From acc4f83dce081b986e9100ef231ecbaf6f89bb8c Mon Sep 17 00:00:00 2001 From: s3rj1k Date: Thu, 16 Jan 2025 20:46:31 +0000 Subject: [PATCH] Make vSphere CCM NoOp --- api/v1alpha1/common.go | 2 - cmd/main.go | 2 - config/dev/vsphere-credentials.yaml | 62 ++++++++++ go.mod | 3 +- go.sum | 2 - internal/credspropagation/common.go | 2 +- internal/credspropagation/vsphere.go | 165 --------------------------- internal/providers/vsphere.go | 16 ++- 8 files changed, 71 insertions(+), 183 deletions(-) delete mode 100644 internal/credspropagation/vsphere.go diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go index 75e8b720a..50c4c9c33 100644 --- a/api/v1alpha1/common.go +++ b/api/v1alpha1/common.go @@ -44,8 +44,6 @@ type ( const ( // Provider AWS ProviderAWSName = "cluster-api-provider-aws" - // Provider vSphere - ProviderVSphereName = "cluster-api-provider-vsphere" // Provider OpenStack ProviderOpenStackName = "cluster-api-provider-openstack" // Provider K0smotron diff --git a/cmd/main.go b/cmd/main.go index 07c967d1b..a19485d86 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -31,7 +31,6 @@ import ( clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth" capo "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta1" - capv "sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" @@ -67,7 +66,6 @@ func init() { utilruntime.Must(sourcev1.AddToScheme(scheme)) utilruntime.Must(hcv2.AddToScheme(scheme)) utilruntime.Must(sveltosv1beta1.AddToScheme(scheme)) - utilruntime.Must(capv.AddToScheme(scheme)) utilruntime.Must(capo.AddToScheme(scheme)) // +kubebuilder:scaffold:scheme } diff --git a/config/dev/vsphere-credentials.yaml b/config/dev/vsphere-credentials.yaml index d7c161f09..6db95644b 100644 --- a/config/dev/vsphere-credentials.yaml +++ b/config/dev/vsphere-credentials.yaml @@ -37,3 +37,65 @@ spec: kind: VSphereClusterIdentity name: vsphere-cluster-identity namespace: ${NAMESPACE} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vsphere-cluster-identity-resource-template + namespace: ${NAMESPACE} + annotations: + projectsveltos.io/template: "true" +data: + configmap.yaml: | + {{- $$cluster := .InfrastructureProvider -}} + {{- $$identity := (getResource "InfrastructureProviderIdentity") -}} + {{- $$secret := (getResource "InfrastructureProviderIdentitySecret") -}} + --- + apiVersion: v1 + kind: Secret + metadata: + name: vsphere-cloud-secret + namespace: kube-system + type: Opaque + data: + {{ printf "%s.username" $$cluster.spec.server }}: {{ index $$secret.data "username" }} + {{ printf "%s.password" $$cluster.spec.server }}: {{ index $$secret.data "password" }} + --- + apiVersion: v1 + kind: Secret + metadata: + name: vcenter-config-secret + namespace: kube-system + type: Opaque + stringData: + csi-vsphere.conf: | + [Global] + cluster-id = "{{ $$cluster.metadata.name }}" + + [VirtualCenter "{{ $$cluster.spec.server }}"] + insecure-flag = "true" + user = "{{ index $$secret.data "username" | b64dec }}" + password = "{{ index $$secret.data "password" | b64dec }}" + port = "443" + datacenters = ${VSPHERE_DATACENTER} + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: cloud-config + namespace: kube-system + data: + vsphere.conf: | + global: + insecureFlag: true + port: 443 + secretName: vsphere-cloud-secret + secretNamespace: kube-system + labels: + region: k8s-region + zone: k8s-zone + vcenter: + {{ $$cluster.spec.server }}: + datacenters: + - ${VSPHERE_DATACENTER} + server: {{ $$cluster.spec.server }} diff --git a/go.mod b/go.mod index 638833cd8..a31d8dc9d 100644 --- a/go.mod +++ b/go.mod @@ -31,9 +31,7 @@ require ( sigs.k8s.io/cluster-api v1.9.3 sigs.k8s.io/cluster-api-operator v0.15.1 sigs.k8s.io/cluster-api-provider-openstack v0.11.3 - sigs.k8s.io/cluster-api-provider-vsphere v1.12.0 sigs.k8s.io/controller-runtime v0.19.4 - sigs.k8s.io/yaml v1.4.0 ) require ( @@ -201,4 +199,5 @@ require ( sigs.k8s.io/kustomize/api v0.18.0 // indirect sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index fd5bd952a..929593fa9 100644 --- a/go.sum +++ b/go.sum @@ -689,8 +689,6 @@ sigs.k8s.io/cluster-api-operator v0.15.1 h1:oGEqNE7c1Ieqwso/DwjRVD2b/7wFXIjEKAod sigs.k8s.io/cluster-api-operator v0.15.1/go.mod h1:0yvW+1BLHcE5/gQfWSin1L4Gj+8wa9y7+vVTXOhUnSg= sigs.k8s.io/cluster-api-provider-openstack v0.11.3 h1:ZJ3G+m11bgaD227EuFjuFsFC95MRzJm9JbDIte0xwII= sigs.k8s.io/cluster-api-provider-openstack v0.11.3/go.mod h1:0rH6yksLcuwWK/SoSoCOJi4A0kOSL3qrA+qvDVZ9NjU= -sigs.k8s.io/cluster-api-provider-vsphere v1.12.0 h1:9ze+1JSdLAGiLklsnORvj/vs2XpR9jyVmkT0Dwo1nuc= -sigs.k8s.io/cluster-api-provider-vsphere v1.12.0/go.mod h1:2y9fsZQ3qjT1kL6IXiOUVcyV0n8DLBQGvyPnId9xRzk= sigs.k8s.io/controller-runtime v0.19.4 h1:SUmheabttt0nx8uJtoII4oIP27BVVvAKFvdvGFwV/Qo= sigs.k8s.io/controller-runtime v0.19.4/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= diff --git a/internal/credspropagation/common.go b/internal/credspropagation/common.go index c61273c15..3c0a23a62 100644 --- a/internal/credspropagation/common.go +++ b/internal/credspropagation/common.go @@ -66,7 +66,7 @@ func makeSecret(name string, data map[string][]byte) *corev1.Secret { return s } -func makeConfigMap(name string, data map[string]string) *corev1.ConfigMap { +func makeConfigMap(name string, data map[string]string) *corev1.ConfigMap { //nolint:unused c := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: name, diff --git a/internal/credspropagation/vsphere.go b/internal/credspropagation/vsphere.go deleted file mode 100644 index 42864999f..000000000 --- a/internal/credspropagation/vsphere.go +++ /dev/null @@ -1,165 +0,0 @@ -// Copyright 2024 -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package credspropagation - -import ( - "bytes" - "context" - "fmt" - texttemplate "text/template" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - capv "sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/yaml" - - kcm "github.com/K0rdent/kcm/api/v1alpha1" -) - -func PropagateVSphereProviderObjects(ctx context.Context, cfg *PropagationCfg) error { - vsphereCluster := &capv.VSphereCluster{} - if err := cfg.Client.Get(ctx, client.ObjectKey{ - Name: cfg.ClusterDeployment.Name, - Namespace: cfg.ClusterDeployment.Namespace, - }, vsphereCluster); err != nil { - return fmt.Errorf("failed to get VSphereCluster %s: %w", cfg.ClusterDeployment.Name, err) - } - - vsphereClIdty := &capv.VSphereClusterIdentity{} - if err := cfg.Client.Get(ctx, client.ObjectKey{ - Name: vsphereCluster.Spec.IdentityRef.Name, - }, vsphereClIdty); err != nil { - return fmt.Errorf("failed to get VSphereClusterIdentity %s: %w", vsphereCluster.Spec.IdentityRef.Name, err) - } - - vsphereSecret := &corev1.Secret{} - if err := cfg.Client.Get(ctx, client.ObjectKey{ - Name: vsphereClIdty.Spec.SecretName, - Namespace: cfg.SystemNamespace, - }, vsphereSecret); err != nil { - return fmt.Errorf("failed to get VSphere Secret %s: %w", vsphereClIdty.Spec.SecretName, err) - } - - vsphereMachines := &capv.VSphereMachineList{} - if err := cfg.Client.List( - ctx, - vsphereMachines, - &client.ListOptions{ - Namespace: cfg.ClusterDeployment.Namespace, - LabelSelector: labels.SelectorFromSet(map[string]string{ - kcm.ClusterNameLabelKey: cfg.ClusterDeployment.Name, - }), - Limit: 1, - }, - ); err != nil { - return fmt.Errorf("failed to list VSphereMachines for cluster %s: %w", cfg.ClusterDeployment.Name, err) - } - ccmSecret, ccmConfig, err := generateVSphereCCMConfigs(vsphereCluster, vsphereSecret, &vsphereMachines.Items[0]) - if err != nil { - return fmt.Errorf("failed to generate VSphere CCM config: %w", err) - } - csiSecret, err := generateVSphereCSISecret(vsphereCluster, vsphereSecret, &vsphereMachines.Items[0]) - if err != nil { - return fmt.Errorf("failed to generate VSphere CSI secret: %w", err) - } - - if err := applyCCMConfigs(ctx, cfg.KubeconfSecret, ccmSecret, ccmConfig, csiSecret); err != nil { - return fmt.Errorf("failed to apply VSphere CCM/CSI secrets: %w", err) - } - - return nil -} - -func generateVSphereCCMConfigs(vCl *capv.VSphereCluster, vScrt *corev1.Secret, vMa *capv.VSphereMachine) (*corev1.Secret, *corev1.ConfigMap, error) { - const secretName = "vsphere-cloud-secret" - secretData := map[string][]byte{ - vCl.Spec.Server + ".username": vScrt.Data["username"], - vCl.Spec.Server + ".password": vScrt.Data["password"], - } - ccmCfg := map[string]any{ - "global": map[string]any{ - "port": 443, - "insecureFlag": true, - "secretName": secretName, - "secretNamespace": metav1.NamespaceSystem, - }, - "vcenter": map[string]any{ - vCl.Spec.Server: map[string]any{ - "server": vCl.Spec.Server, - "datacenters": []string{ - vMa.Spec.Datacenter, - }, - }, - }, - "labels": map[string]any{ - "region": "k8s-region", - "zone": "k8s-zone", - }, - } - - ccmCfgYaml, err := yaml.Marshal(ccmCfg) - if err != nil { - return nil, nil, fmt.Errorf("failed to marshal CCM config: %w", err) - } - - cmData := map[string]string{ - "vsphere.conf": string(ccmCfgYaml), - } - return makeSecret(secretName, secretData), - makeConfigMap("cloud-config", cmData), - nil -} - -func generateVSphereCSISecret(vCl *capv.VSphereCluster, vScrt *corev1.Secret, vMa *capv.VSphereMachine) (*corev1.Secret, error) { - csiCfg := ` -[Global] -cluster-id = "{{ .ClusterID }}" - -[VirtualCenter "{{ .Vcenter }}"] -insecure-flag = "true" -user = "{{ .Username }}" -password = "{{ .Password }}" -port = "443" -datacenters = "{{ .Datacenter }}" -` - type CSIFields struct { - ClusterID, Vcenter, Username, Password, Datacenter string - } - - fields := CSIFields{ - ClusterID: vCl.Name, - Vcenter: vCl.Spec.Server, - Username: string(vScrt.Data["username"]), - Password: string(vScrt.Data["password"]), - Datacenter: vMa.Spec.Datacenter, - } - - tmpl, err := texttemplate.New("csiCfg").Parse(csiCfg) - if err != nil { - return nil, fmt.Errorf("failed to generate CSI secret (tmpl parse): %w", err) - } - var buf bytes.Buffer - if err := tmpl.Execute(&buf, fields); err != nil { - return nil, fmt.Errorf("failed to generate CSI secret (tmpl execute): %w", err) - } - - secretData := map[string][]byte{ - "csi-vsphere.conf": buf.Bytes(), - } - - return makeSecret("vcenter-config-secret", secretData), nil -} diff --git a/internal/providers/vsphere.go b/internal/providers/vsphere.go index aa8544589..3a233dda9 100644 --- a/internal/providers/vsphere.go +++ b/internal/providers/vsphere.go @@ -47,18 +47,16 @@ func (*ProvidervSphere) GetClusterIdentityKinds() []string { return []string{"VSphereClusterIdentity"} } -func (p *ProvidervSphere) CredentialPropagationFunc() func( - ctx context.Context, - cfg *credspropagation.PropagationCfg, - l logr.Logger, +func (*ProvidervSphere) CredentialPropagationFunc() func( + _ context.Context, + _ *credspropagation.PropagationCfg, + _ logr.Logger, ) (enabled bool, err error) { return func( - ctx context.Context, - cfg *credspropagation.PropagationCfg, - l logr.Logger, + _ context.Context, + _ *credspropagation.PropagationCfg, + _ logr.Logger, ) (enabled bool, err error) { - l.Info(p.GetTitleName() + " creds propagation start") - enabled, err = true, credspropagation.PropagateVSphereProviderObjects(ctx, cfg) return enabled, err } }