This repository has been archived by the owner on Apr 11, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
build: update aws credentials on kind bootstrap cluster #55
Open
supershal
wants to merge
94
commits into
main
Choose a base branch
from
shalin/update-aws-creds
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Missed when reorganising example kustomizations in previous PR.
- Defines a cluster-level variable for defining one or more users - Patches bootstrap templates for control plane and worker node pools with user configuration
Co-authored-by: Faiq <[email protected]> Signed-off-by: Deepak Muley <[email protected]>
Address review comments
Expand comments
Without this, defaults declared in the JSON schema are not included in validation steps, which can lead to invalid failures, while also not allowing for tests that target defaults.
Fix typo in lockPassword logic, and add unit test
feat: Add examples for Nutanix provider
Add unit test for empty hashed password
Change Sudo field from pointer to value The zero value (empty string) is not valid, so the field does not need to be a pointer.
Make username required
Explain why we do not validate hashed password input
Explain why we do not validate sudo input
Update type comments
Remove errant comment
Add users to the docs site
Manually wrap lines in doc
Also deploy infra provider versions that match the API.
CPI is a term unique to the vSphere CCM. Renaming to the more generic "CCM".
* fix: update latest template * build: pin commit for nutanix examples
feat: Add user configuration for all providers
feat: add nutanix csi
* docs: use an env for KUBERNETES_VERSION * docs: use a more widely available Kubernetes version Makes the command more copy-paste friendly. Kubernetes v1.28.7 is supported here by Docker, AWS and CAPX.
* fix: added support for capx * refactor: reuse existing CAPX types * fix: set allowed enums for Nutanix resource types * fix: set required for Nutanix node type * fix: reuse resource.Quantity types * fix: set defaults and validation * fix: rename field to subnets * refactor: fix handlers after API changes * test: add new unit tests * refactor: bring back host instead of address * fix: examples with updated APIs * fix: using latest capx private brach to test kube-vip fix * fix: set namespace for credentialRef The patch failed with the following error: got failure response with message failed to apply JSON patches to input: replace operation does not apply: doc is missing key: /spec/template/spec/prismCentral/credentialRef/namespace: missing value. * docs: fix users example * docs: deploying Calico for Nutanix * fix: added basic docs for nutanix mutations * fix: lint related fixes * docs: minor changes --------- Co-authored-by: Dimitri Koshkin <[email protected]>
* refactor: use a string type for Nutanix's AdditionalTrustBundle Use a string instead of a ConfigMap reference to make it easier for both the handlers to use, and the clients to set in the API. * fix: force insecure: false with additionalTrustBundle
* test: unit test for individual patch generator * test: package level unit test for HTTPProxy * test: fix data race between multiple unit test that use envtest * test: make patchgenerator generic function * fix: linting errors after rebase from main
* test: unit test for individual patch generator * test: package level unit test for HTTPProxy * test: move region and httpproxy patch generator unit test invocation * fix: linting errors * test: move all AWS patch unit tests to their own packages (#24) * test: move instanceprofile tests to its own package * test: move instancetype unit tests to its own package * test: move ami unit tests to its own package * test: move aws network tests to its own package * test: move controlplaneloadbalancer unit tests to its own package * test: move aws cni unit tests to its own package * test: fix linting errors * test: unit tests for AWS security groups * test: move customimage unit tests to their own package (#30) * test: move all Nutanix patch handler unit tests (#32) * test: move controlplane endpoint unit tests * test: move PC endpoint unit tests * test: nove machinedetails unit tests * test: move generic patch unit tests to own packages (#31) * test: move audit policy tests to their own package * test: move etcd unit tests to their own package * test: move extra api server cert sans to its own package * test: move image registry unit tests to its own package * test: move kubernetes image repository unit tests * test: move mirror unit tests * test: move users unit tests * test: remove gereric unit tests from nutanix meta patch handler * test: cleaned up meta level unit test suites
* feat: Make containerd restart its own patch * fix: unit tests for kubeadmconfigtemplate with containerdrestart patch * fix: add comment for always add containerd patch * test: move unit test to their own package --------- Co-authored-by: Shalin Patel <[email protected]>
Using a cross-namespace objectRef in the cluster API can lead to privilege escalation. A user with RBAC to read Secrets in one namespace can create a cluster, and copy any Secret from any other namespace to their workload cluster.
* refactor: combine PC host and port into a single url var This makes it simpler for clients to provide a single input field and not have to do any parsing to split the hostname and port. It also allows us to use API validation for bad input. * fixup! refactor: combine PC host and port into a single url var * fixup! refactor: combine PC host and port into a single url var * fixup! refactor: combine PC host and port into a single url var
The existing code created a ClusterResourceSet with the user provided Secret. However, that won't work unless that Secret has an embedded Secret in it.
* ci: adds tooling to create configmap * feat: use a configmap to get helmchart info * fix: precommit issues * fix: typo in cilium * fix: remove workspace files * build: template name for configmap * refactor: names for helm chart info getter * refactor: use nutanix-storage name instead of nutnaix-csi * refactor: move to globaloptions * fix: adds snapshot to helm config * fix: comments after review * fix: adds a warning and removes ebs csi * fix: typo * fix: adds missing script file * fix: precommit
* feat: Add patch to configure containerd metrics
This makes the deployment consistent as well as avoiding issues when providers are in the middle of a release.
* build: remove nutanix CCM from examples * build: add scripts to sync Nutanix CCM manifests * build: add CCM addon var to Nutanix examples * feat: deploy Nutanix CCM addon Aligns the method of deploying the CCM with all other addons. * fixup! build: add scripts to sync Nutanix CCM manifests * fixup! feat: deploy Nutanix CCM addon * build: remove unused CRS tooling for Nutanix CCM The CRS strategy is not supported for the Nutanix CCM, removing it until we actually need it.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
creates makefile target to update the expired aws credentials and restart capa-controller.
make dev.update-bootstrap-credentials-aws
reads similar to our existing commanddkp update bootstrap credentials aws