Add OpenStack Resource Controller installation to CI jobs

.github/actions/setup/action.yml

@@ -21,6 +21,7 @@ runs:
         echo "cluster-api-provider-openstack=$(jq -r '.["cluster-api-provider-openstack"]' "$DEPENDENCIES_PATH")" >> $GITHUB_OUTPUT
         echo "cert-manager=$(jq -r '.["cert-manager"]' "$DEPENDENCIES_PATH")" >> $GITHUB_OUTPUT
         echo "helm=$(jq -r '.["helm"]' "$DEPENDENCIES_PATH")" >> $GITHUB_OUTPUT
+        echo "openstack-resource-controller=$(jq -r '.["openstack-resource-controller"]' "$DEPENDENCIES_PATH")" >> $GITHUB_OUTPUT
         echo "sonobuoy=$(jq -r '.["sonobuoy"]' "$DEPENDENCIES_PATH")" >> $GITHUB_OUTPUT
       env:
         DEPENDENCIES_PATH: ${{ inputs.dependencies-path }}
@@ -90,6 +91,16 @@ runs:
         CAPI_VERSION: ${{ steps.deps.outputs.cluster-api }}
         CAPO_VERSION: ${{ steps.deps.outputs.cluster-api-provider-openstack }}
 
+    - name: Install openstack-resource-controller
+      shell: bash
+      run: |
+        ORC_URL=https://github.com/k-orc/openstack-resource-controller/releases/download/${ORC_VERSION}/install.yaml
+        if ! kubectl apply --server-side -f ${ORC_URL}; then
+          kubectl apply --server-side --force-conflicts -f ${ORC_URL}
+        fi
+      env:
+        ORC_VERSION: ${{ steps.deps.outputs.openstack-resource-controller }}
+
     - name: Install Cluster API add-on provider
       shell: bash
       run: |-

.github/actions/upgrade-and-test/action.yml

@@ -71,6 +71,22 @@ runs:
           --set kubernetesVersion=${{ inputs.kubernetes-version }} \
           --set machineImageId=${{ inputs.image-id }}
 
+    - name: Check for cluster deployment ready condition name
+      id: check-ready-condition
+      shell: bash
+      run: |-
+        cluster_api_version=$(kubectl api-resources \
+                                --api-group=cluster.x-k8s.io \
+                                --no-headers=true |\
+                                 grep ^clusters |\
+                                 awk '{print $3}')
+
+        if [[ "$cluster_api_version" =~ v1beta1$ ]]; then
+          echo "ready-condition-name=ready" >> $GITHUB_OUTPUT
+        else
+          echo "ready-condition-name=available" >> $GITHUB_OUTPUT
+        fi
+
     # Wait for any upgrade to start before checking if it is complete
     # This is to make sure the controller has actioned the update before
     # progressing to wait for ready
@@ -82,15 +98,15 @@ runs:
       shell: bash
       run: |-
         kubectl wait clusters/${{ inputs.name }} \
-          --for=condition=ready=false \
+          --for=condition=${{ steps.check-ready-condition.outputs.ready-condition-name }}=false \
           --timeout 2m
       continue-on-error: true
 
     - name: Wait for cluster ready
       shell: bash
       run: |-
         kubectl wait clusters/${{ inputs.name }} \
-          --for=condition=ready \
+          --for=condition=${{ steps.check-ready-condition.outputs.ready-condition-name }} \
           --timeout 30m
 
     - name: Wait for machine deployments to be running

.github/values/leafcloud/latest-full.yaml

@@ -1,4 +1,5 @@
 clusterNetworking:
   internalNetwork:
+    networkMTU: 1450
     # Reset the network filter so a network is provisioned
     networkFilter: ~

.github/workflows/lint.yaml

@@ -40,7 +40,7 @@ jobs:
             | docker run -i --rm ghcr.io/yannh/kubeconform:latest \
             --strict --summary \
             --schema-location default \
-            --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
+            --schema-location 'https://raw.githubusercontent.com/stackhpc/CRDs-catalog/refs/heads/update-clusterapi-crds/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
             --skip HelmRelease,Manifests,OpenStackCluster,OpenStackMachineTemplate
 
       # NOTE: Run the following command locally to generate updated snapshots:

.github/workflows/pr.yaml

@@ -1,6 +1,6 @@
 name: test pr
 on:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize

.github/workflows/test.yaml

@@ -292,6 +292,7 @@ jobs:
           image-id: ${{ fromJson(inputs.images).kube-1-30-image }}
           defaults-path: ./.github/values/${{ vars.TARGET_CLOUD }}/base.yaml
           overrides-path: ./.github/values/${{ vars.TARGET_CLOUD }}/kube-upgrade.yaml
+          sonobuoy-upload: "yes"
 
       - name: Upgrade to Kubernetes 1.31
         uses: ./.github/actions/upgrade-and-test
@@ -303,6 +304,7 @@ jobs:
           image-id: ${{ fromJson(inputs.images).kube-1-31-image }}
           defaults-path: ./.github/values/${{ vars.TARGET_CLOUD }}/base.yaml
           overrides-path: ./.github/values/${{ vars.TARGET_CLOUD }}/kube-upgrade.yaml
+          sonobuoy-upload: "yes"
 
       - name: Upgrade to Kubernetes 1.32
         uses: ./.github/actions/upgrade-and-test
@@ -314,6 +316,7 @@ jobs:
           image-id: ${{ fromJson(inputs.images).kube-1-32-image }}
           defaults-path: ./.github/values/${{ vars.TARGET_CLOUD }}/base.yaml
           overrides-path: ./.github/values/${{ vars.TARGET_CLOUD }}/kube-upgrade.yaml
+          sonobuoy-upload: "yes"
 
       - name: Upgrade to Kubernetes 1.33
         uses: ./.github/actions/upgrade-and-test
@@ -325,6 +328,7 @@ jobs:
           image-id: ${{ fromJson(inputs.images).kube-1-33-image }}
           defaults-path: ./.github/values/${{ vars.TARGET_CLOUD }}/base.yaml
           overrides-path: ./.github/values/${{ vars.TARGET_CLOUD }}/kube-upgrade.yaml
+          sonobuoy-upload: "yes"
 
       - name: Delete Kubernetes upgrade deployment
         run: helm delete ci-${{ github.run_id }}-${{ github.job }} --wait

.github/workflows/update-dependencies.yml

@@ -43,6 +43,10 @@ jobs:
             type: github
             repo: helm/helm
 
+          - key: openstack-resource-controller
+            type: github
+            repo: k-orc/openstack-resource-controller
+
           - key: sonobuoy
             type: github
             repo: vmware-tanzu/sonobuoy

charts/openstack-cluster/README.md

@@ -48,8 +48,8 @@ templates for more details.
 
 First, you must set up a
 [Cluster API management cluster](https://cluster-api.sigs.k8s.io/user/concepts.html#management-cluster)
-with the [OpenStack Infrastructure Provider](https://github.com/kubernetes-sigs/cluster-api-provider-openstack)
-installed.
+with both the [OpenStack Infrastructure Provider](https://github.com/kubernetes-sigs/cluster-api-provider-openstack)
+and [OpenStack Resource Provider](https://github.com/k-orc/openstack-resource-controller) installed.
 
 Addons are managed by the
 [Cluster API Addon Provider](https://github.com/azimuth-cloud/cluster-api-addon-provider),

charts/openstack-cluster/templates/_helpers.tpl

@@ -131,7 +131,8 @@ Outputs the node registration object for setting node labels.
 {{- define "openstack-cluster.nodeRegistration.nodeLabels" -}}
 nodeRegistration:
   kubeletExtraArgs:
-    node-labels: "{{ range $i, $k := (keys . | sortAlpha) }}{{ if ne $i 0 }},{{ end }}{{ $k }}={{ index $ $k }}{{ end }}"
+    - name: "node-labels"
+      value: "{{ range $i, $k := (keys . | sortAlpha) }}{{ if ne $i 0 }},{{ end }}{{ $k }}={{ index $ $k }}{{ end }}"
 {{- end }}
 
 {{/*
@@ -414,7 +415,8 @@ webhooks and policies for audit logging can be added here.
   clusterConfiguration:
     apiServer:
       extraArgs:
-        v: {{ $ctx.Values.apiServer.logLevel | quote }}
+        - name: "v"
+          value: {{ $ctx.Values.apiServer.logLevel | quote }}
 {{- if ne $authWebhook "none" }}
 {{- if eq $authWebhook "azimuth-authorization-webhook" }}
         authorization-config: /etc/kubernetes/webhooks/authorization_config.yaml

charts/openstack-cluster/templates/cluster-openstack.yaml

@@ -34,6 +34,9 @@ spec:
     - {{ include "openstack-cluster.convert.neutronFilter" . | nindent 6 }}
   {{- end }}
   {{- else }}
+  {{- if .networkMTU }}
+  networkMTU: {{ .networkMTU }}
+  {{- end }}
   managedSubnets:
     - cidr: {{ .nodeCidr }}
       {{- with (default $.Values.clusterNetworking.dnsNameservers .dnsNameservers) }}

charts/openstack-cluster/templates/cluster.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: cluster.x-k8s.io/v1beta1
+apiVersion: cluster.x-k8s.io/v1beta2
 kind: Cluster
 metadata:
   name: {{ include "openstack-cluster.clusterName" . }}
@@ -8,12 +8,10 @@ metadata:
 spec:
   clusterNetwork: {{ .Values.kubeNetwork | toYaml | nindent 4 }}
   controlPlaneRef:
-    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+    apiGroup: controlplane.cluster.x-k8s.io
     kind: KubeadmControlPlane
     name: {{ include "openstack-cluster.componentName" (list . "control-plane") }}
-    namespace: {{ .Release.Namespace }}
   infrastructureRef:
-    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    apiGroup: infrastructure.cluster.x-k8s.io
     kind: OpenStackCluster
     name: {{ include "openstack-cluster.clusterName" . }}
-    namespace: {{ .Release.Namespace }}

charts/openstack-cluster/templates/control-plane/kubeadm-control-plane.yaml

@@ -31,13 +31,20 @@ preKubeadmCommands:
 clusterConfiguration:
   apiServer:
     extraArgs:
-      oidc-issuer-url: {{ quote .issuerUrl }}
-      oidc-client-id: {{ required "clientId is required for OIDC" .clientId | quote }}
-      oidc-username-claim: {{ quote .usernameClaim }}
-      oidc-username-prefix: {{ quote .usernamePrefix }}
-      oidc-groups-claim: {{ quote .groupsClaim }}
-      oidc-groups-prefix: {{ quote .groupsPrefix }}
-      oidc-signing-algs: {{ quote .signingAlgs }}
+      - name: "oidc-issuer-url"
+        value: "{{ quote .issuerUrl }}"
+      - name: "oidc-client-id"
+        value: "{{ required "clientId is required for OIDC" .clientId | quote }}"
+      - name: "oidc-username-claim"
+        value: "{{ quote .usernameClaim }}"
+      - name: "oidc-username-prefix"
+        value: "{{ quote .usernamePrefix }}"
+      - name: "oidc-groups-claim"
+        value: "{{ quote .groupsClaim }}"
+      - name: "oidc-groups-prefix"
+        value: "{{ quote .groupsPrefix }}"
+      - name: "oidc-signing-algs"
+        value: "{{ quote .signingAlgs }}"
 {{- end }}
 {{- end }}
 {{- end }}
@@ -150,7 +157,8 @@ files:
 clusterConfiguration:
   apiServer:
     extraArgs:
-      admission-control-config-file: /etc/kubernetes/admission/configuration.yaml
+      - name: "admission-control-config-file"
+        value: "/etc/kubernetes/admission/configuration.yaml"
     extraVolumes:
       - name: admission-configuration
         hostPath: /etc/kubernetes/admission
@@ -160,7 +168,7 @@ clusterConfiguration:
 {{- end }}
 
 ---
-apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+apiVersion: controlplane.cluster.x-k8s.io/v1beta2
 kind: KubeadmControlPlane
 metadata:
   name: {{ include "openstack-cluster.componentName" (list . "control-plane") }}
@@ -177,19 +185,20 @@ spec:
       trimPrefix "v"
   }}
   replicas: {{ .Values.controlPlane.machineCount }}
-  remediationStrategy: {{ toYaml .Values.controlPlane.remediationStrategy | nindent 4 }}
-  rolloutStrategy: {{ toYaml .Values.controlPlane.rolloutStrategy | nindent 4 }}
+  remediation: {{ toYaml .Values.controlPlane.remediation | nindent 4 }}
+  rollout: {{ toYaml .Values.controlPlane.rollout | nindent 6 }}
   machineTemplate:
     metadata:
       labels: {{ include "openstack-cluster.componentSelectorLabels" (list . "control-plane") | nindent 8 }}
-    infrastructureRef:
-      kind: OpenStackMachineTemplate
-      apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
-      name: {{ include "openstack-cluster.controlplane.mt.name" . }}
-      namespace: {{ .Release.Namespace }}
-    nodeDrainTimeout: {{ .Values.controlPlane.nodeDrainTimeout }}
-    nodeVolumeDetachTimeout: {{ .Values.controlPlane.nodeVolumeDetachTimeout }}
-    nodeDeletionTimeout: {{ .Values.controlPlane.nodeDeletionTimeout }}
+    spec:
+      infrastructureRef:
+        kind: OpenStackMachineTemplate
+        apiGroup: infrastructure.cluster.x-k8s.io
+        name: {{ include "openstack-cluster.controlplane.mt.name" . }}
+      deletion:
+        nodeDrainTimeoutSeconds: {{ .Values.controlPlane.nodeDrainTimeoutSeconds }}
+        nodeVolumeDetachTimeoutSeconds: {{ .Values.controlPlane.nodeVolumeDetachTimeoutSeconds }}
+        nodeDeletionTimeoutSeconds: {{ .Values.controlPlane.nodeDeletionTimeoutSeconds }}
   kubeadmConfigSpec: {{
     omit
       (

charts/openstack-cluster/templates/control-plane/machine-health-check.yaml

@@ -1,6 +1,6 @@
 {{- if .Values.controlPlane.healthCheck.enabled }}
 ---
-apiVersion: cluster.x-k8s.io/v1beta1
+apiVersion: cluster.x-k8s.io/v1beta2
 kind: MachineHealthCheck
 metadata:
   name: {{ include "openstack-cluster.componentName" (list . "control-plane") }}

charts/openstack-cluster/templates/node-group/kubeadm-config-template.yaml

@@ -48,7 +48,7 @@ joinConfiguration: {{ include "openstack-cluster.nodeRegistration.nodeLabels" $n
 {{- range $nodeGroupOverrides := .Values.nodeGroups }}
 {{- $nodeGroup := deepCopy $.Values.nodeGroupDefaults | mustMerge $nodeGroupOverrides }}
 ---
-apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+apiVersion: bootstrap.cluster.x-k8s.io/v1beta2
 kind: KubeadmConfigTemplate
 metadata:
   name: {{ include "openstack-cluster.nodegroup.kct.name" (list $ $nodeGroup) }}

charts/openstack-cluster/templates/node-group/machine-deployment.yaml

@@ -4,7 +4,7 @@
 {{- fail (printf "Node group name must be at least three characters long and must contain only lower-case alphanumeric characters and dashes (found name: %s)" $nodeGroup.name) }}
 {{- end }}
 ---
-apiVersion: cluster.x-k8s.io/v1beta1
+apiVersion: cluster.x-k8s.io/v1beta2
 kind: MachineDeployment
 metadata:
   name: {{ include "openstack-cluster.componentName" (list $ $nodeGroup.name) }}
@@ -35,7 +35,10 @@ spec:
   {{- if not $nodeGroup.autoscale }}
   replicas: {{ $nodeGroup.machineCount | required (printf "no machine count specified for node group '%s'" $nodeGroup.name) }}
   {{- end }}
-  strategy: {{ toYaml $nodeGroup.rolloutStrategy | nindent 4 }}
+  rollout:
+    strategy: {{ toYaml $nodeGroup.rollout.strategy | nindent 6 }}
+  deletion:
+    order: {{ $nodeGroup.deletion.order }}
   selector:
     matchLabels:
       {{- include "openstack-cluster.componentSelectorLabels" (list $ "worker") | nindent 6 }}
@@ -59,14 +62,15 @@ spec:
       {{- end }}
       bootstrap:
         configRef:
-          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+          apiGroup: bootstrap.cluster.x-k8s.io
           kind: KubeadmConfigTemplate
           name: {{ include "openstack-cluster.nodegroup.kct.name" (list $ $nodeGroup) }}
       infrastructureRef:
-        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        apiGroup: infrastructure.cluster.x-k8s.io
         kind: OpenStackMachineTemplate
         name: {{ include "openstack-cluster.nodegroup.mt.name" (list $ $nodeGroup) }}
-      nodeDrainTimeout: {{ $nodeGroup.nodeDrainTimeout }}
-      nodeVolumeDetachTimeout: {{ $nodeGroup.nodeVolumeDetachTimeout }}
-      nodeDeletionTimeout: {{ $nodeGroup.nodeDeletionTimeout }}
+      deletion:
+        nodeDrainTimeoutSeconds: {{ $nodeGroup.nodeDrainTimeoutSeconds }}
+        nodeVolumeDetachTimeoutSeconds: {{ $nodeGroup.nodeVolumeDetachTimeoutSeconds }}
+        nodeDeletionTimeoutSeconds: {{ $nodeGroup.nodeDeletionTimeoutSeconds }}
 {{- end }}

charts/openstack-cluster/templates/node-group/machine-health-check.yaml

@@ -2,7 +2,7 @@
 {{- $nodeGroup := deepCopy $.Values.nodeGroupDefaults | mustMerge $nodeGroupOverrides }}
 {{- if $nodeGroup.healthCheck.enabled }}
 ---
-apiVersion: cluster.x-k8s.io/v1beta1
+apiVersion: cluster.x-k8s.io/v1beta2
 kind: MachineHealthCheck
 metadata:
   name: {{ include "openstack-cluster.componentName" (list $ $nodeGroup.name) }}