build: add scripts to sync Nutanix CCM manifests

Author: dkoshkin

charts/cluster-api-runtime-extensions-nutanix/README.md

@@ -31,6 +31,9 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | deployDefaultClusterClasses | bool | `true` |  |
 | deployment.replicas | int | `1` |  |
 | env | object | `{}` |  |
+| hooks.ccm.nutanix.crsStrategy.defaultInstallationConfigMap.name | string | `"nutanix-ccm"` |  |
+| hooks.ccm.nutanix.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
+| hooks.ccm.nutanix.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-nutanix-ccm-helm-values-template"` |  |
 | hooks.clusterAutoscaler.crsStrategy.defaultInstallationConfigMap.name | string | `"cluster-autoscaler"` |  |
 | hooks.clusterAutoscaler.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.clusterAutoscaler.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-cluster-autoscaler-helm-values-template"` |  |

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/nutanix/manifests/helm-addon-installation.yaml

@@ -0,0 +1,20 @@
+# Copyright 2024 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.hooks.clusterAutoscaler.helmAddonStrategy.defaultValueTemplateConfigMap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: '{{ .Values.hooks.ccm.nutanix.helmAddonStrategy.defaultValueTemplateConfigMap.name }}'
+data:
+  values.yaml: |-
+    ---
+    prismCentralEndPoint: {{ `{{ .PrismCentralEndpoint.Host }}` }}
+    prismCentralPort: {{ `{{ .PrismCentralEndpoint.Port }}` }}
+    prismCentralInsecure: {{ `{{ .PrismCentralEndpoint.Insecure }}` }}
+    prismCentralAdditionalTrustBundle: {{ `"{{ or .PrismCentralEndpoint.AdditionalTrustBundle "" }}"`  }}
+
+    # The Secret containing the credentials will be created by the handler.
+    createSecret: false
+    secretName: nutanix-ccm-credentials
+{{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/nutanix/manifests/nutanix-ccm-configmap.yaml

@@ -0,0 +1,183 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+#=================================================================
+#                 DO NOT EDIT THIS FILE
+#  IT HAS BEEN GENERATED BY /hack/addons/nutanix-ccm.sh
+#=================================================================
+apiVersion: v1
+data:
+  nutanix-ccm.yaml: |
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      annotations:
+        rbac.authorization.kubernetes.io/autoupdate: "true"
+      name: system:cloud-controller-manager
+    rules:
+    - apiGroups:
+      - ""
+      resources:
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - create
+      - patch
+      - update
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      verbs:
+      - '*'
+    - apiGroups:
+      - ""
+      resources:
+      - nodes/status
+      verbs:
+      - patch
+    - apiGroups:
+      - ""
+      resources:
+      - serviceaccounts
+      verbs:
+      - create
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+    - apiGroups:
+      - coordination.k8s.io
+      resources:
+      - leases
+      verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      name: system:cloud-controller-manager
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: system:cloud-controller-manager
+    subjects:
+    - kind: ServiceAccount
+      name: cloud-controller-manager
+      namespace: kube-system
+    ---
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      labels:
+        k8s-app: nutanix-cloud-controller-manager
+      name: nutanix-cloud-controller-manager
+      namespace: kube-system
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          k8s-app: nutanix-cloud-controller-manager
+      strategy:
+        type: Recreate
+      template:
+        metadata:
+          labels:
+            k8s-app: nutanix-cloud-controller-manager
+        spec:
+          affinity:
+            podAntiAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+              - labelSelector:
+                  matchLabels:
+                    k8s-app: nutanix-cloud-controller-manager
+                topologyKey: kubernetes.io/hostname
+          containers:
+          - args:
+            - --leader-elect=true
+            - --cloud-config=/etc/cloud/nutanix_config.json
+            env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            image: ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller:v0.3.2
+            imagePullPolicy: IfNotPresent
+            name: nutanix-cloud-controller-manager
+            resources:
+              requests:
+                cpu: 100m
+                memory: 50Mi
+            volumeMounts:
+            - mountPath: /etc/cloud
+              name: nutanix-config-volume
+              readOnly: true
+          dnsPolicy: Default
+          hostNetwork: true
+          nodeSelector:
+            node-role.kubernetes.io/control-plane: ""
+          priorityClassName: system-cluster-critical
+          serviceAccountName: cloud-controller-manager
+          tolerations:
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/master
+            operator: Exists
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+            operator: Exists
+          - effect: NoExecute
+            key: node.kubernetes.io/unreachable
+            operator: Exists
+            tolerationSeconds: 120
+          - effect: NoExecute
+            key: node.kubernetes.io/not-ready
+            operator: Exists
+            tolerationSeconds: 120
+          - effect: NoSchedule
+            key: node.cloudprovider.kubernetes.io/uninitialized
+            operator: Exists
+          - effect: NoSchedule
+            key: node.kubernetes.io/not-ready
+            operator: Exists
+          volumes:
+          - configMap:
+              name: nutanix-config
+            name: nutanix-config-volume
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: '{{ .Values.hooks.ccm.nutanix.crsStrategy.defaultInstallationConfigMap.name
+    }}'

charts/cluster-api-runtime-extensions-nutanix/values.yaml

@@ -49,6 +49,15 @@ hooks:
         defaultValueTemplateConfigMap:
           create: true
           name: default-nutanix-csi-helm-values-template
+  ccm:
+    nutanix:
+      crsStrategy:
+        defaultInstallationConfigMap:
+          name: nutanix-ccm
+      helmAddonStrategy:
+        defaultValueTemplateConfigMap:
+          create: true
+          name: default-nutanix-ccm-helm-values-template
   nfd:
     crsStrategy:
       defaultInstallationConfigMap:

hack/addons/kustomize/nutanix-ccm/helm-values.yaml

@@ -0,0 +1,8 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+---
+# The Secret containing the credentials is expected to already exist.
+createSecret: false
+# The ConfigMap containing the PC details will be created by the handler.
+createConfig: false

hack/addons/kustomize/nutanix-ccm/kustomization.yaml.tmpl

@@ -0,0 +1,18 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: nutanix-ccm-kustomize
+
+helmCharts:
+- name: nutanix-cloud-provider
+  namespace: kube-system
+  repo: https://nutanix.github.io/helm/
+  releaseName: nutanix-ccm
+  version: ${NUTANIX_CCM_CHART_VERSION}
+  valuesFile: helm-values.yaml
+  includeCRDs: true
+  skipTests: true

hack/addons/update-nutanix-ccm.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly SCRIPT_DIR
+
+# shellcheck source=hack/common.sh
+source "${SCRIPT_DIR}/../common.sh"
+
+if [ -z "${NUTANIX_CCM_CHART_VERSION:-}" ]; then
+  echo "Missing argument: NUTANIX_CCM_CHART_VERSION"
+  exit 1
+fi
+
+ASSETS_DIR="$(mktemp -d -p "${TMPDIR:-/tmp}")"
+readonly ASSETS_DIR
+trap_add "rm -rf ${ASSETS_DIR}" EXIT
+
+readonly FILE_NAME="nutanix-ccm.yaml"
+
+readonly KUSTOMIZE_BASE_DIR="${SCRIPT_DIR}/kustomize/nutanix-ccm/"
+envsubst -no-unset <"${KUSTOMIZE_BASE_DIR}/kustomization.yaml.tmpl" >"${ASSETS_DIR}/kustomization.yaml"
+cp "${KUSTOMIZE_BASE_DIR}"/*.yaml "${ASSETS_DIR}"
+
+kustomize build --enable-helm "${ASSETS_DIR}" >"${ASSETS_DIR}/${FILE_NAME}"
+
+kubectl create configmap "{{ .Values.hooks.ccm.nutanix.crsStrategy.defaultInstallationConfigMap.name }}" --dry-run=client --output yaml \
+  --from-file "${ASSETS_DIR}/${FILE_NAME}" \
+  >"${ASSETS_DIR}/nutanix-ccm-configmap.yaml"
+
+# add warning not to edit file directly
+cat <<EOF >"${GIT_REPO_ROOT}/charts/cluster-api-runtime-extensions-nutanix/templates/ccm/nutanix/manifests/nutanix-ccm-configmap.yaml"
+$(cat "${GIT_REPO_ROOT}/hack/license-header.yaml.txt")
+
+#=================================================================
+#                 DO NOT EDIT THIS FILE
+#  IT HAS BEEN GENERATED BY /hack/addons/nutanix-ccm.sh
+#=================================================================
+$(cat "${ASSETS_DIR}/nutanix-ccm-configmap.yaml")
+EOF

make/addons.mk

@@ -8,14 +8,17 @@ export CLUSTER_AUTOSCALER_VERSION := 9.35.0
 export AWS_CSI_SNAPSHOT_CONTROLLER_VERSION := v6.3.3
 export AWS_EBS_CSI_CHART_VERSION := v2.28.1
 export NUTANIX_CSI_CHART_VERSION := v2.6.6
+
 # a map of AWS CCM versions
 export AWS_CCM_VERSION_127 := v1.27.1
 export AWS_CCM_CHART_VERSION_127 := 0.0.8
 export AWS_CCM_VERSION_128 := v1.28.1
 export AWS_CCM_CHART_VERSION_128 := 0.0.8
 
+export NUTANIX_CCM_CHART_VERSION := 0.3.3
+
 .PHONY: addons.sync
-addons.sync: $(addprefix update-addon.,calico cilium nfd cluster-autoscaler aws-ebs-csi aws-ccm.127 aws-ccm.128)
+addons.sync: $(addprefix update-addon.,calico cilium nfd cluster-autoscaler aws-ebs-csi aws-ccm.127 aws-ccm.128 nutanix-ccm)
 
 .PHONY: update-addon.calico
 update-addon.calico: ; $(info $(M) updating calico manifests)
@@ -44,3 +47,7 @@ update-addon.aws-ccm.%: ; $(info $(M) updating aws ccm $* manifests)
 .PHONY: update-addon.nutanix-csi
 update-addon.nutanix-csi: ; $(info $(M) updating nutanix csi manifests)
 	./hack/addons/update-nutanix-csi.sh
+
+.PHONY: update-addon.nutanix-ccm
+update-addon.nutanix-ccm: ; $(info $(M) updating nutanix ccm $* manifests)
+	./hack/addons/update-nutanix-ccm.sh