added tls cert to workers trust store

reviewed bootstrap/controller logic to allow generation and management of multiple machine configs

Author: andfasano

pkg/controller/bootstrap/bootstrap.go

@@ -115,10 +115,6 @@ func (b *Bootstrap) Run(destDir string) error {
 		}
 		defer file.Close()
 
-		if info.Name() == "internal-release-image-tls-secret.yaml" {
-			_ = ""
-		}
-
 		manifests, err := parseManifests(file.Name(), file)
 		if err != nil {
 			return fmt.Errorf("error parsing manifests from %s: %w", file.Name(), err)
@@ -262,11 +258,11 @@ func (b *Bootstrap) Run(destDir string) error {
 
 	if fgHandler != nil && fgHandler.Enabled(features.FeatureGateNoRegistryClusterInstall) {
 		if iri != nil {
-			configs, err := internalreleaseimage.RunInternalReleaseImageBootstrap(iri, iriTLSCert, cconfig)
+			iriConfigs, err := internalreleaseimage.RunInternalReleaseImageBootstrap(iri, iriTLSCert, cconfig)
 			if err != nil {
 				return err
 			}
-			configs = append(configs, configs...)
+			configs = append(configs, iriConfigs...)
 			klog.Infof("Successfully generated MachineConfig from InternalReleaseImage.")
 		}
 	}

pkg/controller/internalreleaseimage/internalreleaseimage_bootstrap.go

@@ -7,7 +7,22 @@ import (
 	mcfgv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1"
 )
 
-// RunInternalReleaseImageBootstrap generates the MachineConfig objects for InternalReleaseImage that would have been generated by syncInternalReleaseImage
-func RunInternalReleaseImageBootstrap(iri *mcfgv1alpha1.InternalReleaseImage, iriTLSCert *corev1.Secret, controllerConfig *mcfgv1.ControllerConfig) ([]*mcfgv1.MachineConfig, error) {
-	return generateInternalReleaseImageMachineConfigs(iri, iriTLSCert, controllerConfig)
+// RunInternalReleaseImageBootstrap generates the MachineConfig objects for InternalReleaseImage that would have been generated by syncInternalReleaseImage.
+func RunInternalReleaseImageBootstrap(iri *mcfgv1alpha1.InternalReleaseImage, iriSecret *corev1.Secret, cconfig *mcfgv1.ControllerConfig) ([]*mcfgv1.MachineConfig, error) {
+	configs := []*mcfgv1.MachineConfig{}
+
+	for _, role := range SupportedRoles {
+		r := NewRendererByRole(role, iri, iriSecret, cconfig)
+		mc, err := r.CreateEmptyMachineConfig()
+		if err != nil {
+			return nil, err
+		}
+		err = r.RenderAndSetIgnition(mc)
+		if err != nil {
+			return nil, err
+		}
+		configs = append(configs, mc)
+	}
+
+	return configs, nil
 }

pkg/controller/internalreleaseimage/internalreleaseimage_bootstrap_test.go

@@ -10,5 +10,5 @@ import (
 func TestRunInternalReleaseImageBootstrap(t *testing.T) {
 	configs, err := RunInternalReleaseImageBootstrap(&mcfgv1alpha1.InternalReleaseImage{}, iriCertSecret().obj, cconfig().obj)
 	assert.NoError(t, err)
-	verifyInternalReleaseMasterMachineConfig(t, configs[0])
+	verifyAllInternalReleaseImageMachineConfigs(t, configs)
 }