Make container image configurable

ondat · Feb 14, 2023 · 6e9b38d · 6e9b38d
1 parent 617a03e
commit 6e9b38d
Show file tree

Hide file tree

Showing 14 changed files with 506 additions and 159 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -34,13 +34,29 @@ jobs:
     uses: ./.github/workflows/_docker-build.yml
     needs: [test, golangci-lint, gosec-scanning]
 
+  job-image-build:
+    run: |
+      ORIGINAL=$(grep -r "var JobImage" pkg/utils/ | head -1 | cut -d\" -f2)
+      docker pull ${ORIGINAL}
+      docker tag ${ORIGINAL} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-job:${{ env.IMAGE_TAG }}
+      docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-job:${{ env.IMAGE_TAG }}
+    needs: image-build
+
+  proxy-image-build:
+    run: |
+      ORIGINAL=$(grep -r "var ProxyImage" pkg/utils/ | head -1 | cut -d\" -f2)
+      docker pull ${ORIGINAL}
+      docker tag ${ORIGINAL} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-proxy:${{ env.IMAGE_TAG }}
+      docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-proxy:${{ env.IMAGE_TAG }}
+    needs: image-build
+
   image-vulnerability-scan:
     uses: ./.github/workflows/_trivy.yml
     needs: image-build
 
   kuttl:
     uses: ./.github/workflows/_kuttl.yml
-    needs: image-build
+    needs: [image-build, job-image-build, proxy-image-build]
 
   auto-pre-release:
     if: startsWith(github.ref, 'refs/tags/v') && (contains(github.ref_name, '-alpha.') || contains(github.ref_name, '-beta.'))

diff --git a/api/config.discoblocks.io/v1/groupversion_info.go b/api/config.discoblocks.io/v1/groupversion_info.go
@@ -0,0 +1,20 @@
+// Package v1 contains API Schema definitions for the config.discoblocks.io v1 API group
+// +kubebuilder:object:generate=true
+// +groupName=config.discoblocks.io
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "config.discoblocks.io", Version: "v1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
diff --git a/api/config.discoblocks.io/v1/operatorconfig_types.go b/api/config.discoblocks.io/v1/operatorconfig_types.go
@@ -0,0 +1,38 @@
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1"
+)
+
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// OperatorConfig is the Schema for the operatorconfigs API
+type OperatorConfig struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	cfg.ControllerManagerConfigurationSpec `json:",inline"`
+
+	// SupportedCsiDrivers list of supported CSI driver IDs
+	SupportedCsiDrivers []string `json:"supportedCsiDrivers,omitempty"`
+
+	// JobContainerImage is the container image for volume management operations
+	JobContainerImage string `json:"jobContainerImage,omitempty"`
+
+	// JobContainerImage is the container image of volume metrics sidecar
+	ProxyContainerImage string `json:"proxyContainerImage,omitempty"`
+
+	// SchedulerStrictMode defines scheduler's behavior on case of Discoblock errors
+	SchedulerStrictMode bool `json:"schedulerStrictMode,omitempty"`
+
+	// MutatorStrictMode defines mutator's behavior on case of Discoblock errors
+	MutatorStrictMode bool `json:"mutatorStrictMode,omitempty"`
+}
+
+func init() {
+	SchemeBuilder.Register(&OperatorConfig{})
+}
diff --git a/api/config.discoblocks.io/v1/zz_generated.deepcopy.go b/api/config.discoblocks.io/v1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/config.discoblocks.io_operatorconfigs.yaml b/config/crd/bases/config.discoblocks.io_operatorconfigs.yaml
@@ -0,0 +1,203 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  name: operatorconfigs.config.discoblocks.io
+spec:
+  group: config.discoblocks.io
+  names:
+    kind: OperatorConfig
+    listKind: OperatorConfigList
+    plural: operatorconfigs
+    singular: operatorconfig
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: OperatorConfig is the Schema for the operatorconfigs API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          cacheNamespace:
+            description: "CacheNamespace if specified restricts the manager's cache
+              to watch objects in the desired namespace Defaults to all namespaces
+              \n Note: If a namespace is specified, controllers can still Watch for
+              a cluster-scoped resource (e.g Node).  For namespaced resources the
+              cache will only hold objects from the desired namespace."
+            type: string
+          controller:
+            description: Controller contains global configuration options for controllers
+              registered within this manager.
+            properties:
+              cacheSyncTimeout:
+                description: CacheSyncTimeout refers to the time limit set to wait
+                  for syncing caches. Defaults to 2 minutes if not set.
+                format: int64
+                type: integer
+              groupKindConcurrency:
+                additionalProperties:
+                  type: integer
+                description: "GroupKindConcurrency is a map from a Kind to the number
+                  of concurrent reconciliation allowed for that controller. \n When
+                  a controller is registered within this manager using the builder
+                  utilities, users have to specify the type the controller reconciles
+                  in the For(...) call. If the object's kind passed matches one of
+                  the keys in this map, the concurrency for that controller is set
+                  to the number specified. \n The key is expected to be consistent
+                  in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless
+                  of version) would be `ReplicaSet.apps`."
+                type: object
+            type: object
+          gracefulShutDown:
+            description: GracefulShutdownTimeout is the duration given to runnable
+              to stop before the manager actually returns on stop. To disable graceful
+              shutdown, set to time.Duration(0) To use graceful shutdown without timeout,
+              set to a negative duration, e.G. time.Duration(-1) The graceful shutdown
+              is skipped for safety reasons in case the leader election lease is lost.
+            type: string
+          health:
+            description: Health contains the controller health configuration
+            properties:
+              healthProbeBindAddress:
+                description: HealthProbeBindAddress is the TCP address that the controller
+                  should bind to for serving health probes
+                type: string
+              livenessEndpointName:
+                description: LivenessEndpointName, defaults to "healthz"
+                type: string
+              readinessEndpointName:
+                description: ReadinessEndpointName, defaults to "readyz"
+                type: string
+            type: object
+          jobContainerImage:
+            description: JobContainerImage is the container image for volume management
+              operations
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          leaderElection:
+            description: LeaderElection is the LeaderElection config to be used when
+              configuring the manager.Manager leader election
+            properties:
+              leaderElect:
+                description: leaderElect enables a leader election client to gain
+                  leadership before executing the main loop. Enable this when running
+                  replicated components for high availability.
+                type: boolean
+              leaseDuration:
+                description: leaseDuration is the duration that non-leader candidates
+                  will wait after observing a leadership renewal until attempting
+                  to acquire leadership of a led but unrenewed leader slot. This is
+                  effectively the maximum duration that a leader can be stopped before
+                  it is replaced by another candidate. This is only applicable if
+                  leader election is enabled.
+                type: string
+              renewDeadline:
+                description: renewDeadline is the interval between attempts by the
+                  acting master to renew a leadership slot before it stops leading.
+                  This must be less than or equal to the lease duration. This is only
+                  applicable if leader election is enabled.
+                type: string
+              resourceLock:
+                description: resourceLock indicates the resource object type that
+                  will be used to lock during leader election cycles.
+                type: string
+              resourceName:
+                description: resourceName indicates the name of resource object that
+                  will be used to lock during leader election cycles.
+                type: string
+              resourceNamespace:
+                description: resourceName indicates the namespace of resource object
+                  that will be used to lock during leader election cycles.
+                type: string
+              retryPeriod:
+                description: retryPeriod is the duration the clients should wait between
+                  attempting acquisition and renewal of a leadership. This is only
+                  applicable if leader election is enabled.
+                type: string
+            required:
+            - leaderElect
+            - leaseDuration
+            - renewDeadline
+            - resourceLock
+            - resourceName
+            - resourceNamespace
+            - retryPeriod
+            type: object
+          metadata:
+            type: object
+          metrics:
+            description: Metrics contains thw controller metrics configuration
+            properties:
+              bindAddress:
+                description: BindAddress is the TCP address that the controller should
+                  bind to for serving prometheus metrics. It can be set to "0" to
+                  disable the metrics serving.
+                type: string
+            type: object
+          mutatorStrictMode:
+            description: MutatorStrictMode defines mutator's behavior on case of Discoblock
+              errors
+            type: boolean
+          proxyContainerImage:
+            description: JobContainerImage is the container image of volume metrics
+              sidecar
+            type: string
+          schedulerStrictMode:
+            description: SchedulerStrictMode defines scheduler's behavior on case
+              of Discoblock errors
+            type: boolean
+          supportedCsiDrivers:
+            description: SupportedCsiDrivers list of supported CSI driver IDs
+            items:
+              type: string
+            type: array
+          syncPeriod:
+            description: SyncPeriod determines the minimum frequency at which watched
+              resources are reconciled. A lower period will correct entropy more quickly,
+              but reduce responsiveness to change if there are many watched resources.
+              Change this value only if you know what you are doing. Defaults to 10
+              hours if unset. there will a 10 percent jitter between the SyncPeriod
+              of all controllers so that all controllers will not send list requests
+              simultaneously.
+            type: string
+          webhook:
+            description: Webhook contains the controllers webhook configuration
+            properties:
+              certDir:
+                description: CertDir is the directory that contains the server key
+                  and certificate. if not set, webhook server would look up the server
+                  key and certificate in {TempDir}/k8s-webhook-server/serving-certs.
+                  The server key and certificate must be named tls.key and tls.crt,
+                  respectively.
+                type: string
+              host:
+                description: Host is the hostname that the webhook server binds to.
+                  It is used to set webhook.Server.Host.
+                type: string
+              port:
+                description: Port is the port that the webhook server serves at. It
+                  is used to set webhook.Server.Port.
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -33,7 +33,7 @@ patchesStrategicMerge:
 
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
-#- manager_config_patch.yaml
+- manager_config_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
@@ -73,14 +73,3 @@ vars:
     kind: Service
     version: v1
     name: webhook-service
-patches:
-  - patch: |-
-      - op: replace
-        path: "/spec/template/spec/containers/0/env/0"
-        value:
-          name: SUPPORTED_CSI_DRIVERS
-          value: "ebs.csi.aws.com,csi.storageos.com"
-    target:
-      kind: Deployment
-      namespace: system
-      name: controller-manager
diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml
@@ -1,11 +1,14 @@
 apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
 kind: ControllerManagerConfig
 health:
+  bindAddress: :8080
   healthProbeBindAddress: :8081
 metrics:
   bindAddress: 127.0.0.1:8080
 webhook:
   port: 9443
-leaderElection:
-  leaderElect: true
-  resourceName: 49ccccaf.discoblocks.ondat.io
+supportedCsiDrivers: ebs.csi.aws.com,csi.storageos.com
+jobContainerImage: nixery.dev/shell/gawk/gnugrep/gnused/coreutils-full/cri-tools/docker-client/nerdctl/nvme-cli
+proxyContainerImage: nixery.dev/shell/frp
+schedulerStrictMode: true
+mutatorStrictMode: true