Skip to content

Commit 2de026e

Browse files
committed
Connect Boxcutter Applier with ClusterExtension
1 parent 2d7b918 commit 2de026e

File tree

7 files changed

+213
-25
lines changed

7 files changed

+213
-25
lines changed

Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,7 @@ manifests: $(CONTROLLER_GEN) #EXHELP Generate WebhookConfiguration, ClusterRole,
141141
mkdir $(CRD_WORKING_DIR)
142142
$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) crd paths="./api/v1/..." output:crd:artifacts:config=$(CRD_WORKING_DIR)
143143
mv $(CRD_WORKING_DIR)/olm.operatorframework.io_clusterextensions.yaml $(KUSTOMIZE_OPCON_CRDS_DIR)
144+
mv $(CRD_WORKING_DIR)/olm.operatorframework.io_clusterextensionrevisions.yaml $(KUSTOMIZE_OPCON_CRDS_DIR)
144145
mv $(CRD_WORKING_DIR)/olm.operatorframework.io_clustercatalogs.yaml $(KUSTOMIZE_CATD_CRDS_DIR)
145146
rmdir $(CRD_WORKING_DIR)
146147
# Generate the remaining operator-controller manifests

api/v1/clusterextensionrevision_types.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ type ClusterExtensionRevisionSpec struct {
2929
// Specifies the lifecycle state of the ClusterExtensionRevision.
3030
// +kubebuilder:default="Active"
3131
// +kubebuilder:validation:Enum=Active;Paused;Archived
32-
// +kubebuilder:validation:XValidation:rule="oldSelf == "Active" || oldSelf == "Paused" || oldSelf == 'Archived' && oldSelf == self", message="can not un-archive"
32+
// +kubebuilder:validation:XValidation:rule="oldSelf == 'Active' || oldSelf == 'Paused' || oldSelf == 'Archived' && oldSelf == self", message="can not un-archive"
3333
LifecycleState ClusterExtensionRevisionLifecycleState `json:"lifecycleState,omitempty"`
3434
// +kubebuilder:validation:Required
3535
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="revision is immutable"

cmd/operator-controller/main.go

Lines changed: 24 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ import (
3232
"github.com/spf13/cobra"
3333
corev1 "k8s.io/api/core/v1"
3434
rbacv1 "k8s.io/api/rbac/v1"
35-
apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
3635
"k8s.io/apimachinery/pkg/fields"
3736
"k8s.io/apimachinery/pkg/labels"
3837
k8slabels "k8s.io/apimachinery/pkg/labels"
@@ -62,16 +61,13 @@ import (
6261
"github.com/operator-framework/operator-controller/internal/operator-controller/action"
6362
"github.com/operator-framework/operator-controller/internal/operator-controller/applier"
6463
"github.com/operator-framework/operator-controller/internal/operator-controller/authentication"
65-
"github.com/operator-framework/operator-controller/internal/operator-controller/authorization"
6664
"github.com/operator-framework/operator-controller/internal/operator-controller/catalogmetadata/cache"
6765
catalogclient "github.com/operator-framework/operator-controller/internal/operator-controller/catalogmetadata/client"
6866
"github.com/operator-framework/operator-controller/internal/operator-controller/contentmanager"
6967
"github.com/operator-framework/operator-controller/internal/operator-controller/controllers"
7068
"github.com/operator-framework/operator-controller/internal/operator-controller/features"
7169
"github.com/operator-framework/operator-controller/internal/operator-controller/finalizers"
7270
"github.com/operator-framework/operator-controller/internal/operator-controller/resolve"
73-
"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/convert"
74-
"github.com/operator-framework/operator-controller/internal/operator-controller/rukpak/preflights/crdupgradesafety"
7571
"github.com/operator-framework/operator-controller/internal/operator-controller/scheme"
7672
fsutil "github.com/operator-framework/operator-controller/internal/shared/util/fs"
7773
httputil "github.com/operator-framework/operator-controller/internal/shared/util/http"
@@ -408,29 +404,34 @@ func run() error {
408404
},
409405
}
410406

411-
aeClient, err := apiextensionsv1client.NewForConfig(mgr.GetConfig())
412-
if err != nil {
413-
setupLog.Error(err, "unable to create apiextensions client")
414-
return err
415-
}
407+
// aeClient, err := apiextensionsv1client.NewForConfig(mgr.GetConfig())
408+
// if err != nil {
409+
// setupLog.Error(err, "unable to create apiextensions client")
410+
// return err
411+
// }
416412

417-
preflights := []applier.Preflight{
418-
crdupgradesafety.NewPreflight(aeClient.CustomResourceDefinitions()),
419-
}
413+
// preflights := []applier.Preflight{
414+
// crdupgradesafety.NewPreflight(aeClient.CustomResourceDefinitions()),
415+
// }
416+
417+
// // determine if PreAuthorizer should be enabled based on feature gate
418+
// var preAuth authorization.PreAuthorizer
419+
// if features.OperatorControllerFeatureGate.Enabled(features.PreflightPermissions) {
420+
// preAuth = authorization.NewRBACPreAuthorizer(mgr.GetClient())
421+
// }
420422

421-
// determine if PreAuthorizer should be enabled based on feature gate
422-
var preAuth authorization.PreAuthorizer
423-
if features.OperatorControllerFeatureGate.Enabled(features.PreflightPermissions) {
424-
preAuth = authorization.NewRBACPreAuthorizer(mgr.GetClient())
423+
boxcutterApplier := &applier.Boxcutter{
424+
Client: mgr.GetClient(),
425+
Scheme: mgr.GetScheme(),
425426
}
426427

427428
// now initialize the helmApplier, assigning the potentially nil preAuth
428-
helmApplier := &applier.Helm{
429-
ActionClientGetter: acg,
430-
Preflights: preflights,
431-
BundleToHelmChartFn: convert.RegistryV1ToHelmChart,
432-
PreAuthorizer: preAuth,
433-
}
429+
// helmApplier := &applier.Helm{
430+
// ActionClientGetter: acg,
431+
// Preflights: preflights,
432+
// BundleToHelmChartFn: convert.RegistryV1ToHelmChart,
433+
// PreAuthorizer: preAuth,
434+
// }
434435

435436
cm := contentmanager.NewManager(clientRestConfigMapper, mgr.GetConfig(), mgr.GetRESTMapper())
436437
err = clusterExtensionFinalizers.Register(controllers.ClusterExtensionCleanupContentManagerCacheFinalizer, finalizers.FinalizerFunc(func(ctx context.Context, obj client.Object) (crfinalizer.Result, error) {
@@ -473,7 +474,7 @@ func run() error {
473474
Resolver: resolver,
474475
ImageCache: imageCache,
475476
ImagePuller: imagePuller,
476-
Applier: helmApplier,
477+
Applier: boxcutterApplier,
477478
InstalledBundleGetter: &controllers.DefaultInstalledBundleGetter{ActionClientGetter: acg},
478479
Finalizers: clusterExtensionFinalizers,
479480
Manager: cm,
Lines changed: 178 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,178 @@
1+
---
2+
apiVersion: apiextensions.k8s.io/v1
3+
kind: CustomResourceDefinition
4+
metadata:
5+
annotations:
6+
controller-gen.kubebuilder.io/version: v0.17.3
7+
name: clusterextensionrevisions.olm.operatorframework.io
8+
spec:
9+
group: olm.operatorframework.io
10+
names:
11+
kind: ClusterExtensionRevision
12+
listKind: ClusterExtensionRevisionList
13+
plural: clusterextensionrevisions
14+
singular: clusterextensionrevision
15+
scope: Cluster
16+
versions:
17+
- name: v1
18+
schema:
19+
openAPIV3Schema:
20+
description: ClusterExtensionRevision is the Schema for the clusterextensionrevisions
21+
API
22+
properties:
23+
apiVersion:
24+
description: |-
25+
APIVersion defines the versioned schema of this representation of an object.
26+
Servers should convert recognized schemas to the latest internal value, and
27+
may reject unrecognized values.
28+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
29+
type: string
30+
kind:
31+
description: |-
32+
Kind is a string value representing the REST resource this object represents.
33+
Servers may infer this from the endpoint the client submits requests to.
34+
Cannot be updated.
35+
In CamelCase.
36+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
37+
type: string
38+
metadata:
39+
type: object
40+
spec:
41+
description: spec is an optional field that defines the desired state
42+
of the ClusterExtension.
43+
properties:
44+
lifecycleState:
45+
default: Active
46+
description: Specifies the lifecycle state of the ClusterExtensionRevision.
47+
enum:
48+
- Active
49+
- Paused
50+
- Archived
51+
type: string
52+
x-kubernetes-validations:
53+
- message: can not un-archive
54+
rule: oldSelf == 'Active' || oldSelf == 'Paused' || oldSelf == 'Archived'
55+
&& oldSelf == self
56+
phases:
57+
items:
58+
properties:
59+
name:
60+
type: string
61+
objects:
62+
items:
63+
properties:
64+
object:
65+
type: object
66+
x-kubernetes-embedded-resource: true
67+
x-kubernetes-preserve-unknown-fields: true
68+
required:
69+
- object
70+
type: object
71+
type: array
72+
required:
73+
- name
74+
- objects
75+
type: object
76+
type: array
77+
x-kubernetes-validations:
78+
- message: phases is immutable
79+
rule: self == oldSelf
80+
previous:
81+
items:
82+
properties:
83+
name:
84+
type: string
85+
uid:
86+
description: |-
87+
UID is a type that holds unique ID values, including UUIDs. Because we
88+
don't ONLY use UUIDs, this is an alias to string. Being a type captures
89+
intent and helps make sure that UIDs and names do not get conflated.
90+
type: string
91+
required:
92+
- name
93+
- uid
94+
type: object
95+
type: array
96+
x-kubernetes-validations:
97+
- message: previous is immutable
98+
rule: self == oldSelf
99+
revision:
100+
format: int64
101+
type: integer
102+
x-kubernetes-validations:
103+
- message: revision is immutable
104+
rule: self == oldSelf
105+
required:
106+
- phases
107+
- previous
108+
- revision
109+
type: object
110+
status:
111+
description: status is an optional field that defines the observed state
112+
of the ClusterExtension.
113+
properties:
114+
conditions:
115+
items:
116+
description: Condition contains details for one aspect of the current
117+
state of this API Resource.
118+
properties:
119+
lastTransitionTime:
120+
description: |-
121+
lastTransitionTime is the last time the condition transitioned from one status to another.
122+
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
123+
format: date-time
124+
type: string
125+
message:
126+
description: |-
127+
message is a human readable message indicating details about the transition.
128+
This may be an empty string.
129+
maxLength: 32768
130+
type: string
131+
observedGeneration:
132+
description: |-
133+
observedGeneration represents the .metadata.generation that the condition was set based upon.
134+
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
135+
with respect to the current state of the instance.
136+
format: int64
137+
minimum: 0
138+
type: integer
139+
reason:
140+
description: |-
141+
reason contains a programmatic identifier indicating the reason for the condition's last transition.
142+
Producers of specific condition types may define expected values and meanings for this field,
143+
and whether the values are considered a guaranteed API.
144+
The value should be a CamelCase string.
145+
This field may not be empty.
146+
maxLength: 1024
147+
minLength: 1
148+
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
149+
type: string
150+
status:
151+
description: status of the condition, one of True, False, Unknown.
152+
enum:
153+
- "True"
154+
- "False"
155+
- Unknown
156+
type: string
157+
type:
158+
description: type of condition in CamelCase or in foo.example.com/CamelCase.
159+
maxLength: 316
160+
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
161+
type: string
162+
required:
163+
- lastTransitionTime
164+
- message
165+
- reason
166+
- status
167+
- type
168+
type: object
169+
type: array
170+
x-kubernetes-list-map-keys:
171+
- type
172+
x-kubernetes-list-type: map
173+
type: object
174+
type: object
175+
served: true
176+
storage: true
177+
subresources:
178+
status: {}

config/base/operator-controller/crd/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
# It should be run by config/default
44
resources:
55
- bases/olm.operatorframework.io_clusterextensions.yaml
6+
- bases/olm.operatorframework.io_clusterextensionrevisions.yaml
67

78
# the following config is for teaching kustomize how to do kustomization for CRDs.
89
configurations:

config/base/operator-controller/rbac/role.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ rules:
2727
- apiGroups:
2828
- olm.operatorframework.io
2929
resources:
30+
- clusterextensionrevisions
3031
- clusterextensions
3132
verbs:
3233
- get
@@ -37,12 +38,14 @@ rules:
3738
- apiGroups:
3839
- olm.operatorframework.io
3940
resources:
41+
- clusterextensionrevisions/finalizers
4042
- clusterextensions/finalizers
4143
verbs:
4244
- update
4345
- apiGroups:
4446
- olm.operatorframework.io
4547
resources:
48+
- clusterextensionrevisions/status
4649
- clusterextensions/status
4750
verbs:
4851
- patch

internal/operator-controller/controllers/clusterextensionrevision_controller.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,10 @@ type accessManager interface {
5959
Source(handler.EventHandler, ...predicate.Predicate) source.Source
6060
}
6161

62+
//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensionrevisions,verbs=get;list;watch;update;patch
63+
//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensionrevisions/status,verbs=update;patch
64+
//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensionrevisions/finalizers,verbs=update
65+
6266
func (c *ClusterExtensionRevisionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, err error) {
6367
l := log.FromContext(ctx).WithName("cluster-extension-revision")
6468
ctx = log.IntoContext(ctx, l)
@@ -271,7 +275,7 @@ func (c *ClusterExtensionRevisionReconciler) reconcile(
271275
func (c *ClusterExtensionRevisionReconciler) SetupWithManager(mgr ctrl.Manager) error {
272276
return ctrl.NewControllerManagedBy(mgr).
273277
For(
274-
&corev1.ConfigMap{},
278+
&ocv1.ClusterExtensionRevision{},
275279
builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}),
276280
).
277281
WatchesRawSource(

0 commit comments

Comments
 (0)