Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AGENT-966: Reduce dependency from kube-system/cluster-config-v1 when generating the image #9066

Merged
7 changes: 7 additions & 0 deletions cmd/node-joiner/nodejoiner_integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"sigs.k8s.io/yaml"

v1 "github.com/openshift/api/config/v1"
machineconfigv1 "github.com/openshift/api/machineconfiguration/v1"
"github.com/openshift/installer/internal/tshelpers"
)

Expand Down Expand Up @@ -65,8 +66,10 @@ func TestNodeJoinerIntegration(t *testing.T) {

Cmds: map[string]func(ts *testscript.TestScript, neg bool, args []string){
"isoCmp": tshelpers.IsoCmp,
"isoCmpRegEx": tshelpers.IsoCmpRegEx,
"isoIgnitionContains": tshelpers.IsoIgnitionContains,
"isoIgnitionUser": tshelpers.IsoIgnitionUser,
"isoFileCmpRegEx": tshelpers.IsoFileCmpRegEx,
},

Setup: func(e *testscript.Env) error {
Expand Down Expand Up @@ -237,6 +240,10 @@ func getGVR(obj *unstructured.Unstructured) (schema.GroupVersionResource, error)
gvr = v1.GroupVersion.WithResource("infrastructures")
case "Proxy":
gvr = v1.SchemeGroupVersion.WithResource("proxies")
case "ImageDigestMirrorSet":
gvr = v1.SchemeGroupVersion.WithResource("imagedigestmirrorsets")
case "MachineConfig":
gvr = machineconfigv1.SchemeGroupVersion.WithResource("machineconfigs")
case "Namespace":
gvr = corev1.SchemeGroupVersion.WithResource("namespaces")
case "Secret":
Expand Down
1 change: 1 addition & 0 deletions cmd/node-joiner/testdata/add-nodes-overrides.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

exec node-joiner add-nodes --kubeconfig=$WORK/kubeconfig --log-level=debug --dir=$WORK

grep '^0$' $WORK/exit_code
exists $WORK/node.x86_64.iso
isoIgnitionUser node.x86_64.iso core 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSUGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XAt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/EnmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbxNrRFi9wrf+M7Q=='
isoCmp node.x86_64.iso /etc/assisted/manifests/infraenv.yaml expected/infraenv.yaml
Expand Down
27 changes: 25 additions & 2 deletions cmd/node-joiner/testdata/add-nodes.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,40 @@

exec node-joiner add-nodes --kubeconfig=$WORK/kubeconfig --log-level=debug --dir=$WORK

grep '^0$' $WORK/exit_code
exists $WORK/node.x86_64.iso
isoIgnitionContains node.x86_64.iso /etc/assisted/add-nodes.env
isoCmpRegEx node.x86_64.iso /etc/assisted/add-nodes.env expected/add-nodes.env
isoIgnitionContains node.x86_64.iso /etc/assisted/manifests/cluster-image-set.yaml
isoIgnitionContains node.x86_64.iso /etc/assisted/manifests/infraenv.yaml
isoIgnitionContains node.x86_64.iso /etc/assisted/manifests/pull-secret.yaml
isoIgnitionContains node.x86_64.iso /usr/local/bin/add-node.sh
isoIgnitionUser node.x86_64.iso core my-sshKey
isoCmp node.x86_64.iso /etc/containers/registries.conf expected/registries.conf
isoFileCmpRegEx node.x86_64.iso /EFI/redhat/grub.cfg expected/grub.cfg

-- nodes-config.yaml --
hosts:
- hostname: extra-worker-0
interfaces:
- name: eth0
macAddress: 00:f4:3d:a0:0e:2b
macAddress: 00:f4:3d:a0:0e:2b

-- expected/registries.conf --
credential-helpers = []
short-name-mode = ""
unqualified-search-registries = []

[[registry]]
location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev"
mirror-by-digest-only = true
prefix = ""

[[registry.mirror]]
location = "registry.example.com:5000/ocp4/openshift4"
-- expected/add-nodes.env --
CLUSTER_ID=c37c9544-4320-4380-9d8b-0753a4d9ea57
CLUSTER_NAME=ostest
CLUSTER_API_VIP_DNS_NAME=api.ostest.test.metalkube.org
AGENT_AUTH_TOKEN_EXPIRY=.*
-- expected/grub.cfg --
.*fips=1.*
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1126
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
name: imagedigestmirrorsets.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ImageDigestMirrorSet
listKind: ImageDigestMirrorSetList
plural: imagedigestmirrorsets
shortNames:
- idms
singular: imagedigestmirrorset
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification.
When multiple policies are defined, the outcome of the behavior is defined on each field.

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
properties:
imageDigestMirrors:
description: |-
imageDigestMirrors allows images referenced by image digests in pods to be
pulled from alternative mirrored repository locations. The image pull specification
provided to the pod will be compared to the source locations described in imageDigestMirrors
and the image may be pulled down from any of the mirrors in the list instead of the
specified repository allowing administrators to choose a potentially faster mirror.
To use mirrors to pull images using tag specification, users should configure
a list of mirrors using "ImageTagMirrorSet" CRD.

If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects,
only the objects which define the most specific namespace match will be used.
For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as
the "source", only the objects using quay.io/libpod/busybox are going to apply
for pull specification quay.io/libpod/busybox.
Each “source” repository is treated independently; configurations for different “source”
repositories don’t interact.

If the "mirrors" is not specified, the image will continue to be pulled from the specified
repository in the pull spec.

When multiple policies are defined for the same “source” repository, the sets of defined
mirrors will be merged together, preserving the relative order of the mirrors, if possible.
For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict
(e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.
items:
description: ImageDigestMirrors holds cluster-wide information about
how to handle mirrors in the registries config.
properties:
mirrorSourcePolicy:
description: |-
mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.
If unset, the image will continue to be pulled from the the repository in the pull spec.
sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
enum:
- NeverContactSource
- AllowContactingSource
type: string
mirrors:
description: |-
mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.
Images can be pulled from these mirrors only if they are referenced by their digests.
The mirrored location is obtained by replacing the part of the input reference that
matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,
a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo
repository to be used.
The order of mirrors in this list is treated as the user's desired priority, while source
is by default considered lower priority than all mirrors.
If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be
pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy"
Other cluster configuration, including (but not limited to) other imageDigestMirrors objects,
may impact the exact order mirrors are contacted in, or some mirrors may be contacted
in parallel, so this should be considered a preference rather than a guarantee of ordering.
"mirrors" uses one of the following formats:
host[:port]
host[:port]/namespace[/namespace…]
host[:port]/namespace[/namespace…]/repo
for more information about the format, see the document about the location field:
https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
items:
pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
type: string
type: array
x-kubernetes-list-type: set
source:
description: |-
source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname
e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.
"source" uses one of the following formats:
host[:port]
host[:port]/namespace[/namespace…]
host[:port]/namespace[/namespace…]/repo
[*.]host
for more information about the format, see the document about the location field:
https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
type: string
required:
- source
type: object
type: array
x-kubernetes-list-type: atomic
type: object
status:
description: status contains the observed state of the resource.
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
104 changes: 104 additions & 0 deletions cmd/node-joiner/testdata/setup/crds/0000_machineconfigs_crd.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1453
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
labels:
openshift.io/operator-managed: ""
name: machineconfigs.machineconfiguration.openshift.io
spec:
group: machineconfiguration.openshift.io
names:
kind: MachineConfig
listKind: MachineConfigList
plural: machineconfigs
shortNames:
- mc
singular: machineconfig
scope: Cluster
versions:
- additionalPrinterColumns:
- description: Version of the controller that generated the machineconfig. This
will be empty if the machineconfig is not managed by a controller.
jsonPath: .metadata.annotations.machineconfiguration\.openshift\.io/generated-by-controller-version
name: GeneratedByController
type: string
- description: Version of the Ignition Config defined in the machineconfig.
jsonPath: .spec.config.ignition.version
name: IgnitionVersion
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
MachineConfig defines the configuration for a machine

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MachineConfigSpec is the spec for MachineConfig
properties:
baseOSExtensionsContainerImage:
description: |-
BaseOSExtensionsContainerImage specifies the remote location that will be used
to fetch the extensions container matching a new-format OS image
type: string
config:
description: Config is a Ignition Config object.
type: object
x-kubernetes-preserve-unknown-fields: true
extensions:
description: extensions contains a list of additional features that
can be enabled on host
items:
type: string
type: array
x-kubernetes-list-type: atomic
fips:
description: fips controls FIPS mode
type: boolean
kernelArguments:
description: kernelArguments contains a list of kernel arguments to
be added
items:
type: string
nullable: true
type: array
x-kubernetes-list-type: atomic
kernelType:
description: |-
kernelType contains which kernel we want to be running like default
(traditional), realtime, 64k-pages (aarch64 only).
type: string
osImageURL:
description: |-
OSImageURL specifies the remote location that will be used to
fetch the OS.
type: string
type: object
type: object
served: true
storage: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: worker
name: 99-worker-fips
spec:
fips: true
15 changes: 15 additions & 0 deletions cmd/node-joiner/testdata/setup/default/0010_99-worker-ssh-mc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: worker
name: 99-worker-ssh
spec:
config:
ignition:
version: 3.2.0
passwd:
users:
- name: core
sshAuthorizedKeys:
- my-sshKey
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: config.openshift.io/v1
kind: ImageDigestMirrorSet
metadata:
name: image-digest-mirror
spec:
imageDigestMirrors:
- mirrors:
- registry.example.com:5000/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,5 @@ metadata:
spec:
platformSpec:
type: BareMetal
status:
apiServerURL: https://api.ostest.test.metalkube.org:6443

This file was deleted.

Loading