MCO-1898: MCS serves image-aware first-boot config

manifests/machineconfigserver/clusterrole.yaml

@@ -9,10 +9,19 @@ rules:
 - apiGroups: ["machineconfiguration.openshift.io"]
   resources: ["controllerconfigs"]
   verbs: ["get", "watch", "list"]
+- apiGroups: ["machineconfiguration.openshift.io"]
+  resources: ["machineosconfigs", "machineosbuilds"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: ["security.openshift.io"]
   resourceNames: ["hostnetwork"]
   resources: ["securitycontextconstraints"]
   verbs: ["use"]
 - apiGroups: [""]
   resources: ["configmaps"]
   verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "list"]
+- apiGroups: ["route.openshift.io"]
+  resources: ["routes"]
+  verbs: ["get", "list"]

pkg/controller/build/reconciler.go

@@ -999,7 +999,7 @@ func (b *buildReconciler) deleteMOSBImage(ctx context.Context, mosb *mcfgv1.Mach
 	}
 
 	image := string(mosb.Spec.RenderedImagePushSpec)
-	isOpenShiftRegistry, err := b.isOpenShiftRegistry(image)
+	isOpenShiftRegistry, err := ctrlcommon.IsOpenShiftRegistry(context.TODO(), image, b.kubeclient, b.routeclient)
 	if err != nil {
 		return err
 	}
@@ -1039,53 +1039,6 @@ func (b *buildReconciler) deleteMOSBImage(ctx context.Context, mosb *mcfgv1.Mach
 	return nil
 }
 
-// getInternalRegistryHostnames discovers OpenShift internal registry hostnames
-func (b *buildReconciler) getInternalRegistryHostnames(ctx context.Context) ([]string, error) {
-	var hostnames []string
-
-	// Get the list of services in the openshift-image-registry namespace (cluster-local)
-	services, err := b.kubeclient.CoreV1().Services("openshift-image-registry").List(ctx, metav1.ListOptions{})
-	if err != nil {
-		return nil, err
-	}
-	for _, svc := range services.Items {
-		clusterHostname := fmt.Sprintf("%s.%s.svc", svc.Name, svc.Namespace)
-		if len(svc.Spec.Ports) > 0 {
-			port := svc.Spec.Ports[0].Port
-			hostnames = append(hostnames, fmt.Sprintf("%s:%d", clusterHostname, port))
-		} else {
-			hostnames = append(hostnames, clusterHostname)
-		}
-	}
-
-	// Get the list of routes in the openshift-image-registry namespace (external access)
-	routes, err := b.routeclient.RouteV1().Routes("openshift-image-registry").List(ctx, metav1.ListOptions{})
-	if err != nil {
-		return nil, err
-	}
-	for _, route := range routes.Items {
-		if route.Spec.Host != "" {
-			hostnames = append(hostnames, route.Spec.Host)
-		}
-	}
-
-	return hostnames, nil
-}
-
-// isOpenShiftRegistry checks if the imageRef points to one of the known internal hostnames
-func (b *buildReconciler) isOpenShiftRegistry(imageRef string) (bool, error) {
-	registryHosts, err := b.getInternalRegistryHostnames(context.TODO())
-	if err != nil {
-		return false, err
-	}
-	for _, host := range registryHosts {
-		if strings.HasPrefix(imageRef, host) {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
 // Finds and deletes any other running builds for a given MachineOSConfig.
 func (b *buildReconciler) deleteOtherBuildsForMachineOSConfig(ctx context.Context, newMosb *mcfgv1.MachineOSBuild, mosc *mcfgv1.MachineOSConfig) error {
 	mosbList, err := b.getMachineOSBuildsForMachineOSConfig(mosc)

pkg/controller/common/registry_utils.go

@@ -0,0 +1,61 @@
+package common
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	routeclientset "github.com/openshift/client-go/route/clientset/versioned"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clientset "k8s.io/client-go/kubernetes"
+)
+
+// GetInternalRegistryHostnames discovers OpenShift internal registry hostnames
+// by querying Services and Routes in the openshift-image-registry namespace.
+func GetInternalRegistryHostnames(ctx context.Context, kubeclient clientset.Interface, routeclient routeclientset.Interface) ([]string, error) {
+	var hostnames []string
+
+	// Get the list of services in the openshift-image-registry namespace (cluster-local)
+	services, err := kubeclient.CoreV1().Services("openshift-image-registry").List(ctx, metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+	for _, svc := range services.Items {
+		clusterHostname := fmt.Sprintf("%s.%s.svc", svc.Name, svc.Namespace)
+		if len(svc.Spec.Ports) > 0 {
+			port := svc.Spec.Ports[0].Port
+			hostnames = append(hostnames, fmt.Sprintf("%s:%d", clusterHostname, port))
+		} else {
+			hostnames = append(hostnames, clusterHostname)
+		}
+	}
+
+	// Get the list of routes in the openshift-image-registry namespace (external access)
+	routes, err := routeclient.RouteV1().Routes("openshift-image-registry").List(ctx, metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+	for _, route := range routes.Items {
+		if route.Spec.Host != "" {
+			hostnames = append(hostnames, route.Spec.Host)
+		}
+	}
+
+	return hostnames, nil
+}
+
+// IsOpenShiftRegistry checks if the imageRef points to one of the known internal registry hostnames
+func IsOpenShiftRegistry(ctx context.Context, imageRef string, kubeclient clientset.Interface, routeclient routeclientset.Interface) (bool, error) {
+	registryHosts, err := GetInternalRegistryHostnames(ctx, kubeclient, routeclient)
+	if err != nil {
+		return false, err
+	}
+
+	for _, host := range registryHosts {
+		if strings.HasPrefix(imageRef, host) {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}