add patchnode for gcp

cli/internal/helm/BUILD.bazel

@@ -440,7 +440,9 @@ go_library(
         "@io_k8s_apimachinery//pkg/api/errors",
         "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
         "@io_k8s_apimachinery//pkg/apis/meta/v1/unstructured",
+        "@io_k8s_apimachinery//pkg/labels",
         "@io_k8s_apimachinery//pkg/runtime/schema",
+        "@io_k8s_apimachinery//pkg/types",
         "@io_k8s_apimachinery//pkg/util/wait",
         "@io_k8s_client_go//kubernetes",
         "@io_k8s_client_go//tools/clientcmd",

cli/internal/helm/ciliumhelper.go

@@ -11,7 +11,10 @@ import (
 	"fmt"
 	"time"
 
+	"k8s.io/apimachinery/pkg/api/errors"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
 )
@@ -20,7 +23,7 @@ type k8sDsClient struct {
 	clientset *kubernetes.Clientset
 }
 
-func newK8sHelmHelper(kubeconfigPath string) (*k8sDsClient, error) {
+func newK8sCiliumHelper(kubeconfigPath string) (*k8sDsClient, error) {
 	config, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath)
 	if err != nil {
 		return nil, err
@@ -32,6 +35,30 @@ func newK8sHelmHelper(kubeconfigPath string) (*k8sDsClient, error) {
 	return &k8sDsClient{clientset: clientset}, nil
 }
 
+func (h *k8sDsClient) PatchNode(ctx context.Context, podCIDR string) error {
+	selector := labels.Set{"node-role.kubernetes.io/control-plane": ""}.AsSelector()
+	controlPlaneList, err := h.clientset.CoreV1().Nodes().List(ctx, v1.ListOptions{LabelSelector: selector.String()})
+	if err != nil {
+		return err
+	}
+	if len(controlPlaneList.Items) != 1 {
+		return fmt.Errorf("expected 1 control-plane node, got %d", len(controlPlaneList.Items))
+	}
+	nodeName := controlPlaneList.Items[0].Name
+	// Get the current node
+	node, err := h.clientset.CoreV1().Nodes().Get(context.Background(), nodeName, v1.GetOptions{})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return fmt.Errorf("node %s not found", nodeName)
+		}
+		return err
+	}
+	// Update the node's spec
+	node.Spec.PodCIDR = podCIDR
+	_, err = h.clientset.CoreV1().Nodes().Patch(context.Background(), nodeName, types.MergePatchType, []byte(fmt.Sprintf(`{"spec":{"podCIDR":"%s"}}`, podCIDR)), v1.PatchOptions{})
+	return err
+}
+
 // WaitForDS waits for a DaemonSet to become ready.
 func (h *k8sDsClient) WaitForDS(ctx context.Context, namespace, name string, log debugLog) error {
 	for {

cli/internal/helm/suite_install.go

@@ -57,7 +57,7 @@ func (h helmInstallationClient) Install(ctx context.Context, provider cloudprovi
 		return fmt.Errorf("getting Terraform output: %w", err)
 	}
 
-	helper, err := newK8sHelmHelper(constants.AdminConfFilename)
+	helper, err := newK8sCiliumHelper(constants.AdminConfFilename)
 	if err != nil {
 		return fmt.Errorf("creating Kubernetes client: %w", err)
 	}
@@ -139,7 +139,7 @@ type helmInstaller interface {
 // TODO(malt3): switch over to DNS name on AWS and Azure
 // soon as every apiserver certificate of every control-plane node
 // has the dns endpoint in its SAN list.
-func setupCiliumVals(_ context.Context, provider cloudprovider.Provider, _ *k8sDsClient, output terraform.ApplyOutput) map[string]any {
+func setupCiliumVals(ctx context.Context, provider cloudprovider.Provider, dsClient *k8sDsClient, output terraform.ApplyOutput) map[string]any {
 	vals := map[string]any{
 		"k8sServiceHost": output.IP,
 		"k8sServicePort": 6443, // TODO take from tf?
@@ -148,9 +148,9 @@ func setupCiliumVals(_ context.Context, provider cloudprovider.Provider, _ *k8sD
 	// GCP requires extra configuration for Cilium
 	if provider == cloudprovider.GCP {
 		// TODO(elchead): remove?
-		//if err := helper.PatchNode(ctx, output.GCP.IPCidrNode); err != nil {
-		//	return nil, fmt.Errorf("patching GCP node: %w", err)
-		//}
+		if err := dsClient.PatchNode(ctx, output.GCP.IPCidrNode); err != nil {
+			panic(fmt.Errorf("patching GCP node: %w", err))
+		}
 		vals["ipv4NativeRoutingCIDR"] = output.GCP.IPCidrPod
 		vals["strictModeCIDR"] = output.GCP.IPCidrPod
 	}