Move all supported flags to KubeletConfiguration

- remaining flags are not supported yet
- cosmetic improvements to test suite

pkg/nodebootstrap/assets/10-eksclt.al2.conf

@@ -11,16 +11,13 @@ EnvironmentFile=/etc/eksctl/kubelet.local.env
 ExecStart=
 ExecStart=/usr/bin/kubelet \
   --node-ip=${NODE_IP} \
-  --cluster-dns=${CLUSTER_DNS} \
-  --max-pods=${MAX_PODS} \
   --node-labels=${NODE_LABELS},alpha.eksctl.io/instance-id=${INSTANCE_ID} \
   --allow-privileged=true \
-  --pod-infra-container-image=602401143452.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/eks/pause-amd64:3.1 \
   --cloud-provider=aws \
-  --cni-bin-dir=/opt/cni/bin \
-  --cni-conf-dir=/etc/cni/net.d \
   --container-runtime=docker \
   --network-plugin=cni \
-  --register-node=true \
+  --cni-bin-dir=/opt/cni/bin \
+  --cni-conf-dir=/etc/cni/net.d \
+  --pod-infra-container-image=602401143452.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/eks/pause-amd64:3.1 \
   --kubeconfig=/etc/eksctl/kubeconfig.yaml \
-  --config=/etc/eksctl/kubelet-config.json
+  --config=/etc/eksctl/kubelet.yaml

pkg/nodebootstrap/assets/kubelet.yaml

@@ -0,0 +1,27 @@
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+
+address: 0.0.0.0
+clusterDomain: cluster.local
+
+authentication:
+  anonymous:
+    enabled: false
+  webhook:
+    cacheTTL: 2m0s
+    enabled: true
+  x509:
+    clientCAFile: /etc/eksctl/ca.crt
+
+authorization:
+  mode: Webhook
+  webhook:
+    cacheAuthorizedTTL: 5m0s
+    cacheUnauthorizedTTL: 30s
+
+serverTLSBootstrap: true
+
+cgroupDriver: cgroupfs
+
+featureGates:
+  RotateKubeletServerCertificate: true

pkg/nodebootstrap/userdata.go

@@ -6,7 +6,11 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
+
 	"k8s.io/client-go/tools/clientcmd"
+	kubeletapi "k8s.io/kubelet/config/v1beta1"
+
+	"sigs.k8s.io/yaml"
 
 	"github.com/weaveworks/eksctl/pkg/ami"
 	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha4"
@@ -96,20 +100,48 @@ func clusterDNS(spec *api.ClusterConfig, ng *api.NodeGroup) string {
 	return "10.100.0.10"
 }
 
-func makeKubeletParamsCommon(spec *api.ClusterConfig, ng *api.NodeGroup) []string {
+func makeKubeletConfigYAML(spec *api.ClusterConfig, ng *api.NodeGroup) ([]byte, error) {
+	data, err := Asset("kubelet.yaml")
+	if err != nil {
+		return nil, err
+	}
+
+	// use a map here, as using struct will require us to add defaulting etc,
+	// and we only need to add a few top-level fields
+	obj := map[string]interface{}{}
+	if err := yaml.Unmarshal(data, &obj); err != nil {
+		return nil, err
+	}
+
 	if ng.MaxPodsPerNode == 0 {
 		ng.MaxPodsPerNode = maxPodsPerNodeType[ng.InstanceType]
 	}
+	obj["maxPods"] = int32(ng.MaxPodsPerNode)
+
+	obj["clusterDNS"] = []string{
+		clusterDNS(spec, ng),
+	}
+
+	data, err = yaml.Marshal(obj)
+	if err != nil {
+		return nil, err
+	}
+
+	// validate if data can be decoded as KubeletConfiguration
+	if err := yaml.Unmarshal(data, &kubeletapi.KubeletConfiguration{}); err != nil {
+		return nil, errors.Wrap(err, "validating generated KubeletConfiguration object")
+	}
+
+	return data, nil
+}
 
+func makeCommonKubeletEnvParams(spec *api.ClusterConfig, ng *api.NodeGroup) []string {
 	labels := []string{}
 	for k, v := range ng.Labels {
 		labels = append(labels, fmt.Sprintf("%s=%s", k, v))
 	}
 
-	// TODO: use componentconfig or kubelet config file – https://github.com/weaveworks/eksctl/issues/156
 	return []string{
-		fmt.Sprintf("MAX_PODS=%d", ng.MaxPodsPerNode),
-		fmt.Sprintf("CLUSTER_DNS=%s", clusterDNS(spec, ng)),
 		fmt.Sprintf("NODE_LABELS=%s", strings.Join(labels, ",")),
 	}
 }

pkg/nodebootstrap/userdata_al2.go

@@ -19,17 +19,22 @@ func makeAmazonLinux2Config(spec *api.ClusterConfig, ng *api.NodeGroup) (configF
 		return nil, errors.New("invalid cluster config: missing CertificateAuthorityData")
 	}
 
+	kubeletConfigData, err := makeKubeletConfigYAML(spec, ng)
+	if err != nil {
+		return nil, err
+	}
+
 	files := configFiles{
 		kubeletDropInUnitDir: {
 			"10-eksclt.al2.conf": {isAsset: true},
 		},
 		configDir: {
 			"metadata.env": {content: strings.Join(makeMetadata(spec), "\n")},
-			"kubelet.env":  {content: strings.Join(makeKubeletParamsCommon(spec, ng), "\n")},
+			"kubelet.env":  {content: strings.Join(makeCommonKubeletEnvParams(spec, ng), "\n")},
+			"kubelet.yaml": {content: string(kubeletConfigData)},
 			// TODO: https://github.com/weaveworks/eksctl/issues/161
-			"kubelet-config.json": {isAsset: true},
-			"ca.crt":              {content: string(spec.Status.CertificateAuthorityData)},
-			"kubeconfig.yaml":     {content: string(clientConfigData)},
+			"ca.crt":          {content: string(spec.Status.CertificateAuthorityData)},
+			"kubeconfig.yaml": {content: string(clientConfigData)},
 		},
 	}
 

pkg/nodebootstrap/userdata_ubuntu.go

@@ -1,6 +1,7 @@
 package nodebootstrap
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/kris-nova/logger"
@@ -19,10 +20,19 @@ func makeUbuntu1804Config(spec *api.ClusterConfig, ng *api.NodeGroup) (configFil
 		return nil, errors.New("invalid cluster config: missing CertificateAuthorityData")
 	}
 
+	if ng.MaxPodsPerNode == 0 {
+		ng.MaxPodsPerNode = maxPodsPerNodeType[ng.InstanceType]
+	}
+
+	kubeletEnvParams := append(makeCommonKubeletEnvParams(spec, ng),
+		fmt.Sprintf("MAX_PODS=%d", ng.MaxPodsPerNode),
+		fmt.Sprintf("CLUSTER_DNS=%s", clusterDNS(spec, ng)),
+	)
+
 	files := configFiles{
 		configDir: {
 			"metadata.env": {content: strings.Join(makeMetadata(spec), "\n")},
-			"kubelet.env":  {content: strings.Join(makeKubeletParamsCommon(spec, ng), "\n")},
+			"kubelet.env":  {content: strings.Join(kubeletEnvParams, "\n")},
 			// TODO: https://github.com/weaveworks/eksctl/issues/161
 			"ca.crt":          {content: string(spec.Status.CertificateAuthorityData)},
 			"kubeconfig.yaml": {content: string(clientConfigData)},