Implement Giant Swarm Kubernetes and Component Defaults within Cluster API

[puja108]

User Story: As a customer, I want to be able to keep relying on the sensible defaults (for security, reliability, and performance) that Giant Swarm currently provides.

The above user story is split into two issues:

1. Sensible defaults pertaining to Kubernetes and other user-space components Giant Swarm manages. (this issue)
2. Sensible defaults pertaining to Operating System underlying the above-mentioned software Giant Swarm OS Defaults within Cluster API #426

The split is based on technical challenges upstream that are currently blocking the 2nd issue, but are not present for this one.

[teemow]

@puja108 do we need this issue still?

[puja108]

I'm not sure if this is implemented. @alex-dabija @cornelius-keller @gawertm can you confirm wether this is done (most probably in form of the default configs we roll out with the cluster app)?

[alex-dabija]

The OS defaults are not implemented because we still use Ubuntu as our OS for all CAPI providers. The hardening we have on Vintage configured for Flatcar was not ported to Ubuntu.

We might not ported the OS hardening to Ubuntu because our long-term plan, at least for now, is to have Flatcar as the OS. We might want to revisit this decision before we start working on Flatcar support.

[gawertm]

@pipo02mix is actually currently working on Automatic Upgrades . Within that Story he touched the Kubernetes and OS defaults, where to set them (cluster- chart), etc. this seems very much related.
see https://github.com/giantswarm/giantswarm/issues/23341

[alex-dabija]

@pipo02mix is actually currently working on Automatic Upgrades . Within that Story he touched the Kubernetes and OS defaults, where to set them (cluster- chart), etc. this seems very much related. see giantswarm/giantswarm#23341

The OS default in this case means actual settings in the operating system. The upgrade story if I understood correctly, refers to the actual default OS image.

[gawertm]

oh yes correct. Upgrade referred to OS Image

[puja108]

there's a bit of a confusion, the OS defaults are in the other ticket this ticket is about k8s defaults, which I think we have right? that's why I was asking for confirmation.

[puja108]

so again, do we have all Kubernetes component settings that we had set for best practice and other (I hope good) reasons in k8scloudconfig also in the cluster apps set? @alex-dabija @gawertm @cornelius-keller cc @Rotfuks

If that's the case I'd like to close this ticket

[alex-dabija]

For CAPA & CAPG we have the same settings for the Kubernetes components (API, scheduler, controller manger) as we do on Vintage, but we don't have any of the OS defaults in place because we still use Ubuntu instead of Flatcar.

[puja108]

cool, I suppose we are doing the same for VCD right? cc @vxav

for OS we have a separate ticket.