Deploy networking-console-plugin by CNO

Use the CNO operator config controller to deploy and reconcile the resources required to enable the new Networking console plugin:
* Deployment
* Service
* ConfigMap (for nginx config)
* ConsolePlugin

Signed-off-by: Oren Cohen <ocohen@redhat.com>

bindata/networking-console-plugin/001-config-map.yaml

@@ -0,0 +1,39 @@
+apiVersion: v1
+data:
+  nginx.conf: |
+    error_log /dev/stdout info;
+    events {}
+    http {
+      include            /etc/nginx/mime.types;
+      default_type       application/octet-stream;
+      keepalive_timeout  65;
+      server {
+        listen              9443 ssl;
+        ssl_certificate     /var/cert/tls.crt;
+        ssl_certificate_key /var/cert/tls.key;
+        root                /opt/app-root/src;
+
+        # Prevent caching for plugin-manifest.json
+        location = /plugin-manifest.json {
+          add_header Cache-Control 'no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0';
+          add_header Pragma 'no-cache';
+          add_header Expires '0';
+        }
+
+        # Prevent caching for plugin-entry.js
+        location = /plugin-entry.js {
+          add_header Cache-Control 'no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0';
+          add_header Pragma 'no-cache';
+          add_header Expires '0';
+        }
+      }
+    }
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: networking-console-plugin
+    app.kubernetes.io/managed-by: cluster-network-operator
+    app.kubernetes.io/name: networking-console-plugin
+    app.kubernetes.io/part-of: cluster-network-operator
+  name: networking-console-plugin
+  namespace: openshift-network-operator

bindata/networking-console-plugin/002-deployment.yaml

@@ -0,0 +1,110 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: networking-console-plugin
+  namespace: openshift-network-operator
+  annotations:
+    kubernetes.io/description: |
+      This deployment deploys the Networking console plugin pod which serves
+      the contents of the Networking section in OpenShift Console
+    release.openshift.io/version: "{{.ReleaseVersion}}"
+    networkoperator.openshift.io/non-critical: ""
+  labels:
+    app.kubernetes.io/component: networking-console-plugin
+    app.kubernetes.io/managed-by: cluster-network-operator
+    app.kubernetes.io/name: networking-console-plugin
+    app.kubernetes.io/part-of: cluster-network-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: networking-console-plugin
+      app.kubernetes.io/managed-by: cluster-network-operator
+      app.kubernetes.io/name: networking-console-plugin
+      app.kubernetes.io/part-of: cluster-network-operator
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
+      labels:
+        app.kubernetes.io/component: networking-console-plugin
+        app.kubernetes.io/managed-by: cluster-network-operator
+        app.kubernetes.io/name: networking-console-plugin
+        app.kubernetes.io/part-of: cluster-network-operator
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app.kubernetes.io/component: networking-console-plugin
+                app.kubernetes.io/managed-by: cluster-network-operator
+                app.kubernetes.io/name: networking-console-plugin
+                app.kubernetes.io/part-of: cluster-network-operator
+            namespaces:
+            - openshift-network-operator
+            topologyKey: kubernetes.io/hostname
+      automountServiceAccountToken: false
+      containers:
+      - command:
+        - /bin/sh
+        - -c
+        - |
+          if echo "$POD_IP" | grep -qE '^([0-9]{1,3}\.){3}[0-9]{1,3}$'; then
+            LISTEN_ADDRESS_PORT_REPLACED_AT_RUNTIME="9443"
+          else
+            LISTEN_ADDRESS_PORT_REPLACED_AT_RUNTIME="[::]:9443"
+          fi
+          sed "s/LISTEN_ADDRESS_PORT_REPLACED_AT_RUNTIME/$LISTEN_ADDRESS_PORT_REPLACED_AT_RUNTIME/g" /etc/nginx/nginx.conf > /tmp/nginx.conf
+          exec nginx -c /tmp/nginx.conf -g 'daemon off;'
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        image: "{{.NetworkingConsolePluginImage}}"
+        imagePullPolicy: IfNotPresent
+        name: networking-console-plugin
+        ports:
+        - containerPort: 9443
+          name: https
+        resources:
+          requests:
+            cpu: 10m
+            memory: 50Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+        terminationMessagePolicy: FallbackToLogsOnError
+        volumeMounts:
+        - mountPath: /var/cert
+          name: networking-console-plugin-cert
+          readOnly: true
+        - mountPath: /etc/nginx/nginx.conf
+          name: nginx-conf
+          readOnly: true
+          subPath: nginx.conf
+      dnsPolicy: ClusterFirst
+      nodeSelector:
+        kubernetes.io/os: linux
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: networking-console-plugin
+        name: nginx-conf
+      - name: networking-console-plugin-cert
+        secret:
+          defaultMode: 420
+          secretName: networking-console-plugin-cert

bindata/networking-console-plugin/003-service.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    openshift.io/description: Expose the networking console plugin service on port 9443. This port is for internal use, and no other usage is guaranteed.
+    service.beta.openshift.io/serving-cert-secret-name: networking-console-plugin-cert
+  labels:
+    app.kubernetes.io/component: networking-console-plugin
+    app.kubernetes.io/managed-by: cluster-network-operator
+    app.kubernetes.io/name: networking-console-plugin
+    app.kubernetes.io/part-of: cluster-network-operator
+  name: networking-console-plugin
+  namespace: openshift-network-operator
+spec:
+  ports:
+  - name: https
+    port: 9443
+    targetPort: https
+  selector:
+    app.kubernetes.io/component: networking-console-plugin
+    app.kubernetes.io/managed-by: cluster-network-operator
+    app.kubernetes.io/name: networking-console-plugin
+    app.kubernetes.io/part-of: cluster-network-operator
+  sessionAffinity: None

bindata/networking-console-plugin/004-console-plugin.yaml

@@ -0,0 +1,18 @@
+apiVersion: console.openshift.io/v1
+kind: ConsolePlugin
+metadata:
+  labels:
+    app.kubernetes.io/component: networking-console-plugin
+    app.kubernetes.io/managed-by: cluster-network-operator
+    app.kubernetes.io/name:  networking-console-plugin
+    app.kubernetes.io/part-of: cluster-network-operator
+  name:  networking-console-plugin
+spec:
+  backend:
+    service:
+      basePath: /
+      name:  networking-console-plugin
+      namespace: openshift-network-operator
+      port: 9443
+    type: Service
+  displayName: Networking Console Plugin

manifests/0000_70_cluster-network-operator_03_deployment-ibm-cloud-managed.yaml

@@ -96,6 +96,8 @@ spec:
           value: quay.io/openshift/origin-cloud-network-config-controller:latest
         - name: CLI_IMAGE
           value: quay.io/openshift/origin-cli:latest
+        - name: NETWORKING_CONSOLE_PLUGIN_IMAGE
+          value: quay.io/openshift/origin-networking-console-plugin:latest
         - name: POD_NAME
           valueFrom:
             fieldRef:

manifests/0000_70_cluster-network-operator_03_deployment.yaml

@@ -108,6 +108,8 @@ spec:
           value: "quay.io/openshift/origin-cloud-network-config-controller:latest"
         - name: CLI_IMAGE
           value: "quay.io/openshift/origin-cli:latest"
+        - name: NETWORKING_CONSOLE_PLUGIN_IMAGE
+          value: "quay.io/openshift/origin-networking-console-plugin:latest"
         - name: POD_NAME
           valueFrom:
             fieldRef:

manifests/image-references

@@ -74,3 +74,7 @@ spec:
     from:
       kind: DockerImage
       name: quay.io/openshift/origin-cli:latest
+  - name: networking-console-plugin
+    from:
+      kind: DockerImage
+      name: quay.io/openshift/origin-networking-console-plugin:latest

pkg/client/client.go

@@ -31,6 +31,7 @@ import (
 	operv1 "github.com/openshift/api/operator/v1"
 	netopv1 "github.com/openshift/cluster-network-operator/pkg/apis/network/v1"
 	mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
 	crclient "sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -46,6 +47,7 @@ func init() {
 	utilruntime.Must(machineapi.AddToScheme(scheme.Scheme))
 	utilruntime.Must(op_netopv1.Install(scheme.Scheme))
 	utilruntime.Must(mcfgv1.Install(scheme.Scheme))
+	utilruntime.Must(apiextensionsv1.AddToScheme(scheme.Scheme))
 }
 
 // OperatorClusterClient is a bag of holding for object clients & informers.

pkg/client/fake/fake_client.go

@@ -77,7 +77,7 @@ func isOpenShiftObject(obj crclient.Object) bool {
 	return false
 }
 
-// NewFakeClient creates a fake client with a backing store that contains the given objexts.
+// NewFakeClient creates a fake client with a backing store that contains the given objects.
 //
 // Note that, due to limitations in the test infrastructure, each client has an independent store.
 // This means that changes made in, say, the crclient, won't show up in the Dynamic client or the typed

pkg/client/types.go

@@ -61,3 +61,9 @@ type ClusterClient interface {
 
 	AddCustomInformer(inf cache.SharedInformer)
 }
+
+type JsonPatch struct {
+	Op    string      `json:"op"`
+	Path  string      `json:"path"`
+	Value interface{} `json:"value,omitempty"`
+}