in pkg/providers/vsphere/template.go [161:438]
func buildTemplateMapCP(
clusterSpec *cluster.Spec,
datacenterSpec anywherev1.VSphereDatacenterConfigSpec,
controlPlaneMachineSpec, etcdMachineSpec anywherev1.VSphereMachineConfigSpec,
) (map[string]interface{}, error) {
versionsBundle := clusterSpec.RootVersionsBundle()
format := "cloud-config"
etcdExtraArgs := clusterapi.SecureEtcdTlsCipherSuitesExtraArgs()
sharedExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs()
apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig).
Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)).
Append(clusterapi.APIServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.APIServerExtraArgs)).
Append(clusterapi.EtcdEncryptionExtraArgs(clusterSpec.Cluster.Spec.EtcdEncryption)).
Append(sharedExtraArgs)
clusterapi.SetPodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig, apiServerExtraArgs)
controllerManagerExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().
Append(clusterapi.NodeCIDRMaskExtraArgs(&clusterSpec.Cluster.Spec.ClusterNetwork))
vuc := config.NewVsphereUserConfig()
firstControlPlaneMachinesUser := controlPlaneMachineSpec.Users[0]
controlPlaneSSHKey, err := common.StripSshAuthorizedKeyComment(firstControlPlaneMachinesUser.SshAuthorizedKeys[0])
if err != nil {
return nil, fmt.Errorf("formatting ssh key for vsphere control plane template: %v", err)
}
values := map[string]interface{}{
"clusterName": clusterSpec.Cluster.Name,
"controlPlaneEndpointIp": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Endpoint.Host,
"controlPlaneReplicas": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Count,
"apiServerCertSANs": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.CertSANs,
"kubernetesRepository": versionsBundle.KubeDistro.Kubernetes.Repository,
"kubernetesVersion": versionsBundle.KubeDistro.Kubernetes.Tag,
"etcdRepository": versionsBundle.KubeDistro.Etcd.Repository,
"etcdImageTag": versionsBundle.KubeDistro.Etcd.Tag,
"corednsRepository": versionsBundle.KubeDistro.CoreDNS.Repository,
"corednsVersion": versionsBundle.KubeDistro.CoreDNS.Tag,
"nodeDriverRegistrarImage": versionsBundle.KubeDistro.NodeDriverRegistrar.VersionedImage(),
"livenessProbeImage": versionsBundle.KubeDistro.LivenessProbe.VersionedImage(),
"externalAttacherImage": versionsBundle.KubeDistro.ExternalAttacher.VersionedImage(),
"externalProvisionerImage": versionsBundle.KubeDistro.ExternalProvisioner.VersionedImage(),
"thumbprint": datacenterSpec.Thumbprint,
"vsphereDatacenter": datacenterSpec.Datacenter,
"controlPlaneVsphereDatastore": controlPlaneMachineSpec.Datastore,
"controlPlaneVsphereFolder": controlPlaneMachineSpec.Folder,
"managerImage": versionsBundle.VSphere.Manager.VersionedImage(),
"kubeVipImage": versionsBundle.VSphere.KubeVip.VersionedImage(),
"insecure": datacenterSpec.Insecure,
"vsphereNetwork": datacenterSpec.Network,
"controlPlaneVsphereResourcePool": controlPlaneMachineSpec.ResourcePool,
"vsphereServer": datacenterSpec.Server,
"controlPlaneVsphereStoragePolicyName": controlPlaneMachineSpec.StoragePolicyName,
"controlPlaneTemplate": controlPlaneMachineSpec.Template,
"etcdTemplate": etcdMachineSpec.Template,
"controlPlaneVMsMemoryMiB": controlPlaneMachineSpec.MemoryMiB,
"controlPlaneVMsNumCPUs": controlPlaneMachineSpec.NumCPUs,
"controlPlaneDiskGiB": controlPlaneMachineSpec.DiskGiB,
"controlPlaneTagIDs": controlPlaneMachineSpec.TagIDs,
"etcdTagIDs": etcdMachineSpec.TagIDs,
"controlPlaneSshUsername": firstControlPlaneMachinesUser.Name,
"vsphereControlPlaneSshAuthorizedKey": controlPlaneSSHKey,
"podCidrs": clusterSpec.Cluster.Spec.ClusterNetwork.Pods.CidrBlocks,
"serviceCidrs": clusterSpec.Cluster.Spec.ClusterNetwork.Services.CidrBlocks,
"etcdExtraArgs": etcdExtraArgs.ToPartialYaml(),
"etcdCipherSuites": crypto.SecureCipherSuitesString(),
"apiserverExtraArgs": apiServerExtraArgs.ToPartialYaml(),
"controllerManagerExtraArgs": controllerManagerExtraArgs.ToPartialYaml(),
"schedulerExtraArgs": sharedExtraArgs.ToPartialYaml(),
"format": format,
"externalEtcdVersion": versionsBundle.KubeDistro.EtcdVersion,
"etcdImage": versionsBundle.KubeDistro.EtcdImage.VersionedImage(),
"eksaSystemNamespace": constants.EksaSystemNamespace,
"cpiResourceSetName": cpiResourceSetName(clusterSpec),
"eksaVsphereUsername": vuc.EksaVsphereUsername,
"eksaVspherePassword": vuc.EksaVspherePassword,
"eksaCloudProviderUsername": vuc.EksaVsphereCPUsername,
"eksaCloudProviderPassword": vuc.EksaVsphereCPPassword,
"controlPlaneCloneMode": controlPlaneMachineSpec.CloneMode,
"etcdCloneMode": etcdMachineSpec.CloneMode,
}
auditPolicy, err := common.GetAuditPolicy(clusterSpec.Cluster.Spec.KubernetesVersion)
if err != nil {
return nil, err
}
values["auditPolicy"] = auditPolicy
if clusterSpec.Cluster.Spec.RegistryMirrorConfiguration != nil {
registryMirror := registrymirror.FromCluster(clusterSpec.Cluster)
values["registryMirrorMap"] = containerd.ToAPIEndpoints(registryMirror.NamespacedRegistryMap)
values["mirrorBase"] = registryMirror.BaseRegistry
values["insecureSkip"] = registryMirror.InsecureSkipVerify
values["publicMirror"] = containerd.ToAPIEndpoint(registryMirror.CoreEKSAMirror())
if len(registryMirror.CACertContent) > 0 {
values["registryCACert"] = registryMirror.CACertContent
}
if controlPlaneMachineSpec.OSFamily == anywherev1.Bottlerocket &&
len(registryMirror.NamespacedRegistryMap) == 1 &&
registryMirror.CoreEKSAMirror() != "" {
values["publicECRMirror"] = containerd.ToAPIEndpoint(registryMirror.CoreEKSAMirror())
}
if registryMirror.Auth {
values["registryAuth"] = registryMirror.Auth
username, password, err := config.ReadCredentials()
if err != nil {
return values, err
}
values["registryUsername"] = username
values["registryPassword"] = password
}
}
if clusterSpec.Cluster.Spec.ProxyConfiguration != nil {
values["proxyConfig"] = true
capacity := len(clusterSpec.Cluster.Spec.ClusterNetwork.Pods.CidrBlocks) +
len(clusterSpec.Cluster.Spec.ClusterNetwork.Services.CidrBlocks) +
len(clusterSpec.Cluster.Spec.ProxyConfiguration.NoProxy) + 4
noProxyList := make([]string, 0, capacity)
noProxyList = append(noProxyList, clusterSpec.Cluster.Spec.ClusterNetwork.Pods.CidrBlocks...)
noProxyList = append(noProxyList, clusterSpec.Cluster.Spec.ClusterNetwork.Services.CidrBlocks...)
noProxyList = append(noProxyList, clusterSpec.Cluster.Spec.ProxyConfiguration.NoProxy...)
// Add no-proxy defaults
noProxyList = append(noProxyList, clusterapi.NoProxyDefaults()...)
noProxyList = append(noProxyList,
datacenterSpec.Server,
clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Endpoint.Host,
)
values["httpProxy"] = clusterSpec.Cluster.Spec.ProxyConfiguration.HttpProxy
values["httpsProxy"] = clusterSpec.Cluster.Spec.ProxyConfiguration.HttpsProxy
values["noProxy"] = noProxyList
}
if clusterSpec.Cluster.Spec.ExternalEtcdConfiguration != nil {
firstEtcdMachinesUser := etcdMachineSpec.Users[0]
etcdSSHKey, err := common.StripSshAuthorizedKeyComment(firstEtcdMachinesUser.SshAuthorizedKeys[0])
if err != nil {
return nil, fmt.Errorf("formatting ssh key for vsphere etcd template: %v", err)
}
values["externalEtcd"] = true
values["externalEtcdReplicas"] = clusterSpec.Cluster.Spec.ExternalEtcdConfiguration.Count
values["etcdVsphereDatastore"] = etcdMachineSpec.Datastore
values["etcdVsphereFolder"] = etcdMachineSpec.Folder
values["etcdDiskGiB"] = etcdMachineSpec.DiskGiB
values["etcdVMsMemoryMiB"] = etcdMachineSpec.MemoryMiB
values["etcdVMsNumCPUs"] = etcdMachineSpec.NumCPUs
values["etcdVsphereResourcePool"] = etcdMachineSpec.ResourcePool
values["etcdVsphereStoragePolicyName"] = etcdMachineSpec.StoragePolicyName
values["etcdSshUsername"] = firstEtcdMachinesUser.Name
values["vsphereEtcdSshAuthorizedKey"] = etcdSSHKey
if etcdMachineSpec.HostOSConfiguration != nil {
if etcdMachineSpec.HostOSConfiguration.NTPConfiguration != nil {
values["etcdNtpServers"] = etcdMachineSpec.HostOSConfiguration.NTPConfiguration.Servers
}
if etcdMachineSpec.HostOSConfiguration.CertBundles != nil {
values["etcdCertBundles"] = etcdMachineSpec.HostOSConfiguration.CertBundles
}
if etcdMachineSpec.HostOSConfiguration.BottlerocketConfiguration != nil {
if etcdMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Kernel != nil &&
etcdMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Kernel.SysctlSettings != nil {
values["etcdKernelSettings"] = etcdMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Kernel.SysctlSettings
}
if etcdMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Boot != nil &&
etcdMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Boot.BootKernelParameters != nil {
values["etcdBootParameters"] = etcdMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Boot.BootKernelParameters
}
}
}
etcdURL, _ := common.GetExternalEtcdReleaseURL(clusterSpec.Cluster.Spec.EksaVersion, versionsBundle)
if etcdURL != "" {
values["externalEtcdReleaseUrl"] = etcdURL
}
}
var bottlerocketKubernetesSettings *bootstrapv1.BottlerocketKubernetesSettings
if controlPlaneMachineSpec.OSFamily == anywherev1.Bottlerocket {
values["format"] = string(anywherev1.Bottlerocket)
values["pauseRepository"] = versionsBundle.KubeDistro.Pause.Image()
values["pauseVersion"] = versionsBundle.KubeDistro.Pause.Tag()
values["bottlerocketBootstrapRepository"] = versionsBundle.BottleRocketHostContainers.KubeadmBootstrap.Image()
values["bottlerocketBootstrapVersion"] = versionsBundle.BottleRocketHostContainers.KubeadmBootstrap.Tag()
if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration != nil {
br, err := common.ConvertToBottlerocketKubernetesSettings(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration)
if err != nil {
return nil, err
}
bottlerocketKubernetesSettings = br
}
}
if len(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Taints) > 0 {
values["controlPlaneTaints"] = clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Taints
}
if clusterSpec.AWSIamConfig != nil {
values["awsIamAuth"] = true
}
if controlPlaneMachineSpec.HostOSConfiguration != nil {
if controlPlaneMachineSpec.HostOSConfiguration.NTPConfiguration != nil {
values["cpNtpServers"] = controlPlaneMachineSpec.HostOSConfiguration.NTPConfiguration.Servers
}
if controlPlaneMachineSpec.HostOSConfiguration.CertBundles != nil {
values["certBundles"] = controlPlaneMachineSpec.HostOSConfiguration.CertBundles
}
if bottlerocketKubernetesSettings == nil && controlPlaneMachineSpec.HostOSConfiguration.BottlerocketConfiguration != nil {
bottlerocketKubernetesSettings = controlPlaneMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Kubernetes
}
}
if clusterSpec.Cluster.Spec.EtcdEncryption != nil && len(*clusterSpec.Cluster.Spec.EtcdEncryption) != 0 {
conf, err := common.GenerateKMSEncryptionConfiguration(clusterSpec.Cluster.Spec.EtcdEncryption)
if err != nil {
return nil, err
}
values["encryptionProviderConfig"] = conf
}
if bottlerocketKubernetesSettings != nil || controlPlaneMachineSpec.HostOSConfiguration != nil {
brSettings, err := common.GetCAPIBottlerocketSettingsConfig(controlPlaneMachineSpec.HostOSConfiguration, bottlerocketKubernetesSettings)
if err != nil {
return nil, err
}
if len(brSettings) != 0 {
values["bottlerocketSettings"] = brSettings
}
}
if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration != nil && controlPlaneMachineSpec.OSFamily != anywherev1.Bottlerocket {
cpKubeletConfig := clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration.Object
if _, ok := cpKubeletConfig["tlsCipherSuites"]; !ok {
cpKubeletConfig["tlsCipherSuites"] = crypto.SecureCipherSuiteNames()
}
if _, ok := cpKubeletConfig["resolvConf"]; !ok {
if clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf != nil {
cpKubeletConfig["resolvConf"] = clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf.Path
}
}
kcString, err := yaml.Marshal(cpKubeletConfig)
if err != nil {
return nil, fmt.Errorf("error marshaling %v", err)
}
values["kubeletConfiguration"] = string(kcString)
} else {
kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().
Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf))
values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml()
}
nodeLabelArgs := clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)
if len(nodeLabelArgs) != 0 {
values["nodeLabelArgs"] = nodeLabelArgs.ToPartialYaml()
}
if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy != nil {
values["upgradeRolloutStrategy"] = true
if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy.Type == anywherev1.InPlaceStrategyType {
values["upgradeRolloutStrategyType"] = clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy.Type
} else {
values["maxSurge"] = clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy.RollingUpdate.MaxSurge
}
}
return values, nil
}