CAPI Provider
The CAPIProvider resource allows managing Cluster API Operator manifests in a declarative way. It is used to provision and configure Cluster API providers like AWS, vSphere etc.
CAPIProvider follows a GitOps model - the spec fields are declarative user inputs. The controller only updates status.
Every field provided by the upstream CAPI Operator CAPIProviderSpec resource is also available in the spec of the CAPIProvider resource. Feel free to refer to upstream configuration guides for advanced scenarios.
All the certified CAPI Providers are configured using an embedded configuration. In order to override it, a custom ClusterctlConfig needs to be created.
Usage
To use the CAPIProvider resource:
-
Create a
CAPIProviderresource with the desired provider name, type, credentials, configuration, and features. -
The
CAPIProvidercontroller will handle templating the required Cluster API Operator manifests based on theCAPIProviderspec. -
The status field on the
CAPIProviderresource will reflect the state of the generated manifests. -
Manage the
CAPIProviderobject declaratively to apply changes to the generated provider manifests.
Here is an example CAPIProvider manifest:
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: aws-infra
namespace: capi-providers
spec:
name: aws
type: infrastructure
enableAutomaticUpdate: true
credentials:
rancherCloudCredential: aws-creds # Rancher credentials secret for AWS
configSecret:
name: aws-config
features:
clusterResourceSet: trueThis will generate an AWS infrastructure provider with the supplied mapping for Rancher credential secret and custom enabled features.
The CAPIProvider controller will own all the generated provider resources, allowing garbage collection by deleting the CAPIProvider object.
Specification
The key fields in the CAPIProvider spec are:
-
name- Name of the provider (aws, vsphere etc). Inherited frommetadata.nameif not specified. -
type- Kind of provider resource (can be set tocore,controlPlane,bootstrap,infrastructure,addon,ipamorruntimeextension). -
credentials- Source credentials for provider specification. -
configSecret- Name of the provider config secret, where the variables and synced credential will be stored. By default if not specified, will inherit the name of theCAPIProviderresource. -
features- Enabled provider features. -
variables- Variables is a map of environment variables to add to the content of theconfigSecret. -
version- Version indicates the provider version. -
enableAutomaticUpdate- Allow the provider to update automatically. Only enabled by default on Turtles chart installed providers. -
fetchConfig- FetchConfig determines how the operator will fetch the components and metadata for the provider.-
oci- OCI to be used for fetching the provider’s components and metadata from an OCI artifact. You must setproviderSpec.Versionfield for operator to pick up desired version of the release from GitHub. If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. -
selector- Selector to be used for fetching provider’s components and metadata from ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain components and metadata for a specific version only. -
url- URL to be used for fetching the provider’s components and metadata from a remote Github repository.
-
Version pinning and automatic updates
The CAPIProvider version can be set at any time to pin the provider to a specific version. Additionally, automaticUpdates can be toggled to allow automatic updates to the latest version available. The latest version available is determined by the embedded clusterctl configuration for certified providers, and it can be overridden or configured for custom providers using ClusterctlConfig.