Add openshift specific files.

.github/workflows/multiarch-build.yaml

@@ -0,0 +1,10 @@
+name: Multiarch builds
+
+on:
+  push:
+    branches: ['release-v*']
+
+jobs:
+  multiarch-build:
+    uses: openshift-knative/hack/.github/workflows/multiarch-build.yaml@main
+    secrets: inherit

.ko.yaml

@@ -1,2 +1,2 @@
 # Use :nonroot base image for all containers
-defaultBaseImage: gcr.io/distroless/static:nonroot
+defaultBaseImage: registry.access.redhat.com/ubi8/ubi-minimal:latest

Makefile

@@ -0,0 +1,70 @@
+# This file is needed by kubebuilder but all functionality should exist inside
+# the hack/ files.
+
+CGO_ENABLED=0
+GOOS=linux
+# Ignore errors if there are no images.
+CONTROL_PLANE_IMAGES=./control-plane/cmd/kafka-controller ./control-plane/cmd/webhook-kafka ./control-plane/cmd/post-install
+TEST_IMAGES=$(shell find ./test/cmd ./test/test_images ./vendor/knative.dev/reconciler-test/cmd ./vendor/knative.dev/eventing/test/test_images -mindepth 1 -maxdepth 1 -type d 2> /dev/null)
+BRANCH=
+TEST=
+IMAGE=
+TEST_IMAGE_TAG ?= latest
+
+# Guess location of openshift/release repo. NOTE: override this if it is not correct.
+OPENSHIFT=${CURDIR}/../../github.com/openshift/release
+
+# Build and install commands.
+install:
+	for img in $(CONTROL_PLANE_IMAGES); do \
+		go install $$img ; \
+	done
+.PHONY: install
+
+test-install:
+	for img in $(TEST_IMAGES); do \
+		go install $$img ; \
+	done
+.PHONY: test-install
+
+test-e2e:
+	sh openshift/e2e-tests.sh
+.PHONY: test-e2e
+
+test-conformance:
+	sh openshift/e2e-conformance-tests.sh
+.PHONY: test-conformance
+
+test-reconciler:
+	sh openshift/e2e-rekt-tests.sh
+.PHONY: test-reconciler
+
+# Requires ko 0.2.0 or newer.
+# Target used by github actions.
+test-images:
+	for img in $(TEST_IMAGES); do \
+		KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko build --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -B $$img || \
+		KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko resolve --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -RBf $$img || exit $?; \
+	done
+.PHONY: test-images
+
+test-image-single:
+	KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko build --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -B test/test_images/$(IMAGE) || \
+	KO_DOCKER_REPO=$(DOCKER_REPO_OVERRIDE) ko resolve --tags=$(TEST_IMAGE_TAG) $(KO_FLAGS) -RBf test/test_images/$(IMAGE)
+.PHONY: test-image-single
+
+# Run make DOCKER_REPO_OVERRIDE=<your_repo> test-e2e-local if test images are available
+# in the given repository. Make sure you first build and push them there by running `make test-images`.
+# Run make BRANCH=<ci_promotion_name> test-e2e-local if test images from the latest CI
+# build for this branch should be used. Example: `make BRANCH=knative-v0.14.2 test-e2e-local`.
+# If neither DOCKER_REPO_OVERRIDE nor BRANCH are defined the tests will use test images
+# from the last nightly build.
+# If TEST is defined then only the single test will be run.
+test-e2e-local:
+	./openshift/e2e-tests-local.sh $(TEST)
+.PHONY: test-e2e-local
+
+# Generate an aggregated knative release yaml file, as well as a CI file with replaced image references
+generate-release:
+	./openshift/release/generate-release.sh $(RELEASE)
+.PHONY: generate-release

OWNERS

@@ -1,13 +1,18 @@
-# Sponsored by the Event Delivery WG
-# At least one WG lead from https://github.com/knative/community/blob/master/working-groups/WORKING-GROUPS.md#event-delivery
-# must be in the "approvers" list.
+# The OWNERS file is used by prow to automatically merge approved PRs.
+
 approvers:
-- technical-oversight-committee
-- knative-release-leads
-- eventing-writers
-- eventing-kafka-broker-approvers
+- alanfx
+- aliok
+- creydr
+- lberk
+- matzew
+- mgencur
+- pierDipi
+- warrenvw
 
 reviewers:
-- eventing-writers
-- eventing-kafka-broker-approvers
-- eventing-kafka-broker-reviewers
+- aliok
+- creydr
+- lberk
+- matzew
+- pierDipi

control-plane/config/eventing-kafka-broker/200-controller/500-controller.yaml

@@ -189,6 +189,4 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       restartPolicy: Always

control-plane/config/eventing-kafka-broker/200-webhook/500-webhook.yaml

@@ -89,8 +89,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
 
           ports:
             - name: https-webhook

control-plane/config/eventing-kafka-source/200-controller/500-controller.yaml

@@ -112,6 +112,4 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       restartPolicy: Always

control-plane/config/post-install/500-post-install-job.yaml

@@ -50,5 +50,3 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault

control-plane/config/post-install/500-storage-version-migrator.yaml

@@ -50,5 +50,3 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault

data-plane/config/broker/500-dispatcher.yaml

@@ -149,8 +149,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: config-kafka-broker-data-plane
           configMap:

data-plane/config/broker/500-receiver.yaml

@@ -160,8 +160,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: kafka-broker-brokers-triggers
           configMap:

data-plane/config/brokerv2/500-dispatcher.yaml

@@ -158,8 +158,6 @@ spec:
             capabilities:
               drop:
                 - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: config-kafka-broker-data-plane
           configMap:

data-plane/config/channel/500-dispatcher.yaml

@@ -149,8 +149,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: config-kafka-channel-data-plane
           configMap:

data-plane/config/channel/500-receiver.yaml

@@ -160,8 +160,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: kafka-channel-channels-subscriptions
           configMap:

data-plane/config/channelv2/500-dispatcher.yaml

@@ -158,8 +158,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: config-kafka-channel-data-plane
           configMap:

data-plane/config/sink/500-receiver.yaml

@@ -160,8 +160,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: kafka-sink-sinks
           configMap:

data-plane/config/source/500-dispatcher.yaml

@@ -121,16 +121,13 @@ spec:
             - name: WAIT_STARTUP_SECONDS
               value: "8"
             - name: JAVA_TOOL_OPTIONS
-              value: "-XX:+CrashOnOutOfMemoryError -XX:InitialRAMPercentage=70.0 -XX:MinRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0"
+              value: "-XX:+CrashOnOutOfMemoryError"
 
           resources:
             requests:
               cpu: 1000m
               # 600Mi for virtual replicas + 100Mi overhead
               memory: 700Mi
-            limits:
-              cpu: 2000m
-              memory: 1000Mi
 
           livenessProbe:
             failureThreshold: 3
@@ -158,8 +155,6 @@ spec:
             capabilities:
               drop:
               - ALL
-            seccompProfile:
-              type: RuntimeDefault
       volumes:
         - name: config-kafka-source-data-plane
           configMap:

hack/update-checksums.sh

@@ -26,7 +26,6 @@ fi
 
 source $(dirname $0)/../vendor/knative.dev/hack/library.sh
 
-go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-tracing.yaml
 go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-logging.yaml
 go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-kafka-leader-election.yaml
 go run "${REPO_ROOT_DIR}/vendor/knative.dev/pkg/configmap/hash-gen" "${REPO_ROOT_DIR}"/control-plane/config/eventing-kafka-broker/200-controller/100-config-kafka-features.yaml

openshift/ci-operator/build-image/Dockerfile

@@ -0,0 +1,28 @@
+# DO NOT EDIT! Generated Dockerfile.
+
+# Dockerfile to bootstrap build and test in openshift-ci
+FROM registry.ci.openshift.org/openshift/release:golang-1.19 as builder
+
+RUN echo "[kubernetes]" >> /etc/yum.repos.d/kubernetes.repo && \
+    echo "name=Kubernetes" >> /etc/yum.repos.d/kubernetes.repo && \
+    echo "baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64" >> /etc/yum.repos.d/kubernetes.repo && \
+    echo "enabled=1" >> /etc/yum.repos.d/kubernetes.repo && \
+    echo "gpgcheck=1" >> /etc/yum.repos.d/kubernetes.repo && \
+    echo "repo_gpgcheck=0" >> /etc/yum.repos.d/kubernetes.repo && \
+    echo "gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" >> /etc/yum.repos.d/kubernetes.repo
+
+RUN yum install -y kubectl httpd-tools
+
+RUN wget https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \
+    chmod 700 ./get-helm-3
+
+RUN ./get-helm-3 --version v3.11.3 --no-sudo && helm version
+
+RUN GOFLAGS='' go install github.com/mikefarah/yq/v3@latest
+
+# go install creates $GOPATH/.cache with root permissions, we delete it here
+# to avoid permission issues with the runtime users
+RUN rm -rf $GOPATH/.cache
+
+# Allow runtime users to add entries to /etc/passwd
+RUN chmod g+rw /etc/passwd

openshift/ci-operator/knative-images/event_display/Dockerfile

@@ -0,0 +1,20 @@
+# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/cmd/event_display.
+FROM registry.ci.openshift.org/openshift/release:golang-1.19 as builder
+
+COPY . .
+
+RUN mkdir -p /var/run/ko && \
+    mkdir -p vendor/knative.dev/eventing/cmd/event_display/kodata && \
+    go build -o /usr/bin/main ./vendor/knative.dev/eventing/cmd/event_display && \
+    cp -r vendor/knative.dev/eventing/cmd/event_display/kodata /var/run/ko
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal
+
+# install the missing zoneinfo to ubi-minimal
+RUN microdnf install tzdata
+
+USER 65532
+
+COPY --from=builder /usr/bin/main /usr/bin/main
+COPY --from=builder /var/run/ko /var/run/ko
+ENTRYPOINT ["/usr/bin/main"]

openshift/ci-operator/knative-images/heartbeats/Dockerfile

@@ -0,0 +1,20 @@
+# DO NOT EDIT! Generated Dockerfile for vendor/knative.dev/eventing/cmd/heartbeats.
+FROM registry.ci.openshift.org/openshift/release:golang-1.19 as builder
+
+COPY . .
+
+RUN mkdir -p /var/run/ko && \
+    mkdir -p vendor/knative.dev/eventing/cmd/heartbeats/kodata && \
+    go build -o /usr/bin/main ./vendor/knative.dev/eventing/cmd/heartbeats && \
+    cp -r vendor/knative.dev/eventing/cmd/heartbeats/kodata /var/run/ko
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal
+
+# install the missing zoneinfo to ubi-minimal
+RUN microdnf install tzdata
+
+USER 65532
+
+COPY --from=builder /usr/bin/main /usr/bin/main
+COPY --from=builder /var/run/ko /var/run/ko
+ENTRYPOINT ["/usr/bin/main"]

openshift/ci-operator/knative-images/kafka-controller/Dockerfile

@@ -0,0 +1,20 @@
+# DO NOT EDIT! Generated Dockerfile for control-plane/cmd/kafka-controller.
+FROM registry.ci.openshift.org/openshift/release:golang-1.19 as builder
+
+COPY . .
+
+RUN mkdir -p /var/run/ko && \
+    mkdir -p control-plane/cmd/kafka-controller/kodata && \
+    go build -o /usr/bin/main ./control-plane/cmd/kafka-controller && \
+    cp -r control-plane/cmd/kafka-controller/kodata /var/run/ko
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal
+
+# install the missing zoneinfo to ubi-minimal
+RUN microdnf install tzdata
+
+USER 65532
+
+COPY --from=builder /usr/bin/main /usr/bin/main
+COPY --from=builder /var/run/ko /var/run/ko
+ENTRYPOINT ["/usr/bin/main"]