bootstrapper: add fallback endpoint and custom endpoint to SAN field (#2108)

terraform: collect apiserver cert SANs and support custom endpoint constants: add new constants for cluster configuration and custom endpoint cloud: support apiserver cert sans and prepare for endpoint migration on AWS config: add customEndpoint field bootstrapper: use per-CSP apiserver cert SANs cli: route customEndpoint to terraform and add migration for apiserver cert SANs bootstrapper: change interface of GetLoadBalancerEndpoint to return host and port separately
2025-05-04 15:25:00 -04:00 · 2023-07-21 16:43:51 +02:00 · 2023-07-21 16:43:51 +02:00 · 8da6a23aa5
commit 8da6a23aa5
parent 3324a4eba2
64 changed files with 724 additions and 301 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
@ -91,7 +91,7 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, kubernetesCompon
 // InitCluster instruments kubeadm to initialize the K8s cluster.
 // On success an admin kubeconfig file is returned.
 func (k *KubernetesUtil) InitCluster(
-	ctx context.Context, initConfig []byte, nodeName, clusterName string, ips []net.IP, controlPlaneEndpoint string, conformanceMode bool, log *logger.Logger,
+	ctx context.Context, initConfig []byte, nodeName, clusterName string, ips []net.IP, controlPlaneHost, controlPlanePort string, conformanceMode bool, log *logger.Logger,
 ) ([]byte, error) {
 	// TODO(3u13r): audit policy should be user input
 	auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
@ -148,6 +148,7 @@ func (k *KubernetesUtil) InitCluster(
 	}

 	log.Infof("Preparing node for Konnectivity")
+	controlPlaneEndpoint := net.JoinHostPort(controlPlaneHost, controlPlanePort)
 	if err := k.prepareControlPlaneForKonnectivity(ctx, controlPlaneEndpoint); err != nil {
 		return nil, fmt.Errorf("setup konnectivity: %w", err)
 	}
@ -241,11 +242,12 @@ func (k *KubernetesUtil) prepareControlPlaneForKonnectivity(ctx context.Context,

 // SetupPodNetworkInput holds all configuration options to setup the pod network.
 type SetupPodNetworkInput struct {
-	CloudProvider        string
-	NodeName             string
-	FirstNodePodCIDR     string
-	SubnetworkPodCIDR    string
-	LoadBalancerEndpoint string
+	CloudProvider     string
+	NodeName          string
+	FirstNodePodCIDR  string
+	SubnetworkPodCIDR string
+	LoadBalancerHost  string
+	LoadBalancerPort  string
 }

 // WaitForCilium waits until Cilium reports a healthy status over its /healthz endpoint.
@ -314,7 +316,7 @@ func (k *KubernetesUtil) FixCilium(ctx context.Context) error {
 }

 // JoinCluster joins existing Kubernetes cluster using kubeadm join.
-func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, peerRole role.Role, controlPlaneEndpoint string, log *logger.Logger) error {
+func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, peerRole role.Role, controlPlaneHost, controlPlanePort string, log *logger.Logger) error {
 	// TODO(3u13r): audit policy should be user input
 	auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
 	if err != nil {
@ -341,6 +343,7 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, pee

 	if peerRole == role.ControlPlane {
 		log.Infof("Prep Init Kubernetes cluster")
+		controlPlaneEndpoint := net.JoinHostPort(controlPlaneHost, controlPlanePort)
 		if err := k.prepareControlPlaneForKonnectivity(ctx, controlPlaneEndpoint); err != nil {
 			return fmt.Errorf("setup konnectivity: %w", err)
 		}