Use OCI artifacts for CAPI providers (#1429)

Issue: #1351

Author: mjura

test/e2e/const.go

@@ -30,6 +30,9 @@ var (
 	//go:embed data/capi-operator/capi-providers-legacy.yaml
 	CapiProvidersLegacy []byte
 
+	//go:embed data/capi-operator/capi-providers-oci.yaml
+	CapiProvidersOci []byte
+
 	//go:embed data/capi-operator/capv-provider.yaml
 	CapvProvider []byte
 

test/e2e/data/capi-operator/capi-providers-oci.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: capd-system
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+  name: docker
+  namespace: capd-system
+spec:
+  type: infrastructure
+  name: docker
+  version: {{ .ProviderVersion }}
+  fetchConfig:
+    oci: registry.rancher.com/rancher/cluster-api-operator-components:{{ .ProviderVersion }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: capi-kubeadm-bootstrap-system
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+  name: kubeadm-bootstrap
+  namespace: capi-kubeadm-bootstrap-system
+spec:
+  name: kubeadm
+  type: bootstrap
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: capi-kubeadm-control-plane-system
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+  name: kubeadm-control-plane
+  namespace: capi-kubeadm-control-plane-system
+spec:
+  name: kubeadm
+  type: controlPlane
+

test/e2e/data/capi-operator/gcp-provider.yaml

@@ -5,4 +5,4 @@ metadata:
   name: gcp
   namespace: capg-system
 spec:
-  type: infrastructure
+  type: infrastructure

test/e2e/suites/import-gitops-v3/import_gitops_v3_test.go

@@ -44,8 +44,11 @@ var _ = Describe("[Docker] [Kubeadm]  Create and delete CAPI cluster functionali
 	specs.CreateMgmtV3UsingGitOpsSpec(ctx, func() specs.CreateMgmtV3UsingGitOpsSpecInput {
 		testenv.CAPIOperatorDeployProvider(ctx, testenv.CAPIOperatorDeployProviderInput{
 			BootstrapClusterProxy: bootstrapClusterProxy,
-			CAPIProvidersYAML: [][]byte{
-				e2e.CapiProviders,
+			CAPIProvidersOCIYAML: []testenv.OCIProvider{
+				{
+					Name: "docker",
+					File: string(e2e.CapiProvidersOci),
+				},
 			},
 			WaitForDeployments: testenv.DefaultDeployments,
 		})

test/framework/kube_helper.go

@@ -314,3 +314,33 @@ func GetIngressHost(ctx context.Context, input GetIngressHostInput) string {
 	rule := ingress.Spec.Rules[input.IngressRuleIndex]
 	return rule.Host
 }
+
+// GetClusterctlInput represents the input parameters for retrieving the clusterctl config.
+type GetClusterctlInput struct {
+	// GetLister is a function that returns a lister for accessing Kubernetes resources.
+	GetLister framework.GetLister
+
+	// ConfigMapName is the name of the Ingress.
+	ConfigMapName string
+
+	// IngressNamespace is the namespace of the Ingress.
+	ConfigMapNamespace string
+}
+
+// GetClusterctlConfig gets clusterctl config
+func GetClusterctl(ctx context.Context, input GetClusterctlInput) string {
+	Expect(ctx).NotTo(BeNil(), "ctx is required for GetClusterctl")
+	Expect(input.GetLister).ToNot(BeNil(), "Invalid argument. input.GetLister can't be nil when calling GetClusterctl")
+
+	config := &corev1.ConfigMap{}
+	Eventually(func() error {
+		return input.GetLister.Get(ctx, client.ObjectKey{Namespace: input.ConfigMapNamespace, Name: input.ConfigMapName}, config)
+	}).Should(Succeed(), "Failed to get ConfigMap")
+	Byf("Found ConfigMap %s/%s", input.ConfigMapNamespace, input.ConfigMapName)
+	Byf("ConfigMap data: %v", config.Data)
+
+	Expect(config.Data).NotTo(BeNil(), "Expected ConfigMap to have data")
+	Expect(config.Data["clusterctl.yaml"]).NotTo(BeEmpty(), "Expected ConfigMap to have clusterctl.yaml data")
+
+	return config.Data["clusterctl.yaml"]
+}

test/go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/onsi/gomega v1.37.0
 	github.com/rancher/turtles v0.16.1-0.20250217112855-5adeb47014de
 	github.com/rancher/turtles/exp/day2 v0.0.0-20250217112855-5adeb47014de
+	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.31.6
 	k8s.io/apimachinery v0.31.6
 	k8s.io/client-go v0.31.6
@@ -160,7 +161,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.31.6 // indirect
 	k8s.io/apiserver v0.31.6 // indirect

test/testenv/operator.go

@@ -20,9 +20,11 @@ import (
 	"bytes"
 	"context"
 	"html/template"
+	"regexp"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"gopkg.in/yaml.v2"
 
 	appsv1 "k8s.io/api/apps/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -46,6 +48,9 @@ type CAPIOperatorDeployProviderInput struct {
 	// CAPIProvidersYAML is the YAML representation of the CAPI providers.
 	CAPIProvidersYAML [][]byte
 
+	// CAPIProvidersOCIYAML is the YAML representation of the CAPI providers with OCI.
+	CAPIProvidersOCIYAML []OCIProvider
+
 	// TemplateData is the data used for templating.
 	TemplateData TemplateData
 
@@ -62,11 +67,36 @@ type TemplateData struct {
 	GCPEncodedCredentials string `env:"CAPG_ENCODED_CREDS"`
 }
 
+// ProviderTemplateData contains variables used for templating
+type ProviderTemplateData struct {
+	// ProviderVersion is the version of the provider
+	ProviderVersion string
+}
+
 type NamespaceName struct {
 	Name      string
 	Namespace string
 }
 
+type OCIProvider struct {
+	Name string
+	File string
+}
+
+// Provider represents a cluster-api provider with version
+type Provider struct {
+	Name    string `yaml:"name"`
+	Type    string `yaml:"type"`
+	URL     string `yaml:"url"`
+	Version string // Parsed from URL
+}
+
+// ClusterctlConfig represents the structure of clusterctl.yaml
+type ClusterctlConfig struct {
+	Images    map[string]interface{} `yaml:"images"`
+	Providers []Provider             `yaml:"providers"`
+}
+
 // CAPIOperatorDeployProvider deploys the CAPI operator providers.
 // It expects the required input parameters to be non-nil.
 // It iterates over the CAPIProvidersSecretsYAML and applies them. Then, it applies the CAPI operator providers.
@@ -76,7 +106,11 @@ func CAPIOperatorDeployProvider(ctx context.Context, input CAPIOperatorDeployPro
 
 	Expect(ctx).NotTo(BeNil(), "ctx is required for CAPIOperatorDeployProvider")
 	Expect(input.BootstrapClusterProxy).ToNot(BeNil(), "BootstrapClusterProxy is required for CAPIOperatorDeployProvider")
-	Expect(input.CAPIProvidersYAML).ToNot(BeNil(), "CAPIProvidersYAML is required for CAPIOperatorDeployProvider")
+	// Ensure at least one provider source is available
+	if (input.CAPIProvidersYAML == nil || len(input.CAPIProvidersYAML) == 0) &&
+		(input.CAPIProvidersOCIYAML == nil || len(input.CAPIProvidersOCIYAML) == 0) {
+		Expect(false).To(BeTrue(), "Either CAPIProvidersYAML or CAPIProvidersOCIYAML must be provided")
+	}
 
 	for _, secret := range input.CAPIProvidersSecretsYAML {
 		secret := secret
@@ -95,6 +129,27 @@ func CAPIOperatorDeployProvider(ctx context.Context, input CAPIOperatorDeployPro
 		Expect(turtlesframework.Apply(ctx, input.BootstrapClusterProxy, provider)).To(Succeed(), "Failed to add CAPI operator providers")
 	}
 
+	for _, ociProvider := range input.CAPIProvidersOCIYAML {
+		if ociProvider.Name != "" && ociProvider.File != "" {
+			By("Adding CAPI Operator provider from OCI: " + ociProvider.Name)
+
+			clusterctl := turtlesframework.GetClusterctl(ctx, turtlesframework.GetClusterctlInput{
+				GetLister:          input.BootstrapClusterProxy.GetClient(),
+				ConfigMapNamespace: "rancher-turtles-system",
+				ConfigMapName:      "clusterctl-config",
+			})
+
+			providerVersion := getProviderVersion(clusterctl, ociProvider.Name)
+			By("Using provider version " + providerVersion + " provider " + ociProvider.Name)
+			Expect(providerVersion).ToNot(BeEmpty(), "Failed to get provider versions from file")
+
+			Expect(turtlesframework.ApplyFromTemplate(ctx, turtlesframework.ApplyFromTemplateInput{
+				Proxy:    input.BootstrapClusterProxy,
+				Template: renderProviderTemplate(ociProvider.File, ProviderTemplateData{ProviderVersion: providerVersion}),
+			})).To(Succeed(), "Failed to apply secret for capi providers")
+		}
+	}
+
 	if len(input.WaitForDeployments) == 0 {
 		By("No deployments to wait for")
 
@@ -129,3 +184,44 @@ func getFullProviderVariables(operatorTemplate string, data TemplateData) []byte
 
 	return renderedTemplate.Bytes()
 }
+
+func renderProviderTemplate(operatorTemplateFile string, data ProviderTemplateData) []byte {
+	Expect(turtlesframework.Parse(&data)).To(Succeed(), "Failed to parse environment variables")
+
+	t := template.New("capi-operator")
+	t, err := t.Parse(operatorTemplateFile)
+	Expect(err).ShouldNot(HaveOccurred(), "Failed to parse template")
+
+	var renderedTemplate bytes.Buffer
+	err = t.Execute(&renderedTemplate, data)
+	Expect(err).NotTo(HaveOccurred(), "Failed to execute template")
+
+	return renderedTemplate.Bytes()
+}
+
+// getProviderVersionsFromFile reads the local config.yaml file and parses provider versions
+func getProviderVersion(clusterctlYaml string, name string) string {
+	var config ClusterctlConfig
+	err := yaml.Unmarshal([]byte(clusterctlYaml), &config)
+	Expect(err).ShouldNot(HaveOccurred(), "Failed to parse clusterctl.yaml content")
+
+	// Extract versions from provider URLs
+	versionRegex := regexp.MustCompile(`/releases/(v?[0-9]+\.[0-9]+\.[0-9]+(?:-[a-zA-Z0-9.-]+)?)/`)
+
+	for _, provider := range config.Providers {
+		if provider.Name == name {
+			return extractVersionFromURL(provider.URL, versionRegex)
+		}
+	}
+
+	return ""
+}
+
+// extractVersionFromURL extracts version from GitHub release URL
+func extractVersionFromURL(url string, regex *regexp.Regexp) string {
+	matches := regex.FindStringSubmatch(url)
+	if len(matches) > 1 {
+		return matches[1]
+	}
+	return ""
+}