Drop ExternalInfraCluster CRD in favour of AWSCluster

This PR drops the ExternalInfraCluster CRD in favour of AWSCluster.

Originally we added support for externally managed infra in CAPA via the ExternalInfraCluster CRD kubernetes-sigs/cluster-api-provider-aws#2124 and we used that commit of CAPA in hypershift.

Later on we decided to revert that approach upstream and reuse the existing ${infra}Cluster CRDs with an annotation to support externally managed infrastructure kubernetes-sigs/cluster-api#4135

This PR bring latest CAPI/CAPA with one additional patch on top
kubernetes-sigs/cluster-api#4709
kubernetes-sigs/cluster-api-provider-aws#2453
to avoid running webhooks.

As a follow up we need to rebuild the images from the main branch once those patches are merged or otherwise enable webhooks.

Author: enxebre

hypershift-operator/controllers/externalinfracluster/externalinfracluster_controller.go

@@ -50,6 +50,7 @@ import (
 	"github.com/openshift/hypershift/hypershift-operator/controllers/manifests/controlplaneoperator"
 	hyperutil "github.com/openshift/hypershift/hypershift-operator/controllers/util"
 	capiv1 "github.com/openshift/hypershift/thirdparty/clusterapi/api/v1alpha4"
+	capiawsv1 "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4"
 )
 
 const (
@@ -79,7 +80,7 @@ func (r *HostedClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	}
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&hyperv1.HostedCluster{}).
-		Watches(&source.Kind{Type: &hyperv1.ExternalInfraCluster{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)).
+		Watches(&source.Kind{Type: &capiawsv1.AWSCluster{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)).
 		Watches(&source.Kind{Type: &hyperv1.HostedControlPlane{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)).
 		Watches(&source.Kind{Type: &capiv1.Cluster{}}, handler.EnqueueRequestsFromMapFunc(enqueueParentHostedCluster)).
 		WithOptions(controller.Options{
@@ -322,15 +323,6 @@ func (r *HostedClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		}
 	}
 
-	// Reconcile the CAPI ExternalInfraCluster
-	externalInfraCluster := controlplaneoperator.ExternalInfraCluster(controlPlaneNamespace.Name, hcluster.Name)
-	_, err = controllerutil.CreateOrUpdate(ctx, r.Client, externalInfraCluster, func() error {
-		return reconcileExternalInfraCluster(externalInfraCluster, hcluster)
-	})
-	if err != nil {
-		return ctrl.Result{}, fmt.Errorf("failed to reconcile externalinfracluster: %w", err)
-	}
-
 	// Reconcile the HostedControlPlane
 	hcp := controlplaneoperator.HostedControlPlane(controlPlaneNamespace.Name, hcluster.Name)
 	_, err = controllerutil.CreateOrUpdate(ctx, r.Client, hcp, func() error {
@@ -340,10 +332,24 @@ func (r *HostedClusterReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile hostedcontrolplane: %w", err)
 	}
 
+	// Reconcile external AWSCluster
+	if err := r.Client.Get(ctx, client.ObjectKeyFromObject(hcp), hcp); err != nil {
+		r.Log.Error(err, "failed to get control plane ref")
+		return reconcile.Result{}, err
+	}
+
+	awsCluster := controlplaneoperator.ExternalInfraCluster(controlPlaneNamespace.Name, hcluster.Name)
+	_, err = controllerutil.CreateOrPatch(ctx, r.Client, awsCluster, func() error {
+		return reconcileAWSCluster(awsCluster, hcluster, hcp.Status.ControlPlaneEndpoint)
+	})
+	if err != nil {
+		return ctrl.Result{}, fmt.Errorf("failed to reconcile AWSCluster: %w", err)
+	}
+
 	// Reconcile the CAPI Cluster resource
 	capiCluster := controlplaneoperator.CAPICluster(controlPlaneNamespace.Name, hcluster.Spec.InfraID)
 	_, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiCluster, func() error {
-		return reconcileCAPICluster(capiCluster, hcluster, hcp, externalInfraCluster)
+		return reconcileCAPICluster(capiCluster, hcluster, hcp, awsCluster)
 	})
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile capi cluster: %w", err)
@@ -522,7 +528,9 @@ func (r *HostedClusterReconciler) reconcileCAPIManager(ctx context.Context, hclu
 	// Reconcile CAPI manager deployment
 	capiManagerDeployment := clusterapi.ClusterAPIManagerDeployment(controlPlaneNamespace.Name)
 	_, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiManagerDeployment, func() error {
-		return reconcileCAPIManagerDeployment(capiManagerDeployment, capiManagerServiceAccount, "quay.io/hypershift/cluster-api:hypershift")
+		// TODO (alberto): This image builds from https://github.com/kubernetes-sigs/cluster-api/pull/4709
+		// We need to build from main branch and push to quay.io/hypershift once this is merged or otherwise enable webhooks.
+		return reconcileCAPIManagerDeployment(capiManagerDeployment, capiManagerServiceAccount, "quay.io/enxebre/capi:latest")
 	})
 	if err != nil {
 		return fmt.Errorf("failed to reconcile capi manager deployment: %w", err)
@@ -568,7 +576,9 @@ func (r *HostedClusterReconciler) reconcileCAPIAWSProvider(ctx context.Context,
 	// Reconcile CAPI AWS provider deployment
 	capiAwsProviderDeployment := clusterapi.CAPIAWSProviderDeployment(controlPlaneNamespace.Name)
 	_, err = controllerutil.CreateOrUpdate(ctx, r.Client, capiAwsProviderDeployment, func() error {
-		return reconcileCAPIAWSProviderDeployment(capiAwsProviderDeployment, capiAwsProviderServiceAccount, "quay.io/hypershift/cluster-api-provider-aws:master")
+		// TODO (alberto): This image builds from https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/2453
+		// We need to build from main branch and push to quay.io/hypershift once this is merged or otherwise enable webhooks.
+		return reconcileCAPIAWSProviderDeployment(capiAwsProviderDeployment, capiAwsProviderServiceAccount, "quay.io/enxebre/capiaws:latest")
 	})
 	if err != nil {
 		return fmt.Errorf("failed to reconcile capi aws provider deployment: %w", err)
@@ -869,24 +879,27 @@ func reconcileControlPlaneOperatorRoleBinding(binding *rbacv1.RoleBinding, role
 	return nil
 }
 
-func reconcileExternalInfraCluster(eic *hyperv1.ExternalInfraCluster, hcluster *hyperv1.HostedCluster) error {
+func reconcileAWSCluster(awsCluster *capiawsv1.AWSCluster, hcluster *hyperv1.HostedCluster, apiEndpoint hyperv1.APIEndpoint) error {
 	// We only create this resource once and then let CAPI own it
-	if !eic.CreationTimestamp.IsZero() {
-		return nil
-	}
-
-	eic.Annotations = map[string]string{
-		hostedClusterAnnotation: ctrlclient.ObjectKeyFromObject(hcluster).String(),
+	awsCluster.Annotations = map[string]string{
+		hostedClusterAnnotation:    ctrlclient.ObjectKeyFromObject(hcluster).String(),
+		capiv1.ManagedByAnnotation: "external",
 	}
 
 	if hcluster.Spec.Platform.AWS != nil {
-		eic.Spec.Region = hcluster.Spec.Platform.AWS.Region
+		awsCluster.Spec.Region = hcluster.Spec.Platform.AWS.Region
 	}
 
+	// Set the values for upper level controller
+	awsCluster.Status.Ready = true
+	awsCluster.Spec.ControlPlaneEndpoint = capiv1.APIEndpoint{
+		Host: apiEndpoint.Host,
+		Port: apiEndpoint.Port,
+	}
 	return nil
 }
 
-func reconcileCAPICluster(cluster *capiv1.Cluster, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, eic *hyperv1.ExternalInfraCluster) error {
+func reconcileCAPICluster(cluster *capiv1.Cluster, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, eic *capiawsv1.AWSCluster) error {
 	// We only create this resource once and then let CAPI own it
 	if !cluster.CreationTimestamp.IsZero() {
 		return nil
@@ -905,8 +918,8 @@ func reconcileCAPICluster(cluster *capiv1.Cluster, hcluster *hyperv1.HostedClust
 			Name:       hcp.Name,
 		},
 		InfrastructureRef: &corev1.ObjectReference{
-			APIVersion: "hypershift.openshift.io/v1alpha1",
-			Kind:       "ExternalInfraCluster",
+			APIVersion: "infrastructure.cluster.x-k8s.io/v1alpha4",
+			Kind:       "AWSCluster",
 			Namespace:  eic.Namespace,
 			Name:       eic.Name,
 		},
@@ -947,7 +960,10 @@ func reconcileCAPIManagerDeployment(deployment *appsv1.Deployment, sa *corev1.Se
 							},
 						},
 						Command: []string{"/manager"},
-						Args:    []string{"--namespace", "$(MY_NAMESPACE)", "--alsologtostderr", "--v=4"},
+						Args: []string{"--namespace", "$(MY_NAMESPACE)",
+							"--alsologtostderr",
+							"--webhook-port=0",
+							"--v=4"},
 					},
 				},
 			},
@@ -1005,8 +1021,6 @@ func reconcileCAPIManagerRole(role *rbacv1.Role) error {
 			Resources: []string{
 				"hostedcontrolplanes",
 				"hostedcontrolplanes/status",
-				"externalinfraclusters",
-				"externalinfraclusters/status",
 			},
 			Verbs: []string{"*"},
 		},
@@ -1101,7 +1115,11 @@ func reconcileCAPIAWSProviderDeployment(deployment *appsv1.Deployment, sa *corev
 							},
 						},
 						Command: []string{"/manager"},
-						Args:    []string{"--namespace", "$(MY_NAMESPACE)", "--alsologtostderr", "--v=4"},
+						Args: []string{"--namespace", "$(MY_NAMESPACE)",
+							"--alsologtostderr",
+							"--v=4",
+							"--webhook-port=0",
+						},
 						Ports: []corev1.ContainerPort{
 							{
 								Name:          "healthz",

hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go

@@ -1,6 +1,7 @@
 package controlplaneoperator
 
 import (
+	capiawsv1 "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -80,8 +81,8 @@ func HostedControlPlane(controlPlaneNamespace string, hostedClusterName string)
 	}
 }
 
-func ExternalInfraCluster(controlPlaneNamespace string, hostedClusterName string) *hyperv1.ExternalInfraCluster {
-	return &hyperv1.ExternalInfraCluster{
+func ExternalInfraCluster(controlPlaneNamespace string, hostedClusterName string) *capiawsv1.AWSCluster {
+	return &capiawsv1.AWSCluster{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: controlPlaneNamespace,
 			Name:      hostedClusterName,

hypershift-operator/controllers/manifests/controlplaneoperator/manifests.go

@@ -5,7 +5,7 @@ import (
 
 	hyperv1 "github.com/openshift/hypershift/api/v1alpha1"
 	capiv1 "github.com/openshift/hypershift/thirdparty/clusterapi/api/v1alpha4"
-	capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha3"
+	capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	k8sutilspointer "k8s.io/utils/pointer"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"

hypershift-operator/controllers/nodepool/manifests.go

@@ -14,7 +14,7 @@ import (
 	capiv1 "github.com/openshift/hypershift/thirdparty/clusterapi/api/v1alpha4"
 	"github.com/openshift/hypershift/thirdparty/clusterapi/util"
 	"github.com/openshift/hypershift/thirdparty/clusterapi/util/patch"
-	capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha3"
+	capiaws "github.com/openshift/hypershift/thirdparty/clusterapiprovideraws/v1alpha4"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"

hypershift-operator/controllers/nodepool/nodepool_controller.go

@@ -23,7 +23,6 @@ import (
 
 	hyperapi "github.com/openshift/hypershift/api"
 	"github.com/openshift/hypershift/control-plane-operator/releaseinfo"
-	"github.com/openshift/hypershift/hypershift-operator/controllers/externalinfracluster"
 	"github.com/openshift/hypershift/hypershift-operator/controllers/hostedcluster"
 	"github.com/openshift/hypershift/hypershift-operator/controllers/machineconfigserver"
 	"github.com/openshift/hypershift/hypershift-operator/controllers/nodepool"
@@ -172,13 +171,6 @@ func NewStartCommand() *cobra.Command {
 			os.Exit(1)
 		}
 
-		if err := (&externalinfracluster.ExternalInfraClusterReconciler{
-			Client: mgr.GetClient(),
-		}).SetupWithManager(mgr); err != nil {
-			setupLog.Error(err, "unable to create controller", "controller", "ExternalInfraCluster")
-			os.Exit(1)
-		}
-
 		// +kubebuilder:scaffold:builder
 
 		setupLog.Info("starting manager")