Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCPBUGS-34545: Remove cloud-config and cloud-provider arguments #1696

Open
wants to merge 9 commits into
base: release-4.16
Choose a base branch
from
Open

OCPBUGS-34545: Remove cloud-config and cloud-provider arguments #1696

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
28f5dee
Bump library-go to disable cloud provider flags
nrb May 31, 2024
73e8e26
Disable volume admission plugin
nrb May 31, 2024
ec9df73
Remove unused api server arguments
nrb May 31, 2024
49a2eb9
Fix set typing
nrb May 31, 2024
84fdbef
Update kube-apiserver CRD manifest location
nrb Jun 3, 2024
0fb4f54
Add feature gate package
nrb Jun 3, 2024
c61d558
Copy API server config from new location
nrb Jun 3, 2024
4227063
Vendor in CRD YAML packages
nrb Jun 4, 2024
6cf03c2
Fix path to apirequestcount CRD
nrb Jun 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
4 changes: 2 additions & 2 deletions Dockerfile.rhel7
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ COPY --from=builder /go/src/github.com/openshift/cluster-kube-apiserver-operator
COPY --from=builder /go/src/github.com/openshift/cluster-kube-apiserver-operator/bindata/bootkube/config /usr/share/bootkube/manifests/config/
COPY --from=builder /go/src/github.com/openshift/cluster-kube-apiserver-operator/bindata/bootkube/manifests /usr/share/bootkube/manifests/manifests/
COPY --from=builder /go/src/github.com/openshift/cluster-kube-apiserver-operator/bindata/bootkube/scc-manifests /usr/share/bootkube/manifests/manifests/
COPY --from=builder /go/src/github.com/openshift/cluster-kube-apiserver-operator/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml /usr/share/bootkube/manifests/manifests/
COPY --from=builder /go/src/github.com/openshift/cluster-kube-apiserver-operator/vendor/github.com/openshift/api/apiserver/v1/zz_generated.crd-manifests/kube-apiserver_apirequestcounts.crd.yaml /usr/share/bootkube/manifests/manifests/
COPY --from=builder /go/src/github.com/openshift/cluster-kube-apiserver-operator/cluster-kube-apiserver-operator /usr/bin/
COPY manifests /manifests
COPY bindata/bootkube/scc-manifests /manifests
COPY vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml /manifests
COPY vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml /manifests
LABEL io.openshift.release.operator true
# FIXME: entrypoint shouldn't be bash but the binary (needs fixing the chain)
# ENTRYPOINT ["/usr/bin/cluster-kube-apiserver-operator"]
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ export TP_CMD_PATH ?=./cmd/cluster-kube-apiserver-operator

# ensure the apirequestcounts crd is included in bindata
APIREQUESTCOUNT_CRD_TARGET := bindata/assets/kube-apiserver/apiserver.openshift.io_apirequestcount.yaml
APIREQUESTCOUNT_CRD_SOURCE := vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml
APIREQUESTCOUNT_CRD_SOURCE := vendor/github.com/openshift/api/apiserver/v1/zz_generated.crd-manifests/kube-apiserver_apirequestcounts.crd.yaml
update-bindata-v4.1.0: $(APIREQUESTCOUNT_CRD_TARGET)
$(APIREQUESTCOUNT_CRD_TARGET): $(APIREQUESTCOUNT_CRD_SOURCE)
cp $< $@
Expand Down
1 change: 0 additions & 1 deletion bindata/assets/config/defaultconfig.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ apiServerArguments:
- NodeRestriction
- OwnerReferencesPermissionEnforcement
- PersistentVolumeClaimResize
- PersistentVolumeLabel
- PodNodeSelector
- PodTolerationRestriction
- Priority
Expand Down
478 changes: 276 additions & 202 deletions bindata/assets/kube-apiserver/apiserver.openshift.io_apirequestcount.yaml
View file
Open in desktop

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ require (
github.com/google/go-cmp v0.6.0
github.com/imdario/mergo v0.3.8
github.com/miekg/dns v1.1.25
github.com/openshift/api v0.0.0-20231219140051-ddc590a81acb
github.com/openshift/build-machinery-go v0.0.0-20230228230858-4cd708338479
github.com/openshift/client-go v0.0.0-20231218155125-ff7d9f9bf415
github.com/openshift/library-go v0.0.0-20240402180049-f5bf38712dca
github.com/openshift/api v0.0.0-20240518060631-280767ad03ed
github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8
github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8
github.com/openshift/library-go v0.0.0-20240419183815-b8bcc87e7606
github.com/pkg/profile v1.5.0 // indirect
github.com/prometheus/client_golang v1.16.0
github.com/spf13/cobra v1.7.0
Expand Down
16 changes: 8 additions & 8 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,14 +155,14 @@ github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4
github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
github.com/openshift/api v0.0.0-20231219140051-ddc590a81acb h1:Q6Y9S53WL/QWzQL7tk29VuBXMHZKAJfqnzAQwrdoXZA=
github.com/openshift/api v0.0.0-20231219140051-ddc590a81acb/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
github.com/openshift/build-machinery-go v0.0.0-20230228230858-4cd708338479 h1:IU2KU1kzg7/dfiZO4uPJY1G5Wp1k/IiXfYesc+quwaE=
github.com/openshift/build-machinery-go v0.0.0-20230228230858-4cd708338479/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
github.com/openshift/client-go v0.0.0-20231218155125-ff7d9f9bf415 h1:wfnn3E0Z62bB3wYM5eO1AZ9EYZpFd7M1p4PclcIyVv0=
github.com/openshift/client-go v0.0.0-20231218155125-ff7d9f9bf415/go.mod h1:5W+xoimHjRdZ0dI/yeQR0ANRNLK9mPmXMzUWPAIPADo=
github.com/openshift/library-go v0.0.0-20240402180049-f5bf38712dca h1:hbTGB9yPZj+cBTYQtRzGDh7NlzeuWk+9cYMFv5TRcPc=
github.com/openshift/library-go v0.0.0-20240402180049-f5bf38712dca/go.mod h1:sb0m3u8GuEtCmkVWsosk/XBAzvnJjaOKcZ4m+oYsOa0=
github.com/openshift/api v0.0.0-20240518060631-280767ad03ed h1:GVkw3GInzpfTS8oqHSiJpb1Qx88FN9GR5PfZrvkaLRc=
github.com/openshift/api v0.0.0-20240518060631-280767ad03ed/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8 h1:cu3YUMVGsKIyFyJGO3F6BZKGYQZpCKxAv9cBPgQAca8=
github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8 h1:HGfbllzRcrJBSiwzNjBCs7sExLUxC5/1evnvlNGB0Cg=
github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8/go.mod h1:+VvvaMSTUhOt+rBq7NwRLSNxq06hTeRCBqm0j0PQEq8=
github.com/openshift/library-go v0.0.0-20240419183815-b8bcc87e7606 h1:7Z2g059PWAuRjyW4ccVSscwFlflXzWTuo0HZAmaEEk0=
github.com/openshift/library-go v0.0.0-20240419183815-b8bcc87e7606/go.mod h1:m/HsttSi90vSixwoy5mPUBHcZid2YRw/QbsLErLxF9s=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
Expand Down
3 changes: 2 additions & 1 deletion pkg/cmd/render/render.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (

"github.com/ghodss/yaml"
configv1 "github.com/openshift/api/config/v1"
"github.com/openshift/api/features"
kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
"github.com/openshift/cluster-kube-apiserver-operator/bindata"
"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/apienablement"
Expand Down Expand Up @@ -333,7 +334,7 @@ func bootstrapDefaultConfig(featureGates featuregates.FeatureGate) ([]byte, erro
return nil, fmt.Errorf("failed to add audit policy into default config - %s", err)
}

if !featureGates.Enabled(configv1.FeatureGateOpenShiftPodSecurityAdmission) {
if !featureGates.Enabled(features.FeatureGateOpenShiftPodSecurityAdmission) {
if err := auth.SetPodSecurityAdmissionToEnforcePrivileged(defaultConfig); err != nil {
return nil, err
}
Expand Down
3 changes: 2 additions & 1 deletion pkg/cmd/render/render_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"testing"

configv1 "github.com/openshift/api/config/v1"
"github.com/openshift/api/features"
kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
libgoaudit "github.com/openshift/library-go/pkg/operator/apiserver/audit"
"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
Expand Down Expand Up @@ -650,7 +651,7 @@ spec:
}

func TestGetDefaultConfigWithAuditPolicy(t *testing.T) {
raw, err := bootstrapDefaultConfig(featuregates.NewFeatureGate([]configv1.FeatureGateName{configv1.FeatureGateOpenShiftPodSecurityAdmission}, nil))
raw, err := bootstrapDefaultConfig(featuregates.NewFeatureGate([]configv1.FeatureGateName{features.FeatureGateOpenShiftPodSecurityAdmission}, nil))
require.NoError(t, err)
require.True(t, len(raw) > 0)

Expand Down
2 changes: 2 additions & 0 deletions pkg/dependencymagnet/doc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,7 @@
package dependencymagnet

import (
_ "github.com/openshift/api/apiserver/v1/zz_generated.crd-manifests"
_ "github.com/openshift/api/operator/v1/zz_generated.crd-manifests"
_ "github.com/openshift/build-machinery-go"
)
4 changes: 2 additions & 2 deletions pkg/operator/configobservation/auth/podsecurityadmission.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package auth
import (
"fmt"

configv1 "github.com/openshift/api/config/v1"
"github.com/openshift/api/features"
"github.com/openshift/library-go/pkg/operator/configobserver"
"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
"github.com/openshift/library-go/pkg/operator/events"
Expand Down Expand Up @@ -98,7 +98,7 @@ func observePodSecurityAdmissionEnforcement(featureGateAccessor featuregates.Fea

observedConfig := map[string]interface{}{}
switch {
case !featureGates.Enabled(configv1.FeatureGateOpenShiftPodSecurityAdmission):
case !featureGates.Enabled(features.FeatureGateOpenShiftPodSecurityAdmission):
if err := SetPodSecurityAdmissionToEnforcePrivileged(observedConfig); err != nil {
return existingConfig, append(errs, err)
}
Expand Down
5 changes: 3 additions & 2 deletions pkg/operator/configobservation/auth/podsecurityadmission_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/stretchr/testify/require"

configv1 "github.com/openshift/api/config/v1"
"github.com/openshift/api/features"
"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
"github.com/openshift/library-go/pkg/operator/events"
)
Expand All @@ -27,11 +28,11 @@ func TestObservePodSecurityAdmissionEnforcement(t *testing.T) {
restrictedJSON, err := json.Marshal(restrictedMap)
require.NoError(t, err)

defaultFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{configv1.FeatureGateOpenShiftPodSecurityAdmission}, []configv1.FeatureGateName{})
defaultFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{features.FeatureGateOpenShiftPodSecurityAdmission}, []configv1.FeatureGateName{})

const sentinelExistingJSON = `{"admission":{"pluginConfig":{"PodSecurity":{"configuration":{"defaults":{"foo":"bar"}}}}}}`

disabledFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{}, []configv1.FeatureGateName{configv1.FeatureGateOpenShiftPodSecurityAdmission})
disabledFeatureSet := featuregates.NewHardcodedFeatureGateAccess([]configv1.FeatureGateName{}, []configv1.FeatureGateName{features.FeatureGateOpenShiftPodSecurityAdmission})

for _, tc := range []struct {
name string
Expand Down
2 changes: 0 additions & 2 deletions pkg/operator/configobservation/configobservercontroller/observe_config_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,8 +142,6 @@ func NewConfigObserver(
etcdendpoints.ObserveStorageURLs,
cloudprovider.NewCloudProviderObserver(
"openshift-kube-apiserver", true,
[]string{"apiServerArguments", "cloud-provider"},
[]string{"apiServerArguments", "cloud-config"},
),
apienablement.NewFeatureGateObserverWithRuntimeConfig(
nil,
Expand Down
2 changes: 1 addition & 1 deletion pkg/operator/webhooksupportabilitycontroller/degraded_webhook_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ func (s *mockWebhookServer) Run(t *testing.T, ctx context.Context) {
s.CABundle = []byte{}
}
// server certs
serverCertCfg, err := rootCA.MakeServerCert(sets.NewString(s.Hostname, "127.0.0.1"), 10)
serverCertCfg, err := rootCA.MakeServerCert(sets.New[string](s.Hostname, "127.0.0.1"), 10)
if err != nil {
t.Fatal(err)
}
Expand Down
2 changes: 1 addition & 1 deletion vendor/github.com/openshift/api/.ci-operator.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions vendor/github.com/openshift/api/Dockerfile.rhel8
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 10 additions & 3 deletions vendor/github.com/openshift/api/Makefile
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading