Automatically create Management object only once

Makefile

@@ -65,7 +65,7 @@ generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and
 set-hmc-version: yq
 	$(YQ) eval '.version = "$(VERSION)"' -i templates/hmc/Chart.yaml
 	$(YQ) eval '.version = "$(VERSION)"' -i templates/hmc-templates/Chart.yaml
-	$(YQ) eval '.controllerManager.manager.image.tag = "$(VERSION)"' -i templates/hmc/values.yaml
+	$(YQ) eval '.image.tag = "$(VERSION)"' -i templates/hmc/values.yaml
 
 .PHONY: hmc-chart-release
 hmc-chart-release: set-hmc-version templates-generate ## Generate hmc helm chart

README.md

@@ -82,11 +82,11 @@ configuration:
    * Create `management.yaml` file and configure core components and providers.
    See [Management API](api/v1alpha1/management_types.go).
 
-   * Specify `--create-management=false` controllerManager argument and install HMC:
+   * Specify `--create-management=false` controller argument and install HMC:
 
     If installing using `helm` add the following parameter to the `helm install` command:
 
-    `--set="controllerManager.manager.args={--create-management=false}"`
+    `--set="controller.createManagement=false"`
 
    * Create `hmc-system/hmc` `Management` object after HMC installation:
 

cmd/main.go

@@ -56,7 +56,6 @@ func init() {
 
 func main() {
 	var metricsAddr string
-	var enableLeaderElection bool
 	var probeAddr string
 	var secureMetrics bool
 	var enableHTTP2 bool
@@ -72,9 +71,6 @@ func main() {
 
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
-		"Enable leader election for controller manager. "+
-			"Enabling this will ensure there is only one active controller manager.")
 	flag.BoolVar(&secureMetrics, "metrics-secure", false,
 		"If set the metrics endpoint is served securely")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
@@ -124,7 +120,7 @@ func main() {
 			TLSOpts:       tlsOpts,
 		},
 		HealthProbeBindAddress: probeAddr,
-		LeaderElection:         enableLeaderElection,
+		LeaderElection:         true,
 		LeaderElectionID:       "31c555b4.hmc.mirantis.com",
 		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
 		// when the Manager ends. This requires the binary to immediately end when the

config/dev/hmc_values.yaml

@@ -1,8 +1,6 @@
-controllerManager:
-  manager:
-    image:
-      repository: hmc/controller
-    args:
-    - --default-oci-registry=oci://hmc-local-registry:5000/charts
-    - --insecure-registry=true
-    - --create-templates=false
+image:
+  repository: hmc/controller
+controller:
+  defaultOCIRegistry: oci://hmc-local-registry:5000/charts
+  insecureRegistry: true
+  createTemplates: false

internal/controller/release_controller.go

@@ -25,6 +25,7 @@ import (
 	sourcev1 "github.com/fluxcd/source-controller/api/v1"
 	"github.com/pkg/errors"
 	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/chartutil"
 	"helm.sh/helm/v3/pkg/storage/driver"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -131,28 +132,37 @@ func (p *Poller) ensureManagement(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+
+		hmcConfig := make(chartutil.Values)
 		release, err := actionConfig.Releases.Last("hmc")
 		if err != nil {
 			if !errors.Is(err, driver.ErrReleaseNotFound) {
 				return err
 			}
 		} else {
 			if len(release.Config) > 0 {
-				values, err := json.Marshal(release.Config)
-				if err != nil {
-					return err
-				}
-				_ = applyDefaultCoreConfiguration(mgmtObj)
-				mgmtObj.Spec.Core = &hmc.DefaultCoreConfiguration
-				mgmtObj.Spec.Core.HMC.Config = &apiextensionsv1.JSON{
-					Raw: values,
-				}
+				chartutil.CoalesceTables(hmcConfig, release.Config)
 			}
 		}
 
+		// Initially set createManagement:false to automatically create Management object only once
+		chartutil.CoalesceTables(hmcConfig, map[string]interface{}{
+			"controller": map[string]interface{}{
+				"createManagement": false,
+			},
+		})
+		rawConfig, err := json.Marshal(hmcConfig)
+		if err != nil {
+			return err
+		}
+		mgmtObj.Spec.Core = &hmc.DefaultCoreConfiguration
+		mgmtObj.Spec.Core.HMC.Config = &apiextensionsv1.JSON{
+			Raw: rawConfig,
+		}
+
 		err = p.Create(ctx, mgmtObj)
 		if err != nil {
-			return fmt.Errorf("failed to create %s/%s Management object", hmc.ManagementNamespace, hmc.ManagementName)
+			return fmt.Errorf("failed to create %s/%s Management object: %s", hmc.ManagementNamespace, hmc.ManagementName, err)
 		}
 		l.Info("Successfully created Management object with default configuration")
 	}

templates/hmc/templates/deployment.yaml

@@ -6,7 +6,7 @@ metadata:
     control-plane: {{ include "hmc.fullname" . }}-controller-manager
   {{- include "hmc.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.controllerManager.replicas }}
+  replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
       control-plane: {{ include "hmc.fullname" . }}-controller-manager
@@ -20,7 +20,14 @@ spec:
         kubectl.kubernetes.io/default-container: manager
     spec:
       containers:
-      - args: {{ toYaml .Values.controllerManager.manager.args | nindent 8 }}
+      - args:
+        - --default-oci-registry={{ .Values.controller.defaultOCIRegistry }}
+        - --insecure-registry={{ .Values.controller.insecureRegistry }}
+        {{- if .Values.controller.registryCredsSecret }}
+        - --registry-creds-secret={{ .Values.controller.registryCredsSecret }}
+        {{- end }}
+        - --create-management={{ .Values.controller.createManagement }}
+        - --create-templates={{ .Values.controller.createTemplates }}
         - --enable-webhook={{ .Values.admissionWebhook.enabled }}
         - --webhook-port={{ .Values.admissionWebhook.port }}
         - --webhook-cert-dir={{ .Values.admissionWebhook.certDir }}
@@ -29,9 +36,9 @@ spec:
         env:
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ quote .Values.kubernetesClusterDomain }}
-        image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag
           | default .Chart.AppVersion }}
-        imagePullPolicy: {{ .Values.controllerManager.manager.imagePullPolicy }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- if .Values.admissionWebhook.enabled }}
         ports:
         - containerPort: {{ .Values.admissionWebhook.port }}
@@ -51,9 +58,9 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
-        resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10
+        resources: {{- toYaml .Values.resources | nindent 10
           }}
-        securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext
+        securityContext: {{- toYaml .Values.containerSecurityContext
           | nindent 10 }}
         {{- if .Values.admissionWebhook.enabled }}
         volumeMounts:

templates/hmc/templates/serviceaccount.yaml

@@ -5,4 +5,4 @@ metadata:
   labels:
   {{- include "hmc.labels" . | nindent 4 }}
   annotations:
-    {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }}
+    {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}

templates/hmc/values.schema.json

@@ -101,96 +101,107 @@
         }
       }
     },
-    "controllerManager": {
+    "controller": {
       "type": "object",
       "properties": {
-        "manager": {
+        "defaultOCIRegistry": {
+          "type": "string"
+        },
+        "registryCredsSecret": {
+          "type": "string"
+        },
+        "insecureRegistry": {
+          "type": "boolean"
+        },
+        "createManagement": {
+          "type": "boolean"
+        },
+        "createTemplate": {
+          "type": "boolean"
+        }
+      }
+    },
+    "args": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "uniqueItems": true
+    },
+    "containerSecurityContext": {
+      "type": "object",
+      "properties": {
+        "allowPrivilegeEscalation": {
+          "type": "boolean"
+        },
+        "capabilities": {
           "type": "object",
           "properties": {
-            "args": {
+            "drop": {
               "type": "array",
               "items": {
                 "type": "string"
               },
               "uniqueItems": true
-            },
-            "containerSecurityContext": {
-              "type": "object",
-              "properties": {
-                "allowPrivilegeEscalation": {
-                  "type": "boolean"
-                },
-                "capabilities": {
-                  "type": "object",
-                  "properties": {
-                    "drop": {
-                      "type": "array",
-                      "items": {
-                        "type": "string"
-                      },
-                      "uniqueItems": true
-                    }
-                  }
-                }
-              }
-            },
-            "image": {
-              "type": "object",
-              "properties": {
-                "repository": {
-                  "type": "string"
-                },
-                "tag": {
-                  "type": "string"
-                }
-              }
-            },
-            "imagePullPolicy": {
+            }
+          }
+        }
+      }
+    },
+    "image": {
+      "type": "object",
+      "properties": {
+        "repository": {
+          "type": "string"
+        },
+        "tag": {
+          "type": "string"
+        },
+        "pullPolicy": {
+          "type": "string"
+        }
+      }
+    },
+    "resources": {
+      "type": "object",
+      "properties": {
+        "limits": {
+          "type": "object",
+          "properties": {
+            "cpu": {
               "type": "string"
             },
-            "resources": {
-              "type": "object",
-              "properties": {
-                "limits": {
-                  "type": "object",
-                  "properties": {
-                    "cpu": {
-                      "type": "string"
-                    },
-                    "memory": {
-                      "type": "string"
-                    }
-                  }
-                },
-                "requests": {
-                  "type": "object",
-                  "properties": {
-                    "cpu": {
-                      "type": "string"
-                    },
-                    "memory": {
-                      "type": "string"
-                    }
-                  }
-                }
-              }
+            "memory": {
+              "type": "string"
             }
           }
         },
-        "replicas": {
-          "type": "integer"
-        },
-        "serviceAccount": {
+        "requests": {
           "type": "object",
           "properties": {
-            "annotations": {
-              "type": "object",
-              "properties": {}
+            "cpu": {
+              "type": "string"
+            },
+            "memory": {
+              "type": "string"
             }
           }
         }
       }
     },
+    "replicas": {
+      "type": "integer"
+    },
+    "serviceAccount": {
+      "type": "object",
+      "properties": {
+        "annotations": {
+          "type": "object",
+          "properties": {
+          }
+        }
+      }
+    },
     "kubernetesClusterDomain": {
       "type": "string"
     },