Merge pull request openshift#8514 from mresvanis/add-image-based-config-iso

MGMT-17842: Add image-based installer create config ISO

Author: openshift-merge-bot[bot]

cmd/openshift-install/imagebased.go

@@ -3,17 +3,19 @@ package main
 import (
 	"context"
 
-	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
 	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/imagebased/configimage"
 	"github.com/openshift/installer/pkg/asset/imagebased/image"
+	"github.com/openshift/installer/pkg/asset/kubeconfig"
+	"github.com/openshift/installer/pkg/asset/password"
 )
 
 func newImageBasedCmd(ctx context.Context) *cobra.Command {
 	imagebasedCmd := &cobra.Command{
 		Use:   "image-based",
-		Short: "Commands for supporting cluster installation using the Image-based installer",
+		Short: "Commands for supporting cluster installation using the image-based installer",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return cmd.Help()
 		},
@@ -48,9 +50,37 @@ var (
 		},
 	}
 
+	imageBasedConfigTemplateTarget = target{
+		name: "Image-based Installer Config ISO Configuration Template",
+		command: &cobra.Command{
+			Use:   "config-template",
+			Short: "Generates a template of the Image-based Config ISO config manifest used by the image-based installer",
+			Args:  cobra.ExactArgs(0),
+		},
+		assets: []asset.WritableAsset{
+			&configimage.ImageBasedConfig{},
+		},
+	}
+
+	imageBasedConfigImageTarget = target{
+		name: "Image-based Installer Config ISO Image",
+		command: &cobra.Command{
+			Use:   "config-image",
+			Short: "Generates an ISO containing configuration files only",
+			Args:  cobra.ExactArgs(0),
+		},
+		assets: []asset.WritableAsset{
+			&configimage.ConfigImage{},
+			&kubeconfig.ImageBasedAdminClient{},
+			&password.KubeadminPassword{},
+		},
+	}
+
 	imageBasedTargets = []target{
 		imageBasedInstallationConfigTemplateTarget,
 		imageBasedInstallationImageTarget,
+		imageBasedConfigTemplateTarget,
+		imageBasedConfigImageTarget,
 	}
 )
 
@@ -69,30 +99,5 @@ func newImageBasedCreateCmd(ctx context.Context) *cobra.Command {
 		cmd.AddCommand(t.command)
 	}
 
-	cmd.AddCommand(createConfigTemplateCmd())
-	cmd.AddCommand(createConfigImageCmd())
-
 	return cmd
 }
-
-func createConfigTemplateCmd() *cobra.Command {
-	return &cobra.Command{
-		Use:   "config-template",
-		Short: "Generates a template of the Image-based Config ISO config manifest used by the Image-based installer",
-		Args:  cobra.ExactArgs(0),
-		Run: func(_ *cobra.Command, _ []string) {
-			logrus.Info("Create config template command")
-		},
-	}
-}
-
-func createConfigImageCmd() *cobra.Command {
-	return &cobra.Command{
-		Use:   "config-image",
-		Short: "Generates an ISO containing configuration files only",
-		Args:  cobra.ExactArgs(0),
-		Run: func(_ *cobra.Command, _ []string) {
-			logrus.Info("Create config image command")
-		},
-	}
-}

go.mod

@@ -128,6 +128,7 @@ require (
 	sigs.k8s.io/cluster-api-provider-vsphere v1.9.3
 	sigs.k8s.io/controller-runtime v0.18.3
 	sigs.k8s.io/controller-tools v0.12.0
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -292,7 +293,6 @@ require (
 	k8s.io/component-base v0.30.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/kubectl v0.30.1 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.16.0 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.16.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

pkg/asset/imagebased/configimage/cabundle.go

@@ -0,0 +1,42 @@
+package configimage
+
+import (
+	"context"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/tls"
+)
+
+// ImageBasedKubeAPIServerCompleteCABundle is the asset the generates the kube-apiserver-complete-server-ca-bundle,
+// which contains all the certs that are valid to confirm the kube-apiserver identity and it also contains the
+// Ingress Operator CA certificate.
+type ImageBasedKubeAPIServerCompleteCABundle struct {
+	tls.CertBundle
+}
+
+var _ asset.Asset = (*ImageBasedKubeAPIServerCompleteCABundle)(nil)
+
+// Dependencies returns the dependency of the cert bundle.
+func (a *ImageBasedKubeAPIServerCompleteCABundle) Dependencies() []asset.Asset {
+	return []asset.Asset{
+		&tls.KubeAPIServerLocalhostCABundle{},
+		&tls.KubeAPIServerServiceNetworkCABundle{},
+		&tls.KubeAPIServerLBCABundle{},
+		&IngressOperatorCABundle{},
+	}
+}
+
+// Generate generates the cert bundle based on its dependencies.
+func (a *ImageBasedKubeAPIServerCompleteCABundle) Generate(ctx context.Context, deps asset.Parents) error {
+	certs := []tls.CertInterface{}
+	for _, asset := range a.Dependencies() {
+		deps.Get(asset)
+		certs = append(certs, asset.(tls.CertInterface))
+	}
+	return a.CertBundle.Generate(ctx, "kube-apiserver-complete-server-ca-bundle", certs...)
+}
+
+// Name returns the human-friendly name of the asset.
+func (a *ImageBasedKubeAPIServerCompleteCABundle) Name() string {
+	return "Certificate (kube-apiserver-complete-server-ca-bundle)"
+}

pkg/asset/imagebased/configimage/cabundle_test.go

@@ -0,0 +1,90 @@
+package configimage
+
+import (
+	"bytes"
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/tls"
+)
+
+func TestCaBundle_Generate(t *testing.T) {
+	expectedBundleRaw := bytes.Join([][]byte{
+		lbCABundle().BundleRaw,
+		localhostCABundle().BundleRaw,
+		serviceNetworkCABundle().BundleRaw,
+		ingressCABundle().BundleRaw,
+	}, []byte{})
+
+	cases := []struct {
+		name         string
+		dependencies []asset.Asset
+		expected     *tls.CertBundle
+	}{
+		{
+			name: "valid dependencies",
+			dependencies: []asset.Asset{
+				lbCABundle(),
+				localhostCABundle(),
+				serviceNetworkCABundle(),
+				ingressCABundle(),
+			},
+			expected: &tls.CertBundle{
+				BundleRaw: expectedBundleRaw,
+				FileList: []*asset.File{
+					{
+						Filename: "tls/kube-apiserver-complete-server-ca-bundle.crt",
+						Data:     expectedBundleRaw,
+					},
+				},
+			},
+		},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			parents := asset.Parents{}
+			parents.Add(tc.dependencies...)
+
+			asset := &ImageBasedKubeAPIServerCompleteCABundle{}
+			err := asset.Generate(context.TODO(), parents)
+			assert.NoError(t, err)
+			assert.Equal(t, string(tc.expected.BundleRaw), string(asset.CertBundle.BundleRaw))
+			assert.Equal(t, tc.expected.FileList, asset.CertBundle.FileList)
+		})
+	}
+}
+
+func lbCABundle() *tls.KubeAPIServerLBCABundle {
+	return &tls.KubeAPIServerLBCABundle{
+		CertBundle: tls.CertBundle{
+			BundleRaw: []byte(testCert),
+		},
+	}
+}
+
+func localhostCABundle() *tls.KubeAPIServerLocalhostCABundle {
+	return &tls.KubeAPIServerLocalhostCABundle{
+		CertBundle: tls.CertBundle{
+			BundleRaw: []byte(testCert),
+		},
+	}
+}
+
+func serviceNetworkCABundle() *tls.KubeAPIServerServiceNetworkCABundle {
+	return &tls.KubeAPIServerServiceNetworkCABundle{
+		CertBundle: tls.CertBundle{
+			BundleRaw: []byte(testCert),
+		},
+	}
+}
+
+func ingressCABundle() *IngressOperatorCABundle {
+	return &IngressOperatorCABundle{
+		CertBundle: tls.CertBundle{
+			BundleRaw: []byte(testCert),
+		},
+	}
+}