From 2cdc7d86fe9f704f570ee79f7f0ac49748970862 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 19 Apr 2024 12:38:59 -0700 Subject: [PATCH 1/4] Only create marketplace publish after container image have been published Signed-off-by: pjuarezd --- Makefile | 1 - .../update-community-operator.sh | 4 +--- olm-post-script.sh | 9 -------- olm.sh | 23 +++++++++++-------- .../update-redhat-marketplace-operator.sh | 4 +--- 5 files changed, 16 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index 46b6c206919..fdce1cc372e 100644 --- a/Makefile +++ b/Makefile @@ -90,7 +90,6 @@ helm-reindex: release: assets @./release.sh - @./olm.sh apply-gofmt: @echo "Applying gofmt to all generated an existing files" diff --git a/community-operators/update-community-operator.sh b/community-operators/update-community-operator.sh index 972ae074ba9..372163e292b 100644 --- a/community-operators/update-community-operator.sh +++ b/community-operators/update-community-operator.sh @@ -42,13 +42,11 @@ git rebase upstream/main git push echo " " -echo "Execute olm.sh and then olm-post-script.sh" +echo "Execute olm.sh" echo "As a work around get working scripts from your repository" cp ~/minio/olm-scripts/community-operators/olm.sh ~/operator/olm.sh -cp ~/minio/olm-scripts/community-operators/olm-post-script.sh ~/operator/olm-post-script.sh cd ~/operator || return source olm.sh -source olm-post-script.sh echo " " echo "Create the branch:" diff --git a/olm-post-script.sh b/olm-post-script.sh index 49f7045f92a..c7a084adda6 100755 --- a/olm-post-script.sh +++ b/olm-post-script.sh @@ -1,14 +1,5 @@ #!/bin/bash -# get the minio version -RELEASE="$(sed -n 's/^.*DefaultOperatorImage = "minio\/operator:v\(.*\)"/\1/p' pkg/controller/operator.go)" -minioVersionInExample=$(kustomize build examples/kustomization/tenant-lite | yq eval-all '.spec.image' | tail -1) -echo "minioVersionInExample: ${minioVersionInExample}" - -# Get sha form of minio version -minioVersionDigest=$(docker pull $minioVersionInExample | grep Digest | awk -F ' ' '{print $2}') -minioVersionDigest="quay.io/minio/minio@${minioVersionDigest}" -echo "minioVersionDigest: ${minioVersionDigest}" # There are 4 catalogs in Red Hat, we are interested in two of them: # https://docs.openshift.com/container-platform/4.7/operators/understanding/olm-rh-catalogs.html diff --git a/olm.sh b/olm.sh index 04ecab38e24..3491bd23e49 100755 --- a/olm.sh +++ b/olm.sh @@ -3,7 +3,7 @@ set -e #binary versions -OPERATOR_SDK_VERSION=v1.22.2 +OPERATOR_SDK_VERSION=v1.34.1 TMP_BIN_DIR="$(mktemp -d)" function install_binaries() { @@ -24,8 +24,10 @@ function install_binaries() { install_binaries +RELEASE="$(sed -n 's/^.*DefaultOperatorImage = "minio\/operator:v\(.*\)"/\1/p' pkg/controller/operator.go)" + # get the minio version -minioVersionInExample=$(kustomize build examples/kustomization/tenant-openshift | yq eval-all '.spec.image' | tail -1) +minioVersionInExample=$(kustomize build examples/kustomization/tenant-lite | yq eval-all '.spec.image' | tail -1) echo "minioVersionInExample: ${minioVersionInExample}" # Get sha form of minio version @@ -66,13 +68,16 @@ for catalog in "${redhatCatalogs[@]}"; do --use-image-digests \ --kustomize-dir config/manifests - # Set the version, later in olm-post-script.sh we change for Digest form. - containerImage="quay.io/minio/operator:v${RELEASE}" - echo "containerImage: ${containerImage}" - operatorImageDigest="quay.io/minio/operator:v${RELEASE}" - yq -i ".metadata.annotations.containerImage |= (\"${operatorImageDigest}\")" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - yq -i ".spec.install.spec.deployments[0].spec.template.spec.containers[0].image |= (\"${operatorImageDigest}\")" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - yq -i ".spec.install.spec.deployments[1].spec.template.spec.containers[0].image |= (\"${operatorImageDigest}\")" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml + # https://connect.redhat.com/support/technology-partner/#/case/03206318 + # If no securityContext is specified, the OLM will choose one that fits within + # the security context constraint either explicitly specified for the project under which the pod is run, + # or the default. If the SCC specifies a value that doesn't match the specified value in our files, + # the pods will not start properly and we can't be installed. + # Let the user select their own securityContext and don't hardcode values that can affect the ability + # to debug and deploy our Operator in OperatorHub. + echo "Removing securityContext from CSV" + yq -i eval 'del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext)' bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml + yq -i eval 'del(.spec.install.spec.deployments[1].spec.template.spec.containers[0].securityContext)' bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml # Will query if a previous version of the CSV was published to the catalog of the latest supported Openshift version. # It will help to prevent add the `spec.replaces` annotation when there is no preexisting CSV in the catalog to replace. diff --git a/redhat-marketplace/update-redhat-marketplace-operator.sh b/redhat-marketplace/update-redhat-marketplace-operator.sh index d86e081922f..34fc4606c62 100644 --- a/redhat-marketplace/update-redhat-marketplace-operator.sh +++ b/redhat-marketplace/update-redhat-marketplace-operator.sh @@ -30,13 +30,11 @@ git rebase upstream/master git push echo " " -echo "Execute olm.sh and then olm-post-script.sh" +echo "Execute olm.sh" echo "As a work around get working scripts from your repository" cp ~/minio/olm-scripts/olm.sh ~/operator/olm.sh -cp ~/minio/olm-scripts/olm-post-script.sh ~/operator/olm-post-script.sh cd ~/operator || return source olm.sh -source olm-post-script.sh echo " " echo "Create the branch:" From b1abd0b02338b91cbd0bb67a4efc40561d5488b6 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 19 Apr 2024 13:35:39 -0700 Subject: [PATCH 2/4] remove olm-post-script.sh Signed-off-by: pjuarezd --- olm-post-script.sh | 56 ---------------------------------------------- 1 file changed, 56 deletions(-) delete mode 100755 olm-post-script.sh diff --git a/olm-post-script.sh b/olm-post-script.sh deleted file mode 100755 index c7a084adda6..00000000000 --- a/olm-post-script.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - - -# There are 4 catalogs in Red Hat, we are interested in two of them: -# https://docs.openshift.com/container-platform/4.7/operators/understanding/olm-rh-catalogs.html -# 1. redhat-operators <------------ Supported by Red Hat. -# 2. certified-operators <--------- Supported by the ISV (independent software vendors) <------------- We want this! -# 3. redhat-marketplace <---------- an be purchased from Red Hat Marketplace. <----------------------- We want this! -# 4. community-operators <--------- No official support. - -redhatCatalogs=("certified-operators" "redhat-marketplace" "community-operators") - -for catalog in "${redhatCatalogs[@]}"; do - echo " " - echo $catalog - package=minio-operator - if [[ "$catalog" == "redhat-marketplace" ]] - then - package=minio-operator-rhmp - fi - echo "package: ${package}" - - # Avoid message: "There are unpinned images digests!" by using Digest Sha256:xxxx rather than vx.x.x - containerImage="quay.io/minio/operator:v$RELEASE" - echo "containerImage: ${containerImage}" - digest=$(docker pull $containerImage | grep Digest | awk -F ' ' '{print $2}') - operatorImageDigest="quay.io/minio/operator@${digest}" - echo "operatorImageDigest: ${operatorImageDigest} @ ${digest}" - yq -i ".metadata.annotations.containerImage |= (\"${operatorImageDigest}\")" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - - # Operator Image in Digest mode: sha256:xxx published catalogs - yq -i ".spec.install.spec.deployments[0].spec.template.spec.containers[0].image |= (\"${operatorImageDigest}\")" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - yq -i ".spec.install.spec.deployments[1].spec.template.spec.containers[0].image |= (\"${operatorImageDigest}\")" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - yq -i "(.spec.relatedImages[] | select( .name == \"minio-operator\")).image |= \"${operatorImageDigest}\"" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - yq -i "(.spec.relatedImages[] | select( .name == \"console\")).image |= \"${operatorImageDigest}\"" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - - # Operator Image in Digest mode: sha256:xxx local test manifests - yq -i ".spec.install.spec.deployments[0].spec.template.spec.containers[0].image |= (\"${operatorImageDigest}\")" $catalog/manifests/$package.clusterserviceversion.yaml - yq -i ".spec.install.spec.deployments[1].spec.template.spec.containers[0].image |= (\"${operatorImageDigest}\")" $catalog/manifests/$package.clusterserviceversion.yaml - yq -i "(.spec.relatedImages[] | select( .name == \"minio-operator\")).image |= \"${operatorImageDigest}\"" $catalog/manifests/$package.clusterserviceversion.yaml - yq -i "(.spec.relatedImages[] | select( .name == \"console\")).image |= \"${operatorImageDigest}\"" $catalog/manifests/$package.clusterserviceversion.yaml - - - # https://connect.redhat.com/support/technology-partner/#/case/03206318 - # If no securityContext is specified, the OLM will choose one that fits within - # the security context constraint either explicitly specified for the project under which the pod is run, - # or the default. If the SCC specifies a value that doesn't match the specified value in our files, - # the pods will not start properly and we can't be installed. - # Let the user select their own securityContext and don't hardcode values that can affect the ability - # to debug and deploy our Operator in OperatorHub. - echo "Removing securityContext from CSV" - yq -i eval 'del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext)' bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - yq -i eval 'del(.spec.install.spec.deployments[1].spec.template.spec.containers[0].securityContext)' bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - -done -echo " " From c90f0af254feccc9ad200ba5cdb36f1019060d45 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Fri, 19 Apr 2024 14:43:03 -0700 Subject: [PATCH 3/4] add "skips" where there is a new Index Signed-off-by: pjuarezd --- olm.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/olm.sh b/olm.sh index 3491bd23e49..71d9b2c2cdc 100755 --- a/olm.sh +++ b/olm.sh @@ -93,9 +93,23 @@ for catalog in "${redhatCatalogs[@]}"; do PREV_VERSION=$(curl -s "https://catalog.redhat.com/api/containers/v1/operators/bundles?channel_name=stable&package=${package}&organization=${catalog}&ocp_version=${maxOpenshiftVersion}&include=data.version,data.csv_name,data.ocp_version" | jq '.data | max_by(.version).csv_name' -r) echo "replaces: $PREV_VERSION" yq -i e ".spec.replaces |= \"${PREV_VERSION}\"" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml + # We need to remove "skips" and only use "replaces" + yq -i "del(.spec.skips) " bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml else - echo "no previous published in catalog ${maxOpenshiftVersion}, removing spec.replaces" + # This procedure is needed when a new Index is released + # Having a new Index (ie Openshift 4.15) means that Operator haven't been published in it yet, so the "replaces" annotation fails. + # To prevent it we reached out to RedHat support and told us to use "skips" instead, that way we can keep the update + # graph and publish Operator in the new Index for the first time. + # https://connect.redhat.com/support/technology-partner/#/case/03793912 + echo "no previous published in index ${maxOpenshiftVersion}, removing spec.replaces" yq -i "del(.spec.replaces) " bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml + echo "adding spec.skips for new index" + # Get the previous Openshift Index + previousOpenshiftVersion=$(curl -s "https://catalog.redhat.com/api/containers/v1/operators/indices?ocp_versions_range=${minOpenshiftVersion}-${maxOpenshiftVersion}&organization=${catalog}" | yq '.data.[].ocp_version' | sort -V | tail -n2 | head -n1) + # Get the latest published operator in the previous Openshift Index + PREV_VERSION=$(curl -s "https://catalog.redhat.com/api/containers/v1/operators/bundles?channel_name=stable&package=${package}&organization=${catalog}&ocp_version=${previousOpenshiftVersion}&include=data.version,data.csv_name,data.ocp_version" | jq '.data | max_by(.version).csv_name' -r) + echo "skips: $PREV_VERSION" + yq -i e ".spec.skips += [\"${PREV_VERSION}\"]" bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml fi # Now promote the latest release to the root of the repository From 0ab3b58f48bf8becd416cb02e43204474b096bd6 Mon Sep 17 00:00:00 2001 From: Pedro Juarez Date: Mon, 22 Apr 2024 10:27:55 -0700 Subject: [PATCH 4/4] Update olm.sh Co-authored-by: Ramon de Klein --- olm.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/olm.sh b/olm.sh index 71d9b2c2cdc..0bb06bb4107 100755 --- a/olm.sh +++ b/olm.sh @@ -76,8 +76,7 @@ for catalog in "${redhatCatalogs[@]}"; do # Let the user select their own securityContext and don't hardcode values that can affect the ability # to debug and deploy our Operator in OperatorHub. echo "Removing securityContext from CSV" - yq -i eval 'del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext)' bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml - yq -i eval 'del(.spec.install.spec.deployments[1].spec.template.spec.containers[0].securityContext)' bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml + yq -i eval 'del(.spec.install.spec.deployments[].spec.template.spec.containers[0].securityContext)' bundles/$catalog/$RELEASE/manifests/$package.clusterserviceversion.yaml # Will query if a previous version of the CSV was published to the catalog of the latest supported Openshift version. # It will help to prevent add the `spec.replaces` annotation when there is no preexisting CSV in the catalog to replace.