diff --git a/api/v1/multiclusterengine_methods.go b/api/v1/multiclusterengine_methods.go index 6d618035..a6fc6cdc 100644 --- a/api/v1/multiclusterengine_methods.go +++ b/api/v1/multiclusterengine_methods.go @@ -35,6 +35,7 @@ const ( ManagedServiceAccount = "managedserviceaccount" ManagedServiceAccountPreview = "managedserviceaccount-preview" ServerFoundation = "server-foundation" + ImageBasedInstallOperator = "image-based-install-operator" ) var allComponents = []string{ @@ -52,6 +53,7 @@ var allComponents = []string{ ManagedServiceAccount, ManagedServiceAccountPreview, ServerFoundation, + ImageBasedInstallOperator, } // MCEComponents is a slice containing component names specific to the "MCE" category. @@ -67,6 +69,7 @@ var MCEComponents = []string{ HypershiftLocalHosting, ManagedServiceAccount, ServerFoundation, + ImageBasedInstallOperator, } var LegacyPrometheusKind = []string{"PrometheusRule", "ServiceMonitor"} diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b0b5e22f..7c965a75 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1630,6 +1630,32 @@ rules: - get - patch - update +- apiGroups: + - extensions.hive.openshift.io + resources: + - imageclusterinstalls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions.hive.openshift.io + resources: + - imageclusterinstalls/finalizers + verbs: + - update +- apiGroups: + - extensions.hive.openshift.io + resources: + - imageclusterinstalls/status + verbs: + - get + - patch + - update - apiGroups: - flowcontrol.apiserver.k8s.io resources: diff --git a/controllers/backplaneconfig_controller.go b/controllers/backplaneconfig_controller.go index e6695de1..0084e464 100644 --- a/controllers/backplaneconfig_controller.go +++ b/controllers/backplaneconfig_controller.go @@ -759,6 +759,24 @@ func (r *MultiClusterEngineReconciler) ensureToggleableComponents(ctx context.Co } } + if backplaneConfig.Enabled(backplanev1.ImageBasedInstallOperator) { + result, err := r.ensureImageBasedInstallOperator(ctx, backplaneConfig) + if result != (ctrl.Result{}) { + requeue = true + } + if err != nil { + errs[backplanev1.ImageBasedInstallOperator] = err + } + } else { + result, err := r.ensureNoImageBasedInstallOperator(ctx, backplaneConfig) + if result != (ctrl.Result{}) { + requeue = true + } + if err != nil { + errs[backplanev1.ImageBasedInstallOperator] = err + } + } + if backplaneConfig.Enabled(backplanev1.HyperShift) { result, err := r.ensureHyperShift(ctx, backplaneConfig) if result != (ctrl.Result{}) { diff --git a/controllers/toggle_components.go b/controllers/toggle_components.go index ab9b6b58..282528a6 100644 --- a/controllers/toggle_components.go +++ b/controllers/toggle_components.go @@ -559,6 +559,64 @@ func (r *MultiClusterEngineReconciler) ensureNoServerFoundation(ctx context.Cont return ctrl.Result{}, nil } +func (r *MultiClusterEngineReconciler) ensureImageBasedInstallOperator(ctx context.Context, backplaneConfig *backplanev1.MultiClusterEngine) (ctrl.Result, error) { + targetNamespace := backplaneConfig.Spec.TargetNamespace + + namespacedName := types.NamespacedName{Name: "image-based-install-operator", Namespace: targetNamespace} + r.StatusManager.RemoveComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{})) + r.StatusManager.AddComponent(toggle.EnabledStatus(namespacedName)) + + log := log.Log.WithName("reconcile") + + templates, errs := renderer.RenderChartWithNamespace(toggle.ImageBasedInstallOperatorChartDir, backplaneConfig, r.Images, targetNamespace) + if len(errs) > 0 { + for _, err := range errs { + log.Info(err.Error()) + } + return ctrl.Result{RequeueAfter: requeuePeriod}, nil + } + + // Applies all templates + for _, template := range templates { + applyReleaseVersionAnnotation(template) + result, err := r.applyTemplate(ctx, backplaneConfig, template) + if err != nil { + return result, err + } + } + + return ctrl.Result{}, nil +} + +func (r *MultiClusterEngineReconciler) ensureNoImageBasedInstallOperator(ctx context.Context, backplaneConfig *backplanev1.MultiClusterEngine) (ctrl.Result, error) { + targetNamespace := backplaneConfig.Spec.TargetNamespace + namespacedName := types.NamespacedName{Name: "image-based-install-operator", Namespace: targetNamespace} + + log := log.Log.WithName("reconcile") + + // Renders all templates from charts + templates, errs := renderer.RenderChartWithNamespace(toggle.ImageBasedInstallOperatorChartDir, backplaneConfig, r.Images, targetNamespace) + if len(errs) > 0 { + for _, err := range errs { + log.Info(err.Error()) + } + return ctrl.Result{RequeueAfter: requeuePeriod}, nil + } + + r.StatusManager.RemoveComponent(toggle.EnabledStatus(namespacedName)) + r.StatusManager.AddComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{})) + + // Deletes all templates + for _, template := range templates { + result, err := r.deleteTemplate(ctx, backplaneConfig, template) + if err != nil { + log.Error(err, fmt.Sprintf("Failed to delete template: %s", template.GetName())) + return result, err + } + } + return ctrl.Result{}, nil +} + func (r *MultiClusterEngineReconciler) ensureClusterLifecycle(ctx context.Context, backplaneConfig *backplanev1.MultiClusterEngine) (ctrl.Result, error) { namespacedName := types.NamespacedName{Name: "cluster-curator-controller", Namespace: backplaneConfig.Spec.TargetNamespace} r.StatusManager.RemoveComponent(toggle.DisabledStatus(namespacedName, []*unstructured.Unstructured{})) diff --git a/hack/bundle-automation/config.yaml b/hack/bundle-automation/config.yaml index bbbf8b23..aabbf0ca 100644 --- a/hack/bundle-automation/config.yaml +++ b/hack/bundle-automation/config.yaml @@ -7,6 +7,17 @@ imageMappings: hive: openshift_hive + +- repo_name: image-based-install-operator + github_ref: "https://github.com/openshift/image-based-install-operator.git" + branch: "main" + operators: + - name: image-based-install-operator + bundlePath: "bundle/manifests/" + imageMappings: + controller: image_based_install_operator + + - repo_name: assisted-service github_ref: "https://github.com/openshift/assisted-service.git" branch: "release-ocm-2.10" diff --git a/hack/scripts/dev-update-image-references.py b/hack/scripts/dev-update-image-references.py index 0eef7d21..3f8c6874 100755 --- a/hack/scripts/dev-update-image-references.py +++ b/hack/scripts/dev-update-image-references.py @@ -13,7 +13,7 @@ def getLatestManifest(): if os.path.exists(pipelineDir): shutil.rmtree(pipelineDir) repo = Repo.clone_from("https://github.com/stolostron/backplane-pipeline.git", pipelineDir) - repo.git.checkout("2.4-integration") + repo.git.checkout("2.5-integration") manifests = glob.glob('bin/pipeline/snapshots/manifest-*.json') manifests.sort() return manifests[-1] diff --git a/pkg/templates/charts/toggle/image-based-install-operator/Chart.yaml b/pkg/templates/charts/toggle/image-based-install-operator/Chart.yaml new file mode 100644 index 00000000..13763500 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 2.5.0 +description: A Helm chart for Kubernetes +name: image-based-install-operator +type: application +version: 2.5.0 diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrole.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrole.yaml new file mode 100644 index 00000000..36e9f414 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrole.yaml @@ -0,0 +1,71 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager' +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions.hive.openshift.io + resources: + - imageclusterinstalls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions.hive.openshift.io + resources: + - imageclusterinstalls/finalizers + verbs: + - update +- apiGroups: + - extensions.hive.openshift.io + resources: + - imageclusterinstalls/status + verbs: + - get + - patch + - update +- apiGroups: + - hive.openshift.io + resources: + - clusterdeployments + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - hive.openshift.io + resources: + - clusterimagesets + verbs: + - get + - list + - watch +- apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - get + - list + - patch + - update + - watch diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrolebinding.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrolebinding.yaml new file mode 100644 index 00000000..f9295df8 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager' +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: '{{ .Values.global.namespace }}' diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-role.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-role.yaml new file mode 100644 index 00000000..7c2e1c87 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager' +rules: +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-rolebinding.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-rolebinding.yaml new file mode 100644 index 00000000..9f8ac945 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ .Values.org }}:{{ .Chart.Name }}:controller-manager' +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: '{{ .Values.global.namespace }}' diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-serviceaccount.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-serviceaccount.yaml new file mode 100644 index 00000000..69ece2e4 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/controller-manager-serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-config_v1_service.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-config_v1_service.yaml new file mode 100644 index 00000000..877601cb --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-config_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: ibi-config-serving-certs + creationTimestamp: null + name: image-based-install-config +spec: + ports: + - name: config-server + port: 8000 + protocol: TCP + targetPort: 0 + selector: + app: image-based-install-operator +status: + loadBalancer: {} diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-operator.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-operator.yaml new file mode 100644 index 00000000..588304fc --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/image-based-install-operator.yaml @@ -0,0 +1,175 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: image-based-install-operator +spec: + replicas: 1 + selector: + matchLabels: + app: image-based-install-operator + strategy: {} + template: + metadata: + labels: + app: image-based-install-operator + ocm-antiaffinity-selector: image-based-install-operator + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: ocm-antiaffinity-selector + operator: In + values: + - image-based-install-operator + topologyKey: topology.kubernetes.io/zone + weight: 70 + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: ocm-antiaffinity-selector + operator: In + values: + - image-based-install-operator + topologyKey: kubernetes.io/hostname + weight: 35 + containers: + - args: + - --leader-elect + command: + - /manager + env: +{{- if .Values.hubconfig.proxyConfigs }} + - name: HTTP_PROXY + value: {{ .Values.hubconfig.proxyConfigs.HTTP_PROXY }} + - name: HTTPS_PROXY + value: {{ .Values.hubconfig.proxyConfigs.HTTPS_PROXY }} + - name: NO_PROXY + value: {{ .Values.hubconfig.proxyConfigs.NO_PROXY }} +{{- end }} + - name: SERVICE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_NAME + value: image-based-install-config + - name: SERVICE_PORT + value: '8000' + - name: SERVICE_SCHEME + value: https + image: '{{ .Values.global.imageOverrides.image_based_install_operator }}' + imagePullPolicy: '{{ .Values.global.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /webhook-certs + name: webhook-certs + - command: + - /server + env: +{{- if .Values.hubconfig.proxyConfigs }} + - name: HTTP_PROXY + value: {{ .Values.hubconfig.proxyConfigs.HTTP_PROXY }} + - name: HTTPS_PROXY + value: {{ .Values.hubconfig.proxyConfigs.HTTPS_PROXY }} + - name: NO_PROXY + value: {{ .Values.hubconfig.proxyConfigs.NO_PROXY }} +{{- end }} + - name: HTTPS_KEY_FILE + value: /certs/tls.key + - name: HTTPS_CERT_FILE + value: /certs/tls.crt + - name: PORT + value: '8000' + image: '{{ .Values.global.imageOverrides.image_based_install_operator }}' + imagePullPolicy: '{{ .Values.global.pullPolicy }}' + name: server + ports: + - containerPort: 8000 + name: config-server + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /certs + name: certs + hostIPC: false + hostNetwork: false + hostPID: false +{{- if .Values.global.pullSecret }} + imagePullSecrets: + - name: {{ .Values.global.pullSecret }} +{{- end }} +{{- with .Values.hubconfig.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} +{{- end }} + securityContext: + runAsNonRoot: true +{{- if semverCompare ">=4.11.0" .Values.hubconfig.ocpVersion }} + seccompProfile: + type: RuntimeDefault +{{- end }} + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 +{{- with .Values.hubconfig.tolerations }} + tolerations: + {{- range . }} + - {{ if .Key }} key: {{ .Key }} {{- end }} + {{ if .Operator }} operator: {{ .Operator }} {{- end }} + {{ if .Value }} value: {{ .Value }} {{- end }} + {{ if .Effect }} effect: {{ .Effect }} {{- end }} + {{ if .TolerationSeconds }} tolerationSeconds: {{ .TolerationSeconds }} {{- end }} + {{- end }} +{{- end }} + volumes: + - emptyDir: {} + name: data + - name: certs + secret: + secretName: ibi-config-serving-certs + - name: webhook-certs + secret: + secretName: webhook-certs diff --git a/pkg/templates/charts/toggle/image-based-install-operator/templates/webhook-service_v1_service.yaml b/pkg/templates/charts/toggle/image-based-install-operator/templates/webhook-service_v1_service.yaml new file mode 100644 index 00000000..61d00594 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/templates/webhook-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: webhook-certs + creationTimestamp: null + name: webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app: image-based-install-operator +status: + loadBalancer: {} diff --git a/pkg/templates/charts/toggle/image-based-install-operator/values.yaml b/pkg/templates/charts/toggle/image-based-install-operator/values.yaml new file mode 100644 index 00000000..17591ab8 --- /dev/null +++ b/pkg/templates/charts/toggle/image-based-install-operator/values.yaml @@ -0,0 +1,11 @@ +global: + imageOverrides: + image_based_install_operator: '' + namespace: default + pullSecret: null +hubconfig: + nodeSelector: null + proxyConfigs: {} + replicaCount: 1 + tolerations: [] +org: open-cluster-management diff --git a/pkg/templates/crds/image-based-install-operator/extensions.hive.openshift.io_imageclusterinstalls.yaml b/pkg/templates/crds/image-based-install-operator/extensions.hive.openshift.io_imageclusterinstalls.yaml new file mode 100644 index 00000000..1b9e3236 --- /dev/null +++ b/pkg/templates/crds/image-based-install-operator/extensions.hive.openshift.io_imageclusterinstalls.yaml @@ -0,0 +1,329 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + labels: + contracts.hive.openshift.io/clusterinstall: "true" + name: imageclusterinstalls.extensions.hive.openshift.io +spec: + group: extensions.hive.openshift.io + names: + kind: ImageClusterInstall + listKind: ImageClusterInstallList + plural: imageclusterinstalls + singular: imageclusterinstall + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ImageClusterInstall is the Schema for the imageclusterinstall + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageClusterInstallSpec defines the desired state of ImageClusterInstall + properties: + bareMetalHostRef: + description: BareMetalHostRef identifies a BareMetalHost object to + be used to attach the configuration to the host. + properties: + name: + description: Name identifies the BareMetalHost within a namespace + type: string + namespace: + description: Namespace identifies the namespace containing the + referenced BareMetalHost + type: string + required: + - name + - namespace + type: object + caBundleRef: + description: CABundle is a reference to a config map containing the + new bundle of trusted certificates for the host. The tls-ca-bundle.pem + entry in the config map will be written to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterDeploymentRef: + description: ClusterDeploymentRef is a reference to the ClusterDeployment. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterMetadata: + description: ClusterMetadata contains metadata information about the + installed cluster. This must be set as soon as all the information + is available. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this + cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: ClusterID is a globally unique identifier for this + cluster generated during installation. Used for reporting metrics + among other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated + during installation and used for tagging/naming resources in + cloud providers. + type: string + platform: + description: Platform holds platform-specific cluster metadata + properties: + aws: + description: AWS holds AWS-specific cluster metadata + properties: + hostedZoneRole: + description: HostedZoneRole is the role to assume when + performing operations on a hosted zone owned by another + account. + type: string + type: object + azure: + description: Azure holds azure-specific cluster metadata + properties: + resourceGroupName: + description: ResourceGroupName is the name of the resource + group in which the cluster resources were created. + type: string + required: + - resourceGroupName + type: object + gcp: + description: GCP holds GCP-specific cluster metadata + properties: + networkProjectID: + description: NetworkProjectID is used for shared VPC setups + type: string + type: object + type: object + required: + - adminKubeconfigSecretRef + - clusterID + - infraID + type: object + extraManifestsRef: + description: ExtraManifestsRefs is list of config map references containing + additional manifests to be applied to the relocated cluster. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hostname: + description: Hostname is the desired hostname for the host + type: string + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. + properties: + name: + description: Name is the name of the ClusterImageSet that this + refers to + type: string + required: + - name + type: object + networkConfigRef: + description: NetworkConfigRef is the reference to a config map containing + network configuration files if necessary. Keys should be of the + form *.nmconnection and each represent an nmconnection file to be + applied to the host. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + nodeIP: + description: NodeIP is the desired IP for the host + type: string + version: + description: 'Version is the target OCP version for the cluster TODO: + should this use ImageSetRef?' + type: string + required: + - imageSetRef + type: object + status: + description: ImageClusterInstallStatus defines the observed state of ImageClusterInstall + properties: + bareMetalHostRef: + properties: + name: + description: Name identifies the BareMetalHost within a namespace + type: string + namespace: + description: Namespace identifies the namespace containing the + referenced BareMetalHost + type: string + required: + - name + - namespace + type: object + conditions: + description: Conditions is a list of conditions associated with syncing + to the cluster. + items: + description: ClusterInstallCondition contains details for the current + condition of a cluster install. + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + configConditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + installRestarts: + description: InstallRestarts is the total count of container restarts + on the clusters install job. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/pkg/templates/rbac_gen.go b/pkg/templates/rbac_gen.go index 4144ec14..37eda477 100644 --- a/pkg/templates/rbac_gen.go +++ b/pkg/templates/rbac_gen.go @@ -13,6 +13,7 @@ package main //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;update;delete //+kubebuilder:rbac:groups="",resources=configmaps/status,verbs=get;update;patch //+kubebuilder:rbac:groups="",resources=configmaps/status,verbs=get;update;patch @@ -30,6 +31,7 @@ package main //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch +//+kubebuilder:rbac:groups="",resources=events,verbs=create;patch //+kubebuilder:rbac:groups="",resources=namespaces,verbs=create;get;list;watch //+kubebuilder:rbac:groups="",resources=namespaces,verbs=delete //+kubebuilder:rbac:groups="",resources=namespaces;secrets;pods;pods/portforward,verbs=* @@ -45,6 +47,7 @@ package main //+kubebuilder:rbac:groups="",resources=pods;services;endpoints,verbs=get;list;watch //+kubebuilder:rbac:groups="",resources=secrets,verbs=create //+kubebuilder:rbac:groups="",resources=secrets,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups="",resources=secrets,verbs=create;delete;get;list;patch;update;watch //+kubebuilder:rbac:groups="",resources=secrets,verbs=create;get;list;update;watch //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;update;watch;patch //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch @@ -228,6 +231,7 @@ package main //+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;update;create;patch //+kubebuilder:rbac:groups=discovery.open-cluster-management.io,resources=discoveredclusters,verbs=create;delete;deletecollection;get;list;patch;update;watch //+kubebuilder:rbac:groups=discovery.open-cluster-management.io,resources=discoveredclusters/finalizers,verbs=get;patch;update @@ -242,6 +246,9 @@ package main //+kubebuilder:rbac:groups=extensions.hive.openshift.io,resources=agentclusterinstalls,verbs=list;watch //+kubebuilder:rbac:groups=extensions.hive.openshift.io,resources=agentclusterinstalls/finalizers,verbs=update //+kubebuilder:rbac:groups=extensions.hive.openshift.io,resources=agentclusterinstalls/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=extensions.hive.openshift.io,resources=imageclusterinstalls,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=extensions.hive.openshift.io,resources=imageclusterinstalls/finalizers,verbs=update +//+kubebuilder:rbac:groups=extensions.hive.openshift.io,resources=imageclusterinstalls/status,verbs=get;patch;update //+kubebuilder:rbac:groups=flowcontrol.apiserver.k8s.io,resources=flowschemas;prioritylevelconfigurations,verbs=get;list;watch //+kubebuilder:rbac:groups=flowcontrol.apiserver.k8s.io,resources=prioritylevelconfigurations;flowschemas,verbs=get;list;watch //+kubebuilder:rbac:groups=hive.openshift.io,resources=*,verbs=* @@ -249,6 +256,7 @@ package main //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterclaims;clusterpools,verbs=get;list;watch;update;patch //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterdeployments,verbs=create;delete;get;list;patch;update;watch //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterdeployments,verbs=get +//+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterdeployments,verbs=get;list;patch;update;watch //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterdeployments,verbs=get;list;watch //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterdeployments,verbs=patch;delete;update //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterdeployments/finalizers,verbs=update @@ -259,6 +267,7 @@ package main //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterdeployments;syncsets;selectorsyncsets,verbs=create;delete;get;list;patch;update;watch //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterimagesets,verbs=create;get;list;watch //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterimagesets,verbs=get;list;watch +//+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterimagesets,verbs=get;list;watch //+kubebuilder:rbac:groups=hive.openshift.io,resources=clusterimagesets,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=hiveinternal.openshift.io,resources=*,verbs=* //+kubebuilder:rbac:groups=hiveinternal.openshift.io,resources=clustersyncs,verbs=get;list;watch @@ -273,6 +282,7 @@ package main //+kubebuilder:rbac:groups=internal.open-cluster-management.io,resources=managedclusterinfos;managedclusterinfos/status,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=internal.open-cluster-management.io;"",resources=managedclusterinfos;pods;secrets,verbs=get //+kubebuilder:rbac:groups=metal3.io,resources=baremetalhosts,verbs=get;list;patch;update;watch +//+kubebuilder:rbac:groups=metal3.io,resources=baremetalhosts,verbs=get;list;patch;update;watch //+kubebuilder:rbac:groups=metal3.io,resources=baremetalhosts,verbs=get;list;watch;update //+kubebuilder:rbac:groups=metal3.io,resources=baremetalhosts;provisionings,verbs=list;watch //+kubebuilder:rbac:groups=metal3.io,resources=preprovisioningimages,verbs=create;delete;get;list;patch;update;watch diff --git a/pkg/toggle/toggle.go b/pkg/toggle/toggle.go index f115e585..d71b6cbe 100644 --- a/pkg/toggle/toggle.go +++ b/pkg/toggle/toggle.go @@ -18,20 +18,20 @@ import ( ) const ( - ManagedServiceAccountChartDir = "pkg/templates/charts/toggle/managed-serviceaccount" - ConsoleMCEChartsDir = "pkg/templates/charts/toggle/console-mce" - ManagedServiceAccountCRDPath = "pkg/templates/managed-serviceaccount/crds" - - DiscoveryChartDir = "pkg/templates/charts/toggle/discovery-operator" - HostedImportChartDir = "pkg/templates/charts/hosted/server-foundation" - HostingImportChartDir = "pkg/templates/charts/hosting/server-foundation" - HiveChartDir = "pkg/templates/charts/toggle/hive-operator" - AssistedServiceChartDir = "pkg/templates/charts/toggle/assisted-service" - ClusterLifecycleChartDir = "pkg/templates/charts/toggle/cluster-lifecycle" - ClusterManagerChartDir = "pkg/templates/charts/toggle/cluster-manager" - ServerFoundationChartDir = "pkg/templates/charts/toggle/server-foundation" - HyperShiftChartDir = "pkg/templates/charts/toggle/hypershift" - ClusterProxyAddonDir = "pkg/templates/charts/toggle/cluster-proxy-addon" + ManagedServiceAccountChartDir = "pkg/templates/charts/toggle/managed-serviceaccount" + ConsoleMCEChartsDir = "pkg/templates/charts/toggle/console-mce" + ManagedServiceAccountCRDPath = "pkg/templates/managed-serviceaccount/crds" + ImageBasedInstallOperatorChartDir = "pkg/templates/charts/toggle/image-based-install-operator" + DiscoveryChartDir = "pkg/templates/charts/toggle/discovery-operator" + HostedImportChartDir = "pkg/templates/charts/hosted/server-foundation" + HostingImportChartDir = "pkg/templates/charts/hosting/server-foundation" + HiveChartDir = "pkg/templates/charts/toggle/hive-operator" + AssistedServiceChartDir = "pkg/templates/charts/toggle/assisted-service" + ClusterLifecycleChartDir = "pkg/templates/charts/toggle/cluster-lifecycle" + ClusterManagerChartDir = "pkg/templates/charts/toggle/cluster-manager" + ServerFoundationChartDir = "pkg/templates/charts/toggle/server-foundation" + HyperShiftChartDir = "pkg/templates/charts/toggle/hypershift" + ClusterProxyAddonDir = "pkg/templates/charts/toggle/cluster-proxy-addon" ) func EnabledStatus(namespacedName types.NamespacedName) status.StatusReporter { diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index ac1de5b5..66f7d7e9 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -46,6 +46,7 @@ var onComponents = []string{ backplanev1.HypershiftLocalHosting, backplanev1.HyperShift, backplanev1.ManagedServiceAccount, + backplanev1.ImageBasedInstallOperator, // backplanev1.ConsoleMCE, // determined by OCP version } @@ -186,7 +187,7 @@ func GetTestImages() []string { "assisted_service", "assisted_image_service", "postgresql_12", "assisted_installer_agent", "assisted_installer_controller", "assisted_installer", "console_mce", "hypershift_addon_operator", "hypershift_operator", "apiserver_network_proxy", "aws_encryption_provider", "cluster_api", "cluster_api_provider_agent", "cluster_api_provider_aws", - "cluster_api_provider_azure", "cluster_api_provider_kubevirt", "kube_rbac_proxy_mce", "cluster_proxy_addon", "cluster_proxy", "cluster_image_set_controller"} + "cluster_api_provider_azure", "cluster_api_provider_kubevirt", "kube_rbac_proxy_mce", "cluster_proxy_addon", "cluster_proxy", "cluster_image_set_controller", "image_based_install_operator"} } func IsUnitTest() bool {