Merge pull request openshift#2005 from bfournie/node-image-disconnected

OCPBUGS-53106: Get installer image from configMap for node-image command

Author: openshift-merge-bot[bot]

pkg/cli/admin/nodeimage/basenodeimagecommand.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"os"
 	"regexp"
 	"strings"
 	"time"
@@ -23,6 +24,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/kubectl/pkg/cmd/exec"
+	"sigs.k8s.io/yaml"
 
 	ocpv1 "github.com/openshift/api/config/v1"
 	configclient "github.com/openshift/client-go/config/clientset/versioned"
@@ -87,9 +89,43 @@ func (c *BaseNodeImageCommand) getNodeJoinerPullSpec(ctx context.Context) error
 	}
 
 	// Extract the baremetal-installer image pullspec, since it
-	// provide the node-joiner tool.
+	// provides the node-joiner tool.
+
+	// First attempt to get the installer image from the configMap created by installer. This will work in disconnected environments.
+	installerImagesConfigMap, err := c.Client.CoreV1().ConfigMaps("openshift-config").Get(ctx, "installer-images", metav1.GetOptions{})
+	if err == nil {
+		images := installerImagesConfigMap.Data["images.json"]
+		if len(images) > 0 {
+			imageMap := make(map[string]string)
+			err := yaml.Unmarshal([]byte(images), &imageMap)
+			if err == nil {
+				installer, exists := imageMap["installer"]
+				if exists {
+					// Found pullSpec from configMap
+					c.log("installer pullspec obtained from installer-images configMap %s", installer)
+					c.nodeJoinerImage = installer
+					return nil
+				}
+			}
+		}
+	}
+
+	// If cannot obtain installer image from configMap, get it from the releaseImage.
+	// Note that after OCP 4.20, this should not be necessary since the configMap was added to installer in 4.19.
+	c.log("configMap containing installer-images is not available, trying to get image from registry")
 	opts := ocrelease.NewInfoOptions(c.IOStreams)
 	opts.SecurityOptions = c.SecurityOptions
+	idmsFile, err := c.getIdmsFile(ctx)
+	if err != nil {
+		return err
+	}
+	opts.IDMSFile = idmsFile
+	defer func() {
+		if opts.IDMSFile != "" {
+			os.Remove(opts.IDMSFile)
+		}
+	}()
+
 	release, err := opts.LoadReleaseInfo(releaseImage, false)
 	if err != nil {
 		return err
@@ -409,3 +445,45 @@ func (o *BaseNodeImageCommand) runNodeJoinerPod(ctx context.Context, tasks []fun
 	}
 	return nil
 }
+
+func (c *BaseNodeImageCommand) getIdmsFile(ctx context.Context) (string, error) {
+	imageDigestMirrorSets, idmsErr := c.ConfigClient.ConfigV1().ImageDigestMirrorSets().List(ctx, metav1.ListOptions{})
+	if idmsErr != nil && !kapierrors.IsNotFound(idmsErr) {
+		return "", idmsErr
+	}
+	imageContentPolicies, icspErr := c.ConfigClient.ConfigV1().ImageContentPolicies().List(ctx, metav1.ListOptions{})
+	if icspErr != nil && !kapierrors.IsNotFound(icspErr) {
+		return "", icspErr
+	}
+	if idmsErr != nil || len(imageDigestMirrorSets.Items) == 0 {
+		imageDigestMirrorSets = nil // handle empty idms
+	}
+	if icspErr != nil || len(imageContentPolicies.Items) == 0 {
+		imageContentPolicies = nil // handle empty icsp
+	}
+	if imageDigestMirrorSets == nil && imageContentPolicies == nil {
+		return "", nil
+	}
+
+	// Build IDMS file from contents of the IDMS and ICSP mirror digests
+	contents, err := getIdmsContents(c.LogOut, imageDigestMirrorSets, imageContentPolicies)
+	if err != nil {
+		c.log("failure parsing imageDigestMirrorSet %s", err.Error())
+		return "", err
+	}
+
+	// create temp file which will be removed by caller
+	idmsFile, err := os.CreateTemp("", "idms-file")
+	if err != nil {
+		return "", err
+	}
+
+	c.log("Building IDMS file with contents %s", contents)
+	if _, err := idmsFile.Write(contents); err != nil {
+		idmsFile.Close()
+		os.Remove(idmsFile.Name())
+		return "", err
+	}
+	idmsFile.Close()
+	return idmsFile.Name(), nil
+}

pkg/cli/admin/nodeimage/mirrorbuilder.go

@@ -0,0 +1,75 @@
+package nodeimage
+
+import (
+	"fmt"
+	"io"
+
+	ocpv1 "github.com/openshift/api/config/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/yaml"
+)
+
+func getIdmsContents(writer io.Writer, idmsMirrorSetList *ocpv1.ImageDigestMirrorSetList, icspMirrorSetList *ocpv1.ImageContentPolicyList) ([]byte, error) {
+	imageDigestSet := ocpv1.ImageDigestMirrorSet{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: ocpv1.GroupVersion.String(),
+			Kind:       "ImageDigestMirrorSet",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "image-digest",
+			// not namespaced
+		},
+	}
+
+	// Add mirrors from IDMS
+	if idmsMirrorSetList != nil {
+		log(writer, "Adding mirrors from ImageDigestMirrors")
+		for _, idms := range idmsMirrorSetList.Items {
+			for _, digestMirror := range idms.Spec.ImageDigestMirrors {
+				imageDigestSet.Spec.ImageDigestMirrors = append(imageDigestSet.Spec.ImageDigestMirrors, digestMirror)
+			}
+		}
+	}
+
+	// Add mirrors from ICSP
+	if icspMirrorSetList != nil {
+		log(writer, "Adding mirrors from ImageContentPolicies")
+		for _, icsp := range icspMirrorSetList.Items {
+			for _, digestMirror := range icsp.Spec.RepositoryDigestMirrors {
+				// Skip adding the mirror if the source already exists
+				if digestSourceExists(imageDigestSet.Spec.ImageDigestMirrors, digestMirror.Source) {
+					continue
+				}
+				mirror := ocpv1.ImageDigestMirrors{
+					Source: digestMirror.Source,
+				}
+				for _, m := range digestMirror.Mirrors {
+					mirror.Mirrors = append(mirror.Mirrors, ocpv1.ImageMirror(m))
+				}
+				imageDigestSet.Spec.ImageDigestMirrors = append(imageDigestSet.Spec.ImageDigestMirrors, mirror)
+			}
+		}
+	}
+
+	contents, err := yaml.Marshal(imageDigestSet)
+	if err != nil {
+		return nil, err
+	}
+
+	return contents, nil
+}
+
+func digestSourceExists(mirrors []ocpv1.ImageDigestMirrors, source string) bool {
+	for _, mirror := range mirrors {
+		if mirror.Source == source {
+			return true
+		}
+	}
+	return false
+}
+
+func log(writer io.Writer, format string, a ...interface{}) {
+	if writer != nil {
+		fmt.Fprintf(writer, format+"\n", a...)
+	}
+}

pkg/cli/admin/nodeimage/mirrorbuilder_test.go

@@ -0,0 +1,187 @@
+package nodeimage
+
+import (
+	"reflect"
+	"testing"
+
+	ocpv1 "github.com/openshift/api/config/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+var defaultIdmsSetList = ocpv1.ImageDigestMirrorSetList{
+	TypeMeta: metav1.TypeMeta{},
+	ListMeta: metav1.ListMeta{
+		ResourceVersion: "15",
+	},
+	Items: []ocpv1.ImageDigestMirrorSet{
+		{
+			TypeMeta:   metav1.TypeMeta{},
+			ObjectMeta: metav1.ObjectMeta{Name: "image-digest-mirror", Namespace: "test"},
+			Spec: ocpv1.ImageDigestMirrorSetSpec{
+				ImageDigestMirrors: []ocpv1.ImageDigestMirrors{
+					{
+						Source: "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
+						Mirrors: []ocpv1.ImageMirror{
+							"virthost.test:5000/localimages/local-release-image",
+						},
+					},
+					{
+						Source: "registry.ci.openshift.org/ocp/release",
+						Mirrors: []ocpv1.ImageMirror{
+							"virthost.test:5000/localimages/local-dev",
+						},
+					},
+				},
+			},
+		},
+	},
+}
+
+var defaultIdms = `apiVersion: config.openshift.io/v1
+kind: ImageDigestMirrorSet
+metadata:
+  creationTimestamp: null
+  name: image-digest
+spec:
+  imageDigestMirrors:
+  - mirrors:
+    - virthost.test:5000/localimages/local-release-image
+    source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+  - mirrors:
+    - virthost.test:5000/localimages/local-dev
+    source: registry.ci.openshift.org/ocp/release
+status: {}
+`
+
+var defaultIcspList = ocpv1.ImageContentPolicyList{
+	TypeMeta: metav1.TypeMeta{},
+	ListMeta: metav1.ListMeta{
+		ResourceVersion: "15",
+	},
+	Items: []ocpv1.ImageContentPolicy{
+		{
+			TypeMeta:   metav1.TypeMeta{},
+			ObjectMeta: metav1.ObjectMeta{Name: "image-policy", Namespace: "test"},
+			Spec: ocpv1.ImageContentPolicySpec{
+				RepositoryDigestMirrors: []ocpv1.RepositoryDigestMirrors{
+					{
+						Source: "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
+						Mirrors: []ocpv1.Mirror{
+							"virthost.test:5000/localimages/local-release-image",
+						},
+					},
+					{
+						Source: "registry.ci.openshift.org/ocp/release",
+						Mirrors: []ocpv1.Mirror{
+							"virthost.test:5000/localimages/local-dev",
+						},
+					},
+				},
+			},
+		},
+	},
+}
+
+var icspListDifferentThanIdms = ocpv1.ImageContentPolicyList{
+	TypeMeta: metav1.TypeMeta{},
+	ListMeta: metav1.ListMeta{
+		ResourceVersion: "15",
+	},
+	Items: []ocpv1.ImageContentPolicy{
+		{
+			TypeMeta:   metav1.TypeMeta{},
+			ObjectMeta: metav1.ObjectMeta{Name: "image-policy", Namespace: "test"},
+			Spec: ocpv1.ImageContentPolicySpec{
+				RepositoryDigestMirrors: []ocpv1.RepositoryDigestMirrors{
+					{
+						Source: "example.com/ocp-v4.0-art-dev",
+						Mirrors: []ocpv1.Mirror{
+							"localimages/local-release-image",
+						},
+					},
+					{
+						Source: "example.com/ocp/release",
+						Mirrors: []ocpv1.Mirror{
+							"localimages/local-dev",
+						},
+					},
+				},
+			},
+		},
+	},
+}
+
+var icspPlusIdms = `apiVersion: config.openshift.io/v1
+kind: ImageDigestMirrorSet
+metadata:
+  creationTimestamp: null
+  name: image-digest
+spec:
+  imageDigestMirrors:
+  - mirrors:
+    - virthost.test:5000/localimages/local-release-image
+    source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+  - mirrors:
+    - virthost.test:5000/localimages/local-dev
+    source: registry.ci.openshift.org/ocp/release
+  - mirrors:
+    - localimages/local-release-image
+    source: example.com/ocp-v4.0-art-dev
+  - mirrors:
+    - localimages/local-dev
+    source: example.com/ocp/release
+status: {}
+`
+
+func TestGetIdmsContents(t *testing.T) {
+	testCases := []struct {
+		name          string
+		idmsSetList   *ocpv1.ImageDigestMirrorSetList
+		icspSetList   *ocpv1.ImageContentPolicyList
+		expectedIdms  []byte
+		expectedError string
+	}{
+		{
+			name:         "IDMS Only mirrors",
+			idmsSetList:  &defaultIdmsSetList,
+			icspSetList:  nil,
+			expectedIdms: []byte(defaultIdms),
+		},
+		{
+			name:         "ICSP Only mirrors",
+			idmsSetList:  nil,
+			icspSetList:  &defaultIcspList,
+			expectedIdms: []byte(defaultIdms),
+		},
+		{
+			name:         "IDMS and ICSP mirrors the same",
+			idmsSetList:  &defaultIdmsSetList,
+			icspSetList:  &defaultIcspList,
+			expectedIdms: []byte(defaultIdms),
+		},
+		{
+			name:         "IDMS and ICSP mirrors are different",
+			idmsSetList:  &defaultIdmsSetList,
+			icspSetList:  &icspListDifferentThanIdms,
+			expectedIdms: []byte(icspPlusIdms),
+		},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			idmsContents, err := getIdmsContents(nil, tc.idmsSetList, tc.icspSetList)
+
+			if tc.expectedError == "" {
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+				if !reflect.DeepEqual(tc.expectedIdms, idmsContents) {
+					t.Errorf("Expected:\n%s\ngot:\n%s", tc.expectedIdms, idmsContents)
+				}
+			} else {
+				if err == nil {
+					t.Fatalf("expected error not received: %s", tc.expectedError)
+				}
+			}
+		})
+	}
+}