no-jira: Fix verify capi manifests script

data/data/cluster-api/core-components.yaml

@@ -4422,6 +4422,15 @@ spec:
                     description: The name of the ClusterClass object to create the
                       topology.
                     type: string
+                  classNamespace:
+                    description: |-
+                      classNamespace is the namespace of the ClusterClass object to create the topology.
+                      If the namespace is empty or not set, it is defaulted to the namespace of the cluster object.
+                      Value must follow the DNS1123Subdomain syntax.
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9](?:[-a-z0-9]*[a-z0-9])?)*$
+                    type: string
                   controlPlane:
                     description: controlPlane describes the cluster control plane.
                     properties:
@@ -8034,17 +8043,20 @@ spec:
                   behavior:
                     description: |-
                       behavior defines the drain behavior.
-                      Can be either "Drain" or "Skip".
+                      Can be either "Drain", "Skip", or "WaitCompleted".
                       "Drain" means that the Pods to which this MachineDrainRule applies will be drained.
                       If behavior is set to "Drain" the order in which Pods are drained can be configured
                       with the order field. When draining Pods of a Node the Pods will be grouped by order
                       and one group after another will be drained (by increasing order). Cluster API will
                       wait until all Pods of a group are terminated / removed from the Node before starting
                       with the next group.
                       "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain.
+                      "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted
+                      and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0.
                     enum:
                     - Drain
                     - Skip
+                    - WaitCompleted
                     type: string
                   order:
                     description: |-

data/data/cluster-api/nutanix-infrastructure-components.yaml

@@ -10,7 +10,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   labels:
     cluster.x-k8s.io/provider: infrastructure-nutanix
     cluster.x-k8s.io/v1beta1: v1beta1
@@ -153,6 +153,7 @@ spec:
                       type: array
                   required:
                   - cluster
+                  - controlPlane
                   - name
                   - subnets
                   type: object
@@ -323,7 +324,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   labels:
     cluster.x-k8s.io/provider: infrastructure-nutanix
     cluster.x-k8s.io/v1beta1: v1beta1
@@ -467,6 +468,7 @@ spec:
                               type: array
                           required:
                           - cluster
+                          - controlPlane
                           - name
                           - subnets
                           type: object
@@ -562,7 +564,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   labels:
     cluster.x-k8s.io/provider: infrastructure-nutanix
     cluster.x-k8s.io/v1beta1: v1beta1
@@ -656,7 +658,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
@@ -923,7 +924,6 @@ spec:
                       the event) or if no container name is specified "spec.containers[2]" (container with
                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                       referencing a part of an object.
-                      TODO: this design is not final and this field is subject to change in the future.
                     type: string
                   kind:
                     description: |-
@@ -969,7 +969,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   labels:
     cluster.x-k8s.io/provider: infrastructure-nutanix
     cluster.x-k8s.io/v1beta1: v1beta1
@@ -1083,7 +1083,6 @@ spec:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -1337,6 +1336,7 @@ rules:
   - ""
   resources:
   - configmaps
+  - secrets
   verbs:
   - delete
   - get
@@ -1352,16 +1352,6 @@ rules:
   - list
   - patch
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - delete
-  - get
-  - list
-  - update
-  - watch
 - apiGroups:
   - bootstrap.cluster.x-k8s.io
   resources:
@@ -1385,15 +1375,7 @@ rules:
 - apiGroups:
   - cluster.x-k8s.io
   resources:
-  - clusters
   - clusters/status
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
   - machines
   - machines/status
   verbs:
@@ -1404,31 +1386,6 @@ rules:
   - infrastructure.cluster.x-k8s.io
   resources:
   - nutanixclusters
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - infrastructure.cluster.x-k8s.io
-  resources:
-  - nutanixclusters/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - infrastructure.cluster.x-k8s.io
-  resources:
-  - nutanixclusters/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - infrastructure.cluster.x-k8s.io
-  resources:
   - nutanixmachines
   verbs:
   - create
@@ -1441,12 +1398,14 @@ rules:
 - apiGroups:
   - infrastructure.cluster.x-k8s.io
   resources:
+  - nutanixclusters/finalizers
   - nutanixmachines/finalizers
   verbs:
   - update
 - apiGroups:
   - infrastructure.cluster.x-k8s.io
   resources:
+  - nutanixclusters/status
   - nutanixmachines/status
   verbs:
   - get
@@ -1679,7 +1638,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: spec.nodeName
-        image: ghcr.io/nutanix-cloud-native/cluster-api-provider-nutanix/controller:v1.5.3
+        image: ghcr.io/nutanix-cloud-native/cluster-api-provider-nutanix/controller:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

docs/dev/dependencies.md

@@ -71,7 +71,16 @@ go mod tidy && go mod vendor
 
 When bumping version of the CAPI provider, some infrastructure CRDs might be updated and we need to ensure the installer is aware of that as it keeps a copy of the CRD in directory `data/data/cluster-api/`.
 
-First, clone the upstream CAPI provider project.
+An easy way to update the infrastructure manifests is to run `./hack/verify-capi-manifests.sh [provider-dir]`:
+
+```bash
+# Update infrastructure manifests for all providers
+./hack/verify-capi-manifests.sh
+# Or update infrastructure manifest for a specific provider (e.g. aws)
+./hack/verify-capi-manifests.sh cluster-api/providers/aws
+```
+
+Another way is to manually do it yourself. First, clone the upstream CAPI provider project.
 
 ```bash
 # We need to have a copy of the CAPI provider project if not yet

hack/verify-capi-manifests.sh

@@ -2,6 +2,75 @@
 
 MANIFESTS_DIR="/go/src/github.com/openshift/installer/data/data/cluster-api"
 
+# Generate provider manifest from released assets
+generate_capi_manifest_from_released_assets() {
+	echo "Generating ${provider} manifest from released assets"
+	provider="$1"
+	repo_origin="$2"
+	version="$3"
+
+	# Not a version, but a revision
+	if [[ ! "$version" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$  ]]; then
+		return 1
+	fi
+
+	# Core CAPI generates cluster-api-components.yaml
+	# while provider generates infrastructure-components.yaml
+	case "${provider}" in
+	cluster-api)
+		asset_name="cluster-api-components.yaml"
+		saved_asset_name="${MANIFESTS_DIR}/core-components.yaml"
+		;;
+	*)
+		asset_name="infrastructure-components.yaml"
+		saved_asset_name="${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
+		;;
+	esac
+
+	if ! curl -fSsL -o "${saved_asset_name}" "$repo_origin/releases/download/${version}/${asset_name}"; then
+		echo "Failed generating ${provider} manifest from released assets. Falling back to generate from specified revision"
+		return 1
+	fi
+}
+
+# Generate provider manifest from specified revision
+generate_capi_manifest_from_revision() {
+	echo "Generating ${provider} manifest from specified revision"
+	provider="$1"
+	repo_origin="$2"
+	revision="$3"
+
+	clone_path="$(mktemp -d)"
+	git clone "${repo_origin}" "${clone_path}"
+	pushd "${clone_path}"
+	git fetch "${repo_origin}" "${revision}"
+	git checkout "${revision}"
+
+	# Provider-specific generate command
+	case "${provider}" in
+	vsphere)
+		make release-manifests-all
+		;;
+	*)
+		make release-manifests
+		;;
+	esac
+
+	# Core CAPI generates cluster-api-components.yaml
+	# while provider generates infrastructure-components.yaml
+	# except azureaso that needs combining 2 manifests.
+	case "${provider}" in
+	cluster-api)
+		cp out/cluster-api-components.yaml "${MANIFESTS_DIR}/core-components.yaml"
+		;;
+	*)
+		cp out/infrastructure-components.yaml "${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
+		;;
+	esac
+	popd
+	rm -rf "${clone_path}"
+}
+
 generate_capi_manifest() {
 	provider="$(basename "$1")"
 
@@ -17,48 +86,43 @@ generate_capi_manifest() {
 	repo_origin="$(jq '.Origin.URL' "${info_path}" | sed 's|"||g')"
 	revision="$(jq '.Origin.Hash' "${info_path}" | sed 's|"||g')"
 
-	if [ "${provider}" = "azureaso" ]; then
-		# Just copy the CRD from upstream
-		curl -fSsL "https://github.com/Azure/azure-service-operator/releases/download/${version}/azureserviceoperator_${version}.yaml" -o "${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
-		echo "---" >>"${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
-		curl -fSsL "https://github.com/Azure/azure-service-operator/releases/download/${version}/azureserviceoperator_customresourcedefinitions_${version}.yaml" >>"${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
-	else
-		# Generate provider manifest from specified revision
-		clone_path="$(mktemp -d)"
-		git clone "${repo_origin}" "${clone_path}"
-		pushd "${clone_path}"
-		git checkout "${revision}"
-		case "${provider}" in
-		vsphere)
-			make release-manifests-all
+	case "${provider}" in
+		azurestack)
+		    # skip this for now--until unforked
 			;;
-		*)
-			make release-manifests
-			;;
-		esac
-
-		case "${provider}" in
-		cluster-api)
-			cp out/cluster-api-components.yaml "${MANIFESTS_DIR}/core-components.yaml"
+		azureaso)
+			# Just copy the CRD from upstream release assets
+			curl -fSsL "https://github.com/Azure/azure-service-operator/releases/download/${version}/azureserviceoperator_${version}.yaml" -o "${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
+			echo "---" >>"${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
+			curl -fSsL "https://github.com/Azure/azure-service-operator/releases/download/${version}/azureserviceoperator_customresourcedefinitions_${version}.yaml" >>"${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
 			;;
 		*)
-			cp out/infrastructure-components.yaml "${MANIFESTS_DIR}/${provider}-infrastructure-components.yaml"
+			# Attempt to find the infrastructure manifest in the released assets
+			# If none is found, generate the infrastucture manifests from the pinned revision
+			generate_capi_manifest_from_released_assets "$provider" "$repo_origin" "$version" || \
+			generate_capi_manifest_from_revision "$provider" "$repo_origin" "$revision"
 			;;
-		esac
-		popd
-		rm -rf "${clone_path}"
-	fi
+	esac
 }
 
 if [ "$IS_CONTAINER" != "" ]; then
 	set -eux
 
 	# Install `jq` if not present
-	if ! command -v jq; then
+	if ! command -v jq >/dev/null 2>&1; then
 		curl -L https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 -o /usr/bin/jq
 		chmod u+x /usr/bin/jq
 	fi
 
+	# Install `controller-gen` & `kustomize`, which are needed by nutanix, if not present
+	if ! command -v controller-gen >/dev/null 2>&1; then
+		go install sigs.k8s.io/controller-tools/cmd/controller-gen
+	fi
+
+	if ! command -v kustomize >/dev/null 2>&1; then
+		go install sigs.k8s.io/kustomize/kustomize/v5@latest
+	fi
+
 	# Silence git hints and advices
 	git config --global init.defaultBranch master
 	git config --global advice.detachedHead false