From 73519993f9d41734ebdd4f63133aa388c33827e7 Mon Sep 17 00:00:00 2001 From: Rewant Soni Date: Thu, 6 Feb 2025 18:03:23 +0530 Subject: [PATCH 1/2] controllers: remove the deployment-guard the ocs-operator will always come up with the ocs-client op, the deployment guard was added to stop the client-op from coming up, hence removing it Signed-off-by: Rewant Soni --- Dockerfile | 1 - Makefile | 10 +- config/console/console_init.yaml | 10 -- config/console/kustomization.yaml | 3 - config/manager/kustomization.yaml | 3 - config/manager/manager.yaml | 10 -- hack/go-build.sh | 1 - .../operatorconfigmap_controller.go | 1 - service/deployment-guard/main.go | 106 ------------------ 9 files changed, 3 insertions(+), 142 deletions(-) delete mode 100644 service/deployment-guard/main.go diff --git a/Dockerfile b/Dockerfile index 86936536..b0137ccf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,6 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal WORKDIR / COPY --from=builder /workspace/bin/manager . COPY --from=builder /workspace/bin/status-reporter . -COPY --from=builder /workspace/bin/deployment-guard . COPY --from=builder /workspace/hack/entrypoint.sh entrypoint USER 65532:65532 diff --git a/Makefile b/Makefile index 4eefecb5..73f6e5f1 100644 --- a/Makefile +++ b/Makefile @@ -93,11 +93,9 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified $(KUSTOMIZE) build config/crd | kubectl delete -f - deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} && \ - $(KUSTOMIZE) edit set image deployment-guard=$(IMG) + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} cd config/default && $(KUSTOMIZE) edit set image kube-rbac-proxy=$(RBAC_PROXY_IMG) - cd config/console && $(KUSTOMIZE) edit set image ocs-client-operator-console=$(OCS_CLIENT_CONSOLE_IMG) && \ - $(KUSTOMIZE) edit set image deployment-guard=$(IMG) + cd config/console && $(KUSTOMIZE) edit set image ocs-client-operator-console=$(OCS_CLIENT_CONSOLE_IMG) $(KUSTOMIZE) build config/default | sed "s|STATUS_REPORTER_IMAGE_VALUE|$(IMG)|g" | awk '{print}' | kubectl apply -f - remove: ## Remove controller from the K8s cluster specified in ~/.kube/config. @@ -114,10 +112,8 @@ remove-with-olm: ## Remove controller from the K8s cluster bundle: manifests kustomize operator-sdk yq ## Generate bundle manifests and metadata, then validate generated files. rm -rf ./bundle $(OPERATOR_SDK) generate kustomize manifests -q - cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) && \ - $(KUSTOMIZE) edit set image deployment-guard=$(IMG) + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) cd config/console && $(KUSTOMIZE) edit set image ocs-client-operator-console=$(OCS_CLIENT_CONSOLE_IMG) && \ - $(KUSTOMIZE) edit set image deployment-guard=$(IMG) && \ $(KUSTOMIZE) edit set nameprefix $(OPERATOR_NAMEPREFIX) cd config/default && \ $(KUSTOMIZE) edit set image kube-rbac-proxy=$(RBAC_PROXY_IMG) && \ diff --git a/config/console/console_init.yaml b/config/console/console_init.yaml index cc21271d..9fe9896a 100644 --- a/config/console/console_init.yaml +++ b/config/console/console_init.yaml @@ -11,16 +11,6 @@ spec: labels: app.kubernetes.io/name: ocs-client-operator-console spec: - initContainers: - - name: deployment-guard - image: deployment-guard:latest - command: - - /deployment-guard - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - name: ocs-client-operator-console image: ocs-client-operator-console:latest diff --git a/config/console/kustomization.yaml b/config/console/kustomization.yaml index 3c57a2fe..a70695ea 100644 --- a/config/console/kustomization.yaml +++ b/config/console/kustomization.yaml @@ -9,9 +9,6 @@ resources: apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: -- name: deployment-guard - newName: quay.io/ocs-dev/ocs-client-operator - newTag: latest - name: ocs-client-operator-console newName: quay.io/ocs-dev/ocs-client-console newTag: latest diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index c351400d..b60b88d4 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -19,6 +19,3 @@ images: - name: controller newName: quay.io/ocs-dev/ocs-client-operator newTag: latest -- name: deployment-guard - newName: quay.io/ocs-dev/ocs-client-operator - newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 2d89e730..5da6c5f7 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -29,16 +29,6 @@ spec: spec: securityContext: runAsNonRoot: true - initContainers: - - name: deployment-guard - image: deployment-guard:latest - command: - - /deployment-guard - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace containers: - command: - /entrypoint diff --git a/hack/go-build.sh b/hack/go-build.sh index cdb2e95b..f9488ab6 100755 --- a/hack/go-build.sh +++ b/hack/go-build.sh @@ -9,4 +9,3 @@ set -x go build -a -o ${GOBIN:-bin}/manager cmd/main.go go build -a -o ${GOBIN:-bin}/status-reporter ./service/status-report/main.go -go build -a -o ${GOBIN:-bin}/deployment-guard ./service/deployment-guard/main.go diff --git a/internal/controller/operatorconfigmap_controller.go b/internal/controller/operatorconfigmap_controller.go index a10110f3..4759ec33 100644 --- a/internal/controller/operatorconfigmap_controller.go +++ b/internal/controller/operatorconfigmap_controller.go @@ -191,7 +191,6 @@ func (c *OperatorConfigMapReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups=console.openshift.io,resources=consoleplugins,verbs=* //+kubebuilder:rbac:groups=operators.coreos.com,resources=subscriptions,verbs=get;list;watch;update //+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;update;create;watch;delete -//+kubebuilder:rbac:groups=ocs.openshift.io,resources=storageclusters,verbs=get;list //+kubebuilder:rbac:groups=csi.ceph.io,resources=operatorconfigs,verbs=get;list;update;create;watch;delete //+kubebuilder:rbac:groups=csi.ceph.io,resources=drivers,verbs=get;list;update;create;watch;delete diff --git a/service/deployment-guard/main.go b/service/deployment-guard/main.go deleted file mode 100644 index 229ea22d..00000000 --- a/service/deployment-guard/main.go +++ /dev/null @@ -1,106 +0,0 @@ -package main - -import ( - "context" - "os" - "time" - - "github.com/red-hat-storage/ocs-client-operator/pkg/utils" - - extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/klog/v2" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/client/config" -) - -func main() { - // validations - operatorNamespace := os.Getenv(utils.OperatorNamespaceEnvVar) - if operatorNamespace == "" { - klog.Exitf("%s env var is empty", utils.OperatorNamespaceEnvVar) - } - - // creation of kube client - scheme := runtime.NewScheme() - cfg, err := config.GetConfig() - if err != nil { - klog.Exitf("Failed to get config: %v", err) - } - cl, err := client.New(cfg, client.Options{Scheme: scheme}) - if err != nil { - klog.Exitf("Failed to create controller runtime client: %v", err) - } - ctx := context.Background() - - // NOTE: when we are running alongside odf-operator the CRDs corresponding - // to an operator is installed first however it isn't guaranteed that CRDs - // of all dependent operators are installed first before deploying any CSV. - // - // Due to above, StorageCluster CRD is sometimes created after we check for - // it's existence and 1 min is the delay observed when client-op is listed - // first and ocs-op listed last in the install plan for deploying CSVs. - // - // Please note this should be temporary upto when we develop new operator - // which directly installs other operators based on runtime requirements - // outside of OLM. - klog.Info("Waiting for 90 sec before checking to allow operator to run") - time.Sleep(90 * time.Second) - - // delay exponentially from half a sec and cap at 2 minutes - delayFunc := wait.Backoff{ - Duration: 500 * time.Millisecond, - Factor: 2, - Jitter: 0.1, - Steps: 10, - Cap: 2 * time.Minute, - }.DelayFunc() - - for !allowOperatorToRun(ctx, cl, operatorNamespace) { - time.Sleep(delayFunc()) - } - -} - -func allowOperatorToRun(ctx context.Context, cl client.Client, namespace string) bool { - // verify presence of StorageCluster CRD - storageClusterCRD := &metav1.PartialObjectMetadata{} - storageClusterCRD.SetGroupVersionKind( - extv1.SchemeGroupVersion.WithKind("CustomResourceDefinition"), - ) - storageClusterCRD.Name = "storageclusters.ocs.openshift.io" - if err := cl.Get(ctx, client.ObjectKeyFromObject(storageClusterCRD), storageClusterCRD); client.IgnoreNotFound(err) != nil { - klog.Warning("Failed to find presence of StorageCluster CRD") - return false - } - - if storageClusterCRD.UID != "" { - // StorageCluster CRD exists, wait till StorageCluster CR is configured in Provider mode - storageClusters := &metav1.PartialObjectMetadataList{} - storageClusters.SetGroupVersionKind( - schema.GroupVersionKind{ - Group: "ocs.openshift.io", - Version: "v1", - Kind: "StorageCluster", - }, - ) - if err := cl.List(ctx, storageClusters, client.InNamespace(namespace), client.Limit(1)); err != nil { - klog.Warning("Failed to list StorageCluster CR") - return false - } - if len(storageClusters.Items) < 1 { - klog.Info("StorageCluster CR does not exist") - return false - } - klog.Info("Checking if StorageCluster indicates ODF is deployed in provider mode") - if storageClusters.Items[0].GetAnnotations()["ocs.openshift.io/deployment-mode"] != "provider" { - return false - } - } - - klog.Info("Condition met to allow operator to run") - return true -} From d5166592198b2267326e9d04159e7452befc856d Mon Sep 17 00:00:00 2001 From: Rewant Soni Date: Thu, 6 Feb 2025 18:20:38 +0530 Subject: [PATCH 2/2] bundle: remove the deployment-guard from the bundle Signed-off-by: Rewant Soni --- ...client-operator.clusterserviceversion.yaml | 31 +------------------ config/rbac/role.yaml | 7 ----- 2 files changed, 1 insertion(+), 37 deletions(-) diff --git a/bundle/manifests/ocs-client-operator.clusterserviceversion.yaml b/bundle/manifests/ocs-client-operator.clusterserviceversion.yaml index 826184af..f9a433ce 100644 --- a/bundle/manifests/ocs-client-operator.clusterserviceversion.yaml +++ b/bundle/manifests/ocs-client-operator.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: categories: Storage console.openshift.io/plugins: '["odf-client-console"]' containerImage: quay.io/ocs-dev/ocs-client-operator:latest - createdAt: "2024-11-27T03:54:42Z" + createdAt: "2025-02-06T12:49:53Z" description: OpenShift Data Foundation client operator enables consumption of storage services from a remote centralized OpenShift Data Foundation provider cluster. @@ -308,13 +308,6 @@ spec: - get - patch - update - - apiGroups: - - ocs.openshift.io - resources: - - storageclusters - verbs: - - get - - list - apiGroups: - operators.coreos.com resources: @@ -545,17 +538,6 @@ spec: volumeMounts: - mountPath: /etc/tls/private name: webhook-cert-secret - initContainers: - - command: - - /deployment-guard - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/ocs-dev/ocs-client-operator:latest - name: deployment-guard - resources: {} securityContext: runAsNonRoot: true serviceAccountName: ocs-client-operator-controller-manager @@ -618,17 +600,6 @@ spec: name: ocs-client-operator-console-nginx-log - mountPath: /var/lib/nginx/tmp name: ocs-client-operator-console-nginx-tmp - initContainers: - - command: - - /deployment-guard - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/ocs-dev/ocs-client-operator:latest - name: deployment-guard - resources: {} securityContext: runAsNonRoot: true serviceAccountName: ocs-client-operator-controller-manager diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 8de797a4..d54635e7 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -265,13 +265,6 @@ rules: - get - patch - update -- apiGroups: - - ocs.openshift.io - resources: - - storageclusters - verbs: - - get - - list - apiGroups: - operators.coreos.com resources: