From 9565df0df56c23ca698d08f00377df2c7bdd658d Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Fri, 10 Feb 2023 14:10:47 +0100 Subject: [PATCH 1/6] X-Smart-Branch-Parent: main From 61db7a6663d0b4bded1bb54d72061a94fa808142 Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Tue, 7 Feb 2023 16:59:18 +0100 Subject: [PATCH 2/6] add install_operator.sh --- deploy.sh | 0 .../marketplace/03-subscription.yaml | 4 +- dev/env/scripts/bootstrap.sh | 94 +------------------ dev/env/scripts/install_operator.sh | 89 ++++++++++++++++++ dev/env/scripts/lib.sh | 9 ++ 5 files changed, 102 insertions(+), 94 deletions(-) create mode 100644 deploy.sh create mode 100755 dev/env/scripts/install_operator.sh diff --git a/deploy.sh b/deploy.sh new file mode 100644 index 0000000000..e69de29bb2 diff --git a/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml b/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml index 399d0462b6..620bf2314f 100644 --- a/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml +++ b/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml @@ -6,9 +6,9 @@ metadata: spec: channel: latest name: rhacs-operator - installPlanApproval: Automatic + installPlanApproval: Manual source: redhat-operators sourceNamespace: openshift-marketplace - startingCSV: rhacs-operator.v3.73.1 + startingCSV: rhacs-operator.${STACKROX_OPERATOR_VERSION} config: resources: $RHACS_OPERATOR_RESOURCES diff --git a/dev/env/scripts/bootstrap.sh b/dev/env/scripts/bootstrap.sh index 21d641697e..260be7604f 100755 --- a/dev/env/scripts/bootstrap.sh +++ b/dev/env/scripts/bootstrap.sh @@ -37,15 +37,6 @@ wait_for_default_service_account "$ACSMS_NAMESPACE" apply "${MANIFESTS_DIR}/rhacs-operator/00-namespace.yaml" wait_for_default_service_account "$STACKROX_OPERATOR_NAMESPACE" -inject_ips() { - local namespace="$1" - local service_account="$2" - local secret_name="$3" - - log "Patching ServiceAccount ${namespace}/default to use Quay.io imagePullSecrets" - $KUBECTL -n "$namespace" patch sa "$service_account" -p "\"imagePullSecrets\": [{\"name\": \"${secret_name}\" }]" -} - # pragma: allowlist nextline secret if [[ "$INHERIT_IMAGEPULLSECRETS" == "true" ]]; then create-imagepullsecrets @@ -58,89 +49,8 @@ if [[ "$INSTALL_OPENSHIFT_ROUTER" == "true" ]]; then apply "${MANIFESTS_DIR}/openshift-router" fi -if [[ "$INSTALL_OPERATOR" == "true" ]]; then - if [[ "$INSTALL_OLM" == "true" ]]; then - if ! command -v operator-sdk >/dev/null 2>&1; then - die "Error: Unable to install OLM, operator-sdk executable is not found" - fi - # Setup OLM - if { operator-sdk olm status 2>&1 || true; } | grep -q "no existing installation found"; then - log "Installing OLM..." - operator-sdk olm install - else - log "OLM already installed..." - fi - fi - - if is_pod_ready "$STACKROX_OPERATOR_NAMESPACE" "app=rhacs-operator"; then - log "Skipping installation of operator since the operator seems to be running already" - else - log "Installing operator" - - apply "${MANIFESTS_DIR}"/rhacs-operator/*.yaml # This installs the operator-group. - - if [[ "$OPERATOR_SOURCE" == "quay" ]]; then - apply "${MANIFESTS_DIR}"/rhacs-operator/quay/01-catalogsource.yaml - fi - - # pragma: allowlist nextline secret - if [[ "$OPERATOR_SOURCE" == "quay" && "$INHERIT_IMAGEPULLSECRETS" == "true" ]]; then - inject_ips "$STACKROX_OPERATOR_NAMESPACE" "stackrox-operator-test-index" "quay-ips" - fi - - if [[ "$OPERATOR_SOURCE" == "quay" ]]; then - # Need to wait with the subscription creation until the catalog source has been updated, - # otherwise the subscription will be in a failed state and not progress. - # Looks like there is some race which causes the subscription to still fail right after - # operatorhubio catalog is ready, which is why an additional delay has been added. - echo "Waiting for CatalogSource to include rhacs-operator..." - while true; do - if $KUBECTL -n "$STACKROX_OPERATOR_NAMESPACE" get packagemanifests.packages.operators.coreos.com -o json | - jq -cer '.items[] | select(.metadata.labels.catalog == "stackrox-operator-test-index" and .metadata.name == "rhacs-operator") | isempty(.) | not' >/dev/null; then - break - fi - sleep 1 - done - - if [[ "$INSTALL_OLM" == "true" ]]; then - # It seems that before creating the subscription (part of the next apply call) all catalog sources need to be healthy. - # - # Installing OLM implies fetching the index from the "operatorhubio" catalog source, which might take some time. - # If we proceed with creating the subscription for the RHACS Operator immediately and the "operatorhubio" catalog source - # is not ready get, the subscription can end up in the following state: - # - # Conditions: - # Message: all available catalogsources are healthy - # Reason: AllCatalogSourcesHealthy - # Status: False - # Type: CatalogSourcesUnhealthy - # Message: error using catalog operatorhubio-catalog (in namespace olm): failed to list bundles: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 10.43.96.123:50051: i/o timeout" - # Status: True - # Type: ResolutionFailed - # - # Therefore we wait for the operatorhubio-catalog/registry-server container to become ready. - wait_for_container_to_become_ready "olm" "olm.catalogSource=operatorhubio-catalog" "registry-server" - fi - - # This creates the subscription. - apply "${MANIFESTS_DIR}"/rhacs-operator/quay/*.yaml - - # Apparently we potentially have to wait longer than the default of 60s sometimes... - wait_for_resource_to_appear "$STACKROX_OPERATOR_NAMESPACE" "serviceaccount" "rhacs-operator-controller-manager" 180 - inject_ips "$STACKROX_OPERATOR_NAMESPACE" "rhacs-operator-controller-manager" "quay-ips" - - # Wait for rhacs-operator pods to be created. Possibly the imagePullSecrets were not picked up yet, which is why we respawn them: - sleep 2 - $KUBECTL -n "$STACKROX_OPERATOR_NAMESPACE" delete pod -l app=rhacs-operator - elif [[ "$OPERATOR_SOURCE" == "marketplace" ]]; then - apply "${MANIFESTS_DIR}"/rhacs-operator/marketplace/*.yaml - fi - - wait_for_container_to_become_ready "$STACKROX_OPERATOR_NAMESPACE" "app=rhacs-operator" "manager" 900 - fi -else - # We will be running without RHACS operator, but at least install our CRDs. - apply "${MANIFESTS_DIR}/crds" +if [[ "$INSTALL_OPERATOR" == "true" ]]; thenelse + ./install_operator.sh fi if is_local_cluster "$CLUSTER_TYPE"; then diff --git a/dev/env/scripts/install_operator.sh b/dev/env/scripts/install_operator.sh new file mode 100755 index 0000000000..c6792779e1 --- /dev/null +++ b/dev/env/scripts/install_operator.sh @@ -0,0 +1,89 @@ +#!/usr/bin/env bash + +GITROOT="$(git rev-parse --show-toplevel)" +export GITROOT +# shellcheck source=/dev/null +source "${GITROOT}/dev/env/scripts/lib.sh" +# shellcheck source=/dev/null +source "${GITROOT}/dev/env/scripts/docker.sh" + +init + +if [[ "$INSTALL_OLM" == "true" ]]; then + if ! command -v operator-sdk >/dev/null 2>&1; then + die "Error: Unable to install OLM, operator-sdk executable is not found" + fi + # Setup OLM + if { operator-sdk olm status 2>&1 || true; } | grep -q "no existing installation found"; then + log "Installing OLM..." + operator-sdk olm install + else + log "OLM already installed..." + fi +fi + + log "Installing operator" + + apply "${MANIFESTS_DIR}"/rhacs-operator/*.yaml # This installs the operator-group. + + if [[ "$OPERATOR_SOURCE" == "quay" ]]; then + apply "${MANIFESTS_DIR}"/rhacs-operator/quay/01-catalogsource.yaml + fi + + # pragma: allowlist nextline secret + if [[ "$OPERATOR_SOURCE" == "quay" && "$INHERIT_IMAGEPULLSECRETS" == "true" ]]; then + inject_ips "$STACKROX_OPERATOR_NAMESPACE" "stackrox-operator-test-index" "quay-ips" + fi + +if [[ "$OPERATOR_SOURCE" == "quay" ]]; then + # Need to wait with the subscription creation until the catalog source has been updated, + # otherwise the subscription will be in a failed state and not progress. + # Looks like there is some race which causes the subscription to still fail right after + # operatorhubio catalog is ready, which is why an additional delay has been added. + echo "Waiting for CatalogSource to include rhacs-operator..." + while true; do + if $KUBECTL -n "$STACKROX_OPERATOR_NAMESPACE" get packagemanifests.packages.operators.coreos.com -o json | + jq -cer '.items[] | select(.metadata.labels.catalog == "stackrox-operator-test-index" and .metadata.name == "rhacs-operator") | isempty(.) | not' >/dev/null; then + break + fi + sleep 1 + done + + if [[ "$INSTALL_OLM" == "true" ]]; then + # It seems that before creating the subscription (part of the next apply call) all catalog sources need to be healthy. + # + # Installing OLM implies fetching the index from the "operatorhubio" catalog source, which might take some time. + # If we proceed with creating the subscription for the RHACS Operator immediately and the "operatorhubio" catalog source + # is not ready get, the subscription can end up in the following state: + # + # Conditions: + # Message: all available catalogsources are healthy + # Reason: AllCatalogSourcesHealthy + # Status: False + # Type: CatalogSourcesUnhealthy + # Message: error using catalog operatorhubio-catalog (in namespace olm): failed to list bundles: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 10.43.96.123:50051: i/o timeout" + # Status: True + # Type: ResolutionFailed + # + # Therefore we wait for the operatorhubio-catalog/registry-server container to become ready. + wait_for_container_to_become_ready "olm" "olm.catalogSource=operatorhubio-catalog" "registry-server" + fi + + # This creates the subscription. + apply "${MANIFESTS_DIR}"/rhacs-operator/quay/*.yaml + + # Apparently we potentially have to wait longer than the default of 60s sometimes... + wait_for_resource_to_appear "$STACKROX_OPERATOR_NAMESPACE" "serviceaccount" "rhacs-operator-controller-manager" 180 + inject_ips "$STACKROX_OPERATOR_NAMESPACE" "rhacs-operator-controller-manager" "quay-ips" + + # Wait for rhacs-operator pods to be created. Possibly the imagePullSecrets were not picked up yet, which is why we respawn them: + sleep 2 + $KUBECTL -n "$STACKROX_OPERATOR_NAMESPACE" delete pod -l app=rhacs-operator +elif [[ "$OPERATOR_SOURCE" == "marketplace" ]]; then + apply "${MANIFESTS_DIR}"/rhacs-operator/marketplace/*.yaml +fi + +wait_for_container_to_become_ready "$STACKROX_OPERATOR_NAMESPACE" "app=rhacs-operator" "manager" 900 + +# We will be running without RHACS operator, but at least install our CRDs. +apply "${MANIFESTS_DIR}/crds" diff --git a/dev/env/scripts/lib.sh b/dev/env/scripts/lib.sh index 9b39a90e17..084415c864 100644 --- a/dev/env/scripts/lib.sh +++ b/dev/env/scripts/lib.sh @@ -276,6 +276,15 @@ EOF echo "$config" } +inject_ips() { + local namespace="$1" + local service_account="$2" + local secret_name="$3" + + log "Patching ServiceAccount ${namespace}/default to use Quay.io imagePullSecrets" + $KUBECTL -n "$namespace" patch sa "$service_account" -p "\"imagePullSecrets\": [{\"name\": \"${secret_name}\" }]" +} + is_local_cluster() { local cluster_type=${1:-} if [[ "$cluster_type" == "minikube" || "$cluster_type" == "colima" || "$cluster_type" == "rancher-desktop" ]]; then From fe0aa73a32afe426618b9a4ddaceb7aa85e45226 Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Fri, 10 Feb 2023 14:12:23 +0100 Subject: [PATCH 3/6] revert --- .../manifests/rhacs-operator/marketplace/03-subscription.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml b/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml index 620bf2314f..399d0462b6 100644 --- a/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml +++ b/dev/env/manifests/rhacs-operator/marketplace/03-subscription.yaml @@ -6,9 +6,9 @@ metadata: spec: channel: latest name: rhacs-operator - installPlanApproval: Manual + installPlanApproval: Automatic source: redhat-operators sourceNamespace: openshift-marketplace - startingCSV: rhacs-operator.${STACKROX_OPERATOR_VERSION} + startingCSV: rhacs-operator.v3.73.1 config: resources: $RHACS_OPERATOR_RESOURCES From e23ee761a786f242d6566c2a88311438bf02212c Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Fri, 10 Feb 2023 14:18:24 +0100 Subject: [PATCH 4/6] fix(case) --- dev/env/scripts/bootstrap.sh | 5 ++++- dev/env/scripts/install_operator.sh | 3 --- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dev/env/scripts/bootstrap.sh b/dev/env/scripts/bootstrap.sh index 260be7604f..00458118d6 100755 --- a/dev/env/scripts/bootstrap.sh +++ b/dev/env/scripts/bootstrap.sh @@ -49,8 +49,11 @@ if [[ "$INSTALL_OPENSHIFT_ROUTER" == "true" ]]; then apply "${MANIFESTS_DIR}/openshift-router" fi -if [[ "$INSTALL_OPERATOR" == "true" ]]; thenelse +if [[ "$INSTALL_OPERATOR" == "true" ]]; then ./install_operator.sh +else + # We will be running without RHACS operator, but at least install our CRDs. + apply "${MANIFESTS_DIR}/crds" fi if is_local_cluster "$CLUSTER_TYPE"; then diff --git a/dev/env/scripts/install_operator.sh b/dev/env/scripts/install_operator.sh index c6792779e1..eccdcb1d1c 100755 --- a/dev/env/scripts/install_operator.sh +++ b/dev/env/scripts/install_operator.sh @@ -84,6 +84,3 @@ elif [[ "$OPERATOR_SOURCE" == "marketplace" ]]; then fi wait_for_container_to_become_ready "$STACKROX_OPERATOR_NAMESPACE" "app=rhacs-operator" "manager" 900 - -# We will be running without RHACS operator, but at least install our CRDs. -apply "${MANIFESTS_DIR}/crds" From 4536d24852f985f1a38df4eaff7fbff76f9c793e Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Fri, 10 Feb 2023 14:19:36 +0100 Subject: [PATCH 5/6] remove deploy.sh --- deploy.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 deploy.sh diff --git a/deploy.sh b/deploy.sh deleted file mode 100644 index e69de29bb2..0000000000 From acbec8d1623549a3f3760512f84580b12d808afe Mon Sep 17 00:00:00 2001 From: Simon Baeumer Date: Wed, 15 Feb 2023 11:16:22 +0100 Subject: [PATCH 6/6] Remove ./ from script --- dev/env/scripts/bootstrap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/env/scripts/bootstrap.sh b/dev/env/scripts/bootstrap.sh index 00458118d6..861f581769 100755 --- a/dev/env/scripts/bootstrap.sh +++ b/dev/env/scripts/bootstrap.sh @@ -50,7 +50,7 @@ if [[ "$INSTALL_OPENSHIFT_ROUTER" == "true" ]]; then fi if [[ "$INSTALL_OPERATOR" == "true" ]]; then - ./install_operator.sh + install_operator.sh else # We will be running without RHACS operator, but at least install our CRDs. apply "${MANIFESTS_DIR}/crds"