kubernetes-sigs · PanSpagetka · Apr 22, 2025
diff --git a/PROJECT b/PROJECT
@@ -2,59 +2,60 @@ version: "2"
 domain: cluster.x-k8s.io
 repo: sigs.k8s.io/cluster-api-provider-aws
 resources:
-# v1beta1 types
 - group: infrastructure
-  version: v1beta1
   kind: AWSMachine
-- group: infrastructure
   version: v1beta1
-  kind: AWSCluster
 - group: infrastructure
+  kind: AWSCluster
   version: v1beta1
-  kind: AWSMachineTemplate
 - group: infrastructure
+  kind: AWSMachineTemplate
   version: v1beta1
-  kind: AWSClusterStaticIdentity
 - group: infrastructure
+  kind: AWSClusterStaticIdentity
   version: v1beta1
-  kind: AWSClusterRoleIdentity
 - group: infrastructure
+  kind: AWSClusterRoleIdentity
   version: v1beta1
-  kind: AWSClusterControllerIdentity
 - group: infrastructure
+  kind: AWSClusterControllerIdentity
   version: v1beta1
-  kind: AWSClusterTemplate
 - group: infrastructure
+  kind: AWSClusterTemplate
   version: v1beta1
-  kind: AWSManagedControlPlanes
 - group: infrastructure
+  kind: AWSManagedControlPlanes
   version: v1beta1
+- group: infrastructure
   kind: AWSManagedCluster
-# v1beta2 types
+  version: v1beta1
 - group: infrastructure
-  version: v1beta2
   kind: AWSMachine
-- group: infrastructure
   version: v1beta2
-  kind: AWSCluster
 - group: infrastructure
+  kind: AWSCluster
   version: v1beta2
-  kind: AWSMachineTemplate
 - group: infrastructure
+  kind: AWSMachineTemplate
   version: v1beta2
-  kind: AWSClusterStaticIdentity
 - group: infrastructure
+  kind: AWSClusterStaticIdentity
   version: v1beta2
-  kind: AWSClusterRoleIdentity
 - group: infrastructure
+  kind: AWSClusterRoleIdentity
   version: v1beta2
-  kind: AWSClusterControllerIdentity
 - group: infrastructure
+  kind: AWSClusterControllerIdentity
   version: v1beta2
-  kind: AWSClusterTemplate
 - group: infrastructure
+  kind: AWSClusterTemplate
   version: v1beta2
-  kind: AWSManagedControlPlanes
 - group: infrastructure
+  kind: AWSManagedControlPlanes
   version: v1beta2
+- group: infrastructure
   kind: AWSManagedCluster
+  version: v1beta2
+- group: infrastructure
+  kind: ROSARoleConfig
+  version: v1beta2
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_rosaroleconfigs.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_rosaroleconfigs.yaml
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -24,6 +24,7 @@ resources:
 - bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml
 - bases/infrastructure.cluster.x-k8s.io_rosaclusters.yaml
 - bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml
+- bases/infrastructure.cluster.x-k8s.io_rosaroleconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -38,6 +39,7 @@ patchesStrategicMerge:
 - patches/webhook_in_awsmanagedcontrolplanes.yaml
 - patches/webhook_in_eksconfigs.yaml
 - patches/webhook_in_eksconfigtemplates.yaml
+- patches/webhook_in_rosaroleconfigs.yaml
   # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
@@ -52,6 +54,7 @@ patchesStrategicMerge:
 - patches/cainjection_in_awsmanagedclusters.yaml
 - patches/cainjection_in_eksconfigs.yaml
 - patches/cainjection_in_eksconfigtemplates.yaml
+- patches/cainjection_in_rosaroleconfigs.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # [LABEL] To enable label, uncomment all the sections with [LABEL] prefix.

diff --git a/config/crd/patches/cainjection_in_rosaroleconfigs.yaml b/config/crd/patches/cainjection_in_rosaroleconfigs.yaml
@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1        
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: rosaroleconfigs.infrastructure.cluster.x-k8s.io
diff --git a/config/crd/patches/webhook_in_rosaroleconfigs.yaml b/config/crd/patches/webhook_in_rosaroleconfigs.yaml
@@ -0,0 +1,16 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: rosaroleconfigs.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      conversionReviewVersions: ["v1", "v1beta1"]
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -176,6 +176,7 @@ rules:
   - awsfargateprofiles/status
   - rosaclusters/status
   - rosamachinepools/status
+  - rosaroleconfigs/status
   verbs:
   - get
   - patch
@@ -197,6 +198,7 @@ rules:
   - infrastructure.cluster.x-k8s.io
   resources:
   - awsmachines
+  - rosaroleconfigs
   verbs:
   - create
   - delete

diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml
@@ -223,6 +223,28 @@ webhooks:
     resources:
     - rosamachinepools
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-infrastructure-cluster-x-k8s-io-v1beta2-rosaroleconfig
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.rosaroleconfig.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1beta2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rosaroleconfigs
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   - v1beta1
@@ -559,6 +581,28 @@ webhooks:
     resources:
     - rosamachinepools
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1beta2-rosaroleconfig
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.rosaroleconfig.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1beta2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rosaroleconfigs
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   - v1beta1

diff --git a/controlplane/rosa/api/v1beta2/rosacontrolplane_types.go b/controlplane/rosa/api/v1beta2/rosacontrolplane_types.go
@@ -21,7 +21,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
-	expinfrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/exp/api/v1beta2"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
@@ -327,7 +326,7 @@ type DefaultMachinePoolSpec struct {
 	// Autoscaling specifies auto scaling behaviour for the default MachinePool. Autoscaling min/max value
 	// must be equal or multiple of the availability zones count.
 	// +optional
-	Autoscaling *expinfrav1.RosaMachinePoolAutoScaling `json:"autoscaling,omitempty"`
+	Autoscaling *AutoScaling `json:"autoscaling,omitempty"`
 
 	// VolumeSize set the disk volume size for the default workers machine pool in Gib. The default is 300 GiB.
 	// +kubebuilder:validation:Minimum=75
@@ -337,6 +336,14 @@ type DefaultMachinePoolSpec struct {
 	VolumeSize int `json:"volumeSize,omitempty"`
 }
 
+// AutoScaling specifies scaling options.
+type AutoScaling struct {
+	// +kubebuilder:validation:Minimum=1
+	MinReplicas int `json:"minReplicas,omitempty"`
+	// +kubebuilder:validation:Minimum=1
+	MaxReplicas int `json:"maxReplicas,omitempty"`
+}
+
 // AWSRolesRef contains references to various AWS IAM roles required for operators to make calls against the AWS API.
 type AWSRolesRef struct {
 	// The referenced role must have a trust relationship that allows it to be assumed via web identity.

diff --git a/controlplane/rosa/api/v1beta2/zz_generated.deepcopy.go b/controlplane/rosa/api/v1beta2/zz_generated.deepcopy.go
diff --git a/exp/api/v1beta2/rosamachinepool_types.go b/exp/api/v1beta2/rosamachinepool_types.go
@@ -22,6 +22,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	rosacontrolplanev1 "sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/rosa/api/v1beta2"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
@@ -79,7 +80,7 @@ type RosaMachinePoolSpec struct {
 	// Autoscaling specifies auto scaling behaviour for this MachinePool.
 	// required if Replicas is not configured
 	// +optional
-	Autoscaling *RosaMachinePoolAutoScaling `json:"autoscaling,omitempty"`
+	Autoscaling *rosacontrolplanev1.AutoScaling `json:"autoscaling,omitempty"`
 
 	// TuningConfigs specifies the names of the tuning configs to be applied to this MachinePool.
 	// Tuning configs must already exist.
@@ -139,14 +140,6 @@ type RosaTaint struct {
 	Effect corev1.TaintEffect `json:"effect"`
 }
 
-// RosaMachinePoolAutoScaling specifies scaling options.
-type RosaMachinePoolAutoScaling struct {
-	// +kubebuilder:validation:Minimum=1
-	MinReplicas int `json:"minReplicas,omitempty"`
-	// +kubebuilder:validation:Minimum=1
-	MaxReplicas int `json:"maxReplicas,omitempty"`
-}
-
 // RosaUpdateConfig specifies update configuration
 type RosaUpdateConfig struct {
 	// RollingUpdate specifies MaxUnavailable & MaxSurge number of nodes during update.