feat: deploy Calico with ClusterResourceSet

.tool-versions

@@ -10,3 +10,4 @@ pre-commit 3.0.2
 shfmt 3.6.0
 upx 4.0.2
 gcloud 416.0.0
+kubectl 1.26.1

cmd/capi-runtime-extensions/main.go

@@ -4,7 +4,6 @@
 package main
 
 import (
-	"context"
 	"flag"
 	"net/http"
 	"os"
@@ -19,6 +18,9 @@ import (
 	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
 	"sigs.k8s.io/cluster-api/exp/runtime/server"
 	ctrl "sigs.k8s.io/controller-runtime"
+	ctrclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/lifecycle"
 )
 
 var (
@@ -96,19 +98,53 @@ func main() {
 		os.Exit(1)
 	}
 
+	// Lifecycle Hooks
+
+	// Gets a client to access the Kubernetes cluster where this RuntimeExtension will be deployed to
+	restConfig, err := ctrl.GetConfig()
+	if err != nil {
+		setupLog.Error(err, "error getting config for the cluster")
+		os.Exit(1)
+	}
+
+	client, err := ctrclient.New(restConfig, ctrclient.Options{})
+	if err != nil {
+		setupLog.Error(err, "error creating client to the cluster")
+		os.Exit(1)
+	}
+
+	// Create the ExtensionHandlers for the lifecycle hooks
+	lifecycleExtensionHandlers := lifecycle.NewExtensionHandlers(client)
+
 	// Register extension handlers.
 	if err := webhookServer.AddExtensionHandler(server.ExtensionHandler{
 		Hook:        runtimehooksv1.BeforeClusterCreate,
 		Name:        "before-cluster-create",
-		HandlerFunc: DoBeforeClusterCreate,
+		HandlerFunc: lifecycleExtensionHandlers.DoBeforeClusterCreate,
+	}); err != nil {
+		setupLog.Error(err, "error adding handler")
+		os.Exit(1)
+	}
+	if err := webhookServer.AddExtensionHandler(server.ExtensionHandler{
+		Hook:        runtimehooksv1.AfterControlPlaneInitialized,
+		Name:        "after-control-plane-initialized",
+		HandlerFunc: lifecycleExtensionHandlers.DoAfterControlPlaneInitialized,
 	}); err != nil {
 		setupLog.Error(err, "error adding handler")
 		os.Exit(1)
 	}
 	if err := webhookServer.AddExtensionHandler(server.ExtensionHandler{
 		Hook:        runtimehooksv1.BeforeClusterUpgrade,
 		Name:        "before-cluster-upgrade",
-		HandlerFunc: DoBeforeClusterUpgrade,
+		HandlerFunc: lifecycleExtensionHandlers.DoBeforeClusterUpgrade,
+	}); err != nil {
+		setupLog.Error(err, "error adding handler")
+		os.Exit(1)
+	}
+	if err := webhookServer.AddExtensionHandler(server.ExtensionHandler{
+		Hook:        runtimehooksv1.BeforeClusterDelete,
+		Name:        "before-cluster-delete",
+		HandlerFunc: lifecycleExtensionHandlers.DoBeforeClusterDelete,
 	}); err != nil {
 		setupLog.Error(err, "error adding handler")
 		os.Exit(1)
@@ -124,23 +160,3 @@ func main() {
 		os.Exit(1)
 	}
 }
-
-func DoBeforeClusterCreate(
-	ctx context.Context,
-	request *runtimehooksv1.BeforeClusterCreateRequest,
-	response *runtimehooksv1.BeforeClusterCreateResponse,
-) {
-	log := ctrl.LoggerFrom(ctx)
-	log.Info("BeforeClusterCreate is called")
-	// Your implementation
-}
-
-func DoBeforeClusterUpgrade(
-	ctx context.Context,
-	request *runtimehooksv1.BeforeClusterUpgradeRequest,
-	response *runtimehooksv1.BeforeClusterUpgradeResponse,
-) {
-	log := ctrl.LoggerFrom(ctx)
-	log.Info("BeforeClusterUpgrade is called")
-	// Your implementation
-}

config/certmanager/certificate.yaml

@@ -18,8 +18,8 @@ spec:
   # $(SERVICE_NAME) will be substituted by kustomize
   # $(SERVICE_NAMESPACE) will be substituted on deployment
   dnsNames:
-  - $(SERVICE_NAME).${SERVICE_NAMESPACE}.svc
-  - $(SERVICE_NAME).${SERVICE_NAMESPACE}.svc.cluster.local
+  - $(SERVICE_NAME).default.svc
+  - $(SERVICE_NAME).default.svc.cluster.local
   # for local testing.
   - localhost
   issuerRef:

config/default/extension.yaml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - command:
-        - /manager
+        - /usr/local/bin/capi-runtime-extensions
         image: controller:latest
         name: extension
       terminationGracePeriodSeconds: 10

config/default/extension_config.yaml

@@ -0,0 +1,15 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: runtime.cluster.x-k8s.io/v1alpha1
+kind: ExtensionConfig
+metadata:
+  annotations:
+    runtime.cluster.x-k8s.io/inject-ca-from-secret: default/test-extension-webhook-service-cert
+  name: test-extension
+spec:
+  clientConfig:
+    service:
+      name: test-extension-webhook-service
+      namespace: default
+      port: 443

config/default/extension_image_patch.yaml

@@ -9,6 +9,5 @@ spec:
   template:
     spec:
       containers:
-      # FIXME replace with d2iq image
-      - image: dkoshkin/capi-runtime-extensions:latest
+      - image: ghcr.io/d2iq-labs/capi-runtime-extensions:v0.1.0-dev
         name: extension

config/default/kustomization.yaml

@@ -9,6 +9,7 @@ resources:
 - role.yaml
 - rolebinding.yaml
 - service_account.yaml
+- extension_config.yaml
 
 bases:
 - ../certmanager

config/default/rolebinding.yaml

@@ -12,4 +12,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: test-extension
-    namespace: ${SERVICE_NAMESPACE}
+    namespace: default

go.mod

@@ -7,46 +7,65 @@ go 1.19
 
 require (
 	github.com/spf13/pflag v1.0.5
+	k8s.io/apimachinery v0.25.0
 	k8s.io/component-base v0.25.0
 	k8s.io/klog/v2 v2.90.0
 	sigs.k8s.io/cluster-api v1.3.3
 	sigs.k8s.io/controller-runtime v0.13.1
 )
 
 require (
+	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/logr v1.2.3
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gobuffalo/flect v0.3.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-github/v45 v45.2.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/spf13/afero v1.9.2 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/cobra v1.6.1 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/viper v1.13.0 // indirect
+	github.com/subosito/gotenv v1.4.1 // indirect
+	golang.org/x/crypto v0.3.0 // indirect
 	golang.org/x/net v0.4.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
 	golang.org/x/sys v0.3.0 // indirect
@@ -57,11 +76,11 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.25.0 // indirect
 	k8s.io/apiextensions-apiserver v0.25.0 // indirect
-	k8s.io/apimachinery v0.25.0 // indirect
 	k8s.io/client-go v0.25.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect