From 6d8070bf284c33eaeadad347754bbf3fb3f1059e Mon Sep 17 00:00:00 2001 From: Pasquale Congiusti Date: Tue, 11 Jun 2024 15:53:04 +0200 Subject: [PATCH] chore(install): openshift overlays --- .github/workflows/install.yml | 4 +-- .../ROOT/pages/installation/installation.adoc | 4 +-- e2e/install/helm/setup_test.go | 12 ++++----- e2e/install/kustomize/setup_test.go | 26 ++++++++++--------- e2e/support/test_util.go | 11 ++++++++ .../openshift/descoped/kustomization.yaml | 25 ++++++++++++++++++ .../patch-watch-namespace-global.yaml | 22 ++++++++++++++++ .../openshift/namespaced/kustomization.yaml | 25 ++++++++++++++++++ .../bases/camel-k.clusterserviceversion.yaml | 1 - ...erator-cluster-role-binding-openshift.yaml | 1 - ...luster-role-console-binding-openshift.yaml | 1 - ...ter-role-binding-addressable-resolver.yaml | 1 - ...e-binding-custom-resource-definitions.yaml | 1 - .../operator-role-binding-local-registry.yaml | 1 - ...tch-rolebinding-to-clusterrolebinding.yaml | 1 - 15 files changed, 106 insertions(+), 30 deletions(-) create mode 100644 install/overlays/openshift/descoped/kustomization.yaml create mode 100644 install/overlays/openshift/descoped/patch-watch-namespace-global.yaml create mode 100644 install/overlays/openshift/namespaced/kustomization.yaml diff --git a/.github/workflows/install.yml b/.github/workflows/install.yml index 714a69909f..2c27553591 100644 --- a/.github/workflows/install.yml +++ b/.github/workflows/install.yml @@ -19,9 +19,9 @@ name: install env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CAMEL_K_TEST_TIMEOUT_SHORT: 3m + CAMEL_K_TEST_TIMEOUT_SHORT: 5m CAMEL_K_TEST_TIMEOUT_MEDIUM: 10m - + on: pull_request: branches: diff --git a/docs/modules/ROOT/pages/installation/installation.adoc b/docs/modules/ROOT/pages/installation/installation.adoc index 310463f26a..cd5ad7d4bc 100644 --- a/docs/modules/ROOT/pages/installation/installation.adoc +++ b/docs/modules/ROOT/pages/installation/installation.adoc @@ -62,12 +62,12 @@ https://kustomize.io[Kustomize] provides a declarative approach to the configura If you don't need to provide any configuration nor the registry (ie, in Openshift), you can apply this simple one liner: ``` -$ kubectl apply -k github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v2.4.0 --server-side +$ kubectl apply -k github.com/apache/camel-k/install/overlays/openshift/descoped?ref=v2.4.0 --server-side ``` You can specify as `ref` parameter the version you're willing to install (ie, `v2.4.0`). The command above will install a descoped (global) operator in the camel-k namespace. -NOTE: if you're not installing in Openshift you will need to manually change the IntegrationPlatform registry configuration as the operator won't be able to find any valid registry address. +NOTE: if you're not installing in Openshift you will need to manually change the IntegrationPlatform registry configuration as the operator won't be able to find any valid registry address (see section below). === Custom configuration procedure diff --git a/e2e/install/helm/setup_test.go b/e2e/install/helm/setup_test.go index da06c13f6c..62ff7c5fc3 100644 --- a/e2e/install/helm/setup_test.go +++ b/e2e/install/helm/setup_test.go @@ -38,13 +38,12 @@ import ( ) func TestHelmInstallRunUninstall(t *testing.T) { - KAMEL_INSTALL_REGISTRY := os.Getenv("KAMEL_INSTALL_REGISTRY") - customImage := fmt.Sprintf("%s/apache/camel-k", KAMEL_INSTALL_REGISTRY) - - os.Setenv("CAMEL_K_TEST_MAKE_DIR", "../../../") - WithNewTestNamespace(t, func(ctx context.Context, g *WithT, ns string) { - ExpectExecSucceed(t, g, Make(t, fmt.Sprintf("CUSTOM_IMAGE=%s", customImage), "set-version")) + // Ensure no CRDs are already installed + Cleanup(t, ctx) + KAMEL_INSTALL_REGISTRY := os.Getenv("KAMEL_INSTALL_REGISTRY") + CheckLocalInstallRegistry(t, g) + os.Setenv("CAMEL_K_TEST_MAKE_DIR", "../../../") ExpectExecSucceed(t, g, Make(t, "release-helm")) ExpectExecSucceed(t, g, exec.Command( @@ -62,7 +61,6 @@ func TestHelmInstallRunUninstall(t *testing.T) { ) g.Eventually(OperatorPod(t, ctx, ns)).ShouldNot(BeNil()) - // Check if restricted security context has been applyed operatorPod := OperatorPod(t, ctx, ns)() g.Expect(operatorPod.Spec.Containers[0].SecurityContext.RunAsNonRoot).To(Equal(kubernetes.DefaultOperatorSecurityContext().RunAsNonRoot)) diff --git a/e2e/install/kustomize/setup_test.go b/e2e/install/kustomize/setup_test.go index 30e4ecb21e..2387845089 100644 --- a/e2e/install/kustomize/setup_test.go +++ b/e2e/install/kustomize/setup_test.go @@ -40,16 +40,16 @@ import ( ) func TestKustomizeNamespaced(t *testing.T) { + g := NewWithT(t) + CheckLocalInstallRegistry(t, g) // TODO, likely we need to adjust this test with a Kustomize overlay for Openshift // which would not require the registry setting registry := os.Getenv("KIND_REGISTRY") kustomizeDir := testutil.MakeTempCopyDir(t, "../../../install") ctx := TestContext() - g := NewWithT(t) g.Expect(registry).NotTo(Equal("")) - // Ensure no CRDs are already installed: we can skip to check as it may fail - // if no CRDs was previously installed. - UninstallAll(t, ctx) + // Ensure no CRDs are already installed + Cleanup(t, ctx) WithNewTestNamespace(t, func(ctx context.Context, g *WithT, ns string) { // We must change a few values in the Kustomize config @@ -83,7 +83,7 @@ func TestKustomizeNamespaced(t *testing.T) { // Refresh the test client to account for the newly installed CRDs RefreshClient(t) g.Eventually(OperatorPod(t, ctx, ns)).ShouldNot(BeNil()) - g.Eventually(OperatorPodPhase(t, ctx, ns), TestTimeoutMedium).Should(Equal(corev1.PodRunning)) + g.Eventually(OperatorPodPhase(t, ctx, ns)).Should(Equal(corev1.PodRunning)) // Check if restricted security context has been applied operatorPod := OperatorPod(t, ctx, ns)() g.Expect(operatorPod.Spec.Containers[0].SecurityContext.RunAsNonRoot).To( @@ -105,7 +105,7 @@ func TestKustomizeNamespaced(t *testing.T) { // Test a simple integration is running g.Expect(KamelRun(t, ctx, ns, "files/yaml.yaml").Execute()).To(Succeed()) - g.Eventually(IntegrationPodPhase(t, ctx, ns, "yaml"), TestTimeoutLong).Should(Equal(corev1.PodRunning)) + g.Eventually(IntegrationPodPhase(t, ctx, ns, "yaml")).Should(Equal(corev1.PodRunning)) g.Eventually(IntegrationConditionStatus(t, ctx, ns, "yaml", v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue)) g.Eventually(IntegrationLogs(t, ctx, ns, "yaml"), TestTimeoutShort).Should(ContainSubstring("Magicstring!")) @@ -119,6 +119,7 @@ func TestKustomizeNamespaced(t *testing.T) { ns, )) g.Eventually(OperatorPod(t, ctx, ns)).Should(BeNil()) + g.Eventually(Platform(t, ctx, ns)).Should(BeNil()) g.Eventually(Integration(t, ctx, ns, "yaml"), TestTimeoutShort).ShouldNot(BeNil()) g.Eventually(IntegrationConditionStatus(t, ctx, ns, "yaml", v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue)) @@ -138,16 +139,16 @@ func TestKustomizeNamespaced(t *testing.T) { } func TestKustomizeDescoped(t *testing.T) { + g := NewWithT(t) + CheckLocalInstallRegistry(t, g) // TODO, likely we need to adjust this test with a Kustomize overlay for Openshift // which would not require the registry setting registry := os.Getenv("KIND_REGISTRY") kustomizeDir := testutil.MakeTempCopyDir(t, "../../../install") ctx := TestContext() - g := NewWithT(t) g.Expect(registry).NotTo(Equal("")) - // Ensure no CRDs are already installed: we can skip to check as it may fail - // if no CRDs was previously installed. - UninstallAll(t, ctx) + // Ensure no CRDs are already installed + Cleanup(t, ctx) WithNewTestNamespace(t, func(ctx context.Context, g *WithT, ns string) { // We must change a few values in the Kustomize config @@ -184,7 +185,7 @@ func TestKustomizeDescoped(t *testing.T) { podFunc := OperatorPod(t, ctx, ns) g.Eventually(podFunc).ShouldNot(BeNil()) - g.Eventually(OperatorPodPhase(t, ctx, ns), TestTimeoutMedium).Should(Equal(corev1.PodRunning)) + g.Eventually(OperatorPodPhase(t, ctx, ns)).Should(Equal(corev1.PodRunning)) pod := podFunc() containers := pod.Spec.Containers @@ -222,7 +223,7 @@ func TestKustomizeDescoped(t *testing.T) { WithNewTestNamespace(t, func(ctx context.Context, g *WithT, nsIntegration string) { // Test a simple integration is running g.Expect(KamelRun(t, ctx, nsIntegration, "files/yaml.yaml").Execute()).To(Succeed()) - g.Eventually(IntegrationPodPhase(t, ctx, nsIntegration, "yaml"), TestTimeoutLong).Should(Equal(corev1.PodRunning)) + g.Eventually(IntegrationPodPhase(t, ctx, nsIntegration, "yaml")).Should(Equal(corev1.PodRunning)) g.Eventually(IntegrationConditionStatus(t, ctx, nsIntegration, "yaml", v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue)) g.Eventually(IntegrationLogs(t, ctx, nsIntegration, "yaml"), TestTimeoutShort).Should(ContainSubstring("Magicstring!")) @@ -236,6 +237,7 @@ func TestKustomizeDescoped(t *testing.T) { ns, )) g.Eventually(OperatorPod(t, ctx, ns)).Should(BeNil()) + g.Eventually(Platform(t, ctx, ns)).Should(BeNil()) g.Eventually(Integration(t, ctx, nsIntegration, "yaml"), TestTimeoutShort).ShouldNot(BeNil()) g.Eventually(IntegrationConditionStatus(t, ctx, nsIntegration, "yaml", v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue)) diff --git a/e2e/support/test_util.go b/e2e/support/test_util.go index 188ca0eaa1..8ada6abe3b 100644 --- a/e2e/support/test_util.go +++ b/e2e/support/test_util.go @@ -24,6 +24,7 @@ package support import ( "context" + "fmt" "os" "os/exec" "strings" @@ -124,3 +125,13 @@ func UninstallAll(t *testing.T, ctx context.Context) error { func UninstallFromNamespace(t *testing.T, ctx context.Context, ns string) error { return Kamel(t, ctx, "uninstall", "--olm=false", "-n", ns).Execute() } + +func CheckLocalInstallRegistry(t *testing.T, g *WithT) { + KAMEL_INSTALL_REGISTRY := os.Getenv("KAMEL_INSTALL_REGISTRY") + if KAMEL_INSTALL_REGISTRY != "" { + t.Logf("Detected a local registry for Camel K %s. Setting custom image accordingly.", KAMEL_INSTALL_REGISTRY) + customImage := fmt.Sprintf("%s/apache/camel-k", KAMEL_INSTALL_REGISTRY) + os.Setenv("CAMEL_K_TEST_MAKE_DIR", "../../../") + ExpectExecSucceed(t, g, Make(t, fmt.Sprintf("CUSTOM_IMAGE=%s", customImage), "set-version")) + } +} diff --git a/install/overlays/openshift/descoped/kustomization.yaml b/install/overlays/openshift/descoped/kustomization.yaml new file mode 100644 index 0000000000..7d893bc479 --- /dev/null +++ b/install/overlays/openshift/descoped/kustomization.yaml @@ -0,0 +1,25 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../kubernetes/descoped +- ../../../base/config/rbac/openshift +- ../../../base/config/rbac/openshift/descoped + +namespace: camel-k diff --git a/install/overlays/openshift/descoped/patch-watch-namespace-global.yaml b/install/overlays/openshift/descoped/patch-watch-namespace-global.yaml new file mode 100644 index 0000000000..69c6ae5026 --- /dev/null +++ b/install/overlays/openshift/descoped/patch-watch-namespace-global.yaml @@ -0,0 +1,22 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +- op: remove + path: /spec/template/spec/containers/0/env/0/valueFrom +- op: add + path: /spec/template/spec/containers/0/env/0/value + value: "" diff --git a/install/overlays/openshift/namespaced/kustomization.yaml b/install/overlays/openshift/namespaced/kustomization.yaml new file mode 100644 index 0000000000..fb7e659a9b --- /dev/null +++ b/install/overlays/openshift/namespaced/kustomization.yaml @@ -0,0 +1,25 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../kubernetes/namespaced +- ../../../base/config/rbac/openshift +- ../../../base/config/rbac/openshift/namespaced + +namespace: default diff --git a/pkg/resources/config/manifests/bases/camel-k.clusterserviceversion.yaml b/pkg/resources/config/manifests/bases/camel-k.clusterserviceversion.yaml index a2e20f6718..8453ee6a77 100644 --- a/pkg/resources/config/manifests/bases/camel-k.clusterserviceversion.yaml +++ b/pkg/resources/config/manifests/bases/camel-k.clusterserviceversion.yaml @@ -32,7 +32,6 @@ metadata: repository: https://github.com/apache/camel-k support: Camel name: camel-k.v2.4.0 - namespace: placeholder spec: apiservicedefinitions: {} customresourcedefinitions: diff --git a/pkg/resources/config/rbac/openshift/descoped/operator-cluster-role-binding-openshift.yaml b/pkg/resources/config/rbac/openshift/descoped/operator-cluster-role-binding-openshift.yaml index 8cf0a8fc9e..5f181fe5b9 100644 --- a/pkg/resources/config/rbac/openshift/descoped/operator-cluster-role-binding-openshift.yaml +++ b/pkg/resources/config/rbac/openshift/descoped/operator-cluster-role-binding-openshift.yaml @@ -24,7 +24,6 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder roleRef: kind: ClusterRole name: camel-k-operator-openshift diff --git a/pkg/resources/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml b/pkg/resources/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml index fef037a6bb..f99d5486a5 100644 --- a/pkg/resources/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml +++ b/pkg/resources/config/rbac/openshift/operator-cluster-role-console-binding-openshift.yaml @@ -24,7 +24,6 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder roleRef: kind: ClusterRole name: camel-k-operator-console-openshift diff --git a/pkg/resources/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml b/pkg/resources/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml index bddbcfdfc6..1c32ba0858 100644 --- a/pkg/resources/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml +++ b/pkg/resources/config/rbac/operator-cluster-role-binding-addressable-resolver.yaml @@ -24,7 +24,6 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder roleRef: kind: ClusterRole name: camel-k-operator-bind-addressable-resolver diff --git a/pkg/resources/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml b/pkg/resources/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml index 14d3fa1a88..d73ce7c112 100644 --- a/pkg/resources/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml +++ b/pkg/resources/config/rbac/operator-cluster-role-binding-custom-resource-definitions.yaml @@ -24,7 +24,6 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder roleRef: kind: ClusterRole name: camel-k-operator-custom-resource-definitions diff --git a/pkg/resources/config/rbac/operator-role-binding-local-registry.yaml b/pkg/resources/config/rbac/operator-role-binding-local-registry.yaml index 56ed3c47dd..8bff035de9 100644 --- a/pkg/resources/config/rbac/operator-role-binding-local-registry.yaml +++ b/pkg/resources/config/rbac/operator-role-binding-local-registry.yaml @@ -25,7 +25,6 @@ metadata: subjects: - kind: ServiceAccount name: camel-k-operator - namespace: placeholder roleRef: kind: ClusterRole name: camel-k-operator-local-registry diff --git a/pkg/resources/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml b/pkg/resources/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml index d0d3001f45..f2261dd41a 100644 --- a/pkg/resources/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml +++ b/pkg/resources/config/rbac/patch-rolebinding-to-clusterrolebinding.yaml @@ -23,4 +23,3 @@ value: ClusterRole - op: add path: /subjects/0/namespace - value: placeholder