UPSTREAM: <carry>: Add make target to update bundle manifests and ins…

…tall bundle

Signed-off-by: Christoph Stäbler <cstabler@redhat.com>
(cherry picked from commit 43df346)
(cherry picked from commit 492d38e)
(cherry picked from commit f909784)
(cherry picked from commit f36660e)
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
(cherry picked from commit 750363e)
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>

Makefile

@@ -228,9 +228,21 @@ vendor:
 # Generate bundle manifests and metadata, then validate generated files.
 bundle: operator-sdk gen-crds manifests
 	cp -r $(MANIFEST_BASES_DIR) $(MANIFESTS_DIR)/bases
-	$(OPERATOR_SDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) --deploy-dir $(MANIFESTS_DIR) --crds-dir deploy/crds
+	$(OPERATOR_SDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) --deploy-dir $(MANIFESTS_DIR) --crds-dir deploy/crds --output-dir $(BUNDLE_DIR)
 	$(OPERATOR_SDK) bundle validate $(BUNDLE_DIR)
 
+# Update the OCP bundle manifests
+ocp-update-bundle-manifests: generate manifests
+	./hack/ocp-update-bundle-manifests.sh
+
+# Build and deploy the OCP bundle
+ocp-build-and-deploy-bundle: generate manifests
+	./hack/ocp-build-and-deploy-bundle.sh
+
+# Uninstall the bundle from "make ocp-build-and-deploy-bundle"
+ocp-uninstall-bundle:
+	./hack/ocp-uninstall-bundle.sh
+
 # Build the bundle image.
 bundle-build:
 	$(IMAGE_BUILDER) build -f $(BUNDLE_DOCKERFILE) -t $(BUNDLE_IMG) .

hack/ocp-build-and-deploy-bundle.sh

@@ -0,0 +1,127 @@
+
+#!/bin/bash
+
+# This is a helper to deploy a bundle to a running cluster (e.g. to validate the
+# bundle manifests / csv). This should be called via its make target (`make ocp-build-and-deploy-bundle`)
+
+# Available "parameters": 
+#   - IMAGE_REGISTRY (defaults to quay.io)
+#   - IMAGE_REPO (defaults to openshift)
+#   - HANDLER_IMAGE_NAME (defaults to origin-kubernetes-nmstate-handler)
+#   - HANDLER_IMAGE_TAG (defaults to ${CHANNEL})
+#   - OPERATOR_IMAGE_NAME (defaults to origin-kubernetes-nmstate-operator)
+#   - OPERATOR_IMAGE_TAG (defaults to ${CHANNEL})
+#   - CHANNEL (defaults to the latest 4.x version in manifests/)
+#   - VERSION (defaults to ${CHANNEL}.0)
+#   - BUNDLE_VERSION (defaults to ${VERSION})
+#   - INDEX_VERSION (defaults to ${VERSION})
+
+set -ex
+
+if [ -z "${CHANNEL}" ]; then
+    # get latest 4.* version from manifests folder
+    export CHANNEL=$(find manifests/ -name "4.*" -printf "%f\n" | sort -Vr | head -n 1)
+fi
+
+export IMAGE_REGISTRY="${IMAGE_REGISTRY:-quay.io}"
+export IMAGE_REPO="${IMAGE_REPO:-openshift}"
+export VERSION="${VERSION:-${CHANNEL}.0}"
+export NAMESPACE="openshift-nmstate"
+
+export HANDLER_IMAGE_NAME="${HANDLER_IMAGE_NAME:-origin-kubernetes-nmstate-handler}"
+export HANDLER_IMAGE_TAG="${HANDLER_IMAGE_TAG:-${VERSION}}"
+export HANDLER_NAMESPACE="${NAMESPACE}"
+
+export OPERATOR_IMAGE_NAME="${OPERATOR_IMAGE_NAME:-origin-kubernetes-nmstate-operator}"
+export OPERATOR_IMAGE_TAG="${OPERATOR_IMAGE_TAG:-${VERSION}}"
+export OPERATOR_NAMESPACE="${NAMESPACE}"
+
+export BUNDLE_VERSION="${BUNDLE_VERSION:-${VERSION}}"
+export BUNDLE_IMG="${BUNDLE_IMG:-${IMAGE_REGISTRY}/${IMAGE_REPO}/kubernetes-nmstate-operator-bundle:${BUNDLE_VERSION}}"
+
+export INDEX_VERSION="${INDEX_VERSION:-${VERSION}}"
+export INDEX_IMG="${INDEX_IMG:-${IMAGE_REGISTRY}/${IMAGE_REPO}/kubernetes-nmstate-operator-index:${INDEX_VERSION}}"
+
+
+if [ ! "$SKIP_IMAGE_BUILD" == "true" ]; then
+  # create or cleanup tmp dir for bundle manifests to not override manifests in manifests/4.x
+  TMP_BUNDLE_DIR=./build/_output/bundle-tmp
+
+  if [ -d "${TMP_BUNDLE_DIR}" ]; then
+    echo "*** Cleaning up old bundle files from disk... ***"
+    rm -rf ${TMP_BUNDLE_DIR}
+  fi
+
+  mkdir -p ${TMP_BUNDLE_DIR}
+
+  echo "**** Build and push operator and handler... ****"
+  make push-handler push-operator
+
+  echo "**** Create bundle files... ****"
+  BUNDLE_DIR=${TMP_BUNDLE_DIR} make ocp-update-bundle-manifests
+  # remove the image references file. This leads to issues in "local" deployments
+  rm -f ${TMP_BUNDLE_DIR}/manifests/image-references
+
+  echo "**** Build and push bundle... ****"
+  BUNDLE_DOCKERFILE="${TMP_BUNDLE_DIR}/bundle.Dockerfile" make bundle-build bundle-push
+
+  echo "**** Build and push index... ****"
+  BUNDLE_DOCKERFILE="${TMP_BUNDLE_DIR}/bundle.Dockerfile" make index-build index-push
+fi
+
+echo "**** Create catalog source ****"
+cat <<EOF | oc create -f - 
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: kubernetes-nmstate-catalog
+  namespace: openshift-marketplace
+spec:
+  sourceType: grpc
+  image: ${INDEX_IMG}
+  displayName: Catalog for kubernetes-nmstate
+  publisher: knmstate-catalog
+EOF
+
+if [ "$INSTALL_OPERATOR_VIA_UI" == "true" ]; then
+  echo "**** Skipping installing operator. Has to be installed via console UI ****"
+  exit
+fi
+
+echo "**** Create namespace if it does not exist ****"
+oc create namespace "${OPERATOR_NAMESPACE}" --dry-run=client -o yaml | oc apply -f -
+
+echo "**** Create operator group ****"
+cat <<EOF | oc create -f - 
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: openshift-kubernetes-nmstate-operator
+  namespace: ${OPERATOR_NAMESPACE}
+spec:
+  targetNamespaces:
+  - ${OPERATOR_NAMESPACE}
+EOF
+
+echo "**** Create subscription ****"
+cat <<EOF | oc create -f - 
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: kubernetes-nmstate-operator
+  namespace: ${OPERATOR_NAMESPACE}
+spec:
+  channel: "${CHANNEL}"
+  installPlanApproval: Automatic
+  name: kubernetes-nmstate-operator
+  source: kubernetes-nmstate-catalog
+  sourceNamespace: openshift-marketplace
+EOF
+
+echo "**** Waiting for install plan to finish ****"
+oc -n ${OPERATOR_NAMESPACE} wait --for=condition=installplanpending subscription kubernetes-nmstate-operator
+install_plan=$(oc -n ${OPERATOR_NAMESPACE} get subscription kubernetes-nmstate-operator -ojsonpath='{..status.installPlanRef.name}')
+oc -n ${OPERATOR_NAMESPACE} wait --for=condition=installed --timeout 120s installplan ${install_plan}
+
+echo "**** Waiting for operator deployment being available ****"
+oc -n ${OPERATOR_NAMESPACE} wait --for=condition=available deploy nmstate-operator

hack/ocp-uninstall-bundle.sh

@@ -0,0 +1,12 @@
+
+#!/bin/bash
+
+set -ex
+
+export NAMESPACE="openshift-nmstate"
+export OPERATOR_NAMESPACE="${NAMESPACE}"
+
+oc -n ${OPERATOR_NAMESPACE} delete ClusterServiceVersion $(oc -n ${OPERATOR_NAMESPACE} get Subscription kubernetes-nmstate-operator -ojsonpath='{.status.installedCSV}') || true
+oc -n ${OPERATOR_NAMESPACE} delete Subscription kubernetes-nmstate-operator || true
+oc -n ${OPERATOR_NAMESPACE} delete OperatorGroup openshift-kubernetes-nmstate-operator || true
+oc -n openshift-marketplace delete CatalogSource kubernetes-nmstate-catalog || true

hack/ocp-update-bundle-manifests.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# This is a helper to update the bundles manifests file. This should be invoked
+# via its make target (`make ocp-update-bundle-manifests`)
+
+set -ex
+
+if [ -z "${CHANNEL}" ]; then
+    export CHANNEL=$(find manifests/ -name "4.*" -printf "%f\n" | sort -Vr | head -n 1)
+fi
+
+export IMAGE_REPO="${IMAGE_REPO:-openshift}"
+export NAMESPACE="openshift-nmstate"
+
+export HANDLER_IMAGE_NAME="${HANDLER_IMAGE_NAME:-origin-kubernetes-nmstate-handler}"
+export HANDLER_IMAGE_TAG="${HANDLER_IMAGE_TAG:-${CHANNEL}}"
+export HANDLER_NAMESPACE="${NAMESPACE}"
+
+export OPERATOR_IMAGE_NAME="${OPERATOR_IMAGE_NAME:-origin-kubernetes-nmstate-operator}"
+export OPERATOR_IMAGE_TAG="${OPERATOR_IMAGE_TAG:-${CHANNEL}}"
+export OPERATOR_NAMESPACE="${NAMESPACE}"
+
+export VERSION="${VERSION:-${CHANNEL}.0}"
+
+export BUNDLE_DIR="${BUNDLE_DIR:-manifests/${CHANNEL}}"
+MANIFEST_BASES_DIR=manifests/bases
+
+# remove old manifests & bundle metadata files
+rm -rf ${BUNDLE_DIR}/manifests ${BUNDLE_DIR}/metadata
+
+# generate bundle files from scratch
+IMAGE_REPO=${IMAGE_REPO} \
+HANDLER_IMAGE_NAME=${HANDLER_IMAGE_NAME} HANDLER_IMAGE_TAG=${HANDLER_IMAGE_TAG} HANDLER_NAMESPACE=${HANDLER_NAMESPACE} \
+OPERATOR_IMAGE_NAME=${OPERATOR_IMAGE_NAME} OPERATOR_IMAGE_TAG=${OPERATOR_IMAGE_TAG} OPERATOR_NAMESPACE=${OPERATOR_NAMESPACE} \
+VERSION=${VERSION} CHANNELS=${CHANNEL},alpha DEFAULT_CHANNEL=${CHANNEL} \
+BUNDLE_DIR=${BUNDLE_DIR} MANIFEST_BASES_DIR=${MANIFEST_BASES_DIR} make bundle
+
+# add the cluster permissions to use the privileged security context constraint to the nmstate-operator SA in the CSV
+yq --inplace eval '.spec.install.spec.clusterPermissions[] |= select(.rules[]) |= select(.serviceAccountName == "nmstate-operator").rules += {"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}' ${BUNDLE_DIR}/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml
+
+# add the permissions to use the privileged security context constraint to the nmstate-handler SA in the CSV
+yq --inplace eval '.spec.install.spec.permissions += {"rules":[{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}],"serviceAccountName":"nmstate-handler"}' ${BUNDLE_DIR}/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml
+
+# remove unneeded owned CRDs in CSV / use only NMState v1 CRD
+yq --inplace eval '.spec.customresourcedefinitions.owned |= [{"kind":"NMState","name":"nmstates.nmstate.io","version":"v1","description":"Represents an NMState deployment.","displayName":"NMState"}]' ${BUNDLE_DIR}/manifests/kubernetes-nmstate-operator.clusterserviceversion.yaml
+
+# delete unneeded files
+rm -f ${BUNDLE_DIR}/manifests/nmstate.io_nodenetwork*.yaml
+
+# save new bundle.Dockerfile with new paths
+sed 's#manifests\/$(CHANNEL)/##g' bundle.Dockerfile | head -n -1 > ${BUNDLE_DIR}/bundle.Dockerfile
+
+# save image-refences file
+cat > ${BUNDLE_DIR}/manifests/image-references <<EOF
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+spec:
+  tags:
+  - name: kubernetes-nmstate-operator
+    from:
+      kind: DockerImage
+      name: quay.io/openshift/origin-kubernetes-nmstate-operator:${CHANNEL}
+  - name: kubernetes-nmstate-handler
+    from:
+      kind: DockerImage
+      name: quay.io/openshift/origin-kubernetes-nmstate-handler:${CHANNEL}
+EOF
+
+# undo changes on "root" bundle.Dockerfile (gets updated by `make bundle`)
+git checkout bundle.Dockerfile

manifests/4.11/bundle.Dockerfile

@@ -0,0 +1,20 @@
+FROM scratch
+
+# Core bundle labels.
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=kubernetes-nmstate-operator
+LABEL operators.operatorframework.io.bundle.channels.v1=4.11,alpha
+LABEL operators.operatorframework.io.bundle.channel.default.v1=4.11
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.21.0
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
+
+# Labels for testing.
+LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
+LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
+
+# Copy files to locations specified by labels.
+COPY manifests/4.11/manifests /manifests/
+COPY manifests/4.11/metadata /metadata/