Progress

Signed-off-by: Per Goncalves da Silva <[email protected]>

Author: Per Goncalves da Silva

cmd/operator-controller/main.go

@@ -31,6 +31,7 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/spf13/cobra"
 	rbacv1 "k8s.io/api/rbac/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 	k8slabels "k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/selection"
@@ -438,9 +439,17 @@ func run() error {
 
 	if features.OperatorControllerFeatureGate.Enabled(features.BoxcutterRuntime) {
 		// TODO: add support for preflight checks
+		// TODO: better scheme handling - which types do we want to support?
+		_ = apiextensionsv1.AddToScheme(mgr.GetScheme())
 		extApplier = &applier.Boxcutter{
 			Client: mgr.GetClient(),
 			Scheme: mgr.GetScheme(),
+			RevisionGenerator: &applier.SimpleRevisionGenerator{
+				Scheme: mgr.GetScheme(),
+				BundleRenderer: &applier.RegistryV1BundleRenderer{
+					BundleRenderer: registryv1.Renderer,
+				},
+			},
 		}
 		ctrlBuilderOpts = append(ctrlBuilderOpts, controllers.WithOwns(&ocv1.ClusterExtensionRevision{}))
 	} else {
@@ -469,46 +478,6 @@ func run() error {
 		return err
 	}
 
-	// Boxcutter
-	discoveryClient, err := discovery.NewDiscoveryClientForConfig(restConfig)
-	if err != nil {
-		setupLog.Error(err, "unable to create discovery client")
-		return err
-	}
-	mapFunc := func(ctx context.Context, ce *ocv1.ClusterExtension, c *rest.Config, o crcache.Options) (*rest.Config, crcache.Options, error) {
-		saKey := client.ObjectKey{
-			Name:      ce.Spec.ServiceAccount.Name,
-			Namespace: ce.Spec.Namespace,
-		}
-		saConfig := rest.AnonymousClientConfig(c)
-		saConfig.Wrap(func(rt http.RoundTripper) http.RoundTripper {
-			return &authentication.TokenInjectingRoundTripper{
-				Tripper:     rt,
-				TokenGetter: tokenGetter,
-				Key:         saKey,
-			}
-		})
-
-		// Cache scoping
-		req1, err := k8slabels.NewRequirement(
-			controllers.ClusterExtensionRevisionOwnerLabel, selection.Equals, []string{ce.Name})
-		if err != nil {
-			return nil, o, err
-		}
-		o.DefaultLabelSelector = k8slabels.NewSelector().Add(*req1)
-
-		return saConfig, o, nil
-	}
-
-	accessManager := managedcache.NewObjectBoundAccessManager(
-		ctrl.Log.WithName("accessmanager"), mapFunc, restConfig, crcache.Options{
-			Scheme: mgr.GetScheme(), Mapper: mgr.GetRESTMapper(),
-		})
-	if err := mgr.Add(accessManager); err != nil {
-		setupLog.Error(err, "unable to register AccessManager")
-		return err
-	}
-
 	if err = (&controllers.ClusterExtensionReconciler{
 		Client:                cl,
 		Resolver:              resolver,
@@ -524,12 +493,54 @@ func run() error {
 	}
 
 	if features.OperatorControllerFeatureGate.Enabled(features.BoxcutterRuntime) {
+		// Boxcutter
+		discoveryClient, err := discovery.NewDiscoveryClientForConfig(restConfig)
+		if err != nil {
+			setupLog.Error(err, "unable to create discovery client")
+			return err
+		}
+		mapFunc := func(ctx context.Context, ce *ocv1.ClusterExtension, c *rest.Config, o crcache.Options) (*rest.Config, crcache.Options, error) {
+			saKey := client.ObjectKey{
+				Name:      ce.Spec.ServiceAccount.Name,
+				Namespace: ce.Spec.Namespace,
+			}
+			saConfig := rest.AnonymousClientConfig(c)
+			saConfig.Wrap(func(rt http.RoundTripper) http.RoundTripper {
+				return &authentication.TokenInjectingRoundTripper{
+					Tripper:     rt,
+					TokenGetter: tokenGetter,
+					Key:         saKey,
+				}
+			})
+
+			// Cache scoping
+			req1, err := k8slabels.NewRequirement(
+				controllers.ClusterExtensionRevisionOwnerLabel, selection.Equals, []string{ce.Name})
+			if err != nil {
+				return nil, o, err
+			}
+			o.DefaultLabelSelector = k8slabels.NewSelector().Add(*req1)
+
+			return saConfig, o, nil
+		}
+
+		accessManager := managedcache.NewObjectBoundAccessManager(
+			ctrl.Log.WithName("accessmanager"), mapFunc, restConfig, crcache.Options{
+				Scheme: mgr.GetScheme(), Mapper: mgr.GetRESTMapper(),
+			})
+		if err := mgr.Add(accessManager); err != nil {
+			setupLog.Error(err, "unable to register AccessManager")
+			return err
+		}
+
 		if err = (&controllers.ClusterExtensionRevisionReconciler{
-			Client:          cl,
-			AccessManager:   accessManager,
-			Scheme:          mgr.GetScheme(),
-			RestMapper:      mgr.GetRESTMapper(),
-			DiscoveryClient: discoveryClient,
+			Client:        cl,
+			AccessManager: accessManager,
+			RevisionEngineGetter: controllers.OLMRevisionEngineGetter{
+				Scheme:          mgr.GetScheme(),
+				RestMapper:      mgr.GetRESTMapper(),
+				DiscoveryClient: discoveryClient,
+			},
 		}).SetupWithManager(mgr); err != nil {
 			setupLog.Error(err, "unable to create controller", "controller", "ClusterExtension")
 			return err

config/base/operator-controller/rbac/experimental/role.yaml

@@ -27,8 +27,10 @@ rules:
 - apiGroups:
   - olm.operatorframework.io
   resources:
-  - clusterextensions
+  - clusterextensionrevisions
   verbs:
+  - create
+  - delete
   - get
   - list
   - patch
@@ -37,16 +39,28 @@ rules:
 - apiGroups:
   - olm.operatorframework.io
   resources:
+  - clusterextensionrevisions/finalizers
   - clusterextensions/finalizers
   verbs:
   - update
 - apiGroups:
   - olm.operatorframework.io
   resources:
+  - clusterextensionrevisions/status
   - clusterextensions/status
   verbs:
   - patch
   - update
+- apiGroups:
+  - olm.operatorframework.io
+  resources:
+  - clusterextensions
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:

config/samples/olm_v1_clusterextension.yaml

@@ -33,6 +33,10 @@ rules:
   resources: [clusterextensions/finalizers]
   verbs: [update]
   resourceNames: [argocd]
+# Allow ClusterExtensionRevisions to set blockOwnerDeletion ownerReferences
+- apiGroups: [olm.operatorframework.io]
+  resources: [clusterextensionrevisions/finalizers]
+  verbs: [update]
 # Manage ArgoCD CRDs
 - apiGroups: [apiextensions.k8s.io]
   resources: [customresourcedefinitions]