Skip to content

Commit

Permalink
Support disconnected network environments
Browse files Browse the repository at this point in the history
This PR adds support for installing the operator in disconnected
network environments. To build with image-digests set
USE_IMAGE_DIGESTS=true before running make bundle.

For Prow jobs we are enabling this via .prow-ci.env

This drops the old logic from create_bundle.sh which has been
broken with operator-sdk's make bundle for some time.

(NOTE: this currently requires a secure registry)

Jira: OSP-26486
  • Loading branch information
dprince committed Sep 26, 2023
1 parent dece63b commit ecb3ed3
Show file tree
Hide file tree
Showing 6 changed files with 49 additions and 69 deletions.
58 changes: 1 addition & 57 deletions .github/create_bundle.sh
Original file line number Diff line number Diff line change
@@ -1,69 +1,13 @@
#!/bin/bash
set -e

CLUSTER_BUNDLE_FILE="bundle/manifests/octavia-operator.clusterserviceversion.yaml"

echo "Creating octavia operator bundle"
cd ..
echo "${GITHUB_SHA}"
echo "${BASE_IMAGE}"
skopeo --version

echo "Calculating image digest for docker://${REGISTRY}/${BASE_IMAGE}:${GITHUB_SHA}"
DIGEST=$(skopeo inspect docker://${REGISTRY}/${BASE_IMAGE}:${GITHUB_SHA} | jq '.Digest' -r)
# Output:
# Calculating image digest for docker://quay.io/openstack-k8s-operators/octavia-operator:d03f2c1c362c04fc5ef819f92a218f9ea59bbd0c
# Digest: sha256:1d5b578fd212f8dbd03c0235f1913ef738721766f8c94236af5efecc6d8d8cb1
echo "Digest: ${DIGEST}"

RELEASE_VERSION=$(grep "^VERSION" Makefile | awk -F'?= ' '{ print $2 }')
OPERATOR_IMG_WITH_DIGEST="${REGISTRY}/${BASE_IMAGE}@${DIGEST}"

echo "New Operator Image with Digest: $OPERATOR_IMG_WITH_DIGEST"
echo "Release Version: $RELEASE_VERSION"

echo "Creating bundle image..."
VERSION=$RELEASE_VERSION IMG=$OPERATOR_IMG_WITH_DIGEST make bundle

echo "Bundle file images:"
cat "${CLUSTER_BUNDLE_FILE}" | grep "image:"
# FIXME: display any ENV variables once we have offline support implemented
#grep -A1 IMAGE_URL_DEFAULT "${CLUSTER_BUNDLE_FILE}"

# We do not want to exit here. Some images are in different registries, so
# error will be reported to the console.
set +e
for csv_image in $(cat "${CLUSTER_BUNDLE_FILE}" | grep "image:" | sed -e "s|.*image:||" | sort -u); do
digest_image=""
echo "CSV line: ${csv_image}"

# case where @ is in the csv_image image
if [[ "$csv_image" =~ .*"@".* ]]; then
delimeter='@'
else
delimeter=':'
fi

base_image=$(echo $csv_image | cut -f 1 -d${delimeter})
tag_image=$(echo $csv_image | cut -f 2 -d${delimeter})

if [[ "$base_image:$tag_image" == "controller:latest" ]]; then
echo "$base_image:$tag_image becomes $OPERATOR_IMG_WITH_DIGEST"
sed -e "s|$base_image:$tag_image|$OPERATOR_IMG_WITH_DIGEST|g" -i "${CLUSTER_BUNDLE_FILE}"
else
digest_image=$(skopeo inspect docker://${base_image}${delimeter}${tag_image} | jq '.Digest' -r)
echo "Base image: $base_image"
if [ -n "$digest_image" ]; then
echo "$base_image${delimeter}$tag_image becomes $base_image@$digest_image"
sed -i "s|$base_image$delimeter$tag_image|$base_image@$digest_image|g" "${CLUSTER_BUNDLE_FILE}"
else
echo "$base_image${delimeter}$tag_image not changed"
fi
fi
done

echo "Resulting bundle file images:"
cat "${CLUSTER_BUNDLE_FILE}" | grep "image:"

# FIXME: display any ENV variables once we have offline support implemented
#grep -A1 IMAGE_URL_DEFAULT "${CLUSTER_BUNDLE_FILE}"
USE_IMAGE_DIGESTS=true VERSION=$RELEASE_VERSION IMG=${REGISTRY}/${BASE_IMAGE}:${GITHUB_SHA} make bundle
1 change: 1 addition & 0 deletions .prow_ci.env
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export USE_IMAGE_DIGESTS=true
8 changes: 4 additions & 4 deletions api/v1beta1/octavia_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -199,10 +199,10 @@ func (instance Octavia) IsReady() bool {
func SetupDefaults() {
// Acquire environmental defaults and initialize Octavia defaults with them
octaviaDefaults := OctaviaDefaults{
APIContainerImageURL: util.GetEnvVar("OCTAVIA_API_IMAGE_URL_DEFAULT", OctaviaAPIContainerImage),
HousekeepingContainerImageURL: util.GetEnvVar("OCTAVIA_HOUSEKEEPING_IMAGE_URL_DEFAULT", OctaviaHousekeepingContainerImage),
HealthManagerContainerImageURL: util.GetEnvVar("OCTAVIA_HEALTHMANAGER_IMAGE_URL_DEFAULT", OctaviaHealthManagerContainerImage),
WorkerContainerImageURL: util.GetEnvVar("OCTAVIA_WORKER_IMAGE_URL_DEFAULT", OctaviaWorkerContainerImage),
APIContainerImageURL: util.GetEnvVar("RELATED_IMAGE_OCTAVIA_API_IMAGE_URL_DEFAULT", OctaviaAPIContainerImage),
HousekeepingContainerImageURL: util.GetEnvVar("RELATED_IMAGE_OCTAVIA_HOUSEKEEPING_IMAGE_URL_DEFAULT", OctaviaHousekeepingContainerImage),
HealthManagerContainerImageURL: util.GetEnvVar("RELATED_IMAGE_OCTAVIA_HEALTHMANAGER_IMAGE_URL_DEFAULT", OctaviaHealthManagerContainerImage),
WorkerContainerImageURL: util.GetEnvVar("RELATED_IMAGE_OCTAVIA_WORKER_IMAGE_URL_DEFAULT", OctaviaWorkerContainerImage),
}

SetupOctaviaDefaults(octaviaDefaults)
Expand Down
8 changes: 7 additions & 1 deletion config/default/manager_default_images.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,11 @@ spec:
containers:
- name: manager
env:
- name: OCTAVIA_API_IMAGE_URL_DEFAULT
- name: RELATED_IMAGE_OCTAVIA_API_IMAGE_URL_DEFAULT
value: quay.io/podified-antelope-centos9/openstack-octavia-api:current-podified
- name: RELATED_IMAGE_OCTAVIA_HOUSEKEEPING_IMAGE_URL_DEFAULT
value: quay.io/podified-antelope-centos9/openstack-octavia-housekeeping:current-podified
- name: RELATED_IMAGE_OCTAVIA_HEALTHMANAGER_IMAGE_URL_DEFAULT
value: quay.io/podified-antelope-centos9/openstack-octavia-health-manager:current-podified
- name: RELATED_IMAGE_OCTAVIA_WORKER_IMAGE_URL_DEFAULT
value: quay.io/podified-antelope-centos9/openstack-octavia-worker:current-podified
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ metadata:
alm-examples: '[]'
capabilities: Basic Install
operatorframework.io/suggested-namespace: openstack
operators.openshift.io/infrastructure-features: '["disconnected"]'
operators.operatorframework.io/operator-type: non-standalone
name: octavia-operator.v0.0.0
namespace: placeholder
Expand Down
42 changes: 35 additions & 7 deletions tests/kuttl/common/assert_sample_deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ spec:
secret: osp-secret
serviceUser: octavia
octaviaAPI:
containerImage: quay.io/podified-antelope-centos9/openstack-octavia-api:current-podified
customServiceConfig: |
[DEFAULT]
debug = true
Expand All @@ -46,7 +45,6 @@ spec:
secret: osp-secret
serviceUser: octavia
octaviaHousekeeping:
containerImage: quay.io/podified-antelope-centos9/openstack-octavia-housekeeping:current-podified
customServiceConfig: |
[DEFAULT]
debug = true
Expand All @@ -59,7 +57,6 @@ spec:
secret: osp-secret
serviceUser: octavia
octaviaHealthManager:
containerImage: quay.io/podified-antelope-centos9/openstack-octavia-health-manager:current-podified
customServiceConfig: |
[DEFAULT]
debug = true
Expand All @@ -72,7 +69,6 @@ spec:
secret: osp-secret
serviceUser: octavia
octaviaWorker:
containerImage: quay.io/podified-antelope-centos9/openstack-octavia-worker:current-podified
customServiceConfig: |
[DEFAULT]
debug = true
Expand Down Expand Up @@ -117,7 +113,6 @@ spec:
- /usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start
command:
- /bin/bash
image: quay.io/podified-antelope-centos9/openstack-octavia-api:current-podified
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand All @@ -143,7 +138,6 @@ spec:
- env:
- name: CONFIG_HASH
- name: KOLLA_CONFIG_STRATEGY
image: quay.io/podified-antelope-centos9/openstack-octavia-api:current-podified
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -189,7 +183,6 @@ spec:
value: octavia
- name: DatabaseUser
value: octavia
image: quay.io/podified-antelope-centos9/openstack-octavia-api:current-podified
imagePullPolicy: IfNotPresent
name: init
resources: {}
Expand Down Expand Up @@ -236,3 +229,38 @@ spec:
selector:
service: octavia
type: ClusterIP
---
# when using image digests the containerImage URLs are SHA's so we verify them with a script
apiVersion: kuttl.dev/v1beta1
kind: TestAssert
commands:
- script: |
tupleTemplate='{{ range (index .spec.template.spec.containers 1).env }}{{ .name }}{{ "#" }}{{ .value}}{{"\n"}}{{ end }}'
imageTuples=$(oc get -n openstack-operators deployment octavia-operator-controller-manager -o go-template="$tupleTemplate")
for ITEM in $(echo $imageTuples); do
# it is an image
if echo $ITEM | grep 'RELATED_IMAGE' &> /dev/null; then
NAME=$(echo $ITEM | sed -e 's|^RELATED_IMAGE_OCTAVIA_\([^_]*\)_.*|\1|')
IMG_FROM_ENV=$(echo $ITEM | sed -e 's|^.*#\(.*\)|\1|')
case $NAME in
API)
template='{{.spec.octaviaAPI.containerImage}}'
;;
HOUSEKEEPING)
template='{{.spec.octaviaHousekeeping.containerImage}}'
;;
HEALTHMANAGER)
template='{{.spec.octaviaHealthManager.containerImage}}'
;;
WORKER)
template='{{.spec.octaviaWorker.containerImage}}'
;;
esac
SERVICE_IMAGE=$(oc get -n $NAMESPACE octavia octavia -o go-template="$template")
if [ "$SERVICE_IMAGE" != "$IMG_FROM_ENV" ]; then
echo "$NAME image does not equal $IMG_FROM_ENV"
exit 1
fi
fi
done
exit 0

0 comments on commit ecb3ed3

Please sign in to comment.