From 9e839e0cfc08c852b3182861ae27a14b5d11f0b4 Mon Sep 17 00:00:00 2001
From: Madhur Agarwal <agarwalma@vmware.com>
Date: Mon, 19 Sep 2022 13:30:58 +0530
Subject: [PATCH] enable manual csr flow via clusterctl (#706)

---
 config/manager/manager.yaml   | 3 +++
 docs/getting_started.md       | 1 +
 main.go                       | 4 ++--
 test/e2e/config/provider.yaml | 1 +
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 7805d30bf..0b997124c 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -25,6 +25,9 @@ spec:
       containers:
       - command:
         - /manager
+        env:
+        - name: MANUAL_CSR_APPROVAL
+          value: "${MANUAL_CSR_APPROVAL:=disable}"
         args:
         - --enable-leader-election
         - "--metrics-bind-addr=127.0.0.1:8080"
diff --git a/docs/getting_started.md b/docs/getting_started.md
index dfa2f4ec2..0113dfe41 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -48,6 +48,7 @@ into a management cluster by using `clusterctl init`.
 ```shell
 clusterctl init --infrastructure byoh
 ```
+Note: By default, CSRs generated by BYOH host agents are automatically approved during registration. If we want to disable automatic approval, then set variable `MANUAL_CSR_APPROVAL: "enable"` in clusterctl config file. Reference for setting variables in clusterctl can be found [here](https://cluster-api.sigs.k8s.io/clusterctl/configuration.html#variables).
 
 ## Creating a BYOH workload cluster
  
diff --git a/main.go b/main.go
index 0b941a011..f42ade7bc 100644
--- a/main.go
+++ b/main.go
@@ -132,8 +132,8 @@ func main() {
 		os.Exit(1)
 	}
 
-	// Set 'MANUAL_CSR_APPROVAL=true' to disable ByoAdmission controller. Now CSRs should be approved manually.
-	if os.Getenv("MANUAL_CSR_APPROVAL") != "true" {
+	// Set 'MANUAL_CSR_APPROVAL=enable' to disable ByoAdmission controller. Now CSRs should be approved manually.
+	if os.Getenv("MANUAL_CSR_APPROVAL") != "enable" {
 		if err = (&byohcontrollers.ByoAdmissionReconciler{
 			ClientSet: clientset.NewForConfigOrDie(ctrl.GetConfigOrDie()),
 		}).SetupWithManager(mgr); err != nil {
diff --git a/test/e2e/config/provider.yaml b/test/e2e/config/provider.yaml
index 5f6a5e678..ec6352f25 100644
--- a/test/e2e/config/provider.yaml
+++ b/test/e2e/config/provider.yaml
@@ -100,6 +100,7 @@ variables:
   INIT_WITH_BINARY: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.1.3/clusterctl-{OS}-{ARCH}"
   BUNDLE_LOOKUP_TAG: "v1.23.5"
   CONTROL_PLANE_ENDPOINT_IP: ""
+  MANUAL_CSR_APPROVAL: "disable"
 
 intervals:
   default/wait-controllers: ["3m", "10s"]