✨ Install CAPI using operator after chart is installed

.github/workflows/test_chart.yaml

@@ -59,7 +59,7 @@ jobs:
         run: kind load docker-image ${{ env.MANIFEST_IMG }}:${{ env.TAG }}
 
       - name: Run chart-testing (install)
-        run: helm install rancher-turtles out/charts/rancher-turtles/ -n rancher-turtles-system --create-namespace --wait --set cluster-api-operator.cert-manager.enabled=true
+        run: helm install rancher-turtles out/charts/rancher-turtles/ -n rancher-turtles-system --create-namespace --wait --set cluster-api-operator.cluster-api.enabled=false --set cluster-api-operator.enabled=false
 
       - name: Run chart-testing (un-install)
         run: helm uninstall rancher-turtles -n rancher-turtles-system --wait

README.md

@@ -10,7 +10,74 @@ Currently this project has the following functionality:
 
 ## How to use this?
 
-Instructions coming soon :)
+### Installation
+
+```
+Note: The following will only work after we release the first version of the extension.
+```
+
+Prerequisites:
+
+- Running [Rancher Manager cluster](https://ranchermanager.docs.rancher.com/) with cert-manager
+- [Helm](https://helm.sh/)
+
+Quick start:
+
+These commands will install: Rancher turtles extension, CAPI Operator, CAPI itself with kubeadmin bootstrap and control plane providers.
+
+```bash
+helm repo add rancher-turtles https://rancher-sandbox.github.io/rancher-turtles
+helm repo update
+helm install rancher-turtles rancher-turtles/rancher-turtles --create-namespace -n rancher-turtles-system
+```
+
+Customizing the deployment:
+
+The Rancher turtles Helm chart supports the following values:
+
+```yaml
+rancherTurtles:
+  image: controller # image to use for the extension
+  tag: v0.0.0 # tag to use for the extension
+  imagePullPolicy: Never # image pull policy to use for the extension
+  namespace: rancher-turtles-system # namespace to deploy to (default: rancher-turtles-system)
+cluster-api-operator: 
+  enabled: true # indicates if CAPI operator should be installed (default: true)
+  cert-manager:
+    enabled: true # indicates if cert-manager should be installed (default: true)
+  cluster-api:
+    enabled: true # indicates if core CAPI controllers should be installed (default: true)
+    version: v1.4.6 # version of CAPI to install (default: v1.4.6)
+    configSecret:
+      name: "" # name of the config secret to use for core CAPI controllers, used by the CAPI operator. See [CAPI operator](https://github.com/kubernetes-sigs/cluster-api-operator/tree/main/docs#installing-azure-infrastructure-provider) docs for more details.
+      namespace: "" # namespace of the config secret to use for core CAPI controllers, used by the CAPI operator.
+    core:
+      namespace: capi-system
+      fetchConfig: # (only required for airgapped environments)
+        url: ""  # url to fetch config from, used by the CAPI operator. See [CAPI operator](https://github.com/kubernetes-sigs/cluster-api-operator/tree/main/docs#provider-spec) docs for more details.
+        selector: ""  # selector to use for fetching config, used by the CAPI operator.
+    kubeadmBootstrap:
+      namespace: capi-kubeadm-bootstrap-system
+      fetchConfig:
+        url: ""
+        selector: ""
+    kubeadmControlPlane:
+      namespace: capi-kubeadm-control-plane-system
+      fetchConfig:
+        url: ""
+        selector: ""
+
+```
+### Installing CAPI providers
+
+The Rancher turtles extension does not install any CAPI providers, you will need to install them yourself using [CAPI operator](https://github.com/kubernetes-sigs/cluster-api-operator/tree/main/docs).
+
+To quickly deploy docker infrastructure, kubeadm bootstrap and control plane providers, apply the following:
+
+```
+kubectl apply -f https://raw.githubusercontent.com/rancher-sandbox/rancher-turtles/main/test/e2e/resources/config/capi-providers-secret.yaml
+kubectl apply -f https://raw.githubusercontent.com/rancher-sandbox/rancher-turtles/main/test/e2e/resources/config/capi-providers.yaml
+```
 
 ## How to contribute?
 See our [contributor guide](CONTRIBUTING.md) for more details on how to get involved.
@@ -68,4 +135,4 @@ What happens when you run `make dev-env`?
 
 ## Code of Conduct
 
-Participation in the project is governed by [Code of Conduct](code-of-conduct.md).
+Participation in the project is governed by [Code of Conduct](code-of-conduct.md).

charts/rancher-turtles/templates/core-provider.yaml

@@ -0,0 +1,71 @@
+{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "1"
+  name: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: CoreProvider
+metadata:
+  name: cluster-api
+  namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+spec:
+  version: {{ index .Values "cluster-api-operator" "cluster-api" "version" }}
+  additionalManifests:
+    name: capi-additional-rbac-roles
+    namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+  secretName: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "namespace" }}
+  secretNamespace: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "namespace" }}
+{{- end }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector") }}
+  fetchConfig:
+    {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+    url: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+    {{- end }}
+    {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+    selector: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+    {{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: capi-additional-rbac-roles
+  namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+data: 
+  manifests: |-
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: provisioning-rke-cattle-io
+      labels:
+        cluster.x-k8s.io/aggregate-to-manager: "true"
+    rules:
+      - apiGroups: ["rke.cattle.io"]
+        resources: ["*"]
+        verbs: ["*"]
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: provisioning-rke-machine-cattle-io
+      labels:
+        cluster.x-k8s.io/aggregate-to-manager: "true"
+    rules:
+      - apiGroups: ["rke-machine.cattle.io"]
+        resources: ["*"]
+        verbs: ["*"]
+{{- end }}

charts/rancher-turtles/templates/kubeadm-bootstrap.yaml

@@ -0,0 +1,36 @@
+{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "1"
+  name: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "namespace" }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: BootstrapProvider
+metadata:
+  name: kubeadm
+  namespace: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "namespace" }}
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+spec:
+  version: {{ index .Values "cluster-api-operator" "cluster-api" "version" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+  secretName: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "namespace" }}
+  secretNamespace: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "namespace" }}
+{{- end }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "fetchConfig" "selector") }}
+  fetchConfig:
+    {{- if index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "fetchConfig" "url" }}
+    url: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "fetchConfig" "url" }}
+    {{- end }}
+    {{- if index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "fetchConfig" "selector" }}
+    selector: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmBootstrap" "fetchConfig" "selector" }}
+    {{- end }}
+{{- end }}
+{{- end }}

charts/rancher-turtles/templates/kubeadm-control-plane.yaml

@@ -0,0 +1,36 @@
+{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "1"
+  name: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "namespace" }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: ControlPlaneProvider
+metadata:
+  name: kubeadm
+  namespace: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "namespace" }}
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+spec:
+  version: {{ index .Values "cluster-api-operator" "cluster-api" "version" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+  secretName: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "namespace" }}
+  secretNamespace: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "namespace" }}
+{{- end }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "fetchConfig" "selector") }}
+  fetchConfig:
+    {{- if index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "fetchConfig" "url" }}
+    url: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "fetchConfig" "url" }}
+    {{- end }}
+    {{- if index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "fetchConfig" "selector" }}
+    selector: {{ index .Values "cluster-api-operator" "cluster-api" "kubeadmControlPlane" "fetchConfig" "selector" }}
+    {{- end }}
+{{- end }}
+{{- end }}

charts/rancher-turtles/values.yaml

@@ -5,3 +5,26 @@ rancherTurtles:
   namespace: rancher-turtles-system
 cluster-api-operator:
   enabled: true
+  cert-manager:
+    enabled: true
+  cluster-api:
+    enabled: true
+    version: v1.4.6
+    configSecret:
+      name: ""
+      namespace: ""
+    core:
+      namespace: capi-system
+      fetchConfig:
+        url: ""
+        selector: ""
+    kubeadmBootstrap:
+      namespace: capi-kubeadm-bootstrap-system
+      fetchConfig:
+        url: ""
+        selector: ""
+    kubeadmControlPlane:
+      namespace: capi-kubeadm-control-plane-system
+      fetchConfig:
+        url: ""
+        selector: ""

test/e2e/e2e_suite_test.go

@@ -246,8 +246,8 @@ func initBootstrapCluster(bootstrapClusterProxy framework.ClusterProxy, config *
 }
 
 func initRancherTurtles(clusterProxy framework.ClusterProxy, config *clusterctl.E2EConfig) {
-	By("Adding docker variables secret")
-	Expect(clusterProxy.Apply(ctx, dockerVariablesSecret)).To(Succeed())
+	By("Adding CAPI variables secret")
+	Expect(clusterProxy.Apply(ctx, capiProvidersSecret)).To(Succeed())
 
 	By("Installing rancher-turtles chart")
 	chart := &HelmChart{
@@ -258,12 +258,50 @@ func initRancherTurtles(clusterProxy framework.ClusterProxy, config *clusterctl.
 		AdditionalFlags: Flags("-n", rancherTurtlesNamespace, "--create-namespace", "--wait"),
 	}
 	_, err := chart.Run(map[string]string{
-		"cluster-api-operator.cert-manager.enabled": "true",
-		"cluster-api-operator.infrastructure":       config.GetVariable(capiInfrastructure),
-		"cluster-api-operator.secretName":           "variables",
-		"cluster-api-operator.secretNamespace":      "default",
+		"cluster-api-operator.cluster-api.configSecret.namespace": "default",
+		"cluster-api-operator.cluster-api.configSecret.name":      "variables",
 	})
 	Expect(err).ToNot(HaveOccurred())
+
+	By("Adding CAPI infrastructure providers")
+	Expect(clusterProxy.Apply(ctx, capiProviders)).To(Succeed())
+
+	By("Waiting for CAPI deployment to be available")
+	framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{
+		Getter: bootstrapClusterProxy.GetClient(),
+		Deployment: &appsv1.Deployment{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "capi-controller-manager",
+				Namespace: "capi-system",
+			}},
+	}, config.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...)
+
+	By("Waiting for CAPI kubeadm bootstrap deployment to be available")
+	framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{
+		Getter: bootstrapClusterProxy.GetClient(),
+		Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{
+			Name:      "capi-kubeadm-bootstrap-controller-manager",
+			Namespace: "capi-kubeadm-bootstrap-system",
+		}},
+	}, config.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...)
+
+	By("Waiting for CAPI kubeadm control plane deployment to be available")
+	framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{
+		Getter: bootstrapClusterProxy.GetClient(),
+		Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{
+			Name:      "capi-kubeadm-control-plane-controller-manager",
+			Namespace: "capi-kubeadm-control-plane-system",
+		}},
+	}, config.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...)
+
+	By("Waiting for CAPI docker provider deployment to be available")
+	framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{
+		Getter: bootstrapClusterProxy.GetClient(),
+		Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{
+			Name:      "capd-controller-manager",
+			Namespace: "capd-system",
+		}},
+	}, config.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...)
 }
 
 func initRancher(clusterProxy framework.ClusterProxy, config *clusterctl.E2EConfig) {

test/e2e/helpers_test.go

@@ -30,8 +30,11 @@ var (
 	//go:embed resources/testdata/fleet-capi-test.yaml
 	fleetCAPITestdata []byte
 
-	//go:embed resources/config/docker-infra-secret.yaml
-	dockerVariablesSecret []byte
+	//go:embed resources/config/capi-providers-secret.yaml
+	capiProvidersSecret []byte
+
+	//go:embed resources/config/capi-providers.yaml
+	capiProviders []byte
 
 	//go:embed resources/config/ingress.yaml
 	ingressConfig []byte

test/e2e/resources/config/docker-infra-secret.yaml → test/e2e/resources/config/capi-providers-secret.yaml

@@ -6,4 +6,5 @@ metadata:
 type: Opaque
 stringData:
   CLUSTER_TOPOLOGY: "true"
-  EXP_CLUSTER_RESOURCE_SET: "true"
+  EXP_CLUSTER_RESOURCE_SET: "true"
+

test/e2e/resources/config/capi-providers.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: capd-system
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha1
+kind: InfrastructureProvider
+metadata:
+  name: docker
+  namespace: capd-system
+spec:
+  secretName: variables
+  secretNamespace: default