data.instance_id }}'",
"tls-cipher-suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
},
},
},
JoinConfiguration: &bootstrapv1.JoinConfiguration{
NodeRegistration: bootstrapv1.NodeRegistrationOptions{
KubeletExtraArgs: map[string]string{
"provider-id": "aws-snow:////'{{ ds.meta_data.instance_id }}'",
"provider-id": "aws-snow:////'{{ ds.meta_data.instance_id }}'",
"tls-cipher-suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
},
},
},
Expand Down Expand Up @@ -557,3 +559,7 @@ func TestSnowMachineTemplates(t *testing.T) {
}
tt.Expect(got).To(Equal(want))
}

func tlsCipherSuitesArgs() map[string]string {
return map[string]string{"tls-cipher-suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}
}
6 changes: 5 additions & 1 deletion pkg/providers/snow/testdata/expected_results_main_cp.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,9 @@ spec:
apiServer: {}
bottlerocketBootstrap: {}
bottlerocketControl: {}
controllerManager: {}
controllerManager:
extraArgs:
tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
dns:
imageRepository: public.ecr.aws/eks-distro/coredns
imageTag: v1.8.4-eks-1-21-9
Expand All @@ -81,13 +83,15 @@ spec:
nodeRegistration:
kubeletExtraArgs:
provider-id: aws-snow:////'{{ ds.meta_data.instance_id }}'
tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
joinConfiguration:
bottlerocketBootstrap: {}
bottlerocketControl: {}
discovery: {}
nodeRegistration:
kubeletExtraArgs:
provider-id: aws-snow:////'{{ ds.meta_data.instance_id }}'
tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
pause: {}
proxy: {}
registryMirror: {}
Expand Down

0 comments on commit 20ab30a

Please sign in to comment.