feat: Create default configmaps via charts to make configurable

Author: jimmidyson

.gitignore

@@ -19,7 +19,7 @@ openapi_violations.report
 .idea/
 
 #ignore report files generated by unittest
-*/pkg/**/junit_node*.xml
+**/pkg/**/junit_node*.xml
 
 dist/
 .local/

.go-tools

@@ -1,2 +1,2 @@
 github.com/oligot/[email protected]
-sigs.k8s.io/controller-runtime/tools/[email protected]20230611165747-7edfc04cacbd
+sigs.k8s.io/controller-runtime/tools/[email protected]20230817155522-304027bcbe4b

charts/capi-runtime-extensions/README.md

@@ -31,6 +31,13 @@ A Helm chart for capi-runtime-extensions
 | controllers.enableLeaderElection | bool | `false` |  |
 | deployment.replicas | int | `1` |  |
 | env | object | `{}` |  |
+| handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | string | `nil` |  |
+| handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name | string | `"calico-cni-installation-dockercluster"` |  |
+| handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.create | bool | `true` |  |
+| handlers.CalicoCNI.defaultPodSubnet | string | `"192.168.0.0/16"` |  |
+| handlers.CalicoCNI.defaultTigeraOperatorConfigMap.name | string | `"tigera-operator"` |  |
+| handlers.CalicoCNI.enabled | bool | `true` |  |
+| handlers.ServiceLoadBalancerGC.enabled | bool | `true` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/d2iq-labs/capi-runtime-extensions"` |  |
 | image.tag | string | `""` |  |

charts/capi-runtime-extensions/templates/cni/calico/manifests/docker/installation.yaml

@@ -0,0 +1,35 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if and .Values.handlers.CalicoCNI.enabled .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: '{{ .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name }}'
+data:
+  calico-installation: |
+{{- if .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content -}}
+    {{ .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | nindent 4}}
+{{- else -}}
+    # This section includes base Calico installation configuration.
+    # For more information, see: https://docs.projectcalico.org/reference/installation/api
+    apiVersion: operator.tigera.io/v1
+    kind: Installation
+    metadata:
+      name: default
+    spec:
+      cni:
+        type: Calico
+      # Configures Calico networking.
+      calicoNetwork:
+        # Note: The ipPools section cannot be modified post-install.
+        ipPools:
+        - blockSize: 26
+          cidr: {{ .Values.handlers.CalicoCNI.defaultPodSubnet }}
+          encapsulation: VXLANCrossSubnet
+          natOutgoing: Enabled
+          nodeSelector: all()
+      nodeMetricsPort: 9091
+      typhaMetricsPort: 9093
+{{- end -}}
+{{- end -}}

pkg/handlers/cni/calico/manifests/tigera-operator-configmap.yaml renamed to charts/capi-runtime-extensions/templates/cni/calico/manifests/tigera-operator-configmap.yaml

@@ -8,4 +8,4 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: tigera-operator
+  name: '{{ .Values.handlers.CalicoCNI.defaultTigeraOperatorConfigMap.name }}'

charts/capi-runtime-extensions/templates/deployment.yaml

@@ -27,20 +27,28 @@ spec:
       - name: webhook
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default $.Chart.AppVersion }}"
         imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-{{- if .Values.env }}
-        env:
-{{- range $key, $value := .Values.env }}
-        - name: "{{ $key }}"
-          value: "{{ $value }}"
-{{- end }}
-{{- end }}
         args:
         - --controllermanager.cert-dir=/controllers-certs/
         - --controllermanager.leader-elect={{ if gt (.Values.deployment.replicas | int) 1 }}true{{ else }}{{ .Values.controllers.enableLeaderElection }}{{ end }}
         - --runtimehooks.cert-dir=/runtimehooks-certs/
+        {{- range $key, $value := .Values.handlers }}{{ if $value.enabled }}
+        - --runtimehooks.enabled-handlers={{ $key }}
+        {{ end }}{{- end }}
+        - --runtimehooks.calicocni.defaultsNamespace=$(POD_NAMESPACE)
         {{- range $key, $value := .Values.extraArgs }}
         - --{{ $key }}={{ $value }}
         {{- end }}
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+{{- if .Values.env }}
+{{- range $key, $value := .Values.env }}
+        - name: "{{ $key }}"
+          value: "{{ $value }}"
+{{- end }}
+{{- end }}
         ports:
         - containerPort: 8443
           name: controllers

charts/capi-runtime-extensions/values.schema.json

@@ -45,6 +45,68 @@
       "type": "object",
       "additionalProperties": { "type": "string" }
     },
+    "handlers": {
+      "type": "object",
+      "properties": {
+        "CalicoCNI": {
+          "type": "object",
+          "properties": {
+            "defaultInstallationConfigMaps": {
+              "type": "object",
+              "properties": {
+                "DockerCluster": {
+                  "type": "object",
+                  "properties": {
+                    "configMap": {
+                      "type": "object",
+                      "properties": {
+                        "content": {
+                          "type": "string"
+                        },
+                        "name": {
+                          "type": "string"
+                        }
+                      },
+                      "required": ["name"]
+                    },
+                    "create": {
+                      "type": "boolean",
+                      "default": true
+                    }
+                  }
+                }
+              }
+            },
+            "defaultPodSubnet": {
+              "type": "string",
+              "default": "192.168.0.0/16"
+            },
+            "defaultTigeraOperatorConfigMap": {
+              "type": "object",
+              "properties": {
+                "name": {
+                  "type": "string"
+                }
+              },
+              "required": ["name"]
+            },
+            "enabled": {
+              "type": "boolean",
+              "default": true
+            }
+          }
+        },
+        "ServiceLoadBalancerGC": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "type": "boolean",
+              "default": true
+            }
+          }
+        }
+      }
+    },
     "image": {
       "type": "object",
       "properties": {

charts/capi-runtime-extensions/values.yaml

@@ -1,6 +1,21 @@
 # Copyright 2023 D2iQ, Inc. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 
+handlers:
+  CalicoCNI:
+    enabled: true
+    defaultPodSubnet: 192.168.0.0/16
+    defaultTigeraOperatorConfigMap:
+      name: tigera-operator
+    defaultInstallationConfigMaps:
+      DockerCluster:
+        create: true
+        configMap:
+          name: calico-cni-installation-dockercluster
+          content:
+  ServiceLoadBalancerGC:
+    enabled: true
+
 deployment:
   replicas: 1
 

devbox.lock

@@ -14,16 +14,16 @@
       "version": "3.8.0"
     },
     "clusterctl@latest": {
-      "last_modified": "2023-07-23T03:35:12Z",
-      "resolved": "github:NixOS/nixpkgs/af8cd5ded7735ca1df1a1174864daab75feeb64a#clusterctl",
+      "last_modified": "2023-08-08T03:07:33Z",
+      "resolved": "github:NixOS/nixpkgs/844ffa82bbe2a2779c86ab3a72ff1b4176cec467#clusterctl",
       "source": "devbox-search",
-      "version": "1.4.4"
+      "version": "1.5.0"
     },
     "crane@latest": {
-      "last_modified": "2023-06-30T04:44:22Z",
-      "resolved": "github:NixOS/nixpkgs/3c614fbc76fc152f3e1bc4b2263da6d90adf80fb#crane",
+      "last_modified": "2023-08-08T03:07:33Z",
+      "resolved": "github:NixOS/nixpkgs/844ffa82bbe2a2779c86ab3a72ff1b4176cec467#crane",
       "source": "devbox-search",
-      "version": "0.15.2"
+      "version": "0.16.1"
     },
     "envsubst@latest": {
       "last_modified": "2023-06-30T04:44:22Z",
@@ -140,10 +140,10 @@
       "version": "3.11.1"
     },
     "kubectl@latest": {
-      "last_modified": "2023-06-30T04:44:22Z",
-      "resolved": "github:NixOS/nixpkgs/3c614fbc76fc152f3e1bc4b2263da6d90adf80fb#kubectl",
+      "last_modified": "2023-08-08T03:07:33Z",
+      "resolved": "github:NixOS/nixpkgs/844ffa82bbe2a2779c86ab3a72ff1b4176cec467#kubectl",
       "source": "devbox-search",
-      "version": "1.27.3"
+      "version": "1.27.4"
     },
     "kubernetes-controller-tools@latest": {
       "last_modified": "2023-07-23T03:35:12Z",
@@ -170,8 +170,8 @@
       "version": "3.3.3"
     },
     "shfmt@latest": {
-      "last_modified": "2023-06-30T04:44:22Z",
-      "resolved": "github:NixOS/nixpkgs/3c614fbc76fc152f3e1bc4b2263da6d90adf80fb#shfmt",
+      "last_modified": "2023-08-08T03:07:33Z",
+      "resolved": "github:NixOS/nixpkgs/844ffa82bbe2a2779c86ab3a72ff1b4176cec467#shfmt",
       "source": "devbox-search",
       "version": "3.7.0"
     },

go.mod

@@ -15,6 +15,7 @@ require (
 	k8s.io/client-go v0.28.0
 	k8s.io/component-base v0.28.0
 	k8s.io/klog/v2 v2.100.1
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
 	sigs.k8s.io/cluster-api v1.5.0
 	sigs.k8s.io/controller-runtime v0.15.1
 )
@@ -72,7 +73,6 @@ require (
 	k8s.io/apiextensions-apiserver v0.27.2 // indirect
 	k8s.io/cluster-bootstrap v0.27.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
-	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect

hack/addons/update-calico-manifests.sh

@@ -22,15 +22,21 @@ curl -fsSL "https://raw.githubusercontent.com/projectcalico/calico/${CALICO_VERS
 
 readonly KUSTOMIZATION_DIR=${SCRIPT_DIR}/kustomize/tigera-operator
 cp -r "${KUSTOMIZATION_DIR}"/* "${CALICO_CNI_ASSETS_DIR}"
-kustomize --load-restrictor=LoadRestrictionsNone build "${CALICO_CNI_ASSETS_DIR}" -o "${CALICO_CNI_ASSETS_DIR}/kustomized.yaml"
+kustomize --load-restrictor=LoadRestrictionsNone build "${CALICO_CNI_ASSETS_DIR}" \
+  -o "${CALICO_CNI_ASSETS_DIR}/kustomized.yaml"
 
 # The operator manifest in YAML format is pretty big. It turns out that much of that is whitespace. Converting the
 # manifest to JSON without indentation allows us to remove most of the whitespace, reducing the size by more than half.
 #
 # Some important notes:
-# 1. The YAML manifest includes many documents, and the documents must become elements in a JSON array in order for the ClusterResourceController to [parse them](https://github.com/mesosphere/cluster-api//blob/65586de0080a960d085031de87ec627b2d606a6b/exp/addons/internal/controllers/clusterresourceset_helpers.go#L59). We create a JSON array with the --slurp flag.
-# 2. The YAML manifest has some whitespace between YAML document markers (`---`), and these become `null` entries in the JSON array. This causes the ["SortForCreate" subroutine](https://github.com/mesosphere/cluster-api//blob/65586de0080a960d085031de87ec627b2d606a6b/exp/addons/internal/controllers/clusterresourceset_helpers.go#L84) of the ClusterResourceSet controller to misbehave. We remove these null entries using a filter expression.
-# 3. If we indent the JSON document, it is nearly as large as the YAML document, at 1099093 bytes. We remove indentation with the --indent=0 flag.
+# 1. The YAML manifest includes many documents, and the documents must become elements in a JSON array in order for the
+#    ClusterResourceController to [parse them](https://github.com/mesosphere/cluster-api//blob/65586de0080a960d085031de87ec627b2d606a6b/exp/addons/internal/controllers/clusterresourceset_helpers.go#L59).
+#    We create a JSON array with the --slurp flag.
+# 2. The YAML manifest has some whitespace between YAML document markers (`---`), and these become `null` entries in the
+#    JSON array. This causes the ["SortForCreate" subroutine](https://github.com/mesosphere/cluster-api//blob/65586de0080a960d085031de87ec627b2d606a6b/exp/addons/internal/controllers/clusterresourceset_helpers.go#L84)
+#    of the ClusterResourceSet controller to misbehave. We remove these null entries using a filter expression.
+# 3. If we indent the JSON document, it is nearly as large as the YAML document, at 1099093 bytes. We remove indentation
+#    with the --indent=0 flag.
 gojq --yaml-input \
   --slurp \
   --indent=0 \
@@ -43,6 +49,6 @@ gojq --yaml-input \
   <"${CALICO_CNI_ASSETS_DIR}/kustomized.yaml" \
   >"${CALICO_CNI_ASSETS_DIR}/tigera-operator.json"
 
-kubectl create configmap tigera-operator --dry-run=client --output yaml \
+kubectl create configmap "{{ .Values.handlers.CalicoCNI.defaultTigeraOperatorConfigMap.name }}" --dry-run=client --output yaml \
   --from-file "${CALICO_CNI_ASSETS_DIR}/tigera-operator.json" \
-  >"${GIT_REPO_ROOT}/pkg/handlers/cni/calico/manifests/tigera-operator-configmap.yaml"
+  >"${GIT_REPO_ROOT}/charts/capi-runtime-extensions/templates/cni/calico/manifests/tigera-operator-configmap.yaml"