From 8ad8e3848c65f382069b4efd9f81a92966cfe5cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20Mart=C3=ADn?= Date: Thu, 6 Jul 2023 09:25:39 +0200 Subject: [PATCH 1/3] Rename REGISTRY_ACCOUNT to REGISTRY_ORG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miguel Martín --- .github/workflows/build-push-images.yml | 4 +-- BUILD.bazel | 14 +++++----- Makefile | 28 ++++++++++---------- README.md | 34 ++++++++++++------------- hack/deploy-to-crc.sh | 4 +-- hack/release-images.sh | 32 +++++++++++------------ operator/BUILD.bazel | 4 +-- virt-v2v/cold/BUILD.bazel | 2 +- virt-v2v/warm/BUILD.bazel | 2 +- 9 files changed, 62 insertions(+), 62 deletions(-) diff --git a/.github/workflows/build-push-images.yml b/.github/workflows/build-push-images.yml index b9e6e6d7b..e93304e8f 100644 --- a/.github/workflows/build-push-images.yml +++ b/.github/workflows/build-push-images.yml @@ -14,7 +14,7 @@ jobs: REGISTRY: quay.io # Set tag 'latest' on main branch REGISTRY_TAG: ${{ (github.head_ref||github.ref_name)=='main' && 'latest' || (github.head_ref||github.ref_name) }} - REGISTRY_ACCOUNT: kubev2v + REGISTRY_ORG: kubev2v USE_BAZEL_VERSION: 5.4.0 steps: - name: Checkout forklift @@ -39,4 +39,4 @@ jobs: cd ${GITHUB_WORKSPACE} ./hack/release-images.sh make push-ovirt-populator-image - make push-openstack-populator-image \ No newline at end of file + make push-openstack-populator-image diff --git a/BUILD.bazel b/BUILD.bazel index 02db15c9a..fcbf8b0df 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -63,7 +63,7 @@ container_push( format = "Docker", image = "//cmd/forklift-controller:forklift-controller-image", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-controller", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-controller", tag = "$${REGISTRY_TAG:-devel}", ) @@ -72,7 +72,7 @@ container_push( format = "Docker", image = "//cmd/forklift-api:forklift-api-image", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-api", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-api", tag = "$${REGISTRY_TAG:-devel}", ) @@ -81,7 +81,7 @@ container_push( format = "Docker", image = "//operator:forklift-operator-index-image", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-operator-index", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-operator-index", tag = "$${REGISTRY_TAG:-devel}", ) @@ -90,7 +90,7 @@ container_push( format = "Docker", image = "//operator:forklift-operator-bundle-image", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-operator-bundle", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-operator-bundle", tag = "$${REGISTRY_TAG:-devel}", ) @@ -99,7 +99,7 @@ container_push( format = "Docker", image = "//operator:forklift-operator-image", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-operator", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-operator", tag = "$${REGISTRY_TAG:-devel}", ) @@ -108,7 +108,7 @@ container_push( format = "Docker", image = "//validation:forklift-validation-image", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-validation", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-validation", tag = "$${REGISTRY_TAG:-devel}", ) @@ -117,6 +117,6 @@ container_push( format = "Docker", image = "//cmd/populator-controller:populator-controller-image", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}populator-controller", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}populator-controller", tag = "$${REGISTRY_TAG:-devel}", ) diff --git a/Makefile b/Makefile index f80e9bbb5..3897bf311 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ CONTAINER_CMD := $(shell command -v docker) endif REGISTRY ?= quay.io -REGISTRY_ACCOUNT ?= kubev2v +REGISTRY_ORG ?= kubev2v REGISTRY_TAG ?= devel VERSION ?= 2.5.0 @@ -31,18 +31,18 @@ DEFAULT_KUBECTL = $(GOBIN)/kubectl KUBECTL ?= $(DEFAULT_KUBECTL) # Image URLs to use all building/pushing image targets -CONTROLLER_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-controller:$(REGISTRY_TAG) -API_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-api:$(REGISTRY_TAG) -VALIDATION_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-validation:$(REGISTRY_TAG) -VIRT_V2V_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-virt-v2v:$(REGISTRY_TAG) -VIRT_V2V_WARM_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-virt-v2v-warm:$(REGISTRY_TAG) -OPERATOR_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-operator:$(REGISTRY_TAG) -OPERATOR_BUNDLE_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-operator-bundle:$(REGISTRY_TAG) -OPERATOR_INDEX_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/forklift-operator-index:$(REGISTRY_TAG) -POPULATOR_CONTROLLER_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/populator-controller:$(REGISTRY_TAG) -OVIRT_POPULATOR_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/ovirt-populator:$(REGISTRY_TAG) -OPENSTACK_POPULATOR_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/openstack-populator:$(REGISTRY_TAG) -OVA_PROVIDER_SERVER_IMAGE ?= $(REGISTRY)/$(REGISTRY_ACCOUNT)/ova-provider-server:$(REGISTRY_TAG) +CONTROLLER_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-controller:$(REGISTRY_TAG) +API_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-api:$(REGISTRY_TAG) +VALIDATION_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-validation:$(REGISTRY_TAG) +VIRT_V2V_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-virt-v2v:$(REGISTRY_TAG) +VIRT_V2V_WARM_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-virt-v2v-warm:$(REGISTRY_TAG) +OPERATOR_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-operator:$(REGISTRY_TAG) +OPERATOR_BUNDLE_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-operator-bundle:$(REGISTRY_TAG) +OPERATOR_INDEX_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/forklift-operator-index:$(REGISTRY_TAG) +POPULATOR_CONTROLLER_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/populator-controller:$(REGISTRY_TAG) +OVIRT_POPULATOR_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/ovirt-populator:$(REGISTRY_TAG) +OPENSTACK_POPULATOR_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/openstack-populator:$(REGISTRY_TAG) +OVA_PROVIDER_SERVER_IMAGE ?= $(REGISTRY)/$(REGISTRY_ORG)/ova-provider-server:$(REGISTRY_TAG) ### External images MUST_GATHER_IMAGE ?= quay.io/kubev2v/forklift-must-gather:latest @@ -240,7 +240,7 @@ build-operator-index-image: check_container_runtime --action_env OPT_OPTS=$(OPM_OPTS) \ --action_env REGISTRY=$(REGISTRY) \ --action_env REGISTRY_TAG=$(REGISTRY_TAG) \ - --action_env REGISTRY_ACCOUNT=$(REGISTRY_ACCOUNT) + --action_env REGISTRY_ORG=$(REGISTRY_ORG) push-operator-index-image: build-operator-index-image $(CONTAINER_CMD) tag bazel/operator:forklift-operator-index-image $(OPERATOR_INDEX_IMAGE) diff --git a/README.md b/README.md index 389b763d8..32aad39b1 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ The environment which you can set across all projects. | Name | Default value | Description | |------------------|---------------|------------------------------------------------------------------------| | REGISTRY_TAG | devel | The tag with which the image will be built and pushed to the registry. | -| REGISTRY_ACCOUNT | | The user account name to which the built image should be pushed. | +| REGISTRY_ORG | kubev2v | The registry organization to which the built image should be pushed. | | REGISTRY | quay.io | The registry address to which the images should be pushed. | ## Operator @@ -56,23 +56,23 @@ Another option to override the default values can use `--action_env` as in the e ### Runing operator build ```bash -export REGISTRY_ACCOUNT=username +export REGISTRY_ORG=organization export REGISTRY=quay.io export REGISTRY_TAG=latest -CONTROLLER_IMAGE=quay.io/${REGISTRY_ACCOUNT}/forklift-controller:${REGISTRY_TAG} -OPERATOR_IMAGE=quay.io/${REGISTRY_ACCOUNT}/forklift-operator:${REGISTRY_TAG} +CONTROLLER_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-controller:${REGISTRY_TAG} +OPERATOR_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-operator:${REGISTRY_TAG} # If YAML files are added/modified `bazel clean` needs to be performed before building the image for the change to take effect bazel run push-forklift-operator bazel run push-forklift-operator-bundle --action_env OPERATOR_IMAGE=${OPERATOR_IMAGE} --action_env CONTROLLER_IMAGE=${CONTROLLER_IMAGE} # The build of the catalog requires already pushed bundle # For http registry add --action_env OPM_OPTS="--use-http" -bazel run push-forklift-operator-index --action_env REGISTRY=${REGISTRY} --action_env REGISTRY_ACCOUNT=${REGISTRY_ACCOUNT} --action_env REGISTRY_TAG=${REGISTRY_TAG} +bazel run push-forklift-operator-index --action_env REGISTRY=${REGISTRY} --action_env REGISTRY_ORG=${REGISTRY_ORG} --action_env REGISTRY_TAG=${REGISTRY_TAG} ``` -### Instaling custom operator +### Installing custom operator -1. Modify the _image_ value under `oprator/forklift-operator-catalog.yaml` to point to the desired forklift-operator-index image. +1. Modify the _image_ value under `operator/forklift-operator-catalog.yaml` to point to the desired forklift-operator-index image. 2. Run `oc create -f operator/forklift-operator-catalog.yaml` 3. A new _Forklift operator_ should be available now in the _OperatorHub_ (without community tag). @@ -89,27 +89,27 @@ Logging can be configured using environment variables: Verbosity: - Info(0) used for `Info` logging. - - Reconcile begin,end,error. - - Condition added,update,deleted. + - Reconcile begin, end, error. + - Condition added, update, deleted. - Plan postponed. - - Migration (k8s) resources created,deleted. - - Migration started,stopped,run (with phase),canceled,succeeded,failed. - - Snapshot created,updated,deleted,changed. + - Migration (k8s) resources created, deleted. + - Migration started, stopped, run (with phase), canceled, succeeded, failed. + - Snapshot created , updated, deleted, changed. - Inventory watch ensured. - Policy agent disabled. - Info(1) used for `Info+` logging. - Connection testing. - - Plan postpone detials. + - Plan postpone details. - Pending migration details. - - Migration (k8s) resources found,updated. + - Migration (k8s) resources found, updated. - Scheduler details. - Info(2) used for `Info++` logging. - Full conditions list. - Migrating VM status (full definition). - - Provider inventory data reconciler started,stopped. + - Provider inventory data reconciler started, stopped. - Info(3) used for `Info+++` logging. - - Inventory watch: resources changed;queued reconcile events. - - Data reconciler: models created,updated,deleted. + - Inventory watch: resources changed; queued reconcile events. + - Data reconciler: models created, updated, deleted. - VM validation succeeded. - Info(4) used for `Debug` logging. - Policy agent HTTP request. diff --git a/hack/deploy-to-crc.sh b/hack/deploy-to-crc.sh index 422e02cea..1fea023c0 100755 --- a/hack/deploy-to-crc.sh +++ b/hack/deploy-to-crc.sh @@ -18,7 +18,7 @@ if [ -z "${CONTAINER_CMD}" ]; then fi [[ -z "${REGISTRY}" ]] && export REGISTRY=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}') -[[ -z "${REGISTRY_ACCOUNT}" ]] && export REGISTRY_ACCOUNT=openshift +[[ -z "${REGISTRY_ORG}" ]] && export REGISTRY_ORG=openshift [[ -z "${REGISTRY_TAG}" ]] && export REGISTRY_TAG=devel CERT_PATH=/etc/pki/ca-trust/source/anchors/${REGISTRY}.crt @@ -41,5 +41,5 @@ spec: displayName: Forklift (devel) publisher: Konveyor sourceType: grpc - image: image-registry.openshift-image-registry.svc:5000/${REGISTRY_ACCOUNT}/forklift-operator-index:${REGISTRY_TAG} + image: image-registry.openshift-image-registry.svc:5000/${REGISTRY_ORG}/forklift-operator-index:${REGISTRY_TAG} EOF diff --git a/hack/release-images.sh b/hack/release-images.sh index 55390013a..ad10835df 100755 --- a/hack/release-images.sh +++ b/hack/release-images.sh @@ -1,24 +1,24 @@ #!/usr/bin/env bash -set -e +set -e -if [[ -z "${REGISTRY}" || -z "${REGISTRY_TAG}" || -z "${REGISTRY_ACCOUNT}" ]]; then - echo "Please set all REGISTRY, REGISTRY_TAG and REGISTRY_ACCOUNT environment variables!" +if [[ -z "${REGISTRY}" || -z "${REGISTRY_TAG}" || -z "${REGISTRY_ORG}" ]]; then + echo "Please set all REGISTRY, REGISTRY_TAG and REGISTRY_ORG environment variables!" exit 1 fi -CONTROLLER_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-controller:${REGISTRY_TAG} -OPERATOR_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-operator:${REGISTRY_TAG} -MUST_GATHER_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-must-gather:${REGISTRY_TAG} -MUST_GATHER_API_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-must-gather-api:${REGISTRY_TAG} -UI_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-ui:${REGISTRY_TAG} -UI_PLUGIN_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-console-plugin:${REGISTRY_TAG} -VALIDATION_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-validation:${REGISTRY_TAG} -VIRT_V2V_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-virt-v2v:${REGISTRY_TAG} -VIRT_V2V_WARM_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-virt-v2v-warm:${REGISTRY_TAG} -API_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-api:${REGISTRY_TAG} -POPULATOR_CONTROLLER_IMAGE=${REGISTRY}/${REGISTRY_ACCOUNT}/populator-controller:${REGISTRY_TAG} -OVA_PROVIDER_SERVER=${REGISTRY}/${REGISTRY_ACCOUNT}/forklift-ova-provider-server:${REGISTRY_TAG} +CONTROLLER_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-controller:${REGISTRY_TAG} +OPERATOR_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-operator:${REGISTRY_TAG} +MUST_GATHER_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-must-gather:${REGISTRY_TAG} +MUST_GATHER_API_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-must-gather-api:${REGISTRY_TAG} +UI_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-ui:${REGISTRY_TAG} +UI_PLUGIN_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-console-plugin:${REGISTRY_TAG} +VALIDATION_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-validation:${REGISTRY_TAG} +VIRT_V2V_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-virt-v2v:${REGISTRY_TAG} +VIRT_V2V_WARM_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-virt-v2v-warm:${REGISTRY_TAG} +API_IMAGE=${REGISTRY}/${REGISTRY_ORG}/forklift-api:${REGISTRY_TAG} +POPULATOR_CONTROLLER_IMAGE=${REGISTRY}/${REGISTRY_ORG}/populator-controller:${REGISTRY_TAG} +OVA_PROVIDER_SERVER=${REGISTRY}/${REGISTRY_ORG}/forklift-ova-provider-server:${REGISTRY_TAG} bazel run push-forklift-api bazel run --package_path=virt-v2v/cold push-forklift-virt-v2v @@ -44,4 +44,4 @@ bazel run push-forklift-operator-bundle \ bazel run push-forklift-operator-index \ --action_env REGISTRY=${REGISTRY} \ --action_env REGISTRY_TAG=${REGISTRY_TAG} \ - --action_env REGISTRY_ACCOUNT=${REGISTRY_ACCOUNT} + --action_env REGISTRY_ORG=${REGISTRY_ORG} diff --git a/operator/BUILD.bazel b/operator/BUILD.bazel index cdd00db9c..6d3f0b0c9 100644 --- a/operator/BUILD.bazel +++ b/operator/BUILD.bazel @@ -157,7 +157,7 @@ genrule( if [ ! -z "$${XDG_RUNTIME_DIR}" ]; then PODMAN_AUTH_FILE="$${XDG_RUNTIME_DIR}/containers/auth.json" if [ "$${CONTAINER_RUNTIME}" == "podman" ]; then - if [ -e "$${PODMAN_AUTH_FILE}" ]; then + if [ -e "$${PODMAN_AUTH_FILE}" ]; then DOCKER_CONFIG="$$(mktemp -d)" DOCKER_AUTH_FILE="$${DOCKER_CONFIG}/config.json" cp "$${PODMAN_AUTH_FILE}" "$${DOCKER_AUTH_FILE}" @@ -167,7 +167,7 @@ genrule( fi fi fi - OPERATOR_BUNDLE_IMAGE="$${REGISTRY:-quay.io}/$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-operator-bundle:$${REGISTRY_TAG:-devel}" + OPERATOR_BUNDLE_IMAGE="$${REGISTRY:-quay.io}/$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-operator-bundle:$${REGISTRY_TAG:-devel}" cat $(location catalog/operator.yml) | envsubst > $@ $(location @opm//file) render "$${OPERATOR_BUNDLE_IMAGE}" -o yaml $${OPM_OPTS:-} >> $@ if [ "$${CONTAINER_RUNTIME}" == "podman" && ! -z "$${DOCKER_CONFIG}" ]; then diff --git a/virt-v2v/cold/BUILD.bazel b/virt-v2v/cold/BUILD.bazel index dffd28dab..5ba646895 100644 --- a/virt-v2v/cold/BUILD.bazel +++ b/virt-v2v/cold/BUILD.bazel @@ -15,7 +15,7 @@ container_push( format = "Docker", image = ":forklift-virt-v2v", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-virt-v2v", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-virt-v2v", tag = "$${REGISTRY_TAG:-devel}", ) diff --git a/virt-v2v/warm/BUILD.bazel b/virt-v2v/warm/BUILD.bazel index 2168e909e..bbb3f055a 100644 --- a/virt-v2v/warm/BUILD.bazel +++ b/virt-v2v/warm/BUILD.bazel @@ -10,7 +10,7 @@ container_push( format = "Docker", image = ":forklift-virt-v2v-warm", registry = "$${REGISTRY:-quay.io}", - repository = "$${REGISTRY_ACCOUNT:-}$${REGISTRY_ACCOUNT:+/}forklift-virt-v2v-warm", + repository = "$${REGISTRY_ORG:-}$${REGISTRY_ORG:+/}forklift-virt-v2v-warm", tag = "$${REGISTRY_TAG:-devel}", ) From ae4a05cc18e641a5de5a1e9c73f2658e99c1b000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20Mart=C3=ADn?= Date: Thu, 6 Jul 2023 09:32:23 +0200 Subject: [PATCH 2/3] Makefile targets to deploy/undeploy forklift MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add targets to deploy/undeploy forklift to different environments. Currently supported: * OpenShift/OKD * CRC * Minikube * Kind Targets to install CRC, Minikube and Kind are also provided Signed-off-by: Miguel Martín --- .bazelrc | 1 + .gitignore | 3 + Makefile | 177 ++++++++++++++++- hack/deploy/forklift/kustomization.yaml | 22 +++ .../resources/forkliftcontroller.yaml | 6 + hack/deploy/operator/kustomization.yaml | 135 +++++++++++++ .../operator/resources/catalogsource.yaml | 11 ++ .../operator/resources/operatorgroup.yaml | 8 + .../operator/resources/subscription.yaml | 12 ++ .../rolebinding/catalog/kustomization.yaml | 46 +++++ .../catalog/resources/catalog.yaml | 14 ++ .../rolebinding/default/kustomization.yaml | 35 ++++ .../default/resources/default.yaml | 14 ++ .../rolebinding/operator/kustomization.yaml | 37 ++++ .../operator/resources/forklift-api.yaml | 14 ++ .../resources/forklift-controller.yaml | 14 ++ .../operator/resources/forklift-default.yaml | 14 ++ .../operator/resources/forklift-operator.yaml | 14 ++ hack/installation/crc.sh | 98 ++++++++++ hack/installation/env.sh | 180 ++++++++++++++++++ hack/installation/kind.sh | 86 +++++++++ hack/installation/minikube.sh | 172 +++++++++++++++++ hack/installation/registry.sh | 93 +++++++++ 23 files changed, 1199 insertions(+), 7 deletions(-) create mode 100644 hack/deploy/forklift/kustomization.yaml create mode 100644 hack/deploy/forklift/resources/forkliftcontroller.yaml create mode 100644 hack/deploy/operator/kustomization.yaml create mode 100644 hack/deploy/operator/resources/catalogsource.yaml create mode 100644 hack/deploy/operator/resources/operatorgroup.yaml create mode 100644 hack/deploy/operator/resources/subscription.yaml create mode 100644 hack/deploy/rolebinding/catalog/kustomization.yaml create mode 100644 hack/deploy/rolebinding/catalog/resources/catalog.yaml create mode 100644 hack/deploy/rolebinding/default/kustomization.yaml create mode 100644 hack/deploy/rolebinding/default/resources/default.yaml create mode 100644 hack/deploy/rolebinding/operator/kustomization.yaml create mode 100644 hack/deploy/rolebinding/operator/resources/forklift-api.yaml create mode 100644 hack/deploy/rolebinding/operator/resources/forklift-controller.yaml create mode 100644 hack/deploy/rolebinding/operator/resources/forklift-default.yaml create mode 100644 hack/deploy/rolebinding/operator/resources/forklift-operator.yaml create mode 100755 hack/installation/crc.sh create mode 100644 hack/installation/env.sh create mode 100755 hack/installation/kind.sh create mode 100755 hack/installation/minikube.sh create mode 100755 hack/installation/registry.sh diff --git a/.bazelrc b/.bazelrc index 5aea4f3fe..2213df308 100644 --- a/.bazelrc +++ b/.bazelrc @@ -7,6 +7,7 @@ build --action_env=VERSION=2.5.0 build --action_env=NAMESPACE=konveyor-forklift build --action_env=CHANNELS=development build --action_env=DEFAULT_CHANNEL=development +build --action_env=OPM_OPTS ## Images which should be installed build --action_env=CONTROLLER_IMAGE=quay.io/kubev2v/forklift-controller:latest diff --git a/.gitignore b/.gitignore index ed1bdaa4d..9d468b529 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,6 @@ tools/tilt/tilt-settings.json # bazel build artifacts bazel-* .bazeldnf + +# deploy env +hack/deploy/**/deploy.env diff --git a/Makefile b/Makefile index 3897bf311..5309bf8e3 100644 --- a/Makefile +++ b/Makefile @@ -3,21 +3,41 @@ GOPATH ?= `go env GOPATH` GOBIN ?= $(GOPATH)/bin GO111MODULE = auto -CONTAINER_CMD ?= $(shell command -v podman) + +CONTAINER_RUNTIME ?= + +ifeq ($(CONTAINER_RUNTIME),) +CONTAINER_CMD ?= $(shell type -P podman) ifeq ($(CONTAINER_CMD),) -CONTAINER_CMD := $(shell command -v docker) +CONTAINER_CMD := $(shell type -P docker) +endif +CONTAINER_RUNTIME=$(shell basename $(CONTAINER_CMD)) +else +CONTAINER_CMD := $(shell type -P $(CONTAINER_RUNTIME)) endif REGISTRY ?= quay.io +# TODO remove REGISTRY_ORG check once the changes are merged in forkliftci +ifneq (,$(REGISTRY_ORG)) +ifeq (,$(REGISTRY_ORG)) +REGISTRY_ORG = $(REGISTRY_ORG) +endif +endif REGISTRY_ORG ?= kubev2v REGISTRY_TAG ?= devel VERSION ?= 2.5.0 NAMESPACE ?= konveyor-forklift +OPERATOR_NAME ?= forklift-operator CHANNELS ?= development DEFAULT_CHANNEL ?= development +CATALOG_NAMESPACE ?= konveyor-forklift +CATALOG_NAME ?= forklift-catalog +CATALOG_DISPLAY_NAME ?= Konveyor Forklift +CATALOG_PUBLISHER ?= Community # Use OPM_OPTS="--use-http" when using a non HTTPS registry +# Use OPM_OPTS="--skip-tls-verify" when using an HTTPS registry with self-signed certificate OPM_OPTS ?= # By default use the controller gen installed by the @@ -110,10 +130,6 @@ run: generate fmt vet install: manifests kubectl $(KUBECTL) apply -k operator/config/crds -# Deploy controller in the configured Kubernetes cluster in ~/.kube/config -deploy: manifests kubectl - $(KUBECTL) apply -k operator/config/default - # Generate manifests e.g. CRD, Webhooks manifests: controller-gen $(CONTROLLER_GEN) crd rbac:roleName=manager-role webhook paths="./pkg/apis/..." output:dir=operator/config/crd/bases @@ -237,7 +253,7 @@ build-operator-index-image: check_container_runtime --action_env VERSION=$(VERSION) \ --action_env CHANNELS=$(CHANNELS) \ --action_env DEFAULT_CHANNEL=$(DEFAULT_CHANNEL) \ - --action_env OPT_OPTS=$(OPM_OPTS) \ + --action_env OPM_OPTS=$(OPM_OPTS) \ --action_env REGISTRY=$(REGISTRY) \ --action_env REGISTRY_TAG=$(REGISTRY_TAG) \ --action_env REGISTRY_ORG=$(REGISTRY_ORG) @@ -322,3 +338,150 @@ $(DEFAULT_CONTROLLER_GEN): kubectl: $(KUBECTL) $(DEFAULT_KUBECTL): curl -L https://dl.k8s.io/release/v1.25.10/bin/linux/amd64/kubectl -o $(GOBIN)/kubectl && chmod +x $(GOBIN)/kubectl + +# The directory where the 'crc' binary will be installed (this path +# will be added to the PATH variable). (default: ${HOME}/.local/bin) +CRC_BIN_DIR ?= +# Number of CPUS for CRC. By default all of the available CPUs will +# be used +CRC_CPUS ?= 8 +# Memory for CRC in MB. (default: 16384) +CRC_MEM ?= 16384 +# Disk size in GB. (default: 100) +CRC_DISK ?= 100 +# Select openshift/okd installation type (default: okd) +CRC_PRESET ?= okd +# Pull secret file. If not provided it will be requested at +# installation time by the script +CRC_PULL_SECRET_FILE ?= +# Bundle to deploy. If not specified the default bundle will be +# installed. OKD default bundle doesn't work for now because of +# expired certificates so the installation script will temporarily +# overwrite it with: +# docker://quay.io/crcont/okd-bundle:4.13.0-0.okd-2023-06-04-080300 +CRC_BUNDLE ?= +# Use the integrated CRC registry instead of local one. (default: '') +# Non empty variable is considered as true. +CRC_USE_INTEGRATED_REGISTRY ?= + +install-crc: + ROOTLESS=$(ROOTLESS) \ + CRC_BIN_DIR=$(CRC_BIN_DIR) \ + CRC_CPUS=$(CRC_CPUS) \ + CRC_MEM=$(CRC_MEM) \ + CRC_DISK=$(CRC_DISK) \ + CRC_PRESET=$(CRC_PRESET) \ + CRC_PULL_SECRET_FILE=$(CRC_PULL_SECRET_FILE) \ + CRC_BUNDLE=$(CRC_BUNDLE) \ + CRC_USE_INTEGRATED_REGISTRY=$(CRC_USE_INTEGRATED_REGISTRY) \ + ./hack/installation/crc.sh; + eval `crc oc-env`; \ + oc new-project "${REGISTRY_ORG}" + +uninstall-crc: + crc delete -f + +# Driver: kvm2, docker or podman. +MINIKUBE_DRIVER ?= $(CONTAINER_RUNTIME) +MINIKUBE_CPUS ?= max +MINIKUBE_MEMORY ?= 16384 +MINIKUBE_ADDONS ?= olm,kubevirt +MINIKUBE_USE_INTEGRATED_REGISTRY ?= + +install-minikube: + ROOTLESS=$(ROOTLESS) \ + MINIKUBE_DRIVER=$(MINIKUBE_DRIVER) \ + MINIKUBE_CPUS=$(MINIKUBE_CPUS) \ + MINIKUBE_MEMORY=$(MINIKUBE_MEMORY) \ + MINIKUBE_ADDONS=$(MINIKUBE_ADDONS) \ + MINIKUBE_USE_INTEGRATED_REGISTRY=$(MINIKUBE_USE_INTEGRATED_REGISTRY) \ + ./hack/installation/minikube.sh + +uninstall-minikube: uninstall-local-registry + minikube delete + +ROOTLESS ?= true +# Kind version to install (default: v0.15.0) +KIND_VERSION ?= v0.15.0 +# Kind operator Livecycle Manager version (default: v.0.25.0) +OLM_VERSION ?= v0.25.0 +# Kind cert manager operator version (default: v1.12.2) +CERT_MANAGER_VERSION ?= v1.12.2 + +install-kind: install-local-registry + ROOTLESS=$(ROOTLESS) \ + KIND_VERSION=$(KIND_VERSION) \ + OLM_VERSION=$(OLM_VERSION) \ + CERT_MANAGER_VERSION=$(CERT_MANAGER_VERSION) \ + ./hack/installation/kind.sh; \ + [ $(CONTAINER_RUNTIME) != "podman" ] || export KIND_EXPERIMENTAL_PROVIDER="podman"; kind export kubeconfig --name forklift + +uninstall-kind: uninstall-local-registry + [ $(CONTAINER_RUNTIME) != "podman" ] || export KIND_EXPERIMENTAL_PROVIDER="podman"; kind delete clusters forklift + +define DEPLOYMENT_VARS +OPERATOR_NAMESPACE=$(NAMESPACE) +OPERATOR_NAME=$(OPERATOR_NAME) +SUBSCRIPTION_CHANNEL=$(CHANNELS) +CATALOG_NAMESPACE=$(CATALOG_NAMESPACE) +CATALOG_NAME=$(CATALOG_NAME) +CATALOG_DISPLAY_NAME=$(CATALOG_DISPLAY_NAME) +CATALOG_IMAGE=$(OPERATOR_INDEX_IMAGE) +CATALOG_PUBLISHER=$(CATALOG_PUBLISHER) +REGISTRY_ORG=$(REGISTRY_ORG) +endef +export DEPLOYMENT_VARS + +# Deploy the operator and create a forklift controller in the configured Kubernetes cluster in ~/.kube/config +deploy: kubectl + @echo -n "- Deploying to OKD: " + @$(KUBECTL) get clusterrole system:image-puller &>/dev/null; OKD=$$?; \ + if [ $${OKD} -eq 0 ]; then echo "yes"; else echo "no"; fi; \ + echo "- Creating env files."; \ + for i in operator forklift rolebinding/{catalog,operator,default}; do \ + echo "$$DEPLOYMENT_VARS" > hack/deploy/$${i}/deploy.env; \ + done; \ + echo "- Creating the operator namespace: $(NAMESPACE)"; \ + $(KUBECTL) get namespace $(NAMESPACE) &>/dev/null || $(KUBECTL) create namespace $(NAMESPACE); \ + $(KUBECTL) get namespace $(CATALOG_NAMESPACE) &>/dev/null || $(KUBECTL) create namespace $(CATALOG_NAMESPACE); \ + $(KUBECTL) get namespace $(REGISTRY_ORG) &>/dev/null || $(KUBECTL) create namespace $(REGISTRY_ORG); \ + echo "- Creating the CatalogSource, OperatorGroup and the Subscription manifests"; \ + $(KUBECTL) apply -k hack/deploy/operator ; \ + if [ $$OKD -eq 0 ]; then \ + echo "- Creating the required RoleBindings for the deployment"; \ + $(KUBECTL) apply -k hack/deploy/rolebinding/default; \ + $(KUBECTL) apply -k hack/deploy/rolebinding/catalog ; \ + fi; \ + echo -n "- Waiting for the operator to be installed"; \ + until $(KUBECTL) -n $(NAMESPACE) get clusterserviceversion $(OPERATOR_NAME).v$(VERSION) &>/dev/null; do \ + sleep 1; echo -n "."; \ + done; \ + echo; \ + if [ $$OKD -eq 0 ]; then \ + echo "- Applying required role bindings"; \ + $(KUBECTL) apply -k hack/deploy/rolebinding/operator; \ + fi; \ + $(KUBECTL) -n $(NAMESPACE) wait --timeout=60s --for=jsonpath=.status.phase=Succeeded clusterserviceversion $(OPERATOR_NAME).v$(VERSION); \ + echo "- Creating the Forklift Controller"; \ + $(KUBECTL) apply -k hack/deploy/forklift; \ + echo "Done!" + +undeploy: kubectl + @echo "- Removing the operator namespace: $(NAMESPACE)" + @$(KUBECTL) get namespace $(NAMESPACE) -o name 2>/dev/null | xargs -r $(KUBECTL) delete ; + @echo "- Removing the CatalogSource" + @$(KUBECTL) get catalogsource -n $(CATALOG_NAMESPACE) -o name $(CATALOG_NAME) 2>/dev/null | xargs -r $(KUBECTL) -n $(CATALOG_NAMESPACE) delete; + @echo "- Removing the Operator" + @$(KUBECTL) get operator $(OPERATOR_NAME).$(NAMESPACE) -o name 2>/dev/null | xargs -r $(KUBECTL) delete; + @echo "- Removing the Webhooks" + @$(KUBECTL) get mutatingwebhookconfiguration forklift-api -o name 2>/dev/null | xargs -r $(KUBECTL) delete; + @$(KUBECTL) get validatingwebhookconfiguration forklift-api -o name 2>/dev/null | xargs -r $(KUBECTL) delete; + @echo "- Removing the ConsolePlugin" + @$(KUBECTL) get consoleplugin forklift-console-plugin -o name 2>/dev/null | xargs -r $(KUBECTL) delete; + @echo "- Removing the CRDs" + @$(KUBECTL) get crd -l operators.coreos.com/forklift-operator.konveyor-forklift -o name 2>/dev/null | xargs -r $(KUBECTL) delete; + @echo "- Removing the RoleBindings" + @for ROLE_BINDING in forklift-{default,operator,controller,api,catalog,catalog-default} ; do \ + $(KUBECTL) -n $(REGISTRY_ORG) get rolebinding $${ROLE_BINDING} -o name 2>/dev/null | xargs -r $(KUBECTL) -n $(REGISTRY_ORG) delete ; \ + done; + @echo "Done!" diff --git a/hack/deploy/forklift/kustomization.yaml b/hack/deploy/forklift/kustomization.yaml new file mode 100644 index 000000000..c6f9bc5ed --- /dev/null +++ b/hack/deploy/forklift/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- resources/forkliftcontroller.yaml +configMapGenerator: +- behavior: create + envs: + - deploy.env + name: forklift-controller-env +replacements: +- source: + fieldPath: data.OPERATOR_NAMESPACE + kind: ConfigMap + name: forklift-controller-env + version: v1 + targets: + - fieldPaths: + - metadata.namespace + select: + group: forklift.konveyor.io + kind: ForkliftController + version: v1beta1 diff --git a/hack/deploy/forklift/resources/forkliftcontroller.yaml b/hack/deploy/forklift/resources/forkliftcontroller.yaml new file mode 100644 index 000000000..15dc1352c --- /dev/null +++ b/hack/deploy/forklift/resources/forkliftcontroller.yaml @@ -0,0 +1,6 @@ +apiVersion: forklift.konveyor.io/v1beta1 +kind: ForkliftController +metadata: + name: forklift-controller + namespace: OPERATOR_NAMESPACE_PLACEHOLDER +spec: {} diff --git a/hack/deploy/operator/kustomization.yaml b/hack/deploy/operator/kustomization.yaml new file mode 100644 index 000000000..100cbafd2 --- /dev/null +++ b/hack/deploy/operator/kustomization.yaml @@ -0,0 +1,135 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- resources/catalogsource.yaml +- resources/operatorgroup.yaml +- resources/subscription.yaml +configMapGenerator: +- behavior: create + envs: + - deploy.env + name: forklift-operator-env +replacements: +- source: + fieldPath: data.OPERATOR_NAMESPACE + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - metadata.namespace + - spec.targetNamespaces.0 + select: + group: operators.coreos.com + kind: OperatorGroup + name: migration + version: v1 + - fieldPaths: + - metadata.namespace + select: + group: operators.coreos.com + kind: Subscription + version: v1alpha1 + - fieldPaths: + - metadata.namespace + select: + group: forklift.konveyor.io + kind: ForkliftController + version: v1beta1 +- source: + fieldPath: data.OPERATOR_NAME + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - metadata.name + - spec.name + select: + group: operators.coreos.com + kind: Subscription + version: v1alpha1 +- source: + fieldPath: data.CATALOG_NAMESPACE + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - metadata.namespace + select: + group: operators.coreos.com + kind: CatalogSource + version: v1alpha1 + - fieldPaths: + - spec.sourceNamespace + select: + group: operators.coreos.com + kind: Subscription + version: v1alpha1 +- source: + fieldPath: data.CATALOG_NAME + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - metadata.name + select: + group: operators.coreos.com + kind: CatalogSource + version: v1alpha1 + - fieldPaths: + - spec.source + select: + group: operators.coreos.com + kind: Subscription + version: v1alpha1 +- source: + fieldPath: data.CATALOG_IMAGE + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - spec.image + select: + group: operators.coreos.com + kind: CatalogSource + version: v1alpha1 +- source: + fieldPath: data.CATALOG_DISPLAY_NAME + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - spec.displayName + select: + group: operators.coreos.com + kind: CatalogSource + version: v1alpha1 +- source: + fieldPath: data.CATALOG_PUBLISHER + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - spec.publisher + select: + group: operators.coreos.com + kind: CatalogSource + version: v1alpha1 +- source: + fieldPath: data.SUBSCRIPTION_CHANNEL + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - spec.channel + select: + group: operators.coreos.com + kind: Subscription + version: v1alpha1 diff --git a/hack/deploy/operator/resources/catalogsource.yaml b/hack/deploy/operator/resources/catalogsource.yaml new file mode 100644 index 000000000..6e404901a --- /dev/null +++ b/hack/deploy/operator/resources/catalogsource.yaml @@ -0,0 +1,11 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: CATALOG_NAME_PLACEHOLDER + namespace: CATALOG_NAMESPACE_PLACEHOLDER +spec: + sourceType: grpc + image: CATALOG_IMAGE_PLACEHOLDER + displayName: CATALOG_DISPLAY_NAME_PLACEHOLDER + publisher: CATALOG_PUBLISHER_PLACEHOLDER + diff --git a/hack/deploy/operator/resources/operatorgroup.yaml b/hack/deploy/operator/resources/operatorgroup.yaml new file mode 100644 index 000000000..5f2fc80bf --- /dev/null +++ b/hack/deploy/operator/resources/operatorgroup.yaml @@ -0,0 +1,8 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: migration + namespace: OPERATOR_NAMESPACE_PLACEHOLDER +spec: + targetNamespaces: + - OPERATOR_NAMESPACE_PLACEHOLDER diff --git a/hack/deploy/operator/resources/subscription.yaml b/hack/deploy/operator/resources/subscription.yaml new file mode 100644 index 000000000..3e47ce066 --- /dev/null +++ b/hack/deploy/operator/resources/subscription.yaml @@ -0,0 +1,12 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: OPERATOR_NAME_PLACEHOLDER + namespace: OPERATOR_NAMESPACE_PLACEHOLDER +spec: + channel: SUBSCRIPTION_CHANNEL_PLACEHOLDER + installPlanApproval: Automatic + name: OPERATOR_NAME_PLACEHOLDER + source: CATALOG_NAME_PLACEHOLDER + sourceNamespace: CATALOG_NAMESPACE_PLACEHOLDER + diff --git a/hack/deploy/rolebinding/catalog/kustomization.yaml b/hack/deploy/rolebinding/catalog/kustomization.yaml new file mode 100644 index 000000000..264d2078e --- /dev/null +++ b/hack/deploy/rolebinding/catalog/kustomization.yaml @@ -0,0 +1,46 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- resources/catalog.yaml +configMapGenerator: +- behavior: create + envs: + - deploy.env + name: forklift-operator-env +replacements: +- source: + fieldPath: data.REGISTRY_ORG + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - metadata.namespace + select: + group: rbac.authorization.k8s.io + kind: RoleBinding + version: v1 +- source: + fieldPath: data.CATALOG_NAMESPACE + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - subjects.0.namespace + select: + group: rbac.authorization.k8s.io + kind: RoleBinding + version: v1 +- source: + fieldPath: data.CATALOG_NAME + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - subjects.0.name + select: + group: rbac.authorization.k8s.io + kind: RoleBinding + version: v1 diff --git a/hack/deploy/rolebinding/catalog/resources/catalog.yaml b/hack/deploy/rolebinding/catalog/resources/catalog.yaml new file mode 100644 index 000000000..5b7ad9773 --- /dev/null +++ b/hack/deploy/rolebinding/catalog/resources/catalog.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: REGISTRY_ORG_PLACEHOLDER + name: forklift-catalog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:image-puller +subjects: +- kind: ServiceAccount + name: CATALOG_NAME_PLACEHOLDER + namespace: CATALOG_NAMESPACE_PLACEHOLDER + diff --git a/hack/deploy/rolebinding/default/kustomization.yaml b/hack/deploy/rolebinding/default/kustomization.yaml new file mode 100644 index 000000000..598c6d285 --- /dev/null +++ b/hack/deploy/rolebinding/default/kustomization.yaml @@ -0,0 +1,35 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- resources/default.yaml +configMapGenerator: +- behavior: create + envs: + - deploy.env + name: forklift-operator-env +replacements: +- source: + fieldPath: data.REGISTRY_ORG + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - metadata.namespace + select: + group: rbac.authorization.k8s.io + kind: RoleBinding + version: v1 +- source: + fieldPath: data.CATALOG_NAMESPACE + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - subjects.0.namespace + select: + group: rbac.authorization.k8s.io + kind: RoleBinding + version: v1 + diff --git a/hack/deploy/rolebinding/default/resources/default.yaml b/hack/deploy/rolebinding/default/resources/default.yaml new file mode 100644 index 000000000..65dc17a03 --- /dev/null +++ b/hack/deploy/rolebinding/default/resources/default.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: REGISTRY_ORG_PLACEHOLDER + name: forklift-catalog-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:image-puller +subjects: +- kind: ServiceAccount + name: default + namespace: CATALOG_NAMESPACE_PLACEHOLDER + diff --git a/hack/deploy/rolebinding/operator/kustomization.yaml b/hack/deploy/rolebinding/operator/kustomization.yaml new file mode 100644 index 000000000..c1c41db77 --- /dev/null +++ b/hack/deploy/rolebinding/operator/kustomization.yaml @@ -0,0 +1,37 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- resources/forklift-operator.yaml +- resources/forklift-controller.yaml +- resources/forklift-api.yaml +- resources/forklift-default.yaml +configMapGenerator: +- behavior: create + envs: + - deploy.env + name: forklift-operator-env +replacements: +- source: + fieldPath: data.OPERATOR_NAMESPACE + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - subjects.*.namespace + select: + group: rbac.authorization.k8s.io + kind: RoleBinding + version: v1 +- source: + fieldPath: data.REGISTRY_ORG + kind: ConfigMap + name: forklift-operator-env + version: v1 + targets: + - fieldPaths: + - metadata.namespace + select: + group: rbac.authorization.k8s.io + kind: RoleBinding + version: v1 diff --git a/hack/deploy/rolebinding/operator/resources/forklift-api.yaml b/hack/deploy/rolebinding/operator/resources/forklift-api.yaml new file mode 100644 index 000000000..f6a95bfc1 --- /dev/null +++ b/hack/deploy/rolebinding/operator/resources/forklift-api.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: REGISTRY_ORG_PLACEHOLDER + name: forklift-api +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:image-puller +subjects: +- kind: ServiceAccount + name: forklift-api + namespace: OPERATOR_NAMESPACE_PLACEHOLDER + diff --git a/hack/deploy/rolebinding/operator/resources/forklift-controller.yaml b/hack/deploy/rolebinding/operator/resources/forklift-controller.yaml new file mode 100644 index 000000000..d1e43befb --- /dev/null +++ b/hack/deploy/rolebinding/operator/resources/forklift-controller.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: REGISTRY_ORG_PLACEHOLDER + name: forklift-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:image-puller +subjects: +- kind: ServiceAccount + name: forklift-controller + namespace: OPERATOR_NAMESPACE_PLACEHOLDER + diff --git a/hack/deploy/rolebinding/operator/resources/forklift-default.yaml b/hack/deploy/rolebinding/operator/resources/forklift-default.yaml new file mode 100644 index 000000000..e9e803fbc --- /dev/null +++ b/hack/deploy/rolebinding/operator/resources/forklift-default.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: REGISTRY_ORG_PLACEHOLDER + name: forklift-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:image-puller +subjects: +- kind: ServiceAccount + name: default + namespace: OPERATOR_NAMESPACE_PLACEHOLDER + diff --git a/hack/deploy/rolebinding/operator/resources/forklift-operator.yaml b/hack/deploy/rolebinding/operator/resources/forklift-operator.yaml new file mode 100644 index 000000000..cf2f109bc --- /dev/null +++ b/hack/deploy/rolebinding/operator/resources/forklift-operator.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: REGISTRY_ORG_PLACEHOLDER + name: forklift-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:image-puller +subjects: +- kind: ServiceAccount + name: forklift-operator + namespace: OPERATOR_NAMESPACE_PLACEHOLDER + diff --git a/hack/installation/crc.sh b/hack/installation/crc.sh new file mode 100755 index 000000000..0adbf20f3 --- /dev/null +++ b/hack/installation/crc.sh @@ -0,0 +1,98 @@ +#! /bin/bash + +CRC_BIN_DIR="${CRC_BIN_DIR:-$HOME/.local/bin}" +CRC_PRESET="${CRC_PRESET:-okd}" +CRC_CPUS="${CRC_CPUS:-$(grep -c processor /proc/cpuinfo)}" +CRC_MEM="${CRC_MEM:-16384}" +CRC_DISK="${CRC_DISK:-100}" +CRC_BUNDLE="${CRC_BUNDLE}" +CRC_DOWNLOAD_URL="https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz" +CRC_USE_INTEGRATED_REGISTRY="${CRC_USE_INTEGRATED_REGISTRY}" + +KUBEVIRT_VERSION="${KUBEVIRT_VERSION:-$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases | grep tag_name | grep -v -- '-rc' | sort -r | head -1 | awk -F': ' '{print $2}' | sed 's/,//' | xargs)}" +KUBEVIRT_URL="https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-operator.yaml" + +ROOTLESS="${ROOTLESS}" + +CONTAINER_RUNTIME="${CONTAINER_RUNTIME}" +if [ -z "${CONTAINER_RUNTIME}" ]; then + CONTAINER_CMD="${CONTAINER_CMD:-$(type -P podman || type -P docker || :)}" + if [ -z "${CONTAINER_CMD}" ]; then + echo "Container runtime not detected" + exit 1 + fi + CONTAINER_RUNTIME="$(basename ${CONTAINER_CMD})" +else + CONTAINER_CMD=$(type -P $CONTAINER_RUNTIME) +fi + +# Install CRC if not in PATH +if [ ! "$(type -P crc)" ]; then + [ -d "${CRC_BIN_DIR}" ] || mkdir -p "${CRC_BIN_DIR}" + curl -sL $CRC_DOWNLOAD_URL | tar -C "${CRC_BIN_DIR}" --strip-components=1 -xJf - */crc + if ! [[ "$PATH" =~ "${CRC_BIN_DIR}" ]]; then + export PATH="${CRC_BIN_DIR}:${PATH}" + fi +fi + +# Detect CRC +[ "$(type -P crc)" ] || ( echo "crc is not in PATH" ; exit 2 ) + +[ -z "${CRC_PULL_SECRET_FILE}" ] || CRC_OPTS="--pull-secret-file=${CRC_PULL_SECRET_FILE}" + +if [ "${CRC_BUNDLE}" ]; then + crc config set bundle ${CRC_BUNDLE} +else + crc config unset bundle +fi +crc config set preset ${CRC_PRESET} +crc config set cpus ${CRC_CPUS} +crc config set memory ${CRC_MEM} +crc config set disk-size ${CRC_DISK} +crc config set consent-telemetry no +crc setup +crc start ${CRC_OPTS} + +eval $(crc oc-env) + +USERNAME=kubeadmin +PASSWORD=$(crc console --credentials --output json | jq -r .clusterConfig.adminCredentials.password) +oc login -u kubeadmin -p "${PASSWORD}" "https://api.crc.testing:6443" + +CRC_REGISTRY=$(oc get route -n openshift-image-registry default-route -o 'jsonpath={.spec.host}') +CRC_REGISTRY_CA_CERT=$(oc get secret router-ca -n openshift-ingress-operator -o go-template --template='{{index .data "tls.crt" | base64decode}}') + +if [ "${CONTAINER_RUNTIME}" == "podman" ]; then + if [ "${ROOTLESS}" ]; then + CRC_CERTS_DIR="${HOME}/.config/containers/certs.d/${CRC_REGISTRY}" + else + CRC_CERTS_DIR="/etc/containers/certs.d/${CRC_REGISTRY}" + fi +fi +if [ "${CONTAINER_RUNTIME}" == "docker" ]; then + if [ "${ROOTLESS}" ]; then + CRC_CERTS_DIR="${HOME}/.config/docker/certs.d/${CRC_REGISTRY}" + else + CRC_CERTS_DIR="/etc/docker/certs.d/${CRC_REGISTRY}" + fi +fi + +CRC_REGISTRY_SCRIPT="mkdir -p '${CRC_CERTS_DIR}'; echo '${CRC_REGISTRY_CA_CERT}' | openssl x509 -text -out '${CRC_CERTS_DIR}/ca.crt'" +if [ "${ROOTLESS}" ]; then + bash -c "$CRC_REGISTRY_SCRIPT" +else + sudo bash -c "$CRC_REGISTRY_SCRIPT" +fi + +if [ "${CRC_USE_INTEGRATED_REGISTRY}" ]; then + ${CONTAINER_CMD} login -u "$(oc whoami)" -p "$(oc whoami -t)" "${CRC_REGISTRY}" +else + export REGISTRY_IP="$(crc ip | cut -f -3 -d .).1" + export REGISTRY_PORT="${REGISTRY_PORT:-5001}" + export REGISTRY="${REGISTRY_IP}:${REGISTRY_PORT}" + $(dirname -- ${BASH_SOURCE[0]})/registry.sh + oc patch image.config.openshift.io/cluster --type=merge \ + -p "{\"spec\":{\"allowedRegistriesForImport\":[{\"domainName\":\"${REGISTRY}\",\"insecure\":true}],\"registrySources\":{\"insecureRegistries\":[\"${REGISTRY}\"]}}}" --type="merge" +fi + +oc apply -f "${KUBEVIRT_URL}" diff --git a/hack/installation/env.sh b/hack/installation/env.sh new file mode 100644 index 000000000..ad9cc17f2 --- /dev/null +++ b/hack/installation/env.sh @@ -0,0 +1,180 @@ +#! /bin/bash + +################################################################### +# Common Variables: +################################################################### +### Container runtime +# export CONTAINER_RUNTIME="podman" +# export ROOTLESS=true +# +### Registry +# export REGISTRY=quay.io +# export REGISTRY_ORG="kubev2v" +# export REGISTRY_TAG="devel" +# +### Operator configuration +# export NAMESPACE="konveyor-forklift" +# export OPERATOR_NAME="forklift-operator" +# export CHANNELS="development" +# export DEFAULT_CHANNEL="development" +# +### Catalog configuration +# export CATALOG_NAMESPACE="konveyor-forklift" +# export CATALOG_NAME="forklift-catalog" +# export CATALOG_DISPLAY_NAME="Konveyor Forklift" +# export CATALOG_PUBLISHER="Community" +# +### Operator Index configuration +# Use OPM_OPTS="--use-http" when using a non HTTPS registry +# Use OPM_OPTS="--skip-tls-verify" when using an HTTPS registry with self-signed certificate +#export OPM_OPTS="" +# +### Default Images +# export CONTROLLER_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-controller:${REGISTRY_TAG}" +# export API_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-api:${REGISTRY_TAG}" +# export VALIDATION_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-validation:${REGISTRY_TAG}" +# export VIRT_V2V_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-virt-v2v:${REGISTRY_TAG}" +# export VIRT_V2V_WARM_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-virt-v2v-warm:${REGISTRY_TAG}" +# export OPERATOR_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-operator:${REGISTRY_TAG}" +# export OPERATOR_BUNDLE_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-operator-bundle:${REGISTRY_TAG}" +# export OPERATOR_INDEX_IMAGE="${REGISTRY}/${REGISTRY_ORG}/forklift-operator-index:${REGISTRY_TAG}" +# export POPULATOR_CONTROLLER_IMAGE="${REGISTRY}/${REGISTRY_ORG}/populator-controller:${REGISTRY_TAG}" +# export OVIRT_POPULATOR_IMAGE="${REGISTRY}/${REGISTRY_ORG}/ovirt-populator:${REGISTRY_TAG}" +# export OPENSTACK_POPULATOR_IMAGE="${REGISTRY}/${REGISTRY_ORG}/openstack-populator:${REGISTRY_TAG}" +# +### External images +# export MUST_GATHER_IMAGE="quay.io/kubev2v/forklift-must-gather:latest" +# export MUST_GATHER_API_IMAGE="quay.io/kubev2v/forklift-must-gather-api:latest" +# export UI_IMAGE="quay.io/kubev2v/forklift-ui:latest" +# export UI_PLUGIN_IMAGE="quay.io/kubev2v/forklift-console-plugin:latest" +################################################################### + + +################################################################### +# CRC installation options: +################################################################### +# The directory where the 'crc' binary will be installed (this path +# will be added to the PATH variable). (default: ${HOME}/.local/bin) +#CRC_BIN_DIR="$HOME/.local/bin" +# +# Number of CPUS for CRC. By default all of the available CPUs will +# be used +#CRC_CPUS="$(grep -c processor /proc/cpuinfo)}" +# +# Memory for CRC in MB. (default: 16384) +#CRC_MEM="16384" +# +# Disk size used by the CRC installation (default: 100) +# CRC_DISK="100" +# +# Select Openshift/OKD/Podman installation type (default: okd) +#CRC_PRESET="okd" +# +# Pull secret file. If not provided it will be requested at +# installation time by the script +#CRC_PULL_SECRET_FILE= +# +# Bundle to deploy. If not specified the default bundle will be +# installed. OKD default bundle doesn't work for now because of +# expired certificates so the installation script will temporarily +# overwrite it with: +# docker://quay.io/crcont/okd-bundle:4.13.0-0.okd-2023-06-04-080300 +#CRC_BUNDLE="${CRC_BUNDLE}" +# +# Use the integrated CRC registry instead of local one. (default: '') +# Non empty variable is considered as true. +# CRC_USE_INTEGRATED_REGISTRY= +################################################################### +# CRC env +################################################################### +# Authenticate with the CRC Openshift API: +# eval $(crc oc-env) +# USERNAME="kubeadmin" +# PASSWORD="$(crc console --credentials --output json | jq -r .clusterConfig.adminCredentials.password)" +# oc login -u "${USERNAME}" -p "${PASSWORD}" https://api.crc.testing:6443 +# +# CRC variables using integrated registry: +# export REGISTRY="default-route-openshift-image-registry.apps-crc.testing" +# export OPM_OPTS="--skip-tls-verify" +# ${CONTAINER_CMD} login -u "$(oc whoami)" -p "$(oc whoami -t)" "${REGISTRY}" +# +# CRC variables using local registry +# export REGISTRY="$(ip route get 1.1.1.1 | grep -oP 'src \K\S+'):5001" +# export OPM_OPTS="--use-http" +# oc patch image.config.openshift.io/cluster -p "{\"spec\":{\"allowedRegistriesForImport\":[{\"domainName\":\"$REGISTRY\",\"insecure\":true}],\"registrySources\":{\"insecureRegistries\":[\"$REGISTRY\"]}}}" --type="merge" +################################################################### + + +################################################################### +# Openshift/OKD env +################################################################### +# Openshift and registry logins +# USERNAME="kubeadmin" +# PASSWORD="" +# oc login -u "${USERNAME}" -p "${PASSWORD}" https://api.ocp4.example.com:6443 +# ${CONTAINER_CMD} login -u "$(oc whoami)" -p "$(oc whoami -t)" "${REGISTRY}" +# +# Export required variables: +# export REGISTRY="$(oc get route -n openshift-image-registry default-route -o 'jsonpath={.spec.host}')" +# export OPM_OPTS="--skip-tls-verify" +################################################################### + + +################################################################### +# Minikube installation options +################################################################### +# Driver: kvm2, docker or podman. (default: podman) +#MINIKUBE_DRIVER="${CONTAINER_RUNTIME:-kvm2}" +# +# Minikube number of CPUs (default: max) +#MINIKUBE_CPUS="max" +# +# Minikube memory in MB (default: 16384) +#MINIKUBE_MEMORY="16384" +# +# Minikube addons that will be enabled (default: olm,kubevirt). +#MINIKUBE_ADDONS="olm,kubevirt" +# +# Rootless configuration for docker or podman drivers +# - docker default: false (rootless does not work for now) +# - podman default: true +#ROOTLESS="true" +# +################################################################### +# Minikube env +################################################################### +# Use the local registry created by the installation scripts +# export REGISTRY="$(ip route get 1.1.1.1 | grep -oP 'src \K\S+'):5001" +# +# Use http when building the operator index +# export OPM_OPTS=--use-http +################################################################### + + +#################################################################### +# Kind installation options +################################################################### +# Use docker rootless installation. (default: ''). Non empty variable +# is considered as true. +#ROOTLESS= +# +# Kind version to install (default: v0.15.0) +#KIND_VERSION="v0.15.0" +# +# Operator Livecycle Manager version (default: v.0.25.0) +#OLM_VERSION="v0.25.0" +# +# Cert manager operator version (default: v.1.12.2) +#CERT_MANAGER_VERSION="v1.12.2" +################################################################### +# Kind env +################################################################### +# Use the local registry created by the installation scripts +#export REGISTRY="localhost:5001" +# +# Use http when building the operator index +# export OPM_OPTS=--use-http +# +# Switch kubectl context: +# kind export kubeconfig --name forklift +################################################################### diff --git a/hack/installation/kind.sh b/hack/installation/kind.sh new file mode 100755 index 000000000..da715a5f6 --- /dev/null +++ b/hack/installation/kind.sh @@ -0,0 +1,86 @@ +#! /bin/bash + +KIND_VERSION="${KIND_VERSION:-v0.15.0}" + +OLM_VERSION="${OLM_VERSION:-v0.25.0}" +OLM_INSTALL_URL="https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/install.sh" + +CERT_MANAGER_VERSION="${CERT_MANAGER_VERSION:-v1.12.2}" +CERT_MANAGER_URL="https://github.com/jetstack/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml" + +KUBEVIRT_VERSION="${KUBEVIRT_VERSION:-$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases | grep tag_name | grep -v -- '-rc' | sort -r | head -1 | awk -F': ' '{print $2}' | sed 's/,//' | xargs)}" +KUBEVIRT_URL="https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-operator.yaml" + +CONTAINER_RUNTIME="${CONTAINER_RUNTIME}" +if [ -z "${CONTAINER_RUNTIME}" ]; then + CONTAINER_CMD="${CONTAINER_CMD:-$(type -P podman || type -P docker || :)}" + if [ -z "${CONTAINER_CMD}" ]; then + echo "Container runtime not detected" + exit 1 + fi + CONTAINER_RUNTIME="$(basename ${CONTAINER_CMD})" +else + CONTAINER_CMD=$(type -P $CONTAINER_RUNTIME) +fi + +export REGISTRY_IP=localhost +export REGISTRY_PORT="${REGISTRY_PORT:-5001}" + +export LOCAL_REGISTRY_NAME="${LOCAL_REGISTRY_NAME:-forklift-registry}" +export LOCAL_REGISTRY_IP="${LOCAL_REGISTRY_IP:-localhost}" +export LOCAL_REGISTRY_PORT="${LOCAL_REGISTRY_PORT:-5000}" + +[ "$(type -P go )" ] || ( echo "go is not in PATH" ; exit 2 ) +go install "sigs.k8s.io/kind@${KIND_VERSION}" + +[ "$(type -P kind)" ] || ( echo "kind is not in PATH" ; exit 2 ) + +if [ "${CONTAINER_RUNTIME}" == "podman" ]; then + export KIND_EXPERIMENTAL_PROVIDER="podman" + export ROOTLESS="true" +fi + +if [ "${CONTAINER_RUNTIME}" == "docker" -a "${ROOTLESS}" ]; then + echo "Setting up docker rootless" + [ "$(${CONTAINER_CMD} context ls --format json | jq -r '. | select(.Name == "rootless").Name')" == "rootless" ] || dockerd-rootless-setuptool.sh install -f + docker context use rootless +fi + +# 1. create registry container unless it already exists +$(dirname -- ${BASH_SOURCE[0]})/registry.sh + +# 2. Create kind cluster +cat < "${REGISTRY_CONF_FILE}" + else + sudo bash -c "echo {} > ${REGISTRY_CONF_FILE}" + fi + fi + REGISTRY_INSECURE_CONFIG=$(jq -r ". | if .[\"insecure-registries\"] then .[\"insecure-registries\"] |= (. + [\"${REGISTRY}\"] | unique) else . |= {\"insecure-registries\": [\"${REGISTRY}\"]} end" ${REGISTRY_CONF_FILE}) + fi + + echo "Adding the registry '${REGISTRY}' to the insecure registries in '${REGISTRY_CONF_FILE}'" + REGISTRY_INSECURE_SCRIPT="echo '${REGISTRY_INSECURE_CONFIG}' > ${REGISTRY_CONF_FILE}" + if [ "${ROOTLESS}" ]; then + bash -c "${REGISTRY_INSECURE_SCRIPT}" + [ "${CONTAINER_RUNTIME}" != "docker" ] || systemctl --user reload docker + else + sudo bash -c "${REGISTRY_INSECURE_SCRIPT}" + [ "${CONTAINER_RUNTIME}" != "docker" ] || sudo systemctl reload docker + fi +fi + +minikube ssh "sudo mkdir -p \"${REGISTRY_MIRROR_DIR}\"" +minikube ssh "sudo bash -c 'echo -e \"${REGISTRY_MIRROR_CONF}\" > ${REGISTRY_MIRROR_DIR}/hosts.toml'" +minikube ssh "sudo systemctl restart containerd" diff --git a/hack/installation/registry.sh b/hack/installation/registry.sh new file mode 100755 index 000000000..34e5bc619 --- /dev/null +++ b/hack/installation/registry.sh @@ -0,0 +1,93 @@ +#! /bin/bash + +CONTAINER_RUNTIME="${CONTAINER_RUNTIME}" +if [ -z "${CONTAINER_RUNTIME}" ]; then + CONTAINER_CMD="${CONTAINER_CMD:-$(type -P podman || type -P docker || :)}" + if [ -z "${CONTAINER_CMD}" ]; then + echo "Container runtime not detected" + exit 1 + fi + CONTAINER_RUNTIME="$(basename ${CONTAINER_CMD})" +else + CONTAINER_CMD=$(type -P $CONTAINER_RUNTIME) +fi + +REGISTRY_IP="${REGISTRY_IP:-localhost}" +REGISTRY_PORT="${REGISTRY_PORT:-5001}" + +LOCAL_REGISTRY_NAME="${LOCAL_REGISTRY_NAME:-forklift-registry}" +LOCAL_REGISTRY_IP="${LOCAL_REGISTRY_IP:-localhost}" +LOCAL_REGISTRY_PORT="${LOCAL_REGISTRY_PORT:-5000}" + +if [ "$(${CONTAINER_CMD} ps -a -f name=${LOCAL_REGISTRY_NAME} --format={{.Names}})" ]; then + if [ "$(${CONTAINER_CMD} inspect -f {{.State.Running}} ${LOCAL_REGISTRY_NAME})" != 'true' ]; then + $CONTAINER_CMD start $LOCAL_REGISTRY_NAME + fi +else + ${CONTAINER_CMD} run \ + -d --restart=always -p "0.0.0.0:${REGISTRY_PORT}:${LOCAL_REGISTRY_PORT}" -e REGISTRY_STORAGE_DELETE_ENABLED=true --name "${LOCAL_REGISTRY_NAME}" \ + --network bridge \ + registry:2 +fi + +REGISTRY="${REGISTRY_IP}:${REGISTRY_PORT}" +LOCAL_REGISTRY="${LOCAL_REGISTRY_IP}:${LOCAL_REGISTRY_PORT}" + + +if [ "${CONTAINER_RUNTIME}" == "podman" ]; then + if [ "${ROOTLESS}" ]; then + REGISTRY_CONF_DIR="${HOME}/.config/containers/registries.conf.d" + else + REGISTRY_CONF_DIR="/etc/containers/registries.conf.d" + fi +fi + +if [ "${CONTAINER_RUNTIME}" == "docker" ]; then + if [ "${ROOTLESS}" ]; then + REGISTRY_CONF_DIR="${HOME}/.config/docker" + else + REGISTRY_CONF_DIR="/etc/docker" + fi + fi + +if [ ! -d "${REGISTRY_CONF_DIR}" ]; then + echo "The '${REGISTRY_CONF_DIR}' does not exist, creating it..." + if [ "${ROOTLESS}" ]; then + mkdir -p "${REGISTRY_CONF_DIR}" + else + sudo mkdir -p "${REGISTRY_CONF_DIR}" + fi +fi + +if [ "${CONTAINER_RUNTIME}" == "podman" ]; then + REGISTRY_CONF_FILE="${REGISTRY_CONF_DIR}/local-registry.conf" + REGISTRY_INSECURE_CONFIG=$(echo -e "[[registry]]\nlocation = \"${REGISTRY}\"\ninsecure = true\n") +fi + +if [ "${CONTAINER_RUNTIME}" == "docker" ]; then + REGISTRY_CONF_FILE="${REGISTRY_CONF_DIR}/daemon.json" + if [ ! -f "${REGISTRY_CONF_FILE}" ]; then + echo "'$REGISTRY_CONF_FILE' file does not exist, creating it..."; + if [ "${ROOTLESS}" ]; then + echo "{}" > "${REGISTRY_CONF_FILE}" + else + sudo bash -c "echo {} > ${REGISTRY_CONF_FILE}" + fi + fi + REGISTRY_INSECURE_CONFIG=$(jq -r ". | if .[\"insecure-registries\"] then .[\"insecure-registries\"] |= (. + [\"${REGISTRY}\"] | unique) else . |= {\"insecure-registries\": [\"${REGISTRY}\"]} end" ${REGISTRY_CONF_FILE}) +fi + +echo "Adding the registry '${REGISTRY}' to the insecure registries in '${REGISTRY_CONF_FILE}'" +REGISTRY_INSECURE_SCRIPT="echo '${REGISTRY_INSECURE_CONFIG}' > ${REGISTRY_CONF_FILE}" +if [ "${ROOTLESS}" ]; then + bash -c "${REGISTRY_INSECURE_SCRIPT}" + [ "${CONTAINER_RUNTIME}" != "docker" ] || systemctl --user reload docker +else + sudo bash -c "${REGISTRY_INSECURE_SCRIPT}" + [ "${CONTAINER_RUNTIME}" != "docker" ] || sudo systemctl reload docker +fi + +if systemctl is-active -q firewalld && ! firewall-cmd -q --query-port=${REGISTRY_PORT}/tcp --zone libvirt ; then + echo "Firewalld is active adding registry port to libvirt zone" + sudo bash -c "firewall-cmd --add-port=${REGISTRY_PORT}/tcp --zone=libvirt; systemctl reload firewalld" +fi From 60ee0e7b029eff9a719623406cf3bced454ae824 Mon Sep 17 00:00:00 2001 From: Arik Hadas Date: Mon, 17 Jul 2023 00:37:49 +0300 Subject: [PATCH 3/3] fix integration with current forkliftci Signed-off-by: Arik Hadas --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 5309bf8e3..2360ea531 100644 --- a/Makefile +++ b/Makefile @@ -17,10 +17,10 @@ CONTAINER_CMD := $(shell type -P $(CONTAINER_RUNTIME)) endif REGISTRY ?= quay.io -# TODO remove REGISTRY_ORG check once the changes are merged in forkliftci -ifneq (,$(REGISTRY_ORG)) +# TODO remove REGISTRY_ACCOUNT check once the changes are merged in forkliftci +ifneq (,$(REGISTRY_ACCOUNT)) ifeq (,$(REGISTRY_ORG)) -REGISTRY_ORG = $(REGISTRY_ORG) +REGISTRY_ORG = $(REGISTRY_ACCOUNT) endif endif REGISTRY_ORG ?= kubev2v