build: add tooling to generate examples files

dkoshkin · dkoshkin · commit 0cc9e28b1859 · 2023-09-12T10:41:54.000-07:00
diff --git a/README.md b/README.md
@@ -23,18 +23,16 @@ example), run:
 make SKIP_BUILD=true dev.run-on-kind
 ```
 
-To create a cluster with [clusterctl](https://cluster-api.sigs.k8s.io/user/quick-start.html), and label it for Calico
-CNI at the same time, run:
+To create the ClusterClass and it's Templates with this runtime extension enabled, run:
 
 ```shell
-clusterctl generate cluster capi-quickstart \
-  --flavor development \
-  --kubernetes-version v1.27.2 \
-  --control-plane-machine-count=1 \
-  --worker-machine-count=1 | \
-gojq --yaml-input --yaml-output \
-  '. | (select(.kind=="Cluster").metadata.labels["capiext.labs.d2iq.io/cni"]|="calico")' | \
-kubectl apply --server-side -f -
+kubectl apply --server-side -f examples/capi-quickstart/cluster-class.yaml
+```
+
+To create a cluster, update `clusterConfig` variable and run:
+
+```shell
+kubectl apply --server-side -f examples/capi-quickstart/cluster.yaml
 ```
 
 Wait until control plane is ready:
diff --git a/examples/capi-quickstart/cluster-class.yaml b/examples/capi-quickstart/cluster-class.yaml
@@ -0,0 +1,274 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: ClusterClass
+metadata:
+  name: quick-start
+  namespace: default
+spec:
+  controlPlane:
+    machineInfrastructure:
+      ref:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        kind: DockerMachineTemplate
+        name: quick-start-control-plane
+    ref:
+      apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+      kind: KubeadmControlPlaneTemplate
+      name: quick-start-control-plane
+  infrastructure:
+    ref:
+      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+      kind: DockerClusterTemplate
+      name: quick-start-cluster
+  patches:
+    - definitions:
+        - jsonPatches:
+            - op: add
+              path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/imageRepository
+              valueFrom:
+                variable: imageRepository
+          selector:
+            apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+            kind: KubeadmControlPlaneTemplate
+            matchResources:
+              controlPlane: true
+      description: Sets the imageRepository used for the KubeadmControlPlane.
+      enabledIf: '{{ ne .imageRepository "" }}'
+      name: imageRepository
+    - definitions:
+        - jsonPatches:
+            - op: add
+              path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/etcd
+              valueFrom:
+                template: |
+                  local:
+                    imageTag: {{ .etcdImageTag }}
+          selector:
+            apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+            kind: KubeadmControlPlaneTemplate
+            matchResources:
+              controlPlane: true
+      description: Sets tag to use for the etcd image in the KubeadmControlPlane.
+      name: etcdImageTag
+    - definitions:
+        - jsonPatches:
+            - op: add
+              path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/dns
+              valueFrom:
+                template: |
+                  imageTag: {{ .coreDNSImageTag }}
+          selector:
+            apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+            kind: KubeadmControlPlaneTemplate
+            matchResources:
+              controlPlane: true
+      description: Sets tag to use for the etcd image in the KubeadmControlPlane.
+      name: coreDNSImageTag
+    - definitions:
+        - jsonPatches:
+            - op: add
+              path: /spec/template/spec/customImage
+              valueFrom:
+                template: |
+                  kindest/node:{{ .builtin.machineDeployment.version | replace "+" "_" }}
+          selector:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+            kind: DockerMachineTemplate
+            matchResources:
+              machineDeploymentClass:
+                names:
+                  - default-worker
+        - jsonPatches:
+            - op: add
+              path: /spec/template/spec/customImage
+              valueFrom:
+                template: |
+                  kindest/node:{{ .builtin.controlPlane.version | replace "+" "_" }}
+          selector:
+            apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+            kind: DockerMachineTemplate
+            matchResources:
+              controlPlane: true
+      description: Sets the container image that is used for running dockerMachines for the controlPlane and default-worker machineDeployments.
+      name: customImage
+    - definitions:
+        - jsonPatches:
+            - op: add
+              path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs
+              value:
+                admission-control-config-file: /etc/kubernetes/kube-apiserver-admission-pss.yaml
+            - op: add
+              path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraVolumes
+              value:
+                - hostPath: /etc/kubernetes/kube-apiserver-admission-pss.yaml
+                  mountPath: /etc/kubernetes/kube-apiserver-admission-pss.yaml
+                  name: admission-pss
+                  pathType: File
+                  readOnly: true
+            - op: add
+              path: /spec/template/spec/kubeadmConfigSpec/files
+              valueFrom:
+                template: |
+                  - content: |
+                      apiVersion: apiserver.config.k8s.io/v1
+                      kind: AdmissionConfiguration
+                      plugins:
+                      - name: PodSecurity
+                        configuration:
+                          apiVersion: pod-security.admission.config.k8s.io/v1{{ if semverCompare "< v1.25" .builtin.controlPlane.version }}beta1{{ end }}
+                          kind: PodSecurityConfiguration
+                          defaults:
+                            enforce: "{{ .podSecurityStandard.enforce }}"
+                            enforce-version: "latest"
+                            audit: "{{ .podSecurityStandard.audit }}"
+                            audit-version: "latest"
+                            warn: "{{ .podSecurityStandard.warn }}"
+                            warn-version: "latest"
+                          exemptions:
+                            usernames: []
+                            runtimeClasses: []
+                            namespaces: [kube-system]
+                    path: /etc/kubernetes/kube-apiserver-admission-pss.yaml
+          selector:
+            apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+            kind: KubeadmControlPlaneTemplate
+            matchResources:
+              controlPlane: true
+      description: Adds an admission configuration for PodSecurity to the kube-apiserver.
+      enabledIf: '{{ .podSecurityStandard.enabled }}'
+      name: podSecurityStandard
+    - external:
+        discoverVariablesExtension: clusterconfigvars.capi-runtime-extensions
+        generateExtension: clusterconfigpatch.capi-runtime-extensions
+      name: cluster-config
+  variables:
+    - name: imageRepository
+      required: true
+      schema:
+        openAPIV3Schema:
+          default: ""
+          description: imageRepository sets the container registry to pull images from. If empty, nothing will be set and the from of kubeadm will be used.
+          example: registry.k8s.io
+          type: string
+    - name: etcdImageTag
+      required: true
+      schema:
+        openAPIV3Schema:
+          default: ""
+          description: etcdImageTag sets the tag for the etcd image.
+          example: 3.5.3-0
+          type: string
+    - name: coreDNSImageTag
+      required: true
+      schema:
+        openAPIV3Schema:
+          default: ""
+          description: coreDNSImageTag sets the tag for the coreDNS image.
+          example: v1.8.5
+          type: string
+    - name: podSecurityStandard
+      required: false
+      schema:
+        openAPIV3Schema:
+          properties:
+            audit:
+              default: restricted
+              description: audit sets the level for the audit PodSecurityConfiguration mode. One of privileged, baseline, restricted.
+              type: string
+            enabled:
+              default: true
+              description: enabled enables the patches to enable Pod Security Standard via AdmissionConfiguration.
+              type: boolean
+            enforce:
+              default: baseline
+              description: enforce sets the level for the enforce PodSecurityConfiguration mode. One of privileged, baseline, restricted.
+              type: string
+            warn:
+              default: restricted
+              description: warn sets the level for the warn PodSecurityConfiguration mode. One of privileged, baseline, restricted.
+              type: string
+          type: object
+  workers:
+    machineDeployments:
+      - class: default-worker
+        template:
+          bootstrap:
+            ref:
+              apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+              kind: KubeadmConfigTemplate
+              name: quick-start-default-worker-bootstraptemplate
+          infrastructure:
+            ref:
+              apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+              kind: DockerMachineTemplate
+              name: quick-start-default-worker-machinetemplate
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerClusterTemplate
+metadata:
+  name: quick-start-cluster
+  namespace: default
+spec:
+  template:
+    spec: {}
+---
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+kind: KubeadmControlPlaneTemplate
+metadata:
+  name: quick-start-control-plane
+  namespace: default
+spec:
+  template:
+    spec:
+      kubeadmConfigSpec:
+        clusterConfiguration:
+          apiServer:
+            certSANs:
+              - localhost
+              - 127.0.0.1
+              - 0.0.0.0
+              - host.docker.internal
+          controllerManager:
+            extraArgs:
+              enable-hostpath-provisioner: "true"
+        initConfiguration:
+          nodeRegistration: {}
+        joinConfiguration:
+          nodeRegistration: {}
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerMachineTemplate
+metadata:
+  name: quick-start-control-plane
+  namespace: default
+spec:
+  template:
+    spec:
+      extraMounts:
+        - containerPath: /var/run/docker.sock
+          hostPath: /var/run/docker.sock
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerMachineTemplate
+metadata:
+  name: quick-start-default-worker-machinetemplate
+  namespace: default
+spec:
+  template:
+    spec:
+      extraMounts:
+        - containerPath: /var/run/docker.sock
+          hostPath: /var/run/docker.sock
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+kind: KubeadmConfigTemplate
+metadata:
+  name: quick-start-default-worker-bootstraptemplate
+  namespace: default
+spec:
+  template:
+    spec:
+      joinConfiguration:
+        nodeRegistration: {}
diff --git a/examples/capi-quickstart/cluster.yaml b/examples/capi-quickstart/cluster.yaml
@@ -0,0 +1,45 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  labels:
+    capiext.labs.d2iq.io/cni: calico
+  name: capi-quickstart
+  namespace: default
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+        - 192.168.0.0/16
+    serviceDomain: cluster.local
+    services:
+      cidrBlocks:
+        - 10.128.0.0/12
+  topology:
+    class: quick-start
+    controlPlane:
+      metadata: {}
+      replicas: 1
+    variables:
+      - name: imageRepository
+        value: ""
+      - name: etcdImageTag
+        value: ""
+      - name: coreDNSImageTag
+        value: ""
+      - name: podSecurityStandard
+        value:
+          audit: restricted
+          enabled: true
+          enforce: baseline
+          warn: restricted
+      - name: clusterConfig
+        value: {}
+    version: v1.27.5
+    workers:
+      machineDeployments:
+        - class: default-worker
+          name: md-0
+          replicas: 1
diff --git a/make/all.mk b/make/all.mk
@@ -20,3 +20,4 @@ include $(INCLUDE_DIR)clusterctl.mk
 include $(INCLUDE_DIR)flux.mk
 include $(INCLUDE_DIR)dev.mk
 include $(INCLUDE_DIR)helm.mk
+include $(INCLUDE_DIR)examples.mk
diff --git a/make/examples.mk b/make/examples.mk
@@ -0,0 +1,40 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+
+KUBERNETES_VERSION ?= v1.27.5
+
+# gojq mutations:
+# - ClusterClass: 	Add cluster-config external patch
+#
+# - Cluster: 		Add CNI label
+# - Cluster: 		Add an empty clusterConfig variable
+.PHONY: examples.sync
+examples.sync: ## Syncs the examples by fetching upstream examples using clusterclt and applying gojq mutations
+examples.sync: export KUBECONFIG := $(KIND_KUBECONFIG)
+examples.sync: kind.create clusterctl.init
+	mkdir -p examples/capi-quickstart
+	# Sync ClusterClass and all Templates
+	clusterctl generate cluster capi-quickstart \
+      --flavor development \
+      --kubernetes-version $(KUBERNETES_VERSION) \
+      --control-plane-machine-count=1 \
+      --worker-machine-count=1 | \
+    gojq --yaml-input --yaml-output \
+      '. | (select(.kind=="ClusterClass").spec.patches|= .+ [{"name": "cluster-config", "external": {"generateExtension": "clusterconfigpatch.capi-runtime-extensions", "discoverVariablesExtension": "clusterconfigvars.capi-runtime-extensions"}}])' | \
+    gojq --yaml-input --yaml-output \
+      '. | select(.kind != "Cluster")' | \
+    gojq --yaml-input --yaml-output '.' > examples/capi-quickstart/cluster-class.yaml
+    # Sync Cluster
+	clusterctl generate cluster capi-quickstart \
+      --flavor development \
+      --kubernetes-version $(KUBERNETES_VERSION) \
+      --control-plane-machine-count=1 \
+      --worker-machine-count=1 | \
+    gojq --yaml-input --yaml-output \
+      '. | (select(.kind=="Cluster").metadata.labels["capiext.labs.d2iq.io/cni"]|="calico")' | \
+    gojq --yaml-input --yaml-output \
+    	'. | (select(.kind=="Cluster").spec.topology.variables|= .+ [{"name": "clusterConfig", "value": {}}])' | \
+    gojq --yaml-input --yaml-output \
+      '. | select(.kind == "Cluster")' | \
+    gojq --yaml-input --yaml-output '.' > examples/capi-quickstart/cluster.yaml
