feat: use hive clusterdeployment for creating spoke clusters

[TomerFi]

• Added feature for creating Spoke Clusters using Hive's ClusterDeployment API.
• Modified the clustergroup schema; added clusterDeployments for a group, used clusterPools as a template.
• Modified test cases testing clusterDeployments on the same multiclustergroup with clusterPools and on its own.
• Multiple Commits in this PR make reviewing easier; these can be squashed together if required.
• If preferred, we can move the tests to a different PR to make this smaller.

Example configuration:

  managedClusterGroups:
    - name: group-with-pool
      clusterPools:
        spokesPool:
          name: spokes-pool
          openshiftVersion: 4.14.12
          baseDomain: domain.example.com
          platform:
            aws:
              region: ap-southeast-2
          clusters:
          - spoke1
          - spoke2

    - name: group-with-deployments
      clusterDeployments:
        myFirstCustomSpoke:
          name: my-first-custom-spoke
          openshiftVersion: 4.14.12
          baseDomain: domain.example.com
          platform:
            azure:
              baseDomainResourceGroupName: dojo-dns-zones
              region: eastus
        mySecondCustomSpoke:
          name: my-second-custom-spoke
          openshiftVersion: 4.14.12
          baseDomain: domain.example.ca
          platform:
            azure:
              baseDomainResourceGroupName: dojo-dns-zones
              region: westca

    # all clusters in the following group, claims or deployments, are considered part of the same
    # group, same labeling mechanism, shared managed cluster set, etc.
    - name: group-with-both
      clusterPools:
        anotherSpokesPool:
          name: another-spokes-pool
          openshiftVersion: 4.14.12
          baseDomain: domain.example.com
          platform:
            aws:
              region: ap-southwest-1
          clusters:
            - another-spoke1
      clusterDeployments:
        anotherCustomSpoke:
          name: another-custom-spoke
          openshiftVersion: 4.14.12
          baseDomain: domain.example.com
          platform:
            aws:
              region: ap-southwest-3

[r2dedios]

LGTM ;)

[mbaldessari]

Thanks @TomerFi and @r2dedios this is great work!! I left a couple of comments with smaller things we need to fix, nothing structural really.

[mbaldessari]

We should add the following here:

annotations:
  argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true

because if you do a deployment from scratch (i.e. one where ACM gets installed at the same time), the ACM app might be stuck because the multiclusterhub (which provides these CRDs) has not been installed yet and Argo will be stuck with:

The Kubernetes API could not find hive.openshift.io/ClusterDeployment for requested resource first-spoke-deployments/first-spoke-deployments. Make sure the "ClusterDeployment" CRD is installed on the destination cluster.

[TomerFi]

good to know - thanks!

[TomerFi]

Resolved in a073b8c.

[mbaldessari]

Same as above with ClusterDeployment. We should probably add the annotation:

annotations:
  argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true

otherwise during an install from scratch we get:

The Kubernetes API could not find cluster.open-cluster-management.io/ManagedCluster for requested resource open-cluster-management/first-spoke-deployments. Make sure the "ManagedCluster" CRD is installed on the
 destination cluster.

[TomerFi]

Resolved in a073b8c.

[mbaldessari]

One thing that we could add here (because I am an idiot an I got bitten by it) is the following:

--- a/common/acm/templates/provision/clusterdeployment.yaml
+++ b/common/acm/templates/provision/clusterdeployment.yaml
@@ -3,6 +3,12 @@

 {{- range $group.clusterDeployments}}
 {{ $cluster := . }}
+{{- if (eq $cluster.name nil) }}
+{{- fail (printf "managedClusterGroup clusterDeployment cluster name is empty: %s" $cluster) }}
+{{- end }}
+{{- if (eq $group.name nil) }}
+{{- fail (printf "managedClusterGroup clusterDeployment group name is empty: %s" $cluster) }}
+{{- end }}
 {{- $deploymentName := print $cluster.name "-" $group.name }}

 {{- $cloud := "None" }}

Reason was that I did not add the name attribute under the group and when running make preview-acm I saw a bunch of <nil> in the object names and it surprised me a bit ;)

We can also do it on top later, just writing it here so I don't forget

[TomerFi]

ohh good catch! we'll add it here.

[TomerFi]

Resolved in a073b8c.

Should we do the same for clusterpool.yaml?

[mbaldessari]

Yeah let's do later it in another PR maybe

[TomerFi]

#524

[mbaldessari]

Now my deployment is stuck on the following error:

ManagedClusterSet.cluster.open-cluster-management.io "deployments" is invalid: spec.clusterSelector.selectorType: Unsupported value: "LegacyClusterSetLabel": supported values: "ExclusiveClusterSetLabel", "LabelSelector"

I suspect this selectorType is only valid when we use clusterPools and not clusterDeployments?

[TomerFi]

I couldn't find any documentation on that one. I suspect it was deprecated for a while and removed in v1beta2. I think we accidentally modified the version from v1beta1 but didn't modify the spec. I'll look around for some docs.

[TomerFi]

@mbaldessari I did some investigation.

This issue describes adding v1beta2 depercating LegacyClusterSetLabel (previous default) and adding ExclusiveClusterSetLabel (current default). Later on, v1beta1 was removed which explains our issue.

Currently available options for SelectorType:

• ExclusiveClusterSetLabel, the default value, means that ManagedCluster resources will be selected based on the label: cluster.open-cluster-management.io/clusterset:<ManagedClusterSet Name>.
• LabelSelector requires speicying a LabelSelector spec key specifying a custom label for selection.

Considering both LegacyClusterSetLabel and ExclusiveClusterSetLabel are the default for their respective versions, we should delete this spec for backward compatibility.

What do you think?

[mbaldessari]

Agree, it seems we should just drop this part for the time being

[mbaldessari]

And thanks for the excellent investigation on this btw ;)

[TomerFi]

My pleasure!

[TomerFi]

Removed in c6ffd0e.

[TomerFi]

@mbaldessari, can you please take a look at the failed workflow?

Tests are passing on my end. Based on the failure message, I tried aligning the valueFiles array identification, but the result was the same.

[mbaldessari]

@mbaldessari, can you please take a look at the failed workflow?

Tests are passing on my end. Based on the failure message, I tried aligning the valueFiles array identification, but the result was the same.

@mbaldessari, can you please take a look at the failed workflow?

Tests are passing on my end. Based on the failure message, I tried aligning the valueFiles array identification, but the result was the same.

Aye we can worry / fix this one up later on. We fixed a bug in there in the meantime I suspect that is why the test is failing.

I did try this PR + the drop of legacyClusterSelector and for some reason the additional cluster could not be spun up by ACM. I might have done something wrong. I'll poke you next week about it if I can't figure it out

[TomerFi]

I did try this PR + the drop of legacyClusterSelector and for some reason the additional cluster could not be spun up by ACM. I might have done something wrong. I'll poke you next week about it if I can't figure it out

Have a great weekend! :-)

[TomerFi]

@mbaldessari @r2dedios
Following our session today, namespaces was added to clusterdeployment-related secrets in 6cd4e85.

[mbaldessari]

Thanks!

[r2dedios]

Thanks @mbaldessari

[TomerFi]

Thank you @mbaldessari and @r2dedios !