Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Propagate OIDC Config for Nutanix #4711

Merged
merged 2 commits into from
Jan 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions pkg/providers/nutanix/config/cp-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,10 @@ spec:
- localhost
- 127.0.0.1
- 0.0.0.0
{{- if .apiServerExtraArgs }}
extraArgs:
{{ .apiServerExtraArgs.ToYaml | indent 10 }}
{{- end }}
controllerManager:
extraArgs:
enable-hostpath-provisioner: "true"
Expand Down
3 changes: 3 additions & 0 deletions pkg/providers/nutanix/template.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (

"github.com/aws/eks-anywhere/pkg/api/v1alpha1"
"github.com/aws/eks-anywhere/pkg/cluster"
"github.com/aws/eks-anywhere/pkg/clusterapi"
"github.com/aws/eks-anywhere/pkg/constants"
"github.com/aws/eks-anywhere/pkg/crypto"
"github.com/aws/eks-anywhere/pkg/providers"
Expand Down Expand Up @@ -125,8 +126,10 @@ func buildTemplateMapCP(
) map[string]interface{} {
bundle := clusterSpec.VersionsBundle
format := "cloud-config"
apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig)

values := map[string]interface{}{
"apiServerExtraArgs": apiServerExtraArgs.ToPartialYaml(),
"clusterName": clusterSpec.Cluster.Name,
"controlPlaneEndpointIp": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Endpoint.Host,
"controlPlaneReplicas": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Count,
Expand Down
36 changes: 36 additions & 0 deletions pkg/providers/nutanix/template_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,3 +146,39 @@ func TestNutanixTemplateBuilderGenerateCAPISpecForCreateWithAutoscalingConfigura
require.NoError(t, err)
assert.Equal(t, string(workerSpec), string(expectedWorkerSpec))
}

func TestNewNutanixTemplateBuilderOIDCConfig(t *testing.T) {
clusterConf := &anywherev1.Cluster{}
err := yaml.Unmarshal([]byte(nutanixClusterConfigSpec), clusterConf)
require.NoError(t, err)

dcConf := &anywherev1.NutanixDatacenterConfig{}
err = yaml.Unmarshal([]byte(nutanixDatacenterConfigSpec), dcConf)
require.NoError(t, err)

machineConf := &anywherev1.NutanixMachineConfig{}
err = yaml.Unmarshal([]byte(nutanixMachineConfigSpec), machineConf)
require.NoError(t, err)

workerConfs := map[string]anywherev1.NutanixMachineConfigSpec{
"eksa-unit-test": machineConf.Spec,
}

t.Setenv(constants.EksaNutanixUsernameKey, "admin")
t.Setenv(constants.EksaNutanixPasswordKey, "password")
creds := GetCredsFromEnv()
builder := NewNutanixTemplateBuilder(&dcConf.Spec, &machineConf.Spec, &machineConf.Spec, workerConfs, creds, time.Now)
assert.NotNil(t, builder)

v := version.Info{GitVersion: "v0.0.1"}
buildSpec, err := cluster.NewSpecFromClusterConfig("testdata/eksa-cluster-oidc.yaml", v, cluster.WithReleasesManifest("testdata/simple_release.yaml"))
assert.NoError(t, err)

cpSpec, err := builder.GenerateCAPISpecControlPlane(buildSpec)
assert.NoError(t, err)
assert.NotNil(t, cpSpec)

expectedControlPlaneSpec, err := os.ReadFile("testdata/expected_results_oidc.yaml")
require.NoError(t, err)
assert.Equal(t, expectedControlPlaneSpec, cpSpec)
}
84 changes: 84 additions & 0 deletions pkg/providers/nutanix/testdata/eksa-cluster-oidc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
apiVersion: anywhere.eks.amazonaws.com/v1alpha1
kind: Cluster
metadata:
name: eksa-unit-test
namespace: default
spec:
kubernetesVersion: "1.19"
controlPlaneConfiguration:
name: eksa-unit-test
count: 3
endpoint:
host: test-ip
machineGroupRef:
name: eksa-unit-test
kind: NutanixMachineConfig
workerNodeGroupConfigurations:
- count: 4
name: eksa-unit-test
machineGroupRef:
name: eksa-unit-test
kind: NutanixMachineConfig
externalEtcdConfiguration:
name: eksa-unit-test
count: 3
machineGroupRef:
name: eksa-unit-test
kind: NutanixMachineConfig
datacenterRef:
kind: NutanixDatacenterConfig
name: eksa-unit-test
identityProviderRefs:
- kind: OIDCConfig
name: test
clusterNetwork:
cni: "cilium"
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/12
---
apiVersion: anywhere.eks.amazonaws.com/v1alpha1
kind: NutanixDatacenterConfig
metadata:
name: eksa-unit-test
namespace: default
spec:
endpoint: "prism.nutanix.com"
port: 9440
---
apiVersion: anywhere.eks.amazonaws.com/v1alpha1
kind: NutanixMachineConfig
metadata:
name: eksa-unit-test
namespace: default
spec:
vcpusPerSocket: 1
vcpuSockets: 4
memorySize: 8Gi
image:
type: "name"
name: "prism-image"
cluster:
type: "name"
name: "prism-cluster"
subnet:
type: "name"
name: "prism-subnet"
systemDiskSize: 40Gi
osFamily: "ubuntu"
users:
- name: "mySshUsername"
sshAuthorizedKeys:
- "mySshAuthorizedKey"
---
apiVersion: anywhere.eks.amazonaws.com/v1alpha1
kind: OIDCConfig
metadata:
name: test
namespace: test-namespace
spec:
issuerUrl: https://mydomain.com/issuer
clientId: my-client-id
186 changes: 186 additions & 0 deletions pkg/providers/nutanix/testdata/expected_results_oidc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: NutanixCluster
metadata:
name: "eksa-unit-test"
namespace: "eksa-system"
spec:
prismCentral:
address: "prism.nutanix.com"
port: 9440
insecure: false
credentialRef:
name: "eksa-unit-test"
kind: Secret
controlPlaneEndpoint:
host: "test-ip"
port: 6443
---
apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
labels:
cluster.x-k8s.io/cluster-name: "eksa-unit-test"
name: "eksa-unit-test"
namespace: "eksa-system"
spec:
clusterNetwork:
services:
cidrBlocks: [10.96.0.0/12]
pods:
cidrBlocks: [192.168.0.0/16]
serviceDomain: "cluster.local"
controlPlaneRef:
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
kind: KubeadmControlPlane
name: "eksa-unit-test"
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: NutanixCluster
name: "eksa-unit-test"
---
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
kind: KubeadmControlPlane
metadata:
name: "eksa-unit-test"
namespace: "eksa-system"
spec:
replicas: 3
version: "v1.19.8-eks-1-19-4"
machineTemplate:
infrastructureRef:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: NutanixMachineTemplate
name: "<no value>"
kubeadmConfigSpec:
clusterConfiguration:
imageRepository: "public.ecr.aws/eks-distro/kubernetes"
apiServer:
certSANs:
- localhost
- 127.0.0.1
- 0.0.0.0
extraArgs:
oidc-client-id: my-client-id
oidc-issuer-url: https://mydomain.com/issuer
controllerManager:
extraArgs:
enable-hostpath-provisioner: "true"
dns:
imageRepository: public.ecr.aws/eks-distro/coredns
imageTag: v1.8.0-eks-1-19-4
etcd:
external:
endpoints: []
caFile: "/etc/kubernetes/pki/etcd/ca.crt"
certFile: "/etc/kubernetes/pki/apiserver-etcd-client.crt"
keyFile: "/etc/kubernetes/pki/apiserver-etcd-client.key"
files:
- content: |
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
name: kube-vip
namespace: kube-system
spec:
containers:
- name: kube-vip
image:
imagePullPolicy: IfNotPresent
args:
- manager
env:
- name: vip_arp
value: "true"
- name: address
value: "test-ip"
- name: port
value: "6443"
- name: vip_cidr
value: "32"
- name: cp_enable
value: "true"
- name: cp_namespace
value: kube-system
- name: vip_ddns
value: "false"
- name: vip_leaderelection
value: "true"
- name: vip_leaseduration
value: "15"
- name: vip_renewdeadline
value: "10"
- name: vip_retryperiod
value: "2"
- name: svc_enable
value: "false"
- name: lb_enable
value: "false"
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_TIME
- NET_RAW
volumeMounts:
- mountPath: /etc/kubernetes/admin.conf
name: kubeconfig
resources: {}
hostNetwork: true
volumes:
- name: kubeconfig
hostPath:
type: FileOrCreate
path: /etc/kubernetes/admin.conf
status: {}
owner: root:root
path: /etc/kubernetes/manifests/kube-vip.yaml
initConfiguration:
nodeRegistration:
kubeletExtraArgs:
# We have to pin the cgroupDriver to cgroupfs as kubeadm >=1.21 defaults to systemd
# kind will implement systemd support in: https://github.com/kubernetes-sigs/kind/issues/1726
#cgroup-driver: cgroupfs
eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
users:
- name: "mySshUsername"
lockPassword: false
sudo: ALL=(ALL) NOPASSWD:ALL
sshAuthorizedKeys:
- "mySshAuthorizedKey"
preKubeadmCommands:
- hostnamectl set-hostname "{{ ds.meta_data.hostname }}"
- echo "::1 ipv6-localhost ipv6-loopback" >/etc/hosts
- echo "127.0.0.1 localhost" >>/etc/hosts
- echo "127.0.0.1 {{ ds.meta_data.hostname }}" >> /etc/hosts
# This section should be removed once these packages are added to the image builder process
- apt update
- apt install -y nfs-common open-iscsi
- systemctl enable --now iscsid
postKubeadmCommands:
- echo export KUBECONFIG=/etc/kubernetes/admin.conf >> /root/.bashrc
useExperimentalRetryJoin: true
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: NutanixMachineTemplate
metadata:
name: "<no value>"
namespace: "eksa-system"
spec:
template:
spec:
providerID: "nutanix://eksa-unit-test-m1"
vcpusPerSocket: 1
vcpuSockets: 4
memorySize: 8Gi
systemDiskSize: 40Gi
image:
type: name
name: "prism-image"

cluster:
type: name
name: "prism-cluster"
subnet:
- type: name
name: "prism-subnet"
Loading