Merge pull request kubernetes-sigs#3 from jiayiwang7/admin-container

Support configuring bottlerocket admin container image

bootstrap/kubeadm/api/v1beta1/kubeadm_types.go

@@ -83,6 +83,11 @@ type ClusterConfiguration struct {
 	// +optional
 	BottlerocketBootstrap BottlerocketBootstrap `json:"bottlerocketBootstrap,omitempty"`
 
+	// BottlerocketAdmin holds the image source for admin container
+	// This is only for bottlerocket
+	// +optional
+	BottlerocketAdmin BottlerocketAdmin `json:"bottlerocketAdmin,omitempty"`
+
 	// BottlerocketControl holds the image source for control container
 	// This is only for bottlerocket
 	// +optional
@@ -189,6 +194,13 @@ type BottlerocketBootstrap struct {
 	ImageMeta `json:",inline"`
 }
 
+// BottlerocketAdmin holds the settings of admin container for bottlerocket nodes
+// This setting is ONLY for bottlerocket nodes.
+type BottlerocketAdmin struct {
+	// ImageMeta allows to customize the image used for the BottlerocketAdmin component
+	ImageMeta `json:",inline"`
+}
+
 // BottlerocketControl holds the settings of control container for bottlerocket nodes
 // This setting is ONLY for bottlerocket nodes.
 type BottlerocketControl struct {
@@ -467,6 +479,11 @@ type JoinConfiguration struct {
 	// +optional
 	BottlerocketBootstrap BottlerocketBootstrap `json:"bottlerocketBootstrap,omitempty"`
 
+	// BottlerocketAdmin holds the image source for admin container
+	// This is only for bottlerocket
+	// +optional
+	BottlerocketAdmin BottlerocketAdmin `json:"bottlerocketAdmin,omitempty"`
+
 	// BottlerocketControl holds the image source for control container
 	// This is only for bottlerocket
 	// +optional

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml

@@ -2364,6 +2364,21 @@ spec:
                       schemas to the latest internal value, and may reject unrecognized
                       values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
                     type: string
+                  bottlerocketAdmin:
+                    description: BottlerocketAdmin holds the image source for admin
+                      container This is only for bottlerocket
+                    properties:
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. if not set, the ImageRepository defined
+                          in ClusterConfiguration will be used instead.
+                        type: string
+                      imageTag:
+                        description: ImageTag allows to specify a tag for the image.
+                          In case this value is set, kubeadm does not change automatically
+                          the version of the above components during upgrades.
+                        type: string
+                    type: object
                   bottlerocketBootstrap:
                     description: BottlerocketBootstrap holds the image source for
                       kubeadm bootstrap container This is only for bottlerocket
@@ -3124,6 +3139,21 @@ spec:
                       schemas to the latest internal value, and may reject unrecognized
                       values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
                     type: string
+                  bottlerocketAdmin:
+                    description: BottlerocketAdmin holds the image source for admin
+                      container This is only for bottlerocket
+                    properties:
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. if not set, the ImageRepository defined
+                          in ClusterConfiguration will be used instead.
+                        type: string
+                      imageTag:
+                        description: ImageTag allows to specify a tag for the image.
+                          In case this value is set, kubeadm does not change automatically
+                          the version of the above components during upgrades.
+                        type: string
+                    type: object
                   bottlerocketBootstrap:
                     description: BottlerocketBootstrap holds the image source for
                       kubeadm bootstrap container This is only for bottlerocket

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml

@@ -2375,6 +2375,22 @@ spec:
                               convert recognized schemas to the latest internal value,
                               and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
                             type: string
+                          bottlerocketAdmin:
+                            description: BottlerocketAdmin holds the image source
+                              for admin container This is only for bottlerocket
+                            properties:
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                            type: object
                           bottlerocketBootstrap:
                             description: BottlerocketBootstrap holds the image source
                               for kubeadm bootstrap container This is only for bottlerocket
@@ -3187,6 +3203,22 @@ spec:
                               convert recognized schemas to the latest internal value,
                               and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
                             type: string
+                          bottlerocketAdmin:
+                            description: BottlerocketAdmin holds the image source
+                              for admin container This is only for bottlerocket
+                            properties:
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                            type: object
                           bottlerocketBootstrap:
                             description: BottlerocketBootstrap holds the image source
                               for kubeadm bootstrap container This is only for bottlerocket

bootstrap/kubeadm/internal/bottlerocket/bootstrap_test.go

@@ -8,7 +8,44 @@ import (
 	bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1"
 )
 
-const userData = `
+const userDataFullSetting = `
+[settings.host-containers.admin]
+enabled = true
+superpowered = true
+source = "REPO:TAG"
+user-data = "B64USERDATA"
+[settings.host-containers.kubeadm-bootstrap]
+enabled = true
+superpowered = true
+source = "REPO:TAG"
+user-data = "B64USERDATA"
+
+[settings.kubernetes]
+cluster-domain = "cluster.local"
+standalone-mode = true
+authentication-mode = "tls"
+server-tls-bootstrap = false
+pod-infra-container-image = "PAUSE"
+provider-id = "PROVIDERID"
+
+[settings.bootstrap-containers.BOOTSTRAP]
+essential = false
+mode = "MODE"
+user-data = "B64USERDATA"
+[settings.network]
+https-proxy = "PROXY"
+no-proxy = []
+[settings.container-registry.mirrors]
+"public.ecr.aws" = ["https://REGISTRYENDPOINT"]
+[settings.pki.registry-mirror-ca]
+data = "REGISTRYCA"
+trusted=true
+[settings.kubernetes.node-labels]
+KEY=VAR
+[settings.kubernetes.node-taints]
+KEY=VAR`
+
+const userDataNoAdminImage = `
 [settings.host-containers.admin]
 enabled = true
 superpowered = true
@@ -66,6 +103,47 @@ func TestGenerateUserData(t *testing.T) {
 					{
 						Name:         "admin",
 						Superpowered: true,
+						ImageMeta: bootstrapv1.ImageMeta{
+							ImageRepository: "REPO",
+							ImageTag:        "TAG",
+						},
+						UserData: "B64USERDATA",
+					},
+					{
+						Name:         "kubeadm-bootstrap",
+						Superpowered: true,
+						ImageMeta: bootstrapv1.ImageMeta{
+							ImageRepository: "REPO",
+							ImageTag:        "TAG",
+						},
+						UserData: "B64USERDATA",
+					},
+				},
+				BootstrapContainers: []bootstrapv1.BottlerocketBootstrapContainer{
+					{
+						Name:     "BOOTSTRAP",
+						Mode:     "MODE",
+						UserData: "B64USERDATA",
+					},
+				},
+			},
+			output: userDataFullSetting,
+		},
+		{
+			name: "no admin image meta",
+			input: &BottlerocketSettingsInput{
+				PauseContainerSource:   "PAUSE",
+				HTTPSProxyEndpoint:     "PROXY",
+				RegistryMirrorEndpoint: "REGISTRYENDPOINT",
+				RegistryMirrorCACert:   "REGISTRYCA",
+				NodeLabels:             "KEY=VAR",
+				Taints:                 "KEY=VAR",
+				ProviderId:             "PROVIDERID",
+				HostContainers: []bootstrapv1.BottlerocketHostContainer{
+					{
+						Name:         "admin",
+						Superpowered: true,
+						ImageMeta:    bootstrapv1.ImageMeta{},
 						UserData:     "B64USERDATA",
 					},
 					{
@@ -86,7 +164,7 @@ func TestGenerateUserData(t *testing.T) {
 					},
 				},
 			},
-			output: userData,
+			output: userDataNoAdminImage,
 		},
 	}
 	for _, testcase := range testcases {

bootstrap/kubeadm/internal/bottlerocket/bottlerocket.go

@@ -25,6 +25,7 @@ const (
 type BottlerocketConfig struct {
 	Pause                                 bootstrapv1.Pause
 	BottlerocketBootstrap                 bootstrapv1.BottlerocketBootstrap
+	BottlerocketAdmin                     bootstrapv1.BottlerocketAdmin
 	BottlerocketControl                   bootstrapv1.BottlerocketControl
 	ProxyConfiguration                    bootstrapv1.ProxyConfiguration
 	RegistryMirrorConfiguration           bootstrapv1.RegistryMirrorConfiguration
@@ -160,6 +161,7 @@ func getBottlerocketNodeUserData(bootstrapContainerUserData []byte, users []boot
 		{
 			Name:         "admin",
 			Superpowered: true,
+			ImageMeta:    config.BottlerocketAdmin.ImageMeta,
 			UserData:     b64AdminContainerUserData,
 		},
 		{

bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go

@@ -453,6 +453,7 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex
 		bottlerocketConfig = &bottlerocket.BottlerocketConfig{
 			Pause:                                 scope.Config.Spec.ClusterConfiguration.Pause,
 			BottlerocketBootstrap:                 scope.Config.Spec.ClusterConfiguration.BottlerocketBootstrap,
+			BottlerocketAdmin:                     scope.Config.Spec.ClusterConfiguration.BottlerocketAdmin,
 			BottlerocketControl:                   scope.Config.Spec.ClusterConfiguration.BottlerocketControl,
 			BottlerocketCustomHostContainers:      scope.Config.Spec.ClusterConfiguration.BottlerocketHostContainers,
 			BottlerocketCustomBootstrapContainers: scope.Config.Spec.ClusterConfiguration.BottlerocketCustomBootstrapContainers,
@@ -638,6 +639,7 @@ func (r *KubeadmConfigReconciler) joinWorker(ctx context.Context, scope *Scope)
 		bottlerocketConfig := &bottlerocket.BottlerocketConfig{
 			Pause:                                 scope.Config.Spec.JoinConfiguration.Pause,
 			BottlerocketBootstrap:                 scope.Config.Spec.JoinConfiguration.BottlerocketBootstrap,
+			BottlerocketAdmin:                     scope.Config.Spec.JoinConfiguration.BottlerocketAdmin,
 			BottlerocketControl:                   scope.Config.Spec.JoinConfiguration.BottlerocketControl,
 			BottlerocketCustomHostContainers:      scope.Config.Spec.JoinConfiguration.BottlerocketCustomHostContainers,
 			BottlerocketCustomBootstrapContainers: scope.Config.Spec.JoinConfiguration.BottlerocketCustomBootstrapContainers,
@@ -765,6 +767,7 @@ func (r *KubeadmConfigReconciler) joinControlplane(ctx context.Context, scope *S
 		bottlerocketConfig := &bottlerocket.BottlerocketConfig{
 			Pause:                                 scope.Config.Spec.JoinConfiguration.Pause,
 			BottlerocketBootstrap:                 scope.Config.Spec.JoinConfiguration.BottlerocketBootstrap,
+			BottlerocketAdmin:                     scope.Config.Spec.JoinConfiguration.BottlerocketAdmin,
 			BottlerocketControl:                   scope.Config.Spec.JoinConfiguration.BottlerocketControl,
 			BottlerocketCustomHostContainers:      scope.Config.Spec.JoinConfiguration.BottlerocketCustomHostContainers,
 			BottlerocketCustomBootstrapContainers: scope.Config.Spec.JoinConfiguration.BottlerocketCustomBootstrapContainers,