nixos/services.kubernetes.kubelet: handle non-lower case chars in hostname

[mattpolzin]

Description of changes

I discovered when enabling a minimally configured kubernetes master + node cluster on my computer that uppercase letters in the networking.hostName result in kubelet being unauthorized to set a node up. The node name ends up being a lowercased version of the hostname and that mismatch causes problems.

Errors are of the form:

leases.coordination.k8s.io "mattpolzin-scrappy" is forbidden: User "system:node:MattPolzin-Scrappy" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-node-lease": can only access node lease with the same name as the requesting node

It seems like the most straight forward answer is to lowercase the system hostname when using it as a default kubelet.hostname. I also considered applying the lowercase function specifically where the kubelet.hostname is used as part of the CN for the relevant cert but seeing as how hostnames will always resolve as case insensitive there seems to be no reason not to apply it to the kubelet.hostname which is then most likely to prevent any similar problems in the future regardless of where the hostname is used.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[mattpolzin]

@johanot @cafkafk would either of you be up for giving this one a look?

[mattpolzin]

cc @jonpulsifer @vdemeester for potentially taking a look at this PR.

[johanot]

I approve of this. I just wonder if it could potentially break anything for others that rely on the old behavior. Maybe a rel note is in order?

[mattpolzin]

Good idea. I can push a release note later today. Thanks.

[johanot]

LGTM

[vdemeester]

LGTM 🐯

[mattpolzin]

@SuperSandro2000 I saw you reviewed as a committer on a recent PR in this module; can I ping you for a potential commit here as well?

[mattpolzin]

Looks like I better re-request review now that I fixed a merge conflict with the release notes so I can claim the approvals label.

[mattpolzin]

Apologies @vdemeester @johanot but could I bother either of you to re-up approval? I had to fix merge conflicts with the changelog update but everything else has remained the same.

[mattpolzin]

Ah, appreciate that Sandro!