More support for cluster-api

.ko.yaml

@@ -0,0 +1,4 @@
+defaultLdflags:
+- -s -w
+- -X k8s.io/kops.Version={{.Env.VERSION}}
+- -X k8s.io/kops.GitVersion={{.Env.GITSHA}}

Makefile

@@ -54,6 +54,8 @@ unexport AZURE_CLIENT_ID AZURE_CLIENT_SECRET AZURE_STORAGE_ACCOUNT AZURE_SUBSCRI
 
 
 VERSION=$(shell tools/get_version.sh | grep VERSION | awk '{print $$2}')
+export VERSION
+
 IMAGE_TAG=$(shell tools/get_version.sh | grep IMAGE_TAG | awk '{print $$2}')
 
 KOPS_CI_VERSION:=$(shell grep 'KOPS_CI_VERSION\s*=' kops-version.go | awk '{print $$3}' | sed -e 's_"__g')
@@ -62,6 +64,7 @@ KOPS_CI_VERSION:=$(shell grep 'KOPS_CI_VERSION\s*=' kops-version.go | awk '{prin
 KOPS=${DIST}/$(shell go env GOOS)/$(shell go env GOARCH)/kops
 
 GITSHA := $(shell cd ${KOPS_ROOT}; git describe --always)
+export GITSHA
 
 # We lock the versions of our controllers also
 # We need to keep in sync with:

clusterapi/README.md

@@ -7,18 +7,20 @@ We plug in our own bootstrap provider with the goal of enabling cluster-api node
 *Note*: the name & zone matter, we need to match the values we'll create later in the CAPI resources.
 
 ```
-kops create cluster clusterapi.k8s.local --zones us-east4-a
-kops update cluster clusterapi.k8s.local --yes --admin
-kops validate cluster --wait=10m
+go run ./cmd/kops create cluster clusterapi.k8s.local --zones us-east4-a
+go run ./cmd/kops update cluster clusterapi.k8s.local --yes --admin
+go run ./cmd/kops validate cluster --wait=10m
 ```
 
-#cd cluster-api-provider-gcp
-#REGISTRY=${USER} make docker-build docker-push
-#REGISTRY=${USER} make install-management-cluster # Doesn't yet exist in capg
-
+# Install cert-manager
 
+```
+kubectl apply --server-side -f https://github.com/cert-manager/cert-manager/releases/download/v1.18.2/cert-manager.yaml
 
-# TODO: Install cert-manager
+kubectl wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager
+kubectl wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager-cainjector
+kubectl wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager-webhook
+```
 
 # Install CAPI and CAPG
 ```
@@ -29,7 +31,19 @@ kustomize build ${REPO_ROOT}/clusterapi/manifests/cluster-api-provider-gcp | kub
 
 # Install our CRDs
 ```
-kustomize build config | kubectl apply --server-side -f -
+kustomize build ${REPO_ROOT}/k8s | kubectl apply --server-side -f -
+kustomize build ${REPO_ROOT}/clusterapi/config | kubectl apply --server-side -f -
+```
+
+## Create our Cluster object
+```
+go run ./cmd/kops get cluster clusterapi.k8s.local -oyaml | kubectl apply --server-side -n kube-system -f -
+```
+
+## Create our instancegroup object
+
+```
+go run ./cmd/kops get ig nodes-us-east4-a --name clusterapi.k8s.local -oyaml | kubectl apply --server-side -n kube-system -f -
 ```
 
 # Remove any stuff left over from previous runs
@@ -39,8 +53,11 @@ kubectl delete gcpmachinetemplate --all
 ```
 
 ```
-# Very carefully create a MachineDeployment matching our configuration
-cat examples/manifest.yaml | IMAGE_ID=projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts GCP_NODE_MACHINE_TYPE=e2-medium KUBERNETES_VERSION=v1.28.6 WORKER_MACHINE_COUNT=1  GCP_ZONE=us-east4-a GCP_REGION=us-east4 GCP_NETWORK_NAME=clusterapi-k8s-local GCP_SUBNET=us-east4-clusterapi-k8s-local GCP_PROJECT=$(gcloud config get project) CLUSTER_NAME=clusterapi-k8s-local envsubst | kubectl apply --server-side -n kube-system -f -
+# Create a MachineDeployment matching our configuration
+go run ./cmd/kops toolbox clusterapi generate machinedeployment \
+  --cluster clusterapi.k8s.local \
+  --name clusterapi-k8s-local-md-0 \
+  --namespace kube-system | kubectl apply --server-side -n kube-system -f -
 ```
 
 # IMAGE_ID=projects/debian-cloud/global/images/family/debian-12 doesn't work with user-data (????)

clusterapi/controlplane/kops/api/v1beta1/kopscontrolplane_types.go

@@ -40,13 +40,64 @@ type KopsControlPlaneMachineTemplate struct {
 
 // KopsControlPlaneStatus defines the observed state of KopsControlPlane.
 type KopsControlPlaneStatus struct {
+	// initialization provides observations of the KopsControlPlane initialization process.
+	// NOTE: Fields in this struct are part of the Cluster API contract and are used to orchestrate initial Machine provisioning.
+	// +optional
+	Initialization KopsControlPlaneInitializationStatus `json:"initialization,omitempty,omitzero"`
+
+	// KopsControllerEndpoint represents the endpoints used to communicate with the control plane.
+	SystemEndpoints []SystemEndpoint `json:"systemEndpoints,omitempty"`
+}
+
+// KopsControlPlaneInitializationStatus provides observations of the KopsControlPlane initialization process.
+// +kubebuilder:validation:MinProperties=1
+type KopsControlPlaneInitializationStatus struct {
+	// controlPlaneInitialized is true when the KopsControlPlane provider reports that the Kubernetes control plane is initialized;
+	// A control plane is considered initialized when it can accept requests, no matter if this happens before
+	// the control plane is fully provisioned or not.
+	// NOTE: this field is part of the Cluster API contract, and it is used to orchestrate initial Machine provisioning.
+	// +optional
+	ControlPlaneInitialized *bool `json:"controlPlaneInitialized,omitempty"`
+}
+
+// SystemEndpointType identifies the service that the SystemEndpoint is describing.
+type SystemEndpointType string
+
+const (
+	// SystemEndpointTypeKubeAPIServer indicates that the endpoint is for the Kubernetes API server.
+	SystemEndpointTypeKubeAPIServer SystemEndpointType = "kube-apiserver"
+	// SystemEndpointTypeKopsController indicates that the endpoint is for the kops-controller.
+	SystemEndpointTypeKopsController SystemEndpointType = "kops-controller"
+)
+
+// SystemEndpointScope describes whether an endpoint is intended for internal or external use.
+type SystemEndpointScope string
+
+const (
+	// SystemEndpointScopeInternal indicates that the endpoint is intended for internal use.
+	SystemEndpointScopeInternal SystemEndpointScope = "internal"
+	// SystemEndpointScopeExternal indicates that the endpoint is intended for external use.
+	SystemEndpointScopeExternal SystemEndpointScope = "external"
+)
+
+// SystemEndpoint represents a reachable Kubernetes API endpoint.
+type SystemEndpoint struct {
+	// The type of the endpoint
+	Type SystemEndpointType `json:"type"`
+
+	// The hostname or IP on which the API server is serving.
+	Endpoint string `json:"endpoint"`
+
+	// Whether the endpoint is intended for internal or external use.
+	Scope SystemEndpointScope `json:"scope"`
 }
 
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path=kopscontrolplanes,shortName=kcp,scope=Namespaced,categories=cluster-api
 // +kubebuilder:storageversion
 // +kubebuilder:subresource:status
 // +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas,selectorpath=.status.selector
+// +kubebuilder:metadata:labels=cluster.x-k8s.io/v1beta2=v1beta1
 // +kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".metadata.labels['cluster\\.x-k8s\\.io/cluster-name']",description="Cluster"
 // +kubebuilder:printcolumn:name="Initialized",type=boolean,JSONPath=".status.initialized",description="This denotes whether or not the control plane has the uploaded kops-config configmap"
 // +kubebuilder:printcolumn:name="API Server Available",type=boolean,JSONPath=".status.ready",description="KopsControlPlane API Server is ready to receive requests"

clusterapi/controlplane/kops/api/v1beta1/kopscontrolplanetemplate_types.go

@@ -31,6 +31,7 @@ type KopsControlPlaneTemplateSpec struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path=kopscontrolplanetemplates,scope=Namespaced,categories=cluster-api
 // +kubebuilder:storageversion
+// +kubebuilder:metadata:labels=cluster.x-k8s.io/v1beta2=v1beta1
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="Time duration since creation of KopsControlPlaneTemplate"
 
 // KopsControlPlaneTemplate is the Schema for the kopscontrolplanetemplates API.

clusterapi/examples/capi-loopback.yaml

@@ -0,0 +1,42 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: root-reader
+rules:
+# Needed for a probe; but this feels like a poor choice - /api would more open by default
+# TODO: File bug, also error handling is poor and usually prints "Unknown"
+- nonResourceURLs: ["/"]
+  verbs: ["get"]
+
+# Pods
+- resources: ["pods"]
+  apiGroups: [""]
+  verbs:
+  # Needed for "checking if we're running on workload cluster"
+  - "get"
+
+# Nodes
+- resources: ["nodes"]
+  apiGroups: [""]
+  verbs:
+  # We monitor in-cluster nodes
+  - get
+  - list
+  - watch
+  # We patch nodes with our labels
+  - patch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: root-reader-capi-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: root-reader
+subjects:
+- kind: ServiceAccount
+  name: capi-manager
+  namespace: capi-system

clusterapi/examples/kopscontroller.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kops-controller-capi
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin # TODO: We only need to read pods
+subjects:
+- kind: ServiceAccount
+  name: kops-controller
+  namespace: kube-system