refactor: Write configuration under /etc/caren

dlipovetsky · jimmidyson · commit 55c072e5f7d4 · 2024-05-14T09:00:58.000+01:00
Previously, we wrote some configuration to /etc/cre. Now that the
project name is CAREN, we should use /etc/caren.

We also wrote containerd configuration to /etc/containerd/cre.d, but
this configuration is not read by containerd directly. Instead, it is
read by a script that merges it to the primary containerd configuration.
For that reason, this configuration belongs under /etc/caren.
diff --git a/pkg/handlers/generic/mutation/containerdapplypatchesandrestart/apply_patches.go b/pkg/handlers/generic/mutation/containerdapplypatchesandrestart/apply_patches.go
@@ -3,25 +3,47 @@
 package containerdapplypatchesandrestart
 
 import (
+	"bytes"
 	_ "embed"
+	"fmt"
+	"text/template"
 
 	bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1"
 )
 
 const (
-	ContainerdRestartScriptOnRemote        = "/etc/containerd/restart.sh"
-	ContainerdRestartScriptOnRemoteCommand = "/bin/bash " + ContainerdRestartScriptOnRemote
+	tomlMergeImage                              = "ghcr.io/mesosphere/toml-merge:v0.2.0"
+	ContainerdPatchesDirOnRemote                = "/etc/caren/containerd/patches"
+	containerdApplyPatchesScriptOnRemote        = "/etc/caren/containerd/apply-patches.sh"
+	containerdApplyPatchesScriptOnRemoteCommand = "/bin/bash " + containerdApplyPatchesScriptOnRemote
 )
 
-//go:embed templates/containerd-restart.sh
-var containerdRestartScript []byte
+//go:embed templates/containerd-apply-patches.sh.gotmpl
+var containerdApplyConfigPatchesScript []byte
+
+func generateContainerdApplyPatchesScript() (bootstrapv1.File, string, error) {
+	t, err := template.New("").Parse(string(containerdApplyConfigPatchesScript))
+	if err != nil {
+		return bootstrapv1.File{}, "", fmt.Errorf("failed to parse go template: %w", err)
+	}
+
+	templateInput := struct {
+		TOMLMergeImage string
+		PatchDir       string
+	}{
+		TOMLMergeImage: tomlMergeImage,
+		PatchDir:       ContainerdPatchesDirOnRemote,
+	}
+
+	var b bytes.Buffer
+	err = t.Execute(&b, templateInput)
+	if err != nil {
+		return bootstrapv1.File{}, "", fmt.Errorf("failed executing template: %w", err)
+	}
 
-//nolint:gocritic // no need for named return values
-func generateContainerdRestartScript() (bootstrapv1.File, string) {
 	return bootstrapv1.File{
-			Path:        ContainerdRestartScriptOnRemote,
-			Content:     string(containerdRestartScript),
-			Permissions: "0700",
-		},
-		ContainerdRestartScriptOnRemoteCommand
+		Path:        containerdApplyPatchesScriptOnRemote,
+		Content:     b.String(),
+		Permissions: "0700",
+	}, containerdApplyPatchesScriptOnRemoteCommand, nil
 }
diff --git a/pkg/handlers/generic/mutation/containerdapplypatchesandrestart/inject_test.go b/pkg/handlers/generic/mutation/containerdapplypatchesandrestart/inject_test.go
@@ -109,7 +109,7 @@ var _ = Describe("Generate Containerd apply patches and restart patches", func()
 
 func Test_generateContainerdApplyPatchesScript(t *testing.T) {
 	wantFile := bootstrapv1.File{
-		Path:        "/etc/containerd/apply-patches.sh",
+		Path:        "/etc/caren/containerd/apply-patches.sh",
 		Owner:       "",
 		Permissions: "0700",
 		Encoding:    "",
@@ -126,7 +126,7 @@ IFS=$'\n\t'
 # using -e does not work with globs.
 # See https://github.com/koalaman/shellcheck/wiki/SC2144 for an explanation of the following loop.
 patches_exist=false
-for file in "/etc/containerd/cre.d"/*.toml; do
+for file in "/etc/caren/containerd/patches"/*.toml; do
   if [ -e "${file}" ]; then
     patches_exist=true
   fi
@@ -135,7 +135,7 @@ for file in "/etc/containerd/cre.d"/*.toml; do
 done
 
 if [ "${patches_exist}" = false ]; then
-  echo "No TOML files found in the patch directory: /etc/containerd/cre.d - nothing to do"
+  echo "No TOML files found in the patch directory: /etc/caren/containerd/patches - nothing to do"
   exit 0
 fi
 
@@ -158,10 +158,10 @@ readonly tmp_ctr_mount_dir="$(mktemp -d)"
 
 # Mount the toml-merge image filesystem and run the toml-merge binary to merge the TOML files.
 ctr --namespace k8s.io images mount "${TOML_MERGE_IMAGE}" "${tmp_ctr_mount_dir}"
-"${tmp_ctr_mount_dir}/usr/local/bin/toml-merge" -i --patch-file "/etc/containerd/cre.d/*.toml" /etc/containerd/config.toml
+"${tmp_ctr_mount_dir}/usr/local/bin/toml-merge" -i --patch-file "/etc/caren/containerd/patches/*.toml" /etc/containerd/config.toml
 `,
 	}
-	wantCmd := "/bin/bash /etc/containerd/apply-patches.sh"
+	wantCmd := "/bin/bash /etc/caren/containerd/apply-patches.sh"
 	file, cmd, _ := generateContainerdApplyPatchesScript()
 	assert.Equal(t, wantFile, file)
 	assert.Equal(t, wantCmd, cmd)
diff --git a/pkg/handlers/generic/mutation/containerdapplypatchesandrestart/restart.go b/pkg/handlers/generic/mutation/containerdapplypatchesandrestart/restart.go
@@ -3,47 +3,25 @@
 package containerdapplypatchesandrestart
 
 import (
-	"bytes"
 	_ "embed"
-	"fmt"
-	"text/template"
 
 	bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1"
 )
 
 const (
-	tomlMergeImage                              = "ghcr.io/mesosphere/toml-merge:v0.2.0"
-	containerdPatchesDirOnRemote                = "/etc/containerd/cre.d"
-	containerdApplyPatchesScriptOnRemote        = "/etc/containerd/apply-patches.sh"
-	containerdApplyPatchesScriptOnRemoteCommand = "/bin/bash " + containerdApplyPatchesScriptOnRemote
+	ContainerdRestartScriptOnRemote        = "/etc/containerd/restart.sh"
+	ContainerdRestartScriptOnRemoteCommand = "/bin/bash " + ContainerdRestartScriptOnRemote
 )
 
-//go:embed templates/containerd-apply-patches.sh.gotmpl
-var containerdApplyConfigPatchesScript []byte
-
-func generateContainerdApplyPatchesScript() (bootstrapv1.File, string, error) {
-	t, err := template.New("").Parse(string(containerdApplyConfigPatchesScript))
-	if err != nil {
-		return bootstrapv1.File{}, "", fmt.Errorf("failed to parse go template: %w", err)
-	}
-
-	templateInput := struct {
-		TOMLMergeImage string
-		PatchDir       string
-	}{
-		TOMLMergeImage: tomlMergeImage,
-		PatchDir:       containerdPatchesDirOnRemote,
-	}
-
-	var b bytes.Buffer
-	err = t.Execute(&b, templateInput)
-	if err != nil {
-		return bootstrapv1.File{}, "", fmt.Errorf("failed executing template: %w", err)
-	}
+//go:embed templates/containerd-restart.sh
+var containerdRestartScript []byte
 
+//nolint:gocritic // no need for named return values
+func generateContainerdRestartScript() (bootstrapv1.File, string) {
 	return bootstrapv1.File{
-		Path:        containerdApplyPatchesScriptOnRemote,
-		Content:     b.String(),
-		Permissions: "0700",
-	}, containerdApplyPatchesScriptOnRemoteCommand, nil
+			Path:        ContainerdRestartScriptOnRemote,
+			Content:     string(containerdRestartScript),
+			Permissions: "0700",
+		},
+		ContainerdRestartScriptOnRemoteCommand
 }
diff --git a/pkg/handlers/generic/mutation/containerdmetrics/metrics.go b/pkg/handlers/generic/mutation/containerdmetrics/metrics.go
@@ -11,7 +11,7 @@ import (
 
 const (
 	// TODO Factor out this constant to a common package.
-	containerdPatchesDirOnRemote = "/etc/containerd/cre.d"
+	containerdPatchesDirOnRemote = "/etc/caren/containerd"
 )
 
 var (
diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_install_files.go b/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_install_files.go
@@ -14,7 +14,7 @@ import (
 
 const (
 	//nolint:gosec // Does not contain hard coded credentials.
-	installKubeletCredentialProvidersScriptOnRemote = "/etc/cre/install-kubelet-credential-providers.sh"
+	installKubeletCredentialProvidersScriptOnRemote = "/etc/caren/install-kubelet-credential-providers.sh"
 
 	installKubeletCredentialProvidersScriptOnRemoteCommand = "/bin/bash " + installKubeletCredentialProvidersScriptOnRemote
 
diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/inject_test.go b/pkg/handlers/generic/mutation/imageregistries/credentials/inject_test.go
@@ -161,7 +161,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Path:      "/spec/template/spec/kubeadmConfigSpec/files",
 					ValueMatcher: gomega.ContainElements(
 						gomega.HaveKeyWithValue(
-							"path", "/etc/cre/install-kubelet-credential-providers.sh",
+							"path", "/etc/caren/install-kubelet-credential-providers.sh",
 						),
 						gomega.HaveKeyWithValue(
 							"path", "/etc/kubernetes/image-credential-provider-config.yaml",
@@ -175,7 +175,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Operation: "add",
 					Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
 					ValueMatcher: gomega.ContainElement(
-						"/bin/bash /etc/cre/install-kubelet-credential-providers.sh",
+						"/bin/bash /etc/caren/install-kubelet-credential-providers.sh",
 					),
 				},
 				{
@@ -222,7 +222,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Path:      "/spec/template/spec/kubeadmConfigSpec/files",
 					ValueMatcher: gomega.ContainElements(
 						gomega.HaveKeyWithValue(
-							"path", "/etc/cre/install-kubelet-credential-providers.sh",
+							"path", "/etc/caren/install-kubelet-credential-providers.sh",
 						),
 						gomega.HaveKeyWithValue(
 							"path", "/etc/kubernetes/image-credential-provider-config.yaml",
@@ -239,7 +239,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Operation: "add",
 					Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
 					ValueMatcher: gomega.ContainElement(
-						"/bin/bash /etc/cre/install-kubelet-credential-providers.sh",
+						"/bin/bash /etc/caren/install-kubelet-credential-providers.sh",
 					),
 				},
 				{
@@ -286,7 +286,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Path:      "/spec/template/spec/files",
 					ValueMatcher: gomega.ContainElements(
 						gomega.HaveKeyWithValue(
-							"path", "/etc/cre/install-kubelet-credential-providers.sh",
+							"path", "/etc/caren/install-kubelet-credential-providers.sh",
 						),
 						gomega.HaveKeyWithValue(
 							"path", "/etc/kubernetes/image-credential-provider-config.yaml",
@@ -300,7 +300,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Operation: "add",
 					Path:      "/spec/template/spec/preKubeadmCommands",
 					ValueMatcher: gomega.ContainElement(
-						"/bin/bash /etc/cre/install-kubelet-credential-providers.sh",
+						"/bin/bash /etc/caren/install-kubelet-credential-providers.sh",
 					),
 				},
 				{
@@ -344,7 +344,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Path:      "/spec/template/spec/files",
 					ValueMatcher: gomega.ContainElements(
 						gomega.HaveKeyWithValue(
-							"path", "/etc/cre/install-kubelet-credential-providers.sh",
+							"path", "/etc/caren/install-kubelet-credential-providers.sh",
 						),
 						gomega.HaveKeyWithValue(
 							"path", "/etc/kubernetes/image-credential-provider-config.yaml",
@@ -361,7 +361,7 @@ var _ = Describe("Generate Image registry patches", func() {
 					Operation: "add",
 					Path:      "/spec/template/spec/preKubeadmCommands",
 					ValueMatcher: gomega.ContainElement(
-						"/bin/bash /etc/cre/install-kubelet-credential-providers.sh",
+						"/bin/bash /etc/caren/install-kubelet-credential-providers.sh",
 					),
 				},
 				{
diff --git a/pkg/handlers/generic/mutation/mirrors/inject_test.go b/pkg/handlers/generic/mutation/mirrors/inject_test.go
@@ -70,7 +70,7 @@ var _ = Describe("Generate Global mirror patches", func() {
 							"path", "/etc/containerd/certs.d/_default/hosts.toml",
 						),
 						gomega.HaveKeyWithValue(
-							"path", "/etc/containerd/cre.d/registry-config.toml",
+							"path", "/etc/caren/containerd/patches/registry-config.toml",
 						),
 					),
 				},
@@ -105,7 +105,7 @@ var _ = Describe("Generate Global mirror patches", func() {
 							"path", "/etc/certs/mirror.pem",
 						),
 						gomega.HaveKeyWithValue(
-							"path", "/etc/containerd/cre.d/registry-config.toml",
+							"path", "/etc/caren/containerd/patches/registry-config.toml",
 						),
 					),
 				},
@@ -140,7 +140,7 @@ var _ = Describe("Generate Global mirror patches", func() {
 							"path", "/etc/containerd/certs.d/_default/hosts.toml",
 						),
 						gomega.HaveKeyWithValue(
-							"path", "/etc/containerd/cre.d/registry-config.toml",
+							"path", "/etc/caren/containerd/patches/registry-config.toml",
 						),
 					),
 				},
@@ -183,7 +183,7 @@ var _ = Describe("Generate Global mirror patches", func() {
 							"path", "/etc/certs/mirror.pem",
 						),
 						gomega.HaveKeyWithValue(
-							"path", "/etc/containerd/cre.d/registry-config.toml",
+							"path", "/etc/caren/containerd/patches/registry-config.toml",
 						),
 					),
 				},
diff --git a/pkg/handlers/generic/mutation/mirrors/mirror.go b/pkg/handlers/generic/mutation/mirrors/mirror.go
@@ -17,14 +17,13 @@ import (
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/mutation/containerdapplypatchesandrestart"
 )
 
 const (
 	mirrorCACertPathOnRemote                = "/etc/certs/mirror.pem"
 	defaultRegistryMirrorConfigPathOnRemote = "/etc/containerd/certs.d/_default/hosts.toml"
 	secretKeyForMirrorCACert                = "ca.crt"
-
-	containerdPatchesDirOnRemote = "/etc/containerd/cre.d"
 )
 
 var (
@@ -38,7 +37,7 @@ var (
 	//go:embed templates/containerd-registry-config-drop-in.toml
 	containerdRegistryConfigDropIn             []byte
 	containerdRegistryConfigDropInFileOnRemote = path.Join(
-		containerdPatchesDirOnRemote,
+		containerdapplypatchesandrestart.ContainerdPatchesDirOnRemote,
 		"registry-config.toml",
 	)
 )
diff --git a/pkg/handlers/generic/mutation/mirrors/mirror_test.go b/pkg/handlers/generic/mutation/mirrors/mirror_test.go
@@ -161,7 +161,7 @@ func Test_generateMirrorCACertFile(t *testing.T) {
 func Test_generateContainerdRegistryConfigDropInFile(t *testing.T) {
 	want := []cabpkv1.File{
 		{
-			Path:        "/etc/containerd/cre.d/registry-config.toml",
+			Path:        "/etc/caren/containerd/patches/registry-config.toml",
 			Owner:       "",
 			Permissions: "0600",
 			Encoding:    "",

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import (`
`11`	`11`
`12`	`12`	`const (`
`13`	`13`	`// TODO Factor out this constant to a common package.`
`14`		`- containerdPatchesDirOnRemote = "/etc/containerd/cre.d"`
	`14`	`+ containerdPatchesDirOnRemote = "/etc/caren/containerd"`
`15`	`15`	`)`
`16`	`16`
`17`	`17`	`var (`
Original file line number	Diff line number	Diff line change
`@@ -17,14 +17,13 @@ import (`
`17`	`17`	`ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"`
`18`	`18`
`19`	`19`	`"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"`
	`20`	`+ "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/mutation/containerdapplypatchesandrestart"`
`20`	`21`	`)`
`21`	`22`
`22`	`23`	`const (`
`23`	`24`	`mirrorCACertPathOnRemote = "/etc/certs/mirror.pem"`
`24`	`25`	`defaultRegistryMirrorConfigPathOnRemote = "/etc/containerd/certs.d/_default/hosts.toml"`
`25`	`26`	`secretKeyForMirrorCACert = "ca.crt"`
`26`		`-`
`27`		`- containerdPatchesDirOnRemote = "/etc/containerd/cre.d"`
`28`	`27`	`)`
`29`	`28`
`30`	`29`	`var (`
`@@ -38,7 +37,7 @@ var (`
`38`	`37`	`//go:embed templates/containerd-registry-config-drop-in.toml`
`39`	`38`	`containerdRegistryConfigDropIn []byte`
`40`	`39`	`containerdRegistryConfigDropInFileOnRemote = path.Join(`
`41`		`- containerdPatchesDirOnRemote,`
	`40`	`+ containerdapplypatchesandrestart.ContainerdPatchesDirOnRemote,`
`42`	`41`	`"registry-config.toml",`
`43`	`42`	`)`
`44`	`43`	`)`
Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,7 @@ func Test_generateMirrorCACertFile(t *testing.T) {`
`161`	`161`	`func Test_generateContainerdRegistryConfigDropInFile(t *testing.T) {`
`162`	`162`	`want := []cabpkv1.File{`
`163`	`163`	`{`
`164`		`- Path: "/etc/containerd/cre.d/registry-config.toml",`
	`164`	`+ Path: "/etc/caren/containerd/patches/registry-config.toml",`
`165`	`165`	`Owner: "",`
`166`	`166`	`Permissions: "0600",`
`167`	`167`	`Encoding: "",`