added webhooks to make clusterclass work

Author: deepakm-ntnx

Makefile

@@ -389,6 +389,25 @@ test-kubectl-workload: ## Run kubectl queries to get all capx workload related o
 	kubectl -n ${TEST_NAMESPACE} get secret ${TEST_CLUSTER_NAME}-kubeconfig -o json | jq -r .data.value | base64 --decode > ${TEST_CLUSTER_NAME}.workload.kubeconfig
 	kubectl --kubeconfig ./${TEST_CLUSTER_NAME}.workload.kubeconfig get nodes,ns
 
+.PHONY: test-clusterclass-create
+test-clusterclass-create: cluster-templates
+	clusterctl generate cluster ccls-test1 --from ./templates/cluster-template-clusterclass.yaml -n workloads > ccls-test1.yaml
+	kubectl apply -f ./ccls-test1.yaml
+
+.PHONY: test-clusterclass-delete
+test-clusterclass-delete:
+	kubectl -n workloads delete cluster ccls-test1 || true
+	kubectl -n workloads delete nutanixcluster ccls-test1 || true
+	kubectl -n workloads delete clusterclass my-test-cluster-template || true
+	kubectl -n workloads delete KubeadmConfigTemplate my-test-cluster-template-kcfgt || true
+	rm ccls-test1.yaml || true
+
+
+.PHONY: test-kubectl-clusterclass
+test-kubectl-clusterclass:
+	kubectl get cluster,NutanixCluster,Machine,NutanixMachine,MachineDeployment -A
+	kubectl get NutanixClusterTemplate,clusterclass,KubeadmConfigTemplate,KubeadmControlPlaneTemplate,NutanixMachineTemplate -A
+
 .PHONY: ginkgo-help
 ginkgo-help:
 	$(GINKGO) help run

PROJECT

@@ -27,6 +27,10 @@ resources:
   kind: NutanixCluster
   path: github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/infrastructure/v1beta1
   version: v1beta1
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
 - api:
     crdVersion: v1
     namespaced: true

api/infrastructure/v1beta1/nutanixcluster_webhook.go

@@ -0,0 +1,77 @@
+/*
+Copyright 2022 Nutanix
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+// log is for logging in this package.
+var nutanixclusterlog = logf.Log.WithName("nutanixcluster-resource")
+
+// SetupWebhookWithManager will setup the manager to manage the webhooks
+func (r *NutanixCluster) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(r).
+		Complete()
+}
+
+// TODO(user): EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+
+//+kubebuilder:webhook:path=/mutate-infrastructure-cluster-x-k8s-io-v1beta1-nutanixcluster,mutating=true,failurePolicy=fail,sideEffects=None,groups=infrastructure.cluster.x-k8s.io,resources=nutanixclusters,verbs=create;update,versions=v1beta1,name=mnutanixcluster.kb.io,admissionReviewVersions=v1
+
+var _ webhook.Defaulter = &NutanixCluster{}
+
+// Default implements webhook.Defaulter so a webhook will be registered for the type
+func (r *NutanixCluster) Default() {
+	nutanixclusterlog.Info("default", "name", r.Name)
+
+	// TODO(user): fill in your defaulting logic.
+}
+
+// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
+//+kubebuilder:webhook:path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-nutanixcluster,mutating=false,failurePolicy=fail,sideEffects=None,groups=infrastructure.cluster.x-k8s.io,resources=nutanixclusters,verbs=create;update,versions=v1beta1,name=vnutanixcluster.kb.io,admissionReviewVersions=v1
+
+var _ webhook.Validator = &NutanixCluster{}
+
+// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
+func (r *NutanixCluster) ValidateCreate() (admission.Warnings, error) {
+	nutanixclusterlog.Info("validate create", "name", r.Name)
+
+	// TODO(user): fill in your validation logic upon object creation.
+	return nil, nil
+}
+
+// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
+func (r *NutanixCluster) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
+	nutanixclusterlog.Info("validate update", "name", r.Name)
+
+	// TODO(user): fill in your validation logic upon object update.
+	return nil, nil
+}
+
+// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
+func (r *NutanixCluster) ValidateDelete() (admission.Warnings, error) {
+	nutanixclusterlog.Info("validate delete", "name", r.Name)
+
+	// TODO(user): fill in your validation logic upon object deletion.
+	return nil, nil
+}

api/infrastructure/v1beta1/nutanixmachinetemplate_types.go

@@ -30,6 +30,7 @@ type NutanixMachineTemplateSpec struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:resource:path=nutanixmachinetemplates,shortName=nmtmpl,scope=Namespaced,categories=cluster-api
+//+kubebuilder:subresource:status
 //+kubebuilder:storageversion
 
 // NutanixMachineTemplate is the Schema for the nutanixmachinetemplates API

api/infrastructure/v1beta1/webhook_suite_test.go

@@ -38,7 +38,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
-	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
 
 // These tests use Ginkgo (BDD-style Go testing framework). Refer to
@@ -107,14 +107,17 @@ var _ = BeforeSuite(func() {
 			Port:    webhookInstallOptions.LocalServingPort,
 			CertDir: webhookInstallOptions.LocalServingCertDir,
 		}),
-		LeaderElection: false,
-		Metrics:        metricsserver.Options{BindAddress: "0"},
+		LeaderElection:     false,
+		MetricsBindAddress: "0",
 	})
 	Expect(err).NotTo(HaveOccurred())
 
 	err = (&NutanixClusterTemplate{}).SetupWebhookWithManager(mgr)
 	Expect(err).NotTo(HaveOccurred())
 
+	err = (&NutanixCluster{}).SetupWebhookWithManager(mgr)
+	Expect(err).NotTo(HaveOccurred())
+
 	//+kubebuilder:scaffold:webhook
 
 	go func() {

cmd/main.go

@@ -171,11 +171,17 @@ func main() {
 		os.Exit(1)
 	}
 	if os.Getenv("ENABLE_WEBHOOKS") != "false" {
-		if err = (&infrastructurev1beta1.NutanixClusterTemplate{}).SetupWebhookWithManager(mgr); err != nil {
+		if err = (&infrav1beta1.NutanixClusterTemplate{}).SetupWebhookWithManager(mgr); err != nil {
 			setupLog.Error(err, "unable to create webhook", "webhook", "NutanixClusterTemplate")
 			os.Exit(1)
 		}
 	}
+	if os.Getenv("ENABLE_WEBHOOKS") != "false" {
+		if err = (&infrav1beta1.NutanixCluster{}).SetupWebhookWithManager(mgr); err != nil {
+			setupLog.Error(err, "unable to create webhook", "webhook", "NutanixCluster")
+			os.Exit(1)
+		}
+	}
 	//+kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {

config/crd/bases/infrastructure.cluster.x-k8s.io_nutanixmachines.yaml

@@ -615,8 +615,8 @@ spec:
                       description: The machine address.
                       type: string
                     type:
-                      description: Machine address type, one of Hostname, ExternalIP
-                        or InternalIP.
+                      description: Machine address type, one of Hostname, ExternalIP,
+                        InternalIP, ExternalDNS or InternalDNS.
                       type: string
                   required:
                   - address

config/crd/bases/infrastructure.cluster.x-k8s.io_nutanixmachinetemplates.yaml

@@ -546,6 +546,8 @@ spec:
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""

config/crd/patches/cainjection_in_infrastructure_nutanixclusters.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
+  name: nutanixclusters.infrastructure.cluster.x-k8s.io

config/crd/patches/webhook_in_infrastructure_nutanixclusters.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: nutanixclusters.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1