Skip to content

Commit eeeb5c2

Browse files
authored
fix: Handle long cluster names (#845)
This commit starts fixing a bug that means addons fail to be fully deployed if the cluster name is longer than 44 characters. This is caused by the name of the HCP being over 63 characters. This name is then used in HRP labels which have a maximum length of 63 characters, so the HRPs are rejected by the API server when CAAPH applies them. The fix is to use generate name and labels on the HCP to ensure uniqueness by lookup rather than by using a deterministic name.
1 parent 5d54db0 commit eeeb5c2

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

49 files changed

+1081
-597
lines changed

.golangci.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,3 +108,17 @@ issues:
108108
- text: "hugeParam: holderRef is heavy"
109109
linters:
110110
- gocritic
111+
# Admission request interface is defined by k8s
112+
- path: pkg/webhook
113+
text: "hugeParam: req is heavy"
114+
linters:
115+
- gocritic
116+
# This is not a problem in tests
117+
- path: internal/test/envtest
118+
text: "hugeParam: webhookInstallOptions is heavy"
119+
linters:
120+
- gocritic
121+
- path: internal/test/envtest
122+
text: "hugeParam: input is heavy"
123+
linters:
124+
- gocritic

api/v1alpha1/constants.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,4 +32,6 @@ const (
3232
GlobalMirrorVariableName = "globalImageRegistryMirror"
3333
// ImageRegistriesVariableName is the image registries patch variable name.
3434
ImageRegistriesVariableName = "imageRegistries"
35+
36+
ClusterUUIDAnnotationKey = APIGroup + "/cluster-uuid"
3537
)
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Copyright 2024 Nutanix. All rights reserved.
2+
# SPDX-License-Identifier: Apache-2.0
3+
4+
apiVersion: v1
5+
kind: Service
6+
metadata:
7+
annotations:
8+
{{- with .Values.service.annotations }}
9+
{{ toYaml . | nindent 4 }}
10+
{{- end }}
11+
labels:
12+
{{- include "chart.labels" . | nindent 4 }}
13+
name: {{ template "chart.name" . }}-admission
14+
namespace: {{ .Release.Namespace }}
15+
spec:
16+
type: {{.Values.service.type}}
17+
ports:
18+
- name: https
19+
port: {{ .Values.service.port }}
20+
protocol: TCP
21+
targetPort: admission
22+
{{- if and .Values.service.nodePort (eq "NodePort" .Values.service.type) }}
23+
nodePort: {{ .Values.service.nodePort }}
24+
{{- end }}
25+
selector:
26+
{{- include "chart.selectorLabels" . | nindent 4 }}

charts/cluster-api-runtime-extensions-nutanix/templates/certificates.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,19 @@ spec:
1616
kind: {{ .Values.certificates.issuer.kind }}
1717
name: {{ template "chart.issuerName" . }}
1818
secretName: {{ template "chart.name" . }}-runtimehooks-tls
19+
---
20+
apiVersion: cert-manager.io/v1
21+
kind: Certificate
22+
metadata:
23+
name: {{ template "chart.name" . }}-admission-tls
24+
namespace: {{ .Release.Namespace }}
25+
labels:
26+
{{- include "chart.labels" . | nindent 4 }}
27+
spec:
28+
dnsNames:
29+
- {{ template "chart.name" . }}-admission.{{ .Release.Namespace }}.svc
30+
- {{ template "chart.name" . }}-admission.{{ .Release.Namespace }}.svc.cluster.local
31+
issuerRef:
32+
kind: {{ .Values.certificates.issuer.kind }}
33+
name: {{ template "chart.issuerName" . }}
34+
secretName: {{ template "chart.name" . }}-admission-tls

charts/cluster-api-runtime-extensions-nutanix/templates/cluster-autoscaler/manifests/cluster-autoscaler-configmap.yaml

Lines changed: 29 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -12,41 +12,41 @@ data:
1212
kind: PodDisruptionBudget
1313
metadata:
1414
labels:
15-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
15+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
1616
app.kubernetes.io/managed-by: Helm
1717
app.kubernetes.io/name: clusterapi-cluster-autoscaler
1818
helm.sh/chart: cluster-autoscaler-9.37.0
19-
name: cluster-autoscaler-tmpl-clustername-tmpl
20-
namespace: tmpl-clusternamespace-tmpl
19+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
20+
namespace: '{{ `{{ .Cluster.Namespace }}` }}'
2121
spec:
2222
maxUnavailable: 1
2323
selector:
2424
matchLabels:
25-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
25+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
2626
app.kubernetes.io/name: clusterapi-cluster-autoscaler
2727
---
2828
apiVersion: v1
2929
automountServiceAccountToken: true
3030
kind: ServiceAccount
3131
metadata:
3232
labels:
33-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
33+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
3434
app.kubernetes.io/managed-by: Helm
3535
app.kubernetes.io/name: clusterapi-cluster-autoscaler
3636
helm.sh/chart: cluster-autoscaler-9.37.0
37-
name: cluster-autoscaler-tmpl-clustername-tmpl
38-
namespace: tmpl-clusternamespace-tmpl
37+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
38+
namespace: '{{ `{{ .Cluster.Namespace }}` }}'
3939
---
4040
apiVersion: rbac.authorization.k8s.io/v1
4141
kind: Role
4242
metadata:
4343
labels:
44-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
44+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
4545
app.kubernetes.io/managed-by: Helm
4646
app.kubernetes.io/name: clusterapi-cluster-autoscaler
4747
helm.sh/chart: cluster-autoscaler-9.37.0
48-
name: cluster-autoscaler-tmpl-clustername-tmpl
49-
namespace: tmpl-clusternamespace-tmpl
48+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
49+
namespace: '{{ `{{ .Cluster.Namespace }}` }}'
5050
rules:
5151
- apiGroups:
5252
- ""
@@ -105,71 +105,71 @@ data:
105105
kind: RoleBinding
106106
metadata:
107107
labels:
108-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
108+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
109109
app.kubernetes.io/managed-by: Helm
110110
app.kubernetes.io/name: clusterapi-cluster-autoscaler
111111
helm.sh/chart: cluster-autoscaler-9.37.0
112-
name: cluster-autoscaler-tmpl-clustername-tmpl
113-
namespace: tmpl-clusternamespace-tmpl
112+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
113+
namespace: '{{ `{{ .Cluster.Namespace }}` }}'
114114
roleRef:
115115
apiGroup: rbac.authorization.k8s.io
116116
kind: Role
117-
name: cluster-autoscaler-tmpl-clustername-tmpl
117+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
118118
subjects:
119119
- kind: ServiceAccount
120-
name: cluster-autoscaler-tmpl-clustername-tmpl
121-
namespace: tmpl-clusternamespace-tmpl
120+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
121+
namespace: '{{ `{{ .Cluster.Namespace }}` }}'
122122
---
123123
apiVersion: v1
124124
kind: Service
125125
metadata:
126126
labels:
127-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
127+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
128128
app.kubernetes.io/managed-by: Helm
129129
app.kubernetes.io/name: clusterapi-cluster-autoscaler
130130
helm.sh/chart: cluster-autoscaler-9.37.0
131-
name: cluster-autoscaler-tmpl-clustername-tmpl
132-
namespace: tmpl-clusternamespace-tmpl
131+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
132+
namespace: '{{ `{{ .Cluster.Namespace }}` }}'
133133
spec:
134134
ports:
135135
- name: http
136136
port: 8085
137137
protocol: TCP
138138
targetPort: 8085
139139
selector:
140-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
140+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
141141
app.kubernetes.io/name: clusterapi-cluster-autoscaler
142142
type: ClusterIP
143143
---
144144
apiVersion: apps/v1
145145
kind: Deployment
146146
metadata:
147147
labels:
148-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
148+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
149149
app.kubernetes.io/managed-by: Helm
150150
app.kubernetes.io/name: clusterapi-cluster-autoscaler
151151
helm.sh/chart: cluster-autoscaler-9.37.0
152-
name: cluster-autoscaler-tmpl-clustername-tmpl
153-
namespace: tmpl-clusternamespace-tmpl
152+
name: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
153+
namespace: '{{ `{{ .Cluster.Namespace }}` }}'
154154
spec:
155155
replicas: 1
156156
revisionHistoryLimit: 10
157157
selector:
158158
matchLabels:
159-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
159+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
160160
app.kubernetes.io/name: clusterapi-cluster-autoscaler
161161
template:
162162
metadata:
163163
labels:
164-
app.kubernetes.io/instance: cluster-autoscaler-tmpl-clustername-tmpl
164+
app.kubernetes.io/instance: 'ca-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
165165
app.kubernetes.io/name: clusterapi-cluster-autoscaler
166166
spec:
167167
containers:
168168
- command:
169169
- ./cluster-autoscaler
170170
- --cloud-provider=clusterapi
171-
- --namespace=tmpl-clusternamespace-tmpl
172-
- --node-group-auto-discovery=clusterapi:clusterName=tmpl-clustername-tmpl,namespace=tmpl-clusternamespace-tmpl
171+
- --namespace='{{ `{{ .Cluster.Namespace }}` }}'
172+
- --node-group-auto-discovery=clusterapi:clusterName='{{ `{{ .Cluster.Name }}` }}',namespace='{{ `{{ .Cluster.Namespace }}` }}'
173173
- --kubeconfig=/cluster/kubeconfig
174174
- --clusterapi-cloud-config-authoritative
175175
- --enforce-node-group-min-size=true
@@ -201,7 +201,7 @@ data:
201201
readOnly: true
202202
dnsPolicy: ClusterFirst
203203
priorityClassName: system-cluster-critical
204-
serviceAccountName: cluster-autoscaler-tmpl-clustername-tmpl
204+
serviceAccountName: 'cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}'
205205
tolerations:
206206
- effect: NoSchedule
207207
key: node-role.kubernetes.io/control-plane
@@ -211,7 +211,7 @@ data:
211211
items:
212212
- key: value
213213
path: kubeconfig
214-
secretName: tmpl-clustername-tmpl-kubeconfig
214+
secretName: '{{ `{{ .Cluster.Name }}` }}-kubeconfig'
215215
kind: ConfigMap
216216
metadata:
217217
creationTimestamp: null

charts/cluster-api-runtime-extensions-nutanix/templates/cluster-autoscaler/manifests/helm-addon-installation.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ metadata:
99
data:
1010
values.yaml: |-
1111
---
12-
fullnameOverride: "cluster-autoscaler-{{ `{{ .Cluster.Name }}` }}"
12+
fullnameOverride: "cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}"
1313
1414
cloudProvider: clusterapi
1515

charts/cluster-api-runtime-extensions-nutanix/templates/deployment.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ spec:
4444
{{- range $k, $v := .Values.hooks.ccm.aws.k8sMinorVersionToCCMVersion }}
4545
- --ccm.aws.aws-ccm-versions={{ $k }}={{ $v }}
4646
{{- end }}
47+
- --admission-webhook-cert-dir=/admission-certs/
4748
{{- range $key, $value := .Values.extraArgs }}
4849
- --{{ $key }}={{ $value }}
4950
{{- end }}
@@ -57,6 +58,9 @@ spec:
5758
- containerPort: 9443
5859
name: runtimehooks
5960
protocol: TCP
61+
- containerPort: 9444
62+
name: admission
63+
protocol: TCP
6064
- containerPort: 8080
6165
name: metrics
6266
protocol: TCP
@@ -76,6 +80,9 @@ spec:
7680
- mountPath: /runtimehooks-certs
7781
name: runtimehooks-cert
7882
readOnly: true
83+
- mountPath: /admission-certs
84+
name: admission-cert
85+
readOnly: true
7986
livenessProbe:
8087
httpGet:
8188
port: probes
@@ -96,3 +103,7 @@ spec:
96103
secret:
97104
defaultMode: 420
98105
secretName: {{ template "chart.name" . }}-runtimehooks-tls
106+
- name: admission-cert
107+
secret:
108+
defaultMode: 420
109+
secretName: {{ template "chart.name" . }}-admission-tls

0 commit comments

Comments
 (0)