Change Nutanix CAPX to v1.3.0

- bump up version - change manifests - change tests
aws · Feb 9, 2024 · 4ef6c24 · 4ef6c24
1 parent 42d21c6
commit 4ef6c24
Show file tree

Hide file tree

Showing 35 changed files with 2,826 additions and 26 deletions.
diff --git a/.github/workflows/go-coverage.yml b/.github/workflows/go-coverage.yml
@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.21'
           check-latest: true
           cache: true
       - name: Run go test with coverage

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: "1.20"
+          go-version: "1.21"
           check-latest: true
           cache: true
       - name: golangci-lint

diff --git a/Makefile b/Makefile
@@ -20,7 +20,7 @@ SHELL := /bin/bash
 ARTIFACTS_BUCKET?=my-s3-bucket
 GIT_VERSION?=$(shell git describe --tag)
 GIT_TAG?=$(shell git tag -l "v*.*.*" --sort -v:refname | head -1)
-GOLANG_VERSION?="1.20"
+GOLANG_VERSION?="1.21"
 GO_VERSION ?= $(shell source ./scripts/common.sh && build::common::get_go_path $(GOLANG_VERSION))
 GO ?= $(GO_VERSION)/go
 GO_TEST ?= $(GO) test
@@ -380,8 +380,8 @@ generate-attribution:
 update-attribution-files: generate-attribution
 	scripts/create_pr.sh
 
-.PHONY: update-golden-files
 update-golden-files:
+.PHONY: update-golden-files
 	make -C release update-bundle-golden-files
 	scripts/golden_create_pr.sh
 

diff --git a/go.mod b/go.mod
@@ -1,6 +1,8 @@
 module github.com/aws/eks-anywhere
 
-go 1.20
+go 1.21
+
+toolchain go1.21.6
 
 require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
@@ -29,7 +31,7 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/go-github/v35 v35.3.0
 	github.com/google/uuid v1.4.0
-	github.com/nutanix-cloud-native/cluster-api-provider-nutanix v1.2.4
+	github.com/nutanix-cloud-native/cluster-api-provider-nutanix v1.3.0
 	github.com/nutanix-cloud-native/prism-go-client v0.3.4
 	github.com/onsi/gomega v1.29.0
 	github.com/opencontainers/image-spec v1.1.0-rc5

diff --git a/go.sum b/go.sum
diff --git a/pkg/providers/nutanix/config/cp-template.yaml b/pkg/providers/nutanix/config/cp-template.yaml
@@ -4,6 +4,7 @@ metadata:
   name: "{{.clusterName}}"
   namespace: "{{.eksaSystemNamespace}}"
 spec:
+  failureDomains: []
   prismCentral:
 {{- if .nutanixAdditionalTrustBundle }}
     additionalTrustBundle:
@@ -74,6 +75,7 @@ spec:
           {{- toYaml . | nindent 10 }}
           {{- end }}
         extraArgs:
+          cloud-provider: external
           audit-policy-file: /etc/kubernetes/audit-policy.yaml
           audit-log-path: /var/log/kubernetes/api-audit.log
           audit-log-maxage: "30"
@@ -105,6 +107,7 @@ spec:
 {{- end}}
       controllerManager:
         extraArgs:
+          cloud-provider: external
           enable-hostpath-provisioner: "true"
       dns:
         imageRepository: {{.corednsRepository}}
@@ -265,6 +268,7 @@ spec:
     initConfiguration:
       nodeRegistration:
         kubeletExtraArgs:
+          cloud-provider: external
           # We have to pin the cgroupDriver to cgroupfs as kubeadm >=1.21 defaults to systemd
           # kind will implement systemd support in: https://github.com/kubernetes-sigs/kind/issues/1726
           #cgroup-driver: cgroupfs
@@ -397,4 +401,238 @@ metadata:
 stringData:
   username: "{{.registryUsername}}"
   password: "{{.registryPassword}}"
+---
+{{- end }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{.clusterName}}-nutanix-ccm
+  namespace: "{{.eksaSystemNamespace}}"
+data:
+  nutanix-ccm.yaml: |
+    ---
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: user-ca-bundle
+      namespace: kube-system
+    binaryData:
+      ca.crt:{{- if .nutanixAdditionalTrustBundle }}{{- .nutanixAdditionalTrustBundle }}{{- end }}
+    ---
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    kind: ConfigMap
+    apiVersion: v1
+    metadata:
+      name: nutanix-config
+      namespace: kube-system
+    data:
+      nutanix_config.json: |-
+        {
+          "prismCentral": {
+            "address": "{{.nutanixEndpoint}}",
+            "port": {{.nutanixPort}},
+            "insecure": {{.nutanixInsecure}},
+            "credentialRef": {
+              "kind": "secret",
+              "name": "nutanix-creds",
+              "namespace": "kube-system"
+            }{{- if .nutanixAdditionalTrustBundle }},
+            "additionalTrustBundle": {
+              "kind": "ConfigMap",
+              "name": "user-ca-bundle",
+              "namespace": "kube-system"
+            }{{- end }}
+          },
+          "enableCustomLabeling": false,
+          "topologyDiscovery": {
+            "type": "Prism"
+          }
+        }
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      annotations:
+        rbac.authorization.kubernetes.io/autoupdate: "true"
+      name: system:cloud-controller-manager
+    rules:
+      - apiGroups:
+          - ""
+        resources:
+          - secrets
+        verbs:
+          - get
+          - list
+          - watch
+      - apiGroups:
+          - ""
+        resources:
+          - configmaps
+        verbs:
+          - get
+          - list
+          - watch
+      - apiGroups:
+          - ""
+        resources:
+          - events
+        verbs:
+          - create
+          - patch
+          - update
+      - apiGroups:
+          - ""
+        resources:
+          - nodes
+        verbs:
+          - "*"
+      - apiGroups:
+          - ""
+        resources:
+          - nodes/status
+        verbs:
+          - patch
+      - apiGroups:
+          - ""
+        resources:
+          - serviceaccounts
+        verbs:
+          - create
+      - apiGroups:
+          - ""
+        resources:
+          - endpoints
+        verbs:
+          - create
+          - get
+          - list
+          - watch
+          - update
+      - apiGroups:
+          - coordination.k8s.io
+        resources:
+          - leases
+        verbs:
+          - get
+          - list
+          - watch
+          - create
+          - update
+          - patch
+          - delete
+    ---
+    kind: ClusterRoleBinding
+    apiVersion: rbac.authorization.k8s.io/v1
+    metadata:
+      name: system:cloud-controller-manager
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: system:cloud-controller-manager
+    subjects:
+      - kind: ServiceAccount
+        name: cloud-controller-manager
+        namespace: kube-system
+    ---
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      labels:
+        k8s-app: nutanix-cloud-controller-manager
+      name: nutanix-cloud-controller-manager
+      namespace: kube-system
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          k8s-app: nutanix-cloud-controller-manager
+      strategy:
+        type: Recreate
+      template:
+        metadata:
+          labels:
+            k8s-app: nutanix-cloud-controller-manager
+        spec:
+          hostNetwork: true
+          priorityClassName: system-cluster-critical
+          nodeSelector:
+            node-role.kubernetes.io/control-plane: ""
+          serviceAccountName: cloud-controller-manager
+          affinity:
+            podAntiAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+              - labelSelector:
+                  matchLabels:
+                    k8s-app: nutanix-cloud-controller-manager
+                topologyKey: kubernetes.io/hostname
+          dnsPolicy: Default
+          tolerations:
+            - effect: NoSchedule
+              key: node-role.kubernetes.io/master
+              operator: Exists
+            - effect: NoSchedule
+              key: node-role.kubernetes.io/control-plane
+              operator: Exists
+            - effect: NoExecute
+              key: node.kubernetes.io/unreachable
+              operator: Exists
+              tolerationSeconds: 120
+            - effect: NoExecute
+              key: node.kubernetes.io/not-ready
+              operator: Exists
+              tolerationSeconds: 120
+            - effect: NoSchedule
+              key: node.cloudprovider.kubernetes.io/uninitialized
+              operator: Exists
+            - effect: NoSchedule
+              key: node.kubernetes.io/not-ready
+              operator: Exists
+          containers:
+            - image: "{{.cloudProviderImage}}"
+              imagePullPolicy: IfNotPresent
+              name: nutanix-cloud-controller-manager
+              env:
+                - name: POD_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
+              args:
+                - "--leader-elect=true"
+                - "--cloud-config=/etc/cloud/nutanix_config.json"
+              resources:
+                requests:
+                  cpu: 100m
+                  memory: 50Mi
+              volumeMounts:
+                - mountPath: /etc/cloud
+                  name: nutanix-config-volume
+                  readOnly: true
+          volumes:
+            - name: nutanix-config-volume
+              configMap:
+                name: nutanix-config
+---
+apiVersion: addons.cluster.x-k8s.io/v1beta1
+kind: ClusterResourceSet
+metadata:
+  name: {{.clusterName}}-nutanix-ccm-crs
+  namespace: "{{.eksaSystemNamespace}}"
+spec:
+  clusterSelector:
+    matchLabels:
+      cluster.x-k8s.io/cluster-name: "{{.clusterName}}"
+  resources:
+  - kind: ConfigMap
+    name: {{.clusterName}}-nutanix-ccm
+  - kind: Secret
+    name: {{.clusterName}}-nutanix-ccm-secret
+{{- if .nutanixAdditionalTrustBundle }}
+  - kind: ConfigMap
+    name: user-ca-bundle
 {{- end }}
+  strategy: Reconcile
diff --git a/pkg/providers/nutanix/config/md-template.yaml b/pkg/providers/nutanix/config/md-template.yaml
@@ -113,6 +113,7 @@ spec:
       joinConfiguration:
         nodeRegistration:
           kubeletExtraArgs:
+            cloud-provider: external
             # We have to pin the cgroupDriver to cgroupfs as kubeadm >=1.21 defaults to systemd
             # kind will implement systemd support in: https://github.com/kubernetes-sigs/kind/issues/1726
             #cgroup-driver: cgroupfs

diff --git a/pkg/providers/nutanix/config/secret-template.yaml b/pkg/providers/nutanix/config/secret-template.yaml
@@ -5,3 +5,16 @@ metadata:
   namespace: "{{.eksaSystemNamespace}}"
 data:
   credentials: "{{.base64EncodedCredentials}}"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{.clusterName}}-nutanix-ccm-secret"
+  namespace: "{{.eksaSystemNamespace}}"
+stringData:
+  nutanix-ccm-secret.yaml: "apiVersion: v1\nkind: Secret\nmetadata:\n  name: nutanix-creds\n
+    \ namespace: kube-system\nstringData:\n  credentials: |\n    [\n      {\n        \"type\":
+    \"basic_auth\", \n        \"data\": { \n          \"prismCentral\":{\n            \"username\":
+    \"{{ .nutanixPCUsername }}\",\n            \"password\": \"{{ .nutanixPCPassword }}\"\n          },\n
+    \         \"prismElements\": null\n        }\n      }\n    ]\n"
+type: addons.cluster.x-k8s.io/resource-set