Enable Operator for restricted network environments

api/v1alpha1/backstage_types.go

@@ -21,6 +21,8 @@ import (
 const (
 	RuntimeConditionRunning string = "RuntimeRunning"
 	RuntimeConditionSynced  string = "RuntimeSyncedWithConfig"
+	EnvPostGresImage        string = "POSTGRESQL_IMAGE"
+	EnvBackstageImage       string = "BACKSTAGE_IMAGE"
 )
 
 // BackstageSpec defines the desired state of Backstage

bundle/manifests/backstage-default-config_v1_configmap.yaml

@@ -58,8 +58,8 @@ data:
     \           - name: PGDATA\n              value: /var/lib/pgsql/data/userdata\n
     \         envFrom:\n            - secretRef:\n                name: \"{POSTGRESQL_SECRET}\"
     \ # will be replaced with 'backstage-psql-secrets-<cr-name>'  \n          image:
-    quay.io/fedora/postgresql-15:latest\n          imagePullPolicy: IfNotPresent\n
-    \         securityContext:\n            runAsNonRoot: true\n            allowPrivilegeEscalation:
+    \"{POSTGRESQL_IMAGE}\" # will be replaced with the actual image\n          imagePullPolicy:
+    IfNotPresent\n          securityContext:\n            runAsNonRoot: true\n            allowPrivilegeEscalation:
     false\n            seccompProfile:\n              type: RuntimeDefault\n            capabilities:\n
     \             drop:\n                - ALL\n          livenessProbe:\n            exec:\n
     \             command:\n                - /bin/sh\n                - -c\n                -
@@ -95,14 +95,15 @@ data:
     \     initContainers:\n        - command:\n            - ./install-dynamic-plugins.sh\n
     \           - /dynamic-plugins-root\n          env:\n            - name: NPM_CONFIG_USERCONFIG\n
     \             value: /opt/app-root/src/.npmrc.dynamic-plugins\n          image:
-    'quay.io/janus-idp/backstage-showcase:next'\n          imagePullPolicy: IfNotPresent\n
-    \         name: install-dynamic-plugins\n          volumeMounts:\n            -
-    mountPath: /dynamic-plugins-root\n              name: dynamic-plugins-root\n            -
-    mountPath: /opt/app-root/src/.npmrc.dynamic-plugins\n              name: dynamic-plugins-npmrc\n
-    \             readOnly: true\n              subPath: .npmrc\n          workingDir:
-    /opt/app-root/src\n\n      containers:\n        - name: backstage-backend\n          image:
-    quay.io/janus-idp/backstage-showcase:next\n          imagePullPolicy: IfNotPresent\n
-    \         args:\n            - \"--config\"\n            - \"dynamic-plugins-root/app-config.dynamic-plugins.yaml\"\n
+    \"{BACKSTAGE_IMAGE}\" # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next\n
+    \         imagePullPolicy: IfNotPresent\n          name: install-dynamic-plugins\n
+    \         volumeMounts:\n            - mountPath: /dynamic-plugins-root\n              name:
+    dynamic-plugins-root\n            - mountPath: /opt/app-root/src/.npmrc.dynamic-plugins\n
+    \             name: dynamic-plugins-npmrc\n              readOnly: true\n              subPath:
+    .npmrc\n          workingDir: /opt/app-root/src\n\n      containers:\n        -
+    name: backstage-backend\n          image: \"{BACKSTAGE_IMAGE}\" # will be replaced
+    with the actual image quay.io/janus-idp/backstage-showcase:next\n          imagePullPolicy:
+    IfNotPresent\n          args:\n            - \"--config\"\n            - \"dynamic-plugins-root/app-config.dynamic-plugins.yaml\"\n
     \         readinessProbe:\n            failureThreshold: 3\n            httpGet:\n
     \             path: /healthcheck\n              port: 7007\n              scheme:
     HTTP\n            initialDelaySeconds: 30\n            periodSeconds: 10\n            successThreshold:

bundle/manifests/backstage-operator.clusterserviceversion.yaml

@@ -21,8 +21,8 @@ metadata:
         }
       ]
     capabilities: Basic Install
-    createdAt: "2023-12-18T21:01:24Z"
-    operators.operatorframework.io/builder: operator-sdk-v1.32.0
+    createdAt: "2023-12-20T02:05:49Z"
+    operators.operatorframework.io/builder: operator-sdk-v1.33.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
   name: backstage-operator.v0.0.1
   namespace: placeholder
@@ -164,6 +164,9 @@ spec:
                         operator: In
                         values:
                         - amd64
+                        - arm64
+                        - ppc64le
+                        - s390x
                       - key: kubernetes.io/os
                         operator: In
                         values:
@@ -198,6 +201,11 @@ spec:
                 - --leader-elect
                 command:
                 - /manager
+                env:
+                - name: POSTGRESQL_IMAGE
+                  value: quay.io/fedora/postgresql-15:latest
+                - name: BACKSTAGE_IMAGE
+                  value: quay.io/janus-idp/backstage-showcase:next
                 image: quay.io/rhdh/backstage-operator:v0.0.1
                 livenessProbe:
                   httpGet:

bundle/metadata/annotations.yaml

@@ -5,7 +5,7 @@ annotations:
   operators.operatorframework.io.bundle.metadata.v1: metadata/
   operators.operatorframework.io.bundle.package.v1: backstage-operator
   operators.operatorframework.io.bundle.channels.v1: alpha
-  operators.operatorframework.io.metrics.builder: operator-sdk-v1.32.0
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.33.0
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
 

config/manager/default-config/db-statefulset.yaml

@@ -29,7 +29,7 @@ spec:
           envFrom:
             - secretRef:
                 name: "{POSTGRESQL_SECRET}"  # will be replaced with 'backstage-psql-secrets-<cr-name>'  
-          image: quay.io/fedora/postgresql-15:latest
+          image: "{POSTGRESQL_IMAGE}" # will be replaced with the actual image
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

config/manager/default-config/deployment.yaml

@@ -36,7 +36,7 @@ spec:
           env:
             - name: NPM_CONFIG_USERCONFIG
               value: /opt/app-root/src/.npmrc.dynamic-plugins
-          image: 'quay.io/janus-idp/backstage-showcase:next'
+          image: "{BACKSTAGE_IMAGE}" # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
           imagePullPolicy: IfNotPresent
           name: install-dynamic-plugins
           volumeMounts:
@@ -50,7 +50,7 @@ spec:
 
       containers:
         - name: backstage-backend
-          image: quay.io/janus-idp/backstage-showcase:next
+          image: "{BACKSTAGE_IMAGE}" # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
           imagePullPolicy: IfNotPresent
           args:
             - "--config"

config/manager/manager.yaml

@@ -70,6 +70,11 @@ spec:
         - /manager
         args:
         - --leader-elect
+        env:
+        - name: POSTGRESQL_IMAGE
+          value: quay.io/fedora/postgresql-15:latest
+        - name: BACKSTAGE_IMAGE
+          value: quay.io/janus-idp/backstage-showcase:next
         image: controller:latest
         name: manager
         securityContext:

controllers/backstage_controller.go

@@ -21,6 +21,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/go-logr/logr"
 	bs "janus-idp.io/backstage-operator/api/v1alpha1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -54,6 +55,10 @@ type BackstageReconciler struct {
 	Namespace string
 
 	IsOpenShift bool
+
+	PsqlImage string
+
+	BackstageImage string
 }
 
 //+kubebuilder:rbac:groups=janus-idp.io,resources=backstages,verbs=get;list;watch;create;update;patch;delete
@@ -260,11 +265,18 @@ func (r *BackstageReconciler) labels(meta *v1.ObjectMeta, backstage bs.Backstage
 }
 
 // SetupWithManager sets up the controller with the Manager.
-func (r *BackstageReconciler) SetupWithManager(mgr ctrl.Manager) error {
+func (r *BackstageReconciler) SetupWithManager(mgr ctrl.Manager, log logr.Logger) error {
+
+	if len(r.PsqlImage) == 0 {
+		r.PsqlImage = "quay.io/fedora/postgresql-15:latest"
+		log.Info("Enviroment variable is not set, default is used", bs.EnvPostGresImage, r.PsqlImage)
+	}
+
+	if len(r.BackstageImage) == 0 {
+		r.BackstageImage = "quay.io/janus-idp/backstage-showcase:next"
+		log.Info("Enviroment variable is not set, default is used", bs.EnvBackstageImage, r.BackstageImage)
+	}
 
-	//if err := initDefaults(); err != nil {
-	//	return err
-	//}
 	builder := ctrl.NewControllerManagedBy(mgr).
 		For(&bs.Backstage{})
 

controllers/backstage_controller_test.go

@@ -56,10 +56,12 @@ var _ = Describe("Backstage controller", func() {
 		Expect(err).To(Not(HaveOccurred()))
 
 		backstageReconciler = &BackstageReconciler{
-			Client:      k8sClient,
-			Scheme:      k8sClient.Scheme(),
-			Namespace:   ns,
-			OwnsRuntime: true,
+			Client:         k8sClient,
+			Scheme:         k8sClient.Scheme(),
+			Namespace:      ns,
+			OwnsRuntime:    true,
+			PsqlImage:      "quay.io/fedora/postgresql-15:latest",
+			BackstageImage: "quay.io/janus-idp/backstage-showcase:next",
 		}
 	})
 

controllers/backstage_deployment.go

@@ -156,6 +156,8 @@ func (r *BackstageReconciler) applyBackstageDeployment(ctx context.Context, back
 		return fmt.Errorf("failed to read config: %s", err)
 	}
 
+	r.setDefaultDeploymentImage(deployment)
+
 	foundDeployment := &appsv1.Deployment{}
 	deployment.Name = fmt.Sprintf("backstage-%s", backstage.Name)
 	err = r.Get(ctx, types.NamespacedName{Name: deployment.Name, Namespace: ns}, foundDeployment)
@@ -302,3 +304,16 @@ func (r *BackstageReconciler) validateAndUpdatePsqlSecretRef(backstage bs.Backst
 
 	return nil
 }
+
+func (r *BackstageReconciler) setDefaultDeploymentImage(deployment *appsv1.Deployment) {
+	for i, c := range deployment.Spec.Template.Spec.InitContainers {
+		if len(c.Image) == 0 || c.Image == fmt.Sprintf("{%s}", bs.EnvBackstageImage) {
+			deployment.Spec.Template.Spec.InitContainers[i].Image = r.BackstageImage
+		}
+	}
+	for i, c := range deployment.Spec.Template.Spec.Containers {
+		if len(c.Image) == 0 || c.Image == fmt.Sprintf("{%s}", bs.EnvBackstageImage) {
+			deployment.Spec.Template.Spec.Containers[i].Image = r.BackstageImage
+		}
+	}
+}

controllers/local_db_statefulset.go

@@ -150,7 +150,8 @@ func (r *BackstageReconciler) applyLocalDbStatefulSet(ctx context.Context, backs
 	// need to patch the Name before get for correct search
 	statefulSet.Name = fmt.Sprintf("backstage-psql-%s", backstage.Name)
 
-	err = r.Get(ctx, types.NamespacedName{Name: statefulSet.Name, Namespace: ns}, statefulSet)
+	found := &appsv1.StatefulSet{}
+	err = r.Get(ctx, types.NamespacedName{Name: statefulSet.Name, Namespace: ns}, found)
 	if err != nil {
 		if errors.IsNotFound(err) {
 
@@ -188,6 +189,9 @@ func (r *BackstageReconciler) applyLocalDbStatefulSet(ctx context.Context, backs
 	if err = r.patchLocalDbStatefulSetObj(statefulSet, backstage); err != nil {
 		return err
 	}
+
+	r.setDefaultStatefulSetImage(statefulSet)
+
 	_, err = r.handlePsqlSecret(ctx, statefulSet, &backstage)
 	if err != nil {
 		return err
@@ -211,3 +215,11 @@ func (r *BackstageReconciler) patchLocalDbStatefulSetObj(statefulSet *appsv1.Sta
 
 	return nil
 }
+
+func (r *BackstageReconciler) setDefaultStatefulSetImage(statefulSet *appsv1.StatefulSet) {
+	for i, c := range statefulSet.Spec.Template.Spec.Containers {
+		if len(c.Image) == 0 || c.Image == fmt.Sprintf("{%s}", bs.EnvPostGresImage) {
+			statefulSet.Spec.Template.Spec.Containers[i].Image = r.PsqlImage
+		}
+	}
+}

main.go

@@ -104,11 +104,13 @@ func main() {
 	}
 
 	if err = (&controller.BackstageReconciler{
-		Client:      mgr.GetClient(),
-		Scheme:      mgr.GetScheme(),
-		OwnsRuntime: ownRuntime,
-		IsOpenShift: isOpenShift,
-	}).SetupWithManager(mgr); err != nil {
+		Client:         mgr.GetClient(),
+		Scheme:         mgr.GetScheme(),
+		OwnsRuntime:    ownRuntime,
+		IsOpenShift:    isOpenShift,
+		PsqlImage:      os.Getenv(backstageiov1alpha1.EnvPostGresImage),
+		BackstageImage: os.Getenv(backstageiov1alpha1.EnvBackstageImage),
+	}).SetupWithManager(mgr, setupLog); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Backstage")
 		os.Exit(1)
 	}
@@ -123,7 +125,13 @@ func main() {
 		os.Exit(1)
 	}
 
-	setupLog.Info("starting manager with parameters: ", "own-runtime", ownRuntime, "env.LOCALBIN", os.Getenv("LOCALBIN"), "isOpenShift", isOpenShift)
+	setupLog.Info("starting manager with parameters: ",
+		"own-runtime", ownRuntime,
+		"env.LOCALBIN", os.Getenv("LOCALBIN"),
+		"isOpenShift", isOpenShift,
+		backstageiov1alpha1.EnvPostGresImage, os.Getenv(backstageiov1alpha1.EnvPostGresImage),
+		backstageiov1alpha1.EnvBackstageImage, os.Getenv(backstageiov1alpha1.EnvBackstageImage),
+	)
 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
 		setupLog.Error(err, "problem running manager")
 		os.Exit(1)