diff --git a/api/v1alpha1/managedcluster_types.go b/api/v1alpha1/managedcluster_types.go index 404a6de15..3841764c6 100644 --- a/api/v1alpha1/managedcluster_types.go +++ b/api/v1alpha1/managedcluster_types.go @@ -84,6 +84,10 @@ type ManagedClusterSpec struct { // By default the remaining services will be deployed even if conflict is detected. // If set to true, the deployment will stop after encountering the first conflict. StopOnConflict bool `json:"stopOnConflict,omitempty"` + // PropagateCredentials indicates whether credentials should be propagated + // for use by CCM (Cloud Controller Manager). + // Default: true. + PropagateCredentials *bool `json:"propagateCredentials,omitempty"` } // ManagedClusterStatus defines the observed state of ManagedCluster @@ -160,6 +164,12 @@ func (in *ManagedCluster) InitConditions() { }) } +// PropagateCredentials returns true if credentials should be propagated +// for use by CCM (Cloud Controller Manager). +func (in *ManagedCluster) PropagateCredentials() bool { + return in.Spec.PropagateCredentials == nil || *in.Spec.PropagateCredentials +} + // +kubebuilder:object:root=true // ManagedClusterList contains a list of ManagedCluster diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 059d60379..4fd3da6e5 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -744,6 +744,11 @@ func (in *ManagedClusterSpec) DeepCopyInto(out *ManagedClusterSpec) { *out = make([]ServiceSpec, len(*in)) copy(*out, *in) } + if in.PropagateCredentials != nil { + in, out := &in.PropagateCredentials, &out.PropagateCredentials + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedClusterSpec. diff --git a/internal/controller/managedcluster_controller.go b/internal/controller/managedcluster_controller.go index 3dcc43ade..22c036e28 100644 --- a/internal/controller/managedcluster_controller.go +++ b/internal/controller/managedcluster_controller.go @@ -355,9 +355,11 @@ func (r *ManagedClusterReconciler) updateCluster(ctx context.Context, mc *hmc.Ma return ctrl.Result{RequeueAfter: DefaultRequeueInterval}, nil } - if err := r.reconcileCredentialPropagation(ctx, mc); err != nil { - l.Error(err, "failed to reconcile credentials propagation") - return ctrl.Result{}, err + if mc.PropagateCredentials() { + if err := r.reconcileCredentialPropagation(ctx, mc); err != nil { + l.Error(err, "failed to reconcile credentials propagation") + return ctrl.Result{}, err + } } return ctrl.Result{}, nil diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml index 8e0ec18a3..2f48eb697 100644 --- a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml +++ b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml @@ -69,6 +69,12 @@ spec: description: DryRun specifies whether the template should be applied after validation or only validated. type: boolean + propagateCredentials: + description: |- + PropagateCredentials indicates whether credentials should be propagated + for use by CCM (Cloud Controller Manager). + Default: true. + type: boolean services: description: |- Services is a list of services created via ServiceTemplates