feat: deprecate Openshift specific features

* S2I, use Jib instead
* Route, use Ingress instead

Likely to be supported until a new major release.

Closes #5771

Author: squakez

addons/master/master_test.go

@@ -70,7 +70,7 @@ func TestMasterOn(t *testing.T) {
 			Spec: v1.IntegrationPlatformSpec{
 				Cluster: v1.IntegrationPlatformClusterOpenShift,
 				Build: v1.IntegrationPlatformBuildSpec{
-					PublishStrategy: v1.IntegrationPlatformBuildPublishStrategyS2I,
+					PublishStrategy: v1.IntegrationPlatformBuildPublishStrategyJib,
 					Registry:        v1.RegistrySpec{Address: "registry"},
 					RuntimeVersion:  catalog.Runtime.Version,
 				},
@@ -161,7 +161,7 @@ func TestMasterOff(t *testing.T) {
 			Spec: v1.IntegrationPlatformSpec{
 				Cluster: v1.IntegrationPlatformClusterOpenShift,
 				Build: v1.IntegrationPlatformBuildSpec{
-					PublishStrategy: v1.IntegrationPlatformBuildPublishStrategyS2I,
+					PublishStrategy: v1.IntegrationPlatformBuildPublishStrategyJib,
 					Registry:        v1.RegistrySpec{Address: "registry"},
 					RuntimeVersion:  catalog.Runtime.Version,
 				},
@@ -223,7 +223,7 @@ func TestMasterAuto(t *testing.T) {
 			Spec: v1.IntegrationPlatformSpec{
 				Cluster: v1.IntegrationPlatformClusterOpenShift,
 				Build: v1.IntegrationPlatformBuildSpec{
-					PublishStrategy: v1.IntegrationPlatformBuildPublishStrategyS2I,
+					PublishStrategy: v1.IntegrationPlatformBuildPublishStrategyJib,
 					Registry:        v1.RegistrySpec{Address: "registry"},
 					RuntimeVersion:  catalog.Runtime.Version,
 				},

docs/modules/ROOT/pages/contributing/developers.adoc

@@ -227,8 +227,6 @@ When configuring the IDE task, make sure to add all required environment variabl
 
 After you set up the IDE task, with Java 11+ to be used by default, you can run and debug the operator process.
 
-NOTE: The operator can be fully debugged in CRC, because it uses OpenShift S2I binary builds under the hood.
-
 [[publishing]]
 == Building Metadata for Publishing the Operator in Operator Hub
 

docs/modules/ROOT/pages/contributing/local-development.adoc

@@ -30,8 +30,6 @@ This command will build and publish your actual Camel K development version to t
 ----
 make install-k8s-global (default in camel-k namespace)
 make install-k8s-ns (default in default namespace)
-make install-openshift-global (default in camel-k namespace)
-make install-openshift-ns (default in default namespace)
 ----
 
 Those targets may use two variables, `NAMESPACE` and `REGISTRY` in order to let you specify the namespace where to install the operator and the container registry to use. For instance:
@@ -45,6 +43,25 @@ Will install a global operator in the `test` namespace with the registry located
 
 In order to uninstall the local operator you can also run `make uninstall` (will keep CRDs) and `make uninstall-all` (will remove CRDs and consequently any running Integration). You can use variable `NAMESPACE` as well if the operator was installed in a namespace different than default.
 
+=== CRC special requirement
+
+You may need to test the operator on CRC. In such case you can login to the Openshift registry accessing its local interface:
+
+```
+docker login -u kubeadmin -p $(oc whoami -t) default-route-openshift-image-registry.apps-crc.testing
+```
+
+At this stage you will need to hack a little bit in order to be able to push the operator image to the registry:
+```
+CUSTOM_IMAGE=default-route-openshift-image-registry.apps-crc.testing/camel-k/camel-k make bundle
+NOTEST=true CUSTOM_IMAGE=default-route-openshift-image-registry.apps-crc.testing/camel-k/camel-k make images
+docker push default-route-openshift-image-registry.apps-crc.testing/camel-k/camel-k:2.6.0-SNAPSHOT
+```
+
+With the steps above you should have available a local operator into CRC and proceed normally with the `make install-k8s-global` procedure.
+
+NOTE: you will need to configure the IntegrationPlatform and the registry as required for Openshift and the operator Deployment may fail due to high amount of resources limit (which you can remove to let the operator start).
+
 [[local-camel-k-runtime]]
 === Local Camel K runtime
 

docs/modules/ROOT/pages/installation/advanced/build-config.adoc

@@ -20,10 +20,8 @@ The most relevant are the `resource` and `limit` parameters which can be used to
 
 The publish strategy is used to control the behavior of the creation of the container after a build. Basically it create a container image from the application built in the previous step and store as a container in the xref:installation/registry/registry.adoc[registry] configured.
 
-The operator has 2 different strategy which you can adopt: Jib (default in plain Kubernetes profile) and S2I (default in Openshift profile).
+The operator has one unique strategy which you can adopt: Jib. Alternatively you can provide your own publishing strategy (although this is not recommended).
 
 https://cloud.google.com/java/getting-started/jib[Jib] is a technology that transform a Java project into a container image and is configurable directly in Maven.
 
-https://access.redhat.com/documentation/es-es/openshift_container_platform/4.2/html/builds/understanding-image-builds#build-strategy-s2i_understanding-image-builds[S2I] is an efficient technology integrated in Openshift, reason why it is enabled by default in such a profile.
-
 NOTE: you may define your own publishing technology by using xref:pipeline/pipeline.adoc[pipelines].

docs/modules/ROOT/pages/installation/registry/registry-secret.adoc

@@ -9,7 +9,7 @@ In some cases, you might already have a push/pull secret for your container regi
 
 [source,bash]
 ----
-kubectl create secret docker-registry your-secret-name --docker-username your-user --docker-password your-pass
+kubectl create secret docker-registry registry --docker-server <my-server> --docker-username <my-user> --docker-password <my-password>
 ----
 
 Another possibility is to upload to the cluster your entire list of push/pull secrets:
@@ -34,8 +34,8 @@ spec:
   build:
     registry:
       address: <my-registry-address>
-      organization: <my-organization>
+      organization: <my-organization> (optional)
       secret: <my-secret-credentials>
 ----
 
-NOTE: make sure any credential contains the valid authentication servers: `docker.io` is used by **Jib**. Other publishing strategies may instead require to use a different endpoint, ie, `https://index.docker.io/v1/`.
+NOTE: make sure any credential contains the valid authentication servers: for instance, `docker.io` is used by **Jib**.

docs/modules/ROOT/pages/installation/registry/registry.adoc

@@ -8,14 +8,26 @@ The Camel K operator is in charge to build a Camel application and to "container
 
 For the reason above it's important that you provide a container registry which is accessible from both the operator Pod and the cluster internal mechanisms. However, a **default registry** is present in certain platforms such as _Minikube_, _Openshift_ or _Docker Desktop_.
 
-For any other platform that do not provide a default container registry, then, a registry must be provided accordingly.
+For any other platform that do not provide a default container registry, then, a container registry must be provided accordingly.
 
 [[how-to-configure]]
 == How to configure Camel K container registry
 
 When running a production grade installation, you'll be probably using a private container registry which is accessible via authenticated method. The secret is something that will be https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret[included at deployment time] as `imagePullSecret` configuration.
 
-As each registry may have a slightly different way of securing the access you can use the generic guidelines provided in xref:installation/registry/registry-secret.adoc[Secret registry configuration] and adjust accordingly. We expect that at the end of the process you have a public address (1) an _organization_ (2) and a _secret_ (3) values that will be used to configure the registry.
+[[kubernetes-secret]]
+=== Create a secret for your registry
+
+The easiest way to create a Secret is to leverage the `kubectl` CLI:
+
+[source,bash]
+----
+kubectl create secret docker-registry registry --docker-server <my-registry-address> --docker-username <my-user> --docker-password <my-password>
+----
+
+NOTE: you must include `--docker-server docker.io` value also if you're using Docker Hub. The default value provided by `kubectl` won't.
+
+As each registry may have a slightly different way of securing the access you can use the generic guidelines provided in and adjust accordingly (more information in the xref:installation/registry/registry-secret.adoc[Secret registry configuration] guide). We expect that at the end of the process you have a public address (1) an _organization_ (2) (optional, see details below) and a _secret_ (3) values that will be used to configure the registry.
 
 You will need to create or edit any existing `IntegrationPlatform` custom resource with the values as expected in the `.spec.build.registry`.
 
@@ -31,13 +43,18 @@ spec:
   build:
     registry:
       address: <my-registry-address>
-      organization: <my-organization>
+      organization: <my-organization> (optional)
       secret: <my-secret-credentials>
 ----
 
 The changes will be immediately reconciled and the operator will be able to push and pull resources in a secure manner.
 
-[[configuring-registry]]
+[[organization]]
+=== Role of the organization parameter
+
+The `organization` parameter is optional. When it's missing, the operator will use the namespace name to create an image within such organization name. When you're using an container registry you may be limited to store image in a given organization only. In this case, you must provide the name of such `organization` with this option.
+
+[[requirements]]
 == Container registry requirements
 Each platform may have its default registry of choice. And each container registry may have a slight different configuration. Please, be aware that we won't be able to support all the available solutions.
 
@@ -57,6 +74,7 @@ We have some hints that can help you configuring on the most common platforms:
 - xref:installation/registry/special/icr.adoc[IBM Container Registry]
 - xref:installation/registry/special/kind.adoc[Kind]
 - xref:installation/registry/special/minikube.adoc[Minikube]
+- xref:installation/registry/special/openshift.adoc[Openshift]
 
 [[configuring-registry-run-it-yours]]
 == Run your own container registry

docs/modules/ROOT/pages/installation/registry/special/openshift.adoc

@@ -0,0 +1,54 @@
+= Configuring Openshift registry
+
+Openshift has an embedded container registry you can use to store the images produced by Camel K build process. The full details required to provide access to the registry are available in the https://docs.openshift.com/container-platform/4.17/registry/accessing-the-registry.html[Openshift registry documentation].
+
+NOTE: before version 2.6, Camel K used S2I as a default publishing strategy against the embedded registry. Any upgrade from S2I to Jib should work out of the box.
+
+== Service Account secret credentials
+
+The first thing you need to do is to create an access token for the service account you want to use to pull/push images from the registry. We suggest to use the `camel-k-builder` Service Account which was created during the installation procedure and is normally used to perform "building" operations.
+
+```bash
+oc serviceaccounts new-token camel-k-builder -n camel-k
+eyJhb[...]Uhz0
+```
+
+WARNING: treat the token with the due level of confidentiality.
+
+You will need to use this token to create a secret:
+```bash
+oc create secret docker-registry ocp-registry --docker-server image-registry.openshift-image-registry.svc:5000 --docker-username camel-k-builder --docker-password eyJhb[...]Uhz0 -n camel-k
+```
+
+NOTE: `image-registry.openshift-image-registry.svc:5000` is the default internal route exposed by Openshift. You may need to use an alternative route according to the configuration of your cluster.
+
+== Service account pull and push permissions
+
+Before being able to pull and push containers images to the registry, you need to provide the proper privileges to access:
+
+```bash
+oc policy add-role-to-user registry-viewer -z camel-k-builder -n camel-k
+oc policy add-role-to-user registry-editor -z camel-k-builder -n camel-k
+```
+
+NOTE: `-z` identifies a Service Account.
+
+== Configure the IntegrationPlatform
+
+Now you should have all the authorizations required to pull and push containers to the image registry. In order to do that you will need to provide the Secret created above into your IntegrationPlatform configuration:
+
+[source,yaml]
+----
+apiVersion: camel.apache.org/v1
+kind: IntegrationPlatform
+metadata:
+  name: camel-k
+  namespace: camel-k
+spec:
+  build:
+    registry:
+      address: image-registry.openshift-image-registry.svc:5000
+      secret: ocp-registry
+----
+
+NOTE: make sure to use the same address provided in the secret above.

docs/modules/ROOT/partials/apis/camel-k-crds.adoc

@@ -5696,30 +5696,31 @@ a PackageTask, used to package the project
 
 
 a BuildahTask, for Buildah strategy
-Deprecated: use jib, s2i or a custom publishing strategy instead
+Deprecated: use jib or a custom publishing strategy instead
 
 |`kaniko` +
 *xref:#_camel_apache_org_v1_KanikoTask[KanikoTask]*
 |
 
 
 a KanikoTask, for Kaniko strategy
-Deprecated: use jib, s2i or a custom publishing strategy instead
+Deprecated: use jib or a custom publishing strategy instead
 
 |`spectrum` +
 *xref:#_camel_apache_org_v1_SpectrumTask[SpectrumTask]*
 |
 
 
 a SpectrumTask, for Spectrum strategy
-Deprecated: use jib, s2i or a custom publishing strategy instead
+Deprecated: use jib or a custom publishing strategy instead
 
 |`s2i` +
 *xref:#_camel_apache_org_v1_S2iTask[S2iTask]*
 |
 
 
 a S2iTask, for S2I strategy
+Deprecated: use jib or a custom publishing strategy instead
 
 |`jib` +
 *xref:#_camel_apache_org_v1_JibTask[JibTask]*
@@ -8525,6 +8526,8 @@ as a Maven repository.
 
 * <<#_camel_apache_org_v1_Traits, Traits>>
 
+WARNING: The Route trait is **deprecated** and will removed in future release versions: use Ingress trait istead.
+
 The Route trait can be used to configure the creation of OpenShift routes for the integration.
 
 The certificate and key contents may be sourced either from the local filesystem or in a OpenShift `secret` object.

docs/modules/traits/pages/route.adoc

@@ -1,8 +1,12 @@
 = Route Trait
 
 // Start of autogenerated code - DO NOT EDIT! (badges)
+[.badges]
+[.badge-key]##Deprecated since##[.badge-unsupported]##2.6.0##
 // End of autogenerated code - DO NOT EDIT! (badges)
 // Start of autogenerated code - DO NOT EDIT! (description)
+WARNING: The Route trait is **deprecated** and will removed in future release versions: use Ingress trait istead.
+
 The Route trait can be used to configure the creation of OpenShift routes for the integration.
 
 The certificate and key contents may be sourced either from the local filesystem or in a OpenShift `secret` object.

e2e/install/helm/setup_test.go

@@ -40,7 +40,7 @@ import (
 func TestHelmInstallation(t *testing.T) {
 	WithNewTestNamespace(t, func(ctx context.Context, g *WithT, ns string) {
 		containerRegistry, ok := os.LookupEnv("KAMEL_INSTALL_REGISTRY")
-		g.Expect(ok).To(BeTrue())
+		g.Expect(ok).To(BeTrue(), "This test requires setting KAMEL_INSTALL_REGISTRY variable.")
 		// Let's make sure no CRD is yet available in the cluster
 		// as we must make the procedure to install them accordingly
 		g.Eventually(CRDs(t)).Should(BeNil(), "No Camel K CRDs should be previously installed for this test")