gardenlet's Seed controller deploys MCM-related `CustomResourceDe…

…finition`s (gardener#8015)

* Add new CRD deployer to `machinecontrollermanager` component

Similar to CRD deployer of `hvpa` component

CRDs copied from https://github.com/gardener/gardener/tree/master/extensions/pkg/controller/worker/templates

Co-Authored-By: Jens Schneider <schneider@23technologies.cloud>
Co-Authored-By: mreiger <michael@rauschpfeife.net>

* `gardenlet`'s `Seed` controller deploys MCM-related `CustomResourceDefinition`s

Co-Authored-By: Jens Schneider <schneider@23technologies.cloud>
Co-Authored-By: mreiger <michael@rauschpfeife.net>

* Deprecate MCM CRD deployment in extensions library

Co-Authored-By: Jens Schneider <schneider@23technologies.cloud>
Co-Authored-By: mreiger <michael@rauschpfeife.net>

* Rename `extensions/crds.NewExtensionsCRD` to `extensions/crd.NewCRD`

* Adapt `Seed` controller to only deploy relevant CRDs

Earlier, it was deploying the istio and HVPA CRDs also when the seed was a garden at the same time. However, in this case `gardener-operator` takes over the management of the CRDs.

* `Seed` controller integration test checks for expected CRDs

* Address PR review feedback

---------

Co-authored-by: Jens Schneider <schneider@23technologies.cloud>
Co-authored-by: mreiger <michael@rauschpfeife.net>

cmd/gardener-extension-provider-local/app/app.go

@@ -46,7 +46,6 @@ import (
 	"github.com/gardener/gardener/extensions/pkg/controller/heartbeat"
 	extensionsheartbeatcmd "github.com/gardener/gardener/extensions/pkg/controller/heartbeat/cmd"
 	"github.com/gardener/gardener/extensions/pkg/controller/operatingsystemconfig/oscommon"
-	"github.com/gardener/gardener/extensions/pkg/controller/worker"
 	extensionscmdwebhook "github.com/gardener/gardener/extensions/pkg/webhook/cmd"
 	v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
 	gardenerhealthz "github.com/gardener/gardener/pkg/healthz"
@@ -145,10 +144,6 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 		workerCtrlOpts = &extensionscmdcontroller.ControllerOptions{
 			MaxConcurrentReconciles: 5,
 		}
-		workerReconcileOpts = &worker.Options{
-			DeployCRDs: true,
-		}
-		workerCtrlOptsUnprefixed = extensionscmdcontroller.NewOptionAggregator(workerCtrlOpts, workerReconcileOpts)
 
 		heartbeatCtrlOptions = &extensionsheartbeatcmd.Options{
 			ExtensionName:        local.Name,
@@ -178,7 +173,7 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 			extensionscmdcontroller.PrefixOption("controlplane-", controlPlaneCtrlOpts),
 			extensionscmdcontroller.PrefixOption("dnsrecord-", dnsRecordCtrlOpts),
 			extensionscmdcontroller.PrefixOption("infrastructure-", infraCtrlOpts),
-			extensionscmdcontroller.PrefixOption("worker-", &workerCtrlOptsUnprefixed),
+			extensionscmdcontroller.PrefixOption("worker-", workerCtrlOpts),
 			extensionscmdcontroller.PrefixOption("ingress-", ingressCtrlOpts),
 			extensionscmdcontroller.PrefixOption("service-", serviceCtrlOpts),
 			extensionscmdcontroller.PrefixOption("backupbucket-", localBackupBucketOptions),
@@ -203,12 +198,6 @@ func NewControllerManagerCommand(ctx context.Context) *cobra.Command {
 				return err
 			}
 
-			if workerReconcileOpts.Completed().DeployCRDs {
-				if err := worker.ApplyMachineResourcesForConfig(ctx, restOpts.Completed().Config); err != nil {
-					return fmt.Errorf("error ensuring the machine CRDs: %w", err)
-				}
-			}
-
 			mgr, err := manager.New(restOpts.Completed().Config, mgrOpts.Completed().Options())
 			if err != nil {
 				return fmt.Errorf("could not instantiate manager: %w", err)

extensions/pkg/controller/worker/machine_crds.go

@@ -71,6 +71,10 @@ func init() {
 }
 
 // ApplyMachineResourcesForConfig ensures that all well-known machine CRDs are created or updated.
+// Deprecated: This function is deprecated and will be dropped after v1.76 was released. Starting from
+// gardener/gardener@v1.73, gardenlet is managing the CRDs for the machine-controller-manager. Hence, extensions do not
+// need to take care about it anymore.
+// TODO(rfranzke): Remove this function after v1.76 was released.
 func ApplyMachineResourcesForConfig(ctx context.Context, config *rest.Config) error {
 	c, err := client.New(config, client.Options{Scheme: apiextensionsScheme})
 	if err != nil {
@@ -81,6 +85,10 @@ func ApplyMachineResourcesForConfig(ctx context.Context, config *rest.Config) er
 }
 
 // ApplyMachineResources ensures that all well-known machine CRDs are created or updated.
+// Deprecated: This function is deprecated and will be dropped after v1.76 was released. Starting from
+// gardener/gardener@v1.73, gardenlet is managing the CRDs for the machine-controller-manager. Hence, extensions do not
+// need to take care about it anymore.
+// TODO(rfranzke): Remove this function after v1.76 was released.
 func ApplyMachineResources(ctx context.Context, c client.Client) error {
 	var content bytes.Buffer
 	for _, crdTpl := range machineCRDTpls {

extensions/pkg/controller/worker/options.go

@@ -25,6 +25,10 @@ const (
 )
 
 // Options are command line options that can be set for controller.Options.
+// Deprecated: This functionality is deprecated and will be dropped after v1.76 was released. Starting from
+// gardener/gardener@v1.73, gardenlet is managing the CRDs for the machine-controller-manager. Hence, extensions do not
+// need to take care about it anymore.
+// TODO(rfranzke): Remove this struct after v1.76 was released.
 type Options struct {
 	// DeployCRDs defines whether to ignore the operation annotation or not.
 	DeployCRDs bool

pkg/component/extensions/crds/crds.go

@@ -69,19 +69,19 @@ func init() {
 	)
 }
 
-type extensionCRDs struct {
+type crd struct {
 	applier kubernetes.Applier
 }
 
-// NewExtensionsCRD can be used to deploy extensions CRDs.
-func NewExtensionsCRD(a kubernetes.Applier) component.DeployWaiter {
-	return &extensionCRDs{
+// NewCRD can be used to deploy extensions CRDs.
+func NewCRD(a kubernetes.Applier) component.DeployWaiter {
+	return &crd{
 		applier: a,
 	}
 }
 
 // Deploy creates and updates the CRD definitions for the gardener extensions.
-func (c *extensionCRDs) Deploy(ctx context.Context) error {
+func (c *crd) Deploy(ctx context.Context) error {
 	var fns []flow.TaskFn
 
 	for _, resource := range resources {
@@ -95,16 +95,16 @@ func (c *extensionCRDs) Deploy(ctx context.Context) error {
 }
 
 // Destroy does nothing
-func (c *extensionCRDs) Destroy(ctx context.Context) error {
+func (c *crd) Destroy(ctx context.Context) error {
 	return nil
 }
 
 // Wait does nothing
-func (c *extensionCRDs) Wait(ctx context.Context) error {
+func (c *crd) Wait(ctx context.Context) error {
 	return nil
 }
 
 // WaitCleanup does nothing
-func (c *extensionCRDs) WaitCleanup(ctx context.Context) error {
+func (c *crd) WaitCleanup(ctx context.Context) error {
 	return nil
 }

pkg/component/extensions/crds/crds_test.go

@@ -53,7 +53,7 @@ var _ = Describe("#CRDs", func() {
 
 		applier := kubernetes.NewApplier(c, mapper)
 
-		crdDeployer = crds.NewExtensionsCRD(applier)
+		crdDeployer = crds.NewCRD(applier)
 	})
 
 	JustBeforeEach(func() {

pkg/component/machinecontrollermanager/crd.go

@@ -0,0 +1,112 @@
+// Copyright 2023 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package machinecontrollermanager
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/gardener/gardener/pkg/client/kubernetes"
+	"github.com/gardener/gardener/pkg/component"
+	gardenerutils "github.com/gardener/gardener/pkg/utils/gardener"
+)
+
+var (
+	//go:embed templates/crd-alicloudmachineclasses.tpl.yaml
+	machineClassAlicloudCRD string
+	//go:embed templates/crd-awsmachineclasses.tpl.yaml
+	machineClassAWSCRD string
+	//go:embed templates/crd-azuremachineclasses.tpl.yaml
+	machineClassAzureCRD string
+	//go:embed templates/crd-gcpmachineclasses.tpl.yaml
+	machineClassGCPCRD string
+	//go:embed templates/crd-openstackmachineclasses.tpl.yaml
+	machineClassOpenStackCRD string
+	//go:embed templates/crd-packetmachineclasses.tpl.yaml
+	machineClassPacketCRD string
+	//go:embed templates/crd-machineclasses.tpl.yaml
+	machineClassCRD string
+	//go:embed templates/crd-machinedeployments.tpl.yaml
+	machineDeploymentCRD string
+	//go:embed templates/crd-machinesets.tpl.yaml
+	machineSetCRD string
+	//go:embed templates/crd-machines.tpl.yaml
+	machineCRD string
+
+	crdResources []string
+)
+
+func init() {
+	crdResources = []string{
+		machineClassAlicloudCRD,
+		machineClassAWSCRD,
+		machineClassAzureCRD,
+		machineClassGCPCRD,
+		machineClassOpenStackCRD,
+		machineClassPacketCRD,
+		machineClassCRD,
+		machineDeploymentCRD,
+		machineSetCRD,
+		machineCRD,
+	}
+}
+
+type crd struct {
+	client  client.Client
+	applier kubernetes.Applier
+}
+
+// NewCRD can be used to deploy the CRD definitions for the machine-controller-manager.
+func NewCRD(client client.Client, applier kubernetes.Applier) component.Deployer {
+	return &crd{
+		client:  client,
+		applier: applier,
+	}
+}
+
+// Deploy creates and updates the CRD definitions for the machine-controller-manager.
+func (c *crd) Deploy(ctx context.Context) error {
+	for _, resource := range crdResources {
+		if err := c.applier.ApplyManifest(ctx, kubernetes.NewManifestReader([]byte(resource)), kubernetes.DefaultMergeFuncs); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (c *crd) Destroy(ctx context.Context) error {
+	for _, resource := range crdResources {
+		reader := kubernetes.NewManifestReader([]byte(resource))
+
+		obj, err := reader.Read()
+		if err != nil {
+			return fmt.Errorf("failed reading manifest: %w", err)
+		}
+
+		if err := gardenerutils.ConfirmDeletion(ctx, c.client, obj); client.IgnoreNotFound(err) != nil {
+			return err
+		}
+
+		if err := c.applier.DeleteManifest(ctx, reader); client.IgnoreNotFound(err) != nil {
+			return err
+		}
+	}
+
+	return nil
+}

pkg/component/machinecontrollermanager/crd_test.go

@@ -0,0 +1,82 @@
+// Copyright 2023 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package machinecontrollermanager_test
+
+import (
+	"context"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+
+	"github.com/gardener/gardener/pkg/client/kubernetes"
+	"github.com/gardener/gardener/pkg/component"
+	. "github.com/gardener/gardener/pkg/component/machinecontrollermanager"
+	. "github.com/gardener/gardener/pkg/utils/test/matchers"
+)
+
+var _ = Describe("CRD", func() {
+	var (
+		ctx         = context.TODO()
+		fakeClient  client.Client
+		crdDeployer component.Deployer
+	)
+
+	BeforeEach(func() {
+		fakeClient = fake.NewClientBuilder().WithScheme(kubernetes.SeedScheme).Build()
+
+		mapper := meta.NewDefaultRESTMapper([]schema.GroupVersion{apiextensionsv1.SchemeGroupVersion})
+		mapper.Add(apiextensionsv1.SchemeGroupVersion.WithKind("CustomResourceDefinition"), meta.RESTScopeRoot)
+		applier := kubernetes.NewApplier(fakeClient, mapper)
+
+		crdDeployer = NewCRD(fakeClient, applier)
+	})
+
+	Describe("#Deploy", func() {
+		It("should deploy the CRDs", func() {
+			Expect(crdDeployer.Deploy(ctx)).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "alicloudmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "awsmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "azuremachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "gcpmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machinedeployments.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machines.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machinesets.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "openstackmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "packetmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(Succeed())
+		})
+	})
+
+	Describe("#Destroy", func() {
+		It("should delete the CRDs", func() {
+			Expect(crdDeployer.Destroy(ctx)).To(Succeed())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "alicloudmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "awsmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "azuremachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "gcpmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machinedeployments.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machines.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "machinesets.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "openstackmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+			Expect(fakeClient.Get(ctx, client.ObjectKey{Name: "packetmachineclasses.machine.sapcloud.io"}, &apiextensionsv1.CustomResourceDefinition{})).To(BeNotFoundError())
+		})
+	})
+})