Adding Finalizer on Secret (#279)

* Bumped some versions as the controller-gen crashed

* Added ProxmoxClusterTemplate properly

* Proper alignment //+kubebuilder, and provide annotatons as specified by spec

* Added concurrency to controllers. Added constructors to controllers

* Added capiflags

* metrics-bind-address is obsolete. Use diagnostics address

* Add finalizer on secret

* Cleanup to minimize differences

* Processing review feedback

* Processing feedback

* Update

* Processing feedback

* Fixing tests

* Update

* Delete capi cluster first

* Processing review feedback

* Renamed test context

* Processing review feedback: solve linting issues

---------

Co-authored-by: Mohamed Chiheb Ben Jemaa <mc.benjemaa@gmail.com>

.gitignore

@@ -24,6 +24,7 @@ out/
 
 # editor and IDE paraphernalia
 .idea
+.vscode
 *.swp
 *.swo
 *~

PROJECT

@@ -42,4 +42,12 @@ resources:
   kind: ProxmoxMachineTemplate
   path: github.com/ionos-cloud/cluster-api-provider-proxmox/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: cluster.x-k8s.io
+  group: infrastructure
+  kind: ProxmoxClusterTemplate
+  path: github.com/ionos-cloud/cluster-api-provider-proxmox/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/conditions_consts.go

@@ -83,4 +83,8 @@ const (
 const (
 	// ProxmoxClusterReady documents the status of ProxmoxCluster and its underlying resources.
 	ProxmoxClusterReady clusterv1.ConditionType = "ClusterReady"
+
+	// ProxmoxUnreachableReason (Severity=Error) documents a controller detecting
+	// issues with Proxmox reachability.
+	ProxmoxUnreachableReason = "ProxmoxUnreachable"
 )

api/v1alpha1/proxmoxcluster_types.go

@@ -31,6 +31,8 @@ const (
 	// ClusterFinalizer allows cleaning up resources associated with a
 	// ProxmoxCluster before removing it from the apiserver.
 	ClusterFinalizer = "proxmoxcluster.infrastructure.cluster.x-k8s.io"
+	// SecretFinalizer is the finalizer for ProxmoxCluster credentials secrets .
+	SecretFinalizer = "proxmoxcluster.infrastructure.cluster.x-k8s.io/secret" //nolint:gosec
 )
 
 // ProxmoxClusterSpec defines the desired state of a ProxmoxCluster.
@@ -218,12 +220,12 @@ type NodeLocation struct {
 	Node string `json:"node"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-//+kubebuilder:resource:path=proxmoxclusters,scope=Namespaced,categories=cluster-api,singular=proxmoxcluster
-//+kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".metadata.labels['cluster\\.x-k8s\\.io/cluster-name']",description="Cluster"
-//+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Cluster infrastructure is ready"
-//+kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint",description="API Endpoint"
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:path=proxmoxclusters,scope=Namespaced,categories=cluster-api,singular=proxmoxcluster
+// +kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".metadata.labels['cluster\\.x-k8s\\.io/cluster-name']",description="Cluster"
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Cluster infrastructure is ready"
+// +kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint",description="API Endpoint"
 
 // ProxmoxCluster is the Schema for the proxmoxclusters API.
 type ProxmoxCluster struct {
@@ -235,7 +237,7 @@ type ProxmoxCluster struct {
 	Status ProxmoxClusterStatus `json:"status,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 
 // ProxmoxClusterList contains a list of ProxmoxCluster.
 type ProxmoxClusterList struct {

api/v1alpha1/proxmoxclustertemplate_types.go

@@ -35,8 +35,10 @@ type ProxmoxClusterTemplateResource struct {
 	Spec       ProxmoxClusterSpec   `json:"spec"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:path=proxmoxclustertemplates,scope=Namespaced,categories=cluster-api,shortName=pct
+// +kubebuilder:storageversion
 
 // ProxmoxClusterTemplate is the Schema for the proxmoxclustertemplates API.
 type ProxmoxClusterTemplate struct {

api/v1alpha1/proxmoxmachinetemplate_types.go

@@ -26,7 +26,9 @@ type ProxmoxMachineTemplateSpec struct {
 	Template ProxmoxMachineTemplateResource `json:"template"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=proxmoxmachinetemplates,scope=Namespaced,categories=cluster-api,shortName=pmt
+// +kubebuilder:storageversion
 
 // ProxmoxMachineTemplate is the Schema for the proxmoxmachinetemplates API.
 type ProxmoxMachineTemplate struct {

cmd/main.go

@@ -51,7 +51,7 @@ import (
 	"github.com/ionos-cloud/cluster-api-provider-proxmox/internal/webhook"
 	capmox "github.com/ionos-cloud/cluster-api-provider-proxmox/pkg/proxmox"
 	"github.com/ionos-cloud/cluster-api-provider-proxmox/pkg/proxmox/goproxmox"
-	//+kubebuilder:scaffold:imports
+	// +kubebuilder:scaffold:imports
 )
 
 var (
@@ -78,7 +78,7 @@ func init() {
 	_ = ipamicv1.AddToScheme(scheme)
 	_ = ipamv1.AddToScheme(scheme)
 
-	//+kubebuilder:scaffold:scheme
+	// +kubebuilder:scaffold:scheme
 }
 
 func main() {
@@ -144,7 +144,7 @@ func main() {
 			os.Exit(1)
 		}
 	}
-	//+kubebuilder:scaffold:builder
+	// +kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		setupLog.Error(err, "unable to set up health check")
@@ -162,20 +162,20 @@ func main() {
 	}
 }
 
-func setupReconcilers(ctx context.Context, mgr ctrl.Manager, client capmox.Client) error {
+func setupReconcilers(ctx context.Context, mgr ctrl.Manager, proxmoxClient capmox.Client) error {
 	if err := (&controller.ProxmoxClusterReconciler{
 		Client:        mgr.GetClient(),
 		Scheme:        mgr.GetScheme(),
 		Recorder:      mgr.GetEventRecorderFor("proxmoxcluster-controller"),
-		ProxmoxClient: client,
+		ProxmoxClient: proxmoxClient,
 	}).SetupWithManager(ctx, mgr); err != nil {
 		return fmt.Errorf("setting up ProxmoxCluster controller: %w", err)
 	}
 	if err := (&controller.ProxmoxMachineReconciler{
 		Client:        mgr.GetClient(),
 		Scheme:        mgr.GetScheme(),
 		Recorder:      mgr.GetEventRecorderFor("proxmoxmachine-controller"),
-		ProxmoxClient: client,
+		ProxmoxClient: proxmoxClient,
 	}).SetupWithManager(mgr); err != nil {
 		return fmt.Errorf("setting up ProxmoxMachine controller: %w", err)
 	}

config/crd/bases/infrastructure.cluster.x-k8s.io_proxmoxclustertemplates.yaml

@@ -8,9 +8,13 @@ metadata:
 spec:
   group: infrastructure.cluster.x-k8s.io
   names:
+    categories:
+    - cluster-api
     kind: ProxmoxClusterTemplate
     listKind: ProxmoxClusterTemplateList
     plural: proxmoxclustertemplates
+    shortNames:
+    - pct
     singular: proxmoxclustertemplate
   scope: Namespaced
   versions:

config/crd/bases/infrastructure.cluster.x-k8s.io_proxmoxmachinetemplates.yaml

@@ -8,9 +8,13 @@ metadata:
 spec:
   group: infrastructure.cluster.x-k8s.io
   names:
+    categories:
+    - cluster-api
     kind: ProxmoxMachineTemplate
     listKind: ProxmoxMachineTemplateList
     plural: proxmoxmachinetemplates
+    shortNames:
+    - pmt
     singular: proxmoxmachinetemplate
   scope: Namespaced
   versions:

config/crd/kustomization.yaml

@@ -22,6 +22,7 @@ commonLabels:
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_proxmoxclusters.yaml
+#- patches/cainjection_in_proxmoxclustertemplates.yaml
 #- patches/cainjection_in_proxmoxmachines.yaml
 #- patches/cainjection_in_proxmoxmachinetemplates.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch

config/rbac/proxmoxclustertemplate_editor_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to edit proxmoxclustertemplates.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: cluster-api-provider-proxmox
+    app.kubernetes.io/managed-by: kustomize
+  name: proxmoxclustertemplate-editor-role
+rules:
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - proxmoxclustertemplates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - proxmoxclustertemplates/status
+  verbs:
+  - get

config/rbac/proxmoxclustertemplate_viewer_role.yaml

@@ -0,0 +1,23 @@
+# permissions for end users to view proxmoxclustertemplates.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: cluster-api-provider-proxmox
+    app.kubernetes.io/managed-by: kustomize
+  name: proxmoxclustertemplate-viewer-role
+rules:
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - proxmoxclustertemplates
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - proxmoxclustertemplates/status
+  verbs:
+  - get

config/rbac/role.yaml

@@ -41,6 +41,15 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
 - apiGroups:
   - infrastructure.cluster.x-k8s.io
   resources:

config/samples/kustomization.yaml

@@ -2,6 +2,7 @@
 ## Append samples of your project ##
 resources:
 - infrastructure_v1alpha1_proxmoxcluster.yaml
+- infrastructure_v1alpha1_proxmoxclustertemplate.yaml
 - infrastructure_v1alpha1_proxmoxmachine.yaml
 - infrastructure_v1alpha1_proxmoxmachinetemplate.yaml
 # +kubebuilder:scaffold:manifestskustomizesamples