Render control plane resources using giantswarm/cluster (#374)

* align control plane vcdmachine with kubeadmcontrolplane from cluster chart

* fix disk size calculation for worker nodes

* update values migration guide

* add NTP server list migration

* remove deprecated values

* simon was a bit too hasty

* ensure unsupported fields are not added to worker vcdmachinetemplate

* ensure CP machineTemplate is always provided

* move shared helper function to shared helpers template

* update CI values files

* remove unused templates and manifests

* restore OIDC values

* temporary: consume CI build of cluster chart

* Revert "temporary: consume CI build of cluster chart"

This reverts commit 29683f3.

* update example manifest

* minor correction in changelog

* remove erroneous newlines in static routes service

* bump cluster chart to 1.6.0

CHANGELOG.md

@@ -7,6 +7,141 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### **Breaking change**.
+
+> [!CAUTION]
+> It is important that you check each of the sections in the upgrade guide below. Note that some may not apply to your specific cluster configuration. However, the cleanup section must always be run against the cluster values.
+
+<details>
+<summary>VALUES MIGRATION GUIDE (from v0.60.0)</summary>
+
+Use the snippets below if the section applies to your chart's values:
+
+## Control plane machineTemplate creation
+
+`v0.61.0` moves certain values from `.Values.global.controlPlane` to `.Values.global.controlPlane.machineTemplate`.
+
+**This applies to all clusters, do not skip this**.
+
+```
+yq eval --inplace 'with(select(.global.controlPlane.catalog != null); .global.controlPlane.machineTemplate.catalog = .global.controlPlane.catalog) |
+    with(select(.global.controlPlane.diskSizeGB != null); .global.controlPlane.machineTemplate.diskSizeGB = .global.controlPlane.diskSizeGB) |
+    with(select(.global.controlPlane.placementPolicy != null); .global.controlPlane.machineTemplate.placementPolicy = .global.controlPlane.placementPolicy) |
+    with(select(.global.controlPlane.sizingPolicy != null); .global.controlPlane.machineTemplate.sizingPolicy = .global.controlPlane.sizingPolicy) |
+    with(select(.global.controlPlane.storageProfile != null); .global.controlPlane.machineTemplate.storageProfile = .global.controlPlane.storageProfile) |
+    with(select(.global.controlPlane.template != null); .global.controlPlane.machineTemplate.template = .global.controlPlane.template)' values.yaml
+```
+
+## Control plane endpoint address
+
+If the controlPlane endpoint IP (loadbalancer for the Kubernetes API) has been statically assigned (**this likely will not apply to workload clusters**) then this value will need to be duplicated to the extraCertificateSANs list. 
+
+```
+yq eval --inplace 'with(select(.global.connectivity.network.controlPlaneEndpoint.host != null); .cluster.internal.advancedConfiguration.controlPlane.apiServer.extraCertificateSANs += [ .global.connectivity.network.controlPlaneEndpoint.host ])' values.yaml
+```
+
+## API server admission plugins
+
+The default list is [here](https://github.com/giantswarm/cluster/blob/main/helm/cluster/templates/clusterapi/controlplane/_helpers_clusterconfiguration_apiserver.tpl#L104). If you have not extended this list then you do not need to provide a list of admission plugins at all (defaults will be used from the cluster chart). If you have enabled additional plugins then you will need to run the command below.
+
+```
+yq eval --inplace 'with(select(.internal.apiServer.enableAdmissionPlugins != null); .cluster.providerIntegration.controlPlane.kubeadmConfig.clusterConfiguration.apiServer.additionalAdmissionPlugins = .internal.apiServer.enableAdmissionPlugins)' values.yaml
+```
+
+## API server feature gates
+
+There is no default list of feature gates in the shared cluster chart, so if you have any values under `.internal.apiServer.featureGates` then these must be migrated to the new location.
+
+```
+yq eval --inplace 'with(select(.internal.apiServer.featureGates != null); .cluster.providerIntegration.controlPlane.kubeadmConfig.clusterConfiguration.apiServer.featureGates = .internal.apiServer.featureGates)' values.yaml
+```
+
+## Controller manager feature gates
+
+There is no default list of feature gates in the shared cluster chart, so if you have any values under `.internal.controllerManager.featureGates` then these must be migrated to the new location.
+
+```
+yq eval --inplace 'with(select(.internal.controllerManager.featureGates != null); .cluster.providerIntegration.controlPlane.kubeadmConfig.clusterConfiguration.controllerManager.featureGates = .internal.controllerManager.featureGates)' values.yaml
+```
+
+### Extra certificate SANs for Kubernetes API
+
+Any additional certificate SANs must be added to the extraCertificateSANs list.
+
+```
+yq eval --inplace 'with(select(.internal.apiSserver.certSANs != null); .cluster.internal.advancedConfiguration.controlPlane.apiServer.extraCertificateSANs += [ .internal.apiServer.certSANs[] ])' values.yaml
+```
+
+## OIDC config
+
+`caFile` has been renamed to `caPem`.
+
+```
+yq eval --inplace 'with(select(.global.controlPlane.oidc.caFile != null); .global.controlPlane.oidc.caPem = .global.controlPlane.oidc.caFile)' values.yaml
+```
+
+## SSH trusted CA keys
+
+If you are providing additional trusted CA keys for SSH authentication (other than the default Giant Swarm key) then these need to migrated to the new location.
+
+```
+yq eval --inplace 'with(select(.global.connectivity.shell.sshTrustedUserCAKeys != null); .cluster.providerIntegration.connectivity.sshSsoPublicKey = .global.connectivity.shell.sshTrustedUserCAKeys)' values.yaml
+```
+
+## NTP servers
+
+If provided, NTP server addresses need to be migrated to the new location.
+
+```
+yq eval --inplace 'with(select(.global.connectivity.ntp.servers != null); .cluster.providerIntegration.components.systemd.timesyncd.ntp = .global.connectivity.ntp.servers)' values.yaml
+```
+
+## Upstream proxy settings
+
+Upstream proxy configuration is no longer read from the `.global.connectivity.proxy.secretName` value so this must be removed (see the **Cleanup** section below).
+
+## Additional notes
+
+* `.global.connectivity.shell` is no longer used; this is deleted.
+* `.global.connectivity.ntp` is no longer used; this is deleted.
+* `.global.controlPlane.certSANs` is no longer used; this is deleted.
+* `.global.controlPlane.image` is no longer used; this is deleted.
+* `.global.controlPlane.resourceRatio` is no longer used; this is deleted.
+* `.internal.sandboxContainerImage` is no longer used; this is deleted.
+
+## Cleanup
+
+Final tidyup to remove deprecated values:
+
+```
+yq eval --inplace 'del(.global.controlPlane.catalog) |
+    del(.global.controlPlane.diskSizeGB) |
+    del(.global.controlPlane.placementPolicy) |
+    del(.global.controlPlane.sizingPolicy) |
+    del(.global.controlPlane.storageProfile) |
+    del(.global.controlPlane.template) |
+    del(.global.controlPlane.certSANs) |
+    del(.internal.apiServer) |
+    del(.internal.controllerManager) |
+    del(.global.controlPlane.oidc.caFile) |
+    del(.global.connectivity.ntp) |
+    del(.global.connectivity.shell) |
+    del(.global.connectivity.proxy.secretName) |
+    del(.internal.sandboxContainerImage) |
+    del(.global.controlPlane.image) |
+    del(.global.controlPlane.resourceRatio)' values.yaml
+```
+
+> [!NOTE]
+> End of upgrade guide.
+---
+</details>
+
+### Changed
+
+- Use `giantswarm/cluster` chart to render `KubeadmControlPlane` resource.
+- Fix disk size calculation for worker nodes.
+
 ## [0.60.0] - 2024-10-07
 
 ### **Breaking change**.

examples/cluster-manifest.yaml

@@ -5,6 +5,13 @@ metadata:
   namespace: org-multi-project
 data:
   values: |
+    cluster:
+      providerIntegration:
+        components:
+          systemd:
+            timesyncd:
+              ntp:
+                - 10.10.10.123
     global:
       connectivity:
         network:
@@ -17,6 +24,9 @@ data:
               via: 172.32.150.1
         proxy:
           enabled: true
+          httpProxy: "http://10.205.105.253:3128"
+          httpsProxy: "http://10.205.105.253:3128"
+          noProxy: "my.domain.com,10.205.105.0/24"
         ntp:
           servers:
             - "10.10.10.123"
@@ -27,12 +37,13 @@ data:
         organization: multi-project
         servicePriority: highest
       controlPlane:
-        catalog: giantswarm
         replicas: 3
-        sizingPolicy: m1.medium
+        machineTemplate:
+          catalog: giantswarm
+          sizingPolicy: m1.medium
         oidc:
           issuerUrl: https://dex.testing.test.gigantic.io
-          caFile: ""
+          caPem: ""
           clientId: "dex-k8s-authenticator"
           usernameClaim: "email"
           groupsClaim: "groups"
@@ -82,7 +93,7 @@ spec:
   name: cluster-cloud-director
   namespace: org-multi-project
   catalog: cluster
-  version: 0.13.1
+  version: 0.61.0
   kubeConfig:
     inCluster: true
   userConfig:
@@ -102,7 +113,7 @@ spec:
   name: default-apps-cloud-director
   namespace: org-multi-project
   catalog: cluster
-  version: 0.6.4
+  version: 0.10.0
   kubeConfig:
     inCluster: true
   userConfig:

helm/cluster-cloud-director/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: cluster
   repository: https://giantswarm.github.io/cluster-catalog
-  version: 1.5.1
+  version: 1.6.0
 - name: cluster-shared
   repository: https://giantswarm.github.io/cluster-catalog
   version: 0.7.1
-digest: sha256:7c36f03fbfef9c0204a27b4e5806e91b0654b343132efe0a3685cbdde2dca3f2
-generated: "2024-10-03T16:05:10.03564332+01:00"
+digest: sha256:4b4dafe83fbdcb4acb6d5705b1558840b6acbf88519bf1c9ee7f61fe794da24c
+generated: "2024-10-11T08:48:55.093532683+01:00"

helm/cluster-cloud-director/Chart.yaml

@@ -23,7 +23,7 @@ restrictions:
     - cloud-director
 dependencies:
   - name: cluster
-    version: "1.5.1"
+    version: "1.6.0"
     repository: "https://giantswarm.github.io/cluster-catalog"
   - name: cluster-shared
     version: "0.7.1"