func createDiscoveryFile()

in kinder/pkg/cluster/manager/actions/kubeadm-config.go [339:407]

• 50 lines of code
• 12 McCabe index (conditional complexity)

func createDiscoveryFile(c *status.Cluster, n *status.Node, discoveryMode DiscoveryMode) error {
	// the discovery file is a kubeaconfig file, so for sake of semplicity in setting up this test,
	// we are using the admin.conf file created by kubeadm on the bootstrap control plane node
	// as a starting point (e.g. it already contains the necessary server address/server certificate)
	// IMPORTANT. Don't do this in production, admin.conf contains cluster-admin credentials.
	lines, err := c.BootstrapControlPlane().Command(
		"cat", "/etc/kubernetes/admin.conf",
	).Silent().RunAndCapture()
	if err != nil {
		return errors.Wrapf(err, "failed to read /etc/kubernetes/admin.conf from %s", c.BootstrapControlPlane().Name())
	}
	if len(lines) == 0 {
		return errors.Errorf("failed to read /etc/kubernetes/admin.conf from %s", c.BootstrapControlPlane().Name())
	}

	configBytes := []byte(strings.Join(lines, "\n"))
	config, err := clientcmd.Load(configBytes)
	if err != nil {
		return errors.Wrapf(err, "failed to parse /etc/kubernetes/admin.conf from %s", c.BootstrapControlPlane().Name())
	}

	// tweak admin.conf into a discovery file that comply the expected Discovery Mode variant
	user := config.Contexts[config.CurrentContext].AuthInfo
	authInfo := config.AuthInfos[user]

	switch discoveryMode {
	case FileDiscoveryWithoutCredentials:
		// Nuke X509 credentials embedded in the admin.conf file
		authInfo.ClientKeyData = []byte{}
		authInfo.ClientCertificateData = []byte{}
	case FileDiscoveryWithToken:
		// Nuke X509 credentials embedded in the admin.conf file
		authInfo.ClientKeyData = []byte{}
		authInfo.ClientCertificateData = []byte{}
		// Add a token
		authInfo.Token = constants.Token
	case FileDiscoveryWithEmbeddedClientCerts:
		// This is NOP, because admin.conf already contains embedded client certs
	case FileDiscoveryWithExternalClientCerts:
		// Save the client certificate key embedded in admin.conf into an external file and update authinfo accordingly
		keyFile := "/kinder/discovery-client-key.pem"
		if err := n.WriteFile(keyFile, authInfo.ClientKeyData); err != nil {
			return err
		}
		authInfo.ClientKeyData = []byte{}
		authInfo.ClientKey = keyFile

		// Save the client certificate embedded in admin.conf into an external file and update authinfo accordingly
		certFile := "/kinder/discovery-client-cert.pem"
		if err := n.WriteFile(certFile, authInfo.ClientCertificateData); err != nil {
			return err
		}
		authInfo.ClientCertificateData = []byte{}
		authInfo.ClientCertificate = certFile
	}

	// writes the discovery file to the joining node
	configBytes, err = clientcmd.Write(*config)
	if err != nil {
		return errors.Wrapf(err, "failed to encode %s", constants.DiscoveryFile)
	}
	if err := n.WriteFile(constants.DiscoveryFile, configBytes); err != nil {
		return err
	}

	log.Debugf("generated discovery file:\n%s", string(configBytes))

	return nil
}