Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / c2c7ad97b50194a550e77b875570ece90259f4ea^! / . / core / internal / kubernetes / controller-manager.go
commitc2c7ad97b50194a550e77b875570ece90259f4ea[log] [tgz]
authorSerge Bazanski <serge@nexantic.com>Mon Jul 13 17:20:09 2020 +0200
committerSerge Bazanski <serge@nexantic.com>Mon Jul 13 17:20:09 2020 +0200
treecc0d43c49c5d1cb787adf5c548c589fa50e9e72e
parentefdb6e9da9ed4d575afe72fde02a27817eca37c4 [diff] [blame]
core/internal: move containerd and kubernetes to localstorage

This moves the last users of the old 'storage' library onto 'localstorage'. We move a lot of 'runtime' directories to a single `/ephemeral` root. This could be called `/run`, but that might imply FHS compliance - which we don't have, nor want to have.

We also slightly refactor Kubernetes services to be a bit nicer to spawn. But generally, this is a pure refactor, with no functional changes.

Test Plan: this should fail. part of a larger stack. D590 is the first tip of the stack that should work.

X-Origin-Diff: phab/D589
GitOrigin-RevId: d2a7c0bb52c2a7c753199221c609e03474936c22

diff --git a/core/internal/kubernetes/controller-manager.go b/core/internal/kubernetes/controller-manager.go
index 8a85a99..126076e 100644
--- a/core/internal/kubernetes/controller-manager.go
+++ b/core/internal/kubernetes/controller-manager.go

@@ -24,8 +24,6 @@
 	"net"
 	"os/exec"
 
-	"go.etcd.io/etcd/clientv3"
-
 	"git.monogon.dev/source/nexantic.git/core/internal/common/supervisor"
 	"git.monogon.dev/source/nexantic.git/core/internal/kubernetes/pki"
 	"git.monogon.dev/source/nexantic.git/core/pkg/fileargs"
@@ -41,24 +39,22 @@
 	serverKey             []byte
 }
 
-var clusterNet = net.IPNet{IP: net.IP{10, 0, 0, 0}, Mask: net.IPMask{255, 255, 0, 0}}
-
-func getPKIControllerManagerConfig(ctx context.Context, kv clientv3.KV, kpki *pki.KubernetesPKI) (*controllerManagerConfig, error) {
+func getPKIControllerManagerConfig(ctx context.Context, kpki *pki.KubernetesPKI) (*controllerManagerConfig, error) {
 	var config controllerManagerConfig
 	var err error
-	config.rootCA, _, err = kpki.Certificate(ctx, pki.IdCA, kv)
+	config.rootCA, _, err = kpki.Certificate(ctx, pki.IdCA)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get ID root CA: %w", err)
 	}
-	config.serverCert, config.serverKey, err = kpki.Certificate(ctx, pki.ControllerManager, kv)
+	config.serverCert, config.serverKey, err = kpki.Certificate(ctx, pki.ControllerManager)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get controller-manager serving certificate: %w", err)
 	}
-	config.serviceAccountPrivKey, err = kpki.ServiceAccountKey(ctx, kv)
+	config.serviceAccountPrivKey, err = kpki.ServiceAccountKey(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get serviceaccount privkey: %w", err)
 	}
-	config.kubeConfig, err = kpki.Kubeconfig(ctx, pki.ControllerManagerClient, kv)
+	config.kubeConfig, err = kpki.Kubeconfig(ctx, pki.ControllerManagerClient)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get controller-manager kubeconfig: %w", err)
 	}
@@ -87,7 +83,7 @@
 			args.FileOpt("--tls-private-key-file", "server-key.pem",
 				pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: config.serverKey})),
 			"--allocate-node-cidrs",
-			"--cluster-cidr="+clusterNet.String(),
+			"--cluster-cidr="+config.clusterNet.String(),
 		)
 
 		if args.Error() != nil {