Add adapter-hypershift for remote HostedCluster creation

Add a new adapter helm package that creates HostedCluster resources on a
remote HyperShift management cluster via a mounted kubeconfig secret.
Uses NodePort for Ignition/OAuth services and parameterizes OCI region,
compartment, release image, CPO image, and worker node IP via env vars.

Author: vkareh

helm/adapter-hypershift/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: adapter-hypershift
+description: HyperShift adapter - creates HostedCluster resources on a remote management cluster
+type: application
+version: 0.1.0
+appVersion: "0.0.0-dev"
+
+dependencies:
+  - name: hyperfleet-adapter
+    version: "2.0.0"
+    repository: "git+https://github.com/openshift-hyperfleet/hyperfleet-adapter@charts?ref=main"

helm/adapter-hypershift/adapter-config.yaml

@@ -0,0 +1,26 @@
+# HyperShift adapter deployment configuration
+# Creates HostedCluster resources on a remote HyperShift management cluster
+adapter:
+  name: adapter-hypershift
+  version: "0.2.0"
+
+debug_config: true
+log:
+  level: debug
+
+clients:
+  hyperfleet_api:
+    base_url: http://hyperfleet-api:8000
+    version: v1
+    timeout: 10s
+    retry_attempts: 3
+    retry_backoff: exponential
+
+  broker:
+    subscription_id: "adapter-hypershift"
+    topic: "hyperfleet-clusters"
+
+  kubernetes:
+    api_version: "v1"
+    # Use the mounted kubeconfig to target the remote HyperShift management cluster
+    kube_config_path: /etc/hypershift/kubeconfig

helm/adapter-hypershift/adapter-task-config.yaml

@@ -0,0 +1,208 @@
+# HyperShift adapter task configuration
+# Creates a HostedCluster + required secrets on the remote management cluster
+params:
+
+  - name: "clusterId"
+    source: "event.id"
+    type: "string"
+    required: true
+
+  - name: "generation"
+    source: "event.generation"
+    type: "int"
+    required: true
+
+  - name: "namespace"
+    source: "env.CLUSTERS_NAMESPACE"
+    type: "string"
+
+  - name: "ociRegion"
+    source: "env.OCI_REGION"
+    type: "string"
+
+  - name: "ociCompartmentId"
+    source: "env.OCI_COMPARTMENT_ID"
+    type: "string"
+
+  - name: "releaseImage"
+    source: "env.OPENSHIFT_RELEASE_IMAGE"
+    type: "string"
+
+  - name: "baseDomain"
+    source: "env.BASE_DOMAIN"
+    type: "string"
+
+  - name: "cpoImage"
+    source: "env.CPO_IMAGE"
+    type: "string"
+
+  - name: "workerNodeIP"
+    source: "env.WORKER_NODE_IP"
+    type: "string"
+
+# Preconditions: check cluster details from API
+preconditions:
+  - name: "clusterStatus"
+    api_call:
+      method: "GET"
+      url: "/clusters/{{ .clusterId }}"
+      timeout: 10s
+      retry_attempts: 3
+      retry_backoff: "exponential"
+    capture:
+      - name: "clusterName"
+        field: "name"
+      - name: "generation"
+        field: "generation"
+      - name: "clusterNotReady"
+        expression: |
+          status.conditions.filter(c, c.type == "Ready").size() > 0
+            ? status.conditions.filter(c, c.type == "Ready")[0].status != "True"
+            : true
+
+  - name: "validationCheck"
+    expression: |
+      clusterNotReady
+
+# Resources: Namespace + HostedCluster on the remote management cluster
+resources:
+
+  # Ensure the clusters namespace exists on the management cluster
+  - name: "clustersNamespace"
+    transport:
+      client: "kubernetes"
+    manifest:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: "{{ .namespace }}"
+    discovery:
+      by_name: "{{ .namespace }}"
+
+  # Create the HostedCluster resource
+  - name: "hostedCluster"
+    transport:
+      client: "kubernetes"
+    manifest:
+      apiVersion: hypershift.openshift.io/v1beta1
+      kind: HostedCluster
+      metadata:
+        name: "{{ .clusterName }}"
+        namespace: "{{ .namespace }}"
+        annotations:
+          hypershift.openshift.io/pod-security-admission-label-override: "privileged"
+          hypershift.openshift.io/control-plane-operator-image: "{{ .cpoImage }}"
+          hypershift.openshift.io/disable-monitoring-services: "true"
+        labels:
+          hyperfleet.io/cluster-id: "{{ .clusterId }}"
+          hyperfleet.io/cluster-name: "{{ .clusterName }}"
+      spec:
+        platform:
+          type: OCI
+          oci:
+            identityRef:
+              name: oci-credentials
+            region: "{{ .ociRegion }}"
+            compartmentId: "{{ .ociCompartmentId }}"
+        controllerAvailabilityPolicy: SingleReplica
+        pullSecret:
+          name: pull-secret
+        sshKey:
+          name: ssh-key
+        networking:
+          clusterNetwork:
+            - cidr: 10.132.0.0/14
+          serviceNetwork:
+            - cidr: 172.31.0.0/16
+          networkType: OVNKubernetes
+        services:
+          - service: Ignition
+            servicePublishingStrategy:
+              type: NodePort
+              nodePort:
+                address: "{{ .workerNodeIP }}"
+          - service: OAuthServer
+            servicePublishingStrategy:
+              type: NodePort
+              nodePort:
+                address: "{{ .workerNodeIP }}"
+          - service: APIServer
+            servicePublishingStrategy:
+              type: LoadBalancer
+          - service: Konnectivity
+            servicePublishingStrategy:
+              type: LoadBalancer
+        release:
+          image: "{{ .releaseImage }}"
+        dns:
+          baseDomain: "{{ .baseDomain }}"
+    discovery:
+      namespace: "{{ .namespace }}"
+      by_selectors:
+        label_selector:
+          hyperfleet.io/cluster-id: "{{ .clusterId }}"
+
+# Post-processing: report HostedCluster status back to API
+post:
+  payloads:
+    - name: "statusPayload"
+      build:
+        adapter: "{{ .adapter.name }}"
+        conditions:
+          - type: "Applied"
+            status:
+              expression: |
+                has(resources.hostedCluster.metadata.creationTimestamp) ? "True" : "False"
+            reason:
+              expression: |
+                has(resources.hostedCluster.metadata.creationTimestamp) ? "HostedClusterCreated" : "HostedClusterPending"
+            message:
+              expression: |
+                has(resources.hostedCluster.metadata.creationTimestamp)
+                ? "HostedCluster has been created on the management cluster"
+                : "HostedCluster is pending creation"
+          - type: "Available"
+            status:
+              expression: |
+                has(resources.hostedCluster.status) && has(resources.hostedCluster.status.conditions)
+                ? (resources.hostedCluster.status.conditions.filter(c, c.type == "Available").size() > 0
+                   ? resources.hostedCluster.status.conditions.filter(c, c.type == "Available")[0].status
+                   : "False")
+                : "False"
+            reason:
+              expression: |
+                has(resources.hostedCluster.status) && has(resources.hostedCluster.status.conditions)
+                ? (resources.hostedCluster.status.conditions.filter(c, c.type == "Available").size() > 0
+                   ? resources.hostedCluster.status.conditions.filter(c, c.type == "Available")[0].reason
+                   : "WaitingForControlPlane")
+                : "WaitingForControlPlane"
+            message:
+              expression: |
+                has(resources.hostedCluster.status) && has(resources.hostedCluster.status.conditions)
+                ? (resources.hostedCluster.status.conditions.filter(c, c.type == "Available").size() > 0
+                   ? resources.hostedCluster.status.conditions.filter(c, c.type == "Available")[0].message
+                   : "Waiting for hosted control plane to become available")
+                : "Waiting for hosted control plane to become available"
+          - type: "Health"
+            status:
+              expression: |
+                adapter.?executionStatus.orValue("") == "success" ? "True" : (adapter.?executionStatus.orValue("") == "failed" ? "False" : "Unknown")
+            reason:
+              expression: |
+                adapter.?errorReason.orValue("") != "" ? adapter.?errorReason.orValue("") : "Healthy"
+            message:
+              expression: |
+                adapter.?errorMessage.orValue("") != "" ? adapter.?errorMessage.orValue("") : "Adapter executed successfully"
+        observed_generation:
+          expression: "generation"
+        observed_time: "{{ now | date \"2006-01-02T15:04:05Z07:00\" }}"
+
+  post_actions:
+    - name: "reportClusterStatus"
+      api_call:
+        method: "POST"
+        url: "/clusters/{{ .clusterId }}/statuses"
+        headers:
+          - name: "Content-Type"
+            value: "application/json"
+        body: "{{ .statusPayload }}"

helm/adapter-hypershift/charts/hyperfleet-adapter-2.0.0.tgz

@@ -0,0 +1,65 @@
+# Values for adapter-hypershift
+# Creates HostedCluster resources on a remote HyperShift management cluster
+
+hyperfleet-adapter:
+  image:
+    registry: CHANGE_ME
+    repository: CHANGE_ME
+    tag: latest
+
+  adapterConfig:
+    create: true
+    log:
+      level: debug
+
+  adapterTaskConfig:
+    create: true
+
+  broker:
+    type: googlepubsub
+    googlepubsub:
+      projectId: CHANGE_ME
+      subscriptionId: CHANGE_ME
+      topic: CHANGE_ME
+      deadLetterTopic: ""
+      createTopicIfMissing: true
+      createSubscriptionIfMissing: true
+    rabbitmq:
+      url: CHANGE_ME
+      queue: ""
+      exchange: ""
+      routingKey: ""
+
+  env:
+    - name: NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: CLUSTERS_NAMESPACE
+      value: clusters
+    - name: OCI_REGION
+      value: us-sanjose-1
+    - name: OCI_COMPARTMENT_ID
+      value: ocid1.compartment.oc1..aaaaaaaazgovbe2qxduadk3bmj5dobvoe5wnengzavax5pwsfr3bqbdrrcqa
+    - name: OPENSHIFT_RELEASE_IMAGE
+      value: "quay.io/openshift-release-dev/ocp-release:4.20.2-x86_64"
+    - name: BASE_DOMAIN
+      value: hyperfleet.local
+    - name: CPO_IMAGE
+      value: "quay.io/vkareh/control-plane-operator:1775859030"
+
+  # Mount the management cluster kubeconfig
+  extraVolumeMounts:
+    - name: hypershift-kubeconfig
+      mountPath: /etc/hypershift
+      readOnly: true
+
+  extraVolumes:
+    - name: hypershift-kubeconfig
+      secret:
+        secretName: hypershift-mgmt-kubeconfig
+
+  # RBAC is for the local CLM cluster only; remote access uses the mounted kubeconfig
+  rbac:
+    resources:
+      - configmaps