Merge branch 'kubernetes-sigs:main' into add-devcontainer

config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml

@@ -82,6 +82,14 @@ spec:
                   rule: self == oldSelf
                 - message: billingAccount must be a valid AWS account ID
                   rule: self.matches('^[0-9]{12}$')
+              channelGroup:
+                default: stable
+                description: OpenShift version channel group, default is stable.
+                enum:
+                - stable
+                - candidate
+                - nightly
+                type: string
               clusterRegistryConfig:
                 description: ClusterRegistryConfig represents registry config used
                   with the cluster.
@@ -800,6 +808,7 @@ spec:
                 type: string
             required:
             - availabilityZones
+            - channelGroup
             - installerRoleARN
             - oidcID
             - region

controllers/awscluster_controller_test.go

@@ -776,6 +776,17 @@ func mockedDeleteInstanceCalls(m *mocks.MockEC2APIMockRecorder) {
 }
 
 func mockedVPCCallsForExistingVPCAndSubnets(m *mocks.MockEC2APIMockRecorder) {
+	m.DescribeNatGatewaysPagesWithContext(context.TODO(), gomock.Eq(&ec2.DescribeNatGatewaysInput{
+		Filter: []*ec2.Filter{
+			{
+				Name:   aws.String("vpc-id"),
+				Values: []*string{aws.String("vpc-exists")},
+			},
+			{
+				Name:   aws.String("state"),
+				Values: aws.StringSlice([]string{ec2.VpcStatePending, ec2.VpcStateAvailable}),
+			},
+		}}), gomock.Any()).Return(nil)
 	m.CreateTagsWithContext(context.TODO(), gomock.Eq(&ec2.CreateTagsInput{
 		Resources: aws.StringSlice([]string{"subnet-1"}),
 		Tags: []*ec2.Tag{

controlplane/rosa/api/v1beta2/rosacontrolplane_types.go

@@ -91,6 +91,12 @@ type RosaControlPlaneSpec struct { //nolint: maligned
 	// OpenShift semantic version, for example "4.14.5".
 	Version string `json:"version"`
 
+	// OpenShift version channel group, default is stable.
+	//
+	// +kubebuilder:validation:Enum=stable;candidate;nightly
+	// +kubebuilder:default=stable
+	ChannelGroup string `json:"channelGroup"`
+
 	// VersionGate requires acknowledgment when upgrading ROSA-HCP y-stream versions (e.g., from 4.15 to 4.16).
 	// Default is WaitForAcknowledge.
 	// WaitForAcknowledge: If acknowledgment is required, the upgrade will not proceed until VersionGate is set to Acknowledge or AlwaysAcknowledge.

controlplane/rosa/controllers/rosacontrolplane_controller.go

@@ -878,7 +878,8 @@ func (r *ROSAControlPlaneReconciler) reconcileClusterAdminPassword(ctx context.C
 
 func validateControlPlaneSpec(ocmClient *ocm.Client, rosaScope *scope.ROSAControlPlaneScope) (string, error) {
 	version := rosaScope.ControlPlane.Spec.Version
-	valid, err := ocmClient.ValidateHypershiftVersion(version, ocm.DefaultChannelGroup)
+	channelGroup := rosaScope.ControlPlane.Spec.ChannelGroup
+	valid, err := ocmClient.ValidateHypershiftVersion(version, channelGroup)
 	if err != nil {
 		return "", fmt.Errorf("failed to check if version is valid: %w", err)
 	}
@@ -902,8 +903,8 @@ func buildOCMClusterSpec(controlPlaneSpec rosacontrolplanev1.RosaControlPlaneSpe
 		DomainPrefix:              controlPlaneSpec.DomainPrefix,
 		Region:                    controlPlaneSpec.Region,
 		MultiAZ:                   true,
-		Version:                   ocm.CreateVersionID(controlPlaneSpec.Version, ocm.DefaultChannelGroup),
-		ChannelGroup:              ocm.DefaultChannelGroup,
+		Version:                   ocm.CreateVersionID(controlPlaneSpec.Version, controlPlaneSpec.ChannelGroup),
+		ChannelGroup:              controlPlaneSpec.ChannelGroup,
 		DisableWorkloadMonitoring: ptr.To(true),
 		DefaultIngress:            ocm.NewDefaultIngressSpec(), // n.b. this is a no-op when it's set to the default value
 		ComputeMachineType:        controlPlaneSpec.DefaultMachinePoolSpec.InstanceType,

docs/book/src/topics/rosa/upgrades.md

@@ -11,6 +11,8 @@ When the versionGate is set to 'Acknowledge', it will revert to 'WaitForAcknowle
 
 The available upgrades versions for the `ROSAControlPlane` will be listed under `ROSAControlPlane.status.availableUpgrades`
 
+The version channel group `ROSAControlPlane.spec.channelGroup` default to stable. However, it can be set to candidate or nightly. Changing the version channel group will change the `ROSAControlPlane.status.availableUpgrades` accordingly. 
+
 The Upgrade state can be checked in the conditions under `ROSAControlPlane.status`.
 
 ## MachinePool Upgrade

pkg/cloud/services/network/natgateways.go

@@ -41,6 +41,10 @@ import (
 func (s *Service) reconcileNatGateways() error {
 	if s.scope.VPC().IsUnmanaged(s.scope.Name()) {
 		s.scope.Trace("Skipping NAT gateway reconcile in unmanaged mode")
+		_, err := s.updateNatGatewayIPs(s.scope.TagUnmanagedNetworkResources())
+		if err != nil {
+			return err
+		}
 		return nil
 	}
 
@@ -66,44 +70,11 @@ func (s *Service) reconcileNatGateways() error {
 		return nil
 	}
 
-	existing, err := s.describeNatGatewaysBySubnet()
+	subnetIDs, err := s.updateNatGatewayIPs(true)
 	if err != nil {
 		return err
 	}
 
-	natGatewaysIPs := []string{}
-	subnetIDs := []string{}
-
-	for _, sn := range s.scope.Subnets().FilterPublic().FilterNonCni() {
-		if sn.GetResourceID() == "" {
-			continue
-		}
-
-		if ngw, ok := existing[sn.GetResourceID()]; ok {
-			if len(ngw.NatGatewayAddresses) > 0 && ngw.NatGatewayAddresses[0].PublicIp != nil {
-				natGatewaysIPs = append(natGatewaysIPs, *ngw.NatGatewayAddresses[0].PublicIp)
-			}
-			// Make sure tags are up to date.
-			if err := wait.WaitForWithRetryable(wait.NewBackoff(), func() (bool, error) {
-				buildParams := s.getNatGatewayTagParams(*ngw.NatGatewayId)
-				tagsBuilder := tags.New(&buildParams, tags.WithEC2(s.EC2Client))
-				if err := tagsBuilder.Ensure(converters.TagsToMap(ngw.Tags)); err != nil {
-					return false, err
-				}
-				return true, nil
-			}, awserrors.ResourceNotFound); err != nil {
-				record.Warnf(s.scope.InfraCluster(), "FailedTagNATGateway", "Failed to tag managed NAT Gateway %q: %v", *ngw.NatGatewayId, err)
-				return errors.Wrapf(err, "failed to tag nat gateway %q", *ngw.NatGatewayId)
-			}
-
-			continue
-		}
-
-		subnetIDs = append(subnetIDs, sn.GetResourceID())
-	}
-
-	s.scope.SetNatGatewaysIPs(natGatewaysIPs)
-
 	// Batch the creation of NAT gateways
 	if len(subnetIDs) > 0 {
 		// set NatGatewayCreationStarted if the condition has never been set before
@@ -133,6 +104,49 @@ func (s *Service) reconcileNatGateways() error {
 	return nil
 }
 
+func (s *Service) updateNatGatewayIPs(updateTags bool) ([]string, error) {
+	existing, err := s.describeNatGatewaysBySubnet()
+	if err != nil {
+		return nil, err
+	}
+
+	natGatewaysIPs := []string{}
+	subnetIDs := []string{}
+
+	for _, sn := range s.scope.Subnets().FilterPublic().FilterNonCni() {
+		if sn.GetResourceID() == "" {
+			continue
+		}
+
+		if ngw, ok := existing[sn.GetResourceID()]; ok {
+			if len(ngw.NatGatewayAddresses) > 0 && ngw.NatGatewayAddresses[0].PublicIp != nil {
+				natGatewaysIPs = append(natGatewaysIPs, *ngw.NatGatewayAddresses[0].PublicIp)
+			}
+			if updateTags {
+				// Make sure tags are up to date.
+				if err := wait.WaitForWithRetryable(wait.NewBackoff(), func() (bool, error) {
+					buildParams := s.getNatGatewayTagParams(*ngw.NatGatewayId)
+					tagsBuilder := tags.New(&buildParams, tags.WithEC2(s.EC2Client))
+					if err := tagsBuilder.Ensure(converters.TagsToMap(ngw.Tags)); err != nil {
+						return false, err
+					}
+					return true, nil
+				}, awserrors.ResourceNotFound); err != nil {
+					record.Warnf(s.scope.InfraCluster(), "FailedTagNATGateway", "Failed to tag managed NAT Gateway %q: %v", *ngw.NatGatewayId, err)
+					return nil, errors.Wrapf(err, "failed to tag nat gateway %q", *ngw.NatGatewayId)
+				}
+			}
+
+			continue
+		}
+
+		subnetIDs = append(subnetIDs, sn.GetResourceID())
+	}
+
+	s.scope.SetNatGatewaysIPs(natGatewaysIPs)
+	return subnetIDs, nil
+}
+
 func (s *Service) deleteNatGateways() error {
 	if s.scope.VPC().IsUnmanaged(s.scope.Name()) {
 		s.scope.Trace("Skipping NAT gateway deletion in unmanaged mode")

test/e2e/data/e2e_conf.yaml

@@ -215,7 +215,7 @@ variables:
 intervals:
   default/wait-cluster: ["35m", "10s"]
   default/wait-control-plane: ["35m", "10s"]
-  default/wait-worker-nodes: ["20m", "10s"]
+  default/wait-worker-nodes: ["30m", "10s"]
   conformance/wait-control-plane: ["35m", "10s"]
   conformance/wait-worker-nodes: ["35m", "10s"]
   default/wait-controllers: ["5m", "10s"]

test/e2e/data/infrastructure-aws/withoutclusterclass/e2e_test_templates/cluster-template-remote-management-cluster.yaml

@@ -10,7 +10,7 @@ spec:
   clusterNetwork:
     pods:
       cidrBlocks:
-      - 192.168.0.0/16
+        - 192.168.0.0/16
   controlPlaneRef:
     apiVersion: controlplane.cluster.x-k8s.io/v1beta1
     kind: KubeadmControlPlane
@@ -48,16 +48,16 @@ spec:
       nodeRegistration:
         kubeletExtraArgs:
           cloud-provider: external
-        name: '{{ ds.meta_data.local_hostname }}'
+        name: "{{ ds.meta_data.local_hostname }}"
     joinConfiguration:
       nodeRegistration:
         kubeletExtraArgs:
           cloud-provider: external
-        name: '{{ ds.meta_data.local_hostname }}'
+        name: "{{ ds.meta_data.local_hostname }}"
     preKubeadmCommands:
-    - mkdir -p /opt/cluster-api
-    - ctr -n k8s.io images pull "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}"
-    - ctr -n k8s.io images tag "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}" gcr.io/k8s-staging-cluster-api/capa-manager:e2e
+      - mkdir -p /opt/cluster-api
+      - ctr -n k8s.io images pull "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}"
+      - ctr -n k8s.io images tag "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}" gcr.io/k8s-staging-cluster-api/capa-manager:e2e
   machineTemplate:
     infrastructureRef:
       apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
@@ -122,10 +122,10 @@ spec:
         nodeRegistration:
           kubeletExtraArgs:
             cloud-provider: external
-          name: '{{ ds.meta_data.local_hostname }}'
+          name: "{{ ds.meta_data.local_hostname }}"
       preKubeadmCommands:
-      - ctr -n k8s.io images pull "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}"
-      - ctr -n k8s.io images tag "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}" gcr.io/k8s-staging-cluster-api/capa-manager:e2e
+        - ctr -n k8s.io images pull "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}"
+        - ctr -n k8s.io images tag "${CAPI_IMAGES_REGISTRY}:${E2E_IMAGE_TAG}" gcr.io/k8s-staging-cluster-api/capa-manager:e2e
 ---
 apiVersion: v1
 data: ${CNI_RESOURCES}
@@ -142,8 +142,8 @@ spec:
     matchLabels:
       cni: ${CLUSTER_NAME}-crs-0
   resources:
-  - kind: ConfigMap
-    name: cni-${CLUSTER_NAME}-crs-0
+    - kind: ConfigMap
+      name: cni-${CLUSTER_NAME}-crs-0
   strategy: ApplyOnce
 ---
 apiVersion: addons.cluster.x-k8s.io/v1beta1
@@ -155,8 +155,8 @@ spec:
     matchLabels:
       ccm: external
   resources:
-  - kind: ConfigMap
-    name: cloud-controller-manager-addon
+    - kind: ConfigMap
+      name: cloud-controller-manager-addon
   strategy: ApplyOnce
 ---
 apiVersion: addons.cluster.x-k8s.io/v1beta1
@@ -168,8 +168,8 @@ spec:
     matchLabels:
       csi: external
   resources:
-  - kind: ConfigMap
-    name: aws-ebs-csi-driver-addon
+    - kind: ConfigMap
+      name: aws-ebs-csi-driver-addon
   strategy: ApplyOnce
 ---
 apiVersion: v1

test/e2e/data/infrastructure-aws/withoutclusterclass/kustomize_sources/remote-management-cluster/kustomization.yaml

@@ -2,3 +2,4 @@ resources:
   - ../limit-az
 patchesStrategicMerge:
   - patches/image-injection.yaml
+  - patches/root-volume-size.yaml

test/e2e/data/infrastructure-aws/withoutclusterclass/kustomize_sources/remote-management-cluster/patches/root-volume-size.yaml

@@ -0,0 +1,9 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
+kind: AWSMachineTemplate
+metadata:
+  name: ${CLUSTER_NAME}-control-plane
+spec:
+  template:
+    spec:
+      rootVolume:
+        size: 10