Manage OSSM operator subscription manually to ensure a compatible ver…

…sion is installed Istio and the Gateway API CRDs need to be in sync to work. The CRDs are baked into a particular openshift release, so this change updates the ingress operator to install a compatible version with the CRDs it already installs.
openshift · Nov 11, 2024 · 894eac5 · 894eac5
1 parent aa8860a
commit 894eac5
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 1 deletion.
diff --git a/manifests/00-cluster-role.yaml b/manifests/00-cluster-role.yaml
@@ -178,6 +178,7 @@ rules:
   - operators.coreos.com
   resources:
   - subscriptions
+  - installplans
   verbs:
   - '*'
 

diff --git a/pkg/operator/controller/gatewayclass/controller.go b/pkg/operator/controller/gatewayclass/controller.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	logf "github.com/openshift/cluster-ingress-operator/pkg/log"
+	operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
 
 	"k8s.io/client-go/tools/record"
 
@@ -61,6 +62,22 @@ func NewUnmanaged(mgr manager.Manager, config Config) (controller.Controller, er
 	if err := c.Watch(source.Kind[client.Object](operatorCache, &gatewayapiv1.GatewayClass{}, &handler.EnqueueRequestForObject{}, isOurGatewayClass, notIstioGatewayClass)); err != nil {
 		return nil, err
 	}
+	isOurInstallPlan := predicate.NewPredicateFuncs(func(o client.Object) bool {
+		installPlan := o.(*operatorsv1alpha1.InstallPlan)
+		for _, csv := range installPlan.Spec.ClusterServiceVersionNames {
+			if csv == serviceMeshOperatorDesiredVersion {
+				return true
+			}
+		}
+		return false
+	})
+	isInstallPlanApproved := predicate.NewPredicateFuncs(func(o client.Object) bool {
+		installPlan := o.(*operatorsv1alpha1.InstallPlan)
+		return installPlan.Spec.Approved
+	})
+	if err := c.Watch(source.Kind[client.Object](operatorCache, &operatorsv1alpha1.InstallPlan{}, &handler.EnqueueRequestForObject{}, isOurInstallPlan, predicate.Not(isInstallPlanApproved))); err != nil {
+		return nil, err
+	}
 	return c, nil
 }
 
@@ -97,6 +114,9 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 	if _, _, err := r.ensureServiceMeshOperatorSubscription(ctx); err != nil {
 		errs = append(errs, err)
 	}
+	if _, _, err := r.ensureServiceMeshOperatorInstallPlan(ctx); err != nil {
+		errs = append(errs, err)
+	}
 	if _, _, err := r.ensureServiceMeshControlPlane(ctx, &gatewayclass); err != nil {
 		errs = append(errs, err)
 	}

diff --git a/pkg/operator/controller/gatewayclass/subscription.go b/pkg/operator/controller/gatewayclass/subscription.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
 
@@ -16,6 +17,11 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 )
 
+var (
+	serviceMeshOperatorDesiredVersion = "servicemeshoperator.v2.6.2"
+	serviceMeshOperatorNamespace      = "openshift-operators"
+)
+
 // ensureServiceMeshOperatorSubscription attempts to ensure that a subscription
 // for servicemeshoperator is present and returns a Boolean indicating whether
 // it exists, the subscription if it exists, and an error value.
@@ -56,10 +62,11 @@ func desiredSubscription(name types.NamespacedName) (*operatorsv1alpha1.Subscrip
 		},
 		Spec: &operatorsv1alpha1.SubscriptionSpec{
 			Channel:                "stable",
-			InstallPlanApproval:    operatorsv1alpha1.ApprovalAutomatic,
+			InstallPlanApproval:    operatorsv1alpha1.ApprovalManual,
 			Package:                "servicemeshoperator",
 			CatalogSource:          "redhat-operators",
 			CatalogSourceNamespace: "openshift-marketplace",
+			StartingCSV:            serviceMeshOperatorDesiredVersion,
 		},
 	}
 	return &subscription, nil
@@ -115,3 +122,40 @@ func subscriptionChanged(current, expected *operatorsv1alpha1.Subscription) (boo
 
 	return true, updated
 }
+
+// ensureServiceMeshOperatorInstallPlan attempts to ensure that the install plan for the appropriate OSSM operator
+// version is approved.
+func (r *reconciler) ensureServiceMeshOperatorInstallPlan(ctx context.Context) (bool, *operatorsv1alpha1.InstallPlan, error) {
+	currentInstallPlan, err := r.getCurrentInstallPlan(ctx)
+	if err != nil {
+		return false, nil, err
+	} else if currentInstallPlan == nil {
+		return false, nil, nil
+	}
+	if !currentInstallPlan.Spec.Approved {
+		currentInstallPlan.Spec.Approved = true
+		if err := r.client.Update(ctx, currentInstallPlan); err != nil {
+			return false, nil, fmt.Errorf("Failed to update %s/%s: %w", currentInstallPlan.Namespace, currentInstallPlan.Name, err)
+		}
+		return true, currentInstallPlan, nil
+	}
+	return false, currentInstallPlan, nil
+}
+
+func (r *reconciler) getCurrentInstallPlan(ctx context.Context) (*operatorsv1alpha1.InstallPlan, error) {
+	InstallPlans := &operatorsv1alpha1.InstallPlanList{}
+	if err := r.client.List(ctx, InstallPlans, client.InNamespace(serviceMeshOperatorNamespace)); err != nil {
+		return nil, err
+	}
+	if InstallPlans == nil || len(InstallPlans.Items) == 0 {
+		return nil, nil
+	}
+	for _, InstallPlan := range InstallPlans.Items {
+		for _, CSVName := range InstallPlan.Spec.ClusterServiceVersionNames {
+			if CSVName == serviceMeshOperatorDesiredVersion {
+				return &InstallPlan, nil
+			}
+		}
+	}
+	return nil, fmt.Errorf("No InstallPlan with cluster service version %s found", serviceMeshOperatorDesiredVersion)
+}