Dynamically discover release image metadata

- Dynamically discover release image metadata by extracting the serialized imagestream from the image - Use object references for secrets in the OpenShiftCluster API - Remove base domain from the API and instead compute it from the management cluster DNS config - Add an experimental default cluster generator using the Kustomize workflow - Clean up some of the build machinery
openshift · Dec 7, 2020 · 99d72d8 · 99d72d8
1 parent 053d91b
commit 99d72d8
Show file tree

Hide file tree

Showing 25 changed files with 391 additions and 197 deletions.
diff --git a/.gitignore b/.gitignore
@@ -27,4 +27,5 @@ bin
 
 .kube
 
-config/hypershift-operator/release-info.json
+config/example-cluster/ssh-key
+config/example-cluster/pull-secret
diff --git a/Makefile b/Makefile
@@ -1,9 +1,12 @@
+DIR := ${CURDIR}
+
 # Image URL to use all building/pushing image targets
 IMG ?= hypershift:latest
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true"
 
-CONTROLLER_GEN=GO111MODULE=on GOFLAGS=-mod=vendor go run sigs.k8s.io/controller-tools/cmd/controller-gen
+CONTROLLER_GEN=GO111MODULE=on GOFLAGS=-mod=vendor go run ./vendor/sigs.k8s.io/controller-tools/cmd/controller-gen
+BINDATA=GO111MODULE=on GOFLAGS=-mod=vendor go run ./vendor/github.com/kevinburke/go-bindata/go-bindata
 
 GO_GCFLAGS ?= -gcflags=all='-N -l'
 GO=GO111MODULE=on GOFLAGS=-mod=vendor go
@@ -27,7 +30,22 @@ verify: build fmt vet
 
 # Generate code
 generate:
-	hack/update-generated-bindata.sh
+	$(BINDATA) -mode 420 -modtime 1 -pkg hypershift \
+		-o ./hypershift-operator/assets/controlplane/hypershift/bindata.go \
+		--prefix hypershift-operator/assets/controlplane/hypershift \
+		--ignore bindata.go \
+		./hypershift-operator/assets/controlplane/hypershift/...
+
+	gofmt -s -w ./hypershift-operator/assets/controlplane/hypershift/bindata.go
+
+	$(BINDATA) -mode 420 -modtime 1 -pkg roks \
+		-o ./hypershift-operator/assets/controlplane/roks/bindata.go \
+		--prefix hypershift-operator/assets/controlplane/roks \
+		--ignore bindata.go \
+		./hypershift-operator/assets/controlplane/roks/...
+
+	gofmt -s -w ./hypershift-operator/assets/controlplane/roks/bindata.go
+
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 # Build hypershift-operator binary
@@ -44,10 +62,10 @@ test: build
 
 # Generate Kube manifests (e.g. CRDs)
 manifests:
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) webhook paths="./..." output:crd:artifacts:config=config/hypershift-operator
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) paths="./..." output:crd:artifacts:config=config/hypershift-operator
 
 # Installs hypershift into a cluster
-install: manifests release-info-data
+install: manifests
 	kustomize build config/install/$(PROFILE) | oc apply -f -
 
 # Uninstalls hypershit from a cluster
@@ -56,7 +74,7 @@ uninstall: manifests
 
 # Builds the config with Kustomize for manual usage
 .PHONY: config
-config: release-info-data
+config:
 	kustomize build config/install/$(PROFILE)
 
 # Run go fmt against code
@@ -75,8 +93,13 @@ docker-build:
 docker-push:
 	docker push ${IMG}
 
-release-info-data:
-	oc adm release info --output json > config/hypershift-operator/release-info.json
-
 run-local:
-	bin/hypershift-operator run --release-info config/hypershift-operator/release-info.json
+	bin/hypershift-operator run
+
+BUILD_EXAMPLE_CLUSTER=KUSTOMIZE_PLUGIN_HOME=$(DIR)/config/example-cluster/plugin kustomize build --enable_alpha_plugins ./config/example-cluster
+
+example-cluster:
+	$(BUILD_EXAMPLE_CLUSTER)
+
+install-example-cluster:
+	$(BUILD_EXAMPLE_CLUSTER) | oc apply --namespace hypershift -f -
diff --git a/README.md b/README.md
@@ -24,41 +24,39 @@ $ make uninstall
 
 ### Create a cluster
 
-Create a new guest cluster by creating an `OpenShiftCluster` resource. For now,
-the cluster will be based on the version of the management cluster itself.
+First, create the following files containing secrets used by the example cluster:
 
-Here's an example:
+- `config/example-cluster/pull-secret` a valid pull secret for image pulls.
+- `config/example-cluster/ssh-key` an SSH public key for guest node access
 
-```yaml
-apiVersion: hypershift.openshift.io/v1alpha1
-kind: OpenShiftCluster
-metadata:
-  name: guest-hello
-spec:
-  baseDomain: guest-hello.devcluster.openshift.com
-  pullSecret: '{"auths": { ... }}'
-  serviceCIDR: 172.31.0.0/16
-  podCIDR: 10.132.0.0/14
-  sshKey: 'ssh-rsa ...'
-  initialComputeReplicas: 1
+Install the example cluster:
+
+```bash
+$ make install-example-cluster
+```
+
+If you want to see but not apply the example cluster resource (i.e. dry run), try:
+
+```bash
+$ make example-cluster
 ```
 
-Get the guest cluster's kubeconfig using:
+When the cluster is available, get the guest kubeconfig using:
 
 ```bash
-$ oc get secret --namespace guest-hello admin-kubeconfig --template={{.data.kubeconfig}} | base64 -D
+$ oc get secret --namespace example admin-kubeconfig --template={{.data.kubeconfig}} | base64 -D
 ```
 
-You can create additional nodePools:
+To create additional node pools, create a resource like:
 
 ```yaml
 apiVersion: hypershift.openshift.io/v1alpha1
 kind: NodePool
 metadata:
-  name: guest-hello-custom-nodepool
   namespace: hypershift
+  name: example-extended
 spec:
-  clusterName: guest-hello
+  clusterName: example
   autoScaling:
     max: 0
     min: 0
@@ -71,5 +69,5 @@ spec:
 And delete the cluster using:
 
 ```bash
-$ oc delete --namespace hypershift openshiftclusters/guest-hello
+$ oc delete --namespace hypershift openshiftclusters/example
 ```
diff --git a/api/v1alpha1/hosted_controlplane.go b/api/v1alpha1/hosted_controlplane.go
@@ -1,6 +1,7 @@
 package v1alpha1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -24,12 +25,11 @@ type HostedControlPlane struct {
 
 // HostedControlPlaneSpec defines the desired state of HostedControlPlane
 type HostedControlPlaneSpec struct {
-	BaseDomain   string `json:"baseDomain"`
-	PullSecret   string `json:"pullSecret"`
-	ServiceCIDR  string `json:"serviceCIDR"`
-	PodCIDR      string `json:"podCIDR"`
-	SSHKey       string `json:"sshKey"`
-	ReleaseImage string `json:"releaseImage"`
+	ReleaseImage string                      `json:"releaseImage"`
+	PullSecret   corev1.LocalObjectReference `json:"pullSecret"`
+	ServiceCIDR  string                      `json:"serviceCIDR"`
+	PodCIDR      string                      `json:"podCIDR"`
+	SSHKey       corev1.LocalObjectReference `json:"sshKey"`
 }
 
 // HostedControlPlaneStatus defines the observed state of HostedControlPlane

diff --git a/api/v1alpha1/openshiftcluster_types.go b/api/v1alpha1/openshiftcluster_types.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -28,13 +29,26 @@ type OpenShiftClusterSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	BaseDomain             string `json:"baseDomain"`
-	PullSecret             string `json:"pullSecret"`
-	ServiceCIDR            string `json:"serviceCIDR"`
-	PodCIDR                string `json:"podCIDR"`
-	SSHKey                 string `json:"sshKey"`
-	InitialComputeReplicas int    `json:"initialComputeReplicas"`
-	ReleaseImage           string `json:"releaseImage"`
+	Release ReleaseSpec `json:"release"`
+
+	InitialComputeReplicas int `json:"initialComputeReplicas"`
+
+	// PullSecret is a pull secret injected into the container runtime of guest
+	// workers. It should have an ".dockerconfigjson" key containing the pull secret JSON.
+	PullSecret corev1.LocalObjectReference `json:"pullSecret"`
+
+	SSHKey corev1.LocalObjectReference `json:"sshKey"`
+
+	ServiceCIDR string `json:"serviceCIDR"`
+	PodCIDR     string `json:"podCIDR"`
+}
+
+type ReleaseSpec struct {
+	// +kubebuilder:validation:Optional
+	Channel string `json:"channel"`
+	// Image is the release image pullspec for the control plane
+	// +kubebuilder:validation:Required
+	Image string `json:"image"`
 }
 
 // OpenShiftClusterStatus defines the observed state of OpenShiftCluster

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/example-cluster/cluster.yaml b/config/example-cluster/cluster.yaml
@@ -0,0 +1,14 @@
+apiVersion: hypershift.openshift.io/v1alpha1
+kind: OpenShiftCluster
+metadata:
+  name: example
+spec:
+  release:
+    image: quay.io/openshift-release-dev/ocp-release:4.6.7-x86_64
+  initialComputeReplicas: 1
+  serviceCIDR: 172.30.0.0/16
+  podCIDR: 10.128.0.0/14
+  pullSecret:
+    name: pull-secret
+  sshKey:
+    name: ssh-key
diff --git a/config/example-cluster/imagedefaulter-plugin.yaml b/config/example-cluster/imagedefaulter-plugin.yaml
@@ -0,0 +1,4 @@
+apiVersion: hypershiftplugin
+kind: ImageDefaulter
+metadata:
+  name: imagedefaulter
diff --git a/config/example-cluster/kustomization.yaml b/config/example-cluster/kustomization.yaml
@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- cluster.yaml
+
+transformers:
+- imagedefaulter-plugin.yaml
+
+secretGenerator:
+- name: pull-secret
+  options:
+    disableNameSuffixHash: true
+  files:
+  - .dockerconfigjson=pull-secret
+  type: Opaque
+- name: ssh-key
+  options:
+    disableNameSuffixHash: true
+  files:
+  - id_rsa.pub=ssh-key
+  type: Opaque
diff --git a/config/example-cluster/plugin/hypershiftplugin/imagedefaulter/ImageDefaulter b/config/example-cluster/plugin/hypershiftplugin/imagedefaulter/ImageDefaulter
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -euo pipefail
+
+FROM="quay.io/openshift-release-dev/ocp-release:4.6.7-x86_64"
+TO="$(oc get clusterversion/version -o jsonpath='{.status.desired.image}')"
+cat | sed s#$FROM#$TO#g
diff --git a/config/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml b/config/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml
@@ -37,20 +37,27 @@ spec:
           spec:
             description: HostedControlPlaneSpec defines the desired state of HostedControlPlane
             properties:
-              baseDomain:
-                type: string
               podCIDR:
                 type: string
               pullSecret:
-                type: string
+                description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
               releaseImage:
                 type: string
               serviceCIDR:
                 type: string
               sshKey:
-                type: string
+                description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
             required:
-            - baseDomain
             - podCIDR
             - pullSecret
             - releaseImage

diff --git a/config/hypershift-operator/hypershift.openshift.io_openshiftclusters.yaml b/config/hypershift-operator/hypershift.openshift.io_openshiftclusters.yaml
@@ -35,26 +35,41 @@ spec:
           spec:
             description: OpenShiftClusterSpec defines the desired state of OpenShiftCluster
             properties:
-              baseDomain:
-                type: string
               initialComputeReplicas:
                 type: integer
               podCIDR:
                 type: string
               pullSecret:
-                type: string
-              releaseImage:
-                type: string
+                description: PullSecret is a pull secret injected into the container runtime of guest workers. It should have an ".dockerconfigjson" key containing the pull secret JSON.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+              release:
+                properties:
+                  channel:
+                    type: string
+                  image:
+                    description: Image is the release image pullspec for the control plane
+                    type: string
+                required:
+                - image
+                type: object
               serviceCIDR:
                 type: string
               sshKey:
-                type: string
+                description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
             required:
-            - baseDomain
             - initialComputeReplicas
             - podCIDR
             - pullSecret
-            - releaseImage
+            - release
             - serviceCIDR
             - sshKey
             type: object