m/node/allocs: split new package off m/node
The metropolis/node package contains various unrelated things. One of
these things are node-wide allocations of identifiers.
These are moved here to the new metropolis/node/allocs package.
Additionally, the constants are renamed to move the type of identifier
in front.
Change-Id: Ibc841ca64d4450a7054463e6d2d44753a118e07a
Reviewed-on: https://review.monogon.dev/c/monogon/+/4566
Reviewed-by: Tim Windelschmidt <tim@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/node/kubernetes/apiserver.go b/metropolis/node/kubernetes/apiserver.go
index 5471e02..427d059 100644
--- a/metropolis/node/kubernetes/apiserver.go
+++ b/metropolis/node/kubernetes/apiserver.go
@@ -18,7 +18,7 @@
"k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity"
podsecurityadmissionv1 "k8s.io/pod-security-admission/admission/api/v1"
- common "source.monogon.dev/metropolis/node"
+ "source.monogon.dev/metropolis/node/allocs"
"source.monogon.dev/metropolis/node/core/localstorage"
"source.monogon.dev/metropolis/node/kubernetes/pki"
"source.monogon.dev/osbase/fileargs"
@@ -142,7 +142,7 @@
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: s.idCA})),
"--enable-admission-plugins=NodeRestriction",
"--enable-aggregator-routing=true",
- fmt.Sprintf("--secure-port=%d", common.KubernetesAPIPort),
+ fmt.Sprintf("--secure-port=%d", allocs.PortKubernetesAPI),
fmt.Sprintf("--etcd-servers=unix:///%s:0", s.EphemeralConsensusDirectory.ClientSocket.FullPath()),
args.FileOpt("--kubelet-client-certificate", "kubelet-client-cert.pem",
pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: s.kubeletClientCert})),