Add users and files to MachinePool KubeadmConfig

helm/cluster/templates/clusterapi/_helpers_files.tpl

@@ -1,11 +1,10 @@
 {{- define "cluster.internal.kubeadm.files" }}
-{{- include "cluster.internal.kubeadm.files.sysctl" . }}
-{{- include "cluster.internal.kubeadm.files.systemd" . }}
-{{- include "cluster.internal.kubeadm.files.ssh" . }}
-{{- include "cluster.internal.kubeadm.files.cri" . }}
-{{- include "cluster.internal.kubeadm.files.kubelet" . }}
-{{- include "cluster.internal.kubeadm.files.kubernetes" . }}
-{{- include "cluster.internal.kubeadm.files.proxy" . }}
+{{- include "cluster.internal.kubeadm.files.sysctl" $ }}
+{{- include "cluster.internal.kubeadm.files.systemd" $ }}
+{{- include "cluster.internal.kubeadm.files.ssh" $ }}
+{{- include "cluster.internal.kubeadm.files.cri" $ }}
+{{- include "cluster.internal.kubeadm.files.kubelet" $ }}
+{{- include "cluster.internal.kubeadm.files.proxy" $ }}
 {{- end }}
 
 {{- define "cluster.internal.kubeadm.files.sysctl" }}
@@ -61,19 +60,6 @@
 {{- end }}
 {{- end }}
 
-{{- define "cluster.internal.kubeadm.files.kubernetes" }}
-- path: /etc/kubernetes/policies/audit-policy.yaml
-  permissions: "0600"
-  encoding: base64
-  content: {{ $.Files.Get "files/etc/kubernetes/policies/audit-policy.yaml" | b64enc }}
-- path: /etc/kubernetes/encryption/config.yaml
-  permissions: "0600"
-  contentFrom:
-    secret:
-      name: {{ include "cluster.resource.name" $ }}-encryption-provider-config
-      key: encryption
-{{- end }}
-
 {{- define "cluster.internal.kubeadm.files.proxy" }}
 {{- if and $.Values.global.connectivity.proxy $.Values.global.connectivity.proxy.enabled }}
 - path: /etc/systemd/system/containerd.service.d/http-proxy.conf

helm/cluster/templates/clusterapi/controlplane/_helpers_files.tpl

@@ -1,9 +1,23 @@
 {{- define "cluster.internal.controlPlane.kubeadm.files" }}
-{{- include "cluster.internal.kubeadm.files" . -}}
+{{- include "cluster.internal.kubeadm.files" $ -}}
+{{- include "cluster.internal.kubeadm.files.kubernetes" . }}
 {{- if $.Values.global.controlPlane.oidc.caPem }}
 - path: /etc/ssl/certs/oidc.pem
   permissions: "0600"
   encoding: base64
   content: {{ tpl ($.Files.Get "files/etc/ssl/certs/oidc.pem") . | b64enc }}
 {{- end }}
 {{- end }}
+
+{{- define "cluster.internal.kubeadm.files.kubernetes" }}
+- path: /etc/kubernetes/policies/audit-policy.yaml
+  permissions: "0600"
+  encoding: base64
+  content: {{ $.Files.Get "files/etc/kubernetes/policies/audit-policy.yaml" | b64enc }}
+- path: /etc/kubernetes/encryption/config.yaml
+  permissions: "0600"
+  contentFrom:
+    secret:
+      name: {{ include "cluster.resource.name" $ }}-encryption-provider-config
+      key: encryption
+{{- end }}

helm/cluster/templates/clusterapi/controlplane/kubeadmcontrolplane.yaml

@@ -43,7 +43,7 @@ spec:
     joinConfiguration:
       {{- include "cluster.internal.controlPlane.kubeadm.joinConfiguration" $ | indent 6 }}
     files:
-    {{- include "cluster.internal.controlPlane.kubeadm.files" . | indent 4 }}
+    {{- include "cluster.internal.controlPlane.kubeadm.files" $ | indent 4 }}
     preKubeadmCommands:
     {{- include "cluster.internal.controlPlane.kubeadm.preKubeadmCommands" $ | indent 4 }}
     postKubeadmCommands:

helm/cluster/templates/clusterapi/workers/_helpers_files.tpl

@@ -0,0 +1,3 @@
+{{- define "cluster.internal.workers.kubeadm.files" }}
+{{- include "cluster.internal.kubeadm.files" $ -}}
+{{- end }}

helm/cluster/templates/clusterapi/workers/kubeadmconfig.yaml

@@ -32,6 +32,10 @@ spec:
   {{- include "cluster.internal.workers.kubeadm.preKubeadmCommands" $ | indent 2 }}
   postKubeadmCommands:
   {{- include "cluster.internal.workers.kubeadm.postKubeadmCommands" $ | indent 2 }}
+  users:
+  {{- include "cluster.internal.kubeadm.users" $ | indent 2 }}
+  files:
+  {{- include "cluster.internal.workers.kubeadm.files" $ | indent 2 }}
 ---
 {{- end }}
 {{- end }}