Adjustments for new controller-runtime and CAPI

Author: EmilienM

Makefile

@@ -195,9 +195,9 @@ e2e-image: docker-build
 
 # Pull all the images references in test/e2e/data/e2e_conf.yaml
 test-e2e-image-prerequisites:
-	docker pull gcr.io/k8s-staging-cluster-api/cluster-api-controller:v1.4.1
-	docker pull gcr.io/k8s-staging-cluster-api/kubeadm-bootstrap-controller:v1.4.1
-	docker pull gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:v1.4.1
+	docker pull gcr.io/k8s-staging-cluster-api/cluster-api-controller:v1.6.0-beta.1
+	docker pull gcr.io/k8s-staging-cluster-api/kubeadm-bootstrap-controller:v1.6.0-beta.1
+	docker pull gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:v1.6.0-beta.1
 	docker pull quay.io/jetstack/cert-manager-cainjector:v1.12.1
 	docker pull quay.io/jetstack/cert-manager-webhook:v1.12.1
 	docker pull quay.io/jetstack/cert-manager-controller:v1.12.1
@@ -280,6 +280,7 @@ generate-manifests: $(CONTROLLER_GEN) ## Generate manifests e.g. CRD, RBAC etc.
 		output:webhook:dir=$(WEBHOOK_ROOT) \
 		webhook
 	$(CONTROLLER_GEN) \
+		paths=./ \
 		paths=./controllers/... \
 		output:rbac:dir=$(RBAC_ROOT) \
 		rbac:roleName=manager-role

config/manager/manager.yaml

@@ -22,14 +22,18 @@ spec:
           args:
             - "--leader-elect"
             - "--v=2"
-            - "--metrics-bind-addr=127.0.0.1:8080"
+            - "--diagnostics-address=${CAPO_DIAGNOSTICS_ADDRESS:=:8443}"
+            - "--insecure-diagnostics=${CAPO_INSECURE_DIAGNOSTICS:=false}"
           image: controller:latest
           imagePullPolicy: Always
           name: manager
           ports:
             - containerPort: 9440
               name: healthz
               protocol: TCP
+            - containerPort: 8443
+              name: metrics
+              protocol: TCP
           readinessProbe:
             httpGet:
               path: /readyz

config/rbac/role.yaml

@@ -23,6 +23,18 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
 - apiGroups:
   - cluster.x-k8s.io
   resources:

main.go

@@ -34,10 +34,13 @@ import (
 	_ "k8s.io/component-base/logs/json/register"
 	"k8s.io/klog/v2"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	"sigs.k8s.io/cluster-api/util/flags"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
+	cache "sigs.k8s.io/controller-runtime/pkg/cache"
+	client "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	infrav1alpha5 "sigs.k8s.io/cluster-api-provider-openstack/api/v1alpha5"
 	infrav1alpha6 "sigs.k8s.io/cluster-api-provider-openstack/api/v1alpha6"
@@ -54,7 +57,7 @@ var (
 	setupLog = ctrl.Log.WithName("setup")
 
 	// flags.
-	metricsBindAddr             string
+	diagnosticsOptions          = flags.DiagnosticsOptions{}
 	enableLeaderElection        bool
 	leaderElectionLeaseDuration time.Duration
 	leaderElectionRenewDeadline time.Duration
@@ -91,8 +94,7 @@ func InitFlags(fs *pflag.FlagSet) {
 	logs.AddFlags(fs, logs.SkipLoggingConfigurationFlags())
 	logsv1.AddFlags(logOptions, fs)
 
-	fs.StringVar(&metricsBindAddr, "metrics-bind-addr", "localhost:8080",
-		"The address the metric endpoint binds to.")
+	flags.AddDiagnosticsOptions(fs, &diagnosticsOptions)
 
 	fs.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
@@ -143,6 +145,10 @@ func InitFlags(fs *pflag.FlagSet) {
 	fs.BoolVar(&showVersion, "version", false, "Show current version and exit.")
 }
 
+// Add RBAC for the authorized diagnostics endpoint.
+// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create
+// +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create
+
 func main() {
 	InitFlags(pflag.CommandLine)
 	pflag.CommandLine.SetNormalizeFunc(cliflag.WordSepNormalizeFunc)
@@ -183,22 +189,41 @@ func main() {
 		}
 	}
 
+	diagnosticsOpts := flags.GetDiagnosticsOptions(diagnosticsOptions)
+
+	var watchNamespaces map[string]cache.Config
+	if watchNamespace != "" {
+		watchNamespaces = map[string]cache.Config{
+			watchNamespace: {},
+		}
+	}
+
 	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
-		Scheme:             scheme,
-		MetricsBindAddress: metricsBindAddr,
-		LeaderElection:     enableLeaderElection,
-		LeaderElectionID:   "controller-leader-election-capo",
-		LeaseDuration:      &leaderElectionLeaseDuration,
-		RenewDeadline:      &leaderElectionRenewDeadline,
-		RetryPeriod:        &leaderElectionRetryPeriod,
-		Namespace:          watchNamespace,
-		SyncPeriod:         &syncPeriod,
-		ClientDisableCacheFor: []client.Object{
-			&corev1.ConfigMap{},
-			&corev1.Secret{},
+		Scheme:           scheme,
+		Metrics:          diagnosticsOpts,
+		LeaderElection:   enableLeaderElection,
+		LeaderElectionID: "controller-leader-election-capo",
+		LeaseDuration:    &leaderElectionLeaseDuration,
+		RenewDeadline:    &leaderElectionRenewDeadline,
+		RetryPeriod:      &leaderElectionRetryPeriod,
+		Cache: cache.Options{
+			DefaultNamespaces: watchNamespaces,
+			SyncPeriod:        &syncPeriod,
+		},
+		Client: client.Options{
+			Cache: &client.CacheOptions{
+				DisableFor: []client.Object{
+					&corev1.ConfigMap{},
+					&corev1.Secret{},
+				},
+			},
 		},
-		Port:                   webhookPort,
-		CertDir:                webhookCertDir,
+		WebhookServer: webhook.NewServer(
+			webhook.Options{
+				Port:    webhookPort,
+				CertDir: webhookCertDir,
+			},
+		),
 		HealthProbeBindAddress: healthAddr,
 	})
 	if err != nil {

test/e2e/data/e2e_conf.yaml

@@ -12,11 +12,11 @@
 managementClusterName: capo-e2e
 
 images:
-- name: gcr.io/k8s-staging-cluster-api/cluster-api-controller:v1.5.0
+- name: gcr.io/k8s-staging-cluster-api/cluster-api-controller:v1.6.0-beta.1
   loadBehavior: tryLoad
-- name: gcr.io/k8s-staging-cluster-api/kubeadm-bootstrap-controller:v1.5.0
+- name: gcr.io/k8s-staging-cluster-api/kubeadm-bootstrap-controller:v1.6.0-beta.1
   loadBehavior: tryLoad
-- name: gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:v1.5.0
+- name: gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:v1.6.0-beta.1
   loadBehavior: tryLoad
 # Use local dev images built source tree;
 - name: gcr.io/k8s-staging-capi-openstack/capi-openstack-controller:e2e
@@ -32,8 +32,8 @@ providers:
 - name: cluster-api
   type: CoreProvider
   versions:
-  - name: v1.5.0
-    value: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.5.0/core-components.yaml"
+  - name: v1.6.0-beta.1
+    value: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.0-beta.1/core-components.yaml"
     type: url
     contract: v1beta1
     files:
@@ -58,8 +58,8 @@ providers:
 - name: kubeadm
   type: BootstrapProvider
   versions:
-  - name: v1.5.0
-    value: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.5.0/bootstrap-components.yaml"
+  - name: v1.6.0-beta.1
+    value: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.0-beta.1/bootstrap-components.yaml"
     type: url
     contract: v1beta1
     files:
@@ -84,8 +84,8 @@ providers:
 - name: kubeadm
   type: ControlPlaneProvider
   versions:
-  - name: v1.5.0
-    value: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.5.0/control-plane-components.yaml"
+  - name: v1.6.0-beta.1
+    value: "https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.0-beta.1/control-plane-components.yaml"
     type: url
     contract: v1beta1
     files:

test/e2e/data/shared/v1beta1/metadata.yaml

@@ -13,3 +13,6 @@ releaseSeries:
   - major: 1
     minor: 5
     contract: v1beta1
+  - major: 1
+    minor: 6
+    contract: v1beta1