Update Cluster-API and providers (#667)

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>  ## Summary by CodeRabbit - **New Features** - Introduced dynamic IP address management support. - Enabled comprehensive lifecycle hooks that trigger during both installation and upgrades. - Expanded configuration options with new fields for flexible deployments and customizations. - **Chores** - Upgraded the application and chart versions. - Improved deployment settings with enhanced health checks, diagnostic endpoints, and service account management. - Updated provider versions to enhance overall stability and performance.  Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-01-27 18:18:41 +00:00 · 2025-03-05 14:52:23 +01:00
parent c60b7c0730
commit 47dfaaafe1
13 changed files with 11308 additions and 533 deletions
--- a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.17.0
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.11.0
+version: 0.17.0
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $addonNamespace }}
@@ -37,7 +37,7 @@ metadata:
  name: {{ $addonName }}
  namespace: {{ $addonNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $addonVersion $.Values.secretName }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: {{ $bootstrapNamespace }}
 ---
@@ -36,7 +36,7 @@ metadata:
  name: {{ $bootstrapName }}
  namespace: {{ $bootstrapNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
 {{- if or $bootstrapVersion $.Values.configSecret.name }}
 spec:
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: {{ $controlPlaneNamespace }}
 ---
@@ -36,14 +36,27 @@ metadata:
  name: {{ $controlPlaneName }}
  namespace: {{ $controlPlaneNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
-{{- if or $controlPlaneVersion $.Values.configSecret.name }}
+{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }}
 spec:
 {{- end}}
 {{- if $controlPlaneVersion }}
  version: {{ $controlPlaneVersion }}
 {{- end }}
+{{- if $.Values.manager }}
+{{- if hasKey $.Values.manager.featureGates $controlPlaneName }}
+  manager:
+{{- range $key, $value := $.Values.manager.featureGates }}
+  {{- if eq $key $controlPlaneName }}
+    featureGates:
+    {{- range $k, $v := $value }}
+      {{ $k }}: {{ $v }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
 {{- if $.Values.configSecret.name }}
  configSecret:
    name: {{ $.Values.configSecret.name }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml
@@ -6,7 +6,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: capi-system
 ---
@@ -16,7 +16,7 @@ metadata:
  name: cluster-api
  namespace: capi-system
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
 {{- with .Values.configSecret }}
 spec:
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml
@@ -25,7 +25,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
  name: {{ $coreNamespace }}
 ---
@@ -35,10 +35,10 @@ metadata:
  name: {{ $coreName }}
  namespace: {{ $coreNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
-{{- if or $coreVersion $.Values.configSecret.name }}
+{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }}
 spec:
 {{- end}}
 {{- if $coreVersion }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/deployment.yaml
@@ -47,6 +47,8 @@ spec:
      {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
+      serviceAccountName: capi-operator-manager
+      automountServiceAccountToken: true
      {{- with .Values.securityContext }}
      securityContext:
      {{- toYaml . | nindent 8 }}
@@ -63,15 +65,15 @@ spec:
        {{- if .Values.healthAddr }}
        - --health-addr={{ .Values.healthAddr }}
        {{- end }}
-        {{- if .Values.metricsBindAddr }}
-        - --metrics-bind-addr={{ .Values.metricsBindAddr }}
-        {{- end }}
        {{- if .Values.diagnosticsAddress }}
        - --diagnostics-address={{ .Values.diagnosticsAddress }}
        {{- end }}
        {{- if .Values.insecureDiagnostics }}
        - --insecure-diagnostics={{ .Values.insecureDiagnostics }}
        {{- end }}
+        {{- if .Values.watchConfigSecret }}
+        - --watch-configsecret
+        {{- end }}
        {{- with .Values.leaderElection }}
        - --leader-elect={{ .enabled }}
        {{- if .leaseDuration }}
@@ -95,9 +97,15 @@ spec:
        - containerPort: 9443
          name: webhook-server
          protocol: TCP
-        - containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }}
+          {{- if $.Values.diagnosticsAddress }}
+          {{- $diagnosticsPort := $.Values.diagnosticsAddress }}
+          {{- if contains ":" $diagnosticsPort -}}
+          {{ $diagnosticsPort = ( split ":" $.Values.diagnosticsAddress)._1 | int }}
+          {{- end }}
+        - containerPort: {{ $diagnosticsPort | int }}
          name: metrics
          protocol: TCP
+          {{- end }}
        {{- with .Values.resources.manager }}
        resources:
        {{- toYaml . | nindent 12 }}
@@ -114,6 +122,31 @@ spec:
        volumeMounts:
        {{- toYaml . | nindent 12 }}
        {{- end }}
+        terminationMessagePolicy: FallbackToLogsOnError
+        {{- $healthAddr := $.Values.healthAddr }}
+        {{- if contains ":" $healthAddr -}}
+        {{ $healthAddr = ( split ":" $.Values.healthAddr)._1 | int }}
+        {{- end }}
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: {{ $healthAddr | default 9440 }}
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 20
+          successThreshold: 1
+          timeoutSeconds: 1
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /readyz
+            port: {{ $healthAddr | default 9440 }}
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
      terminationGracePeriodSeconds: 10
      {{- with .Values.volumes }}
      volumes:
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: capi-kubeadm-bootstrap-system
@@ -18,7 +18,7 @@ metadata:
  name: kubeadm
  namespace: capi-kubeadm-bootstrap-system
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
@@ -37,7 +37,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: capi-kubeadm-control-plane-system
@@ -48,11 +48,20 @@ metadata:
  name: kubeadm
  namespace: capi-kubeadm-control-plane-system
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
+{{- if $.Values.manager }}
+  manager:
+{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
+    featureGates:
+    {{- range $key, $value := $.Values.manager.featureGates.kubeadm }}
+      {{ $key }}: {{ $value }}
+    {{- end }}
+{{- end }}
+{{- end }}
  configSecret:
    name: {{ .name }}
    {{- if .namespace }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $infrastructureNamespace }}
@@ -37,10 +37,10 @@ metadata:
  name: {{ $infrastructureName }}
  namespace: {{ $infrastructureNamespace }}
  annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    "argocd.argoproj.io/sync-wave": "2"
-{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager }}
+{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
 spec:
 {{- end }}
 {{- if $infrastructureVersion }}
@@ -59,6 +59,16 @@ spec:
 {{- end }}
 {{- end }}
 {{- end }}
+{{- if and (kindIs "map" $.Values.fetchConfig) (hasKey $.Values.fetchConfig $infrastructureName) }}
+{{- range $key, $value := $.Values.fetchConfig }}
+  {{- if eq $key $infrastructureName }}
+  fetchConfig:
+    {{- range $k, $v := $value }}
+      {{ $k }}: {{ $v }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
 {{- if $.Values.configSecret.name }}
  configSecret:
    name: {{ $.Values.configSecret.name }}
@@ -66,5 +76,8 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
+{{- if $.Values.additionalDeployments }}
+  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
+{{- end }}
 {{- end }}
 {{- end }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml
@@ -0,0 +1,73 @@
+# IPAM providers
+{{- if .Values.ipam }}
+{{- $ipams := split ";" .Values.ipam }}
+{{- $ipamNamespace := "" }}
+{{- $ipamName := "" }}
+{{- $ipamVersion := "" }}
+{{- range $ipam := $ipams }}
+{{- $ipamArgs := split ":" $ipam }}
+{{- $ipamArgsLen := len $ipamArgs }}
+{{-  if eq $ipamArgsLen 3 }}
+  {{- $ipamNamespace = $ipamArgs._0 }}
+  {{- $ipamName = $ipamArgs._1 }}
+  {{- $ipamVersion = $ipamArgs._2 }}
+{{-  else if eq $ipamArgsLen 2 }}
+  {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
+  {{- $ipamName = $ipamArgs._0 }}
+  {{- $ipamVersion = $ipamArgs._1 }}
+{{-  else if eq $ipamArgsLen 1 }}
+  {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
+  {{- $ipamName = $ipamArgs._0 }}
+{{- else }}
+  {{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }}
+{{- end }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    "helm.sh/hook": "post-install,post-upgrade"
+    "helm.sh/hook-weight": "1"
+    "argocd.argoproj.io/sync-wave": "1"
+  name: {{ $ipamNamespace }}
+---
+apiVersion: operator.cluster.x-k8s.io/v1alpha2
+kind: IPAMProvider
+metadata:
+  name: {{ $ipamName }}
+  namespace: {{ $ipamNamespace }}
+  annotations:
+    "helm.sh/hook": "post-install,post-upgrade"
+    "helm.sh/hook-weight": "2"
+    "argocd.argoproj.io/sync-wave": "2"
+{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
+spec:
+{{- end }}
+{{- if $ipamVersion }}
+  version: {{ $ipamVersion }}
+{{- end }}
+{{- if $.Values.manager }}
+  manager:
+{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
+{{- range $key, $value := $.Values.manager.featureGates }}
+  {{- if eq $key $ipamName }}
+    featureGates:
+    {{- range $k, $v := $value }}
+      {{ $k }}: {{ $v }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if $.Values.configSecret.name }}
+  configSecret:
+    name: {{ $.Values.configSecret.name }}
+    {{- if $.Values.configSecret.namespace }}
+    namespace: {{ $.Values.configSecret.namespace }}
+    {{- end }}
+{{- end }}
+{{- if $.Values.additionalDeployments }}
+  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml
--- a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml
@@ -5,8 +5,10 @@ core: ""
 bootstrap: ""
 controlPlane: ""
 infrastructure: ""
+ipam: ""
 addon: ""
 manager.featureGates: {}
+fetchConfig: {}
 # ---
 # Common configuration secret options
 configSecret: {}
@@ -19,14 +21,14 @@ leaderElection:
 image:
  manager:
    repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.11.0
+    tag: v0.17.0
    pullPolicy: IfNotPresent
 env:
  manager: []
-healthAddr: ":8081"
-metricsBindAddr: "127.0.0.1:8080"
-diagnosticsAddress: "8443"
+diagnosticsAddress: ":8443"
+healthAddr: ":9440"
 insecureDiagnostics: false
+watchConfigSecret: false
 imagePullSecrets: {}
 resources:
  manager:
--- a/packages/system/capi-providers/templates/providers.yaml
+++ b/packages/system/capi-providers/templates/providers.yaml
@@ -5,7 +5,7 @@ metadata:
  name: cluster-api
 spec:
  # https://github.com/kubernetes-sigs/cluster-api
-  version: v1.8.3
+  version: v1.9.5
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: ControlPlaneProvider
@@ -13,7 +13,7 @@ metadata:
  name: kamaji
 spec:
  # https://github.com/clastix/cluster-api-control-plane-provider-kamaji
-  version: v0.11.0
+  version: v0.14.1
  deployment:
    containers:
    - name: manager
@@ -28,7 +28,7 @@ metadata:
  name: kubeadm
 spec:
  # https://github.com/kubernetes-sigs/cluster-api
-  version: v1.8.3
+  version: v1.9.5
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: InfrastructureProvider