stolostron · dislbenn · Dec 16, 2024 · Dec 16, 2024 · Dec 16, 2024 · Dec 16, 2024
diff --git a/api/v1/multiclusterengine_methods.go b/api/v1/multiclusterengine_methods.go
@@ -24,6 +24,8 @@ import (
 
 const (
 	AssistedService                  = "assisted-service"
+	ClusterAPI                       = "cluster-api"
+	ClusterAPIPreview                = "cluster-api-preview"
 	ClusterLifecycle                 = "cluster-lifecycle"
 	ClusterManager                   = "cluster-manager"
 	ClusterProxyAddon                = "cluster-proxy-addon"
@@ -43,6 +45,8 @@ const (
 
 var allComponents = []string{
 	AssistedService,
+	ClusterAPI,
+	ClusterAPIPreview,
 	ClusterLifecycle,
 	ClusterManager,
 	ClusterProxyAddon,
@@ -63,6 +67,7 @@ var allComponents = []string{
 // MCEComponents is a slice containing component names specific to the "MCE" category.
 var MCEComponents = []string{
 	AssistedService,
+	ClusterAPIPreview,
 	ClusterLifecycle,
 	ClusterManager,
 	ClusterProxyAddon,

diff --git a/controllers/backplaneconfig_controller.go b/controllers/backplaneconfig_controller.go
@@ -779,6 +779,7 @@ func (r *MultiClusterEngineReconciler) createMetricsServiceMonitor(ctx context.C
 func (r *MultiClusterEngineReconciler) DeployAlwaysSubcomponents(ctx context.Context,
 	backplaneConfig *backplanev1.MultiClusterEngine) (ctrl.Result, error) {
 	chartsDir := renderer.AlwaysChartsDir
+
 	// Renders all templates from charts
 	templates, errs := renderer.RenderCharts(chartsDir, backplaneConfig, r.CacheSpec.ImageOverrides,
 		r.CacheSpec.TemplateOverrides)
@@ -893,9 +894,9 @@ func (r *MultiClusterEngineReconciler) ensureNoInternalEngineComponent(ctx conte
 }
 
 func (r *MultiClusterEngineReconciler) fetchChartOrCRDPath(component string, useCRDPath bool) string {
-
 	chartDirs := map[string]string{
 		backplanev1.AssistedService:           toggle.AssistedServiceChartDir,
+		backplanev1.ClusterAPIPreview:         toggle.ClusterAPIDir,
 		backplanev1.ClusterLifecycle:          toggle.ClusterLifecycleChartDir,
 		backplanev1.ClusterManager:            toggle.ClusterManagerChartDir,
 		backplanev1.ClusterProxyAddon:         toggle.ClusterProxyAddonDir,
@@ -1149,6 +1150,25 @@ func (r *MultiClusterEngineReconciler) ensureToggleableComponents(ctx context.Co
 			errs[backplanev1.ClusterProxyAddon] = err
 		}
 	}
+
+	if backplaneConfig.Enabled(backplanev1.ClusterAPIPreview) {
+		result, err = r.ensureClusterAPI(ctx, backplaneConfig)
+		if result != (ctrl.Result{}) {
+			requeue = true
+		}
+		if err != nil {
+			errs[backplanev1.ClusterAPIPreview] = err
+		}
+	} else {
+		result, err = r.ensureNoClusterAPI(ctx, backplaneConfig)
+		if result != (ctrl.Result{}) {
+			requeue = true
+		}
+		if err != nil {
+			errs[backplanev1.ClusterAPIPreview] = err
+		}
+	}
+
 	if backplaneConfig.Enabled(backplanev1.LocalCluster) {
 		result, err := r.ensureLocalCluster(ctx, backplaneConfig)
 		if result != (ctrl.Result{}) {
@@ -2000,7 +2020,10 @@ func ensureCRD(ctx context.Context, c client.Client, crd *unstructured.Unstructu
 
 func (r *MultiClusterEngineReconciler) removeDeprecatedRBAC(ctx context.Context) (ctrl.Result, error) {
 	hyperShiftPreviewClusterRoleBinding := &rbacv1.ClusterRoleBinding{}
-	err := r.Client.Get(ctx, types.NamespacedName{Name: "open-cluster-management:hypershift-preview:hypershift-addon-manager"}, hyperShiftPreviewClusterRoleBinding)
+	err := r.Client.Get(ctx,
+		types.NamespacedName{Name: "open-cluster-management:hypershift-preview:hypershift-addon-manager"},
+		hyperShiftPreviewClusterRoleBinding)
+
 	if err == nil {
 		err = r.Client.Delete(ctx, hyperShiftPreviewClusterRoleBinding)
 		if err != nil {
@@ -2011,8 +2034,12 @@ func (r *MultiClusterEngineReconciler) removeDeprecatedRBAC(ctx context.Context)
 			return ctrl.Result{}, err
 		}
 	}
+
 	hyperShiftPreviewClusterRole := &rbacv1.ClusterRole{}
-	err = r.Client.Get(ctx, types.NamespacedName{Name: "open-cluster-management:hypershift-preview:hypershift-addon-manager"}, hyperShiftPreviewClusterRole)
+	err = r.Client.Get(ctx,
+		types.NamespacedName{Name: "open-cluster-management:hypershift-preview:hypershift-addon-manager"},
+		hyperShiftPreviewClusterRole)
+
 	if err == nil {
 		err = r.Client.Delete(ctx, hyperShiftPreviewClusterRole)
 		if err != nil {

diff --git a/controllers/backplaneconfig_controller_test.go b/controllers/backplaneconfig_controller_test.go
@@ -254,6 +254,12 @@ var _ = Describe("BackplaneConfig controller", func() {
 				ResourceType:   &appsv1.Deployment{},
 				Expected:       nil,
 			},
+			{
+				Name:           "CAPI Controller Manager Deployment",
+				NamespacedName: types.NamespacedName{Name: "capi-controller-manager", Namespace: DestinationNamespace},
+				ResourceType:   &appsv1.Deployment{},
+				Expected:       nil,
+			},
 			{
 				Name:           "Hive Operator Deployment",
 				NamespacedName: types.NamespacedName{Name: "hive-operator", Namespace: DestinationNamespace},
@@ -405,6 +411,10 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.AssistedService,
 									Enabled: true,
 								},
+								{
+									Name:    backplanev1.ClusterAPIPreview,
+									Enabled: true,
+								},
 								{
 									Name:    backplanev1.ClusterLifecycle,
 									Enabled: true,
@@ -576,6 +586,10 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.AssistedService,
 									Enabled: false,
 								},
+								{
+									Name:    backplanev1.ClusterAPIPreview,
+									Enabled: false,
+								},
 								{
 									Name:    backplanev1.ClusterLifecycle,
 									Enabled: false,
@@ -849,6 +863,10 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.AssistedService,
 									Enabled: true,
 								},
+								{
+									Name:    backplanev1.ClusterAPIPreview,
+									Enabled: true,
+								},
 								{
 									Name:    backplanev1.ClusterLifecycle,
 									Enabled: true,
@@ -953,6 +971,10 @@ var _ = Describe("BackplaneConfig controller", func() {
 									Name:    backplanev1.AssistedService,
 									Enabled: false,
 								},
+								{
+									Name:    backplanev1.ClusterAPIPreview,
+									Enabled: false,
+								},
 								{
 									Name:    backplanev1.ClusterLifecycle,
 									Enabled: false,

diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -80,12 +80,13 @@ var _ = BeforeSuite(func() {
 	testEnv = &envtest.Environment{
 		CRDDirectoryPaths: []string{
 			filepath.Join("..", "config", "crd", "bases"),
-			filepath.Join("..", "pkg", "templates", "crds", "cluster-manager"),
-			filepath.Join("..", "pkg", "templates", "crds", "hive-operator"),
-			filepath.Join("..", "pkg", "templates", "crds", "foundation"),
+			filepath.Join("..", "pkg", "templates", "crds", "cluster-api"),
 			filepath.Join("..", "pkg", "templates", "crds", "cluster-lifecycle"),
-			filepath.Join("..", "pkg", "templates", "crds", "discovery-operator"),
+			filepath.Join("..", "pkg", "templates", "crds", "cluster-manager"),
 			filepath.Join("..", "pkg", "templates", "crds", "cluster-proxy-addon"),
+			filepath.Join("..", "pkg", "templates", "crds", "discovery-operator"),
+			filepath.Join("..", "pkg", "templates", "crds", "foundation"),
+			filepath.Join("..", "pkg", "templates", "crds", "hive-operator"),
 			filepath.Join("..", "pkg", "templates", "crds", "internal"),
 			filepath.Join("..", "hack", "unit-test-crds"),
 		},

diff --git a/controllers/toggle_components.go b/controllers/toggle_components.go
@@ -385,7 +385,6 @@ func (r *MultiClusterEngineReconciler) ensureDiscovery(ctx context.Context, mce
 
 func (r *MultiClusterEngineReconciler) ensureNoDiscovery(ctx context.Context,
 	mce *backplanev1.MultiClusterEngine) (ctrl.Result, error) {
-
 	namespacedName := types.NamespacedName{Name: "discovery-operator", Namespace: mce.Spec.TargetNamespace}
 
 	// Ensure that the InternalHubComponent CR instance is deleted for component in MCE.
@@ -419,6 +418,81 @@ func (r *MultiClusterEngineReconciler) ensureNoDiscovery(ctx context.Context,
 	return ctrl.Result{}, nil
 }
 
+func (r *MultiClusterEngineReconciler) ensureClusterAPI(ctx context.Context, mce *backplanev1.MultiClusterEngine) (
+	ctrl.Result, error) {
+
+	namespacedName := types.NamespacedName{Name: "capi-controller-manager", Namespace: mce.Spec.TargetNamespace}
+	r.StatusManager.RemoveComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{}))
+	r.StatusManager.AddComponent(toggle.EnabledStatus(namespacedName))
+
+	// Ensure that the InternalHubComponent CR instance is created for component in MCE.
+	if result, err := r.ensureInternalEngineComponent(ctx, mce, backplanev1.ClusterAPIPreview); err != nil {
+		return result, err
+	}
+
+	// Renders all templates from charts
+	chartPath := r.fetchChartOrCRDPath(backplanev1.ClusterAPIPreview, false)
+	templates, errs := renderer.RenderChart(chartPath, mce, r.CacheSpec.ImageOverrides, r.CacheSpec.TemplateOverrides)
+
+	if len(errs) > 0 {
+		for _, err := range errs {
+			log.Info(err.Error())
+		}
+		return ctrl.Result{RequeueAfter: requeuePeriod}, nil
+	}
+
+	// Apply deployment config overrides
+	if result, err := r.applyComponentDeploymentOverrides(mce, templates, backplanev1.ClusterAPIPreview); err != nil {
+		return result, err
+	}
+
+	// Applies all templates
+	for _, template := range templates {
+		applyReleaseVersionAnnotation(template)
+		result, err := r.applyTemplate(ctx, mce, template)
+		if err != nil {
+			return result, err
+		}
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *MultiClusterEngineReconciler) ensureNoClusterAPI(ctx context.Context,
+	mce *backplanev1.MultiClusterEngine) (ctrl.Result, error) {
+	namespacedName := types.NamespacedName{Name: "capi-controller-manager", Namespace: mce.Spec.TargetNamespace}
+
+	// Ensure that the InternalHubComponent CR instance is deleted for component in MCE.
+	if result, err := r.ensureNoInternalEngineComponent(ctx, mce,
+		backplanev1.ClusterAPIPreview); (result != ctrl.Result{}) || err != nil {
+		return result, err
+	}
+
+	// Renders all templates from charts
+	chartPath := r.fetchChartOrCRDPath(backplanev1.ClusterAPIPreview, false)
+	templates, errs := renderer.RenderChart(chartPath, mce, r.CacheSpec.ImageOverrides, r.CacheSpec.TemplateOverrides)
+
+	if len(errs) > 0 {
+		for _, err := range errs {
+			log.Info(err.Error())
+		}
+		return ctrl.Result{RequeueAfter: requeuePeriod}, nil
+	}
+
+	r.StatusManager.RemoveComponent(toggle.EnabledStatus(namespacedName))
+	r.StatusManager.AddComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{}))
+
+	// Deletes all templates
+	for _, template := range templates {
+		result, err := r.deleteTemplate(ctx, mce, template)
+		if err != nil {
+			log.Error(err, fmt.Sprintf("Failed to delete template: %s", template.GetName()))
+			return result, err
+		}
+	}
+	return ctrl.Result{}, nil
+}
+
 func (r *MultiClusterEngineReconciler) ensureHive(ctx context.Context, mce *backplanev1.MultiClusterEngine) (
 	ctrl.Result, error) {
 

diff --git a/docs/available-components.md b/docs/available-components.md
@@ -1,17 +1,19 @@
 
 # Table list of the deployed components
 
-| Name                      | Description                                                                                                          | Enabled |
-|---------------------------|----------------------------------------------------------------------------------------------------------------------|---------|
-| assisted-service          | Installs OpenShift with minimal infrastructure prerequisites and comprehensive pre-flight validations.               | True    |
-| cluster-lifecycle         | Provides cluster management capabilities for {ocp-short} and {product-title-short} hub clusters.                     | True    |
-| cluster-manager           | Manages various cluster-related operations within the cluster environment.                                           | True    |
-| cluster-proxy-addon       | Automates the installation of apiserver-network-proxy on both hub and managed clusters using a reverse proxy server. | True    |
-| console-mce               | Enables the {mce-short} console plug-in.                                                                             | True    |
-| discovery                 | Discovers and identifies new clusters within the {ocm}.                                                              | True    |
-| hive                      | Provisions and performs initial configuration of {ocp-short} clusters.                                               | True    |
-| hypershift                | Hosts OpenShift control planes at scale with cost and time efficiency, and cross-cloud portability.                  | True    |
-| hypershift-local-hosting  | Enables local hosting capabilities for within the local cluster environment.                                         | True    |
-| local-cluster             | Enables the import and self-management of the local hub cluster where the {mce-short} is deployed.                   | True    |
-| managedserviceaccount     | Syncronizes service accounts to the managed clusters and collects tokens as secret resources back to the hub cluster.| True    |
-| server-foundation         | Provides foundational services for server-side operations within the cluster environment.                            | True    |
+| Name                         | Description                                                                                                          | Enabled |
+|------------------------------|----------------------------------------------------------------------------------------------------------------------|---------|
+| assisted-service             | Installs OpenShift with minimal infrastructure prerequisites and comprehensive pre-flight validations.               | True    |
+| cluster-api-preview          | Provides capabilities for declaratively handling the Cluster API lifecycle from within a managment cluster           | False   |
+| cluster-lifecycle            | Provides cluster management capabilities for {ocp-short} and {product-title-short} hub clusters.                     | True    |
+| cluster-manager              | Manages various cluster-related operations within the cluster environment.                                           | True    |
+| cluster-proxy-addon          | Automates the installation of apiserver-network-proxy on both hub and managed clusters using a reverse proxy server. | True    |
+| console-mce                  | Enables the {mce-short} console plug-in.                                                                             | True    |
+| discovery                    | Discovers and identifies new clusters within the {ocm}.                                                              | True    |
+| hive                         | Provisions and performs initial configuration of {ocp-short} clusters.                                               | True    |
+| hypershift                   | Hosts OpenShift control planes at scale with cost and time efficiency, and cross-cloud portability.                  | True    |
+| hypershift-local-hosting     | Enables local hosting capabilities for within the local cluster environment.                                         | True    |
+| image-based-install-operator | Provide site configuration to Single Node OpenShift clusters to complete installation.                               | False   |
+| local-cluster                | Enables the import and self-management of the local hub cluster where the {mce-short} is deployed.                   | True    |
+| managedserviceaccount        | Syncronizes service accounts to the managed clusters and collects tokens as secret resources back to the hub cluster.| True    |
+| server-foundation            | Provides foundational services for server-side operations within the cluster environment.                            | True    |
diff --git a/pkg/templates/charts/toggle/cluster-api/templates/capi-controller-manager-deployment.yaml b/pkg/templates/charts/toggle/cluster-api/templates/capi-controller-manager-deployment.yaml
@@ -6,7 +6,7 @@ metadata:
     control-plane: controller-manager
   name: capi-controller-manager
 spec:
-  replicas: {{ .Values.hubconfig.replicaCount }}
+  replicas: 1
   selector:
     matchLabels:
       cluster.x-k8s.io/provider: cluster-api
@@ -101,9 +101,9 @@ spec:
             - ALL
           privileged: false
           readOnlyRootFilesystem: true
-          runAsGroup: 65532
+          # runAsGroup: 65532
           runAsNonRoot: true
-          runAsUser: 65532
+          # runAsUser: 65532
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
@@ -122,11 +122,9 @@ spec:
 {{- end }}
       securityContext:
         runAsNonRoot: true
-{{- if .Values.global.deployOnOCP }}
 {{- if semverCompare ">=4.11.0" .Values.hubconfig.ocpVersion }}
         seccompProfile:
           type: RuntimeDefault
-{{- end }}
 {{- end }}
       serviceAccountName: capi-manager
       terminationGracePeriodSeconds: 10

diff --git a/pkg/templates/rbac.go b/pkg/templates/rbac.go
@@ -44,10 +44,12 @@ const (
 //+kubebuilder:rbac:groups=proxy.open-cluster-management.io,resources=managedproxyconfigurations;managedproxyserviceresolvers,verbs=get;create;update;list;watch;delete;patch
 
 var resources = []string{
+	"AddOnDeploymentConfig",
+	"AddOnTemplate",
 	"APIService",
 	"ClusterManagementAddOn",
-	"ClusterRoleBinding",
 	"ClusterRole",
+	"ClusterRoleBinding",
 	"ConfigMap",
 	"ConsolePlugin",
 	"ConsoleQuickStart",
@@ -66,8 +68,6 @@ var resources = []string{
 	"ServiceAccount",
 	"ServiceMonitor",
 	"ValidatingWebhookConfiguration",
-	"AddOnDeploymentConfig",
-	"AddOnTemplate",
 }
 
 func main() {

diff --git a/pkg/toggle/toggle.go b/pkg/toggle/toggle.go
@@ -18,20 +18,21 @@ import (
 )
 
 const (
-	ManagedServiceAccountChartDir     = "pkg/templates/charts/toggle/managed-serviceaccount"
+	AssistedServiceChartDir           = "pkg/templates/charts/toggle/assisted-service"
+	ClusterAPIDir                     = "pkg/templates/charts/toggle/cluster-api"
+	ClusterLifecycleChartDir          = "pkg/templates/charts/toggle/cluster-lifecycle"
+	ClusterManagerChartDir            = "pkg/templates/charts/toggle/cluster-manager"
+	ClusterProxyAddonDir              = "pkg/templates/charts/toggle/cluster-proxy-addon"
 	ConsoleMCEChartsDir               = "pkg/templates/charts/toggle/console-mce"
-	ManagedServiceAccountCRDPath      = "pkg/templates/managed-serviceaccount/crds"
-	ImageBasedInstallOperatorChartDir = "pkg/templates/charts/toggle/image-based-install-operator"
 	DiscoveryChartDir                 = "pkg/templates/charts/toggle/discovery-operator"
+	HiveChartDir                      = "pkg/templates/charts/toggle/hive-operator"
 	HostedImportChartDir              = "pkg/templates/charts/hosted/server-foundation"
 	HostingImportChartDir             = "pkg/templates/charts/hosting/server-foundation"
-	HiveChartDir                      = "pkg/templates/charts/toggle/hive-operator"
-	AssistedServiceChartDir           = "pkg/templates/charts/toggle/assisted-service"
-	ClusterLifecycleChartDir          = "pkg/templates/charts/toggle/cluster-lifecycle"
-	ClusterManagerChartDir            = "pkg/templates/charts/toggle/cluster-manager"
-	ServerFoundationChartDir          = "pkg/templates/charts/toggle/server-foundation"
 	HyperShiftChartDir                = "pkg/templates/charts/toggle/hypershift"
-	ClusterProxyAddonDir              = "pkg/templates/charts/toggle/cluster-proxy-addon"
+	ImageBasedInstallOperatorChartDir = "pkg/templates/charts/toggle/image-based-install-operator"
+	ManagedServiceAccountChartDir     = "pkg/templates/charts/toggle/managed-serviceaccount"
+	ManagedServiceAccountCRDPath      = "pkg/templates/managed-serviceaccount/crds"
+	ServerFoundationChartDir          = "pkg/templates/charts/toggle/server-foundation"
 )
 
 func EnabledStatus(namespacedName types.NamespacedName) status.StatusReporter {