Automatic installation of Calico on workload clusters

[hama-25179]

What this PR does / why we need it:
If CNI is not installed, the sample HelmChartProxy of nginx-ingress will not work, so I want to install CNI automatically.
Registering HelmChartProxy of calico as a Tilt resource, developers will no longer have to worry about CNI.

Additions and modifications

• develop.md: Add a calico auto-install configuration to the development docs.
• calico-cni.yaml: Modify a HelmChartProxy manifest of calico to target all workload clusters.
• setup-calico-autoinstallation.sh: Create a shell script to register HelmChartProxy manifest of calico as a Tilt resource.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #8

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: hama-25179 / name: Disuke Hamashima (1edbd16)

[k8s-ci-robot]

Welcome @hama-25179!

It looks like this is your first PR to kubernetes-sigs/cluster-api-addon-provider-helm 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-addon-provider-helm has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[Jont828]

Thanks for you contributions! Please sign the CLA when you have time in order to contribute to K8s open source projects.

[Jont828]

The prototype at the moment doesn't actually support matchExpressions as it only passes in the value of matchLabels. I think it would make sense to do so but need to verify that it would work with the client as I'm passing in the fields individually. Would you mind opening an issue to log that we want to add support for the other label selector fields?

[hama-25179]

I see. I'll open the issue.
Since the goal is to target all workload clusters, should I change it to the following instead of using matchExpressions?
(This one is much simpler)

  # Target all workload clusters.
    matchLabels: {}

[hama-25179]

I created the issue #15.

[Jont828]

Thanks for opening the issue! And let me double check about that -- I'm not certain if an empty label selector would select all clusters or no clusters.

[hama-25179]

I have confirmed that if the "HelmChartProxy" matchlabels setting is set to empty, the matching is unconditional.
Since it is a rather common Kubernetes setting to set the label selector to an empty setting for unconditional matching, I'd like to change the setting.

[Jont828]

Sure, I think that seems reasonable. Just to clarify, you're suggesting that empty labels should select everything like a wildcard or * sign?

[hama-25179]

That is correct.

[hama-25179]

Also, the URL for calico helm repo seems to have changed, so I updated the YAML.
(I intended to fix it in a222e9c)

• https://docs.tigera.io/calico/3.25/getting-started/kubernetes/helm#download-the-helm-chart

[Jont828]

This file seems reasonable to me and I'll test it out on my end when I have some time. I wonder if we should instead set up a separate Tiltfile for CAAPH instead and include this in there instead.

[hama-25179]

Is my understanding correct that prepare the Tiltfile in advance and copy it to tilt.d directory?.

[Jont828]

So the Tiltfile is where we would run tilt up from. Currently, we're running it from a clone of the Cluster API repo, but for other providers like Cluster API Provider for Azure, it has its own Tiltfile and doesn't require CAPI to be present.

[Jont828]

It might be worth bringing up in the CAPI office hours on how we could handle that.

[hama-25179]

I'm with you. Let us discuss it during the CAPI office hours.

[Jont828]

@hama-25179 I tested it out and it seems to work, just make sure you run chmod +x setup-calico-autoinstallation.sh and commit that to the branch.

[hama-25179]

Thank you for testing. I set executable permission to the script.

[hama-25179]

As for CLA, it will take a little more time for our company procedural reasons.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hama-25179
Once this PR has been reviewed and has the lgtm label, please assign vincepri for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[CecileRobertMichon]

should the link point to the kubernetes-sigs repo now?

[hama-25179]

Thank you for pointing that out.
I corrected the link point.
Also I corrected the link for calico. (for inaccessible)

[Jont828]

@hama-25179 I tried running off of your branch and had some issues. I've opened #24 so that the empty label selector you added here will allow it to select all workload clusters, and to fix some typos with the webhook. PTAL and once that merges we can rebase your current PR.

[Jont828]

@hama-25179 I merged the PR to change the label selector as well as some of the CI tests. Can you rebase and try it out to make sure it still works?

[hama-25179]

@Jont828 I have checked again, there are no problems.
Although unrelated to this correction,I thought the parameter "sync-period" default value of 10 min was long.I create a workload cluster after applying HelmChartProxy resource,It takes up to 10 minutes to start the installation of Helmchart.
How about changing the default value to about 1-2 minutes?

• cluster-api-addon-provider-helm/main.go

  Lines 73 to 74 in 3bfa919

  	flag.DurationVar(&syncPeriod, "sync-period", 10*time.Minute,
  	"The minimum interval at which watched resources are reconciled (e.g. 15m)")

[Jont828]

/ok-to-test

[Jont828]

I set it at 10 min to match the sync period for the CAPI controller but since it's a CLI flag you should be able to override it with something like this. IMO we could probably reduce the sync period for development at least though.

extra_args:
  helm:
    - "--sync-period=1m"

[Jont828]

@hama-25179 This looks good to me! Could you squash your commits before I merge?