MGMT-4668: Generate OLM opeartor manifest to custom file

[machacekondra]

This PR add a possibility to create manifests from assisted-installer.
In some cases it may be useful to create manifest from
assisted-isntaller instead of openshift-installer. For example when
installing CNV/LSO/OCS we need to have predefined CRDs for the
operators, because at the time of the operator is being created the CRDs
are not yet created by the OLM.

This PR add support to add the files to the bootstrap.ign to directory
prefix /opt/openshift/olmoperators, so later assisted-installer can fetch
the content of those files and create them via dynamic client.

Signed-off-by: Ondra Machacek omachace@redhat.com

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: machacekondra
To complete the pull request process, please assign yuvigold after the PR has been reviewed.
You can assign the PR to them by writing /assign @yuvigold in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[machacekondra]

Related-to: openshift/assisted-installer#271

[pkliczewski]

@eranco74 @tsorya please review

[tsorya]

@machacekondra why it is different than creating manifests with bootkube by adding them to manifests? Trying to understand when we expect those manifests to be created? after cluster is up and running?

[machacekondra]

@machacekondra why it is different than creating manifests with bootkube by adding them to manifests? Trying to understand when we expect those manifests to be created? after cluster is up and running?

The problem is that the operator CRDs are not created at the time the openshift-installer creates the manifests resources. That's why we had to store the CRD spec in assisted-service. If we would not create the CRD by ourselfs, the openshift-installer would simply fail to create the operator resources, because it's not yet created by OLM.

With this PR, we create only OLM's resources by the openshift-installer manifests and we create our own custom assisted-installer manifests, which are created after the openshift is ready, which means OLM is ready and the OLM CRDs are created and we can without any issue create our operators CRs.

[tsorya]

@machacekondra wondering if those manifests can't be applied from bootstrap. When control plane will be up, operators should start already no? cluster bootstrap should eventually succeed no?

[eranco74]

The problem is that the operator CRDs are not created at the time the openshift-installer
The CRDs will get created by the relevant operator once the operator will start running, no?

How would you do it if you were installing with openshift installer?

With this PR, we create only OLM's resources by the openshift-installer manifests and we create our own custom assisted-installer manifests, which are created after the openshift is ready

Who will apply these custom assisted-installer manifests?

[tsorya]

After talking with @eranco74 we think that this case is relevant only for SNO, regular flow should work without this one.
The main question what we are trying to solve here. SNO flow?
Another thing is that if we want it in SNO flow we should create api (if we don't have one already) that will allow to download those manifests and not to push them to bootstrap ignition as they shouldn't be part of it at all.

[machacekondra]

The problem is that the operator CRDs are not created at the time the openshift-installer
The CRDs will get created by the relevant operator once the operator will start running, no?

How would you do it if you were installing with openshift installer?

With this PR, we create only OLM's resources by the openshift-installer manifests and we create our own custom assisted-installer manifests, which are created after the openshift is ready

Who will apply these custom assisted-installer manifests?

assisted-installer

@machacekondra wondering if those manifests can't be applied from bootstrap. When control plane will be up, operators should start already no? cluster bootstrap should eventually succeed no?

I am not sure about this one. We wait for for the operators to be ready in assisted-installer posinstall stage so I think there could be some catch.

Another thing is that if we want it in SNO flow we should create api (if we don't have one already) that will allow to download those manifests and not to push them to bootstrap ignition as they shouldn't be part of it at all.

Why do you think it's SNO issue only? It's problem with normal installation as well. But I agree that creating a special API for those files would make a better sense. Something like:

/clusters/{cluster_id}/downloads/files?file_name=custom_manifests.yaml

And the content would be all the relevant custom manifests?

[eranco74]

Pretty sure that it's relevant only for SNO because assisted-installer is capable to install OLM operators without creating the manifests from the assisted-controller.
It works the same when installing a cluster with openshift-installer, cluster-bootstrap will keep on trying to apply the manifests until it succeeds, at some point the relevant operator (that is creating the required CRDs for applying the manifest) will start running on the master nodes, create the CRDs and cluster bootstrap will succeed.
When installing SNO it's a different story (because there is no master node running in parallel with the bootstrap).
This is documented in the SNO bootstrap in place enhancement.
If this is what this code is trying to solve ( I don't think we want it for multi-node cluster in order to stay inline with openshift-installer behavior), we should decide which manifests get this special treatment, I guess only OLM related manifests that assisted-service support for SNO.

Also I agree there should be a dedicated API for these manifests, overloading them on the bootstrap ignition (bootstrap node never use them) and pulling the bootstrap ignition from the assisted-controller seems wrong.

[machacekondra]

So I've update the code to upload the manifest to storage. Example:

$ curl http://10.97.140.59:8090/api/assisted-install/v1/clusters/dcf20f64-fe45-404a-af45-a205856e27e8/downloads/files?file_name=custom_manifests.yaml
---
apiVersion: hco.kubevirt.io/v1beta1
kind: HyperConverged
metadata:
  name: kubevirt-hyperconverged
  namespace: openshift-cnv
spec:
  BareMetalPlatform: true
---
apiVersion: "local.storage.openshift.io/v1alpha1"
kind: "LocalVolumeSet"
metadata:
  name: "local-disks"
  namespace: "openshift-local-storage"
spec:
  storageClassName: "localblock-sc"
  volumeMode: Block
  deviceInclusionSpec:
    deviceTypes:
      - "disk"

[machacekondra]

/test subsystem-aws

[machacekondra]

/retest

[machacekondra]

/retest

[machacekondra]

/retest

[machacekondra]

@eranco74 @tsorya Can you please re-review?

[tsorya]

createCustomManifest const it

[eranco74]

Looks good

[eranco74]

Consider adding a comment explaining that this is for custom manifests that requires CRDs are created late by the cluster operators (and not by the CVO)

[eranco74]

/lgtm

[openshift-ci]

@machacekondra: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-metal-assisted-operator-disconnected	061dfbf	link	/test e2e-metal-assisted-operator-disconnected

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[machacekondra]

/retest

[tsorya]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: machacekondra, tsorya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [tsorya]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[pkliczewski]

/cherry-pick ocm-2.3

[openshift-cherrypick-robot]

@pkliczewski: new pull request could not be created: failed to create pull request against openshift/assisted-service#ocm-2.3 from head openshift-cherrypick-robot:cherry-pick-1609-to-ocm-2.3: status code 422 not one of [201], body: {"message":"Validation Failed","errors":[{"resource":"PullRequest","code":"custom","message":"No commits between openshift:ocm-2.3 and openshift-cherrypick-robot:cherry-pick-1609-to-ocm-2.3"}],"documentation_url":"https://docs.github.com/rest/reference/pulls#create-a-pull-request"}

In response to this:

/cherry-pick ocm-2.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[pkliczewski]

This commit is already part of ocm-2.3