Support to skip credentials propagation

Mirantis · Dec 20, 2024 · 5620463 · 5620463
1 parent d06dabd
commit 5620463
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 3 deletions.
diff --git a/api/v1alpha1/managedcluster_types.go b/api/v1alpha1/managedcluster_types.go
@@ -84,6 +84,10 @@ type ManagedClusterSpec struct {
 	// By default the remaining services will be deployed even if conflict is detected.
 	// If set to true, the deployment will stop after encountering the first conflict.
 	StopOnConflict bool `json:"stopOnConflict,omitempty"`
+	// PropagateCredentials indicates whether credentials should be propagated
+	// for use by CCM (Cloud Controller Manager).
+	// Default: true.
+	PropagateCredentials *bool `json:"propagateCredentials,omitempty"`
 }
 
 // ManagedClusterStatus defines the observed state of ManagedCluster
@@ -160,6 +164,12 @@ func (in *ManagedCluster) InitConditions() {
 	})
 }
 
+// PropagateCredentials returns true if credentials should be propagated
+// for use by CCM (Cloud Controller Manager).
+func (in *ManagedCluster) PropagateCredentials() bool {
+	return in.Spec.PropagateCredentials == nil || *in.Spec.PropagateCredentials
+}
+
 // +kubebuilder:object:root=true
 
 // ManagedClusterList contains a list of ManagedCluster

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/internal/controller/managedcluster_controller.go b/internal/controller/managedcluster_controller.go
@@ -354,9 +354,11 @@ func (r *ManagedClusterReconciler) updateCluster(ctx context.Context, mc *hmc.Ma
 		return ctrl.Result{RequeueAfter: DefaultRequeueInterval}, nil
 	}
 
-	if err := r.reconcileCredentialPropagation(ctx, mc); err != nil {
-		l.Error(err, "failed to reconcile credentials propagation")
-		return ctrl.Result{}, err
+	if mc.PropagateCredentials() {
+		if err := r.reconcileCredentialPropagation(ctx, mc); err != nil {
+			l.Error(err, "failed to reconcile credentials propagation")
+			return ctrl.Result{}, err
+		}
 	}
 
 	return ctrl.Result{}, nil

diff --git a/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml b/templates/provider/hmc/templates/crds/hmc.mirantis.com_managedclusters.yaml
@@ -69,6 +69,12 @@ spec:
                 description: DryRun specifies whether the template should be applied
                   after validation or only validated.
                 type: boolean
+              propagateCredentials:
+                description: |-
+                  PropagateCredentials indicates whether credentials should be propagated
+                  for use by CCM (Cloud Controller Manager).
+                  Default: true.
+                type: boolean
               services:
                 description: |-
                   Services is a list of services created via ServiceTemplates