refactor(platform): add provider EnsureAuditConfig (#2104)

tkestack · Oct 12, 2022 · 7a5895a · 7a5895a
1 parent 8978358
commit 7a5895a
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 21 deletions.
diff --git a/pkg/platform/provider/baremetal/cluster/create.go b/pkg/platform/provider/baremetal/cluster/create.go
@@ -762,12 +762,45 @@ func (p *Provider) EnsureAuthzWebhook(ctx context.Context, c *v1.Cluster) error
  return nil
 }
 
+func (p *Provider) EnsureAuditConfig(ctx context.Context, c *v1.Cluster) error {
+ machines := map[bool][]platformv1.ClusterMachine{
+ true: c.Spec.ScalingMachines,
+ false: c.Spec.Machines}[len(c.Spec.ScalingMachines) > 0]
+ auditPolicyData, _ := ioutil.ReadFile(constants.AuditPolicyConfigFile)
+ auditWebhookConfig, err := template.ParseString(auditWebhookConfig, map[string]interface{}{
+ "AuditBackendAddress": p.Config.Audit.Address,
+ "ClusterName": c.Name,
+ })
+ if err != nil {
+ return errors.Wrap(err, "parse auditWebhookConfig error")
+ }
+ for _, machine := range machines {
+ machineSSH, err := machine.SSH()
+ if err != nil {
+ return err
+ }
+ if p.Config.AuditEnabled() {
+ if len(auditPolicyData) != 0 {
+ err = machineSSH.WriteFile(bytes.NewReader(auditPolicyData), constants.KubernetesAuditPolicyConfigFile)
+ if err != nil {
+ return errors.Wrap(err, machine.IP)
+ }
+ err = machineSSH.WriteFile(bytes.NewReader(auditWebhookConfig), constants.KubernetesAuditWebhookConfigFile)
+ if err != nil {
+ return errors.Wrap(err, machine.IP)
+ }
+ }
+ }
+ }
+
+ return nil
+}
+
 func (p *Provider) EnsurePrepareForControlplane(ctx context.Context, c *v1.Cluster) error {
  machines := map[bool][]platformv1.ClusterMachine{
  true: c.Spec.ScalingMachines,
  false: c.Spec.Machines}[len(c.Spec.ScalingMachines) > 0]
  oidcCa, _ := ioutil.ReadFile(constants.OIDCConfigFile)
- auditPolicyData, _ := ioutil.ReadFile(constants.AuditPolicyConfigFile)
  GPUQuotaAdmissionHost := c.Annotations[constants.GPUQuotaAdmissionIPAnnotaion]
  if GPUQuotaAdmissionHost == "" {
  GPUQuotaAdmissionHost = "gpu-quota-admission"
@@ -778,13 +811,6 @@ func (p *Provider) EnsurePrepareForControlplane(ctx context.Context, c *v1.Clust
  if err != nil {
  return errors.Wrap(err, "parse schedulerPolicyConfig error")
  }
- auditWebhookConfig, err := template.ParseString(auditWebhookConfig, map[string]interface{}{
- "AuditBackendAddress": p.Config.Audit.Address,
- "ClusterName": c.Name,
- })
- if err != nil {
- return errors.Wrap(err, "parse auditWebhookConfig error")
- }
  for _, machine := range machines {
  machineSSH, err := machine.SSH()
  if err != nil {
@@ -808,19 +834,6 @@ func (p *Provider) EnsurePrepareForControlplane(ctx context.Context, c *v1.Clust
  return errors.Wrap(err, machine.IP)
  }
  }
-
- if p.Config.AuditEnabled() {
- if len(auditPolicyData) != 0 {
- err = machineSSH.WriteFile(bytes.NewReader(auditPolicyData), constants.KubernetesAuditPolicyConfigFile)
- if err != nil {
- return errors.Wrap(err, machine.IP)
- }
- err = machineSSH.WriteFile(bytes.NewReader(auditWebhookConfig), constants.KubernetesAuditWebhookConfigFile)
- if err != nil {
- return errors.Wrap(err, machine.IP)
- }
- }
- }
  }
 
  return nil

diff --git a/pkg/platform/provider/baremetal/cluster/provider.go b/pkg/platform/provider/baremetal/cluster/provider.go
@@ -93,6 +93,7 @@ func NewProvider() (*Provider, error) {
  p.EnsureKeepalivedInit,
  p.EnsureThirdPartyHAInit,
  p.EnsureAuthzWebhook,
+ p.EnsureAuditConfig,
  p.EnsurePrepareForControlplane,
 
  p.EnsureKubeadmInitPhaseKubeletStart,

diff --git a/pkg/platform/provider/edge/cluster/provider.go b/pkg/platform/provider/edge/cluster/provider.go
@@ -105,6 +105,7 @@ func NewProvider() (*Provider, error) {
  p.bCluster.EnsureKeepalivedInit,
  p.bCluster.EnsureThirdPartyHAInit,
  p.bCluster.EnsureAuthzWebhook,
+ p.bCluster.EnsureAuditConfig,
  p.bCluster.EnsurePrepareForControlplane,
 
  p.bCluster.EnsureKubeadmInitPhaseKubeletStart,