Add api server extra args map to cluster spec

aws · Mar 2, 2024 · aff6a39 · aff6a39
1 parent 57c91bc
commit aff6a39
Show file tree

Hide file tree

Showing 11 changed files with 70 additions and 3 deletions.
diff --git a/config/crd/bases/anywhere.eks.amazonaws.com_clusters.yaml b/config/crd/bases/anywhere.eks.amazonaws.com_clusters.yaml
@@ -151,6 +151,12 @@ spec:
                 type: object
               controlPlaneConfiguration:
                 properties:
+                  apiServerExtraArgs:
+                    additionalProperties:
+                      type: string
+                    description: ApiServerExtraArgs defines the flags to configure
+                      for the API server.
+                    type: object
                   certSans:
                     description: CertSANs is a slice of domain names or IPs to be
                       added as Subject Name Alternatives of the Kube API Servers Certificate.

diff --git a/config/manifest/eksa-components.yaml b/config/manifest/eksa-components.yaml
@@ -3854,6 +3854,12 @@ spec:
                 type: object
               controlPlaneConfiguration:
                 properties:
+                  apiServerExtraArgs:
+                    additionalProperties:
+                      type: string
+                    description: ApiServerExtraArgs defines the flags to configure
+                      for the API server.
+                    type: object
                   certSans:
                     description: CertSANs is a slice of domain names or IPs to be
                       added as Subject Name Alternatives of the Kube API Servers Certificate.

diff --git a/pkg/api/v1alpha1/cluster_types.go b/pkg/api/v1alpha1/cluster_types.go
@@ -307,6 +307,8 @@ type ControlPlaneConfiguration struct {
 	CertSANs []string `json:"certSans,omitempty"`
 	// MachineHealthCheck is a control-plane level override for the timeouts and maxUnhealthy specified in the top-level MHC configuration. If not configured, the defaults in the top-level MHC configuration are used.
 	MachineHealthCheck *MachineHealthCheck `json:"machineHealthCheck,omitempty"`
+	// ApiServerExtraArgs defines the flags to configure for the API server.
+	ApiServerExtraArgs map[string]string `json:"apiServerExtraArgs,omitempty"`
 }
 
 // MachineHealthCheck allows to configure timeouts for machine health checks. Machine Health Checks are responsible for remediating unhealthy Machines.
@@ -363,7 +365,7 @@ func (n *ControlPlaneConfiguration) Equal(o *ControlPlaneConfiguration) bool {
 	}
 	return n.Count == o.Count && n.MachineGroupRef.Equal(o.MachineGroupRef) &&
 		TaintsSliceEqual(n.Taints, o.Taints) && MapEqual(n.Labels, o.Labels) &&
-		SliceEqual(n.CertSANs, o.CertSANs)
+		SliceEqual(n.CertSANs, o.CertSANs) && MapEqual(n.ApiServerExtraArgs, o.ApiServerExtraArgs)
 }
 
 type Endpoint struct {

diff --git a/pkg/api/v1alpha1/zz_generated.deepcopy.go b/pkg/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/clusterapi/extraargs.go b/pkg/clusterapi/extraargs.go
@@ -53,6 +53,14 @@ func EtcdEncryptionExtraArgs(config *[]v1alpha1.EtcdEncryption) ExtraArgs {
 	return args
 }
 
+func ApiServerExtraArgs(apiServerExtraArgs map[string]string) ExtraArgs {
+	args := ExtraArgs{}
+	for k, v := range apiServerExtraArgs {
+		args.AddIfNotEmpty(k, v)
+	}
+	return args
+}
+
 func PodIAMAuthExtraArgs(podIAMConfig *v1alpha1.PodIAMConfig) ExtraArgs {
 	if podIAMConfig == nil {
 		return nil

diff --git a/pkg/clusterapi/extraargs_test.go b/pkg/clusterapi/extraargs_test.go
@@ -179,6 +179,39 @@ func TestExtraArgsToPartialYaml(t *testing.T) {
 	}
 }
 
+func TestApiServerExtraArgs(t *testing.T) {
+	tests := []struct {
+		testName           string
+		apiServerExtraArgs map[string]string
+		want               clusterapi.ExtraArgs
+	}{
+		{
+			testName:           "no args",
+			apiServerExtraArgs: map[string]string{},
+			want:               clusterapi.ExtraArgs{},
+		},
+		{
+			testName: "with args",
+			apiServerExtraArgs: map[string]string{
+				"service-account-issuer":   "https://my-custom-issuer-url",
+				"service-account-jwks-uri": "http://my-custom-jwks-uri/openid/v1/jwks",
+			},
+			want: clusterapi.ExtraArgs{
+				"service-account-issuer":   "https://my-custom-issuer-url",
+				"service-account-jwks-uri": "http://my-custom-jwks-uri/openid/v1/jwks",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.testName, func(t *testing.T) {
+			if got := clusterapi.ApiServerExtraArgs(tt.apiServerExtraArgs); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("ApiServerExtraArgs() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
 func TestAwsIamAuthExtraArgs(t *testing.T) {
 	tests := []struct {
 		testName string

diff --git a/pkg/providers/cloudstack/template.go b/pkg/providers/cloudstack/template.go
@@ -123,6 +123,7 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro
 		Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)).
 		Append(clusterapi.PodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig)).
 		Append(clusterapi.EtcdEncryptionExtraArgs(clusterSpec.Cluster.Spec.EtcdEncryption)).
+		Append(clusterapi.ApiServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.ApiServerExtraArgs)).
 		Append(sharedExtraArgs)
 
 	controllerManagerExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().

diff --git a/pkg/providers/docker/docker.go b/pkg/providers/docker/docker.go
@@ -295,6 +295,7 @@ func buildTemplateMapCP(clusterSpec *cluster.Spec) (map[string]interface{}, erro
 	apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig).
 		Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)).
 		Append(clusterapi.PodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig)).
+		Append(clusterapi.ApiServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.ApiServerExtraArgs)).
 		Append(sharedExtraArgs)
 	controllerManagerExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().
 		Append(clusterapi.NodeCIDRMaskExtraArgs(&clusterSpec.Cluster.Spec.ClusterNetwork))

diff --git a/pkg/providers/nutanix/template.go b/pkg/providers/nutanix/template.go
@@ -162,7 +162,8 @@ func buildTemplateMapCP(
 	apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig).
 		Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)).
 		Append(clusterapi.PodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig)).
-		Append(clusterapi.EtcdEncryptionExtraArgs(clusterSpec.Cluster.Spec.EtcdEncryption))
+		Append(clusterapi.EtcdEncryptionExtraArgs(clusterSpec.Cluster.Spec.EtcdEncryption)).
+		Append(clusterapi.ApiServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.ApiServerExtraArgs))
 	kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().
 		Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)).
 		Append(clusterapi.ControlPlaneNodeLabelsExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration))

diff --git a/pkg/providers/tinkerbell/template.go b/pkg/providers/tinkerbell/template.go
@@ -399,7 +399,8 @@ func buildTemplateMapCP(
 
 	apiServerExtraArgs := clusterapi.OIDCToExtraArgs(clusterSpec.OIDCConfig).
 		Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)).
-		Append(clusterapi.PodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig))
+		Append(clusterapi.PodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig)).
+		Append(clusterapi.ApiServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.ApiServerExtraArgs))
 
 	kubeletExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().
 		Append(clusterapi.ResolvConfExtraArgs(clusterSpec.Cluster.Spec.ClusterNetwork.DNS.ResolvConf)).

diff --git a/pkg/providers/vsphere/template.go b/pkg/providers/vsphere/template.go
@@ -145,6 +145,7 @@ func buildTemplateMapCP(
 		Append(clusterapi.AwsIamAuthExtraArgs(clusterSpec.AWSIamConfig)).
 		Append(clusterapi.PodIAMAuthExtraArgs(clusterSpec.Cluster.Spec.PodIAMConfig)).
 		Append(clusterapi.EtcdEncryptionExtraArgs(clusterSpec.Cluster.Spec.EtcdEncryption)).
+		Append(clusterapi.ApiServerExtraArgs(clusterSpec.Cluster.Spec.ControlPlaneConfiguration.ApiServerExtraArgs)).
 		Append(sharedExtraArgs)
 	controllerManagerExtraArgs := clusterapi.SecureTlsCipherSuitesExtraArgs().
 		Append(clusterapi.NodeCIDRMaskExtraArgs(&clusterSpec.Cluster.Spec.ClusterNetwork))