Embed CAPI Operator reconcile inside turtles pod

.github/workflows/test_chart.yaml

@@ -51,9 +51,6 @@ jobs:
       - name: Build docker image
         run: make docker-build
 
-      - name: Add CAPI operator chart repo
-        run: helm repo add capi-operator https://kubernetes-sigs.github.io/cluster-api-operator
-
       - name: Package operator chart
         run: make release-chart
 

Makefile

@@ -559,7 +559,6 @@ build-chart: $(HELM) $(KUSTOMIZE) $(RELEASE_DIR) $(CHART_RELEASE_DIR) $(CHART_PA
 	$(KUSTOMIZE) build ./config/operatorchart > $(CHART_DIR)/templates/operator-crds.yaml
 	$(KUSTOMIZE) build ./exp/day2/config/chart > $(CHART_DIR)/templates/rancher-turtles-exp-day2-components.yaml
 	$(KUSTOMIZE) build ./exp/clusterclass/config/default > $(CHART_DIR)/templates/rancher-turtles-exp-clusterclass-components.yaml
-	./scripts/process-manifests.sh embedded-operator $(CHART_DIR)/templates/operator-crds.yaml
 	./scripts/process-manifests.sh day2operations $(CHART_DIR)/templates/rancher-turtles-exp-day2-components.yaml
 	./scripts/process-manifests.sh clusterclass-operations $(CHART_DIR)/templates/rancher-turtles-exp-clusterclass-components.yaml
 	cp -rf $(CHART_DIR)/* $(CHART_RELEASE_DIR)

charts/rancher-turtles/Chart.yaml

@@ -11,11 +11,6 @@ keywords:
 - cluster-api
 - capi
 - provisioning
-dependencies:
-  - name: cluster-api-operator
-    version: v0.18.1
-    repository: https://kubernetes-sigs.github.io/cluster-api-operator
-    condition: cluster-api-operator.enabled
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension

charts/rancher-turtles/questions.yml

@@ -8,11 +8,6 @@ questions:
     show_subquestion_if: true
     group: "Rancher Turtles Extra Settings"
     subquestions:
-      - variable: cluster-api-operator.cert-manager.enabled
-        default: false
-        type: boolean
-        description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually."
-        label: "Enable Cert Manager"
       - variable: turtlesUI.enabled
         default: false
         type: boolean
@@ -51,9 +46,4 @@ questions:
         description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles."
         type: boolean
         group: "ETCD Backup and Restore Settings"
-        show_if: "rancherTurtles.features.day2operations.enabled"
-      - variable: rancherTurtles.features.embedded-operator.enabled
-        label: "Enable Turtles Embedded Operator"
-        description: "[ALPHA] Enable Turtles Embedded Operator functionality in Rancher Turtles."
-        type: boolean
-        group: "Embedded operator"
+        show_if: "rancherTurtles.features.day2operations.enabled"

charts/rancher-turtles/templates/clusterctl-config.yaml

@@ -1,7 +1,5 @@
-{{- if index .Values "rancherTurtles" "features" "embedded-operator" "enabled" }}
-apiversion: v1
+apiVersion: v1
 kind: ConfigMap
 metadata:
   name: clusterctl-config
-  namespace: '{{ .Values.rancherTurtles.namespace }}'
-{{- end}}
+  namespace: '{{ .Values.rancherTurtles.namespace }}'

charts/rancher-turtles/templates/deployment.yaml

@@ -71,20 +71,16 @@ spec:
           requests:
             cpu: 10m
             memory: 128Mi
-        {{- if index .Values "rancherTurtles" "features" "embedded-operator" "enabled" }}
         {{- with .Values.rancherTurtles.volumeMounts.manager }}
         volumeMounts:
         {{- toYaml . | nindent 12 }}
         {{- end }}
-        {{- end }}
       serviceAccountName: rancher-turtles-manager
       terminationGracePeriodSeconds: 10
-      {{- if index .Values "rancherTurtles" "features" "embedded-operator" "enabled" }}
       {{- with .Values.rancherTurtles.volumes }}
       volumes:
       {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- end }}
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master

charts/rancher-turtles/templates/operator-crds.yaml

@@ -1,4 +1,3 @@
-{{- if index .Values "rancherTurtles" "features" "embedded-operator" "enabled" }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -21810,4 +21809,17 @@ spec:
     storage: true
     subresources:
       status: {}
-{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rancher-turtles/aggregate-to-manager: "true"
+  name: rancher-turtles-operator-admin
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'

charts/rancher-turtles/values.schema.json

@@ -128,17 +128,6 @@
                 }
               }
             },
-            "embedded-operator": {
-              "type": "object",
-              "description": "Enable embedded operator controller loops.",
-              "properties": {
-                "enabled": {
-                  "type": "boolean",
-                  "default": false,
-                  "description": "Turn on or off."
-                }
-              }
-            },
             "clusterclass-operations": {
               "type": "object",
               "description": "Alpha feature. Not ready for testing yet.",
@@ -220,139 +209,6 @@
       "type": "object",
       "description": "Manages Cluster API components.",
       "properties": {
-        "enabled": {
-          "type": "boolean",
-          "default": true,
-          "description": "Turn on or off."
-        },
-        "cert-manager": {
-          "type": "object",
-          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "default": false,
-              "description": "Turn on or off."
-            }
-          }
-        },
-        "volumes": {
-          "type": "array",
-          "description": "Volumes for operator pods (certs, config).",
-          "items": {
-            "type": "object",
-            "oneOf": [
-              {
-                "required": ["name", "secret"],
-                "properties": {
-                  "name": { "type": "string" },
-                  "secret": {
-                    "type": "object",
-                    "properties": {
-                      "defaultMode": {
-                        "type": "integer",
-                        "default": 420,
-                        "description": "File permissions."
-                      },
-                      "secretName": {
-                        "type": "string",
-                        "default": "capi-operator-webhook-service-cert",
-                        "description": "Secret for webhook certs."
-                      }
-                    }
-                  }
-                }
-              },
-              {
-                "required": ["name", "configMap"],
-                "properties": {
-                  "name": { "type": "string" },
-                  "configMap": {
-                    "type": "object",
-                    "properties": {
-                      "name": {
-                        "type": "string",
-                        "default": "clusterctl-config",
-                        "description": "ConfigMap for clusterctl."
-                      }
-                    }
-                  }
-                }
-              }
-            ]
-          }
-        },
-        "image": {
-          "type": "object",
-          "properties": {
-            "manager": {
-              "type": "object",
-              "properties": {
-                "repository": {
-                  "type": "string",
-                  "default": "registry.rancher.com/rancher/cluster-api-operator",
-                  "description": "Image repo."
-                }
-              }
-            }
-          }
-        },
-        "volumeMounts": {
-          "type": "object",
-          "properties": {
-            "manager": {
-              "type": "array",
-              "description": "Mount volumes to pods.",
-              "items": {
-                "type": "object",
-                "properties": {
-                  "mountPath": { "type": "string" },
-                  "name": { "type": "string" },
-                  "readOnly": {
-                    "type": "boolean",
-                    "default": true,
-                    "description": "Mount as read-only."
-                  }
-                }
-              }
-            }
-          }
-        },
-        "resources": {
-          "type": "object",
-          "properties": {
-            "manager": {
-              "type": "object",
-              "properties": {
-                "limits": {
-                  "type": "object",
-                  "properties": {
-                    "cpu": {
-                      "type": "string",
-                      "description": "CPU limit."
-                    },
-                    "memory": {
-                      "type": "string",
-                      "description": "Memory limit."
-                    }
-                  }
-                },
-                "requests": {
-                  "type": "object",
-                  "properties": {
-                    "cpu": {
-                      "type": "string",
-                      "description": "CPU request."
-                    },
-                    "memory": {
-                      "type": "string",
-                      "description": "Memory request."
-                    }
-                  }
-                }
-              }
-            }
-          }
-        },
         "cleanup": {
           "type": "boolean",
           "default": true,

charts/rancher-turtles/values.yaml

@@ -25,10 +25,6 @@ rancherTurtles:
   kubectlImage: registry.k8s.io/kubernetes/kubectl:v1.30.0
   # features: Optional and experimental features.
   features:
-    # embedded-operator: Embed operator controller loops.
-    embedded-operator:
-      # enabled: Turn on or off.
-      enabled: false
     # day2operations: Alpha feature.
     day2operations:
       # enabled: Turn on or off.
@@ -70,48 +66,6 @@ rancherTurtles:
 
 # cluster-api-operator: Manages Cluster API components.
 cluster-api-operator:
-  # enabled: Turn on or off.
-  enabled: true
-  # cert-manager: Cert-manager integration.
-  cert-manager:
-    # enabled: Turn on or off.
-    enabled: false
-  # volumes: Volumes for operator pods (certs, config).
-  volumes:
-    - name: cert
-      secret:
-        # defaultMode: File permissions.
-        defaultMode: 420
-        # secretName: Secret for webhook certs.
-        secretName: capi-operator-webhook-service-cert
-    - name: clusterctl-config
-      configMap:
-        # name: ConfigMap for clusterctl.
-        name: clusterctl-config
-  resources:
-    manager:
-      limits:
-        cpu: 100m
-        memory: 300Mi
-      requests:
-        cpu: 100m
-        memory: 100Mi
-  # image: Operator manager image.
-  image:
-    manager:
-      # repository: Image repo.
-      repository: registry.rancher.com/rancher/cluster-api-operator
-  # volumeMounts: Mount volumes to pods.
-  volumeMounts:
-    manager:
-      - mountPath: /tmp/k8s-webhook-server/serving-certs
-        name: cert
-        # readOnly: Mount as read-only.
-        readOnly: true
-      - mountPath: /config
-        name: clusterctl-config
-        # readOnly: Mount as read-only.
-        readOnly: true
   # cleanup: Enable cleanup tasks.
   cleanup: true
   # cluster-api: Cluster API component settings.

config/operator/bases/operator_role.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rancher-turtles/aggregate-to-manager: "true"
+  name: operator-admin
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'

config/operator/kustomization.yaml

@@ -9,6 +9,7 @@ resources:
 - bases/operator.cluster.x-k8s.io_infrastructureproviders.yaml
 - bases/operator.cluster.x-k8s.io_ipamproviders.yaml
 - bases/operator.cluster.x-k8s.io_runtimeextensionproviders.yaml
+- bases/operator_role.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patches:

feature/feature.go

@@ -28,17 +28,13 @@ const (
 
 	// UIPlugin if enabled Turtles will install and manage UIPlugin resource for CAPI UI.
 	UIPlugin featuregate.Feature = "ui-plugin"
-
-	// EmbeddedOperator is enabled when Turtles will perform operator tasks for CAPI.
-	EmbeddedOperator featuregate.Feature = "embedded-operator"
 )
 
 func init() {
 	utilruntime.Must(MutableGates.Add(defaultGates))
 }
 
 var defaultGates = map[featuregate.Feature]featuregate.FeatureSpec{
-	AgentTLSMode:     {Default: true, PreRelease: featuregate.Beta},
-	UIPlugin:         {Default: false, PreRelease: featuregate.Alpha},
-	EmbeddedOperator: {Default: false, PreRelease: featuregate.Alpha},
+	AgentTLSMode: {Default: true, PreRelease: featuregate.Beta},
+	UIPlugin:     {Default: false, PreRelease: featuregate.Alpha},
 }