Ibio (#591)

* ibio

Signed-off-by: Cameron Wall <[email protected]>

* ibio chart

Signed-off-by: Cameron Wall <[email protected]>

* rbac

Signed-off-by: Cameron Wall <[email protected]>

* rbac

Signed-off-by: Cameron Wall <[email protected]>

* auto

Signed-off-by: Cameron Wall <[email protected]>

---------

Signed-off-by: Cameron Wall <[email protected]>

api/v1/multiclusterengine_methods.go

@@ -35,6 +35,7 @@ const (
 	ManagedServiceAccount        = "managedserviceaccount"
 	ManagedServiceAccountPreview = "managedserviceaccount-preview"
 	ServerFoundation             = "server-foundation"
+	ImageBasedInstallOperator    = "image-based-install-operator"
 )
 
 var allComponents = []string{
@@ -52,6 +53,7 @@ var allComponents = []string{
 	ManagedServiceAccount,
 	ManagedServiceAccountPreview,
 	ServerFoundation,
+	ImageBasedInstallOperator,
 }
 
 // MCEComponents is a slice containing component names specific to the "MCE" category.
@@ -67,6 +69,7 @@ var MCEComponents = []string{
 	HypershiftLocalHosting,
 	ManagedServiceAccount,
 	ServerFoundation,
+	ImageBasedInstallOperator,
 }
 
 var LegacyPrometheusKind = []string{"PrometheusRule", "ServiceMonitor"}

config/rbac/role.yaml

@@ -1630,6 +1630,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - extensions.hive.openshift.io
+  resources:
+  - imageclusterinstalls
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - extensions.hive.openshift.io
+  resources:
+  - imageclusterinstalls/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - extensions.hive.openshift.io
+  resources:
+  - imageclusterinstalls/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - flowcontrol.apiserver.k8s.io
   resources:

controllers/backplaneconfig_controller.go

@@ -759,6 +759,24 @@ func (r *MultiClusterEngineReconciler) ensureToggleableComponents(ctx context.Co
 		}
 	}
 
+	if backplaneConfig.Enabled(backplanev1.ImageBasedInstallOperator) {
+		result, err := r.ensureImageBasedInstallOperator(ctx, backplaneConfig)
+		if result != (ctrl.Result{}) {
+			requeue = true
+		}
+		if err != nil {
+			errs[backplanev1.ImageBasedInstallOperator] = err
+		}
+	} else {
+		result, err := r.ensureNoImageBasedInstallOperator(ctx, backplaneConfig)
+		if result != (ctrl.Result{}) {
+			requeue = true
+		}
+		if err != nil {
+			errs[backplanev1.ImageBasedInstallOperator] = err
+		}
+	}
+
 	if backplaneConfig.Enabled(backplanev1.HyperShift) {
 		result, err := r.ensureHyperShift(ctx, backplaneConfig)
 		if result != (ctrl.Result{}) {

controllers/toggle_components.go

@@ -559,6 +559,64 @@ func (r *MultiClusterEngineReconciler) ensureNoServerFoundation(ctx context.Cont
 	return ctrl.Result{}, nil
 }
 
+func (r *MultiClusterEngineReconciler) ensureImageBasedInstallOperator(ctx context.Context, backplaneConfig *backplanev1.MultiClusterEngine) (ctrl.Result, error) {
+	targetNamespace := backplaneConfig.Spec.TargetNamespace
+
+	namespacedName := types.NamespacedName{Name: "image-based-install-operator", Namespace: targetNamespace}
+	r.StatusManager.RemoveComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{}))
+	r.StatusManager.AddComponent(toggle.EnabledStatus(namespacedName))
+
+	log := log.Log.WithName("reconcile")
+
+	templates, errs := renderer.RenderChartWithNamespace(toggle.ImageBasedInstallOperatorChartDir, backplaneConfig, r.Images, targetNamespace)
+	if len(errs) > 0 {
+		for _, err := range errs {
+			log.Info(err.Error())
+		}
+		return ctrl.Result{RequeueAfter: requeuePeriod}, nil
+	}
+
+	// Applies all templates
+	for _, template := range templates {
+		applyReleaseVersionAnnotation(template)
+		result, err := r.applyTemplate(ctx, backplaneConfig, template)
+		if err != nil {
+			return result, err
+		}
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *MultiClusterEngineReconciler) ensureNoImageBasedInstallOperator(ctx context.Context, backplaneConfig *backplanev1.MultiClusterEngine) (ctrl.Result, error) {
+	targetNamespace := backplaneConfig.Spec.TargetNamespace
+	namespacedName := types.NamespacedName{Name: "image-based-install-operator", Namespace: targetNamespace}
+
+	log := log.Log.WithName("reconcile")
+
+	// Renders all templates from charts
+	templates, errs := renderer.RenderChartWithNamespace(toggle.ImageBasedInstallOperatorChartDir, backplaneConfig, r.Images, targetNamespace)
+	if len(errs) > 0 {
+		for _, err := range errs {
+			log.Info(err.Error())
+		}
+		return ctrl.Result{RequeueAfter: requeuePeriod}, nil
+	}
+
+	r.StatusManager.RemoveComponent(toggle.EnabledStatus(namespacedName))
+	r.StatusManager.AddComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{}))
+
+	// Deletes all templates
+	for _, template := range templates {
+		result, err := r.deleteTemplate(ctx, backplaneConfig, template)
+		if err != nil {
+			log.Error(err, fmt.Sprintf("Failed to delete template: %s", template.GetName()))
+			return result, err
+		}
+	}
+	return ctrl.Result{}, nil
+}
+
 func (r *MultiClusterEngineReconciler) ensureClusterLifecycle(ctx context.Context, backplaneConfig *backplanev1.MultiClusterEngine) (ctrl.Result, error) {
 	namespacedName := types.NamespacedName{Name: "cluster-curator-controller", Namespace: backplaneConfig.Spec.TargetNamespace}
 	r.StatusManager.RemoveComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{}))

hack/bundle-automation/config.yaml

@@ -7,6 +7,17 @@
   imageMappings:
     hive: openshift_hive
 
+
+- repo_name: image-based-install-operator
+  github_ref: "https://github.com/openshift/image-based-install-operator.git"
+  branch: "main"
+  operators:
+    - name: image-based-install-operator
+      bundlePath: "bundle/manifests/"
+      imageMappings:
+        controller: image_based_install_operator
+
+
 - repo_name: assisted-service
   github_ref: "https://github.com/openshift/assisted-service.git"
   branch: "release-ocm-2.10"

hack/scripts/dev-update-image-references.py

@@ -13,7 +13,7 @@ def getLatestManifest():
     if os.path.exists(pipelineDir):
         shutil.rmtree(pipelineDir)
     repo = Repo.clone_from("https://github.com/stolostron/backplane-pipeline.git", pipelineDir)
-    repo.git.checkout("2.4-integration")
+    repo.git.checkout("2.5-integration")
     manifests = glob.glob('bin/pipeline/snapshots/manifest-*.json')
     manifests.sort()
     return manifests[-1]

pkg/templates/charts/toggle/image-based-install-operator/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 2.5.0
+description: A Helm chart for Kubernetes
+name: image-based-install-operator
+type: application
+version: 2.5.0

pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrole.yaml

@@ -0,0 +1,71 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager'
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - extensions.hive.openshift.io
+  resources:
+  - imageclusterinstalls
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - extensions.hive.openshift.io
+  resources:
+  - imageclusterinstalls/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - extensions.hive.openshift.io
+  resources:
+  - imageclusterinstalls/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - hive.openshift.io
+  resources:
+  - clusterdeployments
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - hive.openshift.io
+  resources:
+  - clusterimagesets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - metal3.io
+  resources:
+  - baremetalhosts
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch

pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager'
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: '{{ .Values.global.namespace }}'

pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-role.yaml

@@ -0,0 +1,36 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager'
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - create
+  - patch

pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-rolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager'
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: '{{ .Values.global.namespace }}'

pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller-manager

pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-config_v1_service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: ibi-config-serving-certs
+  creationTimestamp: null
+  name: image-based-install-config
+spec:
+  ports:
+  - name: config-server
+    port: 8000
+    protocol: TCP
+    targetPort: 0
+  selector:
+    app: image-based-install-operator
+status:
+  loadBalancer: {}