From 7a5d5e7afb3c8371ff426061b4c53ad73f183b47 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Wed, 29 May 2024 15:40:44 -0500 Subject: [PATCH] Cherry-pick #16 via PR into release_1.29 (#17) --- .github/workflows/naming-lint-unit.yaml | 2 +- charms/kubernetes_snaps.py | 19 ++++++++++++++----- tox.ini | 4 ++-- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/.github/workflows/naming-lint-unit.yaml b/.github/workflows/naming-lint-unit.yaml index 9ab8eb0..30aed40 100644 --- a/.github/workflows/naming-lint-unit.yaml +++ b/.github/workflows/naming-lint-unit.yaml @@ -4,7 +4,7 @@ on: [pull_request] jobs: call-inclusive-naming-check: name: Inclusive Naming - uses: canonical-web-and-design/Inclusive-naming/.github/workflows/woke.yaml@main + uses: canonical/inclusive-naming/.github/workflows/woke.yaml@main with: fail-on-error: "true" diff --git a/charms/kubernetes_snaps.py b/charms/kubernetes_snaps.py index 5aff777..0ac82ba 100644 --- a/charms/kubernetes_snaps.py +++ b/charms/kubernetes_snaps.py @@ -47,6 +47,14 @@ class ExternalCloud(Protocol): ] +def _snap_common_path(component) -> Path: + return Path("/var/snap/{}/common".format(component)) + + +def encryption_config_path() -> Path: + return _snap_common_path("kube-apiserver") / "encryption/encryption_config.yaml" + + def configure_apiserver( advertise_address, audit_policy, @@ -81,11 +89,12 @@ def configure_apiserver( api_opts["service-account-issuer"] = "https://kubernetes.default.svc" api_opts["service-account-signing-key-file"] = str(service_account_key_path) api_opts["service-account-key-file"] = str(service_account_key_path) - api_opts[ - "kubelet-preferred-address-types" - ] = "InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP" - # TODO: encryption at rest - # api_opts["encryption-provider-config"] = str(encryption_config_path()) + api_opts["kubelet-preferred-address-types"] = ( + "InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP" + ) + enc_provider_config = encryption_config_path() + if enc_provider_config.exists(): + api_opts["encryption-provider-config"] = str(enc_provider_config) api_opts["advertise-address"] = advertise_address diff --git a/tox.ini b/tox.ini index ea7cfb3..543819e 100644 --- a/tox.ini +++ b/tox.ini @@ -23,7 +23,7 @@ deps = ruff commands = black {[vars]all_path} - ruff --fix {[vars]all_path} + ruff format {[vars]all_path} [testenv:lint] description = Check code against coding style standards @@ -33,7 +33,7 @@ deps = codespell commands = codespell {toxinidir} - ruff {[vars]all_path} + ruff check {[vars]all_path} black --check --diff {[vars]all_path} [testenv:unit]