feat(*): raw kubeadm configuration in user data (#79)

andrewrynhard · web-flow · commit fc986145da39 · 2018-05-11T21:21:36.000-07:00
diff --git a/initramfs/cmd/init/pkg/service/kubeadm.go b/initramfs/cmd/init/pkg/service/kubeadm.go
@@ -1,106 +1,51 @@
 package service
 
 import (
-	"bytes"
 	"encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path"
-	"text/template"
 
 	"github.com/autonomy/dianemo/initramfs/cmd/init/pkg/constants"
 	"github.com/autonomy/dianemo/initramfs/cmd/init/pkg/service/conditions"
 	"github.com/autonomy/dianemo/initramfs/cmd/init/pkg/userdata"
 )
 
-// MasterConfiguration is the kubeadm manifest for master nodes.
-const MasterConfiguration = `
-kind: MasterConfiguration
-apiVersion: kubeadm.k8s.io/v1alpha1
-kubernetesVersion: v1.10.2
-token: {{ .Token }}
-tokenTTL: 0s
-criSocket: {{ .CRISocket }}
-networking:
-  dnsDomain: cluster.local
-  serviceSubnet: 10.96.0.0/12
-  podSubnet: 10.244.0.0/16
-kubeProxy:
-  config:
-    mode: ipvs
-featureGates:
-  HighAvailability: true
-  SelfHosting: false
-  StoreCertsInSecrets: false
-  DynamicKubeletConfig: true
-  CoreDNS: true
-`
-
-// NodeConfiguration is the kubeadm manifest for worker nodes.
-const NodeConfiguration = `
-kind: NodeConfiguration
-apiVersion: kubeadm.k8s.io/v1alpha1
-token: {{ .Token }}
-discoveryTokenAPIServers:
-  - {{ .APIServer }}
-discoveryTokenCACertHashes:
-{{ range $_, $hash := .DiscoveryTokenCACertHashes }}
-- {{ $hash }}
-{{ end }}
-criSocket: {{ .CRISocket }}
-nodeName: {{ .NodeName }}
-`
-
 // Kubeadm implements the Service interface. It serves as the concrete type with
 // the required methods.
 type Kubeadm struct{}
 
 // Pre implements the Service interface.
 func (p *Kubeadm) Pre(data userdata.UserData) (err error) {
-	var configuration string
-	if data.Kubernetes.Join {
-		configuration = NodeConfiguration
-	} else {
-		configuration = MasterConfiguration
-	}
-
-	var socket string
-	switch data.Kubernetes.ContainerRuntime {
-	case constants.ContainerRuntimeDocker:
-		socket = constants.ContainerRuntimeDockerSocket
-	case constants.ContainerRuntimeCRIO:
-		socket = constants.ContainerRuntimeCRIOSocket
+	if data.Kubernetes.Init {
+		if err = writeKubeadmPKIFiles(data.Kubernetes.CA); err != nil {
+			return
+		}
 	}
 
-	if err = writeKubeadmManifest(data.Kubernetes, configuration, socket); err != nil {
+	if err = writeKubeadmManifest(data.Kubernetes.Configuration); err != nil {
 		return
 	}
 
-	if !data.Kubernetes.Join {
-		if err = writeKubeadmPKIFiles(data.Kubernetes); err != nil {
-			return
-		}
-	}
-
 	return nil
 }
 
 // Cmd implements the Service interface.
 func (p *Kubeadm) Cmd(data userdata.UserData) (name string, args []string) {
 	var cmd string
-	if data.Kubernetes.Join {
-		cmd = "join"
-	} else {
+	if data.Kubernetes.Init {
 		cmd = "init"
+	} else {
+		cmd = "join"
 	}
 	name = "/bin/kubeadm"
 	args = []string{
 		cmd,
 		"--config=/etc/kubernetes/kubeadm.yaml",
 		"--ignore-preflight-errors=cri",
 	}
-	if !data.Kubernetes.Join {
+	if data.Kubernetes.Init {
 		args = append(args, "--skip-token-print")
 	}
 
@@ -125,35 +70,16 @@ func (p *Kubeadm) Env() []string { return []string{} }
 // Type implements the Service interface.
 func (p *Kubeadm) Type() Type { return Once }
 
-func writeKubeadmManifest(data *userdata.Kubernetes, configuration, socket string) (err error) {
-	aux := struct {
-		*userdata.Kubernetes
-		CRISocket string
-	}{
-		data,
-		socket,
-	}
-
-	tmpl, err := template.New("").Parse(configuration)
-	if err != nil {
-		return err
-	}
-	var buf []byte
-	writer := bytes.NewBuffer(buf)
-	err = tmpl.Execute(writer, aux)
-	if err != nil {
-		return err
-	}
-
-	if err = ioutil.WriteFile(constants.KubeadmConfig, writer.Bytes(), 0400); err != nil {
+func writeKubeadmManifest(data string) (err error) {
+	if err = ioutil.WriteFile(constants.KubeadmConfig, []byte(data), 0400); err != nil {
 		return fmt.Errorf("write %s: %s", constants.KubeadmConfig, err.Error())
 	}
 
 	return nil
 }
 
-func writeKubeadmPKIFiles(data *userdata.Kubernetes) (err error) {
-	caCrtBytes, err := base64.StdEncoding.DecodeString(data.CA.Crt)
+func writeKubeadmPKIFiles(data *userdata.CertificateAndKeyPaths) (err error) {
+	caCrtBytes, err := base64.StdEncoding.DecodeString(data.Crt)
 	if err != nil {
 		return err
 	}
@@ -164,7 +90,7 @@ func writeKubeadmPKIFiles(data *userdata.Kubernetes) (err error) {
 		return fmt.Errorf("write %s: %s", constants.KubeadmCACert, err.Error())
 	}
 
-	caKeyBytes, err := base64.StdEncoding.DecodeString(data.CA.Key)
+	caKeyBytes, err := base64.StdEncoding.DecodeString(data.Key)
 	if err != nil {
 		return err
 	}
diff --git a/initramfs/cmd/init/pkg/service/kubelet.go b/initramfs/cmd/init/pkg/service/kubelet.go
@@ -58,7 +58,7 @@ func (p *Kubelet) Cmd(data userdata.UserData) (name string, args []string) {
 	default:
 	}
 
-	if data.Kubernetes.Join {
+	if !data.Kubernetes.Init {
 		labels := "--node-labels="
 		for k, v := range data.Kubernetes.Labels {
 			labels += k + "=" + v + ","
diff --git a/initramfs/cmd/init/pkg/userdata/userdata.go b/initramfs/cmd/init/pkg/userdata/userdata.go
@@ -45,14 +45,11 @@ type CertificateAndKeyPaths struct {
 
 // Kubernetes represents the Kubernetes specific configuration options.
 type Kubernetes struct {
-	CA                         *CertificateAndKeyPaths `yaml:"ca,omitempty"`
-	Token                      string                  `yaml:"token"`
-	Join                       bool                    `yaml:"join,omitempty"`
-	APIServer                  string                  `yaml:"apiServer,omitempty"`
-	NodeName                   string                  `yaml:"nodeName,omitempty"`
-	Labels                     map[string]string       `yaml:"labels,omitempty"`
-	ContainerRuntime           string                  `yaml:"containerRuntime,omitempty"`
-	DiscoveryTokenCACertHashes []string                `yaml:"discoveryTokenCACertHashes,omitempty"`
+	CA               *CertificateAndKeyPaths `yaml:"ca,omitempty"`
+	Init             bool                    `yaml:"init,omitempty"`
+	ContainerRuntime string                  `yaml:"containerRuntime,omitempty"`
+	Labels           map[string]string       `yaml:"labels,omitempty"`
+	Configuration    string                  `yaml:"configuration,omitempty"`
 }
 
 // Download initializes a UserData struct from a remote URL.
diff --git a/initramfs/cmd/osctl/cmd/inject.go b/initramfs/cmd/osctl/cmd/inject.go
@@ -110,14 +110,6 @@ var injectKubernetesCmd = &cobra.Command{
 			}
 			data.Kubernetes.CA.Key = base64.StdEncoding.EncodeToString(fileBytes)
 		}
-		if hash != "" {
-			fileBytes, err = ioutil.ReadFile(hash + ".sha256")
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-			data.Kubernetes.DiscoveryTokenCACertHashes = []string{string(fileBytes)}
-		}
 
 		dataBytes, err := yaml.Marshal(data)
 		if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ func (p *Kubelet) Cmd(data userdata.UserData) (name string, args []string) {`
`58`	`58`	`default:`
`59`	`59`	`}`
`60`	`60`
`61`		`- if data.Kubernetes.Join {`
	`61`	`+ if !data.Kubernetes.Init {`
`62`	`62`	`labels := "--node-labels="`
`63`	`63`	`for k, v := range data.Kubernetes.Labels {`
`64`	`64`	`labels += k + "=" + v + ","`
Original file line number	Diff line number	Diff line change
`@@ -110,14 +110,6 @@ var injectKubernetesCmd = &cobra.Command{`
`110`	`110`	`}`
`111`	`111`	`data.Kubernetes.CA.Key = base64.StdEncoding.EncodeToString(fileBytes)`
`112`	`112`	`}`
`113`		`- if hash != "" {`
`114`		`- fileBytes, err = ioutil.ReadFile(hash + ".sha256")`
`115`		`- if err != nil {`
`116`		`- fmt.Println(err)`
`117`		`- os.Exit(1)`
`118`		`- }`
`119`		`- data.Kubernetes.DiscoveryTokenCACertHashes = []string{string(fileBytes)}`
`120`		`- }`
`121`	`113`
`122`	`114`	`dataBytes, err := yaml.Marshal(data)`
`123`	`115`	`if err != nil {`