Add cluster-capi-operator integration

Author: mdbooth

Dockerfile.rhel

@@ -24,19 +24,26 @@ ENV GOPROXY=$goproxy
 COPY ./ ./
 
 # Build
-ARG package=.
 ARG ARCH
 ARG ldflags
 
-# Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
+WORKDIR /workspace/openshift
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
     go build -ldflags "${ldflags} -extldflags '-static'" \
-    -o manager ${package}
+    -o ../infracluster-controller cmd/manager.go
+
+WORKDIR /workspace
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
+    go build -ldflags "${ldflags} -extldflags '-static'" \
+    -o manager
 
 # Production image
 FROM registry.ci.openshift.org/ocp/4.16:base
 WORKDIR /
 COPY --from=builder /workspace/manager .
+COPY --from=builder /workspace/infracluster-controller .
+COPY ./openshift/manifests ./manifests
+
 # Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
 USER 65532
 ENTRYPOINT ["/manager"]

openshift/Makefile

@@ -0,0 +1,55 @@
+# Copyright 2023 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# 	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+manifests_dir ?= ./manifests
+manifests_prefix ?= 0000_30_cluster-api-provider-openstack_
+
+TOOLS_DIR=../hack/tools
+KUSTOMIZE=$(TOOLS_DIR)/bin/kustomize
+CONTROLLER_GEN=$(TOOLS_DIR)/bin/controller-gen
+
+define manifest_name
+    $(addsuffix ".yaml",$(addprefix $(manifests_dir)/$(manifests_prefix),$(1)))
+endef
+
+manifest_names = 00_credentials-request 04_infrastructure-components
+infrastructure_components = kustomize/cluster-capi-configmap/infrastructure-components.yaml
+infracluster_role = kustomize/infracluster-controller/role.yaml
+
+.PHONY: all_manifests
+all_manifests: $(foreach m,$(manifest_names),$(call manifest_name,$(m)))
+
+$(call manifest_name,00_credentials-request): $(KUSTOMIZE) ALWAYS | $(manifests_dir)
+	$(KUSTOMIZE) build kustomize/credentials-request > $@
+
+$(infrastructure_components): $(KUSTOMIZE) $(infracluster_role) ALWAYS
+	$(KUSTOMIZE) build kustomize/infrastructure-components > $@
+
+$(call manifest_name,04_infrastructure-components): $(KUSTOMIZE) $(infrastructure_components) ALWAYS | $(manifests_dir)
+	$(KUSTOMIZE) build kustomize/cluster-capi-configmap > $@
+
+$(infracluster_role): $(CONTROLLER_GEN) ALWAYS
+	$(CONTROLLER_GEN) rbac:roleName=infracluster-controller paths=./pkg/infracluster_controller output:stdout > $@
+
+$(manifests_dir):
+	mkdir -p $@
+
+$(KUSTOMIZE):
+	$(MAKE) -C $(TOOLS_DIR) bin/kustomize
+
+$(CONTROLLER_GEN):
+	$(MAKE) -C $(TOOLS_DIR) bin/controller-gen
+
+.PHONY: ALWAYS
+ALWAYS:

openshift/cmd/manager.go

@@ -0,0 +1,147 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"flag"
+	"os"
+
+	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
+	// to ensure that exec-entrypoint and run can make use of them.
+	_ "k8s.io/client-go/plugin/pkg/client/auth"
+
+	"k8s.io/apimachinery/pkg/fields"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+
+	//+kubebuilder:scaffold:imports
+
+	openshiftconfig "github.com/openshift/api/config/v1"
+	mapi "github.com/openshift/api/machine/v1beta1"
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/openshift/cluster-api-provider-openstack/openshift/pkg/infracluster_controller"
+	caposcheme "github.com/openshift/cluster-api-provider-openstack/openshift/pkg/scheme"
+	"sigs.k8s.io/cluster-api-provider-openstack/pkg/scope"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var (
+	scheme   = caposcheme.DefaultScheme()
+	setupLog = ctrl.Log.WithName("setup")
+)
+
+func main() {
+	var metricsAddr string
+	var enableLeaderElection bool
+	var probeAddr string
+	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
+	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
+	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
+		"Enable leader election for controller manager. "+
+			"Enabling this will ensure there is only one active controller manager.")
+	opts := zap.Options{
+		Development: true,
+	}
+	opts.BindFlags(flag.CommandLine)
+	flag.Parse()
+
+	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
+
+	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+		Scheme:                  scheme,
+		Metrics:                 metricsserver.Options{BindAddress: metricsAddr},
+		HealthProbeBindAddress:  probeAddr,
+		LeaderElection:          enableLeaderElection,
+		LeaderElectionID:        "infracluster-leader-election-capo",
+		LeaderElectionNamespace: infracluster_controller.CAPINamespace,
+		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
+		// when the Manager ends. This requires the binary to immediately end when the
+		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+		// speeds up voluntary leader transitions as the new leader don't have to wait
+		// LeaseDuration time first.
+		//
+		// In the default scaffold provided, the program ends immediately after
+		// the manager stops, so would be fine to enable this option. However,
+		// if you are doing or is intended to do any operation such as perform cleanups
+		// after the manager stops then its usage might be unsafe.
+		LeaderElectionReleaseOnCancel: true,
+
+		Cache: cache.Options{
+			// Restrict namespaced watches to the Cluster API namespace
+			DefaultNamespaces: map[string]cache.Config{
+				infracluster_controller.CAPINamespace: {},
+			},
+
+			ByObject: map[client.Object]cache.ByObject{
+				// MAPI Machines are in their own namespace
+				&mapi.Machine{}: {
+					Namespaces: map[string]cache.Config{
+						infracluster_controller.MAPINamespace: {},
+					},
+				},
+
+				// We only need to watch a single cluster operator
+				&openshiftconfig.ClusterOperator{}: {
+					Field: fields.OneTermEqualSelector("metadata.name", infracluster_controller.ClusterOperatorName),
+				},
+
+				// We only need to watch a single secret
+				&corev1.Secret{}: {
+					Namespaces: map[string]cache.Config{
+						infracluster_controller.CAPINamespace: {},
+					},
+					Field: fields.OneTermEqualSelector("metadata.name", infracluster_controller.CredentialsSecretName),
+				},
+			},
+		},
+	})
+	if err != nil {
+		setupLog.Error(err, "unable to start manager")
+		os.Exit(1)
+	}
+
+	//+kubebuilder:scaffold:builder
+
+	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to set up health check")
+		os.Exit(1)
+	}
+	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to set up ready check")
+		os.Exit(1)
+	}
+
+	if err := (&infracluster_controller.OpenShiftClusterReconciler{
+		Client:       mgr.GetClient(),
+		Recorder:     mgr.GetEventRecorderFor("openshiftcluster-controller"),
+		ScopeFactory: scope.ScopeFactory,
+	}).SetupWithManager(mgr, controller.Options{}); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "OpenStackCluster")
+		os.Exit(1)
+	}
+
+	setupLog.Info("starting manager")
+	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+		setupLog.Error(err, "problem running manager")
+		os.Exit(1)
+	}
+}

openshift/go.mod

@@ -0,0 +1,80 @@
+module github.com/openshift/cluster-api-provider-openstack/openshift
+
+go 1.20
+
+require (
+	github.com/go-logr/logr v1.2.4
+	github.com/gophercloud/gophercloud v1.7.0
+	github.com/openshift/api v0.0.0-20231003083825-c3f7566f6ef6
+	k8s.io/api v0.28.2
+	k8s.io/apimachinery v0.28.2
+	k8s.io/client-go v0.28.1
+	sigs.k8s.io/cluster-api v1.5.2
+	sigs.k8s.io/cluster-api-provider-openstack v0.8.0
+	sigs.k8s.io/controller-runtime v0.16.2
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/zapr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/mock v1.6.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.17.0 // indirect
+	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
+	github.com/prometheus/common v0.44.0 // indirect
+	github.com/prometheus/procfs v0.11.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.25.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.28.0 // indirect
+	k8s.io/component-base v0.28.1 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
+
+replace sigs.k8s.io/cluster-api-provider-openstack => ../