Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Use the latest image of vm-console-proxy #645

Merged
merged 1 commit into from
Aug 30, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/release-vm-console-proxy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ jobs:
OUTPUT_FILE=./data/vm-console-proxy-bundle/vm-console-proxy.yaml
mkdir -p ./data/vm-console-proxy-bundle
curl -L https://github.com/kubevirt/vm-console-proxy/releases/download/${RELEASE_VERSION}/vm-console-proxy.yaml > ${OUTPUT_FILE}
sed -i "s/defaultVmConsoleProxyImageTag = .*$/defaultVmConsoleProxyImageTag = \"${RELEASE_VERSION}\"/" ./internal/operands/vm-console-proxy/defaults.go
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO, I don't think we should do that bump here.

  1. This workflow is used to update vm-console-proxy bundle only
  2. We try to change code during that workflow, what if defaults.go will be removed in the future?

Why not just use latest tag? if anyways this intended to be updated on every release to latest one, just use latest then: quay.io/kubevirt/vm-console-proxy:latest.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. This workflow is used to update vm-console-proxy bundle only

This workflow is used to update SSP operator code, so that it uses the latest release of vm-cosole-proxy. It can update the image tag and bundle.

  1. We try to change code during that workflow, what if defaults.go will be removed in the future?

I will add a comment to defaults.go explaining how the file is used.

Why not just use latest tag? if anyways this intended to be updated on every release to latest one, just use latest then: quay.io/kubevirt/vm-console-proxy:latest.

There is no latest tag. We would need to add automation to create and update it.
https://quay.io/repository/kubevirt/vm-console-proxy?tab=tags&tag=latest

Using the latest tag would probably not save us work, because we would need to fix the version when creating a release branch.


- name: Create pull request
if: ${{ github.event.client_payload.release_version }} != ''
Expand Down
1 change: 1 addition & 0 deletions config/manager/manager.template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ spec:
- name: OPERATOR_VERSION
- name: TEKTON_TASKS_IMAGE
- name: TEKTON_TASKS_DISK_VIRT_IMAGE
- name: VM_CONSOLE_PROXY_IMAGE
image: controller:latest
name: manager
resources:
Expand Down
57 changes: 47 additions & 10 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,17 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- apps
resources:
Expand Down Expand Up @@ -184,16 +195,32 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -225,14 +252,6 @@ rules:
- list
- update
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
Expand Down Expand Up @@ -279,6 +298,18 @@ rules:
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand Down Expand Up @@ -320,18 +351,18 @@ rules:
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- ssp.kubevirt.io
Expand All @@ -353,6 +384,12 @@ rules:
- ssps/status
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/vnc
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
Expand Down
58 changes: 48 additions & 10 deletions data/olm-catalog/ssp-operator.clusterserviceversion.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,17 @@ spec:
verbs:
- list
- watch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- apps
resources:
Expand Down Expand Up @@ -245,16 +256,32 @@ spec:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -286,14 +313,6 @@ spec:
- list
- update
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
Expand Down Expand Up @@ -340,6 +359,18 @@ spec:
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand Down Expand Up @@ -381,18 +412,18 @@ spec:
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- ssp.kubevirt.io
Expand All @@ -414,6 +445,12 @@ spec:
- ssps/status
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/vnc
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
Expand Down Expand Up @@ -494,6 +531,7 @@ spec:
value: 0.14.0
- name: TEKTON_TASKS_IMAGE
- name: TEKTON_TASKS_DISK_VIRT_IMAGE
- name: VM_CONSOLE_PROXY_IMAGE
image: quay.io/kubevirt/ssp-operator:latest
livenessProbe:
httpGet:
Expand Down
76 changes: 69 additions & 7 deletions data/vm-console-proxy-bundle/vm-console-proxy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,48 @@ rules:
- kubevirt.io
resources:
- virtualmachineinstances
- virtualmachines
verbs:
- get
- list
- watch
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/vnc
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- authentication.k8s.io
resources:
Expand All @@ -41,6 +79,20 @@ rules:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: vm-console-proxy
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: vm-console-proxy
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vm-console-proxy
Expand Down Expand Up @@ -100,7 +152,7 @@ spec:
- args: []
command:
- /console
image: quay.io/kubevirt/vm-console-proxy:v0.2.0
image: quay.io/kubevirt/vm-console-proxy:v0.3.1
imagePullPolicy: Always
name: console
ports:
Expand All @@ -119,9 +171,6 @@ spec:
- mountPath: /tmp/vm-console-proxy-cert
name: vm-console-proxy-cert
readOnly: true
- mountPath: /etc/virt-handler/clientcertificates
name: kubevirt-virt-handler-certs
readOnly: true
securityContext:
runAsNonRoot: true
seccompProfile:
Expand All @@ -135,6 +184,19 @@ spec:
- name: vm-console-proxy-cert
secret:
secretName: vm-console-proxy-cert
- name: kubevirt-virt-handler-certs
secret:
secretName: kubevirt-virt-handler-certs
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
service.beta.openshift.io/inject-cabundle: "true"
name: v1alpha1.token.kubevirt.io
spec:
group: token.kubevirt.io
groupPriorityMinimum: 2000
service:
name: vm-console-proxy
namespace: kubevirt
port: 443
version: v1alpha1
versionPriority: 10
Loading
Loading