From 928dbe32ac54b5334b43612248cbb5fa1a619642 Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Mon, 17 Nov 2025 12:22:26 -0500 Subject: [PATCH 1/2] test Signed-off-by: Qi Wang --- .../container_runtime_config_controller.go | 62 +++++++++++++++++++ .../container-runtime-config/helpers.go | 15 +++++ 2 files changed, 77 insertions(+) diff --git a/pkg/controller/container-runtime-config/container_runtime_config_controller.go b/pkg/controller/container-runtime-config/container_runtime_config_controller.go index 5139326291..37ff4c9afd 100644 --- a/pkg/controller/container-runtime-config/container_runtime_config_controller.go +++ b/pkg/controller/container-runtime-config/container_runtime_config_controller.go @@ -3,6 +3,7 @@ package containerruntimeconfig import ( "context" "fmt" + "path/filepath" "reflect" "strconv" "strings" @@ -546,6 +547,54 @@ func generateOriginalContainerRuntimeConfigs(templateDir string, cc *mcfgv1.Cont return gmcStorageConfig, gmcRegistriesConfig, gmcPolicyJSON, nil } +func generateOriginalCredentialProviderConfig(templateDir string, cc *mcfgv1.ControllerConfig, role string) (*ign3types.File, error) { + + // Render the default templates + rc := &mtmpl.RenderConfig{ + ControllerConfigSpec: &cc.Spec, + } + generatedConfigs, err := mtmpl.GenerateMachineConfigsForRole(rc, role, templateDir) + if err != nil { + klog.Infof("generateMachineConfigsforRole failed with error: %v", err) + return nil, fmt.Errorf("generateMachineConfigsforRole failed with error %w", err) + } + // Find generated provider.yaml + var ( + config, gmcCredProviderConfig *ign3types.File + errCredProvider error + credProviderConfigPath string + ) + + // Determine credential provider config path based on platform + // staying consistent with path used in pkg/controller/template/render.go + credProviderConfigPathFormat := filepath.FromSlash("/etc/kubernetes/credential-providers/%s-credential-provider.yaml") + switch cc.Spec.Infra.Status.PlatformStatus.Type { + case apicfgv1.AWSPlatformType: + credProviderConfigPath = fmt.Sprintf(credProviderConfigPathFormat, "ecr") + case apicfgv1.GCPPlatformType: + credProviderConfigPath = fmt.Sprintf(credProviderConfigPathFormat, "gcr") + case apicfgv1.AzurePlatformType: + credProviderConfigPath = fmt.Sprintf(credProviderConfigPathFormat, "acr") + default: + return nil, fmt.Errorf("unsupported platform type: %s", cc.Spec.Infra.Status.PlatformStatus.Type) + } + klog.Infof("credential provider config path set to: %s", credProviderConfigPath) + + // Find credential provider config + for _, gmc := range generatedConfigs { + config, errCredProvider = findCredProviderConfig(gmc, credProviderConfigPath) + if errCredProvider != nil { + klog.Infof("could not find credential provider config in generated config %s: %v", gmc.Name, errCredProvider) + return nil, fmt.Errorf("could not generate original credential provider configs: %w", errCredProvider) + } + + gmcCredProviderConfig = config + + } + + return gmcCredProviderConfig, nil +} + func (ctrl *Controller) syncStatusOnly(cfg *mcfgv1.ContainerRuntimeConfig, err error, args ...interface{}) error { statusUpdateErr := retry.RetryOnConflict(updateBackoff, func() error { newcfg, getErr := ctrl.mccrLister.Get(cfg.Name) @@ -934,6 +983,19 @@ func (ctrl *Controller) syncImageConfig(key string) error { if err != nil { return err } + + credProviderConfigIgn, err := generateOriginalCredentialProviderConfig(ctrl.templatesDir, controllerConfig, role) + if err != nil { + klog.Infof("could not generate original CRIO credential provider config for role %s: %v", role, err) + } + if err == nil && credProviderConfigIgn != nil && credProviderConfigIgn.Contents.Source != nil { + contents, err := ctrlcommon.DecodeIgnitionFileContents(credProviderConfigIgn.Contents.Source, credProviderConfigIgn.Contents.Compression) + if err != nil { + klog.Infof("could not decode CRIO credential provider config for role %s: %v", role, err) + } + klog.Infof("Decoded CRIO credential provider config contents successfully for role %s: %s", role, string(contents)) + } + if err := retry.RetryOnConflict(updateBackoff, func() error { registriesIgn, err := registriesConfigIgnition(ctrl.templatesDir, controllerConfig, role, releaseImage, imgcfg.Spec.RegistrySources.InsecureRegistries, registriesBlocked, policyBlocked, allowedRegs, diff --git a/pkg/controller/container-runtime-config/helpers.go b/pkg/controller/container-runtime-config/helpers.go index d9c676c13c..6187e56d62 100644 --- a/pkg/controller/container-runtime-config/helpers.go +++ b/pkg/controller/container-runtime-config/helpers.go @@ -1211,3 +1211,18 @@ func imagePolicyConfigFileList(namespaceJSONs map[string][]byte) []generatedConf } return namespacedPolicyConfigFileList } + +func findCredProviderConfig(mc *mcfgv1.MachineConfig, credProviderConfigPath string) (*ign3types.File, error) { + ignCfg, err := ctrlcommon.ParseAndConvertConfig(mc.Spec.Config.Raw) + if err != nil { + return nil, fmt.Errorf("parsing Credential Provider Ignition config failed with error: %w", err) + } + for _, c := range ignCfg.Storage.Files { + klog.Infof("Checking file path : %s", c.Path) + if c.Path == credProviderConfigPath { + c := c + return &c, nil + } + } + return nil, fmt.Errorf("could not find Credential Provider Config") +} From 3c9e4ada3751a32a2fbfc8c4c3bd73194074e11c Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Sat, 22 Nov 2025 13:31:17 -0500 Subject: [PATCH 2/2] test Signed-off-by: Qi Wang --- .../container_runtime_config_controller.go | 13 ------------- pkg/controller/container-runtime-config/helpers.go | 10 ++++++++++ 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/pkg/controller/container-runtime-config/container_runtime_config_controller.go b/pkg/controller/container-runtime-config/container_runtime_config_controller.go index 37ff4c9afd..804d3d61c7 100644 --- a/pkg/controller/container-runtime-config/container_runtime_config_controller.go +++ b/pkg/controller/container-runtime-config/container_runtime_config_controller.go @@ -983,19 +983,6 @@ func (ctrl *Controller) syncImageConfig(key string) error { if err != nil { return err } - - credProviderConfigIgn, err := generateOriginalCredentialProviderConfig(ctrl.templatesDir, controllerConfig, role) - if err != nil { - klog.Infof("could not generate original CRIO credential provider config for role %s: %v", role, err) - } - if err == nil && credProviderConfigIgn != nil && credProviderConfigIgn.Contents.Source != nil { - contents, err := ctrlcommon.DecodeIgnitionFileContents(credProviderConfigIgn.Contents.Source, credProviderConfigIgn.Contents.Compression) - if err != nil { - klog.Infof("could not decode CRIO credential provider config for role %s: %v", role, err) - } - klog.Infof("Decoded CRIO credential provider config contents successfully for role %s: %s", role, string(contents)) - } - if err := retry.RetryOnConflict(updateBackoff, func() error { registriesIgn, err := registriesConfigIgnition(ctrl.templatesDir, controllerConfig, role, releaseImage, imgcfg.Spec.RegistrySources.InsecureRegistries, registriesBlocked, policyBlocked, allowedRegs, diff --git a/pkg/controller/container-runtime-config/helpers.go b/pkg/controller/container-runtime-config/helpers.go index 6187e56d62..4241ea5b8e 100644 --- a/pkg/controller/container-runtime-config/helpers.go +++ b/pkg/controller/container-runtime-config/helpers.go @@ -165,6 +165,11 @@ func findStorageConfig(mc *mcfgv1.MachineConfig) (*ign3types.File, error) { if err != nil { return nil, fmt.Errorf("parsing Storage Ignition config failed with error: %w", err) } + + for _, c := range ignCfg.Storage.Files { + klog.Infof("storage-----Checking file path : %s", c.Path) + } + for _, c := range ignCfg.Storage.Files { if c.Path == storageConfigPath { c := c @@ -179,6 +184,11 @@ func findRegistriesConfig(mc *mcfgv1.MachineConfig) (*ign3types.File, error) { if err != nil { return nil, fmt.Errorf("parsing Registries Ignition config failed with error: %w", err) } + + for _, c := range ignCfg.Storage.Files { + klog.Infof("registries-----Checking file path : %s", c.Path) + } + for _, c := range ignCfg.Storage.Files { if c.Path == registriesConfigPath { return &c, nil