Merge pull request #1440 from bshephar/imagedigestmirrorset

Support IDMS for disconnected automation

Author: openshift-merge-bot[bot]

bindata/rbac/rbac.yaml

@@ -241,6 +241,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - imagedigestmirrorsets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - config.openshift.io
   resources:

config/rbac/role.yaml

@@ -198,6 +198,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - imagedigestmirrorsets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - config.openshift.io
   resources:

controllers/dataplane/openstackdataplanenodeset_controller.go

@@ -125,6 +125,7 @@ func (r *OpenStackDataPlaneNodeSetReconciler) GetLogger(ctx context.Context) log
 
 // RBAC for ImageContentSourcePolicy and MachineConfig
 // +kubebuilder:rbac:groups="operator.openshift.io",resources=imagecontentsourcepolicies,verbs=get;list;watch
+// +kubebuilder:rbac:groups="config.openshift.io",resources=imagedigestmirrorsets,verbs=get;list;watch
 // +kubebuilder:rbac:groups="machineconfiguration.openshift.io",resources=machineconfigs,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to

docs/assemblies/proc_deploying-in-disconnected-environments.adoc

@@ -8,9 +8,9 @@ Deploying in disconnected environments can be achieved largely by following the
 == Technical Implementation
 The details provided in this section are for informational purposes only. Users should not need to interact with anything additional after completing the above mentioned OLM mirroring process.
 
-The `openstack-operator` contains a list of related images that will ensure all required images for the deployment are mirrored following the above OpenShift process. Once images are mirrored, the `ImageContentSourcePolicy` custom resource (CR) is created. This process results in a `MachineConfig` called `99-master-genereted-registries` being updated in the cluster. The `99-master-generated-registries` `MachineConfig` contains a `registries.conf` file that is applied to all of the OpenShift nodes in the cluster.
+The `openstack-operator` contains a list of related images that will ensure all required images for the deployment are mirrored following the above OpenShift process. Once images are mirrored, either an `ImageContentSourcePolicy` custom resource (CR), or a `ImageDigestMirrorSet` CR is created. This process results in a `MachineConfig` called `99-master-genereted-registries` being updated in the cluster. The `99-master-generated-registries` `MachineConfig` contains a `registries.conf` file that is applied to all of the OpenShift nodes in the cluster.
 
-In order for dataplane nodes to integrate cleanly with this process, openstack-operator checks for the existence of an `ImageContentSourcePolicy`. If one is found, it will read the `registries.conf` file from the `99-master-generated-registries` `MachineConfig`. The openstack-operator will then set two variables in the Ansible inventory for the nodes.
+In order for dataplane nodes to integrate cleanly with this process, openstack-operator checks for the existence of an `ImageContentSourcePolicy` or an `ImageDigestMirrorSet`. If one is found, it will read the `registries.conf` file from the `99-master-generated-registries` `MachineConfig`. The openstack-operator will then set two variables in the Ansible inventory for the nodes.
 
 [,yaml]
 ----

pkg/dataplane/util/image_registry.go

@@ -7,8 +7,9 @@ import (
 	"fmt"
 	"strings"
 
+	ocpidms "github.com/openshift/api/config/v1"
 	mc "github.com/openshift/api/machineconfiguration/v1"
-	ocpimage "github.com/openshift/api/operator/v1alpha1"
+	ocpicsp "github.com/openshift/api/operator/v1alpha1"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -35,22 +36,29 @@ type machineConfigIgnition struct {
 	} `json:"storage"`
 }
 
-// IsDisconnectedOCP - Will retrieve a ImageContentSourcePolicyList. If the list is not
+// IsDisconnectedOCP - Will retrieve a CR's related to disconnected OCP deployments. If the list is not
 // empty, we can infer that the OCP cluster is a disconnected deployment.
 func IsDisconnectedOCP(ctx context.Context, helper *helper.Helper) (bool, error) {
-	icspList := ocpimage.ImageContentSourcePolicyList{}
+	icspList := ocpicsp.ImageContentSourcePolicyList{}
+	idmsList := ocpidms.ImageDigestMirrorSetList{}
 
 	listOpts := []client.ListOption{}
-	err := helper.GetClient().List(ctx, &icspList, listOpts...)
+
+	var err error
+	err = helper.GetClient().List(ctx, &icspList, listOpts...)
+	if err != nil {
+		return false, err
+	}
+	err = helper.GetClient().List(ctx, &idmsList, listOpts...)
 	if err != nil {
 		return false, err
 	}
 
-	if len(icspList.Items) != 0 {
-		return true, nil
+	if len(icspList.Items) != 0 || len(idmsList.Items) != 0 {
+		return true, err
 	}
 
-	return false, nil
+	return false, err
 }
 
 // GetMCRegistryConf - will unmarshal the MachineConfig ignition file the machineConfigIgnition object.

tests/functional/dataplane/suite_test.go

@@ -106,6 +106,8 @@ var _ = BeforeSuite(func() {
 	Expect(err).ShouldNot(HaveOccurred())
 	imageContentSourcePolicyCRDs, err := test.GetCRDDirFromModule("github.com/openshift/api", gomod, "operator/v1alpha1/zz_generated.crd-manifests/")
 	Expect(err).ShouldNot(HaveOccurred())
+	imageDigestMirrorSetCRDs, err := test.GetCRDDirFromModule("github.com/openshift/api", gomod, "config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_imagedigestmirrorsets.crd.yaml")
+	Expect(err).ShouldNot(HaveOccurred())
 	machineConfigCRDs, err := test.GetCRDDirFromModule("github.com/openshift/api", gomod, "machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigs.crd.yaml")
 	Expect(err).ShouldNot(HaveOccurred())
 
@@ -118,6 +120,7 @@ var _ = BeforeSuite(func() {
 			certmgrv1CRDs,
 			openstackCRDs,
 			imageContentSourcePolicyCRDs,
+			imageDigestMirrorSetCRDs,
 			machineConfigCRDs,
 		},
 		WebhookInstallOptions: envtest.WebhookInstallOptions{