fixup! refactor: Address review feedback

jimmidyson · jimmidyson · commit a389cf827323 · 2025-06-24T14:40:06.000+01:00
diff --git a/api/v1alpha1/clusterconfig_types.go b/api/v1alpha1/clusterconfig_types.go
@@ -345,7 +345,6 @@ const (
 
 type KubeProxy struct {
 	// Mode specifies the mode for kube-proxy:
-	//
 	// - iptables means that kube-proxy is installed in iptables mode.
 	// - nftables means that kube-proxy is installed in nftables mode.
 	// +kubebuilder:validation:Optional
diff --git a/api/v1alpha1/crds/caren.nutanix.com_awsclusterconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_awsclusterconfigs.yaml
@@ -566,7 +566,6 @@ spec:
                     mode:
                       description: |-
                         Mode specifies the mode for kube-proxy:
-
                         - iptables means that kube-proxy is installed in iptables mode.
                         - nftables means that kube-proxy is installed in nftables mode.
                       enum:
diff --git a/api/v1alpha1/crds/caren.nutanix.com_dockerclusterconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_dockerclusterconfigs.yaml
@@ -503,7 +503,6 @@ spec:
                     mode:
                       description: |-
                         Mode specifies the mode for kube-proxy:
-
                         - iptables means that kube-proxy is installed in iptables mode.
                         - nftables means that kube-proxy is installed in nftables mode.
                       enum:
diff --git a/api/v1alpha1/crds/caren.nutanix.com_genericclusterconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_genericclusterconfigs.yaml
@@ -181,7 +181,6 @@ spec:
                   mode:
                     description: |-
                       Mode specifies the mode for kube-proxy:
-
                       - iptables means that kube-proxy is installed in iptables mode.
                       - nftables means that kube-proxy is installed in nftables mode.
                     enum:
diff --git a/api/v1alpha1/crds/caren.nutanix.com_nutanixclusterconfigs.yaml b/api/v1alpha1/crds/caren.nutanix.com_nutanixclusterconfigs.yaml
@@ -682,7 +682,6 @@ spec:
                     mode:
                       description: |-
                         Mode specifies the mode for kube-proxy:
-
                         - iptables means that kube-proxy is installed in iptables mode.
                         - nftables means that kube-proxy is installed in nftables mode.
                       enum:
diff --git a/pkg/handlers/generic/mutation/kubeproxymode/inject.go b/pkg/handlers/generic/mutation/kubeproxymode/inject.go
@@ -10,7 +10,6 @@ import (
 
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1"
 	controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1"
 	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
@@ -22,7 +21,6 @@ import (
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/patches"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/patches/selectors"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/variables"
-	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/utils"
 )
 
 const (
@@ -36,11 +34,13 @@ kind: KubeProxyConfiguration
 mode: %s
 `
 
-	// kubeProxyConfigYAMLTemplateForDockerProvider is the kube-proxy configuration template for Docker provider.
-	// CAPD already configures some stuff in KubeProxyConfiguration, so we only need to set the mode.
-	kubeProxyConfigYAMLTemplateForDockerProvider = `
-mode: %s
-`
+	// addKubeProxyModeToExistingKubeProxyConfiguration is a sed command to add the kube-proxy mode to
+	// an existing KubeProxyConfiguration present in the kubeadm config file. If there is no existing
+	// KubeProxyConfiguration, it will exit with a non-zero status code which allows to run the fallback
+	// command to append the KubeProxyConfiguration specified in the template above to the kubeadm config file.
+	addKubeProxyModeToExistingKubeProxyConfiguration = `grep -q "^kind: KubeProxyConfiguration$" %[1]s && sed -i -e "s/^\(kind: KubeProxyConfiguration\)$/\1\nmode: %[2]s/" %[1]s` //nolint:lll // Just a long command.
+
+	kubeadmConfigFilePath = "/run/kubeadm/kubeadm.yaml"
 )
 
 type kubeProxyMode struct {
@@ -145,19 +145,32 @@ func (h *kubeProxyMode) Mutate(
 
 			switch kubeProxyMode {
 			case v1alpha1.KubeProxyModeIPTables, v1alpha1.KubeProxyModeNFTables:
-				kubeProxyConfigProviderTemplate := templateForClusterProvider(cluster)
-
 				kubeProxyConfig := bootstrapv1.File{
 					Path:        "/etc/kubernetes/kubeproxy-config.yaml",
 					Owner:       "root:root",
 					Permissions: "0644",
-					Content:     fmt.Sprintf(kubeProxyConfigProviderTemplate, kubeProxyMode),
+					Content:     fmt.Sprintf(kubeProxyConfigYAMLTemplate, kubeProxyMode),
 				}
 				obj.Spec.Template.Spec.KubeadmConfigSpec.Files = append(
 					obj.Spec.Template.Spec.KubeadmConfigSpec.Files,
 					kubeProxyConfig,
 				)
-				mergeKubeProxyConfigCmd := "/bin/sh -ec 'cat /etc/kubernetes/kubeproxy-config.yaml >> /run/kubeadm/kubeadm.yaml'"
+
+				sedCommand := fmt.Sprintf(
+					addKubeProxyModeToExistingKubeProxyConfiguration,
+					kubeadmConfigFilePath,
+					kubeProxyMode,
+				)
+				catCommand := fmt.Sprintf(
+					"cat /etc/kubernetes/kubeproxy-config.yaml >>%s",
+					kubeadmConfigFilePath,
+				)
+				mergeKubeProxyConfigCmd := fmt.Sprintf(
+					"/bin/sh -ec '(%s) || (%s)'",
+					sedCommand,
+					catCommand,
+				)
+
 				obj.Spec.Template.Spec.KubeadmConfigSpec.PreKubeadmCommands = append(
 					obj.Spec.Template.Spec.KubeadmConfigSpec.PreKubeadmCommands,
 					mergeKubeProxyConfigCmd,
@@ -170,13 +183,3 @@ func (h *kubeProxyMode) Mutate(
 		},
 	)
 }
-
-// templateForClusterProvider returns the kube-proxy config template based on the cluster provider.
-func templateForClusterProvider(cluster *clusterv1.Cluster) string {
-	switch utils.GetProvider(cluster) {
-	case "docker":
-		return kubeProxyConfigYAMLTemplateForDockerProvider
-	default:
-		return kubeProxyConfigYAMLTemplate
-	}
-}
diff --git a/pkg/handlers/generic/mutation/kubeproxymode/inject_test.go b/pkg/handlers/generic/mutation/kubeproxymode/inject_test.go
@@ -158,6 +158,56 @@ var _ = Describe("Generate kube proxy mode patches", func() {
 				},
 			},
 		},
+	}, {
+		patchTest: capitest.PatchTestDef{
+			Name: "kube proxy iptables mode with Nutanix",
+			Vars: []runtimehooksv1.Variable{
+				capitest.VariableWithValue(
+					v1alpha1.ClusterConfigVariableName,
+					v1alpha1.AWSClusterConfigSpec{
+						GenericClusterConfigSpec: v1alpha1.GenericClusterConfigSpec{
+							KubeProxy: &v1alpha1.KubeProxy{
+								Mode: v1alpha1.KubeProxyModeIPTables,
+							},
+						},
+					},
+				),
+			},
+			RequestItem: request.NewKubeadmControlPlaneTemplateRequestItem(""),
+			ExpectedPatchMatchers: []capitest.JSONPatchMatcher{{
+				Operation: "add",
+				Path:      "/spec/template/spec/kubeadmConfigSpec/files",
+				ValueMatcher: gomega.ConsistOf(
+					gomega.SatisfyAll(
+						gomega.HaveKeyWithValue("path", "/etc/kubernetes/kubeproxy-config.yaml"),
+						gomega.HaveKeyWithValue("owner", "root:root"),
+						gomega.HaveKeyWithValue("permissions", "0644"),
+						gomega.HaveKeyWithValue("content", `
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+mode: iptables
+`,
+						),
+					),
+				),
+			}, {
+				Operation: "add",
+				Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
+				ValueMatcher: gomega.ConsistOf(
+					`/bin/sh -ec '(grep -q "^kind: KubeProxyConfiguration$" /run/kubeadm/kubeadm.yaml && sed -i -e "s/^\(kind: KubeProxyConfiguration\)$/\1\nmode: iptables/" /run/kubeadm/kubeadm.yaml) || (cat /etc/kubernetes/kubeproxy-config.yaml >>/run/kubeadm/kubeadm.yaml)'`, //nolint:lll // Just a long command.
+				),
+			}},
+		},
+		cluster: &clusterv1.Cluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-cluster",
+				Namespace: request.Namespace,
+				Labels: map[string]string{
+					clusterv1.ProviderNameLabel: "nutanix",
+				},
+			},
+		},
 	}, {
 		patchTest: capitest.PatchTestDef{
 			Name: "kube proxy iptables mode with AWS",
@@ -195,7 +245,7 @@ mode: iptables
 				Operation: "add",
 				Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
 				ValueMatcher: gomega.ConsistOf(
-					"/bin/sh -ec 'cat /etc/kubernetes/kubeproxy-config.yaml >> /run/kubeadm/kubeadm.yaml'",
+					`/bin/sh -ec '(grep -q "^kind: KubeProxyConfiguration$" /run/kubeadm/kubeadm.yaml && sed -i -e "s/^\(kind: KubeProxyConfiguration\)$/\1\nmode: iptables/" /run/kubeadm/kubeadm.yaml) || (cat /etc/kubernetes/kubeproxy-config.yaml >>/run/kubeadm/kubeadm.yaml)'`, //nolint:lll // Just a long command.
 				),
 			}},
 		},
@@ -233,6 +283,9 @@ mode: iptables
 						gomega.HaveKeyWithValue("owner", "root:root"),
 						gomega.HaveKeyWithValue("permissions", "0644"),
 						gomega.HaveKeyWithValue("content", `
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
 mode: iptables
 `,
 						),
@@ -242,7 +295,7 @@ mode: iptables
 				Operation: "add",
 				Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
 				ValueMatcher: gomega.ConsistOf(
-					"/bin/sh -ec 'cat /etc/kubernetes/kubeproxy-config.yaml >> /run/kubeadm/kubeadm.yaml'",
+					`/bin/sh -ec '(grep -q "^kind: KubeProxyConfiguration$" /run/kubeadm/kubeadm.yaml && sed -i -e "s/^\(kind: KubeProxyConfiguration\)$/\1\nmode: iptables/" /run/kubeadm/kubeadm.yaml) || (cat /etc/kubernetes/kubeproxy-config.yaml >>/run/kubeadm/kubeadm.yaml)'`, //nolint:lll // Just a long command.
 				),
 			}},
 		},
@@ -292,7 +345,7 @@ mode: nftables
 				Operation: "add",
 				Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
 				ValueMatcher: gomega.ConsistOf(
-					"/bin/sh -ec 'cat /etc/kubernetes/kubeproxy-config.yaml >> /run/kubeadm/kubeadm.yaml'",
+					`/bin/sh -ec '(grep -q "^kind: KubeProxyConfiguration$" /run/kubeadm/kubeadm.yaml && sed -i -e "s/^\(kind: KubeProxyConfiguration\)$/\1\nmode: nftables/" /run/kubeadm/kubeadm.yaml) || (cat /etc/kubernetes/kubeproxy-config.yaml >>/run/kubeadm/kubeadm.yaml)'`, //nolint:lll // Just a long command.
 				),
 			}},
 		},
@@ -342,7 +395,7 @@ mode: nftables
 				Operation: "add",
 				Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
 				ValueMatcher: gomega.ConsistOf(
-					"/bin/sh -ec 'cat /etc/kubernetes/kubeproxy-config.yaml >> /run/kubeadm/kubeadm.yaml'",
+					`/bin/sh -ec '(grep -q "^kind: KubeProxyConfiguration$" /run/kubeadm/kubeadm.yaml && sed -i -e "s/^\(kind: KubeProxyConfiguration\)$/\1\nmode: nftables/" /run/kubeadm/kubeadm.yaml) || (cat /etc/kubernetes/kubeproxy-config.yaml >>/run/kubeadm/kubeadm.yaml)'`, //nolint:lll // Just a long command.
 				),
 			}},
 		},
@@ -380,6 +433,9 @@ mode: nftables
 						gomega.HaveKeyWithValue("owner", "root:root"),
 						gomega.HaveKeyWithValue("permissions", "0644"),
 						gomega.HaveKeyWithValue("content", `
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
 mode: nftables
 `,
 						),
@@ -389,7 +445,7 @@ mode: nftables
 				Operation: "add",
 				Path:      "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands",
 				ValueMatcher: gomega.ConsistOf(
-					"/bin/sh -ec 'cat /etc/kubernetes/kubeproxy-config.yaml >> /run/kubeadm/kubeadm.yaml'",
+					`/bin/sh -ec '(grep -q "^kind: KubeProxyConfiguration$" /run/kubeadm/kubeadm.yaml && sed -i -e "s/^\(kind: KubeProxyConfiguration\)$/\1\nmode: nftables/" /run/kubeadm/kubeadm.yaml) || (cat /etc/kubernetes/kubeproxy-config.yaml >>/run/kubeadm/kubeadm.yaml)'`, //nolint:lll // Just a long command.
 				),
 			}},
 		},
