Render the CVO manifest with user-specified capabilities from the install-config

data/data/install.openshift.io_installconfigs.yaml

@@ -44,6 +44,31 @@ spec:
             required:
             - installationDisk
             type: object
+          capabilities:
+            description: Capabilities configures the installation of optional core
+              cluster components.
+            properties:
+              additionalEnabledCapabilities:
+                description: additionalEnabledCapabilities extends the set of managed
+                  capabilities beyond the baseline defined in baselineCapabilitySet.
+                  The default is an empty set.
+                items:
+                  description: ClusterVersionCapability enumerates optional, core
+                    cluster components.
+                  enum:
+                  - openshift-samples
+                  type: string
+                type: array
+              baselineCapabilitySet:
+                description: baselineCapabilitySet selects an initial set of optional
+                  capabilities to enable, which can be extended via additionalEnabledCapabilities.
+                  The default is vCurrent.
+                enum:
+                - None
+                - v4.11
+                - vCurrent
+                type: string
+            type: object
           compute:
             description: Compute is the configuration for the machines that comprise
               the compute nodes.

data/data/manifests/bootkube/cvo-overrides.yaml.template

@@ -11,3 +11,12 @@ spec:
   channel: stable-4.11
 {{- end }}
   clusterID: {{.CVOClusterID}}
+{{- if .CVOCapabilities }}
+  capabilities:
+    baselineCapabilitySet: {{.CVOCapabilities.BaselineCapabilitySet}}
+    {{- if .CVOCapabilities.AdditionalEnabledCapabilities}}
+    additionalEnabledCapabilities: {{range .CVOCapabilities.AdditionalEnabledCapabilities}}
+    - {{.}}
+    {{- end}}
+    {{- end}}
+{{- end }}

go.mod

@@ -37,7 +37,7 @@ require (
 	github.com/metal3-io/baremetal-operator v0.0.0-20220128094204-28771f489634
 	github.com/metal3-io/baremetal-operator/apis v0.0.0
 	github.com/metal3-io/baremetal-operator/pkg/hardwareutils v0.0.0
-	github.com/openshift/api v0.0.0-20220124143425-d74727069f6f
+	github.com/openshift/api v0.0.0-20220222102030-354aa98a475c
 	github.com/openshift/client-go v0.0.0-20211025111749-96ca2abfc56c
 	github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e
 	github.com/openshift/cluster-api-provider-baremetal v0.0.0-20210924143856-c2d3ece4da38

go.sum

@@ -1036,8 +1036,8 @@ github.com/openshift/api v0.0.0-20210730095913-85e1d547cdee/go.mod h1:ntkQrC1Z6A
 github.com/openshift/api v0.0.0-20210816181336-8ff39b776da3/go.mod h1:x81TFA31x1OMT9SYWukQqJ/KbmeveRN6fo+XeGRK8g0=
 github.com/openshift/api v0.0.0-20211025104849-a11323ccb6ea/go.mod h1:RsQCVJu4qhUawxxDP7pGlwU3IA4F01wYm3qKEu29Su8=
 github.com/openshift/api v0.0.0-20211108165917-be1be0e89115/go.mod h1:RsQCVJu4qhUawxxDP7pGlwU3IA4F01wYm3qKEu29Su8=
-github.com/openshift/api v0.0.0-20220124143425-d74727069f6f h1:iOTv1WudhVm2UsoST+L+ZrA5A9w57h9vmQsdlBuqG6g=
-github.com/openshift/api v0.0.0-20220124143425-d74727069f6f/go.mod h1:F/eU6jgr6Q2VhMu1mSpMmygxAELd7+BUxs3NHZ25jV4=
+github.com/openshift/api v0.0.0-20220222102030-354aa98a475c h1:teP/Es0/vieKbpRde+xwoM0F1cWO5ZFLS4ihJ2WG7BQ=
+github.com/openshift/api v0.0.0-20220222102030-354aa98a475c/go.mod h1:F/eU6jgr6Q2VhMu1mSpMmygxAELd7+BUxs3NHZ25jV4=
 github.com/openshift/baremetal-operator v0.0.0-20211201170610-92ffa60c683d h1:4KkYItiWENIs2bV6lKOcIMdWUnZJA+GWT9Us7z0P1UA=
 github.com/openshift/baremetal-operator v0.0.0-20211201170610-92ffa60c683d/go.mod h1:p32F1DBUxfgd0JjM4rCuhJomFJokEoWR1Z/LZNL2LM8=
 github.com/openshift/baremetal-operator/apis v0.0.0-20211201170610-92ffa60c683d h1:DHGXCvXWsPExutf3tgQYD4TVDSAOviLXO7Vnc42oXhw=

pkg/asset/manifests/operators.go

@@ -136,6 +136,7 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 	)
 
 	templateData := &bootkubeTemplateData{
+		CVOCapabilities:  installConfig.Config.Capabilities,
 		CVOClusterID:     clusterID.UUID,
 		McsTLSCert:       base64.StdEncoding.EncodeToString(mcsCertKey.Cert()),
 		McsTLSKey:        base64.StdEncoding.EncodeToString(mcsCertKey.Key()),

pkg/asset/manifests/template.go

@@ -1,6 +1,9 @@
 package manifests
 
-import "github.com/openshift/installer/pkg/types/baremetal"
+import (
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/baremetal"
+)
 
 // AwsCredsSecretData holds encoded credentials and is used to generate cloud-creds secret
 type AwsCredsSecretData struct {
@@ -62,6 +65,7 @@ type cloudCredsSecretData struct {
 }
 
 type bootkubeTemplateData struct {
+	CVOCapabilities            *types.Capabilities
 	CVOClusterID               string
 	EtcdCaBundle               string
 	EtcdMetricCaCert           string
@@ -73,12 +77,12 @@ type bootkubeTemplateData struct {
 	EtcdSignerClientCert       string
 	EtcdSignerClientKey        string
 	EtcdSignerKey              string
+	IsOKD                      bool
 	McsTLSCert                 string
 	McsTLSKey                  string
 	PullSecretBase64           string
 	RootCaCert                 string
 	WorkerIgnConfig            string
-	IsOKD                      bool
 }
 
 type baremetalTemplateData struct {

pkg/explain/printer_test.go

@@ -31,6 +31,9 @@ func Test_PrintFields(t *testing.T) {
     bootstrapInPlace <object>
       BootstrapInPlace is the configuration for installing a single node with bootstrap in place installation.
 
+    capabilities <object>
+      Capabilities configures the installation of optional core cluster components.
+
     compute <[]object>
       Compute is the configuration for the machines that comprise the compute nodes.
       MachinePool is a pool of machines to be installed.

pkg/types/installconfig.go

@@ -4,6 +4,9 @@ import (
 	"fmt"
 	"strings"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/installer/pkg/ipnet"
 	"github.com/openshift/installer/pkg/types/alibabacloud"
 	"github.com/openshift/installer/pkg/types/aws"
@@ -16,7 +19,6 @@ import (
 	"github.com/openshift/installer/pkg/types/openstack"
 	"github.com/openshift/installer/pkg/types/ovirt"
 	"github.com/openshift/installer/pkg/types/vsphere"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
@@ -154,6 +156,10 @@ type InstallConfig struct {
 	// BootstrapInPlace is the configuration for installing a single node
 	// with bootstrap in place installation.
 	BootstrapInPlace *BootstrapInPlace `json:"bootstrapInPlace,omitempty"`
+
+	// Capabilities configures the installation of optional core cluster components.
+	// +optional
+	Capabilities *Capabilities `json:"capabilities,omitempty"`
 }
 
 // ClusterDomain returns the DNS domain that all records for a cluster must belong to.
@@ -373,6 +379,21 @@ type BootstrapInPlace struct {
 	InstallationDisk string `json:"installationDisk"`
 }
 
+// Capabilities selects the managed set of optional, core cluster components.
+type Capabilities struct {
+	// baselineCapabilitySet selects an initial set of
+	// optional capabilities to enable, which can be extended via
+	// additionalEnabledCapabilities. The default is vCurrent.
+	// +optional
+	BaselineCapabilitySet configv1.ClusterVersionCapabilitySet `json:"baselineCapabilitySet,omitempty"`
+
+	// additionalEnabledCapabilities extends the set of managed
+	// capabilities beyond the baseline defined in
+	// baselineCapabilitySet. The default is an empty set.
+	// +optional
+	AdditionalEnabledCapabilities []configv1.ClusterVersionCapability `json:"additionalEnabledCapabilities,omitempty"`
+}
+
 // WorkerMachinePool retrieves the worker MachinePool from InstallConfig.Compute
 func (c *InstallConfig) WorkerMachinePool() *MachinePool {
 	for _, machinePool := range c.Compute {

pkg/types/validation/installconfig.go

@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	dockerref "github.com/containers/image/docker/reference"
+	configv1 "github.com/openshift/api/config/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh"
@@ -125,6 +126,9 @@ func ValidateInstallConfig(c *types.InstallConfig) field.ErrorList {
 		allErrs = append(allErrs, field.NotSupported(field.NewPath("publish"), c.Publish, validPublishingStrategyValues))
 	}
 	allErrs = append(allErrs, validateCloudCredentialsMode(c.CredentialsMode, field.NewPath("credentialsMode"), c.Platform)...)
+	if c.Capabilities != nil {
+		allErrs = append(allErrs, validateCapabilities(c.Capabilities, field.NewPath("capabilities"))...)
+	}
 
 	if c.Publish == types.InternalPublishingStrategy {
 		switch platformName := c.Platform.Name(); platformName {
@@ -699,3 +703,31 @@ func validateFIPSconfig(c *types.InstallConfig) field.ErrorList {
 	}
 	return allErrs
 }
+
+// validateCapabilities checks if additional, optional OpenShift components are specified in the
+// install-config to be included in the installation.
+func validateCapabilities(c *types.Capabilities, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+
+	allCapabilitySets := sets.NewString()
+	allAvailableCapabilities := sets.NewString()
+	// Create sets of all capability sets and *all* available capabilities across those capability sets
+	for baselineSet, capabilities := range configv1.ClusterVersionCapabilitySets {
+		allCapabilitySets.Insert(string(baselineSet))
+		for _, capability := range capabilities {
+			allAvailableCapabilities.Insert(string(capability))
+		}
+	}
+
+	if !allCapabilitySets.Has(string(c.BaselineCapabilitySet)) {
+		allErrs = append(allErrs, field.NotSupported(fldPath.Child("baselineCapabilitySet"), c.BaselineCapabilitySet, allCapabilitySets.List()))
+	}
+
+	// Check to see the validity of additionalEnabledCapabilities specified by the user
+	for i, capability := range c.AdditionalEnabledCapabilities {
+		if !allAvailableCapabilities.Has(string(capability)) {
+			allErrs = append(allErrs, field.NotSupported(fldPath.Child("additionalEnabledCapabilities").Index(i), capability, allAvailableCapabilities.List()))
+		}
+	}
+	return allErrs
+}

pkg/types/validation/installconfig_test.go

@@ -10,6 +10,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/pointer"
 
+	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/installer/pkg/ipnet"
 	"github.com/openshift/installer/pkg/types"
 	"github.com/openshift/installer/pkg/types/alibabacloud"
@@ -1399,6 +1400,61 @@ func TestValidateInstallConfig(t *testing.T) {
 				return c
 			}(),
 		},
+		{
+			name: "valid baseline capability set",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11"}
+				return c
+			}(),
+		},
+		{
+			name: "invalid empty string baseline capability set",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Capabilities = &types.Capabilities{BaselineCapabilitySet: ""}
+				return c
+			}(),
+			expectedError: `capabilities.baselineCapabilitySet: Unsupported value: "": supported values: .*`,
+		},
+		{
+			name: "invalid baseline capability set specified",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "vNotValid"}
+				return c
+			}(),
+			expectedError: `capabilities.baselineCapabilitySet: Unsupported value: "vNotValid": supported values: .*`,
+		},
+		{
+			name: "valid additional enabled capability specified",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11",
+					AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{"openshift-samples"}}
+				return c
+			}(),
+		},
+		{
+			name: "invalid empty additional enabled capability specified",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11",
+					AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{""}}
+				return c
+			}(),
+			expectedError: `capabilities.additionalEnabledCapabilities\[0\]: Unsupported value: "": supported values: .*`,
+		},
+		{
+			name: "invalid additional enabled capability specified",
+			installConfig: func() *types.InstallConfig {
+				c := validInstallConfig()
+				c.Capabilities = &types.Capabilities{BaselineCapabilitySet: "v4.11",
+					AdditionalEnabledCapabilities: []configv1.ClusterVersionCapability{"not-valid"}}
+				return c
+			}(),
+			expectedError: `capabilities.additionalEnabledCapabilities\[0\]: Unsupported value: "not-valid": supported values: .*`,
+		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {