feat: add feature flag and enable gke support

This change adds the feature flag and controllers to enable GKE support
in CAPG.

Signed-off-by: Richard Case <[email protected]>

Author: richardcase

cloud/scope/clients.go

@@ -18,11 +18,20 @@ package scope
 
 import (
 	"context"
+	"fmt"
 	"time"
 
+	computerest "cloud.google.com/go/compute/apiv1"
+	container "cloud.google.com/go/container/apiv1"
+	credentials "cloud.google.com/go/iam/credentials/apiv1"
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud"
+	"github.com/pkg/errors"
 	"google.golang.org/api/compute/v1"
+	"google.golang.org/api/option"
+	"k8s.io/client-go/pkg/version"
 	"k8s.io/client-go/util/flowcontrol"
+	infrav1 "sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // GCPServices contains all the gcp services used by the scopes.
@@ -57,3 +66,75 @@ func newCloud(project string, service GCPServices) cloud.Cloud {
 		RateLimiter:   &GCPRateLimiter{},
 	})
 }
+
+func defaultClientOptions(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) ([]option.ClientOption, error) {
+	opts := []option.ClientOption{
+		option.WithUserAgent(fmt.Sprintf("gcp.cluster.x-k8s.io/%s", version.Get())),
+	}
+
+	if credentialsRef != nil {
+		rawData, err := getCredentialDataFromRef(ctx, credentialsRef, crClient)
+		if err != nil {
+			return nil, fmt.Errorf("getting gcp credentials from reference %s: %w", credentialsRef, err)
+		}
+		opts = append(opts, option.WithCredentialsJSON(rawData))
+	}
+
+	return opts, nil
+}
+
+func newComputeService(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*compute.Service, error) {
+	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
+	if err != nil {
+		return nil, fmt.Errorf("getting default gcp client options: %w", err)
+	}
+
+	computeSvc, err := compute.NewService(ctx, opts...)
+	if err != nil {
+		return nil, fmt.Errorf("creating new compute service instance: %w", err)
+	}
+
+	return computeSvc, nil
+}
+
+func newClusterManagerClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*container.ClusterManagerClient, error) {
+	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
+	if err != nil {
+		return nil, fmt.Errorf("getting default gcp client options: %w", err)
+	}
+
+	managedClusterClient, err := container.NewClusterManagerClient(ctx, opts...)
+	if err != nil {
+		return nil, errors.Errorf("failed to create gcp cluster manager client: %v", err)
+	}
+
+	return managedClusterClient, nil
+}
+
+func newIamCredentialsClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*credentials.IamCredentialsClient, error) {
+	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
+	if err != nil {
+		return nil, fmt.Errorf("getting default gcp client options: %w", err)
+	}
+
+	credentialsClient, err := credentials.NewIamCredentialsClient(ctx, opts...)
+	if err != nil {
+		return nil, errors.Errorf("failed to create gcp ciam credentials client: %v", err)
+	}
+
+	return credentialsClient, nil
+}
+
+func newInstanceGroupManagerClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*computerest.InstanceGroupManagersClient, error) {
+	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
+	if err != nil {
+		return nil, fmt.Errorf("getting default gcp client options: %w", err)
+	}
+
+	instanceGroupManagersClient, err := computerest.NewInstanceGroupManagersRESTClient(ctx, opts...)
+	if err != nil {
+		return nil, errors.Errorf("failed to create gcp instance group managers rest client: %v", err)
+	}
+
+	return instanceGroupManagersClient, nil
+}

cloud/scope/cluster.go

@@ -51,7 +51,7 @@ func NewClusterScope(ctx context.Context, params ClusterScopeParams) (*ClusterSc
 	}
 
 	if params.GCPServices.Compute == nil {
-		computeSvc, err := createComputeService(ctx, params.GCPCluster.Spec.CredentialsRef, params.Client)
+		computeSvc, err := newComputeService(ctx, params.GCPCluster.Spec.CredentialsRef, params.Client)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp compute client: %v", err)
 		}

cloud/scope/credentials.go

@@ -23,17 +23,16 @@ import (
 	"os"
 
 	"github.com/pkg/errors"
-	"google.golang.org/api/compute/v1"
-	"google.golang.org/api/option"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	infrav1 "sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 const (
-	// ConfigFilePath is the path to GCP credential config.
-	ConfigFilePath = "/home/.gcp/credentials"
+	// ConfigFileEnvVar is the name of the environment variable
+	// that contains the path to the credentials file.
+	ConfigFileEnvVar = "GOOGLE_APPLICATION_CREDENTIALS"
 )
 
 // Credential is a struct to hold GCP credential data.
@@ -44,6 +43,22 @@ type Credential struct {
 	ClientID    string `json:"client_id"`
 }
 
+func getCredentials(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*Credential, error) {
+	var credentialData []byte
+	var err error
+
+	if credentialsRef != nil {
+		credentialData, err = getCredentialDataFromRef(ctx, credentialsRef, crClient)
+	} else {
+		credentialData, err = getCredentialDataUsingADC()
+	}
+	if err != nil {
+		return nil, fmt.Errorf("getting credential data: %w", err)
+	}
+
+	return parseCredential(credentialData)
+}
+
 func getCredentialDataFromRef(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) ([]byte, error) {
 	secretRefName := types.NamespacedName{
 		Name:      credentialsRef.Name,
@@ -63,10 +78,15 @@ func getCredentialDataFromRef(ctx context.Context, credentialsRef *infrav1.Objec
 	return rawData, nil
 }
 
-func getCredentialDataFromMount() ([]byte, error) {
-	byteValue, err := os.ReadFile(ConfigFilePath)
+func getCredentialDataUsingADC() ([]byte, error) {
+	credsPath := os.Getenv(ConfigFileEnvVar)
+	if credsPath == "" {
+		return nil, fmt.Errorf("no ADC environment variable found for credentials (expect %s)", ConfigFileEnvVar)
+	}
+
+	byteValue, err := os.ReadFile(credsPath) //nolint:gosec // We need to read a file here
 	if err != nil {
-		return nil, fmt.Errorf("error loading credential from file %s: %w", ConfigFilePath, err)
+		return nil, fmt.Errorf("reading credentials from file %s: %w", credsPath, err)
 	}
 	return byteValue, nil
 }
@@ -79,21 +99,3 @@ func parseCredential(rawData []byte) (*Credential, error) {
 	}
 	return &credential, nil
 }
-
-func createComputeService(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*compute.Service, error) {
-	var computeSvc *compute.Service
-	var err error
-	if credentialsRef == nil {
-		computeSvc, err = compute.NewService(ctx)
-	} else {
-		var rawData []byte
-		rawData, err = getCredentialDataFromRef(ctx, credentialsRef, crClient)
-		if err == nil {
-			computeSvc, err = compute.NewService(ctx, option.WithCredentialsJSON(rawData))
-		}
-	}
-	if err != nil {
-		return nil, errors.Errorf("failed to create gcp compute client: %v", err)
-	}
-	return computeSvc, nil
-}

cloud/scope/managedcluster.go

@@ -52,7 +52,7 @@ func NewManagedClusterScope(ctx context.Context, params ManagedClusterScopeParam
 	}
 
 	if params.GCPServices.Compute == nil {
-		computeSvc, err := createComputeService(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
+		computeSvc, err := newComputeService(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp compute client: %v", err)
 		}

cloud/scope/managedcontrolplane.go

@@ -22,8 +22,6 @@ import (
 
 	"sigs.k8s.io/cluster-api-provider-gcp/util/location"
 
-	"google.golang.org/api/option"
-
 	"sigs.k8s.io/cluster-api/util/conditions"
 
 	container "cloud.google.com/go/container/apiv1"
@@ -64,34 +62,21 @@ func NewManagedControlPlaneScope(ctx context.Context, params ManagedControlPlane
 		return nil, errors.New("failed to generate new scope from nil GCPManagedControlPlane")
 	}
 
-	var credentialData []byte
-	var credential *Credential
-	var err error
-	if params.GCPManagedCluster.Spec.CredentialsRef != nil {
-		credentialData, err = getCredentialDataFromRef(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
-	} else {
-		credentialData, err = getCredentialDataFromMount()
-	}
-	if err != nil {
-		return nil, errors.Errorf("failed to get credential data: %v", err)
-	}
-
-	credential, err = parseCredential(credentialData)
+	credential, err := getCredentials(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
 	if err != nil {
-		return nil, errors.Errorf("failed to parse credential data: %v", err)
+		return nil, fmt.Errorf("getting gcp credentials: %w", err)
 	}
 
 	if params.ManagedClusterClient == nil {
-		var managedClusterClient *container.ClusterManagerClient
-		managedClusterClient, err = container.NewClusterManagerClient(ctx, option.WithCredentialsJSON(credentialData))
+		managedClusterClient, err := newClusterManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp managed cluster client: %v", err)
 		}
 		params.ManagedClusterClient = managedClusterClient
 	}
 	if params.CredentialsClient == nil {
 		var credentialsClient *credentials.IamCredentialsClient
-		credentialsClient, err = credentials.NewIamCredentialsClient(ctx, option.WithCredentialsJSON(credentialData))
+		credentialsClient, err = newIamCredentialsClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp credentials client: %v", err)
 		}

cloud/scope/managedmachinepool.go

@@ -22,7 +22,6 @@ import (
 
 	"sigs.k8s.io/cluster-api-provider-gcp/util/location"
 
-	"google.golang.org/api/option"
 	"sigs.k8s.io/cluster-api/util/conditions"
 
 	compute "cloud.google.com/go/compute/apiv1"
@@ -67,28 +66,15 @@ func NewManagedMachinePoolScope(ctx context.Context, params ManagedMachinePoolSc
 		return nil, errors.New("failed to generate new scope from nil GCPManagedMachinePool")
 	}
 
-	var credentialData []byte
-	var err error
-	if params.GCPManagedCluster.Spec.CredentialsRef != nil {
-		credentialData, err = getCredentialDataFromRef(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
-	} else {
-		credentialData, err = getCredentialDataFromMount()
-	}
-	if err != nil {
-		return nil, errors.Errorf("failed to get credential data: %v", err)
-	}
-
 	if params.ManagedClusterClient == nil {
-		var managedClusterClient *container.ClusterManagerClient
-		managedClusterClient, err = container.NewClusterManagerClient(ctx, option.WithCredentialsJSON(credentialData))
+		managedClusterClient, err := newClusterManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp managed cluster client: %v", err)
 		}
 		params.ManagedClusterClient = managedClusterClient
 	}
 	if params.InstanceGroupManagersClient == nil {
-		var instanceGroupManagersClient *compute.InstanceGroupManagersClient
-		instanceGroupManagersClient, err = compute.NewInstanceGroupManagersRESTClient(ctx, option.WithCredentialsJSON(credentialData))
+		instanceGroupManagersClient, err := newInstanceGroupManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp instance group manager client: %v", err)
 		}

config/manager/manager.yaml

@@ -21,6 +21,7 @@ spec:
       containers:
       - args:
         - --leader-elect
+        - --feature-gates=GKE=${EXP_CAPG_GKE:=false}
         - "--metrics-bind-addr=localhost:8080"
         image: controller:latest
         imagePullPolicy: IfNotPresent

exp/api/v1beta1/gcpmanagedcontrolplane_webhook.go

@@ -30,7 +30,7 @@ import (
 
 const (
 	maxClusterNameLength = 40
-	resourcePrefix       = "capg_"
+	resourcePrefix       = "capg-"
 )
 
 // log is for logging in this package.
@@ -89,8 +89,8 @@ func (r *GCPManagedControlPlane) ValidateDelete() error {
 }
 
 func generateGKEName(resourceName, namespace string, maxLength int) (string, error) {
-	escapedName := strings.ReplaceAll(resourceName, ".", "_")
-	gkeName := fmt.Sprintf("%s_%s", namespace, escapedName)
+	escapedName := strings.ReplaceAll(resourceName, ".", "-")
+	gkeName := fmt.Sprintf("%s-%s", namespace, escapedName)
 
 	if len(gkeName) < maxLength {
 		return gkeName, nil

exp/controllers/gcpmanagedcluster_controller.go

@@ -25,7 +25,6 @@ import (
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta"
 	"github.com/pkg/errors"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/cluster-api-provider-gcp/cloud"
@@ -52,7 +51,6 @@ import (
 type GCPManagedClusterReconciler struct {
 	client.Client
 	WatchFilterValue string
-	Scheme           *runtime.Scheme
 	ReconcileTimeout time.Duration
 }
 
@@ -106,7 +104,7 @@ func (r *GCPManagedClusterReconciler) Reconcile(ctx context.Context, req ctrl.Re
 		Namespace: cluster.Spec.ControlPlaneRef.Namespace,
 	}
 
-	log.V(4).Info("getting control plane %s", controlPlaneRef)
+	log.V(4).Info("getting control plane ", "ref", controlPlaneRef)
 	if err := r.Get(ctx, controlPlaneRef, controlPlane); err != nil {
 		if !apierrors.IsNotFound(err) || gcpCluster.DeletionTimestamp.IsZero() {
 			return ctrl.Result{}, fmt.Errorf("failed to get control plane ref: %w", err)
@@ -212,15 +210,15 @@ func (r *GCPManagedClusterReconciler) reconcile(ctx context.Context, clusterScop
 	record.Event(clusterScope.GCPManagedCluster, "GCPManagedClusterReconcile", "Ready")
 
 	controlPlaneEndpoint := clusterScope.GCPManagedControlPlane.Spec.Endpoint
+	clusterScope.SetControlPlaneEndpoint(controlPlaneEndpoint)
+
 	if controlPlaneEndpoint.IsZero() {
 		log.Info("GCPManagedControlplane does not have endpoint yet. Reconciling")
 		record.Event(clusterScope.GCPManagedCluster, "GCPManagedClusterReconcile", "Waiting for control-plane endpoint")
-		return ctrl.Result{RequeueAfter: 5 * time.Second}, nil
+	} else {
+		record.Eventf(clusterScope.GCPManagedCluster, "GCPManagedClusterReconcile", "Got control-plane endpoint - %s", controlPlaneEndpoint.Host)
 	}
 
-	clusterScope.SetControlPlaneEndpoint(controlPlaneEndpoint)
-	record.Eventf(clusterScope.GCPManagedCluster, "GCPManagedClusterReconcile", "Got control-plane endpoint - %s", controlPlaneEndpoint.Host)
-
 	return ctrl.Result{}, nil
 }
 

exp/controllers/gcpmanagedcontrolplane_controller.go

@@ -40,7 +40,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
-	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -50,7 +49,6 @@ import (
 type GCPManagedControlPlaneReconciler struct {
 	client.Client
 	ReconcileTimeout time.Duration
-	Scheme           *runtime.Scheme
 	WatchFilterValue string
 }