From fc395bc1e25b8a25fdfbcdc75520e17331b59cde Mon Sep 17 00:00:00 2001 From: johanvandeweerd Date: Thu, 25 Jan 2024 21:56:47 +0100 Subject: [PATCH] chrore: Add CredentialProvider to Bottlerocket settings (#5530) Co-authored-by: Johan Vandeweerd --- .../bootstrap/bottlerocketsettings.go | 72 +++++++++++-------- 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/pkg/providers/amifamily/bootstrap/bottlerocketsettings.go b/pkg/providers/amifamily/bootstrap/bottlerocketsettings.go index 550922eeda7b..f2f59f0de5e6 100644 --- a/pkg/providers/amifamily/bootstrap/bottlerocketsettings.go +++ b/pkg/providers/amifamily/bootstrap/bottlerocketsettings.go @@ -35,7 +35,7 @@ type BottlerocketConfig struct { Settings BottlerocketSettings `toml:"-"` } -// BottlerocketSettings is a subset of all configuration in https://github.com/bottlerocket-os/bottlerocket/blob/develop/sources/models/src/aws-k8s-1.22/mod.rs +// BottlerocketSettings is a subset of all configuration in https://github.com/bottlerocket-os/bottlerocket/blob/d427c40931cba6e6bedc5b75e9c084a6e1818db9/sources/models/src/lib.rs#L260 // These settings apply across all K8s versions that karpenter supports. type BottlerocketSettings struct { Kubernetes BottlerocketKubernetes `toml:"kubernetes"` @@ -43,36 +43,37 @@ type BottlerocketSettings struct { // BottlerocketKubernetes is k8s specific configuration for bottlerocket api type BottlerocketKubernetes struct { - APIServer *string `toml:"api-server"` - CloudProvider *string `toml:"cloud-provider"` - ClusterCertificate *string `toml:"cluster-certificate"` - ClusterName *string `toml:"cluster-name"` - ClusterDNSIP *string `toml:"cluster-dns-ip,omitempty"` - NodeLabels map[string]string `toml:"node-labels,omitempty"` - NodeTaints map[string][]string `toml:"node-taints,omitempty"` - MaxPods *int `toml:"max-pods,omitempty"` - StaticPods map[string]BottlerocketStaticPod `toml:"static-pods,omitempty"` - EvictionHard map[string]string `toml:"eviction-hard,omitempty"` - KubeReserved map[string]string `toml:"kube-reserved,omitempty"` - SystemReserved map[string]string `toml:"system-reserved,omitempty"` - AllowedUnsafeSysctls []string `toml:"allowed-unsafe-sysctls,omitempty"` - ServerTLSBootstrap *bool `toml:"server-tls-bootstrap,omitempty"` - RegistryQPS *int `toml:"registry-qps,omitempty"` - RegistryBurst *int `toml:"registry-burst,omitempty"` - EventQPS *int `toml:"event-qps,omitempty"` - EventBurst *int `toml:"event-burst,omitempty"` - KubeAPIQPS *int `toml:"kube-api-qps,omitempty"` - KubeAPIBurst *int `toml:"kube-api-burst,omitempty"` - ContainerLogMaxSize *string `toml:"container-log-max-size,omitempty"` - ContainerLogMaxFiles *int `toml:"container-log-max-files,omitempty"` - CPUManagerPolicy *string `toml:"cpu-manager-policy,omitempty"` - CPUManagerReconcilePeriod *string `toml:"cpu-manager-reconcile-period,omitempty"` - TopologyManagerScope *string `toml:"topology-manager-scope,omitempty"` - ImageGCHighThresholdPercent *string `toml:"image-gc-high-threshold-percent,omitempty"` - ImageGCLowThresholdPercent *string `toml:"image-gc-low-threshold-percent,omitempty"` - CPUCFSQuota *bool `toml:"cpu-cfs-quota-enforced,omitempty"` - ShutdownGracePeriod *string `toml:"shutdown-grace-period,omitempty"` - ShutdownGracePeriodForCriticalPods *string `toml:"shutdown-grace-period-for-critical-pods,omitempty"` + APIServer *string `toml:"api-server"` + CloudProvider *string `toml:"cloud-provider"` + ClusterCertificate *string `toml:"cluster-certificate"` + ClusterName *string `toml:"cluster-name"` + ClusterDNSIP *string `toml:"cluster-dns-ip,omitempty"` + CredentialProviders map[string]BottlerocketCredentialProvider `toml:"credential-providers,omitempty"` + NodeLabels map[string]string `toml:"node-labels,omitempty"` + NodeTaints map[string][]string `toml:"node-taints,omitempty"` + MaxPods *int `toml:"max-pods,omitempty"` + StaticPods map[string]BottlerocketStaticPod `toml:"static-pods,omitempty"` + EvictionHard map[string]string `toml:"eviction-hard,omitempty"` + KubeReserved map[string]string `toml:"kube-reserved,omitempty"` + SystemReserved map[string]string `toml:"system-reserved,omitempty"` + AllowedUnsafeSysctls []string `toml:"allowed-unsafe-sysctls,omitempty"` + ServerTLSBootstrap *bool `toml:"server-tls-bootstrap,omitempty"` + RegistryQPS *int `toml:"registry-qps,omitempty"` + RegistryBurst *int `toml:"registry-burst,omitempty"` + EventQPS *int `toml:"event-qps,omitempty"` + EventBurst *int `toml:"event-burst,omitempty"` + KubeAPIQPS *int `toml:"kube-api-qps,omitempty"` + KubeAPIBurst *int `toml:"kube-api-burst,omitempty"` + ContainerLogMaxSize *string `toml:"container-log-max-size,omitempty"` + ContainerLogMaxFiles *int `toml:"container-log-max-files,omitempty"` + CPUManagerPolicy *string `toml:"cpu-manager-policy,omitempty"` + CPUManagerReconcilePeriod *string `toml:"cpu-manager-reconcile-period,omitempty"` + TopologyManagerScope *string `toml:"topology-manager-scope,omitempty"` + ImageGCHighThresholdPercent *string `toml:"image-gc-high-threshold-percent,omitempty"` + ImageGCLowThresholdPercent *string `toml:"image-gc-low-threshold-percent,omitempty"` + CPUCFSQuota *bool `toml:"cpu-cfs-quota-enforced,omitempty"` + ShutdownGracePeriod *string `toml:"shutdown-grace-period,omitempty"` + ShutdownGracePeriodForCriticalPods *string `toml:"shutdown-grace-period-for-critical-pods,omitempty"` } type BottlerocketStaticPod struct { @@ -80,6 +81,15 @@ type BottlerocketStaticPod struct { Manifest *string `toml:"manifest,omitempty"` } +// BottlerocketCredentialProvider is k8s specific configuration for Bottlerocket Kubelet image credential provider +// See Bottlerocket struct at https://github.com/bottlerocket-os/bottlerocket/blob/d427c40931cba6e6bedc5b75e9c084a6e1818db9/sources/models/modeled-types/src/kubernetes.rs#L1307 +type BottlerocketCredentialProvider struct { + Enabled *bool `toml:"enabled"` + CacheDuration *string `toml:"cache-duration,omitempty"` + ImagePatterns []string `toml:"image-patterns"` + Environment map[string]string `toml:"environment,omitempty"` +} + func (c *BottlerocketConfig) UnmarshalTOML(data []byte) error { // unmarshal known settings s := struct {