SPLAT-2651: Added support to mange kube-cloud-config for vSphere in openshift-config-managed

[vr4manta]

SPLAT-2651

Changes

Enhanced the cluster-cloud-controller-manager-operator (CCCMO) to manage the openshift-config-managed/kube-cloud-config ConfigMap for vSphere platforms,
migrating ownership from the Cluster Config Operator (CCO) to CCCMO. This enables CCCMO to:

1. Convert INI-format cloud configs to YAML
2. Apply transformations to add Infrastructure-derived values (vCenters, labels, networking)
3. Maintain a single source of truth for cloud configuration
4. Gate functionality behind the VSphereMultiVCenterDay2 feature gate

Tests covering:

• vSphere with feature gate enabled → returns true
• vSphere with feature gate disabled → returns false
• vSphere with nil feature gates → returns false
• Other platforms (AWS, Azure, GCP) → returns false
• Creates ConfigMap if doesn't exist
• Updates ConfigMap when data differs
• Skips update when data is identical (equality check)
• Error handling: nil source, missing data, missing required key

Enhanced RBAC for openshift-config-managed namespace - Lines 284-295

Added verbs to existing Role:
verbs:
- get
- list
- watch
- create # NEW: For initial ConfigMap creation (migration from CCO)
- update # NEW: For ongoing updates
- patch # NEW: For ongoing updates

Purpose: Allow CCCMO service account to manage ConfigMaps in openshift-config-managed namespace

Feature Gate Integration

Feature Gate: VSphereMultiVCenterDay2

• Type: configv1.FeatureGateName (typed constant)
• Constant: features.FeatureGateVSphereMultiVCenterDay2
• Purpose: Gates the managed ConfigMap functionality
• Pattern: Uses nil-safe checking via isFeatureGateEnabled()

Before This Enhancement:

• vSphere cloud config existed in openshift-config (user-provided)
• CCO might manage openshift-config-managed/kube-cloud-config
• CCCMO only synced to openshift-cloud-controller-manager/cloud-conf
• No automatic INI→YAML conversion
• No Infrastructure-derived value injection

After This Enhancement:

• CCCMO now manages openshift-config-managed/kube-cloud-config for vSphere (when feature gate enabled)
• Automatic INI→YAML conversion using existing ReadConfig/MarshalConfig
• CloudConfigTransformer adds Infrastructure-derived values
• Creates managed ConfigMap if it doesn't exist (migration scenario)
• Updates managed ConfigMap only when content changes (equality check)
• Target ConfigMap always updated (no equality check for CCM consumption)

Migration Path from CCO to CCCMO

1. Feature gate disabled: CCO manages openshift-config-managed/kube-cloud-config
2. Feature gate enabled: CCCMO takes over:
   - Creates ConfigMap if CCO never created it
   - Updates ConfigMap with transformed content
   - Becomes single source of truth
3. Future platforms: Design allows easy addition of AWS/Azure/etc. by updating shouldManageManagedConfigMap()

[openshift-ci-robot]

@vr4manta: This pull request references SPLAT-2651 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.22." or "openshift-4.22.", but it targets "openshift-5.0" instead.

Details

In response to this:

SPLAT-2651

Changes

Enhanced the cluster-cloud-controller-manager-operator (CCCMO) to manage the openshift-config-managed/kube-cloud-config ConfigMap for vSphere platforms,
migrating ownership from the Cluster Config Operator (CCO) to CCCMO. This enables CCCMO to:

1. Convert INI-format cloud configs to YAML
2. Apply transformations to add Infrastructure-derived values (vCenters, labels, networking)
3. Maintain a single source of truth for cloud configuration
4. Gate functionality behind the VSphereMultiVCenterDay2 feature gate

Tests covering:

• vSphere with feature gate enabled → returns true
• vSphere with feature gate disabled → returns false
• vSphere with nil feature gates → returns false
• Other platforms (AWS, Azure, GCP) → returns false
• Creates ConfigMap if doesn't exist
• Updates ConfigMap when data differs
• Skips update when data is identical (equality check)
• Error handling: nil source, missing data, missing required key

Enhanced RBAC for openshift-config-managed namespace - Lines 284-295

Added verbs to existing Role:
verbs:

• get
• list
• watch
• create # NEW: For initial ConfigMap creation (migration from CCO)
• update # NEW: For ongoing updates
• patch # NEW: For ongoing updates

Purpose: Allow CCCMO service account to manage ConfigMaps in openshift-config-managed namespace

Feature Gate Integration

Feature Gate: VSphereMultiVCenterDay2

• Type: configv1.FeatureGateName (typed constant)
• Constant: features.FeatureGateVSphereMultiVCenterDay2
• Purpose: Gates the managed ConfigMap functionality
• Pattern: Uses nil-safe checking via isFeatureGateEnabled()

Before This Enhancement:

• vSphere cloud config existed in openshift-config (user-provided)
• CCO might manage openshift-config-managed/kube-cloud-config
• CCCMO only synced to openshift-cloud-controller-manager/cloud-conf
• No automatic INI→YAML conversion
• No Infrastructure-derived value injection

After This Enhancement:

• CCCMO now manages openshift-config-managed/kube-cloud-config for vSphere (when feature gate enabled)
• Automatic INI→YAML conversion using existing ReadConfig/MarshalConfig
• CloudConfigTransformer adds Infrastructure-derived values
• Creates managed ConfigMap if it doesn't exist (migration scenario)
• Updates managed ConfigMap only when content changes (equality check)
• Target ConfigMap always updated (no equality check for CCM consumption)

Migration Path from CCO to CCCMO

1. Feature gate disabled: CCO manages openshift-config-managed/kube-cloud-config
2. Feature gate enabled: CCCMO takes over:

• Creates ConfigMap if CCO never created it
• Updates ConfigMap with transformed content
• Becomes single source of truth

3. Future platforms: Design allows easy addition of AWS/Azure/etc. by updating shouldManageManagedConfigMap()

Testing Coverage

• Feature gate enabled/disabled scenarios
• Nil feature gate handling
• Platform-specific behavior (vSphere vs others)
• ConfigMap creation (doesn't exist)
• ConfigMap updates (exists with different data)
• ConfigMap skip (exists with identical data)
• Error handling (nil source, missing data, missing keys)

Files Modified Summary

1. pkg/controllers/cloud_config_sync_controller.go - Core reconciliation logic
2. pkg/controllers/cloud_config_sync_controller_test.go - Test coverage
3. manifests/0000_26_cloud-controller-manager-operator_02_rbac_operator.yaml - RBAC permissions

Future Enhancements Planned

• Migrate AWS/Azure from CCO to CCCMO (mentioned in code comments)
• Additional transformer enhancements to match Infrastructure CR updates

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Excluded labels (none allowed) (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 97eec73e-f21f-417d-9312-609b0a22dad4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@vr4manta: This pull request references SPLAT-2651 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.22." or "openshift-4.22.", but it targets "openshift-5.0" instead.

Details

In response to this:

SPLAT-2651

Changes

Enhanced the cluster-cloud-controller-manager-operator (CCCMO) to manage the openshift-config-managed/kube-cloud-config ConfigMap for vSphere platforms,
migrating ownership from the Cluster Config Operator (CCO) to CCCMO. This enables CCCMO to:

1. Convert INI-format cloud configs to YAML
2. Apply transformations to add Infrastructure-derived values (vCenters, labels, networking)
3. Maintain a single source of truth for cloud configuration
4. Gate functionality behind the VSphereMultiVCenterDay2 feature gate

Tests covering:

• vSphere with feature gate enabled → returns true
• vSphere with feature gate disabled → returns false
• vSphere with nil feature gates → returns false
• Other platforms (AWS, Azure, GCP) → returns false
• Creates ConfigMap if doesn't exist
• Updates ConfigMap when data differs
• Skips update when data is identical (equality check)
• Error handling: nil source, missing data, missing required key

Enhanced RBAC for openshift-config-managed namespace - Lines 284-295

Added verbs to existing Role:
verbs:

• get
• list
• watch
• create # NEW: For initial ConfigMap creation (migration from CCO)
• update # NEW: For ongoing updates
• patch # NEW: For ongoing updates

Purpose: Allow CCCMO service account to manage ConfigMaps in openshift-config-managed namespace

Feature Gate Integration

Feature Gate: VSphereMultiVCenterDay2

• Type: configv1.FeatureGateName (typed constant)
• Constant: features.FeatureGateVSphereMultiVCenterDay2
• Purpose: Gates the managed ConfigMap functionality
• Pattern: Uses nil-safe checking via isFeatureGateEnabled()

Before This Enhancement:

• vSphere cloud config existed in openshift-config (user-provided)
• CCO might manage openshift-config-managed/kube-cloud-config
• CCCMO only synced to openshift-cloud-controller-manager/cloud-conf
• No automatic INI→YAML conversion
• No Infrastructure-derived value injection

After This Enhancement:

• CCCMO now manages openshift-config-managed/kube-cloud-config for vSphere (when feature gate enabled)
• Automatic INI→YAML conversion using existing ReadConfig/MarshalConfig
• CloudConfigTransformer adds Infrastructure-derived values
• Creates managed ConfigMap if it doesn't exist (migration scenario)
• Updates managed ConfigMap only when content changes (equality check)
• Target ConfigMap always updated (no equality check for CCM consumption)

Migration Path from CCO to CCCMO

1. Feature gate disabled: CCO manages openshift-config-managed/kube-cloud-config
2. Feature gate enabled: CCCMO takes over:

• Creates ConfigMap if CCO never created it
• Updates ConfigMap with transformed content
• Becomes single source of truth

3. Future platforms: Design allows easy addition of AWS/Azure/etc. by updating shouldManageManagedConfigMap()

Testing Coverage

• Feature gate enabled/disabled scenarios
• Nil feature gate handling
• Platform-specific behavior (vSphere vs others)
• ConfigMap creation (doesn't exist)
• ConfigMap updates (exists with different data)
• ConfigMap skip (exists with identical data)
• Error handling (nil source, missing data, missing keys)

Files Modified Summary

1. pkg/controllers/cloud_config_sync_controller.go - Core reconciliation logic
2. pkg/controllers/cloud_config_sync_controller_test.go - Test coverage
3. manifests/0000_26_cloud-controller-manager-operator_02_rbac_operator.yaml - RBAC permissions

Future Enhancements Planned

• Migrate AWS/Azure from CCO to CCCMO (mentioned in code comments)
• Additional transformer enhancements to match Infrastructure CR updates

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mdbooth for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@vr4manta: This pull request references SPLAT-2651 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.22." or "openshift-4.22.", but it targets "openshift-5.0" instead.

Details

In response to this:

SPLAT-2651

Changes

Enhanced the cluster-cloud-controller-manager-operator (CCCMO) to manage the openshift-config-managed/kube-cloud-config ConfigMap for vSphere platforms,
migrating ownership from the Cluster Config Operator (CCO) to CCCMO. This enables CCCMO to:

1. Convert INI-format cloud configs to YAML
2. Apply transformations to add Infrastructure-derived values (vCenters, labels, networking)
3. Maintain a single source of truth for cloud configuration
4. Gate functionality behind the VSphereMultiVCenterDay2 feature gate

Tests covering:

• vSphere with feature gate enabled → returns true
• vSphere with feature gate disabled → returns false
• vSphere with nil feature gates → returns false
• Other platforms (AWS, Azure, GCP) → returns false
• Creates ConfigMap if doesn't exist
• Updates ConfigMap when data differs
• Skips update when data is identical (equality check)
• Error handling: nil source, missing data, missing required key

Enhanced RBAC for openshift-config-managed namespace - Lines 284-295

Added verbs to existing Role:
verbs:

• get
• list
• watch
• create # NEW: For initial ConfigMap creation (migration from CCO)
• update # NEW: For ongoing updates
• patch # NEW: For ongoing updates

Purpose: Allow CCCMO service account to manage ConfigMaps in openshift-config-managed namespace

Feature Gate Integration

Feature Gate: VSphereMultiVCenterDay2

• Type: configv1.FeatureGateName (typed constant)
• Constant: features.FeatureGateVSphereMultiVCenterDay2
• Purpose: Gates the managed ConfigMap functionality
• Pattern: Uses nil-safe checking via isFeatureGateEnabled()

Before This Enhancement:

• vSphere cloud config existed in openshift-config (user-provided)
• CCO might manage openshift-config-managed/kube-cloud-config
• CCCMO only synced to openshift-cloud-controller-manager/cloud-conf
• No automatic INI→YAML conversion
• No Infrastructure-derived value injection

After This Enhancement:

• CCCMO now manages openshift-config-managed/kube-cloud-config for vSphere (when feature gate enabled)
• Automatic INI→YAML conversion using existing ReadConfig/MarshalConfig
• CloudConfigTransformer adds Infrastructure-derived values
• Creates managed ConfigMap if it doesn't exist (migration scenario)
• Updates managed ConfigMap only when content changes (equality check)
• Target ConfigMap always updated (no equality check for CCM consumption)

Migration Path from CCO to CCCMO

1. Feature gate disabled: CCO manages openshift-config-managed/kube-cloud-config
2. Feature gate enabled: CCCMO takes over:

• Creates ConfigMap if CCO never created it
• Updates ConfigMap with transformed content
• Becomes single source of truth

3. Future platforms: Design allows easy addition of AWS/Azure/etc. by updating shouldManageManagedConfigMap()

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.