build: include kube-vip Pod template in KubeadmControlPlaneTemplate

Author: dkoshkin

.pre-commit-config.yaml

@@ -153,7 +153,7 @@ repos:
     name: License headers - YAML and Makefiles
     stages: [pre-commit]
     files: (^Makefile|\.(ya?ml|mk))$
-    exclude: ^(internal/test|pkg/handlers/.+/embedded|examples|charts/cluster-api-runtime-extensions-nutanix/(defaultclusterclasses|addons))/.+\.ya?ml|docs/static/helm/index\.yaml|charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml$
+    exclude: ^(internal/test|pkg/handlers/.+/embedded|examples|charts/cluster-api-runtime-extensions-nutanix/(defaultclusterclasses|addons))/.+\.ya?ml|docs/static/helm/index\.yaml|charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml|hack/examples/files/kube-vip.yaml$
     args:
       - --license-filepath
       - hack/license-header.txt

charts/cluster-api-runtime-extensions-nutanix/defaultclusterclasses/nutanix-cluster-class.yaml

@@ -132,7 +132,69 @@ spec:
           scheduler:
             extraArgs:
               tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-        files: []
+        files:
+        - content: |-
+            apiVersion: v1
+            kind: Pod
+            metadata:
+              name: kube-vip
+              namespace: kube-system
+            spec:
+              containers:
+                - args:
+                    - manager
+                  env:
+                    - name: vip_arp
+                      value: "true"
+                    - name: port
+                      value: '{{ .Port }}'
+                    - name: vip_nodename
+                      valueFrom:
+                        fieldRef:
+                          fieldPath: spec.nodeName
+                    - name: vip_cidr
+                      value: "32"
+                    - name: dns_mode
+                      value: first
+                    - name: cp_enable
+                      value: "true"
+                    - name: cp_namespace
+                      value: kube-system
+                    - name: vip_leaderelection
+                      value: "true"
+                    - name: vip_leasename
+                      value: plndr-cp-lock
+                    - name: vip_leaseduration
+                      value: "15"
+                    - name: vip_renewdeadline
+                      value: "10"
+                    - name: vip_retryperiod
+                      value: "2"
+                    - name: address
+                      value: '{{ .Address }}'
+                    - name: prometheus_server
+                  image: ghcr.io/kube-vip/kube-vip:v0.8.9
+                  imagePullPolicy: IfNotPresent
+                  name: kube-vip
+                  resources: {}
+                  securityContext:
+                    capabilities:
+                      add:
+                        - NET_ADMIN
+                        - NET_RAW
+                  volumeMounts:
+                    - mountPath: /etc/kubernetes/admin.conf
+                      name: kubeconfig
+              hostAliases:
+                - hostnames:
+                    - kubernetes
+                  ip: 127.0.0.1
+              hostNetwork: true
+              volumes:
+                - hostPath:
+                    path: /etc/kubernetes/admin.conf
+                  name: kubeconfig
+          path: /etc/kubernetes/manifests/kube-vip.yaml
         initConfiguration:
           nodeRegistration:
             kubeletExtraArgs:

hack/addons/update-kube-vip-manifests.sh

@@ -13,10 +13,7 @@ if [ -z "${KUBE_VIP_VERSION:-}" ]; then
   exit 1
 fi
 
-ASSETS_DIR="$(mktemp -d -p "${TMPDIR:-/tmp}")"
-readonly ASSETS_DIR
-trap_add "rm -rf ${ASSETS_DIR}" EXIT
-
+readonly ASSETS_DIR="hack/examples/files"
 readonly FILE_NAME="kube-vip.yaml"
 
 # shellcheck disable=SC2016 # Single quotes are required for the gojq expression.
@@ -33,23 +30,9 @@ docker container run --rm ghcr.io/kube-vip/kube-vip:"${KUBE_VIP_VERSION}" \
   gojq --yaml-input --yaml-output \
     'del(.metadata.creationTimestamp, .status) |
      .spec.containers[].imagePullPolicy |= "IfNotPresent" |
-     (.spec.containers[0].env[] | select(.name == "port").value) |= "{{ `{{ .Port }}` }}" |
-     (.spec.containers[0].env[] | select(.name == "address").value) |= "{{ `{{ .Address }}` }}"
+     (.spec.containers[0].env[] | select(.name == "port").value) |= "{{ .Port }}" |
+     (.spec.containers[0].env[] | select(.name == "address").value) |= "{{ .Address }}"
     ' >"${ASSETS_DIR}/${FILE_NAME}"
 
-kubectl create configmap "{{ .Values.hooks.virtualIP.kubeVip.defaultTemplateConfigMap.name }}" --dry-run=client --output yaml \
-  --from-file "${ASSETS_DIR}/${FILE_NAME}" \
-  >"${ASSETS_DIR}/kube-vip-configmap.yaml"
-
-# add warning not to edit file directly
-cat <<EOF >"${GIT_REPO_ROOT}/charts/cluster-api-runtime-extensions-nutanix/templates/virtual-ip/kube-vip/manifests/kube-vip-configmap.yaml"
-$(cat "${GIT_REPO_ROOT}/hack/license-header.yaml.txt")
-
-#=================================================================
-#                 DO NOT EDIT THIS FILE
-#  IT HAS BEEN GENERATED BY /hack/addons/update-kube-vip-manifests.sh
-#=================================================================
-{{- if .Values.hooks.virtualIP.kubeVip.defaultTemplateConfigMap.create }}
-$(cat "${ASSETS_DIR}/kube-vip-configmap.yaml")
-{{- end -}}
-EOF
+# add 8 spaces to each line so that the kustomize template can be properly indented
+sed -i -e 's/^/        /' "${ASSETS_DIR}/${FILE_NAME}"

hack/examples/bases/nutanix/clusterclass/kustomization.yaml.tmpl

@@ -46,16 +46,23 @@ patches:
     - op: "remove"
       path: "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/certSANs"
 
-# Delete the kube-vip file.
-# Will be templated and added back in the handler if enabled.
+# Template the kube-vip file.
+# The handler will set the variables if needed, or remove it.
 - target:
     kind: KubeadmControlPlaneTemplate
   patch: |-
     - op: test
       path: /spec/template/spec/kubeadmConfigSpec/files/0/path
       value: "/etc/kubernetes/manifests/kube-vip.yaml"
     - op: "remove"
-      path: "/spec/template/spec/kubeadmConfigSpec/files/0"
+      path: "/spec/template/spec/kubeadmConfigSpec/files/0/owner"
+    - op: "replace"
+      path: "/spec/template/spec/kubeadmConfigSpec/files/0/path"
+      value: "/etc/kubernetes/manifests/kube-vip.yaml"
+    - op: "replace"
+      path: "/spec/template/spec/kubeadmConfigSpec/files/0/content"
+      value: |
+${KUBE_VIP_CONTENT}
 
 # Delete the kube-vip related pre and postKubeadmCommands.
 # Will be added back in the handler if enabled.

hack/examples/files/kube-vip.yaml

@@ -0,0 +1,60 @@
+        apiVersion: v1
+        kind: Pod
+        metadata:
+          name: kube-vip
+          namespace: kube-system
+        spec:
+          containers:
+            - args:
+                - manager
+              env:
+                - name: vip_arp
+                  value: "true"
+                - name: port
+                  value: '{{ .Port }}'
+                - name: vip_nodename
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: spec.nodeName
+                - name: vip_cidr
+                  value: "32"
+                - name: dns_mode
+                  value: first
+                - name: cp_enable
+                  value: "true"
+                - name: cp_namespace
+                  value: kube-system
+                - name: vip_leaderelection
+                  value: "true"
+                - name: vip_leasename
+                  value: plndr-cp-lock
+                - name: vip_leaseduration
+                  value: "15"
+                - name: vip_renewdeadline
+                  value: "10"
+                - name: vip_retryperiod
+                  value: "2"
+                - name: address
+                  value: '{{ .Address }}'
+                - name: prometheus_server
+              image: ghcr.io/kube-vip/kube-vip:v0.8.9
+              imagePullPolicy: IfNotPresent
+              name: kube-vip
+              resources: {}
+              securityContext:
+                capabilities:
+                  add:
+                    - NET_ADMIN
+                    - NET_RAW
+              volumeMounts:
+                - mountPath: /etc/kubernetes/admin.conf
+                  name: kubeconfig
+          hostAliases:
+            - hostnames:
+                - kubernetes
+              ip: 127.0.0.1
+          hostNetwork: true
+          volumes:
+            - hostPath:
+                path: /etc/kubernetes/admin.conf
+              name: kubeconfig

hack/examples/sync.sh

@@ -11,6 +11,9 @@ readonly SCRIPT_DIR
 
 trap 'find "${SCRIPT_DIR}" -name kustomization.yaml -delete' EXIT
 
+KUBE_VIP_CONTENT=$(cat hack/examples/files/kube-vip.yaml)
+export KUBE_VIP_CONTENT
+
 # For details why the exec command is structured like this , see
 # https://www.shellcheck.net/wiki/SC2156.
 find "${SCRIPT_DIR}" -name kustomization.yaml.tmpl \

make/examples.mk

@@ -3,5 +3,6 @@
 
 .PHONY: examples.sync
 examples.sync: ## Syncs the examples by fetching upstream examples and applying kustomize patches
+examples.sync: update-addon.kube-vip # kube-vip is part of the KCP spec
 examples.sync: ; $(info $(M) syncing examples)
 	hack/examples/sync.sh