Merge pull request #224 from eromanova/capi-operator

Use CAPI operator to manage providers

Makefile

@@ -266,7 +266,7 @@ dev-templates: templates-generate
 
 .PHONY: dev-aws
 dev-aws: yq
-	@$(YQ) e ".data.credentials = \"${AWS_CREDENTIALS}\"" config/dev/awscredentials.yaml | $(KUBECTL) -n $(NAMESPACE) apply -f -
+	@$(YQ) e ".stringData.AWS_B64ENCODED_CREDENTIALS = \"${AWS_CREDENTIALS}\"" config/dev/awscredentials.yaml | $(KUBECTL) -n $(NAMESPACE) apply -f -
 
 .PHONY: dev-apply
 dev-apply: kind-deploy registry-deploy dev-push dev-deploy dev-templates dev-aws

README.md

@@ -66,7 +66,8 @@ spec:
   providers:
   - template: k0smotron
   - config:
-      credentialsSecretName: aws-credentials
+      configSecret:
+       name: aws-variables
     template: cluster-api-provider-aws
 ```
 

api/v1alpha1/management_types.go

@@ -25,7 +25,9 @@ const (
 	DefaultCoreCAPITemplate = "cluster-api"
 
 	DefaultCAPAConfig = `{
-		"credentialsSecretName": "aws-credentials"
+		"configSecret": {
+           "name": "aws-variables"
+        }
 	}`
 
 	ManagementName      = "hmc"
@@ -102,6 +104,9 @@ func (m *ManagementSpec) SetProvidersDefaults() {
 				Raw: []byte(DefaultCAPAConfig),
 			},
 		},
+		{
+			Template: "cluster-api-provider-azure",
+		},
 	}
 }
 

config/dev/awscredentials.yaml

@@ -1,11 +1,11 @@
 apiVersion: v1
-data:
-  credentials: Cg==
+stringData:
+  AWS_B64ENCODED_CREDENTIALS: Cg==
 kind: Secret
 metadata:
   labels:
     cluster.x-k8s.io/provider: infrastructure-aws
     clusterctl.cluster.x-k8s.io: ""
-  name: aws-credentials
+  name: aws-variables
   namespace: hmc-system
 type: Opaque

docs/aws/credentials.md

@@ -21,8 +21,15 @@ export AWS_SESSION_TOKEN=<session-token> # Optional. If you are using Multi-Fact
 export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile)
 ```
 
-4. Create the secret with AWS credentials in the `hmc-system` namespace:
+4. Create the secret with AWS variables:
+
+> By default, HMC fetches the AWS variables configuration from the `aws-variables` secret in the `hmc-system`
+> namespace. If you want to change the name of the secret you should overwrite the configuration of the cluster 
+> API provider AWS in the HMC Management object. \
+> For details, see: [Extended Management Configuration](../../README.md#extended-management-configuration)
+
+> You can also provide additional configuration variables, but the `AWS_B64ENCODED_CREDENTIALS` parameter is required.
 
 ```
-kubectl create secret generic aws-credentials -n hmc-system --from-literal credentials="$(echo $AWS_B64ENCODED_CREDENTIALS | base64 -d)"
+kubectl create secret generic aws-variables -n hmc-system --from-literal AWS_B64ENCODED_CREDENTIALS="$AWS_B64ENCODED_CREDENTIALS"
 ```

internal/controller/management_controller.go

@@ -91,9 +91,9 @@ func (r *ManagementReconciler) Update(ctx context.Context, management *hmc.Manag
 	detectedProviders := hmc.Providers{}
 	detectedComponents := make(map[string]hmc.ComponentStatus)
 
-	err := r.enableAdmissionWebhook(ctx, management)
+	err := r.enableAdditionalComponents(ctx, management)
 	if err != nil {
-		l.Error(err, "failed to enable admission webhook")
+		l.Error(err, "failed to enable additional HMC components")
 		return ctrl.Result{}, err
 	}
 
@@ -227,7 +227,9 @@ func wrappedComponents(mgmt *hmc.Management) (components []component) {
 	return
 }
 
-func (r *ManagementReconciler) enableAdmissionWebhook(ctx context.Context, mgmt *hmc.Management) error {
+// enableAdditionalComponents enables the admission controller and cluster api operator
+// once the cert manager is ready
+func (r *ManagementReconciler) enableAdditionalComponents(ctx context.Context, mgmt *hmc.Management) error {
 	l := log.FromContext(ctx)
 
 	hmcComponent := &mgmt.Spec.Core.HMC
@@ -243,6 +245,10 @@ func (r *ManagementReconciler) enableAdmissionWebhook(ctx context.Context, mgmt
 	if config["admissionWebhook"] != nil {
 		admissionWebhookValues = config["admissionWebhook"].(map[string]interface{})
 	}
+	capiOperatorValues := make(map[string]interface{})
+	if config["cluster-api-operator"] != nil {
+		capiOperatorValues = config["cluster-api-operator"].(map[string]interface{})
+	}
 
 	err := certmanager.VerifyAPI(ctx, r.Config, r.Scheme, hmc.ManagementNamespace)
 	if err != nil {
@@ -252,6 +258,15 @@ func (r *ManagementReconciler) enableAdmissionWebhook(ctx context.Context, mgmt
 
 	admissionWebhookValues["enabled"] = true
 	config["admissionWebhook"] = admissionWebhookValues
+
+	// Enable HMC capi operator only if it was not explicitly disabled in the config to
+	// support installation with existing cluster api operator
+	if capiOperatorValues["enabled"] != false {
+		l.Info("Enabling cluster API operator")
+		capiOperatorValues["enabled"] = true
+	}
+	config["cluster-api-operator"] = capiOperatorValues
+
 	updatedConfig, err := json.Marshal(config)
 	if err != nil {
 		return fmt.Errorf("failed to marshal HMC config: %v", err)

templates/cluster-api-provider-aws/Chart.yaml

@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.