Skip to content

Commit

Permalink
Creating 'TLSOptions' in favor of 'PullOptions' and 'PushOptions'.
Browse files Browse the repository at this point in the history 
The `build` object, always push to the same registry that the
`kernelMapping` will pull from, therefore, there is not need to
duplicate the config.

In addition that, I have also renamed some of the fields for better
self-documented code.

Here is how this field is used in the module:

* `kernelMapping[].build.baseImageRegistryTLS` is only meant for pulling the
   base image of the Dockerfile specified in the build.

* `kernelMapping[].registryTLS` is meant for specifying the TLS options for
  pulling the image we want to deploy or for pushing it in case we are building
  it in-cluster (because they will always be the same).

* `moduleLoaderContainerSpec.registryTLS` is just the global value of all
  kernelMapping[]'s entries.

Signed-off-by: Yoni Bettan <yonibettan@gmail.com>
  • Loading branch information
@ybettan
ybettan committed Nov 23, 2022
1 parent 351def7 commit 02978ac
Show file tree
Hide file tree
Showing 16 changed files with 224 additions and 286 deletions.
36 changes: 12 additions & 24 deletions api/v1beta1/module_types.go
View file
Expand Up @@ -27,21 +27,10 @@ type BuildArg struct {
Value string `json:"value"`
}

type PullOptions struct {
type TLSOptions struct {

// +optional
// If Insecure is true, images can be pulled from an insecure (plain HTTP) registry.
Insecure bool `json:"insecure,omitempty"`

// +optional
// If InsecureSkipTLSVerify, the operator will accept any certificate provided by the registry.
InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty"`
}

type PushOptions struct {

// +optional
// If Insecure is true, built images can be pushed to an insecure (plain HTTP) registry.
// If Insecure is true, the operator will be able to access a registry in an insecure (plain HTTP) protocol.
Insecure bool `json:"insecure,omitempty"`

// +optional
Expand All @@ -63,12 +52,8 @@ type Build struct {
Dockerfile string `json:"dockerfile"`

// +optional
// Pull contains settings determining how to pull the base images of the build process.
Pull PullOptions `json:"pull"`

// +optional
// Push contains settings determining how to push a built DriverContainer image.
Push PushOptions `json:"push"`
// BaseImageRegistryTLS contains settings determining how to pull the base images of the build-process' Dockerfile.
BaseImageRegistryTLS TLSOptions `json:"baseImageRegistryTLS"`

// +optional
// Secrets is an optional list of secrets to be made available to the build system.
Expand Down Expand Up @@ -117,9 +102,10 @@ type KernelMapping struct {
Literal string `json:"literal"`

// +optional
// Pull contains settings determining how to check if the ModuleLoader image already exists
// and allows overriding of the ModuleLoader's pull options
Pull *PullOptions `json:"pull"`
// RegistryTLS plays 2 different roles.
// 1. The TLS configurations determining how to check if the driver container image already exists.
// 2. The TLS configurations determining how to push the driver container image if built in cluster.
RegistryTLS *TLSOptions `json:"registryTLS"`

// +optional
// Regexp is a regular expression to be match against node kernels.
Expand Down Expand Up @@ -198,8 +184,10 @@ type ModuleLoaderContainerSpec struct {
Modprobe ModprobeSpec `json:"modprobe"`

// +optional
// Pull contains settings determining how to check if the ModuleLoader image already exists.
Pull *PullOptions `json:"pull"`
// RegistryTLS plays 2 different roles.
// 1. The TLS configurations determining how to check if the driver container image already exists.
// 2. The TLS configurations determining how to push the driver container image if built in cluster.
RegistryTLS *TLSOptions `json:"registryTLS"`
}

type ModuleLoaderSpec struct {
Expand Down
60 changes: 22 additions & 38 deletions api/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

128 changes: 54 additions & 74 deletions config/crd/bases/kmm.sigs.k8s.io_managedclustermodules.yaml
View file
Expand Up @@ -1958,6 +1958,22 @@ spec:
build:
description: Build contains build instructions.
properties:
baseImageRegistryTLS:
description: BaseImageRegistryTLS contains settings
determining how to pull the base images of the build-process'
Dockerfile.
properties:
insecure:
description: If Insecure is true, the operator
will be able to access a registry in an insecure
(plain HTTP) protocol.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the operator
will accept any certificate provided by the
registry.
type: boolean
type: object
buildArgs:
description: BuildArgs is an array of build variables
that are provided to the image building backend.
Expand Down Expand Up @@ -1985,34 +2001,6 @@ spec:
the build Job
type: string
type: object
pull:
description: Pull contains settings determining how
to pull the base images of the build process.
properties:
insecure:
description: If Insecure is true, images can be
pulled from an insecure (plain HTTP) registry.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the operator
will accept any certificate provided by the
registry.
type: boolean
type: object
push:
description: Push contains settings determining how
to push a built DriverContainer image.
properties:
insecure:
description: If Insecure is true, built images
can be pushed to an insecure (plain HTTP) registry.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the operator
will accept any certificate provided by the
registry.
type: boolean
type: object
secrets:
description: Secrets is an optional list of secrets
to be made available to the build system. Those
Expand Down Expand Up @@ -2061,6 +2049,22 @@ spec:
this mapping and allows overriding the Module's
build settings.
properties:
baseImageRegistryTLS:
description: BaseImageRegistryTLS contains settings
determining how to pull the base images of
the build-process' Dockerfile.
properties:
insecure:
description: If Insecure is true, the operator
will be able to access a registry in an
insecure (plain HTTP) protocol.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the
operator will accept any certificate provided
by the registry.
type: boolean
type: object
buildArgs:
description: BuildArgs is an array of build
variables that are provided to the image building
Expand Down Expand Up @@ -2089,36 +2093,6 @@ spec:
creating the build Job
type: string
type: object
pull:
description: Pull contains settings determining
how to pull the base images of the build process.
properties:
insecure:
description: If Insecure is true, images
can be pulled from an insecure (plain
HTTP) registry.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the
operator will accept any certificate provided
by the registry.
type: boolean
type: object
push:
description: Push contains settings determining
how to push a built DriverContainer image.
properties:
insecure:
description: If Insecure is true, built
images can be pushed to an insecure (plain
HTTP) registry.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the
operator will accept any certificate provided
by the registry.
type: boolean
type: object
secrets:
description: Secrets is an optional list of
secrets to be made available to the build
Expand Down Expand Up @@ -2151,26 +2125,28 @@ spec:
description: Literal defines a literal target kernel
version to be matched exactly against node kernels.
type: string
pull:
description: Pull contains settings determining
how to check if the ModuleLoader image already
exists and allows overriding of the ModuleLoader's
pull options
regexp:
description: Regexp is a regular expression to be
match against node kernels.
type: string
registryTLS:
description: RegistryTLS plays 2 different roles.
1. The TLS configurations determining how to check
if the driver container image already exists.
2. The TLS configurations determining how to push
the driver container image if built in cluster.
properties:
insecure:
description: If Insecure is true, images can
be pulled from an insecure (plain HTTP) registry.
description: If Insecure is true, the operator
will be able to access a registry in an insecure
(plain HTTP) protocol.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the operator
will accept any certificate provided by the
registry.
type: boolean
type: object
regexp:
description: Regexp is a regular expression to be
match against node kernels.
type: string
sign:
description: Sign enables in-cluster signing for
this mapping
Expand Down Expand Up @@ -2291,13 +2267,17 @@ spec:
required:
- moduleName
type: object
pull:
description: Pull contains settings determining how to
check if the ModuleLoader image already exists.
registryTLS:
description: RegistryTLS plays 2 different roles. 1. The
TLS configurations determining how to check if the driver
container image already exists. 2. The TLS configurations
determining how to push the driver container image if
built in cluster.
properties:
insecure:
description: If Insecure is true, images can be pulled
from an insecure (plain HTTP) registry.
description: If Insecure is true, the operator will
be able to access a registry in an insecure (plain
HTTP) protocol.
type: boolean
insecureSkipTLSVerify:
description: If InsecureSkipTLSVerify, the operator
Expand Down

0 comments on commit 02978ac

Please sign in to comment.