Sync with upstream 2021.12.20

.github/workflows/e2e.yaml

@@ -0,0 +1,25 @@
+on:
+  pull_request_target:
+    types: [labeled]
+name: e2e
+jobs:
+  integration:
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          repository: kubevirt/project-infra
+          path: project-infra
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: kubeconfig
+        run: 'echo -e "$KUBECONFIG" > $GITHUB_WORKSPACE/project-infra/.kubeconfig'
+        shell: bash
+        env:
+          KUBECONFIG: ${{secrets.KUBECONFIG}}
+      - name: Test
+        run: |
+          $GITHUB_WORKSPACE/project-infra/hack/mkpj.sh --job pull-kubernetes-sigs-cluster-api-provider-kubevirt-e2e --pull-number ${{github.event.number}} --kubeconfig $GITHUB_WORKSPACE/project-infra/.kubeconfig --trigger-job

.github/workflows/test.yaml

@@ -0,0 +1,20 @@
+on: [push, pull_request]
+name: build
+jobs:
+  unit_test:
+    strategy:
+      matrix:
+        go-version: [1.16.x, 1.17.x]
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v2
+    - name: Test
+      run: make test
+    - name: Build
+      run: make manager

Dockerfile

@@ -1,5 +1,61 @@
-FROM gcr.io/distroless/static
+# syntax=docker/dockerfile:1.1-experimental
 
-COPY bin/manager /usr/bin/
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
-ENTRYPOINT /usr/bin/manager
+# Build the manager binary
+# Run this with docker build --build-arg builder_image=<golang:x.y.z>
+ARG builder_image=golang:1.16.2
+FROM ${builder_image} as builder
+WORKDIR /workspace
+
+# Run this with docker build --build-arg goproxy=$(go env GOPROXY) to override the goproxy
+ARG goproxy=https://proxy.golang.org
+ENV GOPROXY=$goproxy
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+# Cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN --mount=type=cache,target=/go/pkg/mod \
+    go mod download
+
+# Copy the sources
+COPY ./ ./
+
+# Cache the go build into the the Go’s compiler cache folder so we take benefits of compiler caching across docker build calls
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    go build .
+
+# Build
+ARG ARCH=amd64
+ARG ldflags
+
+# Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
+    go build -a -ldflags "${ldflags} -extldflags '-static'" \
+    -o manager .
+
+# Production image
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
+USER 65532
+ENTRYPOINT ["/manager"]

OWNERS

@@ -1,6 +1,14 @@
-# See the OWNERS docs at https://go.k8s.io/owners
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
 
 approvers:
-  - agradouski
-  - cchengleo
-  - sig-cluster-lifecycle-leads
+- rmohr
+- davidvossel
+- nunnatsa
+- nirarg
+options: {}
+reviewers:
+- rmohr
+- davidvossel
+- nunnatsa
+- nirarg
+

README.md

@@ -25,6 +25,10 @@ We also encourage ALL active community participants to act as if they are mainta
 - Join the [SIG Cluster Lifecycle](https://groups.google.com/g/kubernetes-sig-cluster-lifecycle) Google Group to documents and calendar.
 - Participate in the conversations on [Kubernetes Discuss](https://discuss.kubernetes.io/c/contributors/cluster-api/23)
 
+- **Meetings:** 
+  - Cluster API Provider KubeVirt Syncup Meetings: [Tuesdays at 8:00 PT (Pacific Time)](https://zoom.us/j/94685513559?pwd=cnI3RUQyZ3RrckpOc1BQNDA1Q1BrZz09) (weekly starting Tuesday December 7th, 2021). [Convert to your timezone](http://www.thetimezoneconverter.com/?t=8:00&tz=PT%20%28Pacific%20Time%29).
+    - [Meeting notes and Agenda](https://docs.google.com/document/d/1ZAnRLCKOVbDqrsrYis2OR0aZIAlqp576gCJVCkMNiHM/edit?usp=sharing).
+
 ### Other ways to communicate with the maintainers
 
 Please check in with us in the [#cluster-api-kubevirt](https://sigs.k8s.io/cluster-api-provider-kubevirt). You can also join our [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-dev)
@@ -45,7 +49,7 @@ If you think you have found a bug please follow the instruction below.
 
 We also have a issue tracker to track features. If you think you have a feature idea, that could make Cluster API provider Kubevirt become even more awesome, then follow these steps.
 
-- Opem a feature request
+- Open a feature request
 - Remember users might be searching for the issue in future, so please make sure to give it a meaningful title to help others.
 - Clearly define the use case with concrete examples. Example: type `this` and cluster-api-provider-kubevirt does `that`.
 - Some of our larger features will require some design. If you would like to include a techincal design to your feature, please go ahead.

api/v1alpha4/kubevirtcluster_types.go

@@ -35,10 +35,13 @@ type KubevirtClusterSpec struct {
 
 	// ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
 	// +optional
-	ControlPlaneEndpoint APIEndpoint `json:"controlPlaneEndpoint"`
+	ControlPlaneEndpoint APIEndpoint `json:"controlPlaneEndpoint,omitempty"`
 
 	// SSHKeys is a reference to a local struct for SSH keys persistence.
-	SshKeys SSHKeys `json:"sshKeys"`
+	SshKeys SSHKeys `json:"sshKeys,omitempty"`
+
+	// InfraClusterSecretRef is a reference to a secret with a kubeconfig for external cluster used for infra.
+	InfraClusterSecretRef *corev1.ObjectReference `json:"infraClusterSecretRef,omitempty"`
 }
 
 // KubevirtClusterStatus defines the observed state of KubevirtCluster.

api/v1alpha4/kubevirtmachine_types.go

@@ -35,11 +35,6 @@ type KubevirtMachineSpec struct {
 	// ProviderID TBD what to use for Kubevirt
 	// +optional
 	ProviderID *string `json:"providerID,omitempty"`
-
-	// Bootstrapped is true when the kubeadm bootstrapping has been run
-	// against this machine
-	// +optional
-	Bootstrapped bool `json:"bootstrapped,omitempty"`
 }
 
 // KubevirtMachineStatus defines the observed state of KubevirtMachine.

api/v1alpha4/kubevirtmachinetemplate_webhook_test.go

@@ -18,6 +18,7 @@ package v1alpha4
 
 import (
 	"errors"
+
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )
@@ -38,18 +39,14 @@ var _ = Describe("Template Validation", func() {
 				oldTemplate: &KubevirtMachineTemplate{
 					Spec: KubevirtMachineTemplateSpec{
 						Template: KubevirtMachineTemplateResource{
-							Spec: KubevirtMachineSpec{
-								Bootstrapped: true,
-							},
+							Spec: KubevirtMachineSpec{},
 						},
 					},
 				},
 				newTemplate: &KubevirtMachineTemplate{
 					Spec: KubevirtMachineTemplateSpec{
 						Template: KubevirtMachineTemplateResource{
-							Spec: KubevirtMachineSpec{
-								Bootstrapped: true,
-							},
+							Spec: KubevirtMachineSpec{},
 						},
 					},
 				},
@@ -64,13 +61,14 @@ var _ = Describe("Template Validation", func() {
 	})
 	Context("Template comparison with errors", func() {
 		BeforeEach(func() {
+			providerID := "test"
 			tests = test{
 				name: "return no error if no modification",
 				oldTemplate: &KubevirtMachineTemplate{
 					Spec: KubevirtMachineTemplateSpec{
 						Template: KubevirtMachineTemplateResource{
 							Spec: KubevirtMachineSpec{
-								Bootstrapped: true,
+								ProviderID: nil,
 							},
 						},
 					},
@@ -79,7 +77,7 @@ var _ = Describe("Template Validation", func() {
 					Spec: KubevirtMachineTemplateSpec{
 						Template: KubevirtMachineTemplateResource{
 							Spec: KubevirtMachineSpec{
-								Bootstrapped: false,
+								ProviderID: &providerID,
 							},
 						},
 					},

config/crd/bases/infrastructure.cluster.x-k8s.io_kubevirtclusters.yaml

@@ -52,6 +52,43 @@ spec:
                 - host
                 - port
                 type: object
+              infraClusterSecretRef:
+                description: InfraClusterSecretRef is a reference to a secret with
+                  a kubeconfig for external cluster used for infra.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
               sshKeys:
                 description: SSHKeys is a reference to a local struct for SSH keys
                   persistence.
@@ -99,8 +136,6 @@ spec:
                       ssh keys.
                     type: string
                 type: object
-            required:
-            - sshKeys
             type: object
           status:
             description: KubevirtClusterStatus defines the observed state of KubevirtCluster.

config/crd/bases/infrastructure.cluster.x-k8s.io_kubevirtmachines.yaml

@@ -38,10 +38,6 @@ spec:
           spec:
             description: KubevirtMachineSpec defines the desired state of KubevirtMachine.
             properties:
-              bootstrapped:
-                description: Bootstrapped is true when the kubeadm bootstrapping has
-                  been run against this machine
-                type: boolean
               providerID:
                 description: ProviderID TBD what to use for Kubevirt
                 type: string

config/crd/bases/infrastructure.cluster.x-k8s.io_kubevirtmachinetemplates.yaml

@@ -48,10 +48,6 @@ spec:
                     description: Spec is the specification of the desired behavior
                       of the machine.
                     properties:
-                      bootstrapped:
-                        description: Bootstrapped is true when the kubeadm bootstrapping
-                          has been run against this machine
-                        type: boolean
                       providerID:
                         description: ProviderID TBD what to use for Kubevirt
                         type: string

config/manager/manager.yaml

@@ -16,11 +16,12 @@ spec:
         control-plane: controller-manager
     spec:
       containers:
-      - args:
+      - command:
+        - /manager
+        args:
         - "--leader-elect"
         - "--metrics-bind-addr=127.0.0.1:8080"
         - "--feature-gates=MachinePool=false"
-        command: ["/usr/bin/manager"]
         image: controller:latest
         name: manager
         env:

controllers/kubevirtcluster_controller.go

@@ -24,6 +24,7 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	infrav1 "sigs.k8s.io/cluster-api-provider-kubevirt/api/v1alpha4"
 	"sigs.k8s.io/cluster-api-provider-kubevirt/pkg/context"
+	"sigs.k8s.io/cluster-api-provider-kubevirt/pkg/infracluster"
 	"sigs.k8s.io/cluster-api-provider-kubevirt/pkg/loadbalancer"
 	"sigs.k8s.io/cluster-api-provider-kubevirt/pkg/ssh"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
@@ -36,12 +37,14 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/source"
+	"time"
 )
 
 // KubevirtClusterReconciler reconciles a KubevirtCluster object.
 type KubevirtClusterReconciler struct {
 	client.Client
-	Log logr.Logger
+	InfraCluster infracluster.InfraCluster
+	Log          logr.Logger
 }
 
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=kubevirtclusters,verbs=get;list;watch;create;update;patch;delete
@@ -82,8 +85,17 @@ func (r *KubevirtClusterReconciler) Reconcile(goctx gocontext.Context, req ctrl.
 		Logger:          ctrl.LoggerFrom(goctx).WithName(req.Namespace).WithName(req.Name),
 	}
 
+	infraClusterClient, infraClusterNamespace, err := r.InfraCluster.GenerateInfraClusterClient(clusterContext)
+	if err != nil {
+		return ctrl.Result{RequeueAfter: 10 * time.Second}, errors.Wrap(err, "failed to generate infra cluster client")
+	}
+	if infraClusterClient == nil {
+		clusterContext.Logger.Info("Waiting for infra cluster client...")
+		return ctrl.Result{RequeueAfter: 10 * time.Second}, nil
+	}
+
 	// Create a helper for managing a service hosting the load-balancer.
-	externalLoadBalancer, err := loadbalancer.NewLoadBalancer(clusterContext, r.Client)
+	externalLoadBalancer, err := loadbalancer.NewLoadBalancer(clusterContext, infraClusterClient, infraClusterNamespace)
 	if err != nil {
 		return ctrl.Result{}, errors.Wrapf(err, "failed to create helper for managing the externalLoadBalancer")
 	}
@@ -111,7 +123,7 @@ func (r *KubevirtClusterReconciler) Reconcile(goctx gocontext.Context, req ctrl.
 
 	// Handle deleted clusters
 	if !kubevirtCluster.DeletionTimestamp.IsZero() {
-		return r.reconcileDelete(clusterContext)
+		return r.reconcileDelete(clusterContext, externalLoadBalancer)
 	}
 
 	// Handle non-deleted clusters
@@ -169,7 +181,12 @@ func (r *KubevirtClusterReconciler) reconcileNormal(ctx *context.ClusterContext,
 	return ctrl.Result{}, nil
 }
 
-func (r *KubevirtClusterReconciler) reconcileDelete(ctx *context.ClusterContext) (ctrl.Result, error) {
+func (r *KubevirtClusterReconciler) reconcileDelete(ctx *context.ClusterContext, externalLoadBalancer *loadbalancer.LoadBalancer) (ctrl.Result, error) {
+	ctx.Logger.Info("Deleting load balancer service...")
+	if err := externalLoadBalancer.Delete(ctx); err != nil {
+		ctx.Logger.Error(err, "Failed to delete load balancer service.")
+	}
+
 	// Set the LoadBalancerAvailableCondition reporting delete is started, and issue a patch in order to make
 	// this visible to the users.
 	patchHelper, err := patch.NewHelper(ctx.KubevirtCluster, r.Client)