enable manual csr flow via clusterctl (#706)

config/manager/manager.yaml

@@ -25,6 +25,9 @@ spec:
       containers:
       - command:
         - /manager
+        env:
+        - name: MANUAL_CSR_APPROVAL
+          value: "${MANUAL_CSR_APPROVAL:=disable}"
         args:
         - --enable-leader-election
         - "--metrics-bind-addr=127.0.0.1:8080"

docs/getting_started.md

@@ -48,6 +48,7 @@ into a management cluster by using `clusterctl init`.
 ```shell
 clusterctl init --infrastructure byoh
 ```
+Note: By default, CSRs generated by BYOH host agents are automatically approved during registration. If we want to disable automatic approval, then set variable `MANUAL_CSR_APPROVAL: "enable"` in clusterctl config file. Reference for setting variables in clusterctl can be found [here](https://cluster-api.sigs.k8s.io/clusterctl/configuration.html#variables).
 
 ## Creating a BYOH workload cluster
 

main.go

@@ -132,8 +132,8 @@ func main() {
 		os.Exit(1)
 	}
 
-	// Set 'MANUAL_CSR_APPROVAL=true' to disable ByoAdmission controller. Now CSRs should be approved manually.
-	if os.Getenv("MANUAL_CSR_APPROVAL") != "true" {
+	// Set 'MANUAL_CSR_APPROVAL=enable' to disable ByoAdmission controller. Now CSRs should be approved manually.
+	if os.Getenv("MANUAL_CSR_APPROVAL") != "enable" {
 		if err = (&byohcontrollers.ByoAdmissionReconciler{
 			ClientSet: clientset.NewForConfigOrDie(ctrl.GetConfigOrDie()),
 		}).SetupWithManager(mgr); err != nil {

test/e2e/config/provider.yaml

@@ -100,6 +100,7 @@ variables:
   INIT_WITH_BINARY: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.1.3/clusterctl-{OS}-{ARCH}"
   BUNDLE_LOOKUP_TAG: "v1.23.5"
   CONTROL_PLANE_ENDPOINT_IP: ""
+  MANUAL_CSR_APPROVAL: "disable"
 
 intervals:
   default/wait-controllers: ["3m", "10s"]