Skip to content

Commit

Permalink
ocp: render: add option to toggle the SCC to use
Browse files Browse the repository at this point in the history
default is the native and more restrictive v2,
but if we supply the MachineConfig, v1 is
still supported.

Signed-off-by: Francesco Romani <[email protected]>
  • Loading branch information
ffromani committed Dec 18, 2024
1 parent 1e7e94f commit d710500
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
9 changes: 8 additions & 1 deletion pkg/commands/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ type internalOptions struct {
rteConfigFile string
schedScoringStratConfigFile string
schedCacheParamsConfigFile string
updaterSCCVersion string
plat string
}

Expand Down Expand Up @@ -96,6 +97,7 @@ func InitFlags(flags *pflag.FlagSet, commonOpts *options.Options, internalOpts *
flags.StringVar(&internalOpts.schedScoringStratConfigFile, "sched-scoring-strat-config-file", "", "inject scheduler scoring strategy configuration reading from this file.")
flags.StringVar(&internalOpts.schedCacheParamsConfigFile, "sched-cache-params-config-file", "", "inject scheduler fine cache params configuration reading from this file.")
flags.IntVarP(&internalOpts.replicas, "replicas", "R", 1, "set the replica value - where relevant.")
flags.StringVar(&internalOpts.updaterSCCVersion, "updater-scc", "v2", "select the SecurityContextConstraint version to use. v2 by default")

flags.DurationVarP(&commonOpts.WaitInterval, "wait-interval", "E", 2*time.Second, "wait interval.")
flags.DurationVarP(&commonOpts.WaitTimeout, "wait-timeout", "T", 2*time.Minute, "wait timeout.")
Expand All @@ -104,7 +106,7 @@ func InitFlags(flags *pflag.FlagSet, commonOpts *options.Options, internalOpts *
flags.BoolVar(&commonOpts.UpdaterPFPEnable, "updater-pfp-enable", true, "toggle PFP support on the updater side.")
flags.BoolVar(&commonOpts.UpdaterNotifEnable, "updater-notif-enable", false, "toggle event-based notification support on the updater side.")
flags.BoolVar(&commonOpts.UpdaterCRIHooksEnable, "updater-cri-hooks-enable", false, "toggle installation of CRI hooks on the updater side.")
flags.BoolVar(&commonOpts.UpdaterCustomSELinuxPolicy, "updater-custom-selinux-policy", false, "toggle installation of selinux policy on the updater side. off by default")
flags.BoolVar(&commonOpts.UpdaterCustomSELinuxPolicy, "updater-custom-selinux-policy", true, "toggle installation of selinux policy in the legacy policy on the updater side. on by default")
flags.DurationVar(&commonOpts.UpdaterSyncPeriod, "updater-sync-period", manifests.DefaultUpdaterSyncPeriod, "tune the updater synchronization (nrt update) interval. Use 0 to disable.")
flags.IntVar(&commonOpts.UpdaterVerbose, "updater-verbose", manifests.DefaultUpdaterVerbose, "set the updater verbosiness.")
flags.StringVar(&commonOpts.SchedProfileName, "sched-profile-name", schedmanifests.DefaultProfileName, "inject scheduler profile name.")
Expand All @@ -120,6 +122,11 @@ func PostSetupOptions(env *deployer.Environment, commonOpts *options.Options, in
env.Log.V(3).Info("global polling settings", "interval", commonOpts.WaitInterval, "timeout", commonOpts.WaitTimeout)
wait.SetBaseValues(commonOpts.WaitInterval, commonOpts.WaitTimeout)

if !options.IsValidSCCVersion(internalOpts.updaterSCCVersion) {
return fmt.Errorf("SCC version %q is invalid", internalOpts.updaterSCCVersion)
}
commonOpts.UpdaterSCCVersion = options.SCCVersion(internalOpts.updaterSCCVersion)

if internalOpts.replicas < 0 {
err := env.EnsureClient()
if err != nil {
Expand Down
14 changes: 14 additions & 0 deletions pkg/options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,17 @@ import (
"github.com/k8stopologyawareschedwg/deployer/pkg/deployer/platform"
)

type SCCVersion string

const (
SCCV1 SCCVersion = "v1"
SCCV2 SCCVersion = "v2"
)

func IsValidSCCVersion(ver string) bool {
return ver == string(SCCV1) || ver == string(SCCV2)
}

type Options struct {
UserPlatform platform.Platform
UserPlatformVersion platform.Version
Expand All @@ -35,6 +46,7 @@ type Options struct {
UpdaterNotifEnable bool
UpdaterCRIHooksEnable bool
UpdaterCustomSELinuxPolicy bool
UpdaterSCCVersion SCCVersion
UpdaterSyncPeriod time.Duration
UpdaterVerbose int
SchedProfileName string
Expand Down Expand Up @@ -78,6 +90,7 @@ type DaemonSet struct {
NotificationEnable bool
NodeSelector *metav1.LabelSelector
UpdateInterval time.Duration
SCCVersion SCCVersion
}

type UpdaterDaemon struct {
Expand Down Expand Up @@ -112,6 +125,7 @@ func ForDaemonSet(commonOpts *Options) DaemonSet {
PFPEnable: commonOpts.UpdaterPFPEnable,
NotificationEnable: commonOpts.UpdaterNotifEnable,
UpdateInterval: commonOpts.UpdaterSyncPeriod,
SCCVersion: commonOpts.UpdaterSCCVersion,
Verbose: commonOpts.UpdaterVerbose,
}
}

0 comments on commit d710500

Please sign in to comment.