feat: support setting kubeadm ignorePreflightErrors (#1097)

**What problem does this PR solve?**:
Exposes [CAPI's
API](https://github.com/kubernetes-sigs/cluster-api/blob/9dddcb7628831bea6e472ea9afb74e0b4595fc5d/bootstrap/kubeadm/api/v1beta2/kubeadm_types.go#L287-L292C2)
to configure kubeadm.
This enables working around
kubernetes/kubernetes#129462 or ignoring any
other kubeadm preflight check.

I intentionally added it as this to mimic CAPIs APIs under a single
handler so that we can expose additional configuration in the future.
```
            nodeRegistration:
              ignorePreflightErrors:
                - SystemVerification
```

**Which issue(s) this PR fixes**:
Fixes #

**How Has This Been Tested?**:
<!--
Please describe the tests that you ran to verify your changes.
Provide output from the tests and any manual steps needed to replicate
the tests.
-->
Tested with a Docker cluster and verified the generated templates.
Also unit tests.

**Special notes for your reviewer**:
<!--
Use this to provide any additional information to the reviewers.
This may include:
- Best way to review the PR.
- Where the author wants the most review attention on.
- etc.
-->
Eventhough in CAPI's API `taints` are also part of `nodeRegistration`,
there is more nuance there that deserves its own handler. Keeping
`taints` and `nodeRegistration` also allows to change the implementation
of taints in the future to a controller based approach that doesn't
require a rollout of new Machines.

Author: dkoshkin

api/v1alpha1/crds/caren.nutanix.com_awsclusterconfigs.yaml

@@ -377,6 +377,23 @@ spec:
                           default: m5.xlarge
                           type: string
                       type: object
+                    nodeRegistration:
+                      default: {}
+                      description: NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+                      properties:
+                        ignorePreflightErrors:
+                          default:
+                            - SystemVerification
+                          description: |-
+                            IgnorePreflightErrors specifies a slice of pre-flight errors to be ignored by kubeadm
+                            when the current node is registered.
+                          items:
+                            maxLength: 512
+                            minLength: 1
+                            type: string
+                          maxItems: 50
+                          type: array
+                      type: object
                     taints:
                       description: Taints specifies the taints the Node API object should be registered with.
                       items:

api/v1alpha1/crds/caren.nutanix.com_awsworkernodeconfigs.yaml

@@ -90,6 +90,24 @@ spec:
                     description: The AWS instance type to use for the cluster Machines.
                     type: string
                 type: object
+              nodeRegistration:
+                default: {}
+                description: NodeRegistration holds fields that relate to registering
+                  the new control-plane node to the cluster.
+                properties:
+                  ignorePreflightErrors:
+                    default:
+                    - SystemVerification
+                    description: |-
+                      IgnorePreflightErrors specifies a slice of pre-flight errors to be ignored by kubeadm
+                      when the current node is registered.
+                    items:
+                      maxLength: 512
+                      minLength: 1
+                      type: string
+                    maxItems: 50
+                    type: array
+                type: object
               taints:
                 description: Taints specifies the taints the Node API object should
                   be registered with.

api/v1alpha1/crds/caren.nutanix.com_dockerclusterconfigs.yaml

@@ -306,6 +306,23 @@ spec:
                           pattern: ^((?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*|\[(?:[a-fA-F0-9:]+)\])(:[0-9]+)?/)?[a-z0-9]+((?:[._]|__|[-]+)[a-z0-9]+)*(/[a-z0-9]+((?:[._]|__|[-]+)[a-z0-9]+)*)*(:[\w][\w.-]{0,127})?(@[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][0-9A-Fa-f]{32,})?$
                           type: string
                       type: object
+                    nodeRegistration:
+                      default: {}
+                      description: NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+                      properties:
+                        ignorePreflightErrors:
+                          default:
+                            - SystemVerification
+                          description: |-
+                            IgnorePreflightErrors specifies a slice of pre-flight errors to be ignored by kubeadm
+                            when the current node is registered.
+                          items:
+                            maxLength: 512
+                            minLength: 1
+                            type: string
+                          maxItems: 50
+                          type: array
+                      type: object
                     taints:
                       description: Taints specifies the taints the Node API object should be registered with.
                       items:

api/v1alpha1/crds/caren.nutanix.com_dockerworkernodeconfigs.yaml

@@ -65,6 +65,24 @@ spec:
                     pattern: ^((?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*|\[(?:[a-fA-F0-9:]+)\])(:[0-9]+)?/)?[a-z0-9]+((?:[._]|__|[-]+)[a-z0-9]+)*(/[a-z0-9]+((?:[._]|__|[-]+)[a-z0-9]+)*)*(:[\w][\w.-]{0,127})?(@[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][0-9A-Fa-f]{32,})?$
                     type: string
                 type: object
+              nodeRegistration:
+                default: {}
+                description: NodeRegistration holds fields that relate to registering
+                  the new control-plane node to the cluster.
+                properties:
+                  ignorePreflightErrors:
+                    default:
+                    - SystemVerification
+                    description: |-
+                      IgnorePreflightErrors specifies a slice of pre-flight errors to be ignored by kubeadm
+                      when the current node is registered.
+                    items:
+                      maxLength: 512
+                      minLength: 1
+                      type: string
+                    maxItems: 50
+                    type: array
+                type: object
               taints:
                 description: Taints specifies the taints the Node API object should
                   be registered with.

api/v1alpha1/crds/caren.nutanix.com_nutanixclusterconfigs.yaml

@@ -299,6 +299,23 @@ spec:
                       required:
                         - daysBeforeExpiry
                       type: object
+                    nodeRegistration:
+                      default: {}
+                      description: NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+                      properties:
+                        ignorePreflightErrors:
+                          default:
+                            - SystemVerification
+                          description: |-
+                            IgnorePreflightErrors specifies a slice of pre-flight errors to be ignored by kubeadm
+                            when the current node is registered.
+                          items:
+                            maxLength: 512
+                            minLength: 1
+                            type: string
+                          maxItems: 50
+                          type: array
+                      type: object
                     nutanix:
                       properties:
                         machineDetails:

api/v1alpha1/crds/caren.nutanix.com_nutanixworkernodeconfigs.yaml

@@ -41,6 +41,23 @@ spec:
             spec:
               description: NutanixWorkerNodeConfigSpec defines the desired state of NutanixNodeSpec.
               properties:
+                nodeRegistration:
+                  default: {}
+                  description: NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+                  properties:
+                    ignorePreflightErrors:
+                      default:
+                        - SystemVerification
+                      description: |-
+                        IgnorePreflightErrors specifies a slice of pre-flight errors to be ignored by kubeadm
+                        when the current node is registered.
+                      items:
+                        maxLength: 512
+                        minLength: 1
+                        type: string
+                      maxItems: 50
+                      type: array
+                  type: object
                 nutanix:
                   properties:
                     machineDetails:

api/v1alpha1/nodeconfig_types.go

@@ -106,6 +106,11 @@ type GenericNodeSpec struct {
 	// Taints specifies the taints the Node API object should be registered with.
 	// +kubebuilder:validation:Optional
 	Taints []Taint `json:"taints,omitempty"`
+
+	// NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={}
+	NodeRegistration *NodeRegistrationOptions `json:"nodeRegistration,omitempty"`
 }
 
 // The node this Taint is attached to has the "effect" on
@@ -146,6 +151,19 @@ const (
 	TaintEffectNoExecute TaintEffect = "NoExecute"
 )
 
+// NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster,
+// either via "kubeadm init" or "kubeadm join".
+type NodeRegistrationOptions struct {
+	// IgnorePreflightErrors specifies a slice of pre-flight errors to be ignored by kubeadm
+	// when the current node is registered.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default={"SystemVerification"}
+	// +kubebuilder:validation:MaxItems=50
+	// +kubebuilder:validation:items:MinLength=1
+	// +kubebuilder:validation:items:MaxLength=512
+	IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"`
+}
+
 //nolint:gochecknoinits // Idiomatic to use init functions to register APIs with scheme.
 func init() {
 	SchemeBuilder.Register(

api/v1alpha1/zz_generated.deepcopy.go

@@ -0,0 +1,124 @@
++++
+title = "Node registration configuration"
++++
+
+Below is a list of node registration configuration options that can be set for `kubeadm init` and `kubeadm join`.
+
+This customization will be available when the
+[provider-specific cluster configuration patch]({{< ref "..">}}) is included in the `ClusterClass`.
+
+## Example
+
+### ignorePreflightErrors
+
+Kubeadm runs preflight checks to ensure the machine is compatible with Kubernetes and its dependencies.
+The `SystemVerification` check is known to result in false positives.
+For example, it fails when the Linux Kernel version is not supported by kubeadm,
+even if the kernel has all the required features.
+For this reason, we skip the check by default.
+
+#### Control plane
+
+To configure `ignorePreflightErrors` for the control plane nodes, specify the following configuration:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: clusterConfig
+        value:
+          controlPlane:
+            nodeRegistration:
+              ignorePreflightErrors:
+                - SystemVerification
+```
+
+Applying this configuration will result in the following value being set:
+
+- `KubeadmControlPlaneTemplate`:
+
+  - ```yaml
+    spec:
+      kubeadmConfigSpec:
+        initConfiguration:
+          nodeRegistration:
+            nodeRegistration:
+              ignorePreflightErrors:
+                - SystemVerification
+        joinConfiguration:
+            nodeRegistration:
+              ignorePreflightErrors:
+                - SystemVerification
+    ```
+
+#### Worker node
+
+`ignorePreflightErrors` for individual nodepools can be configured similarly:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    workers:
+      machineDeployments:
+      - class: default-worker
+        name: md-0
+        variables:
+          overrides:
+          - name: workerConfig
+            value:
+              nodeRegistration:
+                ignorePreflightErrors:
+                  - SystemVerification
+```
+
+Applying this configuration will result in the following value being set:
+
+- `KubeadmConfigTemplate`:
+
+  - ```yaml
+    spec:
+      joinConfiguration:
+        nodeRegistration:
+          ignorePreflightErrors:
+            - SystemVerification
+    ```
+
+By default, the following value will be set for both control plane and worker nodes:
+
+```yaml
+    variables:
+      - name: clusterConfig
+        value:
+          controlPlane:
+            nodeRegistration:
+              ignorePreflightErrors:
+                - SystemVerification
+      - name: workerConfig
+        value:
+          nodeRegistration:
+            ignorePreflightErrors:
+              - SystemVerification
+```
+
+This can be enabled by setting `ignorePreflightErrors` to an empty list:
+
+```yaml
+    variables:
+      - name: clusterConfig
+        value:
+          controlPlane:
+            nodeRegistration:
+              ignorePreflightErrors: []
+      - name: workerConfig
+        value:
+          nodeRegistration:
+            ignorePreflightErrors: []
+```

docs/content/customization/generic/node-registration.md

@@ -49,6 +49,7 @@ spec:
               - end: 198.18.1.30
                 start: 198.18.1.21
             provider: MetalLB
+        controlPlane: {}
         dns:
           coreDNS: {}
         encryptionAtRest:

examples/capi-quick-start/docker-cluster-calico-crs.yaml

@@ -44,6 +44,7 @@ spec:
               - end: 198.18.1.30
                 start: 198.18.1.21
             provider: MetalLB
+        controlPlane: {}
         dns:
           coreDNS: {}
         encryptionAtRest:

examples/capi-quick-start/docker-cluster-calico-helm-addon.yaml

@@ -49,6 +49,7 @@ spec:
               - end: 198.18.1.30
                 start: 198.18.1.21
             provider: MetalLB
+        controlPlane: {}
         dns:
           coreDNS: {}
         encryptionAtRest:

examples/capi-quick-start/docker-cluster-cilium-crs.yaml

@@ -44,6 +44,7 @@ spec:
               - end: 198.18.1.30
                 start: 198.18.1.21
             provider: MetalLB
+        controlPlane: {}
         dns:
           coreDNS: {}
         encryptionAtRest:

examples/capi-quick-start/docker-cluster-cilium-helm-addon.yaml

@@ -6,6 +6,7 @@
   value:
     - name: "clusterConfig"
       value:
+        controlPlane: {}
         addons:
           clusterAutoscaler: {}
           nfd: {}