diff --git a/cloud/util/util.go b/cloud/util/util.go index abe53983..2fc453f7 100644 --- a/cloud/util/util.go +++ b/cloud/util/util.go @@ -158,6 +158,10 @@ func InitClientsAndRegion(ctx context.Context, client client.Client, defaultRegi } else { clientProvider = defaultClientProvider } + if clientProvider == nil { + return nil, "", scope.OCIClients{}, errors.New("OCI authentication credentials could not be retrieved from pod or cluster level," + + "please install Cluster API Provider for OCI with OCI authentication credentials or set Cluster Identity in the OCICluster") + } // Region set at cluster takes highest precedence if len(clusterAccessor.GetRegion()) > 0 { clusterRegion = clusterAccessor.GetRegion() diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index ea9f89b3..a34b72a9 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -30,6 +30,7 @@ spec: - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},OKE=${EXP_OKE:=false}" - "--metrics-bind-address=127.0.0.1:8080" - "--logging-format=${LOG_FORMAT:=text}" + - "--init-oci-clients-on-startup=${INIT_OCI_CLIENTS_ON_STARTUP:=true}" image: controller:latest name: manager securityContext: diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md index 1cf6ab9f..08211362 100644 --- a/docs/src/SUMMARY.md +++ b/docs/src/SUMMARY.md @@ -29,6 +29,7 @@ - [Provision a PVC on the File Storage Service](./gs/pvc-fss.md) - [Customize worker nodes](./gs/customize-worker-node.md) - [Multi Tenancy](./gs/multi-tenancy.md) + - [Advanced Options](./gs/advanced.md) - [Networking Guide](./networking/networking.md) - [Default Network Infrastructure](./networking/infrastructure.md) - [Using Calico](./networking/calico.md) diff --git a/docs/src/gs/advanced.md b/docs/src/gs/advanced.md new file mode 100644 index 00000000..f5974bfb --- /dev/null +++ b/docs/src/gs/advanced.md @@ -0,0 +1,18 @@ +# Advanced Options + +## Disable OCI Client initialization on startup + +CAPOCI supports setting OCI principals at [cluster level][cluster-identity], hence CAPOCI can be +installed without providing OCI user credentials. The following environment variable need to be exported +to install CAPOCI without providing any OCI credentials. + + ```shell + export INIT_OCI_CLIENTS_ON_STARTUP=false + ``` + +If the above setting is used, and [Cluster Identity][cluster-identity] is not used, the OCICluster will +go into error state, and the following error will show up in the CAPOCI pod logs. + +`OCI authentication credentials could not be retrieved from pod or cluster level,please install Cluster API Provider for OCI with OCI authentication credentials or set Cluster Identity in the OCICluster` + +[cluster-identity]: ./multi-tenancy.md \ No newline at end of file diff --git a/main.go b/main.go index d72fd1ce..bc778147 100644 --- a/main.go +++ b/main.go @@ -57,6 +57,7 @@ var ( ociClusterConcurrency int ociMachineConcurrency int ociMachinePoolConcurrency int + initOciClientsOnStartup bool ) const ( @@ -112,6 +113,12 @@ func main() { 5, "Number of OciMachinePools to process simultaneously", ) + flag.BoolVar( + &initOciClientsOnStartup, + "init-oci-clients-on-startup", + true, + "Initialize OCI clients on startup", + ) opts := zap.Options{ Development: true, @@ -144,46 +151,48 @@ func main() { setupLog.Error(err, "unable to start manager") os.Exit(1) } + // Setup the context that's going to be used in controllers and for the manager. + ctx := ctrl.SetupSignalHandler() - authConfigDir := os.Getenv(AuthConfigDirectory) - if authConfigDir == "" { - setupLog.Error(err, "auth config directory environment variable is not set") - os.Exit(1) - } - - authConfig, err := config.FromDir(authConfigDir) - if err != nil { - setupLog.Error(err, "invalid auth config file") - os.Exit(1) - } + var clientProvider *scope.ClientProvider + var region string + if initOciClientsOnStartup { + authConfigDir := os.Getenv(AuthConfigDirectory) + if authConfigDir == "" { + setupLog.Error(err, "auth config directory environment variable is not set") + os.Exit(1) + } - setupLog.Info("CAPOCI Version", "version", version.GitVersion) - ociAuthConfigProvider, err := config.NewConfigurationProvider(authConfig) - if err != nil { - setupLog.Error(err, "authentication provider could not be initialised") - os.Exit(1) - } + authConfig, err := config.FromDir(authConfigDir) + if err != nil { + setupLog.Error(err, "invalid auth config file") + os.Exit(1) + } - // Setup the context that's going to be used in controllers and for the manager. - ctx := ctrl.SetupSignalHandler() + setupLog.Info("CAPOCI Version", "version", version.GitVersion) + ociAuthConfigProvider, err := config.NewConfigurationProvider(authConfig) + if err != nil { + setupLog.Error(err, "authentication provider could not be initialised") + os.Exit(1) + } - region, err := ociAuthConfigProvider.Region() - if err != nil { - setupLog.Error(err, "unable to get OCI region from AuthConfigProvider") - os.Exit(1) - } + region, err = ociAuthConfigProvider.Region() + if err != nil { + setupLog.Error(err, "unable to get OCI region from AuthConfigProvider") + os.Exit(1) + } - clientProvider, err := scope.NewClientProvider(ociAuthConfigProvider) - if err != nil { - setupLog.Error(err, "unable to create OCI ClientProvider") - os.Exit(1) - } - _, err = clientProvider.GetOrBuildClient(region) - if err != nil { - setupLog.Error(err, "authentication provider could not be initialised") - os.Exit(1) + clientProvider, err = scope.NewClientProvider(ociAuthConfigProvider) + if err != nil { + setupLog.Error(err, "unable to create OCI ClientProvider") + os.Exit(1) + } + _, err = clientProvider.GetOrBuildClient(region) + if err != nil { + setupLog.Error(err, "authentication provider could not be initialised") + os.Exit(1) + } } - if err = (&controllers.OCIClusterReconciler{ Client: mgr.GetClient(), Scheme: mgr.GetScheme(),