Skip to content

chore: run addon enabling script on joining control plane nodes #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rapour merged 1 commit into from
Jul 31, 2025
Merged

chore: run addon enabling script on joining control plane nodes #123

rapour merged 1 commit into from
Jul 31, 2025

Conversation

@rapour
Copy link

@rapour rapour commented Jul 16, 2025
edited
Loading

Addresses #122

This PR suggests running microk8s enable <addons> on control plane nodes that are joining the cluster. A few considerations:

  • Microk8s itself is assumed to safeguard against duplicate execution of addons with lock files.
  • This change allows node specific addons like cis-hardening to be run on each control plane node joining the cluster
  • It doesn't add default addons to the list as apposed to the first node initializing the cluster, which adds dns as a default addon.

berkayoz
berkayoz reviewed Jul 21, 2025
View reviewed changes
Copy link
Member

@berkayoz berkayoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes LGTM, one question related to the design/use-case.

controllers/cloudinit/controlplane_join.go
// IPinIP defines whether Calico will use IPinIP mode for cluster networking.
IPinIP bool
// Addons is the list of addons to enable.
Addons []string
Copy link
Member

@berkayoz berkayoz Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does this handle the addon parameters? What's our strategy for that use-case?

Copy link
Author

@rapour rapour Jul 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's assume the user lists the addons they want to enable as part of their manifests:

...
  controlPlaneConfig:
    initConfiguration:
      joinTokenTTLInSecs: 9000
      addons:
      - dns
      - ingress
...

The provider used to run microk8s enable dns ingress on the first CP node of the cluster (as part of the cloud-init scripts). This change make it so it runs microk8s enable dns ingress on all the subsequent joining CP nodes. This is particularly useful for addons like cis-hardening that needs to be run on each node individually.

@rapour rapour requested a review from berkayoz July 21, 2025 12:07
berkayoz
berkayoz approved these changes Jul 28, 2025
View reviewed changes
Copy link
Member

@berkayoz berkayoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, we can leave addon parameters out of scope for this one.

@rapour rapour merged commit 71682d3 into main Jul 31, 2025
5 checks passed
@rapour rapour deleted the KU-3797/enable-addons-on-joining-control-planes branch July 31, 2025 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@berkayoz berkayoz berkayoz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rapour @berkayoz