From de2ac33dcfd9bd7401c0f7799aa014327b3645e4 Mon Sep 17 00:00:00 2001 From: Gab Satchi Date: Wed, 18 Nov 2020 16:36:02 -0500 Subject: [PATCH] Revert vspherevm name limit. - Remove hostname command from prekubeadm commands - Add capv user to Administrators group --- api/v1alpha3/vspherevm_webhook.go | 48 ----------------- api/v1alpha3/vspherevm_webhook_test.go | 54 +++++--------------- config/webhook/manifests.yaml | 28 ---------- config/webhook/webhookcainjection_patch.yaml | 7 --- controllers/vspheremachine_controller.go | 1 - packaging/flavorgen/flavors/generators.go | 26 +++++++++- 6 files changed, 36 insertions(+), 128 deletions(-) diff --git a/api/v1alpha3/vspherevm_webhook.go b/api/v1alpha3/vspherevm_webhook.go index ad25176357..83b61dbb2c 100644 --- a/api/v1alpha3/vspherevm_webhook.go +++ b/api/v1alpha3/vspherevm_webhook.go @@ -22,7 +22,6 @@ import ( "reflect" "github.com/pkg/errors" - "golang.org/x/crypto/blake2b" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" @@ -36,19 +35,6 @@ func (r *VSphereVM) SetupWebhookWithManager(mgr ctrl.Manager) error { } // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1alpha3-vspherevm,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=vspherevms,versions=v1alpha3,name=validation.vspherevm.infrastructure.x-k8s.io,sideEffects=None -// +kubebuilder:webhook:verbs=create;update,path=/mutate-infrastructure-cluster-x-k8s-io-v1alpha3-vspherevm,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=vspherevms,versions=v1alpha3,name=default.vspherevm.infrastructure.x-k8s.io,sideEffects=None - -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *VSphereVM) Default() { - // Windows hostnames must be < 16 characters in length - if r.Spec.OS == Windows && len(r.Name) > 15 { - name, err := base36TruncatedHash(r.Name, 15) - - if err == nil { - r.Name = name - } - } -} // ValidateCreate implements webhook.Validator so a webhook will be registered for the type func (r *VSphereVM) ValidateCreate() error { @@ -67,9 +53,6 @@ func (r *VSphereVM) ValidateCreate() error { } } - if r.Spec.OS == Windows && len(r.Name) > 15 { - allErrs = append(allErrs, field.Invalid(field.NewPath("name"), r.Name, "name has to be less than 16 characters for Windows VM")) - } return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs) } @@ -115,34 +98,3 @@ func (r *VSphereVM) ValidateUpdate(old runtime.Object) error { //nolint func (r *VSphereVM) ValidateDelete() error { return nil } - -const base36set = "0123456789abcdefghijklmnopqrstuvwxyz" - -// From: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/master/pkg/hash/base36.go -// Base36TruncatedHash returns a consistent hash using blake2b -// and truncating the byte values to alphanumeric only -// of a fixed length specified by the consumer. -func base36TruncatedHash(str string, len int) (string, error) { - hasher, err := blake2b.New(len, nil) - if err != nil { - return "", errors.Wrap(err, "unable to create hash function") - } - - if _, err := hasher.Write([]byte(str)); err != nil { - return "", errors.Wrap(err, "unable to write hash") - } - return base36Truncate(hasher.Sum(nil)), nil -} - -// base36Truncate returns a string that is base36 compliant -// It is not an encoding since it returns a same-length string -// for any byte value -func base36Truncate(bytes []byte) string { - var chars string - for _, bite := range bytes { - idx := int(bite) % 36 - chars += string(base36set[idx]) - } - - return chars -} diff --git a/api/v1alpha3/vspherevm_webhook_test.go b/api/v1alpha3/vspherevm_webhook_test.go index dddeed8c42..5fee4dafca 100644 --- a/api/v1alpha3/vspherevm_webhook_test.go +++ b/api/v1alpha3/vspherevm_webhook_test.go @@ -21,7 +21,6 @@ import ( . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var ( @@ -39,27 +38,17 @@ func TestVSphereVM_ValidateCreate(t *testing.T) { }{ { name: "preferredAPIServerCIDR set on creation ", - vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "", "192.168.0.1/32", []string{}, nil, Linux), + vSphereVM: createVSphereVM("foo.com", "", "192.168.0.1/32", []string{}, nil), wantErr: true, }, { name: "IPs are not in CIDR format", - vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3"}, nil, Linux), + vSphereVM: createVSphereVM("foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3"}, nil), wantErr: true, }, - { - name: "name too long for Windows VM", - vSphereVM: createVSphereVM("1234567890abcdef", "foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3/32"}, nil, Windows), - wantErr: true, - }, - { - name: "name too long for Linux VM", - vSphereVM: createVSphereVM("1234567890abcdef", "foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3/32"}, nil, Linux), - wantErr: false, - }, { name: "successful VSphereVM creation", - vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3/32"}, nil, Linux), + vSphereVM: createVSphereVM("foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3/32"}, nil), wantErr: false, }, } @@ -88,26 +77,26 @@ func TestVSphereVM_ValidateUpdate(t *testing.T) { }{ { name: "ProviderID can be updated", - oldVSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "", "", []string{"192.168.0.1/32"}, nil, Linux), - vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", biosUUID, "", []string{"192.168.0.1/32"}, nil, Linux), + oldVSphereVM: createVSphereVM("foo.com", "", "", []string{"192.168.0.1/32"}, nil), + vSphereVM: createVSphereVM("foo.com", biosUUID, "", []string{"192.168.0.1/32"}, nil), wantErr: false, }, { name: "updating ips can be done", - oldVSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "", "", []string{"192.168.0.1/32"}, nil, Linux), - vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", biosUUID, "", []string{"192.168.0.1/32", "192.168.0.10/32"}, nil, Linux), + oldVSphereVM: createVSphereVM("foo.com", "", "", []string{"192.168.0.1/32"}, nil), + vSphereVM: createVSphereVM("foo.com", biosUUID, "", []string{"192.168.0.1/32", "192.168.0.10/32"}, nil), wantErr: false, }, { name: "updating bootstrapRef can be done", - oldVSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "", "", []string{"192.168.0.1/32"}, nil, Linux), - vSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", biosUUID, "", []string{"192.168.0.1/32", "192.168.0.10/32"}, &corev1.ObjectReference{}, Linux), + oldVSphereVM: createVSphereVM("foo.com", "", "", []string{"192.168.0.1/32"}, nil), + vSphereVM: createVSphereVM("foo.com", biosUUID, "", []string{"192.168.0.1/32", "192.168.0.10/32"}, &corev1.ObjectReference{}), wantErr: false, }, { name: "updating server cannot be done", - oldVSphereVM: createVSphereVM("vsphere-vm-1", "foo.com", "", "", []string{"192.168.0.1/32"}, nil, Linux), - vSphereVM: createVSphereVM("vsphere-vm-1", "bar.com", biosUUID, "", []string{"192.168.0.1/32", "192.168.0.10/32"}, nil, Linux), + oldVSphereVM: createVSphereVM("foo.com", "", "", []string{"192.168.0.1/32"}, nil), + vSphereVM: createVSphereVM("bar.com", biosUUID, "", []string{"192.168.0.1/32", "192.168.0.10/32"}, nil), wantErr: true, }, } @@ -123,26 +112,8 @@ func TestVSphereVM_ValidateUpdate(t *testing.T) { } } -//nolint -func TestVSphereVM_Default(t *testing.T) { - g := NewWithT(t) - - WindowsVM := createVSphereVM("1234567890abcdef", "foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3/32"}, nil, Windows) - LinuxVM := createVSphereVM("1234567890abcdef", "foo.com", "", "", []string{"192.168.0.1/32", "192.168.0.3/32"}, nil, Linux) - - WindowsVM.Default() - LinuxVM.Default() - - // WindowsVM gets name updated to be 15 characters. Linux remains unchanged - g.Expect(WindowsVM.Name).To(Equal("rpixa2sjd9zq5br")) - g.Expect(LinuxVM.Name).To(Equal("1234567890abcdef")) -} - -func createVSphereVM(name string, server string, biosUUID string, preferredAPIServerCIDR string, ips []string, bootstrapRef *corev1.ObjectReference, os OS) *VSphereVM { +func createVSphereVM(server string, biosUUID string, preferredAPIServerCIDR string, ips []string, bootstrapRef *corev1.ObjectReference) *VSphereVM { VSphereVM := &VSphereVM{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - }, Spec: VSphereVMSpec{ BiosUUID: biosUUID, BootstrapRef: bootstrapRef, @@ -152,7 +123,6 @@ func createVSphereVM(name string, server string, biosUUID string, preferredAPISe PreferredAPIServerCIDR: preferredAPIServerCIDR, Devices: []NetworkDeviceSpec{}, }, - OS: os, }, }, } diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 30f7e289c5..3b1961bd8e 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -1,32 +1,4 @@ ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: mutating-webhook-configuration -webhooks: -- clientConfig: - caBundle: Cg== - service: - name: webhook-service - namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-vspherevm - failurePolicy: Fail - matchPolicy: Equivalent - name: default.vspherevm.infrastructure.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1alpha3 - operations: - - CREATE - - UPDATE - resources: - - vspherevms - sideEffects: None - --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration diff --git a/config/webhook/webhookcainjection_patch.yaml b/config/webhook/webhookcainjection_patch.yaml index eafa724682..77f2ed03a0 100644 --- a/config/webhook/webhookcainjection_patch.yaml +++ b/config/webhook/webhookcainjection_patch.yaml @@ -4,12 +4,5 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) \ No newline at end of file diff --git a/controllers/vspheremachine_controller.go b/controllers/vspheremachine_controller.go index 8b97dfd20e..057cf3aa4f 100644 --- a/controllers/vspheremachine_controller.go +++ b/controllers/vspheremachine_controller.go @@ -391,7 +391,6 @@ func (r machineReconciler) reconcileNormal(ctx *context.MachineContext) (reconci func (r machineReconciler) reconcileNormalPre7(ctx *context.MachineContext, vsphereVM *infrav1.VSphereVM) (runtime.Object, error) { // Create or update the VSphereVM resource. - vm := &infrav1.VSphereVM{ ObjectMeta: metav1.ObjectMeta{ Namespace: ctx.VSphereMachine.Namespace, diff --git a/packaging/flavorgen/flavors/generators.go b/packaging/flavorgen/flavors/generators.go index 1481741831..751811dc55 100644 --- a/packaging/flavorgen/flavors/generators.go +++ b/packaging/flavorgen/flavors/generators.go @@ -363,8 +363,8 @@ func newWindowsKubeadmConfigTemplate() bootstrapv1.KubeadmConfigTemplate { JoinConfiguration: &kubeadmv1beta1.JoinConfiguration{ NodeRegistration: windowsNodeRegistrationOptions(), }, - Users: defaultUsers(), - PreKubeadmCommands: defaultPreKubeadmCommands(), + Users: defaultWindowsUsers(), + PreKubeadmCommands: defaultWindowsPreKubeadmCommands(), }, }, }, @@ -398,6 +398,19 @@ func defaultUsers() []bootstrapv1.User { } } +func defaultWindowsUsers() []bootstrapv1.User { + return []bootstrapv1.User{ + { + Name: "capv", + Groups: pointer.StringPtr("Administrators"), + Sudo: pointer.StringPtr("ALL=(ALL) NOPASSWD:ALL"), + SSHAuthorizedKeys: []string{ + vSphereSSHAuthorizedKeysVar, + }, + }, + } +} + func defaultControlPlaneComponent() kubeadmv1beta1.ControlPlaneComponent { return kubeadmv1beta1.ControlPlaneComponent{ ExtraArgs: defaultExtraArgs(), @@ -420,6 +433,15 @@ func defaultPreKubeadmCommands() []string { } } +func defaultWindowsPreKubeadmCommands() []string { + return []string{ + "echo \"::1 ipv6-localhost ipv6-loopback\" >/etc/hosts", + "echo \"127.0.0.1 localhost\" >>/etc/hosts", + "echo \"127.0.0.1 {{ ds.meta_data.hostname }}\" >>/etc/hosts", + "echo \"{{ ds.meta_data.hostname }}\" >/etc/hostname", + } +} + func kubeVIPPod() string { hostPathType := v1.HostPathFileOrCreate pod := &v1.Pod{