adding field needed for build and sign flow the MIC object

yevgeny-shnaidman · k8s-ci-robot · commit 567be9dffad2 · 2025-01-19T01:56:36.000-08:00
MIC reconciler is watching the MIC object. it should receive all the
needed info for its action from the MIC, it does not need to access the
Module object at all
diff --git a/api/v1beta1/moduleimagesconfig_types.go b/api/v1beta1/moduleimagesconfig_types.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -35,13 +36,25 @@ type ModuleImageSpec struct {
 	Image string `json:"image"`
 	// generation counter of the image config
 	Generation int `json:"generation"`
+
+	// Build contains build instructions, in case image needs building
+	// +optional
+	Build *Build `json:"build,omitempty"`
+
+	// Sign contains sign instructions, in case image needs signing
+	// +optional
+	Sign *Sign `json:"sign,omitempty"`
 }
 
 // ModuleImagesConfigSpec describes the images of the Module whose status needs to be verified
 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 // +kubebuilder:validation:Required
 type ModuleImagesConfigSpec struct {
 	Images []ModuleImageSpec `json:"images"`
+
+	// ImageRepoSecret contains pull secret for the image's repo, if needed
+	// +optional
+	ImageRepoSecret *v1.LocalObjectReference `json:"imageRepoSecret,omitempty"`
 }
 
 type ModuleImageState struct {
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/kmm.sigs.x-k8s.io_moduleimagesconfigs.yaml b/config/crd/bases/kmm.sigs.x-k8s.io_moduleimagesconfigs.yaml
@@ -44,17 +44,183 @@ spec:
               ModuleImagesConfigSpec describes the images of the Module whose status needs to be verified
               More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
             properties:
+              imageRepoSecret:
+                description: ImageRepoSecret contains pull secret for the image's
+                  repo, if needed
+                properties:
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
               images:
                 items:
                   description: ModuleImageSpec describes the image whose state needs
                     to be queried
                   properties:
+                    build:
+                      description: Build contains build instructions, in case image
+                        needs building
+                      properties:
+                        baseImageRegistryTLS:
+                          description: BaseImageRegistryTLS contains settings determining
+                            how to access registries of the base images in the build-process'
+                            Dockerfile.
+                          properties:
+                            insecure:
+                              description: If Insecure is true, the operator will
+                                be able to access a registry in an insecure (plain
+                                HTTP) protocol.
+                              type: boolean
+                            insecureSkipTLSVerify:
+                              description: If InsecureSkipTLSVerify, the operator
+                                will accept any certificate provided by the registry.
+                              type: boolean
+                          type: object
+                        buildArgs:
+                          description: BuildArgs is an array of build variables that
+                            are provided to the image building backend.
+                          items:
+                            description: BuildArg represents a build argument used
+                              when building a container image.
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                            - name
+                            - value
+                            type: object
+                          type: array
+                        dockerfileConfigMap:
+                          description: ConfigMap that holds Dockerfile contents
+                          properties:
+                            name:
+                              default: ""
+                              description: |-
+                                Name of the referent.
+                                This field is effectively required, but due to backwards compatibility is
+                                allowed to be empty. Instances of this type with an empty value here are
+                                almost certainly wrong.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                              type: string
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        kanikoParams:
+                          description: KanikoParams is used to customize the building
+                            process of the image.
+                          properties:
+                            tag:
+                              description: Kaniko image tag to use when creating the
+                                build Pod
+                              type: string
+                          type: object
+                        secrets:
+                          description: |-
+                            Secrets is an optional list of secrets to be made available to the build system.
+                            Those secrets should be used for private resources such as a private Github repo.
+                            For container registries auth use module.spec.imagePullSecret instead.
+                          items:
+                            description: |-
+                              LocalObjectReference contains enough information to let you locate the
+                              referenced object inside the same namespace.
+                            properties:
+                              name:
+                                default: ""
+                                description: |-
+                                  Name of the referent.
+                                  This field is effectively required, but due to backwards compatibility is
+                                  allowed to be empty. Instances of this type with an empty value here are
+                                  almost certainly wrong.
+                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          type: array
+                        selector:
+                          additionalProperties:
+                            type: string
+                          description: Selector describes on which nodes will run
+                            the building process.
+                          type: object
+                      required:
+                      - dockerfileConfigMap
+                      type: object
                     generation:
                       description: generation counter of the image config
                       type: integer
                     image:
                       description: image
                       type: string
+                    sign:
+                      description: Sign contains sign instructions, in case image
+                        needs signing
+                      properties:
+                        certSecret:
+                          description: a secret containing the public key used to
+                            sign kernel modules for secureboot
+                          properties:
+                            name:
+                              default: ""
+                              description: |-
+                                Name of the referent.
+                                This field is effectively required, but due to backwards compatibility is
+                                allowed to be empty. Instances of this type with an empty value here are
+                                almost certainly wrong.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                              type: string
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        filesToSign:
+                          description: paths inside the image for the kernel modules
+                            to sign (if ommited all kmods are signed)
+                          items:
+                            type: string
+                          type: array
+                        keySecret:
+                          description: a secret containing the private key used to
+                            sign kernel modules for secureboot
+                          properties:
+                            name:
+                              default: ""
+                              description: |-
+                                Name of the referent.
+                                This field is effectively required, but due to backwards compatibility is
+                                allowed to be empty. Instances of this type with an empty value here are
+                                almost certainly wrong.
+                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                              type: string
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        unsignedImage:
+                          description: Image to sign, ignored if a Build is present,
+                            required otherwise
+                          type: string
+                        unsignedImageRegistryTLS:
+                          description: UnsignedImageRegistryTLS contains settings
+                            determining how to access registries of the unsigned image.
+                          properties:
+                            insecure:
+                              description: If Insecure is true, the operator will
+                                be able to access a registry in an insecure (plain
+                                HTTP) protocol.
+                              type: boolean
+                            insecureSkipTLSVerify:
+                              description: If InsecureSkipTLSVerify, the operator
+                                will accept any certificate provided by the registry.
+                              type: boolean
+                          type: object
+                      required:
+                      - certSecret
+                      - keySecret
+                      type: object
                   required:
                   - generation
                   - image
