-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DNM] MCO-1437: MCO-1476: MCO-1477: MCO-1284: Adapt MCO to OCL v1 API #4756
Draft
djoshy
wants to merge
7
commits into
openshift:master
Choose a base branch
from
djoshy:reconcile-ocl-api
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
472c75e
vendor: pick up api/client-go updates
djoshy d4465c4
reconcile OCL API from v1alpha1 -> v1
djoshy 9f190f6
daemon: remove OCL secrets mounting mechanism
djoshy fffaab7
update unit tests for OCL v1 API
djoshy 3ad9100
add global pull secret clone mechanism
djoshy e538cad
add units for global pull secret clone mechanism
djoshy b379724
update e2e tests for OCL v1 API
djoshy File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1257,6 +1257,11 @@ func (optr *Operator) reconcileMachineOSBuilder(mob *appsv1.Deployment) error { | |
return fmt.Errorf("could not reconcile etc-pki-entitlement secrets: %w", err) | ||
} | ||
|
||
// Create/Deletes the global pull secret copy in the MCO namespace, depending on layered pool count. | ||
if err := optr.reconcileGlobalPullSecretCopy(layeredMCPs); err != nil { | ||
return fmt.Errorf("could not reconcile global pull secret copy: %w", err) | ||
} | ||
|
||
// If we have opted-in pools and the Machine OS Builder deployment is either | ||
// not running or doesn't have the correct replica count, scale it up. | ||
correctReplicaCount := optr.hasCorrectReplicaCount(mob) | ||
|
@@ -1463,6 +1468,58 @@ func (optr *Operator) reconcileSimpleContentAccessSecrets(layeredMCPs []*mcfgv1. | |
return nil | ||
} | ||
|
||
func (optr *Operator) reconcileGlobalPullSecretCopy(layeredMCPs []*mcfgv1.MachineConfigPool) error { | ||
secretCopyExists := true | ||
currentSecretCopy, err := optr.mcoSecretLister.Secrets(ctrlcommon.MCONamespace).Get(ctrlcommon.GlobalPullSecretCopyName) | ||
if apierrors.IsNotFound(err) { | ||
secretCopyExists = false | ||
} else if err != nil { | ||
return err | ||
} | ||
|
||
if len(layeredMCPs) == 0 { | ||
// If the secret copy doesn't exist, nothing to do here | ||
if !secretCopyExists { | ||
return nil | ||
} | ||
klog.Infof("deleting %s", ctrlcommon.GlobalPullSecretCopyName) | ||
return optr.kubeClient.CoreV1().Secrets(ctrlcommon.MCONamespace).Delete(context.TODO(), ctrlcommon.GlobalPullSecretCopyName, metav1.DeleteOptions{}) | ||
} | ||
|
||
// Atleast one pool is opted-in, let's create or update the copy if needed. First, grab the global pull secret. | ||
// QOCL: Do we want to fatally exit here? | ||
globalPullSecret, err := optr.ocSecretLister.Secrets(ctrlcommon.OpenshiftConfigNamespace).Get("pull-secret") | ||
if err != nil { | ||
return fmt.Errorf("error fetching cluster pull secret: %w", err) | ||
} | ||
|
||
// Create a clone of clusterPullSecret, and modify it to be in the MCO namespace. | ||
globalPullSecretCopy := &corev1.Secret{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: ctrlcommon.GlobalPullSecretCopyName, | ||
Namespace: ctrlcommon.MCONamespace, | ||
}, | ||
Data: globalPullSecret.Data, | ||
Type: corev1.SecretTypeDockerConfigJson, | ||
} | ||
|
||
// If the secret copy doesn't exist, create it. | ||
if !secretCopyExists { | ||
klog.Infof("creating %s", ctrlcommon.GlobalPullSecretCopyName) | ||
_, err := optr.kubeClient.CoreV1().Secrets(ctrlcommon.MCONamespace).Create(context.TODO(), globalPullSecretCopy, metav1.CreateOptions{}) | ||
return err | ||
} | ||
|
||
// If it does exist, check if an update is required before making the update call. | ||
if !reflect.DeepEqual(currentSecretCopy.Data, globalPullSecret.Data) { | ||
klog.Infof("updating %s", ctrlcommon.GlobalPullSecretCopyName) | ||
_, err := optr.kubeClient.CoreV1().Secrets(ctrlcommon.MCONamespace).Update(context.TODO(), globalPullSecretCopy, metav1.UpdateOptions{}) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not sure if this update mechanism is necessary, I don't know if the global secret will ever get updated after installation? |
||
return err | ||
} | ||
|
||
return nil | ||
} | ||
|
||
// Updates the Machine OS Builder Deployment, creating it if it does not exist. | ||
func (optr *Operator) startMachineOSBuilderDeployment(mob *appsv1.Deployment, layeredMCPs []*mcfgv1.MachineConfigPool) error { | ||
if err := build.ValidateOnClusterBuildConfig(optr.kubeClient, optr.client, layeredMCPs); err != nil { | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to fatally exit here? If this secret is missing in cluster, the build will certainly fail, I'd think.