HIVE-2777: Implement hive Nutanix provisioning

[eliorerz]

This is a partial implementation of #2550 PR, the final code will (probably) extend ClusterDeployment CR and will add support with MachinePools.

This PR adds support for provisioning OpenShift clusters on Nutanix using the OpenShift Installer's IPI installation method within Hive.

Key changes include:

• Integration with the OpenShift Installer IPI workflow for Nutanix.
• Implementation of necessary controllers, validations, and configuration options.
• Automatically set install-config nutanix platform credentials from secret nutanix-creds (see pasteInProviderCredentials method)

Implementation:

• ClusterDeployment

apiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
  name: cluster-nutanix
  namespace: hive
spec:
  clusterName: cluster-nutanix
  baseDomain: example.com
  platform:
    nutanix:
      credentialsSecretRef:
        name: nutanix-creds
      prismCentral:
        address: cluster-nutanix.prism-central.nutanix.com
        port: 9440
  provisioning:
    installConfigSecretRef:
      name: cluster-nutanix-install-config
    imageSetRef:
      name: cluster-nutanix-image-set
  pullSecretRef:
    name: pull-secret
****

Secrets

• nutanix-creds.yaml

apiVersion: v1
data:
  password: <password>
  username: <username>
kind: Secret
metadata:
  name: nutanix-creds
  namespace: hive

• install-config.yaml

apiVersion: v1
baseDomain: example.com
compute:
- name: worker
controlPlane:
  name: master
metadata:
  name: cluster-nutanix
platform:
  nutanix:
    apiVIPs:
      - 10.0.0.123
    ingressVIPs:
      - 10.0.0.124
    prismCentral:
      endpoint:
        address: cluster-nutanix.prism-central.nutanix.com
        port: 9440
    prismElements: 
      - endpoint:
          address: cluster-nutanix.prism-element.nutanix.com
          port: 9440
        uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
        name: "NAME"
    subnetUUIDs:
      -  0005de05-75a3-dacb-ba00-123456789012
    failureDomains:
      - name: "LD Name"
        subnetUUIDs:
          -  0005de05-75a3-dacb-ba00-123456789012
        prismElements: 
          - endpoint:
              address: cluster-nutanix.prism-element.nutanix.com
              port: 9440
            uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
            name: "NAME"

[openshift-ci-robot]

@eliorerz: This pull request references HIVE-2777 which is a valid jira issue.

In response to this:

/cc @eliorerz

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

@eliorerz: GitHub didn't allow me to request PR reviews from the following users: eliorerz.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @eliorerz

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

@eliorerz: This pull request references HIVE-2777 which is a valid jira issue.

In response to this:

This PR adds support for provisioning OpenShift clusters on Nutanix using the OpenShift Installer's IPI installation method within Hive.

Key changes include:

• Integration with the OpenShift Installer IPI workflow for Nutanix.
• Implementation of necessary controllers, validations, and configuration options.

Implementation:

• ClusterDeployment

apiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
 name: cluster-nutanix
 namespace: hive
spec:
 clusterName: cluster-nutanix
 baseDomain: example.com
 platform:
   nutanix:
     credentialsSecretRef:
       name: nutanix-creds
     prismCentral:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
 provisioning:
   installConfigSecretRef:
     name: cluster-nutanix-install-config
   imageSetRef:
     name: cluster-nutanix-image-set
 pullSecretRef:
   name: pull-secret
****

Secrets

• nutanix-creds.yaml

apiVersion: v1
data:
 password: <password>
 username: <username>
kind: Secret
metadata:
 name: nutanix-creds
 namespace: hive

• install-config.yaml

apiVersion: v1
baseDomain: example.com
compute:
- name: worker
controlPlane:
 name: master
metadata:
 name: cluster-nutanix
platform:
 nutanix:
   apiVIPs:
     - 10.0.0.123
   ingressVIPs:
     - 10.0.0.124
   prismCentral:
     endpoint:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
   prismElements: 
     - endpoint:
         address: cluster-nutanix.prism-element.nutanix.com
         port: 9440
       uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
       name: "NAME"
   subnetUUIDs:
     -  0005de05-75a3-dacb-ba00-123456789012
   failureDomains:
     - name: "LD Name"
       subnetUUIDs:
         -  0005de05-75a3-dacb-ba00-123456789012
       prismElements: 
         - endpoint:
             address: cluster-nutanix.prism-element.nutanix.com
             port: 9440
           uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
           name: "NAME"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[eliorerz]

/cc @2uasimojo

[openshift-ci-robot]

@eliorerz: This pull request references HIVE-2777 which is a valid jira issue.

In response to this:

This PR adds support for provisioning OpenShift clusters on Nutanix using the OpenShift Installer's IPI installation method within Hive.

Key changes include:

• Integration with the OpenShift Installer IPI workflow for Nutanix.
• Implementation of necessary controllers, validations, and configuration options.
• Automatically set install-config nutanix platform credentials from secret nutanix-creds (see pasteInProviderCredentials method)

Implementation:

• ClusterDeployment

apiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
 name: cluster-nutanix
 namespace: hive
spec:
 clusterName: cluster-nutanix
 baseDomain: example.com
 platform:
   nutanix:
     credentialsSecretRef:
       name: nutanix-creds
     prismCentral:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
 provisioning:
   installConfigSecretRef:
     name: cluster-nutanix-install-config
   imageSetRef:
     name: cluster-nutanix-image-set
 pullSecretRef:
   name: pull-secret
****

Secrets

• nutanix-creds.yaml

apiVersion: v1
data:
 password: <password>
 username: <username>
kind: Secret
metadata:
 name: nutanix-creds
 namespace: hive

• install-config.yaml

apiVersion: v1
baseDomain: example.com
compute:
- name: worker
controlPlane:
 name: master
metadata:
 name: cluster-nutanix
platform:
 nutanix:
   apiVIPs:
     - 10.0.0.123
   ingressVIPs:
     - 10.0.0.124
   prismCentral:
     endpoint:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
   prismElements: 
     - endpoint:
         address: cluster-nutanix.prism-element.nutanix.com
         port: 9440
       uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
       name: "NAME"
   subnetUUIDs:
     -  0005de05-75a3-dacb-ba00-123456789012
   failureDomains:
     - name: "LD Name"
       subnetUUIDs:
         -  0005de05-75a3-dacb-ba00-123456789012
       prismElements: 
         - endpoint:
             address: cluster-nutanix.prism-element.nutanix.com
             port: 9440
           uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
           name: "NAME"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@eliorerz: This pull request references HIVE-2777 which is a valid jira issue.

In response to this:

This is a partial implementation of #2550 PR, the final code will (probably) extend ClusterDeployment CR and will add support with MachinePools.

This PR adds support for provisioning OpenShift clusters on Nutanix using the OpenShift Installer's IPI installation method within Hive.

Key changes include:

• Integration with the OpenShift Installer IPI workflow for Nutanix.
• Implementation of necessary controllers, validations, and configuration options.
• Automatically set install-config nutanix platform credentials from secret nutanix-creds (see pasteInProviderCredentials method)

Implementation:

• ClusterDeployment

apiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
 name: cluster-nutanix
 namespace: hive
spec:
 clusterName: cluster-nutanix
 baseDomain: example.com
 platform:
   nutanix:
     credentialsSecretRef:
       name: nutanix-creds
     prismCentral:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
 provisioning:
   installConfigSecretRef:
     name: cluster-nutanix-install-config
   imageSetRef:
     name: cluster-nutanix-image-set
 pullSecretRef:
   name: pull-secret
****

Secrets

• nutanix-creds.yaml

apiVersion: v1
data:
 password: <password>
 username: <username>
kind: Secret
metadata:
 name: nutanix-creds
 namespace: hive

• install-config.yaml

apiVersion: v1
baseDomain: example.com
compute:
- name: worker
controlPlane:
 name: master
metadata:
 name: cluster-nutanix
platform:
 nutanix:
   apiVIPs:
     - 10.0.0.123
   ingressVIPs:
     - 10.0.0.124
   prismCentral:
     endpoint:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
   prismElements: 
     - endpoint:
         address: cluster-nutanix.prism-element.nutanix.com
         port: 9440
       uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
       name: "NAME"
   subnetUUIDs:
     -  0005de05-75a3-dacb-ba00-123456789012
   failureDomains:
     - name: "LD Name"
       subnetUUIDs:
         -  0005de05-75a3-dacb-ba00-123456789012
       prismElements: 
         - endpoint:
             address: cluster-nutanix.prism-element.nutanix.com
             port: 9440
           uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
           name: "NAME"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[codecov]

Codecov Report

Attention: Patch coverage is 46.40625% with 343 lines in your changes missing coverage. Please review.

Project coverage is 49.79%. Comparing base (66218d8) to head (62a98fc).

Files with missing lines	Patch %	Lines
contrib/pkg/createcluster/nutanix.go	0.00%	77 Missing ⚠️
contrib/pkg/deprovision/nutanix.go	0.00%	60 Missing ⚠️
pkg/controller/machinepool/nutanixactuator.go	57.81%	49 Missing and 5 partials ⚠️
pkg/installmanager/installmanager.go	28.88%	28 Missing and 4 partials ⚠️
pkg/install/generate.go	0.00%	23 Missing ⚠️
...s/hive/v1/machinepool_validating_admission_hook.go	0.00%	15 Missing and 1 partial ⚠️
...g/controller/clusterpool/clusterpool_controller.go	0.00%	15 Missing ⚠️
...g/controller/machinepool/machinepool_controller.go	0.00%	14 Missing ⚠️
pkg/controller/utils/nutainx.go	90.47%	13 Missing and 1 partial ⚠️
contrib/pkg/createcluster/create.go	0.00%	13 Missing ⚠️
... and 5 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2573      +/-   ##
==========================================
- Coverage   49.84%   49.79%   -0.05%     
==========================================
  Files         281      287       +6     
  Lines       32981    33607     +626     
==========================================
+ Hits        16439    16735     +296     
- Misses      15209    15528     +319     
- Partials     1333     1344      +11     

Files with missing lines	Coverage Δ
pkg/constants/constants.go	100.00% <ø> (ø)
...oller/clusterdeployment/installconfigvalidation.go	100.00% <100.00%> (ø)
.../v1/clusterdeployment_validating_admission_hook.go	85.86% <100.00%> (+0.25%)	⬆️
...shift/hive/apis/hive/v1/clusterdeployment_types.go	0.00% <ø> (ø)
...hift/hive/apis/hive/v1/clusterdeprovision_types.go	0.00% <ø> (ø)
...m/openshift/hive/apis/hive/v1/machinepool_types.go	0.00% <ø> (ø)
contrib/pkg/deprovision/deprovision.go	0.00% <0.00%> (ø)
pkg/controller/utils/credentials.go	0.00% <0.00%> (ø)
contrib/pkg/utils/nutanix/nutanix.go	0.00% <0.00%> (ø)
.../clusterdeployment/clusterdeployment_controller.go	66.80% <25.00%> (-0.23%)	⬇️
... and 11 more

[2uasimojo]

Going to get started on this.

One question about the install-config: I noticed the prismElements and subnetUUIDs are duplicated at the top level and under failureDomains. We talked yesterday about the ClusterDeployment.Spec.Platform.Nutanix schema not containing this redundancy. I assume it's still supported via install-config, but it's not necessary, right? IOW your PoC still works if you omit the top-level copy?

[eliorerz]

Going to get started on this.

One question about the install-config: I noticed the prismElements and subnetUUIDs are duplicated at the top level and under failureDomains. We talked yesterday about the ClusterDeployment.Spec.Platform.Nutanix schema not containing this redundancy. I assume it's still supported via install-config, but it's not necessary, right? IOW your PoC still works if you omit the top-level copy?

Thanks, Regarding your question, the problem is that PrismElements seems to be mandatory in the install install-config while the failureDomains is optional. In any case you want to define failureDomains you have to also set at least PrismElements[0].UUID.

[2uasimojo]

/test e2e e2e-pool

Weird flakery probably due to some upstream bug that seems to be fixed now.

[2uasimojo]

This is great! With a couple of minor tweaks, I think it's ready to go. (Except that, as we discussed, we're going to need to clone the appropriate install-config fields into cd.Spec.Platform.Nutanix in anticipation of MachinePools before we can actually "release" :( )

Reminders:

• We're going to need doc updates.
• Let's not forget to look into ClusterPools (will probably need to use Inventory). Note that the work required for ClusterPools overlaps quite a bit with that needed for hiveutil create-cluster, although the latter is optional as we've discussed.

[openshift-ci-robot]

@eliorerz: This pull request references HIVE-2777 which is a valid jira issue.

In response to this:

This is a partial implementation of #2550 PR, the final code will (probably) extend ClusterDeployment CR and will add support with MachinePools.

This PR adds support for provisioning OpenShift clusters on Nutanix using the OpenShift Installer's IPI installation method within Hive.

Key changes include:

• Integration with the OpenShift Installer IPI workflow for Nutanix.
• Implementation of necessary controllers, validations, and configuration options.
• Automatically set install-config nutanix platform credentials from secret nutanix-creds (see pasteInProviderCredentials method)

Implementation:

• ClusterDeployment

apiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
 name: cluster-nutanix
 namespace: hive
spec:
 clusterName: cluster-nutanix
 baseDomain: example.com
 platform:
   nutanix:
     credentialsSecretRef:
       name: nutanix-creds
     prismCentral:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
 provisioning:
   installConfigSecretRef:
     name: cluster-nutanix-install-config
   imageSetRef:
     name: cluster-nutanix-image-set
 pullSecretRef:
   name: pull-secret
****

Secrets

• nutanix-creds.yaml

apiVersion: v1
data:
 password: <password>
 username: <username>
kind: Secret
metadata:
 name: nutanix-creds
 namespace: hive

• install-config.yaml

apiVersion: v1
baseDomain: example.com
compute:
- name: worker
controlPlane:
 name: master
metadata:
 name: cluster-nutanix
platform:
 nutanix:
   apiVIPs:
     - 10.0.0.123
   ingressVIPs:
     - 10.0.0.124
   prismCentral:
     endpoint:
       address: cluster-nutanix.prism-central.nutanix.com
       port: 9440
   prismElements: 
     - endpoint:
         address: cluster-nutanix.prism-element.nutanix.com
         port: 9440
       uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
       name: "NAME"
   subnetUUIDs:
     -  0005de05-75a3-dacb-ba00-123456789012
   failureDomains:
     - name: "LD Name"
       subnetUUIDs:
         -  0005de05-75a3-dacb-ba00-123456789012
       prismElements: 
         - endpoint:
             address: cluster-nutanix.prism-element.nutanix.com
             port: 9440
           uuid: 0005de05-75a3-dacb-ba00-2c5da2ac4c1a
           name: "NAME"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: eliorerz
Once this PR has been reviewed and has the lgtm label, please assign suhanime for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: eliorerz
Once this PR has been reviewed and has the lgtm label, please assign suhanime for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@eliorerz: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-vsphere	62a98fc	link	true	/test e2e-vsphere
ci/prow/security	62a98fc	link	true	/test security
ci/prow/verify	62a98fc	link	true	/test verify

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.