in pkg/providers/tinkerbell/template.go [381:558]
func buildTemplateMapCP(
clusterSpec *cluster.Spec,
controlPlaneMachineSpec,
etcdMachineSpec v1alpha1.TinkerbellMachineConfigSpec,
cpTemplateOverride,
etcdTemplateOverride string,
datacenterSpec v1alpha1.TinkerbellDatacenterConfigSpec,
) (map[string]interface{}, error) {
auditPolicy, err := common.GetAuditPolicy(clusterSpec.Cluster.Spec.KubernetesVersion)
if err != nil {
return nil, err
}
versionsBundle := clusterSpec.RootVersionsBundle()
format := "cloud-config"
apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig).
Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)).
Append(clusterapi.APIServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.APIServerExtraArgs))
clusterapi.SetPodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig, apiServerExtraArgs)
values := map[string]interface{}{
"auditPolicy": auditPolicy,
"clusterName": clusterSpec.Cluster.Name,
"controlPlaneEndpointIp": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Endpoint.Host,
"controlPlaneReplicas": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Count,
"apiServerCertSANs": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.CertSANs,
"controlPlaneSshAuthorizedKey": controlPlaneMachineSpec.Users[0].SshAuthorizedKeys[0],
"controlPlaneSshUsername": controlPlaneMachineSpec.Users[0].Name,
"eksaSystemNamespace": constants.EksaSystemNamespace,
"format": format,
"kubernetesVersion": versionsBundle.KubeDistro.Kubernetes.Tag,
"kubeVipImage": versionsBundle.Tinkerbell.KubeVip.VersionedImage(),
"podCidrs": clusterSpec.Cluster.Spec.ClusterNetwork.Pods.CidrBlocks,
"serviceCidrs": clusterSpec.Cluster.Spec.ClusterNetwork.Services.CidrBlocks,
"apiserverExtraArgs": apiServerExtraArgs.ToPartialYaml(),
"baseRegistry": "", // TODO: need to get this values for creating template IMAGE_URL
"osDistro": "", // TODO: need to get this values for creating template IMAGE_URL
"osVersion": "", // TODO: need to get this values for creating template IMAGE_URL
"kubernetesRepository": versionsBundle.KubeDistro.Kubernetes.Repository,
"corednsRepository": versionsBundle.KubeDistro.CoreDNS.Repository,
"corednsVersion": versionsBundle.KubeDistro.CoreDNS.Tag,
"etcdRepository": versionsBundle.KubeDistro.Etcd.Repository,
"etcdImageTag": versionsBundle.KubeDistro.Etcd.Tag,
"externalEtcdVersion": versionsBundle.KubeDistro.EtcdVersion,
"etcdCipherSuites": crypto.SecureCipherSuitesString(),
"hardwareSelector": controlPlaneMachineSpec.HardwareSelector,
"controlPlaneTaints": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.Taints,
"workerNodeGroupConfigurations": clusterSpec.Cluster.Spec.WorkerNodeGroupConfigurations,
"skipLoadBalancerDeployment": datacenterSpec.SkipLoadBalancerDeployment,
"cpSkipLoadBalancerDeployment": clusterSpec.Cluster.Spec.ControlPlaneConfiguration.SkipLoadBalancerDeployment,
}
if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy != nil {
values["upgradeRolloutStrategy"] = true
if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy.Type == v1alpha1.InPlaceStrategyType {
values["upgradeRolloutStrategyType"] = clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy.Type
} else {
values["maxSurge"] = clusterSpec.Cluster.Spec.ControlPlaneConfiguration.UpgradeRolloutStrategy.RollingUpdate.MaxSurge
}
}
if clusterSpec.Cluster.Spec.RegistryMirrorConfiguration != nil {
values, err := populateRegistryMirrorValues(clusterSpec, values)
if err != nil {
return values, err
}
// Replace public.ecr.aws endpoint with the endpoint given in the cluster config file
localRegistry := values["coreEKSAMirror"].(string)
if localRegistry != "" {
cpTemplateOverride = strings.ReplaceAll(cpTemplateOverride, defaultRegistry, localRegistry)
etcdTemplateOverride = strings.ReplaceAll(etcdTemplateOverride, defaultRegistry, localRegistry)
}
}
if clusterSpec.Cluster.Spec.ProxyConfiguration != nil {
values["proxyConfig"] = true
values["httpProxy"] = clusterSpec.Cluster.Spec.ProxyConfiguration.HttpProxy
values["httpsProxy"] = clusterSpec.Cluster.Spec.ProxyConfiguration.HttpsProxy
values["noProxy"] = generateNoProxyList(clusterSpec.Cluster, datacenterSpec)
}
values["controlPlanetemplateOverride"] = cpTemplateOverride
if clusterSpec.Cluster.Spec.ExternalEtcdConfiguration != nil {
values["externalEtcd"] = true
values["externalEtcdReplicas"] = clusterSpec.Cluster.Spec.ExternalEtcdConfiguration.Count
values["etcdSshUsername"] = etcdMachineSpec.Users[0].Name
values["etcdTemplateOverride"] = etcdTemplateOverride
values["etcdHardwareSelector"] = etcdMachineSpec.HardwareSelector
etcdURL, _ := common.GetExternalEtcdReleaseURL(clusterSpec.Cluster.Spec.EksaVersion, versionsBundle)
if etcdURL != "" {
values["externalEtcdReleaseUrl"] = etcdURL
}
}
if controlPlaneMachineSpec.OSFamily == v1alpha1.Bottlerocket {
values["format"] = string(v1alpha1.Bottlerocket)
values["pauseRepository"] = versionsBundle.KubeDistro.Pause.Image()
values["pauseVersion"] = versionsBundle.KubeDistro.Pause.Tag()
values["bottlerocketBootstrapRepository"] = versionsBundle.BottleRocketHostContainers.KubeadmBootstrap.Image()
values["bottlerocketBootstrapVersion"] = versionsBundle.BottleRocketHostContainers.KubeadmBootstrap.Tag()
}
if clusterSpec.AWSIamConfig != nil {
values["awsIamAuth"] = true
}
if controlPlaneMachineSpec.HostOSConfiguration != nil {
if controlPlaneMachineSpec.HostOSConfiguration.NTPConfiguration != nil {
values["cpNtpServers"] = controlPlaneMachineSpec.HostOSConfiguration.NTPConfiguration.Servers
}
if controlPlaneMachineSpec.HostOSConfiguration.CertBundles != nil {
values["certBundles"] = controlPlaneMachineSpec.HostOSConfiguration.CertBundles
}
}
if controlPlaneMachineSpec.HostOSConfiguration != nil && controlPlaneMachineSpec.HostOSConfiguration.BottlerocketConfiguration != nil {
brSettings, err := common.GetCAPIBottlerocketSettingsConfig(controlPlaneMachineSpec.HostOSConfiguration, controlPlaneMachineSpec.HostOSConfiguration.BottlerocketConfiguration.Kubernetes)
if err != nil {
return nil, err
}
if len(brSettings) != 0 {
values["bottlerocketSettings"] = brSettings
}
}
if clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration != nil && controlPlaneMachineSpec.OSFamily != v1alpha1.Bottlerocket {
cpKubeletConfig := clusterSpec.Cluster.Spec.ControlPlaneConfiguration.KubeletConfiguration.Object
if _, ok := cpKubeletConfig["tlsCipherSuites"]; !ok {
cpKubeletConfig["tlsCipherSuites"] = crypto.SecureCipherSuiteNames()
}
if _, ok := cpKubeletConfig["resolvConf"]; !ok {
if clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf != nil {
cpKubeletConfig["resolvConf"] = clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf.Path
}
}
kcString, err := yaml.Marshal(cpKubeletConfig)
if err != nil {
return nil, fmt.Errorf("marshaling control plane node Kubelet Configuration while building CAPI template %v", err)
}
values["kubeletConfiguration"] = string(kcString)
} else {
kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().
Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf))
values["kubeletExtraArgs"] = kubeletExtraArgs.ToPartialYaml()
}
cpNodeLabelArgs := clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration)
if len(cpNodeLabelArgs) != 0 {
values["cpNodeLabelArgs"] = cpNodeLabelArgs.ToPartialYaml()
}
if !datacenterSpec.IsoBoot {
values["bootMode"] = netbootMode
} else {
values["bootMode"] = isobootMode
tinkerbellIP := datacenterSpec.TinkerbellIP
if t := clusterSpec.Cluster.HasTinkerbellIPAnnotation(); t != "" {
tinkerbellIP = t
}
isoURL := url.URL{
Scheme: "http",
Host: fmt.Sprintf("%s:%s", tinkerbellIP, SmeeHTTPPort),
// isoURL path is only served in the top level /iso path.
Path: "/iso/hook.iso",
}
values["isoUrl"] = isoURL.String()
}
return values, nil
}