Merge pull request #203 from alexander-demicev/injectmanifests

✨Inject additional manifests on provider installation/upgrade

Author: k8s-ci-robot

Tiltfile

@@ -18,7 +18,10 @@ def build_image():
         "OWNERS_ALIASES",
         "PROJECT",
         "SECURITY_CONTACTS"
-        ]
+        ],
+       build_args = {
+        "builder_image": "docker.io/library/golang:1.20.4",
+        }
     )
 
 def deploy():

api/v1alpha1/provider_types.go

@@ -63,6 +63,23 @@ type ProviderSpec struct {
 	// https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
 	// +optional
 	FetchConfig *FetchConfiguration `json:"fetchConfig,omitempty"`
+
+	// AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+	// together with the provider components. The key for storing these manifests has to be `manifests`.
+	// The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+	// namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+	// +optional
+	AdditionalManifestsRef *ConfigmapReference `json:"additionalManifests,omitempty"`
+}
+
+// ConfigmapReference contains enough information to locate the configmap.
+type ConfigmapReference struct {
+	// Name defines the name of the configmap.
+	Name string `json:"name"`
+
+	// Namespace defines the namespace of the configmap.
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
 }
 
 // ManagerSpec defines the properties that can be enabled on the controller manager for the provider.

api/v1alpha1/zz_generated.deepcopy.go

@@ -41,6 +41,23 @@ spec:
           spec:
             description: BootstrapProviderSpec defines the desired state of BootstrapProvider.
             properties:
+              additionalManifests:
+                description: AdditionalManifests is reference to configmap that contains
+                  additional manifests that will be applied together with the provider
+                  components. The key for storing these manifests has to be `manifests`.
+                  The manifests are applied only once when a certain release is installed/upgraded.
+                  If namespace is not specified, the namespace of the provider will
+                  be used. There is no validation of the yaml content inside the configmap.
+                properties:
+                  name:
+                    description: Name defines the name of the configmap.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the configmap.
+                    type: string
+                required:
+                - name
+                type: object
               deployment:
                 description: Deployment defines the properties that can be enabled
                   on the deployment for the provider.

config/crd/bases/operator.cluster.x-k8s.io_bootstrapproviders.yaml

@@ -42,6 +42,23 @@ spec:
           spec:
             description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider.
             properties:
+              additionalManifests:
+                description: AdditionalManifests is reference to configmap that contains
+                  additional manifests that will be applied together with the provider
+                  components. The key for storing these manifests has to be `manifests`.
+                  The manifests are applied only once when a certain release is installed/upgraded.
+                  If namespace is not specified, the namespace of the provider will
+                  be used. There is no validation of the yaml content inside the configmap.
+                properties:
+                  name:
+                    description: Name defines the name of the configmap.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the configmap.
+                    type: string
+                required:
+                - name
+                type: object
               deployment:
                 description: Deployment defines the properties that can be enabled
                   on the deployment for the provider.

config/crd/bases/operator.cluster.x-k8s.io_controlplaneproviders.yaml

@@ -41,6 +41,23 @@ spec:
           spec:
             description: CoreProviderSpec defines the desired state of CoreProvider.
             properties:
+              additionalManifests:
+                description: AdditionalManifests is reference to configmap that contains
+                  additional manifests that will be applied together with the provider
+                  components. The key for storing these manifests has to be `manifests`.
+                  The manifests are applied only once when a certain release is installed/upgraded.
+                  If namespace is not specified, the namespace of the provider will
+                  be used. There is no validation of the yaml content inside the configmap.
+                properties:
+                  name:
+                    description: Name defines the name of the configmap.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the configmap.
+                    type: string
+                required:
+                - name
+                type: object
               deployment:
                 description: Deployment defines the properties that can be enabled
                   on the deployment for the provider.

config/crd/bases/operator.cluster.x-k8s.io_coreproviders.yaml

@@ -42,6 +42,23 @@ spec:
           spec:
             description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider.
             properties:
+              additionalManifests:
+                description: AdditionalManifests is reference to configmap that contains
+                  additional manifests that will be applied together with the provider
+                  components. The key for storing these manifests has to be `manifests`.
+                  The manifests are applied only once when a certain release is installed/upgraded.
+                  If namespace is not specified, the namespace of the provider will
+                  be used. There is no validation of the yaml content inside the configmap.
+                properties:
+                  name:
+                    description: Name defines the name of the configmap.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the configmap.
+                    type: string
+                required:
+                - name
+                type: object
               deployment:
                 description: Deployment defines the properties that can be enabled
                   on the deployment for the provider.

config/crd/bases/operator.cluster.x-k8s.io_infrastructureproviders.yaml

@@ -26,6 +26,7 @@
   * [Modifying a Provider](#modifying-a-provider)
   * [Deleting a Provider](#deleting-a-provider)
 - [Air-gapped Environment](#air-gapped-environment)
+- [Injecting additional manifests](#injecting-additional-manifests)
 
 # Introduction
 
@@ -717,3 +718,30 @@ yq eval -i '.metadata.labels += {"my-label": "label-value"}' configmap.yaml
 ```sh
 kubectl create -f configmap.yaml
 ```
+
+## Injecting additional manifests
+
+It is possible to inject additional manifests when installing/upgrading a provider. This can be useful when you need to add extra RBAC resources to the provider controller, for example.
+The field `AdditionalManifests` is a reference to a ConfigMap that contains additional manifests, which will be applied together with the provider components. The key for storing these manifests has to be `manifests`.
+The manifests are applied only once when a certain release is installed/upgraded. If the namespace is not specified, the namespace of the provider will be used. There is no validation of the YAML content inside the ConfigMap.
+
+```yaml
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: additional-manifests
+  namespace: capi-system
+data:
+  manifests: |
+    # Additional manifests go here
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: CoreProvider
+metadata:
+  name: cluster-api
+  namespace: capi-system
+spec:
+  additionalManifests:
+      name: additional-manifests
+```

docs/README.md

@@ -40,8 +40,9 @@ const (
 
 	compressedAnnotation = "provider.cluster.x-k8s.io/compressed"
 
-	metadataConfigMapKey   = "metadata"
-	componentsConfigMapKey = "components"
+	metadataConfigMapKey            = "metadata"
+	componentsConfigMapKey          = "components"
+	additionalManifestsConfigMapKey = "manifests"
 
 	maxConfigMapSize = 1 * 1024 * 1024
 )

internal/controller/manifests_downloader.go

@@ -155,7 +155,12 @@ func (p *phaseReconciler) load(ctx context.Context) (reconcile.Result, error) {
 		labelSelector = p.provider.GetSpec().FetchConfig.Selector
 	}
 
-	p.repo, err = p.configmapRepository(ctx, labelSelector)
+	additionalManifests, err := p.fetchAddionalManifests(ctx)
+	if err != nil {
+		return reconcile.Result{}, wrapPhaseError(err, "failed to load additional manifests")
+	}
+
+	p.repo, err = p.configmapRepository(ctx, labelSelector, additionalManifests)
 	if err != nil {
 		return reconcile.Result{}, wrapPhaseError(err, "failed to load the repository")
 	}
@@ -242,7 +247,7 @@ func (p *phaseReconciler) secretReader(ctx context.Context) (configclient.Reader
 
 // configmapRepository use clusterctl NewMemoryRepository structure to store the manifests
 // and metadata from a given configmap.
-func (p *phaseReconciler) configmapRepository(ctx context.Context, labelSelector *metav1.LabelSelector) (repository.Repository, error) {
+func (p *phaseReconciler) configmapRepository(ctx context.Context, labelSelector *metav1.LabelSelector, additionalManifests string) (repository.Repository, error) {
 	mr := repository.NewMemoryRepository()
 	mr.WithPaths("", "components.yaml")
 
@@ -289,12 +294,30 @@ func (p *phaseReconciler) configmapRepository(ctx context.Context, labelSelector
 			return nil, err
 		}
 
+		if additionalManifests != "" {
+			components = components + "\n---\n" + additionalManifests
+		}
+
 		mr.WithFile(version, mr.ComponentsPath(), []byte(components))
 	}
 
 	return mr, nil
 }
 
+func (p *phaseReconciler) fetchAddionalManifests(ctx context.Context) (string, error) {
+	cm := &corev1.ConfigMap{}
+
+	if p.provider.GetSpec().AdditionalManifestsRef != nil {
+		key := types.NamespacedName{Namespace: p.provider.GetSpec().AdditionalManifestsRef.Namespace, Name: p.provider.GetSpec().AdditionalManifestsRef.Name}
+
+		if err := p.ctrlClient.Get(ctx, key, cm); err != nil {
+			return "", fmt.Errorf("failed to get ConfigMap %s/%s: %w", key.Namespace, key.Name, err)
+		}
+	}
+
+	return cm.Data[additionalManifestsConfigMapKey], nil
+}
+
 // getComponentsData returns components data based on if it's compressed or not.
 func getComponentsData(cm corev1.ConfigMap) (string, error) {
 	// Data is not compressed, return it immediately.