Merge pull request #4804 from muraee/reconcile-rosa-machinepool

✨ ROSA: Reconcile ROSAMachinePool fields

Author: k8s-ci-robot

config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml

@@ -341,9 +341,6 @@ spec:
               version:
                 description: OpenShift semantic version, for example "4.14.5".
                 type: string
-                x-kubernetes-validations:
-                - message: version must be a valid semantic version
-                  rule: self.matches('^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$')
               workerRoleARN:
                 type: string
             required:

config/crd/bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml

@@ -94,14 +94,48 @@ spec:
                 type: array
               subnet:
                 type: string
+                x-kubernetes-validations:
+                - message: subnet is immutable
+                  rule: self == oldSelf
+              taints:
+                description: Taints specifies the taints to apply to the nodes of
+                  the machine pool
+                items:
+                  properties:
+                    effect:
+                      description: The effect of the taint on pods that do not tolerate
+                        the taint. Valid effects are NoSchedule, PreferNoSchedule
+                        and NoExecute.
+                      enum:
+                      - NoSchedule
+                      - PreferNoSchedule
+                      - NoExecute
+                      type: string
+                    key:
+                      description: The taint key to be applied to a node.
+                      type: string
+                    value:
+                      description: The taint value corresponding to the taint key.
+                      pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
+                      type: string
+                  required:
+                  - effect
+                  - key
+                  type: object
+                type: array
+              tuningConfigs:
+                description: TuningConfigs specifies the names of the tuning configs
+                  to be applied to this MachinePool. Tuning configs must already exist.
+                items:
+                  type: string
+                type: array
               version:
-                description: Version specifies the penshift version of the nodes associated
-                  with this machinepool. ROSAControlPlane version is used if not set.
+                description: Version specifies the OpenShift version of the nodes
+                  associated with this machinepool. ROSAControlPlane version is used
+                  if not set.
                 type: string
-                x-kubernetes-validations:
-                - message: version must be a valid semantic version
-                  rule: self.matches('^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$')
             required:
+            - instanceType
             - nodePoolName
             type: object
           status:

config/rbac/role.yaml

@@ -175,6 +175,12 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - controlplane.cluster.x-k8s.io
+  resources:
+  - rosacontrolplanes/finalizers
+  verbs:
+  - update
 - apiGroups:
   - controlplane.cluster.x-k8s.io
   resources:
@@ -409,6 +415,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - rosamachinepools/finalizers
+  verbs:
+  - update
 - apiGroups:
   - infrastructure.cluster.x-k8s.io
   resources:

config/webhook/manifests.yaml

@@ -201,6 +201,28 @@ webhooks:
     resources:
     - awsmanagedmachinepools
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-rosamachinepool
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.rosamachinepool.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1beta2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rosamachinepools
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   - v1beta1
@@ -267,6 +289,28 @@ webhooks:
     resources:
     - awsmanagedcontrolplanes
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-controlplane-cluster-x-k8s-io-v1beta2-rosacontrolplane
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.rosacontrolplanes.controlplane.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - controlplane.cluster.x-k8s.io
+    apiVersions:
+    - v1beta2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rosacontrolplanes
+  sideEffects: None
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
@@ -493,6 +537,28 @@ webhooks:
     resources:
     - awsmanagedmachinepools
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-rosamachinepool
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.rosamachinepool.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1beta2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rosamachinepools
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   - v1beta1
@@ -559,3 +625,25 @@ webhooks:
     resources:
     - awsmanagedcontrolplanes
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-controlplane-cluster-x-k8s-io-v1beta2-rosacontrolplane
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.rosacontrolplanes.controlplane.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - controlplane.cluster.x-k8s.io
+    apiVersions:
+    - v1beta2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rosacontrolplanes
+  sideEffects: None

controlplane/rosa/api/v1beta2/conditions_consts.go

@@ -22,6 +22,15 @@ const (
 	// ROSAControlPlaneReadyCondition condition reports on the successful reconciliation of ROSAControlPlane.
 	ROSAControlPlaneReadyCondition clusterv1.ConditionType = "ROSAControlPlaneReady"
 
+	// ROSAControlPlaneValidCondition condition reports whether ROSAControlPlane configuration is valid.
+	ROSAControlPlaneValidCondition clusterv1.ConditionType = "ROSAControlPlaneValid"
+
 	// ROSAControlPlaneUpgradingCondition condition reports whether ROSAControlPlane is upgrading or not.
 	ROSAControlPlaneUpgradingCondition clusterv1.ConditionType = "ROSAControlPlaneUpgrading"
+
+	// ROSAControlPlaneReconciliationFailedReason used to report failures while reconciling ROSAControlPlane.
+	ROSAControlPlaneReconciliationFailedReason = "ReconciliationFailed"
+
+	// ROSAControlPlaneInvalidConfigurationReason used to report invalid user input.
+	ROSAControlPlaneInvalidConfigurationReason = "InvalidConfiguration"
 )

controlplane/rosa/api/v1beta2/rosacontrolplane_types.go

@@ -30,10 +30,10 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 	// characters or '-', start with an alphabetic character, end with an alphanumeric character
 	// and have a max length of 15 characters.
 	//
-	// +immutable
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="rosaClusterName is immutable"
 	// +kubebuilder:validation:MaxLength:=15
 	// +kubebuilder:validation:Pattern:=`^[a-z]([-a-z0-9]*[a-z0-9])?$`
+	// +immutable
 	RosaClusterName string `json:"rosaClusterName"`
 
 	// The Subnet IDs to use when installing the cluster.
@@ -45,35 +45,31 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 	AvailabilityZones []string `json:"availabilityZones"`
 
 	// The AWS Region the cluster lives in.
-	Region *string `json:"region"`
+	Region string `json:"region"`
 
 	// OpenShift semantic version, for example "4.14.5".
-	// +kubebuilder:validation:XValidation:rule=`self.matches('^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$')`, message="version must be a valid semantic version"
 	Version string `json:"version"`
 
-	// ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
-	// +optional
-	ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"`
-
 	// AWS IAM roles used to perform credential requests by the openshift operators.
 	RolesRef AWSRolesRef `json:"rolesRef"`
 
 	// The ID of the OpenID Connect Provider.
-	OIDCID *string `json:"oidcID"`
+	OIDCID string `json:"oidcID"`
 
 	// TODO: these are to satisfy ocm sdk. Explore how to drop them.
 	InstallerRoleARN *string `json:"installerRoleARN"`
 	SupportRoleARN   *string `json:"supportRoleARN"`
 	WorkerRoleARN    *string `json:"workerRoleARN"`
 
-	// +immutable
-	// +kubebuilder:validation:Optional
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="billingAccount is immutable"
-	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]{12}$')", message="billingAccount must be a valid AWS account ID"
-
 	// BillingAccount is an optional AWS account to use for billing the subscription fees for ROSA clusters.
 	// The cost of running each ROSA cluster will be billed to the infrastructure account in which the cluster
 	// is running.
+	//
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="billingAccount is immutable"
+	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]{12}$')", message="billingAccount must be a valid AWS account ID"
+	// +immutable
+	// +optional
 	BillingAccount string `json:"billingAccount,omitempty"`
 
 	// CredentialsSecretRef references a secret with necessary credentials to connect to the OCM API.
@@ -83,13 +79,14 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 	// +optional
 	CredentialsSecretRef *corev1.LocalObjectReference `json:"credentialsSecretRef,omitempty"`
 
-	// +optional
-
 	// IdentityRef is a reference to an identity to be used when reconciling the managed control plane.
 	// If no identity is specified, the default identity for this controller will be used.
+	//
+	// +optional
 	IdentityRef *infrav1.AWSIdentityReference `json:"identityRef,omitempty"`
 
 	// Network config for the ROSA HCP cluster.
+	// +optional
 	Network *NetworkSpec `json:"network,omitempty"`
 
 	// The instance type to use, for example `r5.xlarge`. Instance type ref; https://aws.amazon.com/ec2/instance-types/
@@ -99,12 +96,17 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 	// Autoscaling specifies auto scaling behaviour for the MachinePools.
 	// +optional
 	Autoscaling *expinfrav1.RosaMachinePoolAutoScaling `json:"autoscaling,omitempty"`
+
+	// ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+	// +optional
+	ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"`
 }
 
 // NetworkSpec for ROSA-HCP.
 type NetworkSpec struct {
 	// IP addresses block used by OpenShift while installing the cluster, for example "10.0.0.0/16".
 	// +kubebuilder:validation:Format=cidr
+	// +optional
 	MachineCIDR string `json:"machineCIDR,omitempty"`
 
 	// IP address block from which to assign pod IP addresses, for example `10.128.0.0/14`.
@@ -125,6 +127,7 @@ type NetworkSpec struct {
 	// The CNI network type default is OVNKubernetes.
 	// +kubebuilder:validation:Enum=OVNKubernetes;Other
 	// +kubebuilder:default=OVNKubernetes
+	// +optional
 	NetworkType string `json:"networkType,omitempty"`
 }
 
@@ -533,7 +536,7 @@ type RosaControlPlaneStatus struct {
 	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
 
 	// ID is the cluster ID given by ROSA.
-	ID *string `json:"id,omitempty"`
+	ID string `json:"id,omitempty"`
 	// ConsoleURL is the url for the openshift console.
 	ConsoleURL string `json:"consoleURL,omitempty"`
 	// OIDCEndpointURL is the endpoint url for the managed OIDC porvider.