Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timmy/installer #4930

Draft
wants to merge 63 commits into
base: master
Choose a base branch
from
Draft

Timmy/installer #4930

wants to merge 63 commits into from

Conversation

timmy-wright
Copy link
Contributor

@timmy-wright timmy-wright commented Sep 12, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR adds the following functions to node-bootstrapper:

  • It produces a kubeconfig or bootstrap-kubeconfig (depending on scenario) for Arc or Azure machines that use the VM (or M)'s MSI as a token to join the cluster.
  • It modifies the windows scripts so they will run on a vanilla windows VM (needed for singularity)

To produce variants of kubeconfig, it introduces new config params:

  • NodeBootstrappingConfiguration.BootstrappingMethod which can have a string enum value with values below.
  • NodeBootstrappingConfiguration.BootstrappingManagedIdentityID to provide a managed identity ID to use to auth to the cluster
const (
	UseArcMsiToMakeCSR        BootstrappingMethod = "UseArcMsiToMakeCSR"
	UseAzureMsiToMakeCSR      BootstrappingMethod = "UseAzureMsiToMakeCSR"
	UseArcMsiDirectly         BootstrappingMethod = "UseArcMsiDirectly"
	UseAzureMsiDirectly       BootstrappingMethod = "UseAzureMsiDirectly"
	UseSecureTLSBootstrapping BootstrappingMethod = "UseSecureTLSBootstrapping"
	//nolint:gosec // this is a const string to use in switch statements, not hardcoded credentials
	UseTLSBootstrapToken BootstrappingMethod = "UseTLSBootstrapToken"
)

The other config params relevant to bootstrapping are:

  • NodeBootstrappingConfiguration.KubeletClientTLSBootstrapToken
  • NodeBootstrappingConfiguration.EnableSecureTLSBootstrapping

so the new one (being an enum) gives us extensibility in future and is in the same config place as the existing one.

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

Release note:

none

@timmy-wright timmy-wright force-pushed the r2k1/installer branch 3 times, most recently from d4f2f5d to f3a5802 Compare September 13, 2024 03:11
@timmy-wright timmy-wright force-pushed the timmy/installer branch 3 times, most recently from 86f7f2a to dccc23c Compare September 16, 2024 22:32
@timmy-wright timmy-wright force-pushed the timmy/installer branch 2 times, most recently from a3f1dcf to 67f08f7 Compare October 2, 2024 01:52
@timmy-wright timmy-wright force-pushed the r2k1/installer branch 2 times, most recently from 6752a69 to deef18d Compare October 3, 2024 04:08
@timmy-wright timmy-wright force-pushed the timmy/installer branch 2 times, most recently from bd43692 to ada346e Compare October 8, 2024 20:31
Base automatically changed from r2k1/installer to master October 11, 2024 01:54
r2k1
r2k1 reviewed Oct 17, 2024
View reviewed changes
node-bootstrapper/main.go Show resolved Hide resolved
node-bootstrapper/main.go Show resolved Hide resolved
node-bootstrapper/main.go
systemDrive = "C:"
}
script := string(cse)
script = strings.ReplaceAll(script, "%SYSTEMDRIVE%", systemDrive)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can check https://pkg.go.dev/os#ExpandEnv for an inspiration (seems like it's not windows friendly).

Do you want to envsubst a single variable or all of them?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the one needed to be substituted. Will have a look.

node-bootstrapper/main.go
if config.AgentPoolProfile.IsWindows() {
customData, err2 := OldCustomData(ctx, config)
if err2 != nil {
log.Fatal("error:", err2)
Copy link
Contributor

@r2k1 r2k1 Oct 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid using log.Fatal unless absolutely necessary. It exists application immediately, without calling any defer calls or error handling.
We're using different logger.

Also, err2?

pkg/agent/datamodel/types.go
UseAzureMsiDirectly BootstrappingMethod = "UseAzureMsiDirectly"
UseSecureTLSBootstrapping BootstrappingMethod = "UseSecureTLSBootstrapping"
//nolint:gosec // this is a const string to use in switch statements, not hardcoded credentials
UseTLSBootstrapToken BootstrappingMethod = "UseTLSBootstrapToken"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would do something like

const (
	BootstrappingMethodArcMSI                 BootstrappingMethod = "ArcMSI"
	BootstrappingMethodArcMSIToMakeCSR        BootstrappingMethod = "ArcMSIToMakeCSR"
	BootstrappingMethodAzureMSI               BootstrappingMethod = "AzureMSI"
	BootstrappingMethodAzureMSIToMakeCSR      BootstrappingMethod = "AzureMSIToMakeCSR"
	BootstrappingMethodSecureTLSBootstrapping BootstrappingMethod = "SecureTLSBootstrapping"
	//nolint:gosec // this is a const string to use in switch statements, not hardcoded credentials
	BootstrappingMethodTLSBootstrapToken BootstrappingMethod = "TLSBootstrapToken"
)

Copy link
Contributor

@r2k1 r2k1 Oct 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's probably not BootstrappingMethod, but something like ClusterAuthMethod or KuberentesAuthMethod?

node-bootstrapper/use_kubeconfig.go Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r2k1 r2k1 r2k1 left review comments

@Devinwong Devinwong Awaiting requested review from Devinwong Devinwong will be requested when the pull request is marked ready for review Devinwong is a code owner

@lilypan26 lilypan26 Awaiting requested review from lilypan26 lilypan26 will be requested when the pull request is marked ready for review lilypan26 is a code owner

@juan-lee juan-lee Awaiting requested review from juan-lee juan-lee will be requested when the pull request is marked ready for review juan-lee is a code owner

@cameronmeissner cameronmeissner Awaiting requested review from cameronmeissner cameronmeissner will be requested when the pull request is marked ready for review cameronmeissner is a code owner

@UtheMan UtheMan Awaiting requested review from UtheMan UtheMan will be requested when the pull request is marked ready for review UtheMan is a code owner

@ganeshkumarashok ganeshkumarashok Awaiting requested review from ganeshkumarashok ganeshkumarashok will be requested when the pull request is marked ready for review ganeshkumarashok is a code owner

@anujmaheshwari1 anujmaheshwari1 Awaiting requested review from anujmaheshwari1 anujmaheshwari1 will be requested when the pull request is marked ready for review anujmaheshwari1 is a code owner

@AlisonB319 AlisonB319 Awaiting requested review from AlisonB319 AlisonB319 will be requested when the pull request is marked ready for review AlisonB319 is a code owner

@AbelHu AbelHu Awaiting requested review from AbelHu AbelHu will be requested when the pull request is marked ready for review AbelHu is a code owner

@junjiezhang1997 junjiezhang1997 Awaiting requested review from junjiezhang1997 junjiezhang1997 will be requested when the pull request is marked ready for review junjiezhang1997 is a code owner

@jason1028kr jason1028kr Awaiting requested review from jason1028kr jason1028kr will be requested when the pull request is marked ready for review jason1028kr is a code owner

@djsly djsly Awaiting requested review from djsly djsly will be requested when the pull request is marked ready for review djsly is a code owner

@phealy phealy Awaiting requested review from phealy phealy will be requested when the pull request is marked ready for review phealy is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timmy-wright @r2k1