Skip to content

Add OpenShift UBI image support #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tamalsaha merged 1 commit into from
Dec 18, 2025
Merged

Add OpenShift UBI image support #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 3 additions & 0 deletions apis/installer/v1alpha1/aws_credential_manager_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1alpha1
import (
core "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"kmodules.xyz/resource-metadata/apis/shared"
)

const (
Expand Down Expand Up @@ -82,6 +83,8 @@ type AwsCredentialManagerSpec struct {
ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
Volumes []core.Volume `json:"volumes"`
VolumeMounts []core.VolumeMount `json:"volumeMounts"`
// +optional
Distro shared.DistroSpec `json:"distro"`
}

type ImageReference struct {
Expand Down
3 changes: 3 additions & 0 deletions apis/installer/v1alpha1/capa_vpc_peering_operator_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1alpha1
import (
core "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"kmodules.xyz/resource-metadata/apis/shared"
)

const (
Expand Down Expand Up @@ -70,6 +71,8 @@ type CapaVpcPeeringOperatorSpec struct {
// +optional
Affinity *core.Affinity `json:"affinity"`
Monitoring Monitoring `json:"monitoring"`
// +optional
Distro shared.DistroSpec `json:"distro"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
Expand Down
3 changes: 3 additions & 0 deletions apis/installer/v1alpha1/capi_ops_manager_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1alpha1
import (
core "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"kmodules.xyz/resource-metadata/apis/shared"
)

const (
Expand Down Expand Up @@ -80,6 +81,8 @@ type CapiOpsManagerSpec struct {
// +optional
Apiserver CapiOpsManagerApiserver `json:"apiserver"`
Monitoring Monitoring `json:"monitoring"`
// +optional
Distro shared.DistroSpec `json:"distro"`
}

type CapiOpsManagerApiserver struct {
Expand Down
3 changes: 3 additions & 0 deletions apis/installer/v1alpha1/docker_machine_operator_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1alpha1
import (
core "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"kmodules.xyz/resource-metadata/apis/shared"
)

const (
Expand Down Expand Up @@ -70,6 +71,8 @@ type DockerMachineOperatorSpec struct {
// +optional
Affinity *core.Affinity `json:"affinity"`
Monitoring Monitoring `json:"monitoring"`
// +optional
Distro shared.DistroSpec `json:"distro"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
Expand Down
4 changes: 4 additions & 0 deletions apis/installer/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions charts/aws-credential-manager/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,8 @@ The following table lists the configurable parameters of the `aws-credential-man
| nodeSelector | | <code>{}</code> |
| tolerations | | <code>[]</code> |
| affinity | | <code>{}</code> |
| distro.openshift | Set true, if installed in OpenShift | <code>false</code> |
| distro.ubi | Set operator or all to use ubi images | <code>""</code> |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
Expand Down
14 changes: 14 additions & 0 deletions charts/aws-credential-manager/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,3 +74,17 @@ imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

{{/*
Returns whether the OpenShift distribution is used
*/}}
{{- define "distro.openshift" -}}
{{- or (.Capabilities.APIVersions.Has "project.openshift.io/v1/Project") .Values.distro.openshift -}}
{{- end }}

{{/*
Returns if ubi images are to be used
*/}}
{{- define "operator.ubi" -}}
{{ ternary "-ubi" "" (list "operator" "all" | has .Values.distro.ubi) }}
{{- end }}
12 changes: 11 additions & 1 deletion charts/aws-credential-manager/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,23 @@ spec:
spec:
{{- include "appscode.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ include "aws-credential-manager.serviceAccountName" . }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.podSecurityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 8 }}
{{- else }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.securityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 12 }}
{{- else }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- end }}
image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{ include "operator.ubi" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- run
Expand Down
6 changes: 6 additions & 0 deletions charts/aws-credential-manager/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,3 +81,9 @@ volumeMounts: []
nodeSelector: {}
tolerations: []
affinity: {}

distro:
# Set true, if installed in OpenShift
openshift: false
# Set operator or all to use ubi images
ubi: ""
2 changes: 2 additions & 0 deletions charts/capa-vpc-peering-operator/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ The following table lists the configurable parameters of the `capa-vpc-peering-o
| affinity | | <code>{}</code> |
| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | <code>""</code> |
| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | <code>{}</code> |
| distro.openshift | Set true, if installed in OpenShift | <code>false</code> |
| distro.ubi | Set operator or all to use ubi images | <code>""</code> |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
Expand Down
14 changes: 14 additions & 0 deletions charts/capa-vpc-peering-operator/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,3 +105,17 @@ Returns the ServiceMonitor labels
{{ $key }}: {{ $val }}
{{- end }}
{{- end }}

{{/*
Returns whether the OpenShift distribution is used
*/}}
{{- define "distro.openshift" -}}
{{- or (.Capabilities.APIVersions.Has "project.openshift.io/v1/Project") .Values.distro.openshift -}}
{{- end }}

{{/*
Returns if ubi images are to be used
*/}}
{{- define "operator.ubi" -}}
{{ ternary "-ubi" "" (list "operator" "all" | has .Values.distro.ubi) }}
{{- end }}
12 changes: 11 additions & 1 deletion charts/capa-vpc-peering-operator/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,23 @@ spec:
spec:
{{- include "appscode.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ include "capa-vpc-peering-operator.serviceAccountName" . }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.podSecurityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 8 }}
{{- else }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.image.securityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 12 }}
{{- else }}
securityContext:
{{- toYaml .Values.image.securityContext | nindent 12 }}
image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
{{- end }}
image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{ include "operator.ubi" . }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- run
Expand Down
14 changes: 14 additions & 0 deletions charts/capa-vpc-peering-operator/values.openapiv3_schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -438,6 +438,20 @@ properties:
x-kubernetes-list-type: atomic
type: object
type: object
distro:
properties:
openshift:
type: boolean
ubi:
enum:
- all
- catalog
- operator
type: string
required:
- openshift
- ubi
type: object
fullnameOverride:
type: string
image:
Expand Down
6 changes: 6 additions & 0 deletions charts/capa-vpc-peering-operator/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,9 @@ monitoring:
# Prometheus crd will select ServiceMonitor using these labels.
# Only usable when monitoring agent is `prometheus.io/operator`.
labels: {}

distro:
# Set true, if installed in OpenShift
openshift: false
# Set operator or all to use ubi images
ubi: ""
2 changes: 2 additions & 0 deletions charts/capi-ops-manager/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ The following table lists the configurable parameters of the `capi-ops-manager`
| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | <code>""</code> |
| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | <code>""</code> |
| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | <code>{}</code> |
| distro.openshift | Set true, if installed in OpenShift | <code>false</code> |
| distro.ubi | Set operator or all to use ubi images | <code>""</code> |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
Expand Down
14 changes: 14 additions & 0 deletions charts/capi-ops-manager/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,3 +110,17 @@ imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- end -}}

{{/*
Returns whether the OpenShift distribution is used
*/}}
{{- define "distro.openshift" -}}
{{- or (.Capabilities.APIVersions.Has "project.openshift.io/v1/Project") .Values.distro.openshift -}}
{{- end }}

{{/*
Returns if ubi images are to be used
*/}}
{{- define "operator.ubi" -}}
{{ ternary "-ubi" "" (list "operator" "all" | has .Values.distro.ubi) }}
{{- end }}
12 changes: 11 additions & 1 deletion charts/capi-ops-manager/templates/operator/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,16 +66,26 @@ spec:
name: etc-xdg
- mountPath: /.config
name: config
image: "{{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}"
image: {{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}{{ include "operator.ubi" . }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.operator.securityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 10 }}
{{- else }}
securityContext:
{{- toYaml .Values.operator.securityContext | nindent 10 }}
{{- end }}
args:
- operator
resources:
{{- toYaml .Values.operator.resources | nindent 10 }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.podSecurityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 8 }}
{{- else }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- if or $tolerations $criticalAddon }}
tolerations:
{{- with $tolerations }}
Expand Down
19 changes: 17 additions & 2 deletions charts/capi-ops-manager/templates/webhook/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,15 @@ spec:
serviceAccountName: {{ include "capi-ops-manager.serviceAccountName" . }}
containers:
- name: webhook-server
image: "{{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}"
image: {{ include "operator.registry" . }}/{{ .Values.operator.repository }}:{{ .Values.operator.tag | default .Chart.AppVersion }}{{ include "operator.ubi" . }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.operator.securityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 10 }}
{{- else }}
securityContext:
{{- toYaml .Values.operator.securityContext | nindent 10 }}
{{- end }}
args:
- webhook
- --webhook-name={{ include "capi-ops-manager.fullname" . }}
Expand Down Expand Up @@ -94,9 +99,14 @@ spec:
mountPath: /var/serving-cert
readOnly: true
- name: kube-rbac-proxy
image: "{{ include "rbacproxy.registry" . }}/{{ .Values.rbacproxy.repository }}:{{ .Values.rbacproxy.tag }}"
image: {{ include "rbacproxy.registry" . }}/{{ .Values.rbacproxy.repository }}:{{ .Values.rbacproxy.tag }}{{ include "operator.ubi" . }}
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.rbacproxy.securityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 10 }}
{{- else }}
securityContext:
{{- toYaml .Values.rbacproxy.securityContext | nindent 10 }}
{{- end }}
args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
Expand All @@ -113,8 +123,13 @@ spec:
secret:
defaultMode: 420
secretName: {{ include "capi-ops-manager.fullname" . }}-webhook-cert
{{- if eq "true" ( include "distro.openshift" . ) }}
securityContext:
{{- toYaml (omit .Values.podSecurityContext "runAsUser" "runAsGroup" "fsGroup" "supplementalGroups") | nindent 8 }}
{{- else }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- if or $tolerations $criticalAddon }}
tolerations:
{{- with $tolerations }}
Expand Down
14 changes: 14 additions & 0 deletions charts/capi-ops-manager/values.openapiv3_schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,20 @@ properties:
type: object
criticalAddon:
type: boolean
distro:
properties:
openshift:
type: boolean
ubi:
enum:
- all
- catalog
- operator
type: string
required:
- openshift
- ubi
type: object
fullnameOverride:
type: string
imagePullPolicy:
Expand Down
6 changes: 6 additions & 0 deletions charts/capi-ops-manager/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,3 +134,9 @@ monitoring:
# Prometheus crd will select ServiceMonitor using these labels.
# Only usable when monitoring agent is `prometheus.io/operator`.
labels: {}

distro:
# Set true, if installed in OpenShift
openshift: false
# Set operator or all to use ubi images
ubi: ""
Loading
Loading