Merge pull request #4725 from muraee/rosa-machine-mgmt

✨ ROSA machinePools support

Author: k8s-ci-robot

config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml

@@ -72,6 +72,18 @@ spec:
                 type: object
               creatorARN:
                 type: string
+              credentialsSecretRef:
+                description: 'CredentialsSecretRef references a secret with necessary
+                  credentials to connect to the OCM API. The secret should contain
+                  the following data keys: - ocmToken: eyJhbGciOiJIUzI1NiIsI.... -
+                  ocmApiUrl: Optional, defaults to ''https://api.openshift.com'''
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
               installerRoleARN:
                 type: string
               machineCIDR:
@@ -237,6 +249,17 @@ spec:
                 - nodePoolManagementARN
                 - storageARN
                 type: object
+              rosaClusterName:
+                description: Cluster name must be valid DNS-1035 label, so it must
+                  consist of lower case alphanumeric characters or '-', start with
+                  an alphabetic character, end with an alphanumeric character and
+                  have a max length of 15 characters.
+                maxLength: 15
+                pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$
+                type: string
+                x-kubernetes-validations:
+                - message: rosaClusterName is immutable
+                  rule: self == oldSelf
               subnets:
                 description: The Subnet IDs to use when installing the cluster. SubnetIDs
                   should come in pairs; two per availability zone, one private and
@@ -249,6 +272,8 @@ spec:
               version:
                 description: Openshift version, for example "openshift-v4.12.15".
                 type: string
+              workerRoleARN:
+                type: string
             required:
             - accountID
             - availabilityZones
@@ -258,9 +283,11 @@ spec:
             - oidcID
             - region
             - rolesRef
+            - rosaClusterName
             - subnets
             - supportRoleARN
             - version
+            - workerRoleARN
             type: object
           status:
             properties:
@@ -320,6 +347,9 @@ spec:
                 description: ErrorMessage indicates that there is a terminal problem
                   reconciling the state, and will be set to a descriptive error message.
                 type: string
+              id:
+                description: ID is the cluster ID given by ROSA.
+                type: string
               initialized:
                 description: Initialized denotes whether or not the control plane
                   has the uploaded kubernetes config-map.

config/crd/bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml

@@ -0,0 +1,168 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.1
+  name: rosamachinepools.infrastructure.cluster.x-k8s.io
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: ROSAMachinePool
+    listKind: ROSAMachinePoolList
+    plural: rosamachinepools
+    shortNames:
+    - rosamp
+    singular: rosamachinepool
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: MachinePool ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: Number of replicas
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: ROSAMachinePool is the Schema for the rosamachinepools API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RosaMachinePoolSpec defines the desired state of RosaMachinePool.
+            properties:
+              autoRepair:
+                default: false
+                description: AutoRepair specifies whether health checks should be
+                  enabled for machines in the NodePool. The default is false.
+                type: boolean
+              autoscaling:
+                description: Autoscaling specifies auto scaling behaviour for this
+                  MachinePool. required if Replicas is not configured
+                properties:
+                  maxReplicas:
+                    minimum: 1
+                    type: integer
+                  minReplicas:
+                    minimum: 1
+                    type: integer
+                type: object
+              availabilityZone:
+                description: AvailabilityZone is an optinal field specifying the availability
+                  zone where instances of this machine pool should run For Multi-AZ
+                  clusters, you can create a machine pool in a Single-AZ of your choice.
+                type: string
+              instanceType:
+                description: InstanceType specifies the AWS instance type
+                type: string
+              labels:
+                additionalProperties:
+                  type: string
+                description: Labels specifies labels for the Kubernetes node objects
+                type: object
+              nodePoolName:
+                description: NodePoolName specifies the name of the nodepool in Rosa
+                  must be a valid DNS-1035 label, so it must consist of lower case
+                  alphanumeric and have a max length of 15 characters.
+                maxLength: 15
+                pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$
+                type: string
+                x-kubernetes-validations:
+                - message: nodepoolName is immutable
+                  rule: self == oldSelf
+              providerIDList:
+                description: ProviderIDList contain a ProviderID for each machine
+                  instance that's currently managed by this machine pool.
+                items:
+                  type: string
+                type: array
+              subnet:
+                type: string
+            required:
+            - nodePoolName
+            type: object
+          status:
+            description: RosaMachinePoolStatus defines the observed state of RosaMachinePool.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the managed
+                  machine pool
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              id:
+                description: ID is the ID given by ROSA.
+                type: string
+              ready:
+                default: false
+                description: Ready denotes that the RosaMachinePool nodepool has joined
+                  the cluster
+                type: boolean
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -23,6 +23,7 @@ resources:
 - bases/bootstrap.cluster.x-k8s.io_eksconfigtemplates.yaml
 - bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml
 - bases/infrastructure.cluster.x-k8s.io_rosaclusters.yaml
+- bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

config/rbac/role.yaml

@@ -378,3 +378,22 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - rosamachinenepools
+  verbs:
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - rosamachinenepools/status
+  verbs:
+  - get
+  - patch
+  - update

controlplane/rosa/api/v1beta2/conditions_consts.go

@@ -0,0 +1,24 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+
+const (
+	// ROSAControlPlaneReadyCondition condition reports on the successful reconciliation of ROSAControlPlane.
+	ROSAControlPlaneReadyCondition clusterv1.ConditionType = "ROSAControlPlaneReady"
+)

controlplane/rosa/api/v1beta2/rosacontrolplane_types.go

@@ -17,12 +17,23 @@ limitations under the License.
 package v1beta2
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
 type RosaControlPlaneSpec struct { //nolint: maligned
+	// Cluster name must be valid DNS-1035 label, so it must consist of lower case alphanumeric
+	// characters or '-', start with an alphabetic character, end with an alphanumeric character
+	// and have a max length of 15 characters.
+	//
+	// +immutable
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="rosaClusterName is immutable"
+	// +kubebuilder:validation:MaxLength:=15
+	// +kubebuilder:validation:Pattern:=`^[a-z]([-a-z0-9]*[a-z0-9])?$`
+	RosaClusterName string `json:"rosaClusterName"`
+
 	// The Subnet IDs to use when installing the cluster.
 	// SubnetIDs should come in pairs; two per availability zone, one private and one public.
 	Subnets []string `json:"subnets"`
@@ -55,6 +66,14 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 	CreatorARN       *string `json:"creatorARN"`
 	InstallerRoleARN *string `json:"installerRoleARN"`
 	SupportRoleARN   *string `json:"supportRoleARN"`
+	WorkerRoleARN    *string `json:"workerRoleARN"`
+
+	// CredentialsSecretRef references a secret with necessary credentials to connect to the OCM API.
+	// The secret should contain the following data keys:
+	// - ocmToken: eyJhbGciOiJIUzI1NiIsI....
+	// - ocmApiUrl: Optional, defaults to 'https://api.openshift.com'
+	// +optional
+	CredentialsSecretRef *corev1.LocalObjectReference `json:"credentialsSecretRef,omitempty"`
 }
 
 // AWSRolesRef contains references to various AWS IAM roles required for operators to make calls against the AWS API.
@@ -454,6 +473,9 @@ type RosaControlPlaneStatus struct {
 	FailureMessage *string `json:"failureMessage,omitempty"`
 	// Conditions specifies the cpnditions for the managed control plane
 	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
+
+	// ID is the cluster ID given by ROSA.
+	ID *string `json:"id,omitempty"`
 }
 
 // +kubebuilder:object:root=true