Merge pull request #1731 from atiratree/kubeversion

OCPBUGS-41257: introduce --operand-kubernetes-version flag and resolve API group versions accordingly

Author: openshift-merge-bot[bot]

pkg/cmd/render/render.go

@@ -14,6 +14,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/blang/semver/v4"
 	"github.com/ghodss/yaml"
 	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/api/features"
@@ -40,6 +41,8 @@ type renderOpts struct {
 	manifest genericrenderoptions.ManifestOptions
 	generic  genericrenderoptions.GenericOptions
 
+	operandKubernetesVersion string
+
 	lockHostPath      string
 	etcdServerURLs    []string
 	etcdServingCA     string
@@ -98,6 +101,7 @@ func (r *renderOpts) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&r.clusterConfigFile, "cluster-config-file", r.clusterConfigFile, "Openshift Cluster API Config file.")
 	fs.StringVar(&r.clusterAuthFile, "cluster-auth-file", r.clusterAuthFile, "Openshift Cluster Authentication API Config file.")
 	fs.StringVar(&r.infraConfigFile, "infra-config-file", "", "File containing infrastructure.config.openshift.io manifest.")
+	fs.StringVar(&r.operandKubernetesVersion, "operand-kubernetes-version", "", "Kubernetes version of the operand (hyperkube image).")
 }
 
 // Validate verifies the inputs.
@@ -127,6 +131,14 @@ func (r *renderOpts) Validate() error {
 		return err
 	}
 
+	// TODO add after installer PR is merged
+	//if len(r.operandKubernetesVersion) == 0 {
+	//	return errors.New("missing operand kubernetes version: --operand-kubernetes-version")
+	//}
+	//if _, err := semver.Parse(r.operandKubernetesVersion); err != nil {
+	//	return err
+	//}
+
 	return nil
 }
 
@@ -139,7 +151,15 @@ func (r *renderOpts) Complete() error {
 		return err
 	}
 	if r.groupVersionsByFeatureGate == nil {
-		r.groupVersionsByFeatureGate = apienablement.DefaultGroupVersionsByFeatureGate
+		// TODO remove after installer PR is merged
+		if len(r.operandKubernetesVersion) == 0 {
+			r.operandKubernetesVersion = "1.30.0"
+		}
+		var err error
+		r.groupVersionsByFeatureGate, err = apienablement.GetDefaultGroupVersionByFeatureGate(semver.MustParse(r.operandKubernetesVersion))
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }

pkg/operator/configobservation/apienablement/observe_runtime_config.go

@@ -3,7 +3,9 @@ package apienablement
 import (
 	"fmt"
 	"sort"
+	"strings"
 
+	"github.com/blang/semver/v4"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -12,11 +14,47 @@ import (
 	"github.com/openshift/library-go/pkg/operator/configobserver"
 	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/events"
+	"github.com/openshift/library-go/pkg/operator/v1helpers"
 )
 
-var DefaultGroupVersionsByFeatureGate = map[configv1.FeatureGateName][]schema.GroupVersion{
-	"ValidatingAdmissionPolicy": {{Group: "admissionregistration.k8s.io", Version: "v1beta1"}},
-	"DynamicResourceAllocation": {{Group: "resource.k8s.io", Version: "v1alpha2"}},
+var defaultGroupVersionsByFeatureGate = map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion{
+	"ValidatingAdmissionPolicy": {{GroupVersion: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"}}},
+	"DynamicResourceAllocation": {
+		{KubeVersionRange: semver.MustParseRange("< 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha2"}},
+		{KubeVersionRange: semver.MustParseRange(">= 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha3"}},
+	},
+}
+
+type groupVersionByOpenshiftVersion struct {
+	schema.GroupVersion
+	KubeVersionRange semver.Range
+}
+
+func getGroupVersionByFeatureGate(groupVersionsByFeatureGate map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion, kubeVersion semver.Version) (map[configv1.FeatureGateName][]schema.GroupVersion, error) {
+	result := make(map[configv1.FeatureGateName][]schema.GroupVersion, len(groupVersionsByFeatureGate))
+	groupByVersions := map[string][]string{}
+	for featureGate, APIGroups := range groupVersionsByFeatureGate {
+		for _, group := range APIGroups {
+			if group.KubeVersionRange == nil || group.KubeVersionRange(kubeVersion) {
+				groupByVersions[group.Group] = append(groupByVersions[group.Group], group.Version)
+				result[featureGate] = append(result[featureGate], group.GroupVersion)
+			}
+		}
+	}
+	var errs []error
+	for group, versions := range groupByVersions {
+		if len(versions) > 1 {
+			errs = append(errs, fmt.Errorf("found a duplicate group %v for FeatureGates, versions found: %v", group, strings.Join(versions, ",")))
+		}
+	}
+	if len(errs) > 0 {
+		return nil, v1helpers.NewMultiLineAggregate(errs)
+	}
+	return result, nil
+}
+
+func GetDefaultGroupVersionByFeatureGate(kubeVersion semver.Version) (map[configv1.FeatureGateName][]schema.GroupVersion, error) {
+	return getGroupVersionByFeatureGate(defaultGroupVersionsByFeatureGate, kubeVersion)
 }
 
 var (

pkg/operator/configobservation/apienablement/observe_runtime_config_test.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"testing"
 
+	"github.com/blang/semver/v4"
 	"github.com/google/go-cmp/cmp"
 	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/library-go/pkg/operator/configobserver"
@@ -169,3 +170,105 @@ func TestFeatureGateObserverWithRuntimeConfig(t *testing.T) {
 		})
 	}
 }
+
+func TestGroupVersionsByFeatureGate(t *testing.T) {
+	for _, tc := range []struct {
+		name                       string
+		kubeVersion                semver.Version
+		groupVersionsByFeatureGate map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion
+		expectedGroupVersions      map[configv1.FeatureGateName][]schema.GroupVersion
+		expectErrors               bool
+	}{
+		{
+			name:        "partial from/to",
+			kubeVersion: semver.MustParse("1.30.0"),
+			groupVersionsByFeatureGate: map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion{
+				"ValidatingAdmissionPolicy": {{GroupVersion: schema.GroupVersion{Group: "admissionregistration.k8s.io", Version: "v1beta1"}}},
+				"DynamicResourceAllocation": {
+					{KubeVersionRange: semver.MustParseRange("< 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha2"}},
+					{KubeVersionRange: semver.MustParseRange(">= 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha3"}},
+				},
+			},
+			expectedGroupVersions: map[configv1.FeatureGateName][]schema.GroupVersion{
+				"ValidatingAdmissionPolicy": {{Group: "admissionregistration.k8s.io", Version: "v1beta1"}},
+				"DynamicResourceAllocation": {{Group: "resource.k8s.io", Version: "v1alpha2"}},
+			},
+		},
+		{
+			name:        "resolves newer API",
+			kubeVersion: semver.MustParse("1.31.0"),
+			groupVersionsByFeatureGate: map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion{
+				"DynamicResourceAllocation": {
+					{KubeVersionRange: semver.MustParseRange("< 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha2"}},
+					{KubeVersionRange: semver.MustParseRange(">= 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha3"}},
+				},
+			},
+			expectedGroupVersions: map[configv1.FeatureGateName][]schema.GroupVersion{
+				"DynamicResourceAllocation": {{Group: "resource.k8s.io", Version: "v1alpha3"}},
+			},
+		},
+		{
+			name:        "resolves minor versions API",
+			kubeVersion: semver.MustParse("1.31.15"),
+			groupVersionsByFeatureGate: map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion{
+				"DynamicResourceAllocation": {
+					{KubeVersionRange: semver.MustParseRange("< 1.31.15"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha2"}},
+					{KubeVersionRange: semver.MustParseRange(">= 1.31.15"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha3"}},
+				},
+			},
+			expectedGroupVersions: map[configv1.FeatureGateName][]schema.GroupVersion{
+				"DynamicResourceAllocation": {{Group: "resource.k8s.io", Version: "v1alpha3"}},
+			},
+		},
+		{
+			name:        "no intersection resolves to empty",
+			kubeVersion: semver.MustParse("1.31.15"),
+			groupVersionsByFeatureGate: map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion{
+				"DynamicResourceAllocation": {
+					{KubeVersionRange: semver.MustParseRange("< 1.31.14"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha2"}},
+					{KubeVersionRange: semver.MustParseRange(">= 1.31.16"), GroupVersion: schema.GroupVersion{Group: "resource.k8s.io", Version: "v1alpha3"}},
+				},
+			},
+			expectedGroupVersions: map[configv1.FeatureGateName][]schema.GroupVersion{},
+		},
+		{
+			name:        "intersection of group versions should result in an error",
+			kubeVersion: semver.MustParse("1.31.0"),
+			groupVersionsByFeatureGate: map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion{
+				"DynamicResourceAllocation": {
+					{KubeVersionRange: semver.MustParseRange("< 1.32.0"), GroupVersion: schema.GroupVersion{Group: "resource-a.k8s.io", Version: "v1alpha2"}},
+					{KubeVersionRange: semver.MustParseRange(">= 1.30.0"), GroupVersion: schema.GroupVersion{Group: "resource-a.k8s.io", Version: "v1alpha3"}},
+					{KubeVersionRange: semver.MustParseRange(">= 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource-b.k8s.io", Version: "v1alpha2"}},
+				},
+			},
+			expectErrors: true,
+		},
+		{
+			name:        "intersection of group versions across feature gates should result in an error",
+			kubeVersion: semver.MustParse("1.31.0"),
+			groupVersionsByFeatureGate: map[configv1.FeatureGateName][]groupVersionByOpenshiftVersion{
+				"DynamicResourceAllocation": {
+					{KubeVersionRange: semver.MustParseRange("< 1.32.0"), GroupVersion: schema.GroupVersion{Group: "resource-a.k8s.io", Version: "v1alpha2"}},
+					{KubeVersionRange: semver.MustParseRange(">= 1.31.0"), GroupVersion: schema.GroupVersion{Group: "resource-b.k8s.io", Version: "v1alpha2"}},
+				},
+				"DRA": {
+					{GroupVersion: schema.GroupVersion{Group: "resource-b.k8s.io", Version: "v1alpha1"}},
+				},
+			},
+			expectErrors: true,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			actual, err := getGroupVersionByFeatureGate(tc.groupVersionsByFeatureGate, tc.kubeVersion)
+			if diff := cmp.Diff(tc.expectedGroupVersions, actual); diff != "" {
+				t.Errorf("unexpected group versions:\n%s", diff)
+			}
+			if tc.expectErrors && err == nil {
+				t.Errorf("expected errors but got none")
+			}
+			if !tc.expectErrors && err != nil {
+				t.Errorf("unexpecteded errors: %v", err)
+			}
+		})
+	}
+}

pkg/operator/configobservation/configobservercontroller/observe_config_controller.go

@@ -1,12 +1,13 @@
 package configobservercontroller
 
 import (
-	configv1 "github.com/openshift/api/config/v1"
-	operatorv1informers "github.com/openshift/client-go/operator/informers/externalversions"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/client-go/tools/cache"
 
+	configv1 "github.com/openshift/api/config/v1"
 	configinformers "github.com/openshift/client-go/config/informers/externalversions"
+	operatorv1informers "github.com/openshift/client-go/operator/informers/externalversions"
 	"github.com/openshift/library-go/pkg/controller/factory"
 	"github.com/openshift/library-go/pkg/operator/configobserver"
 	libgoapiserver "github.com/openshift/library-go/pkg/operator/configobserver/apiserver"
@@ -37,15 +38,7 @@ type ConfigObserver struct {
 	factory.Controller
 }
 
-func NewConfigObserver(
-	operatorClient v1helpers.StaticPodOperatorClient,
-	kubeInformersForNamespaces v1helpers.KubeInformersForNamespaces,
-	configInformer configinformers.SharedInformerFactory,
-	operatorInformer operatorv1informers.SharedInformerFactory,
-	resourceSyncer resourcesynccontroller.ResourceSyncer,
-	featureGateAccessor featuregates.FeatureGateAccess,
-	eventRecorder events.Recorder,
-) *ConfigObserver {
+func NewConfigObserver(operatorClient v1helpers.StaticPodOperatorClient, kubeInformersForNamespaces v1helpers.KubeInformersForNamespaces, configInformer configinformers.SharedInformerFactory, operatorInformer operatorv1informers.SharedInformerFactory, resourceSyncer resourcesynccontroller.ResourceSyncer, featureGateAccessor featuregates.FeatureGateAccess, eventRecorder events.Recorder, groupVersionsByFeatureGate map[configv1.FeatureGateName][]schema.GroupVersion) *ConfigObserver {
 	interestingNamespaces := []string{
 		operatorclient.GlobalUserSpecifiedConfigNamespace,
 		operatorclient.GlobalMachineSpecifiedConfigNamespace,
@@ -147,7 +140,7 @@ func NewConfigObserver(
 				nil,
 				FeatureBlacklist,
 				featureGateAccessor,
-				apienablement.DefaultGroupVersionsByFeatureGate,
+				groupVersionsByFeatureGate,
 			),
 			network.ObserveRestrictedCIDRs,
 			network.ObserveServicesSubnet,

pkg/operator/starter.go

@@ -8,6 +8,8 @@ import (
 	"os"
 	"time"
 
+	"github.com/blang/semver/v4"
+
 	configv1 "github.com/openshift/api/config/v1"
 	operatorv1 "github.com/openshift/api/operator/v1"
 	configv1client "github.com/openshift/client-go/config/clientset/versioned"
@@ -22,6 +24,7 @@ import (
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/certrotationcontroller"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/certrotationtimeupgradeablecontroller"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configmetrics"
+	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/apienablement"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/configobservercontroller"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/node"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/connectivitycheckcontroller"
@@ -105,6 +108,15 @@ func RunOperator(ctx context.Context, controllerContext *controllercmd.Controlle
 	if err != nil {
 		return err
 	}
+	operandKubernetesVersion, err := semver.Parse(status.VersionForOperandFromEnv())
+	if err != nil {
+		return err
+	}
+	groupVersionsByFeatureGate, err := apienablement.GetDefaultGroupVersionByFeatureGate(operandKubernetesVersion)
+	if err != nil {
+		return err
+	}
+
 	kubeInformersForNamespaces := v1helpers.NewKubeInformersForNamespaces(
 		kubeClient,
 		"",
@@ -169,6 +181,7 @@ func RunOperator(ctx context.Context, controllerContext *controllercmd.Controlle
 		resourceSyncController,
 		featureGateAccessor,
 		controllerContext.EventRecorder,
+		groupVersionsByFeatureGate,
 	)
 
 	serviceAccountIssuerController := serviceaccountissuercontroller.NewController(operatorV1Client.OperatorV1().KubeAPIServers(), operatorInformers, configInformers, controllerContext.EventRecorder)