fixup! fix: Fix nftables template for Docker provider

jimmidyson · jimmidyson · commit 036cb254a8f8 · 2025-06-18T11:00:33.000+01:00
diff --git a/pkg/handlers/generic/mutation/extraapiservercertsans/inject_test.go b/pkg/handlers/generic/mutation/extraapiservercertsans/inject_test.go
@@ -175,12 +175,10 @@ var _ = Describe("Generate Extra API server certificate patches", func() {
 			utilruntime.Must(clientgoscheme.AddToScheme(clientScheme))
 			utilruntime.Must(clusterv1.AddToScheme(clientScheme))
 			cl, err := helpers.TestEnv.GetK8sClientWithScheme(clientScheme)
-			gomega.Expect(err).To(gomega.BeNil())
-			err = cl.Create(context.Background(), &tt.cluster)
-			gomega.Expect(err).To(gomega.BeNil())
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
+			gomega.Expect(cl.Create(context.Background(), &tt.cluster)).To(gomega.Succeed())
+			DeferCleanup(cl.Delete, context.Background(), &tt.cluster)
 			capitest.AssertGeneratePatches(GinkgoT(), patchGenerator, &tt.patchTest)
-			err = cl.Delete(context.Background(), &tt.cluster)
-			gomega.Expect(err).To(gomega.BeNil())
 		})
 	}
 })
diff --git a/pkg/handlers/generic/mutation/kubeproxymode/inject.go b/pkg/handlers/generic/mutation/kubeproxymode/inject.go
@@ -20,6 +20,7 @@ import (
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/patches"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/patches/selectors"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/variables"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/utils"
 )
 
 const (
@@ -31,6 +32,12 @@ const (
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
 kind: KubeProxyConfiguration
 mode: %s
+`
+
+	// kubeProxyConfigYAMLTemplateForDockerProvider is the kube-proxy configuration template for Docker provider.
+	// CAPD already configures some stuff in KubeProxyConfiguration, so we only need to set the mode.
+	kubeProxyConfigYAMLTemplateForDockerProvider = `
+mode: %s
 `
 )
 
@@ -121,11 +128,20 @@ func (h *kubeProxyMode) Mutate(
 					"addon/kube-proxy",
 				)
 			case v1alpha1.KubeProxyModeIPTables, v1alpha1.KubeProxyModeNFTables:
+				kubeProxyConfigProviderTemplate, err := templateForClusterProvider(ctx, clusterGetter)
+				if err != nil {
+					log.Error(
+						err,
+						"failed to get kube proxy config template for cluster provider",
+					)
+					return fmt.Errorf("failed to get cluster for kube proxy mode mutation: %w", err)
+				}
+
 				kubeProxyConfig := bootstrapv1.File{
 					Path:        "/etc/kubernetes/kubeproxy-config.yaml",
 					Owner:       "root:root",
 					Permissions: "0644",
-					Content:     fmt.Sprintf(kubeProxyConfigYAMLTemplate, kubeProxyMode),
+					Content:     fmt.Sprintf(kubeProxyConfigProviderTemplate, kubeProxyMode),
 				}
 				obj.Spec.Template.Spec.KubeadmConfigSpec.Files = append(
 					obj.Spec.Template.Spec.KubeadmConfigSpec.Files,
@@ -144,3 +160,18 @@ func (h *kubeProxyMode) Mutate(
 		},
 	)
 }
+
+// templateForClusterProvider returns the kube-proxy config template based on the cluster provider.
+func templateForClusterProvider(ctx context.Context, clusterGetter mutation.ClusterGetter) (string, error) {
+	cluster, err := clusterGetter(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	switch utils.GetProvider(cluster) {
+	case "docker":
+		return kubeProxyConfigYAMLTemplateForDockerProvider, nil
+	default:
+		return kubeProxyConfigYAMLTemplate, nil
+	}
+}
diff --git a/pkg/handlers/generic/mutation/kubeproxymode/inject_test.go b/pkg/handlers/generic/mutation/kubeproxymode/inject_test.go
@@ -4,16 +4,23 @@
 package kubeproxymode
 
 import (
+	"context"
 	"testing"
 
 	. "github.com/onsi/ginkgo/v2"
 	"github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
 
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/handlers/mutation"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/testutils/capitest"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/testutils/capitest/request"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/test/helpers"
 )
 
 func TestKubeProxyModePatch(t *testing.T) {
@@ -23,11 +30,17 @@ func TestKubeProxyModePatch(t *testing.T) {
 
 type testObj struct {
 	patchTest capitest.PatchTestDef
+	cluster   *clusterv1.Cluster
 }
 
 var _ = Describe("Generate kube proxy mode patches", func() {
 	patchGenerator := func() mutation.GeneratePatches {
-		return mutation.NewMetaGeneratePatchesHandler("", nil, NewPatch()).(mutation.GeneratePatches)
+		clientScheme := runtime.NewScheme()
+		utilruntime.Must(clientgoscheme.AddToScheme(clientScheme))
+		utilruntime.Must(clusterv1.AddToScheme(clientScheme))
+		cl, err := helpers.TestEnv.GetK8sClientWithScheme(clientScheme)
+		gomega.Expect(err).To(gomega.BeNil())
+		return mutation.NewMetaGeneratePatchesHandler("", cl, NewPatch()).(mutation.GeneratePatches)
 	}
 
 	testDefs := []testObj{{
@@ -96,6 +109,15 @@ var _ = Describe("Generate kube proxy mode patches", func() {
 				ValueMatcher: gomega.ConsistOf("addon/kube-proxy"),
 			}},
 		},
+		cluster: &clusterv1.Cluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-cluster",
+				Namespace: request.Namespace,
+				Labels: map[string]string{
+					clusterv1.ProviderNameLabel: "nutanix",
+				},
+			},
+		},
 	}, {
 		patchTest: capitest.PatchTestDef{
 			Name: "kube proxy iptables mode with AWS",
@@ -137,6 +159,15 @@ mode: iptables
 				),
 			}},
 		},
+		cluster: &clusterv1.Cluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-cluster",
+				Namespace: request.Namespace,
+				Labels: map[string]string{
+					clusterv1.ProviderNameLabel: "aws",
+				},
+			},
+		},
 	}, {
 		patchTest: capitest.PatchTestDef{
 			Name: "kube proxy iptables mode with Docker",
@@ -162,9 +193,6 @@ mode: iptables
 						gomega.HaveKeyWithValue("owner", "root:root"),
 						gomega.HaveKeyWithValue("permissions", "0644"),
 						gomega.HaveKeyWithValue("content", `
----
-apiVersion: kubeproxy.config.k8s.io/v1alpha1
-kind: KubeProxyConfiguration
 mode: iptables
 `,
 						),
@@ -178,6 +206,15 @@ mode: iptables
 				),
 			}},
 		},
+		cluster: &clusterv1.Cluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-cluster",
+				Namespace: request.Namespace,
+				Labels: map[string]string{
+					clusterv1.ProviderNameLabel: "docker",
+				},
+			},
+		},
 	}, {
 		patchTest: capitest.PatchTestDef{
 			Name: "kube proxy nftables mode with Nutanix",
@@ -219,6 +256,15 @@ mode: nftables
 				),
 			}},
 		},
+		cluster: &clusterv1.Cluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-cluster",
+				Namespace: request.Namespace,
+				Labels: map[string]string{
+					clusterv1.ProviderNameLabel: "nutanix",
+				},
+			},
+		},
 	}, {
 		patchTest: capitest.PatchTestDef{
 			Name: "kube proxy nftables mode with AWS",
@@ -260,6 +306,15 @@ mode: nftables
 				),
 			}},
 		},
+		cluster: &clusterv1.Cluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-cluster",
+				Namespace: request.Namespace,
+				Labels: map[string]string{
+					clusterv1.ProviderNameLabel: "aws",
+				},
+			},
+		},
 	}, {
 		patchTest: capitest.PatchTestDef{
 			Name: "kube proxy nftables mode with Docker",
@@ -285,9 +340,6 @@ mode: nftables
 						gomega.HaveKeyWithValue("owner", "root:root"),
 						gomega.HaveKeyWithValue("permissions", "0644"),
 						gomega.HaveKeyWithValue("content", `
----
-apiVersion: kubeproxy.config.k8s.io/v1alpha1
-kind: KubeProxyConfiguration
 mode: nftables
 `,
 						),
@@ -301,11 +353,29 @@ mode: nftables
 				),
 			}},
 		},
+		cluster: &clusterv1.Cluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-cluster",
+				Namespace: request.Namespace,
+				Labels: map[string]string{
+					clusterv1.ProviderNameLabel: "docker",
+				},
+			},
+		},
 	}}
 
 	// create test node for each case
 	for _, tt := range testDefs {
 		It(tt.patchTest.Name, func() {
+			if tt.cluster != nil {
+				clientScheme := runtime.NewScheme()
+				utilruntime.Must(clientgoscheme.AddToScheme(clientScheme))
+				utilruntime.Must(clusterv1.AddToScheme(clientScheme))
+				cl, err := helpers.TestEnv.GetK8sClientWithScheme(clientScheme)
+				gomega.Expect(err).ToNot(gomega.HaveOccurred())
+				gomega.Expect(cl.Create(context.Background(), tt.cluster)).To(gomega.Succeed())
+				DeferCleanup(cl.Delete, context.Background(), tt.cluster)
+			}
 			capitest.AssertGeneratePatches(GinkgoT(), patchGenerator, &tt.patchTest)
 		})
 	}
