feat: insert nutanix cert sans

Author: faiq

api/v1alpha1/clusterconfig_types.go

@@ -38,6 +38,12 @@ var DefaultDockerCertSANs = []string{
 	"host.docker.internal",
 }
 
+var DefaultNutanixCertSANs = []string{
+	"localhost",
+	"127.0.0.1",
+	"0.0.0.0",
+}
+
 // +kubebuilder:object:root=true
 
 // ClusterConfig is the Schema for the clusterconfigs API.
@@ -272,8 +278,10 @@ func (ExtraAPIServerCertSANs) VariableSchema() clusterv1.VariableSchema {
 	return clusterv1.VariableSchema{
 		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
 			Description: fmt.Sprintf(
-				"Extra Subject Alternative Names for the API Server signing cert. For Docker %s are injected automatically.",
+				//nolint:lll // its a user facing message
+				"Subject Alternative Names for the API Server signing cert. For Docker %s are injected automatically. For Nutanix %s are injected automatically.",
 				strings.Join(DefaultDockerCertSANs, ","),
+				strings.Join(DefaultNutanixCertSANs, ","),
 			),
 			Type:        "array",
 			UniqueItems: true,

pkg/handlers/generic/mutation/extraapiservercertsans/inject.go

@@ -95,6 +95,10 @@ func (h *extraAPIServerCertSANsPatchHandler) Mutate(
 		"variableValue",
 		apiCertSANs,
 	)
+	if len(apiCertSANs) == 0 {
+		log.Info("No APIServerSANs to apply")
+		return nil
+	}
 
 	return patches.MutateIfApplicable(
 		obj, vars, &holderRef, selectors.ControlPlane(), log,
@@ -117,6 +121,8 @@ func getDefaultAPIServerSANs(cluster *clusterv1.Cluster) []string {
 	switch utils.GetProvider(cluster) {
 	case "docker":
 		return v1alpha1.DefaultDockerCertSANs
+	case "nutanix":
+		return v1alpha1.DefaultNutanixCertSANs
 	default:
 		return nil
 	}

pkg/handlers/generic/mutation/extraapiservercertsans/inject_test.go

@@ -130,6 +130,49 @@ var _ = Describe("Generate Extra API server certificate patches", func() {
 				},
 			},
 		},
+		{
+			patchTest: capitest.PatchTestDef{
+				Name: "extra API server cert SANs set with Nutanix",
+				Vars: []runtimehooksv1.Variable{
+					capitest.VariableWithValue(
+						clusterconfig.MetaVariableName,
+						v1alpha1.ClusterConfigSpec{
+							GenericClusterConfig: v1alpha1.GenericClusterConfig{
+								ExtraAPIServerCertSANs: v1alpha1.ExtraAPIServerCertSANs{
+									"a.b.c.example.com",
+								},
+							},
+						},
+					),
+				},
+				RequestItem: request.NewKubeadmControlPlaneTemplateRequestItem(""),
+				ExpectedPatchMatchers: []capitest.JSONPatchMatcher{{
+					Operation: "add",
+					Path:      "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration",
+					ValueMatcher: gomega.HaveKeyWithValue(
+						"apiServer",
+						gomega.HaveKeyWithValue(
+							"certSANs",
+							[]interface{}{
+								"0.0.0.0",
+								"127.0.0.1",
+								"a.b.c.example.com",
+								"localhost",
+							},
+						),
+					),
+				}},
+			},
+			cluster: clusterv1.Cluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-cluster",
+					Namespace: metav1.NamespaceDefault,
+					Labels: map[string]string{
+						clusterv1.ProviderNameLabel: "nutanix",
+					},
+				},
+			},
+		},
 	}
 
 	// create test node for each case