UPSTREAM: <carry>: Add hostPath mount for /var/lib/kubelet

anik120 · ankitathomas · commit cdda84ca39ef · 2024-11-21T23:21:49.000-05:00
MCO makes the global pull secrets available in `/var/lib/kubelet`. Operator-controller will look for these secrets in `/etc/operator-controller` folder, ref [operator-controller:1303](operator-framework/operator-controller#1303). This PR hostPath mounts the `/var/lib/kublet` directory from the host to the `/etc/operator-controller` directory in the container's filesystem. RFC: [OLMv1 Private registry support](https://docs.google.com/document/d/1BXD6kj5zXHcGiqvJOikU2xs8kV26TPnzEKp6n7TKD4M/edit?usp=sharing) Signed-off-by: Anik Bhattacharjee <anbhatta@redhat.com>
diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh
@@ -39,8 +39,8 @@ trap 'rm -rf $TMP_ROOT' EXIT
 TMP_CONFIG="${TMP_ROOT}/config"
 cp -a "${REPO_ROOT}/config" "$TMP_CONFIG"
 
-# Override namespace to openshift-operator-controller
-$YQ -i ".namespace = \"${NAMESPACE}\"" "${TMP_CONFIG}/base/kustomization.yaml"
+# Override OPENSHIFT-NAMESPACE to ${NAMESPACE}
+find "${TMP_ROOT}" -name "*.yaml" -exec sed -i.tmp "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \;
 
 # Create a temp dir for manifests
 TMP_MANIFEST_DIR="${TMP_ROOT}/manifests"
diff --git a/openshift/kustomize/overlays/openshift/kustomization.yaml b/openshift/kustomize/overlays/openshift/kustomization.yaml
@@ -14,3 +14,7 @@ patches:
       kind: Deployment
       name: controller-manager
     path: patches/manager_deployment_ca.yaml
+  - target:
+      kind: Deployment
+      name: controller-manager
+    path: patches/manager_deployment_mount_auth_host.yaml
diff --git a/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml b/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml
@@ -0,0 +1,6 @@
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"global-auth-file", "hostPath":{"path":"/var/lib/kubelet/config.json", "type": "File"}}
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"global-auth-file", "readOnly": true, "mountPath":"/etc/operator-controller/auth.json"}
diff --git a/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml b/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml
@@ -78,6 +78,9 @@ spec:
               name: olmv1-certificate
               readOnly: true
               subPath: olm-ca.crt
+            - mountPath: /etc/operator-controller/auth.json
+              name: global-auth-file
+              readOnly: true
         - args:
             - --secure-listen-address=0.0.0.0:8443
             - --upstream=http://127.0.0.1:8080/
@@ -115,4 +118,8 @@ spec:
             name: operator-controller-openshift-ca
             optional: false
           name: olmv1-certificate
+        - hostPath:
+            path: /var/lib/kubelet/config.json
+            type: File
+          name: global-auth-file
       priorityClassName: system-cluster-critical
