vm-operator icon indicating copy to clipboard operation
vm-operator copied to clipboard
verified publisher icon vmware-tanzu

RawCloudConfig should respect bootstrap data deployed from v1a1 ConfigMap

Open dilyar85 opened this issue 1 year ago • 1 comments

What steps did you take and what happened?

  1. Deploy a Secret containing some cloud-init bootstrap user data:
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: bootstrap-data
  namespace: sdiliyaer-test
type: Opaque
stringData:
  user-data: |
    #cloud-config
    ssh_pwauth: true
    users:
      - name: test-1
        plain_text_passwd: test-1
        lock_passwd: false
        sudo: ALL=(ALL) NOPASSWD:ALL
        shell: /bin/bash
EOF

secret/bootstrap-data created
  1. Deploy a ConfigMap with the same name and namespace as the above Secret but containing different user-data:
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: bootstrap-data
  namespace: sdiliyaer-test
data:
  user-data: |
    #cloud-config
    ssh_pwauth: true
    users:
      - name: test-2
        plain_text_passwd: test-2
        lock_passwd: false
        sudo: ALL=(ALL) NOPASSWD:ALL
        shell: /bin/bash
EOF

configmap/bootstrap-data created
  1. Deploy a v1a1 VM using cloud-init and the above ConfigMap as its bootstrap-data:
$ cat <<EOF | kubectl apply -f -
apiVersion: vmoperator.vmware.com/v1alpha1
kind: VirtualMachine
metadata:
  name: my-vm
  namespace: sdiliyaer-test
spec:
  imageName: ubuntu-impish-21.10-cloudimg
  className: best-effort-small
  storageClass: wcpglobal-storage-profile
  vmMetadata:
    transport: CloudInit
    configMapName: bootstrap-data
EOF

virtualmachine.vmoperator.vmware.com/my-vm created

What did you expect to happen?

The VM is booted with the user-data from the ConfigMap (test-2 user) as specified in the v1a1 VM YAML spec. However, it actually boots with the user-data from the Secret (test-1 user), as verified by the SSH user credentials below:

$ kubectl get vm -A -o wide
NAMESPACE        NAME    POWER-STATE   CLASS               IMAGE                   PRIMARY-IP4     AGE
sdiliyaer-test   my-vm   PoweredOn     best-effort-small   vmi-d88f64306b7a6a392   192.168.128.9   5m13s

$ ssh [email protected]
[email protected]'s password:
Welcome to Ubuntu Impish Indri (development branch) (GNU/Linux 5.13.0-14-generic x86_64)
...
test-1@my-vm:~$ exit
logout
Connection to 192.168.128.9 closed.

$ ssh [email protected]
[email protected]'s password:
Permission denied, please try again.

Is there anything else you would like to add?

As discussed internally with the team:

In the up conversion lets add an annotation to indicate to use a CM during reconcile. And on down conversion use the annotation to fill in the right field in https://github.com/vmware-tanzu/vm-operator/blob/main/api/v1alpha1/virtualmachine_conversion.go#L209

And mark ConfigMapName as deprecated in the v1a1 api

dilyar85 avatar Apr 26 '24 16:04 dilyar85

WIP branch: https://github.com/sreyasn/vm-operator/commit/ed3696279139ed955c9b3501948ecb57ea3a8b26

sreyasn avatar Apr 26 '24 23:04 sreyasn