feat: Add Flux addons provider (#22)

Author: jimmidyson

.github/dependabot.yml

@@ -18,6 +18,8 @@ updates:
         update-types: ["version-update:semver-major", "version-update:semver-minor"]
       - dependency-name: k8s.io/*
         update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: github.com/fluxcd/*
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
 
   - package-ecosystem: "github-actions"
     directory: "/"

.tool-versions

@@ -1,4 +1,5 @@
 clusterctl 1.3.3
+flux2 0.39.0
 gcloud 416.0.0
 gcloud 416.0.0
 ginkgo 2.8.0

README.md

@@ -16,6 +16,20 @@ make dev.run-on-kind
 eval $(make kind.kubeconfig)
 ```
 
+By default this will use the `ClusterResourceSet` addons provider. To use the `FluxHelmRelease` addons provider run:
+
+```shell
+make ADDONS_PROVIDER=FluxHelmRelease dev.run-on-kind
+eval $(make kind.kubeconfig)
+```
+
+Pro-tip: to redeploy without rebuilding the binaries, images, etc (useful if you have only changed the Helm chart for
+example), run:
+
+```shell
+make SKIP_BUILD=true dev.run-on-kind
+```
+
 To create a cluster with [clusterctl](https://cluster-api.sigs.k8s.io/user/quick-start.html), run:
 
 ```shell
@@ -25,7 +39,7 @@ clusterctl generate cluster capi-quickstart \
   --control-plane-machine-count=1 \
   --worker-machine-count=1 | \
   gojq --yaml-input --yaml-output --slurp \
-    '.[] | (select( .kind=="Cluster").metadata.labels += {"capi-runtime-extensions.d2iq-labs.com/cni": "calico"})' \
+    '.[] | (select( .kind=="Cluster").metadata.labels += {"capi-runtime-extensions.d2iq-labs.com/cni": "calico"})' | \
   kubectl apply -f -
 ```
 

charts/capi-runtime-extensions/README.md

@@ -25,13 +25,14 @@ A Helm chart for capi-runtime-extensions
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| addons.provider | string | `"ClusterResourceSet"` |  |
 | certificate.issuer.kind | string | `"Issuer"` |  |
-| certificate.issuer.name | string | `nil` |  |
+| certificate.issuer.name | string | `""` |  |
 | certificate.issuer.selfSigned | bool | `true` |  |
 | env | object | `{}` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/d2iq-labs/capi-runtime-extensions"` |  |
-| image.tag | string | `nil` |  |
+| image.tag | string | `""` |  |
 | imagePullSecrets | list | `[]` | Optional secrets used for pulling the container image |
 | nodeSelector | object | `{}` |  |
 | priorityClassName | string | `""` | Optional priority class to be used for the pod. |

charts/capi-runtime-extensions/templates/clusterrole.yaml

@@ -9,7 +9,7 @@ metadata:
   name: {{ include "chart.name" . }}
 rules:
 - apiGroups: [""]
-  resources: ["configmaps"]
+  resources: ["namespaces", "configmaps", "secrets"]
   verbs: ["watch", "list", "get", "create", "patch", "update", "delete"]
 - apiGroups:
     - addons.cluster.x-k8s.io
@@ -21,3 +21,11 @@ rules:
     - runtime.cluster.x-k8s.io
   resources: ["*"]
   verbs: ["watch", "list", "get", "create", "patch", "update", "delete"]
+- apiGroups:
+    - source.toolkit.fluxcd.io
+  resources: ["helmrepositories"]
+  verbs: ["watch", "list", "get", "create", "patch", "update", "delete"]
+- apiGroups:
+    - helm.toolkit.fluxcd.io
+  resources: ["helmreleases"]
+  verbs: ["watch", "list", "get", "create", "patch", "update", "delete"]

charts/capi-runtime-extensions/templates/deployment.yaml

@@ -36,6 +36,7 @@ spec:
 {{- end }}
         args:
         - --webhook-cert-dir=/certs/
+        - --addon-provider={{ .Values.addons.provider }}
         {{- range $key, $value := .Values.extraArgs }}
         - --{{ $key }}={{ $value }}
         {{- end }}

charts/capi-runtime-extensions/values.schema.json

@@ -0,0 +1,115 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "addons": {
+            "type": "object",
+            "properties": {
+                "provider": {
+                    "type": "string",
+                    "enum": ["ClusterResourceSet", "FluxHelmRelease"]
+                }
+            }
+        },
+        "certificate": {
+            "type": "object",
+            "properties": {
+                "issuer": {
+                    "type": "object",
+                    "properties": {
+                        "kind": {
+                            "type": "string",
+                            "enum": ["Issuer", "ClusterIssuer"],
+                            "default": "Issuer"
+                        },
+                        "name": {
+                            "type": "string"
+                        },
+                        "selfSigned": {
+                            "type": "boolean"
+                        }
+                    }
+                }
+            }
+        },
+        "env": {
+            "type": "object"
+        },
+        "image": {
+            "type": "object",
+            "properties": {
+                "pullPolicy": {
+                    "type": "string",
+                    "default": "IfNotPresent"
+                },
+                "repository": {
+                    "type": "string"
+                },
+                "tag": {
+                    "type": "string"
+                }
+            }
+        },
+        "imagePullSecrets": {
+            "type": "array"
+        },
+        "nodeSelector": {
+            "type": "object"
+        },
+        "priorityClassName": {
+            "type": "string"
+        },
+        "resources": {
+            "type": "object",
+            "properties": {
+                "limits": {
+                    "type": "object",
+                    "properties": {
+                        "cpu": {
+                            "type": "string"
+                        },
+                        "memory": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "requests": {
+                    "type": "object",
+                    "properties": {
+                        "cpu": {
+                            "type": "string"
+                        },
+                        "memory": {
+                            "type": "string"
+                        }
+                    }
+                }
+            }
+        },
+        "securityContext": {
+            "type": "object",
+            "properties": {
+                "runAsUser": {
+                    "type": "integer"
+                }
+            }
+        },
+        "service": {
+            "type": "object",
+            "properties": {
+                "annotations": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "type": {
+                    "type": "string"
+                }
+            }
+        },
+        "tolerations": {
+            "type": "array"
+        }
+    }
+}

charts/capi-runtime-extensions/values.yaml

@@ -1,9 +1,12 @@
 # Copyright 2023 D2iQ, Inc. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 
+addons:
+  provider: ClusterResourceSet
+
 image:
   repository: ghcr.io/d2iq-labs/capi-runtime-extensions
-  tag:
+  tag: ""
   pullPolicy: IfNotPresent
 
 # -- Optional secrets used for pulling the container image
@@ -13,7 +16,7 @@ imagePullSecrets: []
 certificate:
   issuer:
     selfSigned: true
-    name:
+    name: ""
     kind: Issuer
 
 env: {}

cmd/capi-runtime-extensions/flags.go

@@ -0,0 +1,47 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/spf13/pflag"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/lifecycle"
+)
+
+type addonProviderValue lifecycle.AddonProvider
+
+func (v addonProviderValue) String() string {
+	return string(v)
+}
+
+func (v *addonProviderValue) Set(value string) error {
+	switch lifecycle.AddonProvider(value) {
+	case lifecycle.ClusterResourceSetAddonProvider, lifecycle.FluxHelmReleaseAddonProvider:
+		break
+	default:
+		return fmt.Errorf(
+			"invalid addon provider: %q (must be one of %v)",
+			value,
+			[]string{
+				string(lifecycle.ClusterResourceSetAddonProvider),
+				string(lifecycle.FluxHelmReleaseAddonProvider),
+			},
+		)
+	}
+
+	*v = addonProviderValue(value)
+
+	return nil
+}
+
+func (*addonProviderValue) Type() string {
+	return "addonProvider"
+}
+
+func newAddonProviderValue(val lifecycle.AddonProvider, p *lifecycle.AddonProvider) pflag.Value {
+	*p = val
+	return (*addonProviderValue)(p)
+}

cmd/capi-runtime-extensions/main.go

@@ -5,6 +5,7 @@ package main
 
 import (
 	"flag"
+	"fmt"
 	"net/http"
 	"os"
 	"time"
@@ -31,6 +32,7 @@ var (
 	profilerAddress string
 	webhookPort     int
 	webhookCertDir  string
+	addonProvider   lifecycle.AddonProvider
 	logOptions      = logs.NewOptions()
 )
 
@@ -49,6 +51,18 @@ func InitFlags(fs *pflag.FlagSet) {
 
 	fs.StringVar(&webhookCertDir, "webhook-cert-dir", "/tmp/k8s-webhook-server/serving-certs/",
 		"Webhook cert dir, only used when webhook-port is specified.")
+
+	fs.Var(newAddonProviderValue(
+		lifecycle.ClusterResourceSetAddonProvider, &addonProvider),
+		"addon-provider",
+		fmt.Sprintf(
+			"addon provider (one of %v)",
+			[]string{
+				string(lifecycle.ClusterResourceSetAddonProvider),
+				string(lifecycle.FluxHelmReleaseAddonProvider),
+			},
+		),
+	)
 }
 
 func main() {
@@ -114,7 +128,7 @@ func main() {
 	}
 
 	// Create the ExtensionHandlers for the lifecycle hooks
-	lifecycleExtensionHandlers := lifecycle.NewExtensionHandlers(client)
+	lifecycleExtensionHandlers := lifecycle.NewExtensionHandlers(addonProvider, client)
 
 	// Register extension handlers.
 	if err := webhookServer.AddExtensionHandler(server.ExtensionHandler{

go.mod

@@ -6,6 +6,9 @@ module github.com/d2iq-labs/capi-runtime-extensions
 go 1.20
 
 require (
+	github.com/fluxcd/helm-controller/api v0.28.1
+	github.com/fluxcd/pkg/apis/meta v0.18.0
+	github.com/fluxcd/source-controller/api v0.33.0
 	github.com/spf13/pflag v1.0.5
 	k8s.io/apimachinery v0.25.6
 	k8s.io/component-base v0.25.6
@@ -14,6 +17,13 @@ require (
 	sigs.k8s.io/controller-runtime v0.13.1
 )
 
+require (
+	github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect
+	github.com/fluxcd/pkg/apis/kustomize v0.7.0 // indirect
+	github.com/onsi/gomega v1.24.1 // indirect
+	k8s.io/cluster-bootstrap v0.25.6 // indirect
+)
+
 require (
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -79,12 +89,12 @@ require (
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.25.6 // indirect
-	k8s.io/apiextensions-apiserver v0.25.0 // indirect
+	k8s.io/api v0.25.6
+	k8s.io/apiextensions-apiserver v0.25.6
 	k8s.io/client-go v0.25.6 // indirect
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	sigs.k8s.io/yaml v1.3.0
 )