Add support for waiting for Cluster API cluster to become available

2022-01-28 16:47:43 +00:00 · 2022-01-28 16:47:43 +00:00 · 31b1a2335e
commit 31b1a2335e
parent 49b2c35285
7 changed files with 61 additions and 7 deletions
--- a/charts/addon/templates/_helpers.tpl
+++ b/charts/addon/templates/_helpers.tpl
@ -76,6 +76,7 @@ Lists are merged by concatenating them rather than overwriting.
 {{- index . 1 | default list | concat $left | toYaml }}
 {{- else if kindIs (kindOf dict) $left }}
 {{- $right := index . 1 | default dict }}
+{{- if or $left $right }}
 {{- range $key := concat (keys $left) (keys $right) | uniq }}
 {{ $key }}:
  {{- if and (hasKey $left $key) (hasKey $right $key) }}
@ -90,6 +91,9 @@ Lists are merged by concatenating them rather than overwriting.
  {{- end }}
 {{- end }}
 {{- else }}
+{}
+{{- end }}
+{{- else }}
 {{- $right := index . 1 }}
 {{- kindIs "invalid" $right | ternary $left $right | toYaml }}
 {{- end }}
@ -303,6 +307,10 @@ hooks:
  postInstall:
  preDelete:
  postDelete:
+# Extra containers to run as init containers
+# These should include environment variables, volume mounts etc. if they need
+# to target a remote cluster using kubeconfigSecret
+extraInitContainers: []
 backoffLimit: 1000
 activeDeadlineSeconds: 3600
 podSecurityContext:
--- a/charts/addon/templates/_job-install.tpl
+++ b/charts/addon/templates/_job-install.tpl
@ -74,6 +74,9 @@ template:
              kubectl wait --for=condition=Complete job -n {{ $ctx.Release.Namespace }} -l "$LABELS" --all --timeout=-1s
        resources: {{ toYaml $config.resources | nindent 10 }}
      {{- end }}
+      {{- range $config.extraInitContainers }}
+      - {{ toYaml . | nindent 8 }}
+      {{- end }}
    containers:
      - name: install
        image: {{ printf "%s:%s" $config.image.repository (default $ctx.Chart.AppVersion $config.image.tag) }}
--- a/charts/cluster-addons/templates/_helpers.tpl
+++ b/charts/cluster-addons/templates/_helpers.tpl
@ -68,6 +68,28 @@ dependsOn: {{
    nindent 2
 }}
 uninstallHookWeight: {{ include "cluster-addons.uninstallHookWeight" . }}
+{{- if and $ctx.Values.clusterApi (not (has $name $ctx.Values.categories.bootstrap)) }}
+extraInitContainers:
+  - name: wait-for-capi-cluster
+    image: {{
+      printf "%s:%s"
+        $ctx.Values.jobDefaults.image.repository
+        (default $ctx.Chart.AppVersion $ctx.Values.jobDefaults.image.tag)
+    }}
+    imagePullPolicy: {{ $ctx.Values.jobDefaults.image.pullPolicy }}
+    securityContext: {{ toYaml $ctx.Values.jobDefaults.securityContext | nindent 6 }}
+    args:
+      - kubectl
+      - wait
+      - --for=condition=Ready
+      - clusters.cluster.x-k8s.io
+      - {{ tpl $ctx.Values.clusterName $ctx }}
+      - --namespace
+      - {{ $ctx.Release.Namespace }}
+      - --timeout
+      - "-1s"
+    resources: {{ toYaml $ctx.Values.jobDefaults.resources | nindent 6 }}
+{{- end }}
 {{- end }}

 {{/*
--- a/charts/cluster-addons/templates/extra-addons.yaml
+++ b/charts/cluster-addons/templates/extra-addons.yaml
@ -9,6 +9,7 @@
    "enabled"
    "dependsOn"
    "uninstallHookWeight"
+    "extraInitContainers"
 }}
 {{-
  include "cluster-addons.job.defaults" (list $ctx $name) |
--- a/charts/cluster-addons/templates/rbac/role.yaml
+++ b/charts/cluster-addons/templates/rbac/role.yaml
@ -21,4 +21,14 @@ rules:
      - get
      - watch
      - patch
+  {{- if .Values.clusterApi }}
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusters
+    verbs:
+      - list
+      - get
+      - watch
+  {{- end }}
 {{- end }}
--- a/charts/cluster-addons/values.yaml
+++ b/charts/cluster-addons/values.yaml
@ -6,6 +6,11 @@ clusterName: "{{ .Release.Name }}"
 # This is treated as a template at rendering time
 kubernetesVersion: v1.22

+# Indicates whether the addons are being deployed as part of a Cluster API cluster
+# If true then addons will wait for the cluster to become ready before installing, except
+# for the bootstrap addons which just wait for the API to become available
+clusterApi: false
+
 # Details of a secret containing a kubeconfig file for a remote cluster
 # If given, this is used in preference to a service account
 kubeconfigSecret:
@ -45,17 +50,18 @@ serviceAccount:
 # Defaults for job settings
 # In all cases, the defaults for the version of the addons chart in use are used
 # See the values for the addons chart for details
-jobDefaults: {}
-  # image:
-  #   repository:
-  #   tag:
-  #   pullPolicy:
+jobDefaults:
+  image:
+    repository: ghcr.io/stackhpc/k8s-utils
+    tag:  # Defaults to chart appVersion if not given
+    pullPolicy: IfNotPresent
+  securityContext:
+    allowPrivilegeEscalation: false
+  resources: {}
  # imagePullSecrets:
  # backoffLimit:
  # activeDeadlineSeconds:
  # podSecurityContext:
-  # securityContext:
-  # resources:
  # hostNetwork:
  # tolerations:
  # nodeSelector:
--- a/charts/openstack-cluster/values.yaml
+++ b/charts/openstack-cluster/values.yaml
@ -223,6 +223,10 @@ nodeGroups:
 addons:
  # Indicates if cluster addons should be deployed
  enabled: true
+  # Indicates to the cluster addons that they are being deployed as part of a Cluster API cluster
+  # This means that they will wait for the control plane to stabilise before installing, except
+  # for the bootstrap addons which just wait for it be become available
+  clusterApi: true
  clusterName: "{{ include \"openstack-cluster.clusterName\" . }}"
  # The Kubernetes version for the addons should be v<major>.<minor>
  kubernetesVersion: "v{{ .Values.global.kubernetesVersion | splitList \".\" | reverse | rest | reverse | join \".\" }}"