[ACM-13578] Onboarded cluster-api-provider-aws (CAPA) component to MC…

…E 2.8 (#1145) * onboarded cluster-api-provider-aws (CAPA) component to MCE 2.8 Signed-off-by: dislbenn <[email protected]> * updated controllers/backplaneconfig_controller_test.go Signed-off-by: dislbenn <[email protected]> * fixed variable naming Signed-off-by: dislbenn <[email protected]> * updated suite_test.go Signed-off-by: dislbenn <[email protected]> * updated backplaneconfig_controller_test.go Signed-off-by: dislbenn <[email protected]> * updated controllers/backplaneconfig_controller_test.go Signed-off-by: dislbenn <[email protected]> * added logic to check if namespace exist before creating template resource Signed-off-by: dislbenn <[email protected]> * removed securityContext fsGroup Signed-off-by: dislbenn <[email protected]> * updated flow-control to support namespace selection Signed-off-by: dislbenn <[email protected]> * updated flow-control to support namespace selection pt.2 Signed-off-by: dislbenn <[email protected]> * updated backplaneconfig_controller.go Signed-off-by: dislbenn <[email protected]> --------- Signed-off-by: dislbenn <[email protected]>
stolostron · Jan 10, 2025 · 9afb272 · 9afb272
1 parent c696d14
commit 9afb272
Show file tree

Hide file tree

Showing 24 changed files with 225 additions and 89 deletions.
diff --git a/api/v1/multiclusterengine_methods.go b/api/v1/multiclusterengine_methods.go
@@ -26,6 +26,8 @@ const (
 	AssistedService                  = "assisted-service"
 	ClusterAPI                       = "cluster-api"
 	ClusterAPIPreview                = "cluster-api-preview"
+	ClusterAPIProviderAWS            = "cluster-api-provider-aws"
+	ClusterAPIProviderAWSPreview     = "cluster-api-provider-aws-preview"
 	ClusterLifecycle                 = "cluster-lifecycle"
 	ClusterManager                   = "cluster-manager"
 	ClusterProxyAddon                = "cluster-proxy-addon"
@@ -47,6 +49,8 @@ var allComponents = []string{
 	AssistedService,
 	ClusterAPI,
 	ClusterAPIPreview,
+	ClusterAPIProviderAWS,
+	ClusterAPIProviderAWSPreview,
 	ClusterLifecycle,
 	ClusterManager,
 	ClusterProxyAddon,
@@ -68,6 +72,7 @@ var allComponents = []string{
 var MCEComponents = []string{
 	AssistedService,
 	ClusterAPIPreview,
+	ClusterAPIProviderAWSPreview,
 	ClusterLifecycle,
 	ClusterManager,
 	ClusterProxyAddon,

diff --git a/controllers/backplaneconfig_controller.go b/controllers/backplaneconfig_controller.go
@@ -896,18 +896,19 @@ func (r *MultiClusterEngineReconciler) ensureNoInternalEngineComponent(ctx conte
 func (r *MultiClusterEngineReconciler) fetchChartOrCRDPath(component string, useCRDPath bool) string {
 
 	chartDirs := map[string]string{
-		backplanev1.AssistedService:           toggle.AssistedServiceChartDir,
-		backplanev1.ClusterAPIPreview:         toggle.ClusterAPIChartDir,
-		backplanev1.ClusterLifecycle:          toggle.ClusterLifecycleChartDir,
-		backplanev1.ClusterManager:            toggle.ClusterManagerChartDir,
-		backplanev1.ClusterProxyAddon:         toggle.ClusterProxyAddonDir,
-		backplanev1.ConsoleMCE:                toggle.ConsoleMCEChartsDir,
-		backplanev1.Discovery:                 toggle.DiscoveryChartDir,
-		backplanev1.Hive:                      toggle.HiveChartDir,
-		backplanev1.HyperShift:                toggle.HyperShiftChartDir,
-		backplanev1.ImageBasedInstallOperator: toggle.ImageBasedInstallOperatorChartDir,
-		backplanev1.ManagedServiceAccount:     toggle.ManagedServiceAccountChartDir,
-		backplanev1.ServerFoundation:          toggle.ServerFoundationChartDir,
+		backplanev1.AssistedService:              toggle.AssistedServiceChartDir,
+		backplanev1.ClusterAPIPreview:            toggle.ClusterAPIChartDir,
+		backplanev1.ClusterAPIProviderAWSPreview: toggle.ClusterAPIProviderAWSChartDir,
+		backplanev1.ClusterLifecycle:             toggle.ClusterLifecycleChartDir,
+		backplanev1.ClusterManager:               toggle.ClusterManagerChartDir,
+		backplanev1.ClusterProxyAddon:            toggle.ClusterProxyAddonDir,
+		backplanev1.ConsoleMCE:                   toggle.ConsoleMCEChartsDir,
+		backplanev1.Discovery:                    toggle.DiscoveryChartDir,
+		backplanev1.Hive:                         toggle.HiveChartDir,
+		backplanev1.HyperShift:                   toggle.HyperShiftChartDir,
+		backplanev1.ImageBasedInstallOperator:    toggle.ImageBasedInstallOperatorChartDir,
+		backplanev1.ManagedServiceAccount:        toggle.ManagedServiceAccountChartDir,
+		backplanev1.ServerFoundation:             toggle.ServerFoundationChartDir,
 	}
 
 	crdDirs := map[string]string{
@@ -1170,6 +1171,24 @@ func (r *MultiClusterEngineReconciler) ensureToggleableComponents(ctx context.Co
 		}
 	}
 
+	if backplaneConfig.Enabled(backplanev1.ClusterAPIProviderAWSPreview) {
+		result, err = r.ensureClusterAPIProviderAWS(ctx, backplaneConfig)
+		if result != (ctrl.Result{}) {
+			requeue = true
+		}
+		if err != nil {
+			errs[backplanev1.ClusterAPIProviderAWSPreview] = err
+		}
+	} else {
+		result, err = r.ensureNoClusterAPIProviderAWS(ctx, backplaneConfig)
+		if result != (ctrl.Result{}) {
+			requeue = true
+		}
+		if err != nil {
+			errs[backplanev1.ClusterAPIProviderAWSPreview] = err
+		}
+	}
+
 	if backplaneConfig.Enabled(backplanev1.LocalCluster) {
 		result, err := r.ensureLocalCluster(ctx, backplaneConfig)
 		if result != (ctrl.Result{}) {
@@ -1337,6 +1356,21 @@ func (r *MultiClusterEngineReconciler) applyTemplate(ctx context.Context,
 			return result, err
 		}
 	} else {
+		// Check if the namespace exists if the template specifies a namespace.
+		if template.GetNamespace() != backplaneConfig.Spec.TargetNamespace && template.GetNamespace() != "" {
+			ns := &corev1.Namespace{}
+			if err := r.Client.Get(ctx, types.NamespacedName{Name: template.GetNamespace()}, ns); err != nil {
+				if apierrors.IsNotFound(err) {
+					r.Log.Info("Namespace does not exist; skipping resource creation",
+						"Name", template.GetName(), "Kind", template.GetKind(), "Namespace", template.GetNamespace())
+
+					// Skip further processing if the namespace does not exist.
+					return ctrl.Result{}, nil
+				}
+				return ctrl.Result{}, err
+			}
+		}
+
 		// Apply the object data.
 		force := true
 		err := r.Client.Patch(ctx, template, client.Apply,
@@ -1457,6 +1491,7 @@ func (r *MultiClusterEngineReconciler) ensureNoAllInternalEngineComponents(ctx c
 	components := []string{
 		backplanev1.AssistedService,
 		backplanev1.ClusterAPIPreview,
+		backplanev1.ClusterAPIProviderAWSPreview,
 		backplanev1.ClusterLifecycle,
 		backplanev1.ClusterManager,
 		backplanev1.ClusterProxyAddon,

diff --git a/controllers/backplaneconfig_controller_test.go b/controllers/backplaneconfig_controller_test.go
@@ -64,7 +64,7 @@ const (
 	DestinationNamespace       = "test"
 	JobName                    = "test-job"
 
-	timeout  = time.Second * 60
+	timeout  = time.Second * 20
 	duration = time.Second * 10
 	interval = time.Millisecond * 250
 )
@@ -409,6 +409,10 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.ClusterAPIPreview,
 									Enabled: true,
 								},
+								{
+									Name:    backplanev1.ClusterAPIProviderAWSPreview,
+									Enabled: true,
+								},
 								{
 									Name:    backplanev1.ClusterLifecycle,
 									Enabled: true,
@@ -580,6 +584,10 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.AssistedService,
 									Enabled: false,
 								},
+								{
+									Name:    backplanev1.ClusterAPIProviderAWSPreview,
+									Enabled: false,
+								},
 								{
 									Name:    backplanev1.ClusterAPIPreview,
 									Enabled: false,
@@ -861,6 +869,12 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.ClusterAPIPreview,
 									Enabled: true,
 								},
+								// EnvTest does not support namespace deletion; therefore, if we try to re-enable this component, the test will fail.
+								// https: //book.kubebuilder.io/reference/envtest
+								// {
+								// 	Name:    backplanev1.ClusterAPIProviderAWSPreview,
+								// 	Enabled: false,
+								// },
 								{
 									Name:    backplanev1.ClusterLifecycle,
 									Enabled: true,
@@ -969,6 +983,10 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.ClusterAPIPreview,
 									Enabled: false,
 								},
+								{
+									Name:    backplanev1.ClusterAPIProviderAWSPreview,
+									Enabled: false,
+								},
 								{
 									Name:    backplanev1.ClusterLifecycle,
 									Enabled: false,

diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -81,6 +81,7 @@ var _ = BeforeSuite(func() {
 		CRDDirectoryPaths: []string{
 			filepath.Join("..", "config", "crd", "bases"),
 			filepath.Join("..", "pkg", "templates", "crds", "cluster-api"),
+			filepath.Join("..", "pkg", "templates", "crds", "cluster-api-provider-aws"),
 			filepath.Join("..", "pkg", "templates", "crds", "cluster-lifecycle"),
 			filepath.Join("..", "pkg", "templates", "crds", "cluster-manager"),
 			filepath.Join("..", "pkg", "templates", "crds", "cluster-proxy-addon"),

diff --git a/controllers/toggle_components.go b/controllers/toggle_components.go
@@ -8,6 +8,7 @@ import (
 
 	semver "github.com/Masterminds/semver"
 	configv1 "github.com/openshift/api/config/v1"
+
 	backplanev1 "github.com/stolostron/backplane-operator/api/v1"
 	"github.com/stolostron/backplane-operator/pkg/foundation"
 	"github.com/stolostron/backplane-operator/pkg/hive"
@@ -493,6 +494,81 @@ func (r *MultiClusterEngineReconciler) ensureNoClusterAPI(ctx context.Context,
 	return ctrl.Result{}, nil
 }
 
+func (r *MultiClusterEngineReconciler) ensureClusterAPIProviderAWS(ctx context.Context, mce *backplanev1.MultiClusterEngine) (
+	ctrl.Result, error) {
+
+	namespacedName := types.NamespacedName{Name: "capa-controller-manager", Namespace: mce.Spec.TargetNamespace}
+	r.StatusManager.RemoveComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{}))
+	r.StatusManager.AddComponent(toggle.EnabledStatus(namespacedName))
+
+	// Ensure that the InternalHubComponent CR instance is created for component in MCE.
+	if result, err := r.ensureInternalEngineComponent(ctx, mce, backplanev1.ClusterAPIProviderAWSPreview); err != nil {
+		return result, err
+	}
+
+	// Renders all templates from charts
+	chartPath := r.fetchChartOrCRDPath(backplanev1.ClusterAPIProviderAWSPreview, false)
+	templates, errs := renderer.RenderChart(chartPath, mce, r.CacheSpec.ImageOverrides, r.CacheSpec.TemplateOverrides)
+
+	if len(errs) > 0 {
+		for _, err := range errs {
+			log.Info(err.Error())
+		}
+		return ctrl.Result{RequeueAfter: requeuePeriod}, nil
+	}
+
+	// Apply deployment config overrides
+	if result, err := r.applyComponentDeploymentOverrides(mce, templates, backplanev1.ClusterAPIProviderAWSPreview); err != nil {
+		return result, err
+	}
+
+	// Applies all templates
+	for _, template := range templates {
+		applyReleaseVersionAnnotation(template)
+		result, err := r.applyTemplate(ctx, mce, template)
+		if err != nil {
+			return result, err
+		}
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *MultiClusterEngineReconciler) ensureNoClusterAPIProviderAWS(ctx context.Context,
+	mce *backplanev1.MultiClusterEngine) (ctrl.Result, error) {
+	namespacedName := types.NamespacedName{Name: "capa-controller-manager", Namespace: mce.Spec.TargetNamespace}
+
+	// Ensure that the InternalHubComponent CR instance is deleted for component in MCE.
+	if result, err := r.ensureNoInternalEngineComponent(ctx, mce,
+		backplanev1.ClusterAPIProviderAWSPreview); (result != ctrl.Result{}) || err != nil {
+		return result, err
+	}
+
+	// Renders all templates from charts
+	chartPath := r.fetchChartOrCRDPath(backplanev1.ClusterAPIProviderAWSPreview, false)
+	templates, errs := renderer.RenderChart(chartPath, mce, r.CacheSpec.ImageOverrides, r.CacheSpec.TemplateOverrides)
+
+	if len(errs) > 0 {
+		for _, err := range errs {
+			log.Info(err.Error())
+		}
+		return ctrl.Result{RequeueAfter: requeuePeriod}, nil
+	}
+
+	r.StatusManager.RemoveComponent(toggle.EnabledStatus(namespacedName))
+	r.StatusManager.AddComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{}))
+
+	// Deletes all templates
+	for _, template := range templates {
+		result, err := r.deleteTemplate(ctx, mce, template)
+		if err != nil {
+			log.Error(err, fmt.Sprintf("Failed to delete template: %s", template.GetName()))
+			return result, err
+		}
+	}
+	return ctrl.Result{}, nil
+}
+
 func (r *MultiClusterEngineReconciler) ensureHive(ctx context.Context, mce *backplanev1.MultiClusterEngine) (
 	ctrl.Result, error) {
 
@@ -573,10 +649,11 @@ func (r *MultiClusterEngineReconciler) ensureNoHive(ctx context.Context, mce *ba
 	err := r.Client.Get(ctx, types.NamespacedName{Name: "hive"}, hiveConfig)
 	if err == nil { // If resource exists, delete
 		err := r.Client.Delete(ctx, hiveConfig)
-		if err != nil {
+		if err != nil && !apierrors.IsNotFound(err) {
 			return ctrl.Result{}, err
 		}
-	} else if err != nil && !apierrors.IsNotFound(err) {
+
+	} else if !apierrors.IsNotFound(err) {
 		return ctrl.Result{RequeueAfter: requeuePeriod}, nil
 	}
 

diff --git a/docs/available-components.md b/docs/available-components.md
@@ -1,19 +1,20 @@
 
 # Table list of the deployed components
 
-| Name                         | Description                                                                                                          | Enabled |
-|------------------------------|----------------------------------------------------------------------------------------------------------------------|---------|
-| assisted-service             | Installs OpenShift with minimal infrastructure prerequisites and comprehensive pre-flight validations.               | True    |
-| cluster-api-preview          | Provides capabilities for declaratively handling the Cluster API lifecycle from within a managment cluster           | False   |
-| cluster-lifecycle            | Provides cluster management capabilities for {ocp-short} and {product-title-short} hub clusters.                     | True    |
-| cluster-manager              | Manages various cluster-related operations within the cluster environment.                                           | True    |
-| cluster-proxy-addon          | Automates the installation of apiserver-network-proxy on both hub and managed clusters using a reverse proxy server. | True    |
-| console-mce                  | Enables the {mce-short} console plug-in.                                                                             | True    |
-| discovery                    | Discovers and identifies new clusters within the {ocm}.                                                              | True    |
-| hive                         | Provisions and performs initial configuration of {ocp-short} clusters.                                               | True    |
-| hypershift                   | Hosts OpenShift control planes at scale with cost and time efficiency, and cross-cloud portability.                  | True    |
-| hypershift-local-hosting     | Enables local hosting capabilities for within the local cluster environment.                                         | True    |
-| image-based-install-operator | Provide site configuration to Single Node OpenShift clusters to complete installation.                               | False   |
-| local-cluster                | Enables the import and self-management of the local hub cluster where the {mce-short} is deployed.                   | True    |
-| managedserviceaccount        | Syncronizes service accounts to the managed clusters and collects tokens as secret resources back to the hub cluster.| True    |
-| server-foundation            | Provides foundational services for server-side operations within the cluster environment.                            | True    |
+| Name                             | Description                                                                                                          | Enabled |
+|----------------------------------|----------------------------------------------------------------------------------------------------------------------|---------|
+| assisted-service                 | Installs OpenShift with minimal infrastructure prerequisites and comprehensive pre-flight validations.               | True    |
+| cluster-api-preview              | Provides capabilities for declaratively handling the Cluster API lifecycle from within a managment cluster           | False   |
+| cluster-api-provider-aws-preview | Provides declarative, Kubernetes-style APIs to cluster creation, configuration and management.                       | False   |
+| cluster-lifecycle                | Provides cluster management capabilities for {ocp-short} and {product-title-short} hub clusters.                     | True    |
+| cluster-manager                  | Manages various cluster-related operations within the cluster environment.                                           | True    |
+| cluster-proxy-addon              | Automates the installation of apiserver-network-proxy on both hub and managed clusters using a reverse proxy server. | True    |
+| console-mce                      | Enables the {mce-short} console plug-in.                                                                             | True    |
+| discovery                        | Discovers and identifies new clusters within the {ocm}.                                                              | True    |
+| hive                             | Provisions and performs initial configuration of {ocp-short} clusters.                                               | True    |
+| hypershift                       | Hosts OpenShift control planes at scale with cost and time efficiency, and cross-cloud portability.                  | True    |
+| hypershift-local-hosting         | Enables local hosting capabilities for within the local cluster environment.                                         | True    |
+| image-based-install-operator     | Provide site configuration to Single Node OpenShift clusters to complete installation.                               | False   |
+| local-cluster                    | Enables the import and self-management of the local hub cluster where the {mce-short} is deployed.                   | True    |
+| managedserviceaccount            | Syncronizes service accounts to the managed clusters and collects tokens as secret resources back to the hub cluster.| True    |
+| server-foundation                | Provides foundational services for server-side operations within the cluster environment.                            | True    |
diff --git a/.../charts/toggle/cluster-api-provider-aws/templates/capa-controller-manager-deployment.yaml b/.../charts/toggle/cluster-api-provider-aws/templates/capa-controller-manager-deployment.yaml
@@ -97,9 +97,7 @@ spec:
             - ALL
           privileged: false
           readOnlyRootFilesystem: true
-          runAsGroup: 65532
           runAsNonRoot: true
-          runAsUser: 65532
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
@@ -119,7 +117,6 @@ spec:
 {{ toYaml . | indent 8 }}
 {{- end }}
       securityContext:
-        fsGroup: 1000
         runAsNonRoot: true
 {{- if .Values.global.deployOnOCP }}
 {{- if semverCompare ">=4.11.0" .Values.hubconfig.ocpVersion }}

diff --git a/...mplates/charts/toggle/cluster-api-provider-aws/templates/capa-leader-elect-role-role.yaml b/...mplates/charts/toggle/cluster-api-provider-aws/templates/capa-leader-elect-role-role.yaml
@@ -6,7 +6,7 @@ metadata:
   labels:
     cluster.x-k8s.io/provider: infrastructure-aws
   name: capa-leader-elect-role
-  namespace: capa-system
+  namespace: {{ default "capa-system" .Values.global.namespace }}
 rules:
 - apiGroups:
   - ""

diff --git a/.../toggle/cluster-api-provider-aws/templates/capa-leader-elect-rolebinding-rolebinding.yaml b/.../toggle/cluster-api-provider-aws/templates/capa-leader-elect-rolebinding-rolebinding.yaml
@@ -6,12 +6,12 @@ metadata:
   labels:
     cluster.x-k8s.io/provider: infrastructure-aws
   name: capa-leader-elect-rolebinding
-  namespace: capa-system
+  namespace: {{ default "capa-system" .Values.global.namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: capa-leader-elect-role
 subjects:
 - kind: ServiceAccount
   name: capa-controller-manager
-  namespace: capa-system
+  namespace: {{ default "capa-system" .Values.global.namespace }}
diff --git a/.../toggle/cluster-api-provider-aws/templates/capa-manager-bootstrap-credentials-secret.yaml b/.../toggle/cluster-api-provider-aws/templates/capa-manager-bootstrap-credentials-secret.yaml
@@ -8,5 +8,5 @@ metadata:
   labels:
     cluster.x-k8s.io/provider: infrastructure-aws
   name: capa-manager-bootstrap-credentials
-  namespace: capa-system
+  namespace: {{ default "capa-system" .Values.global.namespace }}
 type: Opaque
diff --git a/...oggle/cluster-api-provider-aws/templates/capa-manager-rolebinding-clusterrolebinding.yaml b/...oggle/cluster-api-provider-aws/templates/capa-manager-rolebinding-clusterrolebinding.yaml
@@ -11,4 +11,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: capa-controller-manager
-  namespace: capa-system
+  namespace: {{ default "capa-system" .Values.global.namespace }}
diff --git a/...plates/charts/toggle/cluster-api-provider-aws/templates/capa-metrics-service-service.yaml b/...plates/charts/toggle/cluster-api-provider-aws/templates/capa-metrics-service-service.yaml
@@ -6,7 +6,7 @@ metadata:
   labels:
     cluster.x-k8s.io/provider: infrastructure-aws
   name: capa-metrics-service
-  namespace: capa-system
+  namespace: {{ default "capa-system" .Values.global.namespace }}
 spec:
   ports:
   - port: 8080