From 5fb1b9d59699081f39dc6a50b37482d6ad5a5f61 Mon Sep 17 00:00:00 2001 From: David Eads Date: Wed, 10 Jan 2024 11:37:30 -0500 Subject: [PATCH] Add generated featuregate files inertly to payloads This will allow payload inspect tools to report which features have been created and promoted between various levels. This means we cannot remove featuregates for at least a release after their introduction. --- Dockerfile.rhel8 | 1 + Makefile | 7 +- hack/update-payload-featuregates.sh | 5 + hack/verify-payload-featuregates.sh | 11 ++ payload-command/render/config.go | 19 ++- .../featureGate-CustomNoUpgrade.yaml | 20 +++ .../featuregates/featureGate-Default.yaml | 143 +++++++++++++++++ .../featureGate-LatencySensitive.yaml | 145 ++++++++++++++++++ .../featureGate-TechPreviewNoUpgrade.yaml | 145 ++++++++++++++++++ 9 files changed, 494 insertions(+), 2 deletions(-) create mode 100755 hack/update-payload-featuregates.sh create mode 100755 hack/verify-payload-featuregates.sh create mode 100644 payload-manifests/featuregates/featureGate-CustomNoUpgrade.yaml create mode 100644 payload-manifests/featuregates/featureGate-Default.yaml create mode 100644 payload-manifests/featuregates/featureGate-LatencySensitive.yaml create mode 100644 payload-manifests/featuregates/featureGate-TechPreviewNoUpgrade.yaml diff --git a/Dockerfile.rhel8 b/Dockerfile.rhel8 index a3ad938afdb..ed672f63e9b 100644 --- a/Dockerfile.rhel8 +++ b/Dockerfile.rhel8 @@ -17,6 +17,7 @@ COPY payload-manifests/crds/* /usr/share/bootkube/manifests/manifests # these are applied by the CVO COPY manifests /manifests COPY payload-manifests/crds/* /manifests +COPY payload-manifests/featuregates/* /manifests COPY payload-command/empty-resources /manifests LABEL io.openshift.release.operator true diff --git a/Makefile b/Makefile index 3155c683086..30ce998bd45 100644 --- a/Makefile +++ b/Makefile @@ -50,6 +50,7 @@ verify-scripts: bash -x hack/verify-group-versions.sh bash -x hack/verify-prerelease-lifecycle-gen.sh hack/verify-payload-crds.sh + hack/verify-payload-featuregates.sh .PHONY: verify verify: verify-scripts verify-crd-schema verify-codegen-crds @@ -77,7 +78,7 @@ verify-%: ################################################################################################ .PHONY: update-scripts -update-scripts: update-compatibility update-openapi update-deepcopy update-protobuf update-swagger-docs tests-vendor update-prerelease-lifecycle-gen update-payload-crds +update-scripts: update-compatibility update-openapi update-deepcopy update-protobuf update-swagger-docs tests-vendor update-prerelease-lifecycle-gen update-payload-crds update-payload-featuregates .PHONY: update-compatibility update-compatibility: @@ -107,6 +108,10 @@ update-prerelease-lifecycle-gen: update-payload-crds: hack/update-payload-crds.sh +.PHONY: update-payload-featuregates +update-payload-featuregates: + hack/update-payload-featuregates.sh + ##################### # # END: Update scripts diff --git a/hack/update-payload-featuregates.sh b/hack/update-payload-featuregates.sh new file mode 100755 index 00000000000..07fec70324c --- /dev/null +++ b/hack/update-payload-featuregates.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +source "$(dirname "${BASH_SOURCE}")/lib/init.sh" + +go run --mod=vendor -trimpath github.com/openshift/api/payload-command/cmd/write-available-featuresets --asset-output-dir=./payload-manifests/featuregates diff --git a/hack/verify-payload-featuregates.sh b/hack/verify-payload-featuregates.sh new file mode 100755 index 00000000000..24fb0fbdd1c --- /dev/null +++ b/hack/verify-payload-featuregates.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +source "$(dirname "${BASH_SOURCE}")/lib/init.sh" + +VERIFY_DIR=$(mktemp -d -t featuregates-verify-XXXXXX) + +go run --mod=vendor -trimpath github.com/openshift/api/payload-command/cmd/write-available-featuresets --asset-output-dir="${VERIFY_DIR}" + +diff -r "${VERIFY_DIR}" ./payload-manifests/featuregates + +rm -rf "${VERIFY_DIR}" diff --git a/payload-command/render/config.go b/payload-command/render/config.go index f2685989546..d98b39b45c3 100644 --- a/payload-command/render/config.go +++ b/payload-command/render/config.go @@ -1,6 +1,8 @@ package render import ( + "encoding/json" + configv1 "github.com/openshift/api/config/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" @@ -26,5 +28,20 @@ func readFeatureGateV1OrDie(objBytes []byte) *configv1.FeatureGate { } func writeFeatureGateV1OrDie(obj *configv1.FeatureGate) string { - return runtime.EncodeOrDie(configCodecs.LegacyCodec(configv1.SchemeGroupVersion), obj) + asMap, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + panic(err) + } + if _, ok := asMap["apiVersion"]; !ok { + asMap["apiVersion"] = configv1.GroupVersion.Identifier() + } + if _, ok := asMap["kind"]; !ok { + asMap["kind"] = "FeatureGate" + } + + ret, err := json.MarshalIndent(asMap, "", " ") + if err != nil { + panic(err) + } + return string(ret) + "\n" } diff --git a/payload-manifests/featuregates/featureGate-CustomNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-CustomNoUpgrade.yaml new file mode 100644 index 00000000000..7484b3960f0 --- /dev/null +++ b/payload-manifests/featuregates/featureGate-CustomNoUpgrade.yaml @@ -0,0 +1,20 @@ +{ + "apiVersion": "config.openshift.io/v1", + "kind": "FeatureGate", + "metadata": { + "creationTimestamp": null, + "name": "cluster" + }, + "spec": { + "featureSet": "CustomNoUpgrade" + }, + "status": { + "featureGates": [ + { + "disabled": null, + "enabled": null, + "version": "" + } + ] + } +} diff --git a/payload-manifests/featuregates/featureGate-Default.yaml b/payload-manifests/featuregates/featureGate-Default.yaml new file mode 100644 index 00000000000..3dff66aa125 --- /dev/null +++ b/payload-manifests/featuregates/featureGate-Default.yaml @@ -0,0 +1,143 @@ +{ + "apiVersion": "config.openshift.io/v1", + "kind": "FeatureGate", + "metadata": { + "creationTimestamp": null, + "name": "cluster" + }, + "spec": {}, + "status": { + "featureGates": [ + { + "disabled": [ + { + "name": "AdminNetworkPolicy" + }, + { + "name": "AutomatedEtcdBackup" + }, + { + "name": "CSIDriverSharedResource" + }, + { + "name": "ClusterAPIInstall" + }, + { + "name": "DNSNameResolver" + }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, + { + "name": "DynamicResourceAllocation" + }, + { + "name": "EventedPLEG" + }, + { + "name": "GCPClusterHostedDNS" + }, + { + "name": "GCPLabelsTags" + }, + { + "name": "GatewayAPI" + }, + { + "name": "InsightsConfigAPI" + }, + { + "name": "InstallAlternateInfrastructureAWS" + }, + { + "name": "MachineAPIOperatorDisableMachineHealthCheckController" + }, + { + "name": "MachineAPIProviderOpenStack" + }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "MaxUnavailableStatefulSet" + }, + { + "name": "MetricsServer" + }, + { + "name": "MixedCPUsAllocation" + }, + { + "name": "NetworkLiveMigration" + }, + { + "name": "NodeSwap" + }, + { + "name": "OnClusterBuild" + }, + { + "name": "PinnedImages" + }, + { + "name": "RouteExternalCertificate" + }, + { + "name": "SignatureStores" + }, + { + "name": "SigstoreImageVerification" + }, + { + "name": "VSphereControlPlaneMachineSet" + }, + { + "name": "VSphereStaticIPs" + }, + { + "name": "ValidatingAdmissionPolicy" + } + ], + "enabled": [ + { + "name": "AlibabaPlatform" + }, + { + "name": "AzureWorkloadIdentity" + }, + { + "name": "BuildCSIVolumes" + }, + { + "name": "CloudDualStackNodeIPs" + }, + { + "name": "ExternalCloudProvider" + }, + { + "name": "ExternalCloudProviderAzure" + }, + { + "name": "ExternalCloudProviderExternal" + }, + { + "name": "ExternalCloudProviderGCP" + }, + { + "name": "KMSv1" + }, + { + "name": "OpenShiftPodSecurityAdmission" + }, + { + "name": "PrivateHostedZoneAWS" + } + ], + "version": "" + } + ] + } +} diff --git a/payload-manifests/featuregates/featureGate-LatencySensitive.yaml b/payload-manifests/featuregates/featureGate-LatencySensitive.yaml new file mode 100644 index 00000000000..fb594b5ada4 --- /dev/null +++ b/payload-manifests/featuregates/featureGate-LatencySensitive.yaml @@ -0,0 +1,145 @@ +{ + "apiVersion": "config.openshift.io/v1", + "kind": "FeatureGate", + "metadata": { + "creationTimestamp": null, + "name": "cluster" + }, + "spec": { + "featureSet": "LatencySensitive" + }, + "status": { + "featureGates": [ + { + "disabled": [ + { + "name": "AdminNetworkPolicy" + }, + { + "name": "AutomatedEtcdBackup" + }, + { + "name": "CSIDriverSharedResource" + }, + { + "name": "ClusterAPIInstall" + }, + { + "name": "DNSNameResolver" + }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, + { + "name": "DynamicResourceAllocation" + }, + { + "name": "EventedPLEG" + }, + { + "name": "GCPClusterHostedDNS" + }, + { + "name": "GCPLabelsTags" + }, + { + "name": "GatewayAPI" + }, + { + "name": "InsightsConfigAPI" + }, + { + "name": "InstallAlternateInfrastructureAWS" + }, + { + "name": "MachineAPIOperatorDisableMachineHealthCheckController" + }, + { + "name": "MachineAPIProviderOpenStack" + }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "MaxUnavailableStatefulSet" + }, + { + "name": "MetricsServer" + }, + { + "name": "MixedCPUsAllocation" + }, + { + "name": "NetworkLiveMigration" + }, + { + "name": "NodeSwap" + }, + { + "name": "OnClusterBuild" + }, + { + "name": "PinnedImages" + }, + { + "name": "RouteExternalCertificate" + }, + { + "name": "SignatureStores" + }, + { + "name": "SigstoreImageVerification" + }, + { + "name": "VSphereControlPlaneMachineSet" + }, + { + "name": "VSphereStaticIPs" + }, + { + "name": "ValidatingAdmissionPolicy" + } + ], + "enabled": [ + { + "name": "AlibabaPlatform" + }, + { + "name": "AzureWorkloadIdentity" + }, + { + "name": "BuildCSIVolumes" + }, + { + "name": "CloudDualStackNodeIPs" + }, + { + "name": "ExternalCloudProvider" + }, + { + "name": "ExternalCloudProviderAzure" + }, + { + "name": "ExternalCloudProviderExternal" + }, + { + "name": "ExternalCloudProviderGCP" + }, + { + "name": "KMSv1" + }, + { + "name": "OpenShiftPodSecurityAdmission" + }, + { + "name": "PrivateHostedZoneAWS" + } + ], + "version": "" + } + ] + } +} diff --git a/payload-manifests/featuregates/featureGate-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-TechPreviewNoUpgrade.yaml new file mode 100644 index 00000000000..1b23aff774e --- /dev/null +++ b/payload-manifests/featuregates/featureGate-TechPreviewNoUpgrade.yaml @@ -0,0 +1,145 @@ +{ + "apiVersion": "config.openshift.io/v1", + "kind": "FeatureGate", + "metadata": { + "creationTimestamp": null, + "name": "cluster" + }, + "spec": { + "featureSet": "TechPreviewNoUpgrade" + }, + "status": { + "featureGates": [ + { + "disabled": [ + { + "name": "ClusterAPIInstall" + }, + { + "name": "DisableKubeletCloudCredentialProviders" + }, + { + "name": "EventedPLEG" + }, + { + "name": "MachineAPIOperatorDisableMachineHealthCheckController" + } + ], + "enabled": [ + { + "name": "AdminNetworkPolicy" + }, + { + "name": "AlibabaPlatform" + }, + { + "name": "AutomatedEtcdBackup" + }, + { + "name": "AzureWorkloadIdentity" + }, + { + "name": "BuildCSIVolumes" + }, + { + "name": "CSIDriverSharedResource" + }, + { + "name": "CloudDualStackNodeIPs" + }, + { + "name": "DNSNameResolver" + }, + { + "name": "DynamicResourceAllocation" + }, + { + "name": "ExternalCloudProvider" + }, + { + "name": "ExternalCloudProviderAzure" + }, + { + "name": "ExternalCloudProviderExternal" + }, + { + "name": "ExternalCloudProviderGCP" + }, + { + "name": "GCPClusterHostedDNS" + }, + { + "name": "GCPLabelsTags" + }, + { + "name": "GatewayAPI" + }, + { + "name": "InsightsConfigAPI" + }, + { + "name": "InstallAlternateInfrastructureAWS" + }, + { + "name": "KMSv1" + }, + { + "name": "MachineAPIProviderOpenStack" + }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "MaxUnavailableStatefulSet" + }, + { + "name": "MetricsServer" + }, + { + "name": "MixedCPUsAllocation" + }, + { + "name": "NetworkLiveMigration" + }, + { + "name": "NodeSwap" + }, + { + "name": "OnClusterBuild" + }, + { + "name": "OpenShiftPodSecurityAdmission" + }, + { + "name": "PinnedImages" + }, + { + "name": "PrivateHostedZoneAWS" + }, + { + "name": "RouteExternalCertificate" + }, + { + "name": "SignatureStores" + }, + { + "name": "SigstoreImageVerification" + }, + { + "name": "VSphereControlPlaneMachineSet" + }, + { + "name": "VSphereStaticIPs" + }, + { + "name": "ValidatingAdmissionPolicy" + } + ], + "version": "" + } + ] + } +}