chore(t8s-cluster/management-cluster)!: update CAPIO and migrate conf…

…ig (#1197)
teutonet · Nov 18, 2024 · ff9248b · ff9248b
1 parent 948868e
commit ff9248b
Show file tree

Hide file tree

Showing 15 changed files with 96 additions and 87 deletions.
diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl
@@ -1,5 +1,5 @@
 {{- define "t8s-cluster.clusterClass.infrastructureApiVersion" -}}
-infrastructure.cluster.x-k8s.io/v1alpha7
+infrastructure.cluster.x-k8s.io/v1beta1
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.cloudName" -}}
@@ -13,7 +13,7 @@ openstack
 
 {{- define "t8s-cluster.clusterClass.tlsCipherSuites" -}}
   {{- $cipherSuites := list "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" "TLS_RSA_WITH_AES_256_GCM_SHA384" "TLS_RSA_WITH_AES_128_GCM_SHA256" -}}
-  {{- $cipherSuites | toYaml -}}
+  {{- toYaml $cipherSuites -}}
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.preKubeadmCommands" -}}
@@ -82,7 +82,7 @@ server = {{ printf "https://%s" .registry | quote }}
       {{- $featureGates = set $featureGates $featureGate true -}}
     {{- end -}}
   {{- end -}}
-  {{- $featureGates | toYaml -}}
+  {{- toYaml $featureGates -}}
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" -}}
@@ -97,14 +97,14 @@ server = {{ printf "https://%s" .registry | quote }}
     "registry.k8s.io"
     "registry.opensource.zalan.do"
     "registry.teuto.io"
-    -}}
+  -}}
   {{- $mirroredRegistries := concat $defaultMirroredRegistries (.Values.containerRegistryMirror.additionallyMirroredRegistries | default list) | sortAlpha | uniq -}}
   {{- $files := list -}}
   {{- range $registry := $mirroredRegistries }}
     {{- $files = append $files (dict "content" (include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs.content" (dict "registry" $registry "endpoint" $.Values.containerRegistryMirror.mirrorEndpoint)) "path" (printf `/etc/containerd/registries.conf.d/%s/hosts.toml` $registry)) -}}
   {{- end }}
   {{- $files = append $files (dict "content" (include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs.content" (dict "registry" "registry-1.docker.io" "endpoint" $.Values.containerRegistryMirror.mirrorEndpoint)) "path" "/etc/containerd/registries.conf.d/docker.io/hosts.toml") -}}
-  {{- $files | toYaml -}}
+  {{- toYaml $files -}}
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.configTemplate.files" -}}
@@ -120,7 +120,7 @@ server = {{ printf "https://%s" .registry | quote }}
   {{- if .Values.global.injectedCertificateAuthorities }}
     {{- $files = append $files (dict "content" .Values.global.injectedCertificateAuthorities "path" "/usr/local/share/ca-certificates/injected-ca-certs.crt" ) -}}
   {{- end }}
-  {{- $files | toYaml -}}
+  {{- toYaml $files -}}
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.args.base" -}}
@@ -130,10 +130,12 @@ server = {{ printf "https://%s" .registry | quote }}
 {{- define "t8s-cluster.clusterClass.args.shared" -}}
   {{- $args := include "t8s-cluster.clusterClass.args.base" (dict) | fromYaml -}}
   {{- $args = mustMerge (dict
-    "authorization-always-allow-paths" (list "/healthz" "/readyz" "/livez" "/metrics" | join ",")
-    "bind-address" "0.0.0.0"
-    ) $args -}}
-  {{- $args | toYaml -}}
+      "authorization-always-allow-paths" (list "/healthz" "/readyz" "/livez" "/metrics" | join ",")
+      "bind-address" "0.0.0.0"
+    )
+    $args
+  -}}
+  {{- toYaml $args -}}
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.args.scheduler" -}}
@@ -149,15 +151,15 @@ server = {{ printf "https://%s" .registry | quote }}
   {{- $args := include "t8s-cluster.clusterClass.args.shared" (dict) | fromYaml -}}
   {{- $args = mustMerge (include "t8s-cluster.clusterClass.args.sharedController" (dict "context" .context) | fromYaml) $args -}}
   {{- $args = set $args "terminated-pod-gc-threshold" "100" -}}
-  {{- $args | toYaml -}}
+  {{- toYaml $args -}}
 {{- end }}
 
 {{- define "t8s-cluster.clusterClass.apiServer.admissionPlugins" -}}
   {{- $admissionPlugins := list "AlwaysPullImages" "NodeRestriction" -}}
   {{- if not .excludePatches -}}
     {{- $admissionPlugins = concat $admissionPlugins (list "EventRateLimit") -}}
   {{- end -}}
-  {{- $admissionPlugins | toYaml -}}
+  {{- toYaml $admissionPlugins -}}
 {{- end -}}
 
 {{- define "t8s-cluster.clusterClass.args.apiServer" -}}
@@ -166,5 +168,5 @@ server = {{ printf "https://%s" .registry | quote }}
   {{- $args = set $args "enable-admission-plugins" (include "t8s-cluster.clusterClass.apiServer.admissionPlugins" (dict "excludePatches" .excludePatches) | fromYamlArray | join ",") -}}
   {{- $args = set $args "event-ttl" "4h" -}}
   {{- $args = set $args "tls-cipher-suites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | fromYamlArray | join ",") -}}
-  {{- $args | toYaml -}}
+  {{- toYaml $args -}}
 {{- end }}
diff --git a/...s/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml b/...s/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml
@@ -3,6 +3,7 @@
 joinConfiguration:
   nodeRegistration:
     kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .context) | nindent 6 }}
+    imagePullSerial: false
   patches:
     directory: /etc/kubernetes/patches
 files: {{- include "t8s-cluster.clusterClass.configTemplate.files" (dict "context" .context "gpu" .gpu) | nindent 2 }}

diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml
@@ -43,16 +43,6 @@ spec:
       kind: OpenStackClusterTemplate
       name: {{ printf "%s-%s" $.Release.Name (include "t8s-cluster.clusterClass.openStackClusterTemplate.specHash" (dict "context" $)) }}
   variables:
-    - name: controlPlaneServerGroupID
-      required: true
-      schema:
-        openAPIV3Schema:
-          type: string
-    - name: machineDeploymentServerGroupID
-      required: false
-      schema:
-        openAPIV3Schema:
-          type: string
     - name: dnsNameservers
       required: true
       schema:
@@ -79,35 +69,6 @@ spec:
           type: string
           default: compute-plane-placeholder
   patches:
-    {{- if not .Values.controlPlane.hosted }}
-    - name: controlPlaneServerGroupID
-      description: Sets the ServerGroupID for Control Plane machines.
-      definitions:
-        - jsonPatches:
-            - op: add
-              path: /spec/template/spec/serverGroupID
-              valueFrom:
-                variable: controlPlaneServerGroupID
-          selector:
-            apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }}
-            kind: OpenStackMachineTemplate
-            matchResources:
-              controlPlane: true
-    {{- end }}
-    - name: machineDeploymentServerGroupID
-      description: Sets the ServerGroupID for MachineDeployment machines.
-      definitions:
-        - jsonPatches:
-            - op: add
-              path: /spec/template/spec/serverGroupID
-              valueFrom:
-                variable: machineDeploymentServerGroupID
-          selector:
-            apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }}
-            kind: OpenStackMachineTemplate
-            matchResources:
-              machineDeploymentClass:
-                names: {{- $machineDeploymentClasses | keys | sortAlpha | toYaml | nindent 18 }}
     - name: machineDeploymentFlavour
       definitions:
         - jsonPatches:
@@ -127,7 +88,7 @@ spec:
         - jsonPatches:
             - &imagePatch
               op: add
-              path: /spec/template/spec/image
+              path: /spec/template/spec/image/id
               valueFrom:
                 template: {{ printf "t8s-engine-%s{{ .builtin.machineDeployment.version }}" .Values.openstackImageNamePrefix }}
           selector: &imagePatchSelector
@@ -170,7 +131,7 @@ spec:
               infrastructureCluster: true
           jsonPatches:
             - op: add
-              path: /spec/template/spec/dnsNameservers
+              path: /spec/template/spec/managedSubnets/0/dnsNameservers
               valueFrom:
                 variable: dnsNameservers
   workers:

diff --git a/...ster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_helpers.tpl b/...ster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_helpers.tpl
@@ -1,7 +1,5 @@
 {{- define "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.specHash" -}}
   {{/* the full context is needed for .Files.Get */}}
-  {{- $inputs := (dict
-    "spec" (include "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.spec" $)
-    ) -}}
+  {{- $inputs := dict "spec" (include "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.spec" $) -}}
   {{- mustToJson $inputs | toString | quote | sha1sum | trunc 8 -}}
 {{- end -}}
diff --git a/...luster/clusterClass/k0smotronControlPlaneTemplate/_k0smotronControlPlaneTemplateSpec.yaml b/...luster/clusterClass/k0smotronControlPlaneTemplate/_k0smotronControlPlaneTemplateSpec.yaml
@@ -41,11 +41,11 @@ k0sConfig:
         {{- $values := dict "cgroupDriver" "systemd" }}
         {{ $values = mustMerge $values (include "t8s-cluster.kubelet.options" (dict) | fromYaml) }}
         {{ $values = mustMerge $values (include "t8s-cluster.patches.kubelet.imagePulls" (dict "context" .) | fromYaml) }}
-        values: {{- $values | toYaml | nindent 10 }}
+        values: {{- toYaml $values | nindent 10 }}
     featureGates: {{- range $featureGate, $components := include "t8s-cluster.featureGates" (dict) | fromYaml }}
       - name: {{ $featureGate }}
         enabled: true
-        components: {{- $components | toYaml | nindent 10 }}
+        components: {{- toYaml $components | nindent 10 }}
       {{- end }}
 etcd:
   persistence:

diff --git a/...luster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl b/...luster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl
@@ -1,8 +1,6 @@
 {{- define "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.specHash" -}}
   {{/* the full context is needed for .Files.Get */}}
-  {{- $inputs := (dict
-    "spec" (include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" $)
-    ) -}}
+  {{- $inputs := dict "spec" (include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" $) -}}
   {{- mustToJson $inputs | toString | quote | sha1sum | trunc 8 -}}
 {{- end -}}
 
@@ -23,7 +21,7 @@
     "admission-control-config.yaml" (required "Missing" .admissionControlConfigFilePath)
     "event-rate-limit-config.yaml" (required "Missing" .eventRateLimitConfigFilePath)
     "kube-proxy.config.yaml" "/etc/kube-proxy-config.yaml"
-   -}}
+  -}}
   {{- range $file, $path := $configs -}}
     {{- $files = append $files (dict "content" ($.Files.Get (printf "files/%s" $file)) "path" $path) -}}
   {{- end -}}
@@ -33,5 +31,5 @@
   {{- end -}}
   {{- $apiserverPatch := dict "spec" (dict "containers" (list (dict "name" "kube-apiserver" "resources" (dict "requests" (dict "memory" "2Gi") "limits" (dict "memory" "4Gi"))))) -}}
   {{- $files = append $files (include "t8s-cluster.patches.patchFile" (dict "values" $apiserverPatch "target" "kube-apiserver" "component" "memory") | fromYaml) -}}
-  {{- $files | toYaml -}}
+  {{- toYaml $files -}}
 {{- end -}}
diff --git a/...nt-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml b/...nt-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml
@@ -34,6 +34,7 @@ kubeadmConfigSpec:
   initConfiguration: &configuration
     nodeRegistration:
       kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .) | nindent 8 }}
+      imagePullSerial: false
     patches:
       directory: {{ include "t8s-cluster.patches.directory" (dict) }}
   joinConfiguration: *configuration

diff --git a/...s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_helpers.tpl b/...s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_helpers.tpl
@@ -1,7 +1,7 @@
 {{- define "t8s-cluster.clusterClass.openStackClusterTemplate.specHash" -}}
-  {{- $inputs := (dict
+  {{- $inputs := dict
     "spec" (include "t8s-cluster.clusterClass.openStackClusterTemplate.spec" (dict "context" .context))
     "infrastructureApiVersion" (include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict))
-    ) -}}
+  -}}
   {{- mustToJson $inputs | toString | quote | sha1sum | trunc 8 -}}
 {{- end -}}
diff --git a/...nagement-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml b/...nagement-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml
@@ -11,21 +11,59 @@ apiServerLoadBalancer:
   {{- end }}
 disableAPIServerFloatingIP: {{ .Values.controlPlane.hosted }}
 bastion:
-  availabilityZone: {{ .Values.bastion.availabilityZone }}
   enabled: {{ .Values.bastion.enabled }}
-  instance:
+  {{- if .Values.bastion.enabled }}
+    {{- with .Values.bastion.availabilityZone }}
+  availabilityZone: {{ . }}
+    {{- end }}
+  spec:
     cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }}
     flavor: standard.1.1905
     identityRef:
       kind: Secret
       name: {{ include "t8s-cluster.clusterClass.getIdentityRefSecretName" (dict "context" .context) }}
-    image: Ubuntu 20.04
-    sshKeyName: {{ .Values.bastion.sshKeyName }}
-cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }}
+    image:
+      filter:
+        name: Ubuntu 20.04
+    {{- with .Values.bastion.sshKeyName }}
+    sshKeyName: {{ . }}
+    {{- end }}
+  {{- end }}
 disablePortSecurity: false
 identityRef:
-  kind: Secret
   name: {{ include "t8s-cluster.clusterClass.getIdentityRefSecretName" (dict "context" .context) }}
-managedSecurityGroups: true
-nodeCidr: 10.6.0.0/24
+  cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }}
+  {{- $cniSecurityGroupRules := dict -}}
+    {{- $cni := include "t8s-cluster.cni" .context -}}
+    {{- $remoteManagedGroups := list "worker" -}}
+    {{- if not .Values.controlPlane.hosted -}}
+      {{ $remoteManagedGroups = append $remoteManagedGroups "controlplane" -}}
+    {{- end -}}
+    {{- if eq $cni "calico" }}
+      {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "BGP" (dict "port" 179 "protocol" "tcp") -}}
+      {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "IP-in-IP" (dict "protocol" "4") -}}
+    {{- else if eq $cni "cilium" -}}
+      {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "VXLAN" (dict "port" 8472 "protocol" "udp") -}}
+      {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "health (http)" (dict "port" 4240 "protocol" "tcp") -}}
+      {{- $cniSecurityGroupRules = set $cniSecurityGroupRules "health (ping)" (dict "protocol" "icmp") -}}
+    {{- end }}
+  {{- $allNodesSecurityGroupRules := list -}}
+  {{- range $name, $securityGroupRule := $cniSecurityGroupRules -}}
+    {{- $_securityGroupRule := dict
+      "name" (printf "%s %s" $cni $name)
+      "direction" "Ingress"
+      "etherType" "IPv4"
+      "protocol" ($securityGroupRule.protocol | required "security group rule protocol is required")
+      "remoteManagedGroups" $remoteManagedGroups
+    -}}
+    {{- if or (hasKey $securityGroupRule "port") (hasKey $securityGroupRule "portMin") -}}
+      {{- $_securityGroupRule = set $_securityGroupRule "PortRangeMin" ($securityGroupRule.portMin | default $securityGroupRule.port) -}}
+      {{- $_securityGroupRule = set $_securityGroupRule "PortRangeMax" ($securityGroupRule.portMax | default $securityGroupRule.port) -}}
+    {{- end -}}
+    {{- $allNodesSecurityGroupRules = append $allNodesSecurityGroupRules $_securityGroupRule  -}}
+  {{- end }}
+managedSecurityGroups:
+  allNodesSecurityGroupRules: {{- toYaml $allNodesSecurityGroupRules | nindent 4 }}
+managedSubnets:
+  - cidr: 10.6.0.0/24
 {{- end -}}
diff --git a/...es/management-cluster/clusterClass/openStackClusterTemplate/openStackClusterTemplate.yaml b/...es/management-cluster/clusterClass/openStackClusterTemplate/openStackClusterTemplate.yaml
@@ -1,5 +1,5 @@
 {{- if false }}
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha7
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 {{- else }}
 apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }}
 {{- end }}

diff --git a/...-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_helpers.tpl b/...-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/_helpers.tpl
@@ -1,8 +1,8 @@
 {{- define "t8s-cluster.clusterClass.openStackMachineTemplate.specHash" -}}
-  {{- $inputs := (dict
+  {{- $inputs := dict
     "spec" (include "t8s-cluster.clusterClass.openStackMachineTemplate.spec" (dict "name" .name "context" .context))
     "infrastructureApiVersion" (include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict))
-    ) -}}
+  -}}
   {{- mustToJson $inputs | toString | quote | sha1sum | trunc 8 -}}
 {{- end -}}
 
@@ -23,10 +23,9 @@
     {{- $additionalSecurityGroups = .Values.additionalComputePlaneSecurityGroups -}}
   {{- end -}}
   {{- $securityGroups := $additionalSecurityGroups | default (list) -}}
-  {{- $securityGroups = append $securityGroups "default" | sortAlpha | uniq }}
   {{- $securityGroupsObject := list -}}
-  {{- range $name := $securityGroups -}}
-    {{- $securityGroupsObject = append $securityGroupsObject (dict "name" $name)}}
+  {{- range $name := $securityGroups | sortAlpha -}}
+    {{- $securityGroupsObject = append $securityGroupsObject (dict "filter" (dict "name" $name))}}
   {{- end -}}
   {{- toYaml $securityGroupsObject -}}
 {{- end -}}
diff --git a/...agement-cluster/clusterClass/openStackMachineTemplates/_openstackMachineTemplateSpec.yaml b/...agement-cluster/clusterClass/openStackMachineTemplates/_openstackMachineTemplateSpec.yaml
@@ -4,13 +4,15 @@ Here we are generating a hash suffix.
 */}}
 {{- define "t8s-cluster.clusterClass.openStackMachineTemplate.spec" -}}
   {{- $_ := mustMerge . (pick .context "Values") -}}
-cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }}
 flavor: {{ eq .name "control-plane" | ternary .Values.controlPlane.flavor "compute-plane-placeholder" }}
 identityRef:
   name: {{ include "t8s-cluster.clusterClass.getIdentityRefSecretName" (dict "context" .context) }}
-  kind: Secret
+  cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }}
 securityGroups: {{- include "t8s-cluster.clusterClass.securityGroups" (dict "name" .name "context" .context) | nindent 2 }}
   {{- with .Values.sshKeyName }}
 sshKeyName: {{ . }}
-  {{- end -}}
+  {{- end }}
+serverGroup:
+  filter:
+    name: {{ .name }}
 {{- end -}}
diff --git a/.../management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml b/.../management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml
@@ -1,7 +1,7 @@
 {{- range $name := list "compute-plane" "control-plane" }}
   {{- if or (ne $name "control-plane") (not $.Values.controlPlane.hosted) }}
     {{- if false }}
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha7
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     {{- else }}
 apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }}
     {{- end }}

diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl
@@ -4,7 +4,7 @@
   {{- if and (or (gt (.Values.version.major | int) 1) (ge (.Values.version.minor | int) 27)) (gt (int .Values.global.kubeletExtraConfig.maxParallelImagePulls) 1) -}}
     {{- $values = mustMerge $values (dict "serializeImagePulls" false "maxParallelImagePulls" .Values.global.kubeletExtraConfig.maxParallelImagePulls) -}}
   {{- end -}}
-  {{- $values | toYaml -}}
+  {{- toYaml $values -}}
 {{- end -}}
 
 {{- define "t8s-cluster.kubelet.featureGates"}}
@@ -17,7 +17,7 @@
   {{- $options = set $options "protectKernelDefaults" true -}}
   {{- $options = set $options "tlsCipherSuites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | fromYamlArray) -}}
   {{- $options = set $options "seccompDefault" true -}}
-  {{- $options | toYaml -}}
+  {{- toYaml $options -}}
 {{- end -}}
 
 {{- define "t8s-cluster.patches.kubelet.default" -}}
@@ -35,7 +35,7 @@
   {{- end -}}
   {{- $patches = append $patches (include "t8s-cluster.patches.patchFile" (dict "values" $cleanupJsonPatch "target" "kubeletconfiguration" "suffix" 0 "patchType" "json") | fromYaml) -}}
   {{- $patches = append $patches (include "t8s-cluster.patches.patchFile" (dict "values" $values "target" "kubeletconfiguration" "component" "default") | fromYaml) -}}
-  {{- $patches | toYaml -}}
+  {{- toYaml $patches -}}
 {{- end -}}
 
 {{- define "t8s-cluster.patches.kubelet.patches" -}}