From 8f6e5fa00c22890f91837cbd37546450a57aa88b Mon Sep 17 00:00:00 2001 From: Enxebre Date: Tue, 1 Jun 2021 15:54:09 +0200 Subject: [PATCH] Drop ExternalInfraCluster CRD in favour of AWSCluster This PR drops the ExternalInfraCluster CRD in favour of AWSCluster. Originally we added support for externally managed infra in CAPA via the ExternalInfraCluster CRD https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/2124 and we used that commit of CAPA in hypershift. Later on we decided to revert that approach upstream and reuse the existing ${infra}Cluster CRDs with an annotation to support externally managed infrastructure https://github.com/kubernetes-sigs/cluster-api/pull/4135 This PR bring latest CAPI/CAPA. As a follow up we need to rebuild the images and consume them from quay.io/hypershift. --- api/v1alpha1/hosted_controlplane.go | 10 ++ ...hift.openshift.io_hostedcontrolplanes.yaml | 7 +- .../hostedcontrolplane_controller.go | 1 + .../externalinfracluster_controller.go | 149 ----------------- .../hostedcluster/hostedcluster_controller.go | 155 ++++++++++++++---- .../manifests/clusterapi/manifests.go | 9 + .../controlplaneoperator/manifests.go | 5 +- .../controllers/nodepool/manifests.go | 2 +- .../nodepool/nodepool_controller.go | 2 +- hypershift-operator/main.go | 8 - 10 files changed, 154 insertions(+), 194 deletions(-) delete mode 100644 hypershift-operator/controllers/externalinfracluster/externalinfracluster_controller.go diff --git a/api/v1alpha1/hosted_controlplane.go b/api/v1alpha1/hosted_controlplane.go index bbc779709f2..6438d253e9d 100644 --- a/api/v1alpha1/hosted_controlplane.go +++ b/api/v1alpha1/hosted_controlplane.go @@ -107,10 +107,20 @@ type HostedControlPlaneCondition struct { type HostedControlPlaneStatus struct { // Ready denotes that the HostedControlPlane API Server is ready to // receive requests + // This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L226-L230 // +kubebuilder:validation:Required // +kubebuilder:default=false Ready bool `json:"ready"` + // Initialized denotes whether or not the control plane has + // provided a kubeadm-config. + // Once this condition is marked true, its value is never changed. See the Ready condition for an indication of + // the current readiness of the cluster's control plane. + // This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L238-L252 + // +kubebuilder:validation:Required + // +kubebuilder:default=false + Initialized bool `json:"initialized"` + // ExternalManagedControlPlane indicates to cluster-api that the control plane // is managed by an external service. // https://github.com/kubernetes-sigs/cluster-api/blob/65e5385bffd71bf4aad3cf34a537f11b217c7fab/controllers/machine_controller.go#L468 diff --git a/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml b/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml index a5d422486fb..b5fc21f7910 100644 --- a/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml +++ b/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml @@ -354,6 +354,10 @@ spec: default: true description: ExternalManagedControlPlane indicates to cluster-api that the control plane is managed by an external service. https://github.com/kubernetes-sigs/cluster-api/blob/65e5385bffd71bf4aad3cf34a537f11b217c7fab/controllers/machine_controller.go#L468 type: boolean + initialized: + default: false + description: Initialized denotes whether or not the control plane has provided a kubeadm-config. Once this condition is marked true, its value is never changed. See the Ready condition for an indication of the current readiness of the cluster's control plane. This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L238-L252 + type: boolean kubeConfig: description: KubeConfig is a reference to the secret containing the default kubeconfig for this control plane. properties: @@ -371,7 +375,7 @@ spec: type: string ready: default: false - description: Ready denotes that the HostedControlPlane API Server is ready to receive requests + description: Ready denotes that the HostedControlPlane API Server is ready to receive requests This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L226-L230 type: boolean releaseImage: description: ReleaseImage is the release image applied to the hosted control plane. @@ -381,6 +385,7 @@ spec: type: string required: - conditions + - initialized - ready type: object type: object diff --git a/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go b/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go index 606ecf92e27..a97b97079b4 100644 --- a/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go +++ b/control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go @@ -452,6 +452,7 @@ func (r *HostedControlPlaneReconciler) Reconcile(ctx context.Context, req ctrl.R } r.Log.Info("Successfully reconciled") + oldStatus.Initialized = true return r.setAvailableCondition(ctx, hostedControlPlane, oldStatus, hyperv1.ConditionTrue, "AsExpected", "HostedControlPlane is ready", ctrl.Result{}, nil) } diff --git a/hypershift-operator/controllers/externalinfracluster/externalinfracluster_controller.go b/hypershift-operator/controllers/externalinfracluster/externalinfracluster_controller.go deleted file mode 100644 index 5e592c69e82..00000000000 --- a/hypershift-operator/controllers/externalinfracluster/externalinfracluster_controller.go +++ /dev/null @@ -1,149 +0,0 @@ -package externalinfracluster - -import ( - "context" - "fmt" - "time" - - "github.com/go-logr/logr" - "github.com/pkg/errors" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/tools/record" - "k8s.io/client-go/util/workqueue" - ctrl "sigs.k8s.io/controller-runtime" - ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - - hyperv1 "github.com/openshift/hypershift/api/v1alpha1" - "github.com/openshift/hypershift/hypershift-operator/controllers/manifests" - "github.com/openshift/hypershift/hypershift-operator/controllers/manifests/controlplaneoperator" - hyperutil "github.com/openshift/hypershift/hypershift-operator/controllers/util" - "github.com/openshift/hypershift/thirdparty/clusterapi/util" - "github.com/openshift/hypershift/thirdparty/clusterapi/util/patch" -) - -const ( - hostedClusterAnnotation = "hypershift.openshift.io/cluster" -) - -type ExternalInfraClusterReconciler struct { - ctrlclient.Client - recorder record.EventRecorder - Log logr.Logger -} - -func (r *ExternalInfraClusterReconciler) SetupWithManager(mgr ctrl.Manager) error { - _, err := ctrl.NewControllerManagedBy(mgr). - For(&hyperv1.ExternalInfraCluster{}). - Watches(&source.Kind{Type: &hyperv1.HostedControlPlane{}}, handler.EnqueueRequestsFromMapFunc(enqueueExternalInfraForControlPlane)). - WithOptions(controller.Options{ - RateLimiter: workqueue.NewItemExponentialFailureRateLimiter(1*time.Second, 10*time.Second), - }). - Build(r) - if err != nil { - return errors.Wrap(err, "failed setting up with a controller manager") - } - - r.recorder = mgr.GetEventRecorderFor("external-infra-controller") - - return nil -} - -func (r *ExternalInfraClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - r.Log = ctrl.LoggerFrom(ctx) - r.Log.Info("Reconciling") - - // Fetch the ExternalInfraCluster instance - externalInfraCluster := &hyperv1.ExternalInfraCluster{} - err := r.Client.Get(ctx, req.NamespacedName, externalInfraCluster) - if err != nil { - if apierrors.IsNotFound(err) { - r.Log.Info("ExternalInfraCluster not found") - return ctrl.Result{}, nil - } - r.Log.Error(err, "error getting ExternalInfraCluster") - return ctrl.Result{}, err - } - - // Fetch the Cluster. - cluster, err := util.GetOwnerCluster(ctx, r.Client, externalInfraCluster.ObjectMeta) - if err != nil { - r.Log.Error(err, "error getting owner cluster") - return ctrl.Result{}, err - } - if cluster == nil { - r.Log.Info("Cluster Controller has not yet set OwnerRef") - return ctrl.Result{}, nil - } - - if util.IsPaused(cluster, externalInfraCluster) { - r.Log.Info("ExternalInfraCluster or linked Cluster is marked as paused. Won't reconcile") - return ctrl.Result{}, nil - } - - // Return early if deleted - if !externalInfraCluster.DeletionTimestamp.IsZero() { - return ctrl.Result{}, nil - } - - r.Log = r.Log.WithValues("cluster", cluster.Name) - - patchHelper, err := patch.NewHelper(externalInfraCluster, r.Client) - if err != nil { - r.Log.Error(err, "error building patchHelper") - return ctrl.Result{}, err - } - - hcp := &hyperv1.HostedControlPlane{} - controlPlaneRef := types.NamespacedName{ - Name: cluster.Spec.ControlPlaneRef.Name, - Namespace: cluster.Namespace, - } - - if err := r.Client.Get(ctx, controlPlaneRef, hcp); err != nil { - r.Log.Error(err, "failed to get control plane ref") - return reconcile.Result{}, err - } - - // TODO (alberto): populate the API and create/consume infrastructure via aws sdk - // role profile, sg, vpc, subnets. - if !hcp.Status.Ready { - r.Log.Info("Control plane is not ready yet.") - return reconcile.Result{}, nil - } - - // Set the values for upper level controller - externalInfraCluster.Status.Ready = true - externalInfraCluster.Spec.ControlPlaneEndpoint = hyperv1.APIEndpoint{ - Host: hcp.Status.ControlPlaneEndpoint.Host, - Port: hcp.Status.ControlPlaneEndpoint.Port, - } - - if err := patchHelper.Patch(ctx, externalInfraCluster); err != nil { - r.Log.Error(err, "failed to patch") - return ctrl.Result{}, fmt.Errorf("failed to patch: %w", err) - } - - r.Log.Info("Successfully reconciled") - return ctrl.Result{}, nil -} - -func enqueueExternalInfraForControlPlane(obj ctrlclient.Object) []reconcile.Request { - var hostedClusterName string - if obj.GetAnnotations() != nil { - hostedClusterName = obj.GetAnnotations()[hostedClusterAnnotation] - } - if hostedClusterName == "" { - return []reconcile.Request{} - } - hClusterName := hyperutil.ParseNamespacedName(hostedClusterName) - controlPlaneNamespace := manifests.HostedControlPlaneNamespace(hClusterName.Namespace, hClusterName.Name) - externalInfraCluster := controlplaneoperator.ExternalInfraCluster(controlPlaneNamespace.Name, hClusterName.Name) - return []reconcile.Request{ - {NamespacedName: types.NamespacedName{Namespace: externalInfraCluster.Namespace, Name: externalInfraCluster.Name}}, - } -} diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go index 5c92d1e1dec..b4ab8123046 100644 --- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go +++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go @@ -18,14 +18,16 @@ package hostedcluster import ( "context" + "crypto/x509" + "crypto/x509/pkix" "fmt" "strings" "time" - routev1 "github.com/openshift/api/route/v1" - "github.com/go-logr/logr" configv1 "github.com/openshift/api/config/v1" + routev1 "github.com/openshift/api/route/v1" + "github.com/openshift/hypershift/certs" "github.com/openshift/hypershift/hypershift-operator/controllers/manifests/ignitionserver" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -53,6 +55,7 @@ import ( "github.com/openshift/hypershift/hypershift-operator/controllers/manifests/controlplaneoperator" hyperutil "github.com/openshift/hypershift/hypershift-operator/controllers/util" capiv1 "github.com/openshift/hypershift/thirdparty/clusterapi/api/v1alpha4" + capiawsv1 "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4" ) const ( @@ -82,7 +85,7 @@ func (r *HostedClusterReconciler) SetupWithManager(mgr ctrl.Manager) error { } return ctrl.NewControllerManagedBy(mgr). For(&hyperv1.HostedCluster{}). - Watches(&source.Kind{Type: &hyperv1.ExternalInfraCluster{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)). + Watches(&source.Kind{Type: &capiawsv1.AWSCluster{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)). Watches(&source.Kind{Type: &hyperv1.HostedControlPlane{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)). Watches(&source.Kind{Type: &capiv1.Cluster{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)). WithOptions(controller.Options{ @@ -339,15 +342,6 @@ func (r *HostedClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reques } } - // Reconcile the CAPI ExternalInfraCluster - externalInfraCluster := controlplaneoperator.ExternalInfraCluster(controlPlaneNamespace.Name, hcluster.Name) - _, err = controllerutil.CreateOrUpdate(ctx, r.Client, externalInfraCluster, func() error { - return reconcileExternalInfraCluster(externalInfraCluster, hcluster) - }) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to reconcile externalinfracluster: %w", err) - } - // Reconcile the HostedControlPlane hcp := controlplaneoperator.HostedControlPlane(controlPlaneNamespace.Name, hcluster.Name) _, err = controllerutil.CreateOrUpdate(ctx, r.Client, hcp, func() error { @@ -357,10 +351,31 @@ func (r *HostedClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reques return ctrl.Result{}, fmt.Errorf("failed to reconcile hostedcontrolplane: %w", err) } + var infraCR client.Object + switch hcluster.Spec.Platform.Type { + case hyperv1.AWSPlatform: + // Reconcile external AWSCluster + if err := r.Client.Get(ctx, client.ObjectKeyFromObject(hcp), hcp); err != nil { + r.Log.Error(err, "failed to get control plane ref") + return reconcile.Result{}, err + } + + awsCluster := controlplaneoperator.AWSCluster(controlPlaneNamespace.Name, hcluster.Name) + _, err = controllerutil.CreateOrPatch(ctx, r.Client, awsCluster, func() error { + return reconcileAWSCluster(awsCluster, hcluster, hcp.Status.ControlPlaneEndpoint) + }) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to reconcile AWSCluster: %w", err) + } + infraCR = awsCluster + default: + // TODO(alberto): for platform None implement back a "pass through" infra CR similar to externalInfraCluster. + } + // Reconcile the CAPI Cluster resource capiCluster := controlplaneoperator.CAPICluster(controlPlaneNamespace.Name, hcluster.Spec.InfraID) _, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiCluster, func() error { - return reconcileCAPICluster(capiCluster, hcluster, hcp, externalInfraCluster) + return reconcileCAPICluster(capiCluster, hcluster, hcp, infraCR) }) if err != nil { return ctrl.Result{}, fmt.Errorf("failed to reconcile capi cluster: %w", err) @@ -502,6 +517,37 @@ func (r *HostedClusterReconciler) reconcileCAPIManager(ctx context.Context, hclu return fmt.Errorf("failed to get control plane namespace: %w", err) } + // Reconcile CAPI webhooks TLS secret + capiWebhooksTLSSecret := clusterapi.CAPIWebhooksTLSSecret(controlPlaneNamespace.Name) + _, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiWebhooksTLSSecret, func() error { + _, hasTLSPrivateKeyKey := capiWebhooksTLSSecret.Data[corev1.TLSPrivateKeyKey] + _, hasTLSCertKey := capiWebhooksTLSSecret.Data[corev1.TLSCertKey] + if hasTLSPrivateKeyKey && hasTLSCertKey { + return nil + } + + // We currently don't expose CAPI webhooks but still they run as part of the manager + // and it breaks without a cert https://github.com/kubernetes-sigs/cluster-api/pull/4709. + cn := "capi-webhooks" + ou := "openshift" + cfg := &certs.CertCfg{ + Subject: pkix.Name{CommonName: cn, OrganizationalUnit: []string{ou}}, + KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, + Validity: certs.ValidityTenYears, + IsCA: true, + } + key, crt, err := certs.GenerateSelfSignedCertificate(cfg) + if err != nil { + return fmt.Errorf("failed to generate CA (cn=%s,ou=%s): %w", cn, ou, err) + } + if capiWebhooksTLSSecret.Data == nil { + capiWebhooksTLSSecret.Data = map[string][]byte{} + } + capiWebhooksTLSSecret.Data[corev1.TLSCertKey] = certs.CertToPem(crt) + capiWebhooksTLSSecret.Data[corev1.TLSPrivateKeyKey] = certs.PrivateKeyToPem(key) + return nil + }) + // Reconcile CAPI manager service account capiManagerServiceAccount := clusterapi.CAPIManagerServiceAccount(controlPlaneNamespace.Name) _, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiManagerServiceAccount, NoopReconcile) @@ -548,7 +594,9 @@ func (r *HostedClusterReconciler) reconcileCAPIManager(ctx context.Context, hclu // Reconcile CAPI manager deployment capiManagerDeployment := clusterapi.ClusterAPIManagerDeployment(controlPlaneNamespace.Name) _, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiManagerDeployment, func() error { - return reconcileCAPIManagerDeployment(capiManagerDeployment, capiManagerServiceAccount, "quay.io/hypershift/cluster-api:hypershift") + // TODO (alberto): This image builds from https://github.com/kubernetes-sigs/cluster-api/pull/4709 + // We need to build from main branch and push to quay.io/hypershift once this is merged or otherwise enable webhooks. + return reconcileCAPIManagerDeployment(capiManagerDeployment, capiManagerServiceAccount, "quay.io/enxebre/capi:latest") }) if err != nil { return fmt.Errorf("failed to reconcile capi manager deployment: %w", err) @@ -594,7 +642,9 @@ func (r *HostedClusterReconciler) reconcileCAPIAWSProvider(ctx context.Context, // Reconcile CAPI AWS provider deployment capiAwsProviderDeployment := clusterapi.CAPIAWSProviderDeployment(controlPlaneNamespace.Name) _, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiAwsProviderDeployment, func() error { - return reconcileCAPIAWSProviderDeployment(capiAwsProviderDeployment, capiAwsProviderServiceAccount, "quay.io/hypershift/cluster-api-provider-aws:master") + // TODO (alberto): This image builds from https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/2453 + // We need to build from main branch and push to quay.io/hypershift once this is merged or otherwise enable webhooks. + return reconcileCAPIAWSProviderDeployment(capiAwsProviderDeployment, capiAwsProviderServiceAccount, "quay.io/enxebre/capiaws:latest") }) if err != nil { return fmt.Errorf("failed to reconcile capi aws provider deployment: %w", err) @@ -982,24 +1032,27 @@ func reconcileControlPlaneOperatorRoleBinding(binding *rbacv1.RoleBinding, role return nil } -func reconcileExternalInfraCluster(eic *hyperv1.ExternalInfraCluster, hcluster *hyperv1.HostedCluster) error { +func reconcileAWSCluster(awsCluster *capiawsv1.AWSCluster, hcluster *hyperv1.HostedCluster, apiEndpoint hyperv1.APIEndpoint) error { // We only create this resource once and then let CAPI own it - if !eic.CreationTimestamp.IsZero() { - return nil - } - - eic.Annotations = map[string]string{ - hostedClusterAnnotation: ctrlclient.ObjectKeyFromObject(hcluster).String(), + awsCluster.Annotations = map[string]string{ + hostedClusterAnnotation: ctrlclient.ObjectKeyFromObject(hcluster).String(), + capiv1.ManagedByAnnotation: "external", } if hcluster.Spec.Platform.AWS != nil { - eic.Spec.Region = hcluster.Spec.Platform.AWS.Region + awsCluster.Spec.Region = hcluster.Spec.Platform.AWS.Region } + // Set the values for upper level controller + awsCluster.Status.Ready = true + awsCluster.Spec.ControlPlaneEndpoint = capiv1.APIEndpoint{ + Host: apiEndpoint.Host, + Port: apiEndpoint.Port, + } return nil } -func reconcileCAPICluster(cluster *capiv1.Cluster, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, eic *hyperv1.ExternalInfraCluster) error { +func reconcileCAPICluster(cluster *capiv1.Cluster, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, infraCR client.Object) error { // We only create this resource once and then let CAPI own it if !cluster.CreationTimestamp.IsZero() { return nil @@ -1018,10 +1071,10 @@ func reconcileCAPICluster(cluster *capiv1.Cluster, hcluster *hyperv1.HostedClust Name: hcp.Name, }, InfrastructureRef: &corev1.ObjectReference{ - APIVersion: "hypershift.openshift.io/v1alpha1", - Kind: "ExternalInfraCluster", - Namespace: eic.Namespace, - Name: eic.Name, + APIVersion: "infrastructure.cluster.x-k8s.io/v1alpha4", + Kind: "AWSCluster", + Namespace: infraCR.GetNamespace(), + Name: infraCR.GetName(), }, } @@ -1029,6 +1082,7 @@ func reconcileCAPICluster(cluster *capiv1.Cluster, hcluster *hyperv1.HostedClust } func reconcileCAPIManagerDeployment(deployment *appsv1.Deployment, sa *corev1.ServiceAccount, image string) error { + defaultMode := int32(420) deployment.Spec = appsv1.DeploymentSpec{ Replicas: k8sutilspointer.Int32Ptr(1), Selector: &metav1.LabelSelector{ @@ -1044,6 +1098,17 @@ func reconcileCAPIManagerDeployment(deployment *appsv1.Deployment, sa *corev1.Se }, Spec: corev1.PodSpec{ ServiceAccountName: sa.Name, + Volumes: []corev1.Volume{ + { + Name: "capi-webhooks-tls", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + DefaultMode: &defaultMode, + SecretName: "capi-webhooks-tls", + }, + }, + }, + }, Containers: []corev1.Container{ { Name: "manager", @@ -1060,7 +1125,17 @@ func reconcileCAPIManagerDeployment(deployment *appsv1.Deployment, sa *corev1.Se }, }, Command: []string{"/manager"}, - Args: []string{"--namespace", "$(MY_NAMESPACE)", "--alsologtostderr", "--v=4"}, + Args: []string{"--namespace", "$(MY_NAMESPACE)", + "--alsologtostderr", + "--v=4", + }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "capi-webhooks-tls", + ReadOnly: true, + MountPath: "/tmp/k8s-webhook-server/serving-certs", + }, + }, }, }, }, @@ -1118,8 +1193,6 @@ func reconcileCAPIManagerRole(role *rbacv1.Role) error { Resources: []string{ "hostedcontrolplanes", "hostedcontrolplanes/status", - "externalinfraclusters", - "externalinfraclusters/status", }, Verbs: []string{"*"}, }, @@ -1156,6 +1229,7 @@ func reconcileCAPIManagerRoleBinding(binding *rbacv1.RoleBinding, role *rbacv1.R } func reconcileCAPIAWSProviderDeployment(deployment *appsv1.Deployment, sa *corev1.ServiceAccount, image string) error { + defaultMode := int32(420) deployment.Spec = appsv1.DeploymentSpec{ Replicas: k8sutilspointer.Int32Ptr(1), Selector: &metav1.LabelSelector{ @@ -1179,6 +1253,15 @@ func reconcileCAPIAWSProviderDeployment(deployment *appsv1.Deployment, sa *corev }, }, Volumes: []corev1.Volume{ + { + Name: "capi-webhooks-tls", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + DefaultMode: &defaultMode, + SecretName: "capi-webhooks-tls", + }, + }, + }, { Name: "credentials", VolumeSource: corev1.VolumeSource{ @@ -1198,6 +1281,11 @@ func reconcileCAPIAWSProviderDeployment(deployment *appsv1.Deployment, sa *corev Name: "credentials", MountPath: "/home/.aws", }, + { + Name: "capi-webhooks-tls", + ReadOnly: true, + MountPath: "/tmp/k8s-webhook-server/serving-certs", + }, }, Env: []corev1.EnvVar{ { @@ -1214,7 +1302,10 @@ func reconcileCAPIAWSProviderDeployment(deployment *appsv1.Deployment, sa *corev }, }, Command: []string{"/manager"}, - Args: []string{"--namespace", "$(MY_NAMESPACE)", "--alsologtostderr", "--v=4"}, + Args: []string{"--namespace", "$(MY_NAMESPACE)", + "--alsologtostderr", + "--v=4", + }, Ports: []corev1.ContainerPort{ { Name: "healthz", diff --git a/hypershift-operator/controllers/manifests/clusterapi/manifests.go b/hypershift-operator/controllers/manifests/clusterapi/manifests.go index ee5867d575b..45fca92e190 100644 --- a/hypershift-operator/controllers/manifests/clusterapi/manifests.go +++ b/hypershift-operator/controllers/manifests/clusterapi/manifests.go @@ -94,3 +94,12 @@ func CAPIAWSProviderRoleBinding(controlPlaneNamespace string) *rbacv1.RoleBindin }, } } + +func CAPIWebhooksTLSSecret(controlPlaneNamespace string) *corev1.Secret { + return &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: controlPlaneNamespace, + Name: "capi-webhooks-tls", + }, + } +} diff --git a/hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go b/hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go index 246e589a375..e296b7ad786 100644 --- a/hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go +++ b/hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go @@ -1,6 +1,7 @@ package controlplaneoperator import ( + capiawsv1 "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -80,8 +81,8 @@ func HostedControlPlane(controlPlaneNamespace string, hostedClusterName string) } } -func ExternalInfraCluster(controlPlaneNamespace string, hostedClusterName string) *hyperv1.ExternalInfraCluster { - return &hyperv1.ExternalInfraCluster{ +func AWSCluster(controlPlaneNamespace string, hostedClusterName string) *capiawsv1.AWSCluster { + return &capiawsv1.AWSCluster{ ObjectMeta: metav1.ObjectMeta{ Namespace: controlPlaneNamespace, Name: hostedClusterName, diff --git a/hypershift-operator/controllers/nodepool/manifests.go b/hypershift-operator/controllers/nodepool/manifests.go index 1bc963a78fa..f109f9492e7 100644 --- a/hypershift-operator/controllers/nodepool/manifests.go +++ b/hypershift-operator/controllers/nodepool/manifests.go @@ -9,7 +9,7 @@ import ( hyperv1 "github.com/openshift/hypershift/api/v1alpha1" capiv1 "github.com/openshift/hypershift/thirdparty/clusterapi/api/v1alpha4" - capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha3" + capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8sutilspointer "k8s.io/utils/pointer" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/hypershift-operator/controllers/nodepool/nodepool_controller.go b/hypershift-operator/controllers/nodepool/nodepool_controller.go index 2eff09000f6..aba19f83a19 100644 --- a/hypershift-operator/controllers/nodepool/nodepool_controller.go +++ b/hypershift-operator/controllers/nodepool/nodepool_controller.go @@ -16,7 +16,7 @@ import ( capiv1 "github.com/openshift/hypershift/thirdparty/clusterapi/api/v1alpha4" "github.com/openshift/hypershift/thirdparty/clusterapi/util" "github.com/openshift/hypershift/thirdparty/clusterapi/util/patch" - capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha3" + capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4" "github.com/pkg/errors" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" diff --git a/hypershift-operator/main.go b/hypershift-operator/main.go index fa96988ed6b..f3a8783260d 100644 --- a/hypershift-operator/main.go +++ b/hypershift-operator/main.go @@ -23,7 +23,6 @@ import ( hyperapi "github.com/openshift/hypershift/api" "github.com/openshift/hypershift/control-plane-operator/releaseinfo" - "github.com/openshift/hypershift/hypershift-operator/controllers/externalinfracluster" "github.com/openshift/hypershift/hypershift-operator/controllers/hostedcluster" "github.com/openshift/hypershift/hypershift-operator/controllers/nodepool" "github.com/spf13/cobra" @@ -158,13 +157,6 @@ func NewStartCommand() *cobra.Command { os.Exit(1) } - if err := (&externalinfracluster.ExternalInfraClusterReconciler{ - Client: mgr.GetClient(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "ExternalInfraCluster") - os.Exit(1) - } - // +kubebuilder:scaffold:builder setupLog.Info("starting manager")