From 70ec47096c8119c2e6e2955dcd4d0967ee3c1ed9 Mon Sep 17 00:00:00 2001
From: Matt McEuen <madgin@madgin.net>
Date: Tue, 18 Aug 2020 11:38:32 -0500
Subject: [PATCH] Add catalogue-driven CAPI container versions

This allows for container locations and versions for the CAPI functions
to be (optionally) driven by the `versions-airshipctl` versions
catalogue.  In addition, this moves the clusterctl config from the site
level to become its own function, which can be further refined
(e.g. for public cloud providers) via inheriting functions, composites,
types, etc.

Change-Id: Ic2b02e256419ee8536f5237327cce2754fd0abff
Closes: https://github.com/airshipit/airshipctl/issues/316
---
 .../manager/manager_auth_proxy_patch.yaml     |  2 +-
 .../v0.3.3/manager/manager_image_patch.yaml   |  2 +-
 .../manager/manager_auth_proxy_patch.yaml     |  2 +-
 .../v0.3.3/manager/manager_image_patch.yaml   |  2 +-
 .../manager/manager_auth_proxy_patch.yaml     |  2 +-
 .../v0.3.3/manager/manager_image_patch.yaml   |  2 +-
 .../manager/manager_auth_proxy_patch.yaml     |  2 +-
 .../v0.3.1/manager/manager_image_patch.yaml   |  2 +-
 manifests/function/clusterctl/README.md       | 16 +++++++
 manifests/function/clusterctl/clusterctl.yaml | 45 +++++++++++++++++++
 .../clusterctl/kustomization.yaml             |  0
 .../replacements/kustomization.yaml           |  4 ++
 .../clusterctl/replacements/versions.yaml     | 27 +++++++++++
 .../ephemeral/initinfra/kustomization.yaml    |  2 +-
 .../shared/clusterctl/clusterctl.yaml         | 31 -------------
 .../target/initinfra/kustomization.yaml       |  2 +-
 16 files changed, 102 insertions(+), 41 deletions(-)
 create mode 100644 manifests/function/clusterctl/README.md
 create mode 100644 manifests/function/clusterctl/clusterctl.yaml
 rename manifests/{site/test-site/shared => function}/clusterctl/kustomization.yaml (100%)
 create mode 100644 manifests/function/clusterctl/replacements/kustomization.yaml
 create mode 100644 manifests/function/clusterctl/replacements/versions.yaml
 delete mode 100644 manifests/site/test-site/shared/clusterctl/clusterctl.yaml

diff --git a/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml b/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml
index 61cb5e7cb..27f69c5b8 100644
--- a/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml
+++ b/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml
@@ -10,7 +10,7 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+        image: ${CONTAINER_CABPK_AUTH_PROXY}
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
diff --git a/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml b/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml
index a6b620a9f..fe42af8f1 100644
--- a/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml
+++ b/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml
@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-        - image: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.3
+        - image: ${CONTAINER_CABPK_MANAGER}
           name: manager
diff --git a/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml b/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml
index 61cb5e7cb..bcfccd4ed 100644
--- a/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml
+++ b/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml
@@ -10,7 +10,7 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+        image: ${CONTAINER_CACPK_AUTH_PROXY}
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
diff --git a/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml b/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml
index 52efc6131..760dee339 100644
--- a/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml
+++ b/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml
@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-        - image: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.3
+        - image: ${CONTAINER_CACPK_MANAGER}
           name: manager
diff --git a/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml b/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml
index a5a737f7b..3b74f310a 100644
--- a/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml
+++ b/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml
@@ -10,7 +10,7 @@ spec:
     spec:
       containers:
         - name: kube-rbac-proxy
-          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+          image: ${CONTAINER_CAPI_AUTH_PROXY}
           args:
             - "--secure-listen-address=0.0.0.0:8443"
             - "--upstream=http://127.0.0.1:8080/"
diff --git a/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml b/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml
index 3ac912f26..c2bbf8cf8 100644
--- a/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml
+++ b/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml
@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-      - image: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.3
+      - image: ${CONTAINER_CAPI_MANAGER}
         name: manager
diff --git a/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml b/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml
index 989d69887..64a47e6f9 100644
--- a/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml
+++ b/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml
@@ -10,7 +10,7 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+        image: ${CONTAINER_CAPM3_AUTH_PROXY}
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
diff --git a/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml b/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml
index 692b73bd7..96567a806 100644
--- a/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml
+++ b/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml
@@ -8,5 +8,5 @@ spec:
     spec:
       containers:
       # Change the value of image field below to your controller image URL
-      - image: quay.io/metal3-io/cluster-api-provider-metal3:v0.3.1
+      - image: ${CONTAINER_CAPM3_MANAGER}
         name: manager
diff --git a/manifests/function/clusterctl/README.md b/manifests/function/clusterctl/README.md
new file mode 100644
index 000000000..6f01de11d
--- /dev/null
+++ b/manifests/function/clusterctl/README.md
@@ -0,0 +1,16 @@
+Function: k8scontrol
+====================
+
+This function defines a base Clusterctl config that includes a collection
+of available CAPI providers (under ``providers``) which are supported by
+``airshipctl``.  It also provides a selection of those for a default Metal3
+deployment (under ``init-options``).  The selected init-options may be
+patched/overridden at the Type level, etc.
+
+This function relies on CAPI variable substitution to supply versioned
+container images to the CAPI components.  The Clusterctl objects
+supplies defaults, and these can (optionally) be overridden either by
+simple Kustomize patching, or by applying the ``replacements``
+kustomization as a Kustomize transformer.  In the latter case,
+an airshipctl versions catalogue must be supplied; please see the
+``airshipctl-catalogues`` function for a base/example.
diff --git a/manifests/function/clusterctl/clusterctl.yaml b/manifests/function/clusterctl/clusterctl.yaml
new file mode 100644
index 000000000..c43186831
--- /dev/null
+++ b/manifests/function/clusterctl/clusterctl.yaml
@@ -0,0 +1,45 @@
+apiVersion: airshipit.org/v1alpha1
+kind: Clusterctl
+metadata:
+  labels:
+    airshipit.org/deploy-k8s: "false"
+  name: clusterctl-v1
+init-options:
+  core-provider: "cluster-api:v0.3.3"
+  bootstrap-providers:
+    - "kubeadm:v0.3.3"
+  infrastructure-providers:
+    - "metal3:v0.3.1"
+  control-plane-providers:
+    - "kubeadm:v0.3.3"
+providers:
+  - name: "metal3"
+    type: "InfrastructureProvider"
+    variable-substitution: true
+    versions:
+      v0.3.1: manifests/function/capm3/v0.3.1
+  - name: "kubeadm"
+    type: "BootstrapProvider"
+    variable-substitution: true
+    versions:
+      v0.3.3: manifests/function/cabpk/v0.3.3
+  - name: "cluster-api"
+    type: "CoreProvider"
+    variable-substitution: true
+    versions:
+      v0.3.3: manifests/function/capi/v0.3.3
+  - name: "kubeadm"
+    type: "ControlPlaneProvider"
+    variable-substitution: true
+    versions:
+      v0.3.3: manifests/function/cacpk/v0.3.3
+# These default images can be overridden via the `replacements/` entrypoint
+additional-vars:
+  CONTAINER_CAPM3_MANAGER: quay.io/metal3-io/cluster-api-provider-metal3:v0.3.1
+  CONTAINER_CACPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.3
+  CONTAINER_CABPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.3
+  CONTAINER_CAPI_MANAGER:  us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.3
+  CONTAINER_CAPM3_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+  CONTAINER_CACPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+  CONTAINER_CABPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+  CONTAINER_CAPI_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
diff --git a/manifests/site/test-site/shared/clusterctl/kustomization.yaml b/manifests/function/clusterctl/kustomization.yaml
similarity index 100%
rename from manifests/site/test-site/shared/clusterctl/kustomization.yaml
rename to manifests/function/clusterctl/kustomization.yaml
diff --git a/manifests/function/clusterctl/replacements/kustomization.yaml b/manifests/function/clusterctl/replacements/kustomization.yaml
new file mode 100644
index 000000000..1d43ee154
--- /dev/null
+++ b/manifests/function/clusterctl/replacements/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - versions.yaml
diff --git a/manifests/function/clusterctl/replacements/versions.yaml b/manifests/function/clusterctl/replacements/versions.yaml
new file mode 100644
index 000000000..d7f830503
--- /dev/null
+++ b/manifests/function/clusterctl/replacements/versions.yaml
@@ -0,0 +1,27 @@
+# These rules inject versioned artifacts into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: k8scontrol-versions-replacements
+replacements:
+# Replace the Kubernetes version in the KubeadmControlPlane
+- source:
+    objref:
+      name: versions-airshipctl
+    fieldref: kubernetes
+  target:
+    objref:
+      kind: KubeadmControlPlane
+      name: cluster-controlplane
+    fieldrefs: ["spec.version"]
+# Replace the controlplane disk image in the Metal3MachineTemplate
+- source:
+    objref:
+      name: versions-airshipctl
+    fieldref: files.k8scontrol.cluster_controlplane_image
+  target:
+    objref:
+      kind: Metal3MachineTemplate
+      name: cluster-controlplane
+    fieldrefs: ["spec.template.spec.image"]
+
diff --git a/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml b/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml
index 26b91c0af..123b2ef9c 100644
--- a/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml
+++ b/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml
@@ -1,6 +1,6 @@
 resources:
   - ../../../../composite/infra
-  - ../../shared/clusterctl
+  - ../../../../function/clusterctl
   - ../../../../function/airshipctl-catalogues
   - ../../../../function/baremetal-operator
 patchesStrategicMerge:
diff --git a/manifests/site/test-site/shared/clusterctl/clusterctl.yaml b/manifests/site/test-site/shared/clusterctl/clusterctl.yaml
deleted file mode 100644
index 5873ff506..000000000
--- a/manifests/site/test-site/shared/clusterctl/clusterctl.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: airshipit.org/v1alpha1
-kind: Clusterctl
-metadata:
-  labels:
-    airshipit.org/deploy-k8s: "false"
-  name: clusterctl-v1
-init-options:
-  core-provider: "cluster-api:v0.3.3"
-  bootstrap-providers:
-    - "kubeadm:v0.3.3"
-  infrastructure-providers:
-    - "metal3:v0.3.1"
-  control-plane-providers:
-    - "kubeadm:v0.3.3"
-providers:
-  - name: "metal3"
-    type: "InfrastructureProvider"
-    versions:
-      v0.3.1: manifests/function/capm3/v0.3.1
-  - name: "kubeadm"
-    type: "BootstrapProvider"
-    versions:
-      v0.3.3: manifests/function/cabpk/v0.3.3
-  - name: "cluster-api"
-    type: "CoreProvider"
-    versions:
-      v0.3.3: manifests/function/capi/v0.3.3
-  - name: "kubeadm"
-    type: "ControlPlaneProvider"
-    versions:
-      v0.3.3: manifests/function/cacpk/v0.3.3
diff --git a/manifests/site/test-site/target/initinfra/kustomization.yaml b/manifests/site/test-site/target/initinfra/kustomization.yaml
index 9756756dc..8c9838c70 100644
--- a/manifests/site/test-site/target/initinfra/kustomization.yaml
+++ b/manifests/site/test-site/target/initinfra/kustomization.yaml
@@ -1,6 +1,6 @@
 resources:
   - ../../../../composite/infra
-  - ../../shared/clusterctl
+  - ../../../../function/clusterctl
   - ../../../../function/airshipctl-catalogues
   - ../../../../function/baremetal-operator
   - ../../../../function/helm-operator