Update docs

alexander-demicev · alexander-demicev · commit f4d4f3744efc · 2022-08-09T18:18:51.000+02:00
diff --git a/README.md b/README.md
@@ -21,7 +21,8 @@ represents current cluster, it is treated as management and workload cluster at
 
 Controllers design can be found here:
 - [ClusterOperator Controller](docs/controllers/clusteroperator.md)
-- [Cluster Controller](docs/controllers/cluster.md)
+- [Core cluster Controller](docs/controllers/core-cluster.md)
+- [Infra cluster Controller](docs/controllers/infra-cluster.md)
 - [Secret sync Controller](docs/controllers/secretsync.md)
 - [Kubeconfig Controller](docs/controllers/kubeconfig.md)
 
diff --git a/docs/controllers/cluster.md b/docs/controllers/cluster.md
diff --git a/docs/controllers/clusteroperator.md b/docs/controllers/clusteroperator.md
@@ -2,7 +2,7 @@
 
 ## Overview
 
-Cluster operator controller is responsible for managing the CoreProvider and InfrastructureProvider CRs.
+[Cluster operator controller](../../pkg/controllers/clusteroperator/clusteroperator_controller.go) is responsible for managing the CoreProvider and InfrastructureProvider CRs.
 These CRs are later reconciled by the upstream [Cluster API Operator](https://github.com/kubernetes-sigs/cluster-api-operator).
 
 ## Behavior
diff --git a/docs/controllers/core-cluster.md b/docs/controllers/core-cluster.md
@@ -0,0 +1,20 @@
+# Core Cluster controller
+
+## Overview
+
+[Core cluster controller](../../pkg/controllers/cluster/infra.go) is responsible for managing Cluster CRs. The cluster object will
+represent the current cluster where operator is running because we treat this cluster as both [management and workload](https://cluster-api.sigs.k8s.io/user/concepts.html#management-cluster).
+It's only purpose it to set `ControlPlaneInitialized` condition to true, in order to make Cluster API move the cluster
+to provisioned phase. We don't manage control plane machines using Cluster API now.
+
+## Behavior
+
+```mermaid
+stateDiagram-v2
+    [*] --> GetCluster
+    GetCluster --> IsDeletionTimestampPresent
+    state IsDeletionTimestampPresent <<choice>>
+    IsDeletionTimestampPresent --> [*]: True
+    IsDeletionTimestampPresent --> SetControlPlaneInitializedCondition: False
+    SetControlPlaneInitializedCondition --> [*]
+```
diff --git a/docs/controllers/infra-cluster.md b/docs/controllers/infra-cluster.md
@@ -0,0 +1,22 @@
+# Infra cluster controller
+
+## Overview
+
+[Infra cluster controller](../../pkg/controllers/cluster/infra.go) is responsible for managing InfrastructureCluster(AWSCluster, etc.) CRs. 
+The infrastructure cluster object will represent the [infrastructure of the cloud(AWS,Azure,GCP, etc.)](https://cluster-api.sigs.k8s.io/user/concepts.html#infrastructure-provider) where current cluster is running.
+
+The controller will set the cluster [externally managed](https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210203-externally-managed-cluster-infrastructure.md) annotation `"cluster.x-k8s.io/managed-by"` and `Status.Ready` to `true` which indicates that the cluster is managed by the current controller and 
+not managed by the CAPI infrastructure provider.
+
+## Behavior
+
+```mermaid
+stateDiagram-v2
+    [*] --> GetInfraCluster
+    GetInfraCluster --> IsDeletionTimestampPresent
+    state IsDeletionTimestampPresent <<choice>>
+    IsDeletionTimestampPresent --> [*]: True
+    IsDeletionTimestampPresent --> SetExternallyManagedAnnotation: False
+    SetExternallyManagedAnnotation --> SetInfrastructureClusterStatusReady
+    SetInfrastructureClusterStatusReady --> [*]
+```
diff --git a/docs/controllers/kubeconfig.md b/docs/controllers/kubeconfig.md
@@ -2,7 +2,7 @@
 
 ## Overview
 
-Kubeconfig controller generates a secret containing kubeconfig for the cluster. The kubeconfig is generated from the service account for operator. The kubeconfig is consumed by core CAPI controllers to link nodes and machines.
+[Kubeconfig controller](../../pkg/controllers/kubeconfig/kubeconfig.go) generates a secret containing kubeconfig for the cluster. The kubeconfig is generated from the service account for operator. The kubeconfig is consumed by core CAPI controllers to link nodes and machines.
 
 ## Behavior
 
@@ -11,13 +11,21 @@ stateDiagram-v2
     [*] --> IsCurrentPlatformSupported
     state IsCurrentPlatformSupported <<choice>>
     IsCurrentPlatformSupported --> NoOp: False
-    IsCurrentPlatformSupported --> GetOperatorServiceAccount: True
-    GetOperatorServiceAccount --> GetServiceAccountSecret
-    GetServiceAccountSecret --> GenerateKubeconfigFromSecret
-    GenerateKubeconfigFromSecret --> CreateKubeconfigSecret
-    CreateKubeconfigSecret --> [*]
+    IsCurrentPlatformSupported --> GetOperatorServiceAccountSecret: True
+    GetOperatorServiceAccountSecret --> IsServiceAccountSecretFound
+    IsServiceAccountSecretFound --> IsServiceAccountSecretTooOld: True
+    IsServiceAccountSecretTooOld --> GenerateKubeconfig: False
+    GenerateKubeconfig --> [*]
+    IsServiceAccountSecretFound --> Requeue: False
+    Requeue --> GetOperatorServiceAccountSecret
+    IsServiceAccountSecretTooOld --> DeleterviceAccountSecret: True
+    DeleterviceAccountSecret --> Requeue
     NoOp --> [*]
 ```
 
 If the current platform is not supported, the controller will not create any secret and allow "bring your own" scenarios. 
 In cases where the platform is supported, the controller will create the secret containing kubeconfig.
+
+The controller will manage rotation of the service account secret that was initially created by the CVO. The token in the secret can exprire and has to
+be rotated. The controller will periodically check if the secret is too old and if so, it will delete the secret and wait for 
+CVO to create a new one.
diff --git a/docs/controllers/secretsync.md b/docs/controllers/secretsync.md
@@ -2,7 +2,7 @@
 
 ## Overview
 
-Secret sync controller is responsible for syncing `worker-user-data` secret that is created by installer in `openshift-machine-api` namespace. The secret is used to store ignition configuration data for worker nodes.
+[Secret sync controller](../../pkg/controllers/secretsync/secret_sync_controller.go) is responsible for syncing `worker-user-data` secret that is created by installer in `openshift-machine-api` namespace. The secret is used to store ignition configuration data for worker nodes.
 
 ## Behavior
 
diff --git a/docs/provideronboarding.md b/docs/provideronboarding.md
@@ -10,7 +10,7 @@ In order to onboard a new CAPI provider, the following steps are required.
 - Create an `openshift/` directory in the provider repository and make sure it includes:
   - A [script]((https://github.com/openshift/cluster-api-provider-azure/blob/master/openshift/unit-tests.sh)) for running unit tests, it's required because of issue with $HOME in CI container.
   - `Dockerfile.openshift` this Dockerfile will be used for downstream builds. Provider controller binary must be called
-  `cluster-api-provider-$providername-controller-manager` and be located in `/bin/` directory.
+  `cluster-api-provider-$providername-controller-manager` and be located in `/bin/` directory. [Example Dockerfile](https://github.com/openshift/cluster-api-provider-azure/blob/master/openshift/Dockerfile.openshift).
 
 After provider fork is set up, you should onboard it to [Openshift CI](https://docs.ci.openshift.org/docs/how-tos/onboarding-a-new-component/) and make appropriate ART requests for downstream builds.
 
@@ -33,7 +33,28 @@ If you wish to make development of your provider easier, you can include a publi
 
 ## Add infrastructure cluster to the cluster controller
 
-Cluster API requires an infrastructure cluster object to be present. In order to support the provider, you need to infrastructure cluster reconciliation for your provider. See `controllers/cluster/aws.go` for reference. It's important to
-note that the cluster must have externally managed annotation `"cluster.x-k8s.io/managed-by"`(clusterv1.ManagedByAnnotation)
+Cluster API requires an infrastructure cluster object to be present. We are using [externally managed infrastructure](https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210203-externally-managed-cluster-infrastructure.md)
+feature to manage all the infrastructure clusters on Openshift. It means that 
+the cluster must have externally managed annotation `"cluster.x-k8s.io/managed-by"`(clusterv1.ManagedByAnnotation)
 and `Status.Ready=true` to indicate that cluster object is managed by this controller and not by the 
 CAPI infrastructure provider.
+
+In order to add a new infrastructure cluster to the cluster controller, you need setup the reconciler in `main.go`
+like this:
+
+```golang
+func setupInfraClusterReconciler(mgr manager.Manager, platform configv1.PlatformType) {
+	switch platform {
+  ...
+	case configv1.YourPlatformType:
+		if err := (&cluster.GenericInfraClusterReconciler{
+			ClusterOperatorStatusClient: getClusterOperatorStatusClient(mgr, "cluster-capi-operator-infra-cluster-resource-controller"),
+			InfraCluster:                &platformv1.YourPlatformCluster{},
+		}).SetupWithManager(mgr); err != nil {
+			klog.Error(err, "unable to create controller", "controller", "YourPlatformCluster")
+			os.Exit(1)
+		}
+  ...
+	}
+}
+```
