Merge pull request #16 from /issues/15

bsctl · web-flow · commit 661643e724f5 · 2025-05-16T08:56:05.000+02:00
feat: enhance user provisioning
diff --git a/README.md b/README.md
@@ -42,7 +42,7 @@ The implementation uses hash-suffixed templates, `VSphereMachineTemplate` and `K
 #### Rolling Update Workflow
 
 1. Update `values.yaml` with new configuration
-2. Run: `helm upgrade my-cluster ./cluster-api-kamaji-vsphere`
+2. Run: `helm upgrade cluster-name ./cluster-api-kamaji-vsphere`
 3. Cluster API automatically replaces nodes using the new configuration
 
 ### Split Infrastructure Controller Deployment
@@ -106,7 +106,7 @@ helm repo add clastix https://clastix.github.io/charts
 helm repo update
 
 # Install with custom values
-helm install my-cluster clastix/capi-kamaji-vsphere -f my-values.yaml
+helm install cluster-name clastix/capi-kamaji-vsphere -f my-values.yaml
 ```
 
 ## Credentials Management
@@ -129,9 +129,9 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: vsphere-secret
-  namespace: my-cluster
+  namespace: cluster-namespace
   labels:
-    cluster.x-k8s.io/cluster-name: "my-cluster"
+    cluster.x-k8s.io/cluster-name: "cluster-name"
 stringData:
   username: "administrator@vsphere.local"
   password: "YOUR_PASSWORD"
@@ -145,9 +145,9 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: vsphere-config-secret
-  namespace: my-cluster
+  namespace: cluster-namespace
   labels:
-    cluster.x-k8s.io/cluster-name: "my-cluster"
+    cluster.x-k8s.io/cluster-name: "cluster-name"
 stringData:
   vsphere.conf: |
     global:
@@ -178,7 +178,7 @@ metadata:
   name: vsphere-secret
   namespace: capv-system
   labels:
-    cluster.x-k8s.io/cluster-name: "my-cluster"
+    cluster.x-k8s.io/cluster-name: "cluster-name"
 stringData:
   username: "administrator@vsphere.local"
   password: "YOUR_PASSWORD"
@@ -209,9 +209,9 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: vsphere-config-secret
-  namespace: my-cluster
+  namespace: cluster-namespace
   labels:
-    cluster.x-k8s.io/cluster-name: "my-cluster"
+    cluster.x-k8s.io/cluster-name: "cluster-name"
 stringData:
   vsphere.conf: |
     global:
@@ -234,13 +234,13 @@ EOF
 
 ```bash
 # Deploy using the chart
-helm install my-cluster ./cluster-api-kamaji-vsphere -f values.yaml
+helm install cluster-name ./cluster-api-kamaji-vsphere -f values.yaml
 
 # Check status
 kubectl get cluster,machines
 
 # Get kubeconfig
-clusterctl get kubeconfig my-cluster > my-cluster.kubeconfig
+clusterctl get kubeconfig cluster-name > cluster-name.kubeconfig
 ```
 
 ### Upgrading a cluster
@@ -256,7 +256,7 @@ vSphereCloudControllerManager:
   version: "v1.32.0"
 
 # Apply upgrade
-helm upgrade my-cluster ./cluster-api-kamaji-vsphere -f values.yaml
+helm upgrade cluster-name ./cluster-api-kamaji-vsphere -f values.yaml
 
 # Watch the rolling update
 kubectl get machines -w
@@ -271,7 +271,7 @@ nodePools:
     replicas: 5
 
 # Apply scaling
-helm upgrade my-cluster ./cluster-api-kamaji-vsphere -f values.yaml
+helm upgrade cluster-name ./cluster-api-kamaji-vsphere -f values.yaml
 
 # Watch the scaling
 kubectl get machines -w
@@ -281,7 +281,7 @@ kubectl get machines -w
 
 ```bash
 # Delete the cluster
-helm uninstall my-cluster
+helm uninstall cluster-name
 ```
 
 ### Troubleshooting
@@ -290,11 +290,11 @@ If Helm uninstall fails with IP pool deletion errors:
 
 ```bash
 # Wait for machines to be deleted first
-kubectl delete machinedeployment -l cluster.x-k8s.io/cluster-name=my-cluster
-kubectl wait --for=delete vspheremachines -l cluster.x-k8s.io/cluster-name=my-cluster
+kubectl delete machinedeployment -l cluster.x-k8s.io/cluster-name=cluster-name
+kubectl wait --for=delete vspheremachines -l cluster.x-k8s.io/cluster-name=cluster-name
 
 # Retry helm uninstall
-helm uninstall my-cluster
+helm uninstall cluster-name
 ```
 
 If nodes taints are not removed:
diff --git a/charts/capi-kamaji-vsphere/Chart.yaml b/charts/capi-kamaji-vsphere/Chart.yaml
@@ -1,5 +1,5 @@
 name: capi-kamaji-vsphere
-version: 0.2.1
+version: 0.2.2
 appVersion: 1.32.0
 description: A Helm chart for deploying a Kamaji Tenant Cluster on vSphere using Cluster API
   and Kamaji.
diff --git a/charts/capi-kamaji-vsphere/README.md b/charts/capi-kamaji-vsphere/README.md
@@ -1,6 +1,6 @@
 # capi-kamaji-vsphere
 
-![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.32.0](https://img.shields.io/badge/AppVersion-1.32.0-informational?style=flat-square)
+![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.32.0](https://img.shields.io/badge/AppVersion-1.32.0-informational?style=flat-square)
 
 A Helm chart for deploying a Kamaji Tenant Cluster on vSphere using Cluster API and Kamaji.
 
@@ -73,7 +73,12 @@ A Helm chart for deploying a Kamaji Tenant Cluster on vSphere using Cluster API
 | nodePools[0].staticRoutes | list | `[]` | Static network routes if required |
 | nodePools[0].storagePolicyName | string | `""` | VSphere storage policy to use |
 | nodePools[0].template | string | `"ubuntu-2204-kube-v1.32.0"` | VSphere template to clone |
-| nodePools[0].users | list | `[{"name":"ubuntu","sshAuthorizedKeys":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}]` | users to create on machines |
+| nodePools[0].users | list | `[{"lockPassword":true,"name":"ubuntu","shell":"/bin/bash","sshAuthorizedKeys":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}]` | users to create on machines |
+| nodePools[0].users[0] | object | `{"lockPassword":true,"name":"ubuntu","shell":"/bin/bash","sshAuthorizedKeys":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}` | username to create |
+| nodePools[0].users[0].lockPassword | bool | `true` | Lock login password |
+| nodePools[0].users[0].shell | string | `"/bin/bash"` | SSH shell to use |
+| nodePools[0].users[0].sshAuthorizedKeys | list | `[]` | SSH public key to add |
+| nodePools[0].users[0].sudo | string | `"ALL=(ALL) NOPASSWD:ALL"` | sudoers configuration |
 | vSphere.dataCenter | string | `"datacenter"` | Datacenter to use |
 | vSphere.identityRef | object | `{"name":"vsphere-secret","type":"Secret"}` | VSphere Identity Management |
 | vSphere.identityRef.name | string | `"vsphere-secret"` | Specifies the name of the VSphereClusterIdentity or Secret |
diff --git a/charts/capi-kamaji-vsphere/templates/_kubeadm-config-template.tpl b/charts/capi-kamaji-vsphere/templates/_kubeadm-config-template.tpl
@@ -26,12 +26,7 @@ files:
 {{- if .nodePool.users }}
 users:
 {{- range .nodePool.users }}
-- name: {{ .name | quote }}
-  sshAuthorizedKeys:
-  {{- range .sshAuthorizedKeys }}
-  - {{ . | quote }}
-  {{- end }}
-  sudo: {{ .sudo | quote }}
+  - {{- toYaml . | nindent 4 }}
 {{- end }}
 {{- end }}
 {{- end -}}
diff --git a/charts/capi-kamaji-vsphere/values.yaml b/charts/capi-kamaji-vsphere/values.yaml
@@ -169,14 +169,22 @@ nodePools:
     # gateway: ""
     # -- users to create on machines
     users:
+      # -- username to create
     - name: ubuntu
+      # -- SSH shell to use
+      shell: /bin/bash
+      # -- SSH password to use. Use mkpasswd -m sha-512 to generate the password
+      # passwd: "$6$E0UW ..."
+      # -- Lock login password
+      lockPassword: true
+      # -- SSH public key to add
       sshAuthorizedKeys: []
+      # -- sudoers configuration
       sudo: ALL=(ALL) NOPASSWD:ALL
     # -- Labels to add to the node pool when joining the cluster
     # labels: "node.kubernetes.io/node=foo"
     # -- Taints to add to the node pool when joining the cluster
     # taints: "node.kubernetes.io/node:NoSchedule"
-
 vSphereCloudControllerManager:
   # -- Installs vsphere-cloud-controller-manager on the management cluster
   enabled: true
