add CRS for featuregates package

Signed-off-by: Harish Yayi <yharish991@gmail.com>

Author: yharish991

pkg/v1/providers/ytt/02_addons/management-packages/add_featuregates_package.yaml

@@ -0,0 +1,195 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:yaml", "yaml")
+
+#@ def featuregates_package_install_definition():
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tanzu-featuregates-package-sa
+  namespace: tkg-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tanzu-featuregates-package-cluster-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+      - services
+    verbs:
+      - get
+      - create
+      - update
+      - watch
+      - list
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cert-manager.io
+    resources:
+      - certificates
+      - issuers
+    verbs:
+      - get
+      - create
+      - update
+      - list
+      - watch
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+    verbs:
+      - get
+      - create
+      - update
+      - list
+      - watch
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+    verbs:
+      - get
+      - create
+      - update
+      - list
+      - watch
+  - apiGroups:
+      - config.tanzu.vmware.com
+    resources:
+      - featuregates
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - config.tanzu.vmware.com
+    resources:
+      - featuregates/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - config.tanzu.vmware.com
+    resources:
+      - features
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - config.tanzu.vmware.com
+    resources:
+      - features/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tanzu-featuregates-package-cluster-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tanzu-featuregates-package-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: tanzu-featuregates-package-sa
+    namespace: tkg-system
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: tanzu-featuregates-manager
+  namespace: tkg-system
+spec:
+  serviceAccountName: tanzu-featuregates-package-sa
+  packageRef:
+    refName: featuregates.tanzu.vmware.com
+    versionSelection:
+      prereleases: {}
+---
+#@ end
+
+#@ if data.values.TKG_CLUSTER_ROLE != "workload":
+#@ if data.values.DISABLE_CRS_FOR_ADDON_TYPE and "packages/management-packages" in data.values.DISABLE_CRS_FOR_ADDON_TYPE:
+--- #@ featuregates_package_install_definition()
+#@ else:
+---
+apiVersion: addons.cluster.x-k8s.io/v1alpha3
+kind: ClusterResourceSet
+metadata:
+  name: #@ "{}-featuregates-package".format(data.values.CLUSTER_NAME)
+  labels:
+    cluster.x-k8s.io/cluster-name: #@ data.values.CLUSTER_NAME
+  annotations:
+    tkg.tanzu.vmware.com/addon-type: "packages/management-packages"
+spec:
+  strategy: "ApplyOnce"
+  clusterSelector:
+    matchLabels:
+      tkg.tanzu.vmware.com/cluster-name: #@ data.values.CLUSTER_NAME
+  resources:
+    - name: #@ "{}-featuregates-package-crs".format(data.values.CLUSTER_NAME)
+      kind: Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: #@ "{}-featuregates-package-crs".format(data.values.CLUSTER_NAME)
+type: addons.cluster.x-k8s.io/resource-set
+stringData:
+  value: #@ yaml.encode(featuregates_package_install_definition())
+#@ end
+#@ end

pkg/v1/tkg/client/upgrade_addon.go

@@ -210,6 +210,11 @@ func (c *TkgClient) DoUpgradeAddon(regionalClusterClient clusterclient.Client, /
 				return errors.Errorf("upgrade of '%s' component is only supported on management cluster", addonName)
 			}
 			crsDisabledAddon = true
+		case "packages/management-packages":
+			if !options.IsRegionalCluster {
+				return errors.Errorf("upgrade of '%s' component is only supported on management cluster", addonName)
+			}
+			crsDisabledAddon = true
 		default:
 			return errors.Errorf("upgrade of '%s' component is not supported", addonName)
 		}

pkg/v1/tkg/client/upgrade_cluster.go

@@ -348,7 +348,8 @@ func (c *TkgClient) upgradeAddonPreNodeUpgrade(regionalClusterClient clusterclie
 			"addons-management/tanzu-addons-manager",
 			"tkr/tkr-controller",
 			"addons-management/core-package-repo",
-			"packages/management-package-repo")
+			"packages/management-package-repo",
+			"packages/management-packages")
 	}
 	upgradeClusterMetadataOptions := &UpgradeAddonOptions{
 		AddonNames:        addonsToBeUpgraded,