pis to v1

Author: RishabhSaini

hack/update-payload-crds.sh

@@ -22,7 +22,13 @@ crd_globs="\
     operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers*.crd.yaml
     config/v1/zz_generated.crd-manifests/0000_10_openshift-controller-manager_01_builds*.crd.yaml
     operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers*.crd.yaml
-    machineconfiguration/v1/zz_generated.crd-manifests/*.crd.yaml
+    machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs*.crd.yaml
+    machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs*.crd.yaml
+    machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs*.crd.yaml
+    machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigpools*.crd.yaml
+    machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigs*.crd.yaml
+    machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosbuilds*.crd.yaml
+    machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosconfigs*.crd.yaml
     machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes*.crd.yaml
     machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets*.crd.yaml
     operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations*.crd.yaml

machineconfiguration/v1/register.go

@@ -38,6 +38,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&MachineOSConfigList{},
 		&MachineOSBuild{},
 		&MachineOSBuildList{},
+		&PinnedImageSet{},
+		&PinnedImageSetList{},
 	)
 
 	metav1.AddToGroupVersion(scheme, GroupVersion)

machineconfiguration/v1/tests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml

@@ -0,0 +1,81 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "PinnedImageSet"
+crdName: pinnedimagesets.machineconfiguration.openshift.io
+featureGate: PinnedImages
+tests:
+  onCreate:
+    - name: Should be able to create a minimal PinnedImageSet
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: PinnedImageSet
+        metadata:
+          name: foobar
+          labels:
+            machineconfiguration.openshift.io/role: "master"
+        spec:
+          pinnedImages:
+            - name: registry.example.com/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504 
+      expected: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: PinnedImageSet
+        metadata:
+          name: foobar
+          labels:
+            machineconfiguration.openshift.io/role: "master"
+        spec:
+          pinnedImages:
+            - name: registry.example.com/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
+    - name: Should be able to create a PinnedImageSet with the PinnedImageRef name containing a port
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: PinnedImageSet
+        metadata:
+          name: foobar
+          labels:
+            machineconfiguration.openshift.io/role: "master"
+        spec:
+          pinnedImages:
+            - name: registry.example.com:5000/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504 
+      expected: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: PinnedImageSet
+        metadata:
+          name: foobar
+          labels:
+            machineconfiguration.openshift.io/role: "master"
+        spec:
+          pinnedImages:
+            - name: registry.example.com:5000/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
+    - name: Should be able to create a PinnedImageSet with the PinnedImageRef name containing a namespace
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: PinnedImageSet
+        metadata:
+          name: foobar
+          labels:
+            machineconfiguration.openshift.io/role: "master"
+        spec:
+          pinnedImages:
+            - name: registry.example.com/my-namespace/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504 
+      expected: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: PinnedImageSet
+        metadata:
+          name: foobar
+          labels:
+            machineconfiguration.openshift.io/role: "master"
+        spec:
+          pinnedImages:
+            - name: registry.example.com/my-namespace/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
+    - name: Fail on invalid PinnedImageRef name
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: PinnedImageSet
+        metadata:
+          name: foobar
+          labels:
+            machineconfiguration.openshift.io/role: "master"
+        spec:
+          pinnedImages:
+            - name: foo.bar 
+      expectedError: "spec.pinnedImages[0].name: Invalid value: \"string\": the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"

machineconfiguration/v1/types_pinnedimageset.go

@@ -0,0 +1,86 @@
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=pinnedimagesets,scope=Cluster
+// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2198
+// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01
+// +openshift:enable:FeatureGate=PinnedImages
+// +kubebuilder:metadata:labels=openshift.io/operator-managed=
+
+// PinnedImageSet describes a set of images that should be pinned by CRI-O and
+// pulled to the nodes which are members of the declared MachineConfigPools.
+//
+// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+// +openshift:compatibility-gen:level=1
+type PinnedImageSet struct {
+	metav1.TypeMeta `json:",inline"`
+	
+	// metadata is the standard object metadata.
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// spec describes the configuration of this pinned image set.
+	// +required
+	Spec PinnedImageSetSpec `json:"spec"`
+}
+
+// PinnedImageSetSpec defines the desired state of a PinnedImageSet.
+type PinnedImageSetSpec struct {
+	// pinnedImages is a list of OCI Image referenced by digest that should be
+	// pinned and pre-loaded by the nodes of a MachineConfigPool.
+	// Translates into a new file inside the /etc/crio/crio.conf.d directory
+	// with content similar to this:
+	//
+	//      pinned_images = [
+	//              "quay.io/openshift-release-dev/ocp-release@sha256:...",
+	//              "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
+	//              "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
+	//              ...
+	//      ]
+	//
+	// Image references must be by digest.
+	// A maximum of 500 images may be specified.
+	// +required
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=500
+	// +listType=map
+	// +listMapKey=name
+	PinnedImages []PinnedImageRef `json:"pinnedImages"`
+}
+
+// PinnedImageRef represents a reference to an OCI image
+type PinnedImageRef struct {
+	// name is an OCI Image referenced by digest.
+	// The format of the image pull spec is: host[:port][/namespace]/name@sha256:<digest>,
+	// where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.
+	// The length of the whole spec must be between 1 to 447 characters.
+	// +required
+	Name ImageDigestFormat `json:"name"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PinnedImageSetList is a list of PinnedImageSet resources
+//
+// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+// +openshift:compatibility-gen:level=1
+type PinnedImageSetList struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// metadata is the standard list metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	// items contains a collection of PinnedImageSet resources.
+	// +kubebuilder:validation:MaxItems=500
+	// +optional
+	Items []PinnedImageSet `json:"items"`
+}

machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-CustomNoUpgrade.crd.yaml

@@ -0,0 +1,102 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    api-approved.openshift.io: https://github.com/openshift/api/pull/2198
+    api.openshift.io/merged-by-featuregates: "true"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    release.openshift.io/feature-set: CustomNoUpgrade
+  labels:
+    openshift.io/operator-managed: ""
+  name: pinnedimagesets.machineconfiguration.openshift.io
+spec:
+  group: machineconfiguration.openshift.io
+  names:
+    kind: PinnedImageSet
+    listKind: PinnedImageSetList
+    plural: pinnedimagesets
+    singular: pinnedimageset
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: |-
+          PinnedImageSet describes a set of images that should be pinned by CRI-O and
+          pulled to the nodes which are members of the declared MachineConfigPools.
+
+          Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: spec describes the configuration of this pinned image set.
+            properties:
+              pinnedImages:
+                description: |-
+                  pinnedImages is a list of OCI Image referenced by digest that should be
+                  pinned and pre-loaded by the nodes of a MachineConfigPool.
+                  Translates into a new file inside the /etc/crio/crio.conf.d directory
+                  with content similar to this:
+
+                       pinned_images = [
+                               "quay.io/openshift-release-dev/ocp-release@sha256:...",
+                               "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
+                               "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
+                               ...
+                       ]
+
+                  Image references must be by digest.
+                  A maximum of 500 images may be specified.
+                items:
+                  description: PinnedImageRef represents a reference to an OCI image
+                  properties:
+                    name:
+                      description: |-
+                        name is an OCI Image referenced by digest.
+                        The format of the image pull spec is: host[:port][/namespace]/name@sha256:<digest>,
+                        where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.
+                        The length of the whole spec must be between 1 to 447 characters.
+                      maxLength: 447
+                      minLength: 1
+                      type: string
+                      x-kubernetes-validations:
+                      - message: the OCI Image reference must end with a valid '@sha256:<digest>'
+                          suffix, where '<digest>' is 64 characters long
+                        rule: (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))
+                      - message: the OCI Image name should follow the host[:port][/namespace]/name
+                          format, resembling a valid URL without the scheme
+                        rule: (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))
+                  required:
+                  - name
+                  type: object
+                maxItems: 500
+                minItems: 1
+                type: array
+                x-kubernetes-list-map-keys:
+                - name
+                x-kubernetes-list-type: map
+            required:
+            - pinnedImages
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true

machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-DevPreviewNoUpgrade.crd.yaml

@@ -0,0 +1,102 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    api-approved.openshift.io: https://github.com/openshift/api/pull/2198
+    api.openshift.io/merged-by-featuregates: "true"
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    release.openshift.io/feature-set: DevPreviewNoUpgrade
+  labels:
+    openshift.io/operator-managed: ""
+  name: pinnedimagesets.machineconfiguration.openshift.io
+spec:
+  group: machineconfiguration.openshift.io
+  names:
+    kind: PinnedImageSet
+    listKind: PinnedImageSetList
+    plural: pinnedimagesets
+    singular: pinnedimageset
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: |-
+          PinnedImageSet describes a set of images that should be pinned by CRI-O and
+          pulled to the nodes which are members of the declared MachineConfigPools.
+
+          Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: spec describes the configuration of this pinned image set.
+            properties:
+              pinnedImages:
+                description: |-
+                  pinnedImages is a list of OCI Image referenced by digest that should be
+                  pinned and pre-loaded by the nodes of a MachineConfigPool.
+                  Translates into a new file inside the /etc/crio/crio.conf.d directory
+                  with content similar to this:
+
+                       pinned_images = [
+                               "quay.io/openshift-release-dev/ocp-release@sha256:...",
+                               "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
+                               "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
+                               ...
+                       ]
+
+                  Image references must be by digest.
+                  A maximum of 500 images may be specified.
+                items:
+                  description: PinnedImageRef represents a reference to an OCI image
+                  properties:
+                    name:
+                      description: |-
+                        name is an OCI Image referenced by digest.
+                        The format of the image pull spec is: host[:port][/namespace]/name@sha256:<digest>,
+                        where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.
+                        The length of the whole spec must be between 1 to 447 characters.
+                      maxLength: 447
+                      minLength: 1
+                      type: string
+                      x-kubernetes-validations:
+                      - message: the OCI Image reference must end with a valid '@sha256:<digest>'
+                          suffix, where '<digest>' is 64 characters long
+                        rule: (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))
+                      - message: the OCI Image name should follow the host[:port][/namespace]/name
+                          format, resembling a valid URL without the scheme
+                        rule: (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))
+                  required:
+                  - name
+                  type: object
+                maxItems: 500
+                minItems: 1
+                type: array
+                x-kubernetes-list-map-keys:
+                - name
+                x-kubernetes-list-type: map
+            required:
+            - pinnedImages
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true