merge nmstate/kubernetes-nmstate v0.47.0

OWNERS

@@ -3,20 +3,16 @@ approvers:
   - qinqon
   - bcrochet
   - rhrazdil
-  - yboaron
-  - cybertron
-  - celebdor
 reviewers:
   - phoracek
   - qinqon
   - bcrochet
   - yboaron
   - RamLavi
   - rhrazdil
-  - cybertron
-  - celebdor
 
 # Bugzilla info;
 component: Networking
-subcomponent: kubernetes-nmstate-operator,kubernetes-nmstate
+subcomponent: kubernetes-nmstate-operator
+subcomponent: kubernetes-nmstate
 

build/Dockerfile.openshift

@@ -1,9 +1,9 @@
-FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.15-openshift-4.7 AS builder
+FROM registry.svc.ci.openshift.org/openshift/release:golang-1.15 AS builder
 WORKDIR /go/src/github.com/openshift/kubernetes-nmstate
 COPY . .
 RUN GO111MODULE=on go build --mod=vendor -o build/_output/bin/manager main.go
 
-FROM registry.ci.openshift.org/ocp/4.7:base
+FROM ubi8-minimal
 
 RUN \
     microdnf -y update && \

build/Dockerfile.operator.openshift

@@ -1,9 +1,9 @@
-FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.16-openshift-4.8 AS builder
+FROM registry.svc.ci.openshift.org/openshift/release:golang-1.15 AS builder
 WORKDIR /go/src/github.com/openshift/kubernetes-nmstate
 COPY . .
 RUN GO111MODULE=on go build --mod=vendor -o build/_output/bin/manager main.go
 
-FROM registry.ci.openshift.org/ocp/4.8:base
+FROM registry.access.redhat.com/ubi8/ubi-minimal
 
 COPY --from=builder /go/src/github.com/openshift/kubernetes-nmstate/build/_output/bin/manager /usr/bin/
 COPY deploy/crds/nmstate.io_nodenetwork*.yaml /bindata/kubernetes-nmstate/crds/
@@ -12,13 +12,9 @@ COPY deploy/handler/operator.yaml /bindata/kubernetes-nmstate/handler/handler.ya
 COPY deploy/handler/service_account.yaml /bindata/kubernetes-nmstate/rbac/
 COPY deploy/handler/role.yaml /bindata/kubernetes-nmstate/rbac/
 COPY deploy/handler/role_binding.yaml /bindata/kubernetes-nmstate/rbac/
-COPY --from=builder /go/src/github.com/openshift/kubernetes-nmstate/manifests /manifests
-COPY --from=builder /go/src/github.com/openshift/kubernetes-nmstate/metadata /metadata
 
 ENTRYPOINT ["manager"]
 
 LABEL io.k8s.display-name="kubernetes-nmstate-operator" \
       io.k8s.description="Operator for Node network configuration through Kubernetes API" \
-      io.openshift.tags="openshift,kubernetes-nmstate-operator" \
-      com.redhat.delivery.appregistry=true \
       maintainer="Yossi Boaron <[email protected]>"

bundle/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml

@@ -122,7 +122,7 @@ spec:
                 - name: PROFILER_PORT
                   value: "6060"
                 - name: RUN_OPERATOR
-                - name: HANDLER_IMAGE
+                - name: RELATED_IMAGE_HANDLER_IMAGE
                   value: quay.io/nmstate/kubernetes-nmstate-handler:latest
                 - name: HANDLER_IMAGE_PULL_POLICY
                   value: Always

controllers/nmstate_controller.go

@@ -138,7 +138,7 @@ func (r *NMStateReconciler) applyNamespace(instance *nmstatev1beta1.NMState) err
 func (r *NMStateReconciler) applyRBAC(instance *nmstatev1beta1.NMState) error {
 	data := render.MakeRenderData()
 	data.Data["HandlerNamespace"] = os.Getenv("HANDLER_NAMESPACE")
-	data.Data["HandlerImage"] = os.Getenv("HANDLER_IMAGE")
+	data.Data["HandlerImage"] = os.Getenv("RELATED_IMAGE_HANDLER_IMAGE")
 	data.Data["HandlerPullPolicy"] = os.Getenv("HANDLER_IMAGE_PULL_POLICY")
 	data.Data["HandlerPrefix"] = os.Getenv("HANDLER_PREFIX")
 	return r.renderAndApply(instance, data, "rbac", true)
@@ -165,7 +165,7 @@ func (r *NMStateReconciler) applyHandler(instance *nmstatev1beta1.NMState) error
 	amd64AndCRNodeSelector["beta.kubernetes.io/arch"] = "amd64"
 
 	data.Data["HandlerNamespace"] = os.Getenv("HANDLER_NAMESPACE")
-	data.Data["HandlerImage"] = os.Getenv("HANDLER_IMAGE")
+	data.Data["HandlerImage"] = os.Getenv("RELATED_IMAGE_HANDLER_IMAGE")
 	data.Data["HandlerPullPolicy"] = os.Getenv("HANDLER_IMAGE_PULL_POLICY")
 	data.Data["HandlerPrefix"] = os.Getenv("HANDLER_PREFIX")
 	data.Data["WebhookNodeSelector"] = amd64ArchOnMasterNodeSelector

controllers/nmstate_controller_test.go

@@ -63,7 +63,7 @@ var _ = Describe("NMState controller reconcile", func() {
 		reconciler.Scheme = s
 		reconciler.Log = ctrl.Log.WithName("controllers").WithName("NMState")
 		os.Setenv("HANDLER_NAMESPACE", handlerNamespace)
-		os.Setenv("HANDLER_IMAGE", handlerImage)
+		os.Setenv("RELATED_IMAGE_HANDLER_IMAGE", handlerImage)
 		os.Setenv("HANDLER_IMAGE_PULL_POLICY", imagePullPolicy)
 		os.Setenv("HANDLER_PREFIX", handlerPrefix)
 	})

controllers/nodenetworkconfigurationpolicy_controller.go

@@ -89,121 +89,21 @@ var (
 	}
 )
 
-func init() {
-	if !environment.IsHandler() {
-		return
-	}
-
-	nodeName = environment.NodeName()
-	if len(nodeName) == 0 {
-		panic("NODE_NAME is mandatory")
-	}
-}
-
 // NodeNetworkConfigurationPolicyReconciler reconciles a NodeNetworkConfigurationPolicy object
 type NodeNetworkConfigurationPolicyReconciler struct {
 	client.Client
 	Log    logr.Logger
 	Scheme *runtime.Scheme
 }
 
-func (r *NodeNetworkConfigurationPolicyReconciler) waitEnactmentCreated(enactmentKey types.NamespacedName) error {
-	var enactment nmstatev1beta1.NodeNetworkConfigurationEnactment
-	pollErr := wait.PollImmediate(1*time.Second, 10*time.Second, func() (bool, error) {
-		err := r.Client.Get(context.TODO(), enactmentKey, &enactment)
-		if err != nil {
-			if apierrors.IsNotFound(err) {
-				// Let's retry after a while, sometimes it takes some time
-				// for enactment to be created
-				return false, nil
-			}
-			return false, err
-		}
-		return true, nil
-	})
-
-	return pollErr
-}
-
-func (r *NodeNetworkConfigurationPolicyReconciler) initializeEnactment(policy nmstatev1beta1.NodeNetworkConfigurationPolicy) error {
-	enactmentKey := nmstateapi.EnactmentKey(nodeName, policy.Name)
-	log := r.Log.WithName("initializeEnactment").WithValues("policy", policy.Name, "enactment", enactmentKey.Name)
-	// Return if it's already initialize or we cannot retrieve it
-	enactment := nmstatev1beta1.NodeNetworkConfigurationEnactment{}
-	err := r.Client.Get(context.TODO(), enactmentKey, &enactment)
-	if err != nil && !apierrors.IsNotFound(err) {
-		return errors.Wrap(err, "failed getting enactment ")
-	}
-	if err != nil && apierrors.IsNotFound(err) {
-		log.Info("creating enactment")
-		enactment = nmstatev1beta1.NewEnactment(nodeName, policy)
-		err = r.Client.Create(context.TODO(), &enactment)
-		if err != nil {
-			return errors.Wrapf(err, "error creating NodeNetworkConfigurationEnactment: %+v", enactment)
-		}
-		err = r.waitEnactmentCreated(enactmentKey)
-		if err != nil {
-			return errors.Wrapf(err, "error waitting for NodeNetworkConfigurationEnactment: %+v", enactment)
-		}
-	} else {
-		enactmentConditions := enactmentconditions.New(r.Client, enactmentKey)
-		enactmentConditions.Reset()
-	}
-
-	return enactmentstatus.Update(r.Client, enactmentKey, func(status *nmstateapi.NodeNetworkConfigurationEnactmentStatus) {
-		status.DesiredState = policy.Spec.DesiredState
-		status.PolicyGeneration = policy.Generation
-	})
-}
-
-func (r *NodeNetworkConfigurationPolicyReconciler) enactmentsCountByPolicy(policy *nmstatev1beta1.NodeNetworkConfigurationPolicy) (enactmentconditions.ConditionCount, error) {
-	enactments := nmstatev1beta1.NodeNetworkConfigurationEnactmentList{}
-	policyLabelFilter := client.MatchingLabels{nmstateapi.EnactmentPolicyLabel: policy.GetName()}
-	err := r.Client.List(context.TODO(), &enactments, policyLabelFilter)
-	if err != nil {
-		return nil, errors.Wrap(err, "getting enactment list failed")
-	}
-	enactmentCount := enactmentconditions.Count(enactments, policy.Generation)
-	return enactmentCount, nil
-}
-
-func (r *NodeNetworkConfigurationPolicyReconciler) incrementUnavailableNodeCount(policy *nmstatev1beta1.NodeNetworkConfigurationPolicy) error {
-	policyKey := types.NamespacedName{Name: policy.GetName(), Namespace: policy.GetNamespace()}
-	err := r.Client.Get(context.TODO(), policyKey, policy)
-	if err != nil {
-		return err
-	}
-	maxUnavailable, err := node.MaxUnavailableNodeCount(r.Client, policy)
-	if err != nil {
-		return err
-	}
-	if policy.Status.UnavailableNodeCount >= maxUnavailable {
-		return apierrors.NewConflict(schema.GroupResource{Resource: "nodenetworkconfigurationpolicies"}, policy.Name, fmt.Errorf("maximal number of %d nodes are already processing policy configuration", policy.Status.UnavailableNodeCount))
-	}
-	policy.Status.UnavailableNodeCount += 1
-	err = r.Client.Status().Update(context.TODO(), policy)
-	if err != nil {
-		return err
+func init() {
+	if !environment.IsHandler() {
+		return
 	}
-	return nil
-}
 
-func (r *NodeNetworkConfigurationPolicyReconciler) decrementUnavailableNodeCount(policy *nmstatev1beta1.NodeNetworkConfigurationPolicy) {
-	policyKey := types.NamespacedName{Name: policy.GetName(), Namespace: policy.GetNamespace()}
-	instance := &nmstatev1beta1.NodeNetworkConfigurationPolicy{}
-	err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
-		err := r.Client.Get(context.TODO(), policyKey, instance)
-		if err != nil {
-			return err
-		}
-		if instance.Status.UnavailableNodeCount <= 0 {
-			return fmt.Errorf("no unavailable nodes")
-		}
-		instance.Status.UnavailableNodeCount -= 1
-		return r.Client.Status().Update(context.TODO(), instance)
-	})
-	if err != nil {
-		r.Log.Error(err, "error decrementing unavailableNodeCount")
+	nodeName = environment.NodeName()
+	if len(nodeName) == 0 {
+		panic("NODE_NAME is mandatory")
 	}
 }
 
@@ -299,7 +199,6 @@ func (r *NodeNetworkConfigurationPolicyReconciler) Reconcile(ctx context.Context
 }
 
 func (r *NodeNetworkConfigurationPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
-
 	allPolicies := handler.MapFunc(
 		func(client.Object) []reconcile.Request {
 			log := r.Log.WithName("allPolicies")
@@ -340,6 +239,95 @@ func (r *NodeNetworkConfigurationPolicyReconciler) SetupWithManager(mgr ctrl.Man
 	return nil
 }
 
+func (r *NodeNetworkConfigurationPolicyReconciler) initializeEnactment(policy nmstatev1beta1.NodeNetworkConfigurationPolicy) error {
+	enactmentKey := nmstateapi.EnactmentKey(nodeName, policy.Name)
+	log := r.Log.WithName("initializeEnactment").WithValues("policy", policy.Name, "enactment", enactmentKey.Name)
+	// Return if it's already initialize or we cannot retrieve it
+	enactment := nmstatev1beta1.NodeNetworkConfigurationEnactment{}
+	err := r.Client.Get(context.TODO(), enactmentKey, &enactment)
+	if err != nil && !apierrors.IsNotFound(err) {
+		return errors.Wrap(err, "failed getting enactment ")
+	}
+	if err != nil && apierrors.IsNotFound(err) {
+		log.Info("creating enactment")
+		enactment = nmstatev1beta1.NewEnactment(nodeName, policy)
+		err = r.Client.Create(context.TODO(), &enactment)
+		if err != nil {
+			return errors.Wrapf(err, "error creating NodeNetworkConfigurationEnactment: %+v", enactment)
+		}
+		err = r.waitEnactmentCreated(enactmentKey)
+		if err != nil {
+			return errors.Wrapf(err, "error waitting for NodeNetworkConfigurationEnactment: %+v", enactment)
+		}
+	} else {
+		enactmentConditions := enactmentconditions.New(r.Client, enactmentKey)
+		enactmentConditions.Reset()
+	}
+
+	return enactmentstatus.Update(r.Client, enactmentKey, func(status *nmstateapi.NodeNetworkConfigurationEnactmentStatus) {
+		status.DesiredState = policy.Spec.DesiredState
+		status.PolicyGeneration = policy.Generation
+	})
+}
+
+func (r *NodeNetworkConfigurationPolicyReconciler) waitEnactmentCreated(enactmentKey types.NamespacedName) error {
+	var enactment nmstatev1beta1.NodeNetworkConfigurationEnactment
+	pollErr := wait.PollImmediate(1*time.Second, 10*time.Second, func() (bool, error) {
+		err := r.Client.Get(context.TODO(), enactmentKey, &enactment)
+		if err != nil {
+			if apierrors.IsNotFound(err) {
+				// Let's retry after a while, sometimes it takes some time
+				// for enactment to be created
+				return false, nil
+			}
+			return false, err
+		}
+		return true, nil
+	})
+
+	return pollErr
+}
+
+func (r *NodeNetworkConfigurationPolicyReconciler) incrementUnavailableNodeCount(policy *nmstatev1beta1.NodeNetworkConfigurationPolicy) error {
+	policyKey := types.NamespacedName{Name: policy.GetName(), Namespace: policy.GetNamespace()}
+	err := r.Client.Get(context.TODO(), policyKey, policy)
+	if err != nil {
+		return err
+	}
+	maxUnavailable, err := node.MaxUnavailableNodeCount(r.Client, policy)
+	if err != nil {
+		return err
+	}
+	if policy.Status.UnavailableNodeCount >= maxUnavailable {
+		return apierrors.NewConflict(schema.GroupResource{Resource: "nodenetworkconfigurationpolicies"}, policy.Name, fmt.Errorf("maximal number of %d nodes are already processing policy configuration", policy.Status.UnavailableNodeCount))
+	}
+	policy.Status.UnavailableNodeCount += 1
+	err = r.Client.Status().Update(context.TODO(), policy)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (r *NodeNetworkConfigurationPolicyReconciler) decrementUnavailableNodeCount(policy *nmstatev1beta1.NodeNetworkConfigurationPolicy) {
+	policyKey := types.NamespacedName{Name: policy.GetName(), Namespace: policy.GetNamespace()}
+	instance := &nmstatev1beta1.NodeNetworkConfigurationPolicy{}
+	err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
+		err := r.Client.Get(context.TODO(), policyKey, instance)
+		if err != nil {
+			return err
+		}
+		if instance.Status.UnavailableNodeCount <= 0 {
+			return fmt.Errorf("no unavailable nodes")
+		}
+		instance.Status.UnavailableNodeCount -= 1
+		return r.Client.Status().Update(context.TODO(), instance)
+	})
+	if err != nil {
+		r.Log.Error(err, "error decrementing unavailableNodeCount")
+	}
+}
+
 func (r *NodeNetworkConfigurationPolicyReconciler) forceNNSRefresh(name string) {
 	log := r.Log.WithName("forceNNSRefresh").WithValues("node", name)
 	log.Info("forcing NodeNetworkState refresh after NNCP applied")

deploy/handler/operator.yaml

@@ -216,6 +216,14 @@ spec:
               mountPath: /var/k8s_nmstate
           securityContext:
             privileged: true
+          readinessProbe:
+            exec:
+              command:
+              - cat
+              - /tmp/healthy
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            timeoutSeconds: 1
       volumes:
         - name: dbus-socket
           hostPath:

deploy/operator/operator.yaml

@@ -44,7 +44,7 @@ spec:
               value: "6060"
             - name: RUN_OPERATOR
               value: ""
-            - name: HANDLER_IMAGE
+            - name: RELATED_IMAGE_HANDLER_IMAGE
               value: {{ .HandlerImage }}
             - name: HANDLER_IMAGE_PULL_POLICY
               value: {{ .HandlerPullPolicy }}

go.mod

@@ -8,16 +8,16 @@ require (
 	github.com/github-release/github-release v0.10.0
 	github.com/go-logr/logr v0.3.0
 	github.com/gobwas/glob v0.2.3
+	github.com/gofrs/flock v0.8.0
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/nightlyone/lockfile v1.0.0
 	github.com/onsi/ginkgo v1.15.0
 	github.com/onsi/gomega v1.10.5
 	github.com/openshift/cluster-network-operator v0.0.0-20200922032245-f47200e8dbc0
 	github.com/operator-framework/operator-registry v1.15.3
 	github.com/operator-framework/operator-sdk v1.4.2
 	github.com/phoracek/networkmanager-go v0.1.0
 	github.com/pkg/errors v0.9.1
-	github.com/qinqon/kube-admission-webhook v0.14.0
+	github.com/qinqon/kube-admission-webhook v0.15.0
 	github.com/tidwall/gjson v1.6.8
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.20.2

go.sum

@@ -667,6 +667,7 @@ github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/godror/godror v0.13.3/go.mod h1:2ouUT4kdhUBk7TAkHWD4SN0CdI0pgEQbo8FVHhbSKWg=
 github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/gofrs/flock v0.8.0 h1:MSdYClljsF3PbENUUEx85nkWfJSGfzYI9yEBZOJz6CY=
 github.com/gofrs/flock v0.8.0/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v3.3.0+incompatible h1:8K4tyRfvU1CYPgJsveYFQMhpFd/wXNM7iK6rR7UHz84=
 github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
@@ -1207,8 +1208,6 @@ github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96d
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nightlyone/lockfile v1.0.0 h1:RHep2cFKK4PonZJDdEl4GmkabuhbsRMgk/k3uAmxBiA=
-github.com/nightlyone/lockfile v1.0.0/go.mod h1:rywoIealpdNse2r832aiD9jRk8ErCatROs6LzC841CI=
 github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE=
 github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8QE2bHlgozqWDiRVqTFlLQSj30K/6SAK8EeYFw=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
@@ -1446,8 +1445,8 @@ github.com/prometheus/prometheus v2.3.2+incompatible/go.mod h1:oAIUtOny2rjMX0OWN
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/psampaz/go-mod-outdated v0.5.0/go.mod h1:Ow0f464qFSBVyz//3QyVLNPtL8/lLvjouMnjmVzNT/U=
 github.com/psampaz/go-mod-outdated v0.7.0/go.mod h1:r78NYWd1z+F9Zdsfy70svgXOz363B08BWnTyFSgEESs=
-github.com/qinqon/kube-admission-webhook v0.14.0 h1:6xISgqhwTv3WKhHDT5Iypc72m6rqw700A4VMzqTymwk=
-github.com/qinqon/kube-admission-webhook v0.14.0/go.mod h1:eYJw+S+JSprEMLzGNmE0GFIlSrBQw0lAVES/ZjgM2FI=
+github.com/qinqon/kube-admission-webhook v0.15.0 h1:uST8Yhl+dVWx1gkb/iam3harXpZK3NFkERpzj2HMyBM=
+github.com/qinqon/kube-admission-webhook v0.15.0/go.mod h1:eYJw+S+JSprEMLzGNmE0GFIlSrBQw0lAVES/ZjgM2FI=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=