Add SCS2 Cluster Stacks

providers/openstack/scs2/README.md

@@ -0,0 +1,124 @@
+# Cluster Stacks
+
+## Getting started
+
+```sh
+# Create bootstrap cluster
+kind create cluster
+
+# Init Cluster API
+export CLUSTER_TOPOLOGY=true
+export EXP_CLUSTER_RESOURCE_SET=true
+export EXP_RUNTIME_SDK=true
+kubectl apply -f https://github.com/k-orc/openstack-resource-controller/releases/latest/download/install.yaml
+clusterctl init --infrastructure openstack
+
+kubectl -n capi-system rollout status deployment
+kubectl -n capo-system rollout status deployment
+```
+
+```
+# Install CSO and CSPO
+helm upgrade -i cso \
+-n cso-system \
+--create-namespace \
+oci://registry.scs.community/cluster-stacks/cso
+```
+
+```sh
+export CLUSTER_NAMESPACE=cluster
+export CLUSTER_NAME=my-cluster
+export CLUSTERSTACK_NAMESPACE=cluster
+export CLUSTERSTACK_VERSION=v1
+export OS_CLIENT_CONFIG_FILE=${PWD}/clouds.yaml
+kubectl create namespace $CLUSTER_NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
+```
+
+```sh
+# Create secret for CAPO
+kubectl create secret -n $CLUSTER_NAMESPACE generic openstack --from-file=clouds.yaml=$OS_CLIENT_CONFIG_FILE --dry-run=client -oyaml | kubectl apply -f -
+
+# Prepare the Secret as it will be deployed in the Workload Cluster
+kubectl create secret -n kube-system generic clouds-yaml --from-file=clouds.yaml=$OS_CLIENT_CONFIG_FILE --dry-run=client -oyaml > clouds-yaml-secret
+
+# Add the Secret to the ClusterResourceSet Secret in the Management Cluster
+kubectl create -n $CLUSTER_NAMESPACE secret generic clouds-yaml --from-file=clouds-yaml-secret --type=addons.cluster.x-k8s.io/resource-set --dry-run=client -oyaml | kubectl apply -f -
+```
+
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: addons.cluster.x-k8s.io/v1beta1
+kind: ClusterResourceSet
+metadata:
+  name: clouds-yaml
+  namespace: $CLUSTER_NAMESPACE
+spec:
+  strategy: "Reconcile"
+  clusterSelector:
+    matchLabels:
+      managed-secret: clouds-yaml
+  resources:
+    - name: clouds-yaml
+      kind: Secret
+EOF
+```
+
+```sh
+# Apply ClusterStack resource
+cat <<EOF | kubectl apply -f -
+apiVersion: clusterstack.x-k8s.io/v1alpha1
+kind: ClusterStack
+metadata:
+  name: openstack
+  namespace: $CLUSTERSTACK_NAMESPACE
+spec:
+  provider: openstack
+  name: scs2
+  kubernetesVersion: "1.33"
+  channel: stable
+  autoSubscribe: false
+  noProvider: true
+  versions:
+    - $CLUSTERSTACK_VERSION
+EOF
+```
+
+```sh
+# Apply Cluster resource
+cat <<EOF | kubectl apply -f -
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: $CLUSTER_NAME
+  namespace: $CLUSTER_NAMESPACE
+
+  labels:
+    managed-secret: clouds-yaml
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+      - "172.16.0.0/16"
+    serviceDomain: cluster.local
+    services:
+      cidrBlocks:
+      - "10.96.0.0/12"
+  topology:
+    variables:
+    class: openstack-scs2-1-33-$CLUSTERSTACK_VERSION
+    classNamespace: $CLUSTERSTACK_NAMESPACE
+    controlPlane:
+      replicas: 1
+    version: v1.33.4
+    workers:
+      machineDeployments:
+        - class: default-worker
+          name: md-0
+          replicas: 1
+EOF
+```
+
+```sh
+clusterctl get kubeconfig -n $CLUSTER_NAMESPACE openstack-testcluster > /tmp/kubeconfig
+kubectl get nodes --kubeconfig /tmp/kubeconfig
+```

providers/openstack/scs2/cluster-addon/ccm/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+type: application
+description: CCM
+name: CCM
+version: v1
+dependencies:
+  - alias: openstack-cloud-controller-manager
+    name: openstack-cloud-controller-manager
+    repository: https://kubernetes.github.io/cloud-provider-openstack
+    version: 2.33.1

providers/openstack/scs2/cluster-addon/ccm/overwrite.yaml

@@ -0,0 +1,4 @@
+values: |
+  openstack-cloud-controller-manager:
+    cluster:
+      name: {{ .Cluster.metadata.name }}

providers/openstack/scs2/cluster-addon/ccm/values.yaml

@@ -0,0 +1,21 @@
+openstack-cloud-controller-manager:
+  secret:
+    enabled: true
+    name: ccm-cloud-config
+    create: true
+  nodeSelector:
+  tolerations:
+    - key: node.cloudprovider.kubernetes.io/uninitialized
+      value: "true"
+      effect: NoSchedule
+  extraVolumes:
+    - name: clouds-yaml
+      secret:
+        secretName: clouds-yaml
+  extraVolumeMounts:
+    - name: clouds-yaml
+      readOnly: true
+      mountPath: /etc/openstack
+  cloudConfig:
+    global:
+      use-clouds: true

providers/openstack/scs2/cluster-addon/cni/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+type: application
+description: CNI
+name: CNI
+version: v1
+dependencies:
+  - alias: cilium
+    name: cilium
+    repository: https://helm.cilium.io/
+    version: 1.18.1

providers/openstack/scs2/cluster-addon/cni/values.yaml

@@ -0,0 +1,14 @@
+cilium:
+  namespaceOverride: kube-system
+  tls:
+    secretsNamespace:
+      name: "kube-system"
+  sessionAffinity: true
+  sctp:
+    enabled: true
+  ipam:
+    mode: "kubernetes"
+  gatewayAPI:
+    enabled: true
+    secretsNamespace:
+      name: "kube-system"

providers/openstack/scs2/cluster-addon/csi/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+type: application
+description: CSI
+name: CSI
+version: v1
+dependencies:
+  - alias: openstack-cinder-csi
+    name: openstack-cinder-csi
+    repository: https://kubernetes.github.io/cloud-provider-openstack
+    version: 2.33.1

providers/openstack/scs2/cluster-addon/csi/overwrite.yaml

@@ -0,0 +1,3 @@
+values: |
+  openstack-cinder-csi:
+    clusterID: "{{ .Cluster.metadata.name }}"

providers/openstack/scs2/cluster-addon/csi/values.yaml

@@ -0,0 +1,41 @@
+openstack-cinder-csi:
+  secret:
+    enabled: true
+    name: csi-cloud-config
+    create: true
+    filename: cloud.conf
+    data:
+      cloud.conf: |-
+        [Global]
+        use-clouds = "true"
+        clouds-file = /etc/openstack/clouds.yaml
+  storageClass:
+    delete:
+      isDefault: true
+  csi:
+    plugin:
+      volumes:
+        - name: clouds-yaml
+          secret:
+            secretName: clouds-yaml
+        - name: cloud-conf
+          secret:
+            secretName: csi-cloud-config
+      volumeMounts:
+        - name: clouds-yaml
+          readOnly: true
+          mountPath: /etc/openstack
+        - name: cloud-conf
+          readOnly: true
+          mountPath: /etc/kubernetes
+        - name: cloud-conf
+          readOnly: true
+          mountPath: /etc/config
+  nodeSelector:
+    node-role.kubernetes.io/control-plane: ""
+  tolerations:
+    - key: node.cloudprovider.kubernetes.io/uninitialized
+      value: "true"
+      effect: NoSchedule
+    - key: node-role.kubernetes.io/control-plane
+      effect: NoSchedule

providers/openstack/scs2/cluster-addon/metrics-server/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+type: application
+description: Metrics Server
+name: metrics-server
+version: v1
+dependencies:
+  - name: "metrics-server"
+    version: "3.13.0"
+    repository: "https://kubernetes-sigs.github.io/metrics-server/"
+    alias: "metrics-server"

providers/openstack/scs2/cluster-addon/metrics-server/overwrite.yaml

@@ -0,0 +1,4 @@
+values: |
+  metrics-server:
+    commonLabels:
+      domain: "{{ .Cluster.spec.controlPlaneEndpoint.host }}"

providers/openstack/scs2/cluster-addon/metrics-server/values.yaml

@@ -0,0 +1,4 @@
+metrics-server:
+  fullnameOverride: metrics-server
+  args:
+    - --kubelet-insecure-tls

providers/openstack/scs2/cluster-class/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

providers/openstack/scs2/cluster-class/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+description: "This chart installs and configures:
+
+  * Openstack scs2 Cluster Class
+
+  "
+name: openstack-scs2-1-33-cluster-class
+type: application
+version: v1

providers/openstack/scs2/cluster-class/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster-class.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cluster-class.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster-class.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster-class.labels" -}}
+helm.sh/chart: {{ include "cluster-class.chart" . }}
+{{ include "cluster-class.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster-class.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster-class.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cluster-class.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cluster-class.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}