🏃 support multiple release manifests with/without kubeadm

This PR will aim to separate out the kubeadm-specific manifests with
those that are part of the base capi deployment. The goal here is to
allow for the publishing of four separate release yamls, one called `cluster-api-components.yaml` (no kubeadm components), one called `bootstrap-components.yaml` (kubeadm-specific bootstrap only), one called `controlplane-components.yaml` (kubeadm-specific controlplane only), and one called `cluster-api-and-bootstrap-components.yaml` (with kubeadm components and base capi components).

The important bits are the new config/bootstrap directory, config/controlplane directory, the new config/core directory, and the existing config/default directory.

The config/[bootstrap,controlplane] directory houses a new kustomization.yaml file. This
file builds  all required patches and creates all new files that are specific
to the kubeadm bootstrap or controlplane needs.

The config/core directory is a move of the previous config/default
directory and bulds all the core, vanilla capi bits.

The existing config/default directory becomes a wrapper around
the directories mentioned above and produces the "batteries included"
manifests.

Signed-off-by: Spencer Smith <[email protected]>

Author: rsmitty

Makefile

@@ -184,16 +184,28 @@ generate-bindata: $(KUSTOMIZE) $(GOBINDATA) clean-bindata ## Generate code for e
 generate-manifests: $(CONTROLLER_GEN) ## Generate manifests e.g. CRD, RBAC etc.
 	$(CONTROLLER_GEN) \
 		paths=./api/... \
-		paths=./bootstrap/kubeadm/api/... \
-		paths=./controlplane/kubeadm/api/... \
 		paths=./controllers/... \
-		paths=./bootstrap/kubeadm/controllers/... \
-		paths=./controlplane/kubeadm/controllers/... \
 		crd:preserveUnknownFields=false \
 		rbac:roleName=manager-role \
 		output:crd:dir=./config/crd/bases \
 		output:webhook:dir=./config/webhook \
 		webhook
+	$(CONTROLLER_GEN) \
+		paths=./bootstrap/kubeadm/api/... \
+		paths=./bootstrap/kubeadm/controllers/... \
+		crd:preserveUnknownFields=false \
+		rbac:roleName=bootstrap-manager-role \
+		output:crd:dir=./config/bootstrap/crd/bases \
+		output:rbac:dir=./config/bootstrap/rbac
+	$(CONTROLLER_GEN) \
+		paths=./controlplane/kubeadm/api/... \
+		paths=./controlplane/kubeadm/controllers/... \
+		crd:preserveUnknownFields=false \
+		rbac:roleName=controlplane-manager-role \
+		output:crd:dir=./config/controlplane/crd/bases \
+		output:rbac:dir=./config/controlplane/rbac \
+		output:webhook:dir=./config/controlplane/webhook \
+		webhook
 	$(CONTROLLER_GEN) \
 		paths=./cmd/clusterctl/api/... \
 		crd:trivialVersions=true,preserveUnknownFields=false \
@@ -252,12 +264,12 @@ docker-push-manifest: ## Push the fat manifest docker image.
 .PHONY: set-manifest-image
 set-manifest-image:
 	$(info Updating kustomize image patch file for manager resource)
-	sed -i'' -e 's@image: .*@image: '"${MANIFEST_IMG}:$(MANIFEST_TAG)"'@' ./config/default/manager_image_patch.yaml
+	sed -i'' -e 's@image: .*@image: '"${MANIFEST_IMG}:$(MANIFEST_TAG)"'@' ./config/core/manager_image_patch.yaml
 
 .PHONY: set-manifest-pull-policy
 set-manifest-pull-policy:
 	$(info Updating kustomize pull policy file for manager resource)
-	sed -i'' -e 's@imagePullPolicy: .*@imagePullPolicy: '"$(PULL_POLICY)"'@' ./config/default/manager_pull_policy.yaml
+	sed -i'' -e 's@imagePullPolicy: .*@imagePullPolicy: '"$(PULL_POLICY)"'@' ./config/core/manager_pull_policy.yaml
 
 ## --------------------------------------
 ## Release
@@ -283,6 +295,9 @@ release: clean-release ## Builds and push container images using the latest git
 
 .PHONY: release-manifests
 release-manifests: $(RELEASE_DIR) ## Builds the manifests to publish with a release
+	$(KUSTOMIZE) build config/core > $(RELEASE_DIR)/core-components.yaml
+	$(KUSTOMIZE) build config/bootstrap > $(RELEASE_DIR)/bootstrap-components.yaml
+	$(KUSTOMIZE) build config/controlplane > $(RELEASE_DIR)/controlplane-components.yaml
 	$(KUSTOMIZE) build config/default > $(RELEASE_DIR)/cluster-api-components.yaml
 
 release-binaries: ## Builds the binaries to publish with a release

bootstrap/kubeadm/api/v1alpha2/suite_test.go

@@ -56,7 +56,11 @@ func TestAPIs(t *testing.T) {
 var _ = BeforeSuite(func(done Done) {
 	By("bootstrapping test environment")
 	testEnv = &envtest.Environment{
-		CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "crd", "bases")},
+		CRDDirectoryPaths: []string{
+			filepath.Join("..", "..", "..", "..", "config", "bootstrap", "crd", "bases"),
+			filepath.Join("..", "..", "..", "..", "config", "controlplane", "crd", "bases"),
+			filepath.Join("..", "..", "..", "..", "config", "crd", "bases"),
+		},
 	}
 
 	err := SchemeBuilder.AddToScheme(scheme.Scheme)

bootstrap/kubeadm/api/v1alpha3/suite_test.go

@@ -56,7 +56,11 @@ func TestAPIs(t *testing.T) {
 var _ = BeforeSuite(func(done Done) {
 	By("bootstrapping test environment")
 	testEnv = &envtest.Environment{
-		CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "crd", "bases")},
+		CRDDirectoryPaths: []string{
+			filepath.Join("..", "..", "..", "..", "config", "bootstrap", "crd", "bases"),
+			filepath.Join("..", "..", "..", "..", "config", "controlplane", "crd", "bases"),
+			filepath.Join("..", "..", "..", "..", "config", "crd", "bases"),
+		},
 	}
 
 	err := SchemeBuilder.AddToScheme(scheme.Scheme)

bootstrap/kubeadm/controllers/suite_test.go

@@ -57,6 +57,8 @@ var _ = BeforeSuite(func(done Done) {
 	By("bootstrapping test environment")
 	testEnv = &envtest.Environment{
 		CRDDirectoryPaths: []string{
+			filepath.Join("..", "..", "..", "config", "bootstrap", "crd", "bases"),
+			filepath.Join("..", "..", "..", "config", "controlplane", "crd", "bases"),
 			filepath.Join("..", "..", "..", "config", "crd", "bases"),
 		},
 	}

config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml renamed to config/bootstrap/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml

@@ -0,0 +1,25 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml
+- bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml
+# +kubebuilder:scaffold:crdkustomizeresource
+
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+- patches/webhook_in_kubeadmconfigs.yaml
+- patches/webhook_in_kubeadmconfigtemplates.yaml
+# +kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+- patches/cainjection_in_kubeadmconfigs.yaml
+- patches/cainjection_in_kubeadmconfigtemplates.yaml
+# +kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml

config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml renamed to config/bootstrap/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml

@@ -0,0 +1,17 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhookClientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhookClientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/bootstrap/crd/kustomization.yaml

@@ -0,0 +1,9 @@
+# The kubeadm kustomization bundles up all the bits that are kubeadm-specific. 
+# This includes all bootstrap/controlplane components. 
+
+# Adds namespace to all resources.
+namespace: capi-system
+
+bases:
+- crd/
+- rbac/

config/bootstrap/crd/kustomizeconfig.yaml

@@ -0,0 +1,17 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhookClientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhookClientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/crd/patches/cainjection_in_kubeadmconfigs.yaml renamed to config/bootstrap/crd/patches/cainjection_in_kubeadmconfigs.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Each entry in this list must resolve to an existing
+# resource definition in YAML.  These are the resource
+# files that kustomize reads, modifies and emits as a
+# YAML string, with resources separated by document
+# markers ("---").
+resources:
+- role_binding.yaml
+- role.yaml

config/crd/patches/cainjection_in_kubeadmconfigtemplates.yaml renamed to config/bootstrap/crd/patches/cainjection_in_kubeadmconfigtemplates.yaml

@@ -0,0 +1,46 @@
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: bootstrap-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - events
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  resources:
+  - kubeadmconfigs
+  - kubeadmconfigs/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  - machines
+  - machines/status
+  verbs:
+  - get
+  - list
+  - watch

config/crd/patches/webhook_in_kubeadmconfigs.yaml renamed to config/bootstrap/crd/patches/webhook_in_kubeadmconfigs.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  name: bootstrap-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: bootstrap-manager-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: system

config/crd/patches/webhook_in_kubeadmconfigtemplates.yaml renamed to config/bootstrap/crd/patches/webhook_in_kubeadmconfigtemplates.yaml

@@ -0,0 +1,10 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml
+# +kubebuilder:scaffold:crdkustomizeresource
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml

config/bootstrap/kustomization.yaml

@@ -0,0 +1,17 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhookClientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhookClientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/bootstrap/kustomizeconfig.yaml

@@ -0,0 +1,10 @@
+# The kubeadm kustomization bundles up all the bits that are kubeadm-specific. 
+# This includes all bootstrap/controlplane components. 
+
+# Adds namespace to all resources.
+namespace: capi-system
+
+bases:
+- crd/
+- rbac/
+- webhook/

config/bootstrap/rbac/kustomization.yaml

@@ -0,0 +1,17 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhookClientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhookClientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/bootstrap/rbac/role.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Each entry in this list must resolve to an existing
+# resource definition in YAML.  These are the resource
+# files that kustomize reads, modifies and emits as a
+# YAML string, with resources separated by document
+# markers ("---").
+resources:
+- role_binding.yaml
+- role.yaml

config/bootstrap/rbac/role_binding.yaml

@@ -0,0 +1,41 @@
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: controlplane-manager-role
+rules:
+- apiGroups:
+  - controlplane.cluster.x-k8s.io
+  resources:
+  - kubeadmcontrolplanes
+  - kubeadmcontrolplanes/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch

config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml renamed to config/controlplane/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  name: controlplane-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: controlplane-manager-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: system

config/controlplane/crd/kustomization.yaml

@@ -0,0 +1,12 @@
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: controlplane-
+
+resources:
+- manifests.yaml
+
+configurations:
+- kustomizeconfig.yaml