-
Notifications
You must be signed in to change notification settings - Fork 310
/
config.go
138 lines (124 loc) · 5.44 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
package ocm
import (
"fmt"
"path"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
buildv1 "github.com/openshift/api/build/v1"
configv1 "github.com/openshift/api/config/v1"
openshiftcpv1 "github.com/openshift/api/openshiftcontrolplane/v1"
"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/common"
"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/kas"
"github.com/openshift/hypershift/support/api"
"github.com/openshift/hypershift/support/certs"
"github.com/openshift/hypershift/support/config"
"github.com/openshift/hypershift/support/util"
)
const (
configKey = "config.yaml"
)
func ReconcileOpenShiftControllerManagerConfig(cm *corev1.ConfigMap, ownerRef config.OwnerRef, deployerImage, dockerBuilderImage, minTLSVersion string, cipherSuites []string, imageConfig *configv1.ImageSpec, buildConfig *configv1.Build, networkConfig *configv1.NetworkSpec) error {
ownerRef.ApplyTo(cm)
if cm.Data == nil {
cm.Data = map[string]string{}
}
config := &openshiftcpv1.OpenShiftControllerManagerConfig{}
if configStr, exists := cm.Data[configKey]; exists && len(configStr) > 0 {
err := util.DeserializeResource(configStr, config, api.Scheme)
if err != nil {
return fmt.Errorf("unable to decode existing openshift controller manager configuration: %w", err)
}
}
if err := reconcileConfig(config, deployerImage, dockerBuilderImage, minTLSVersion, cipherSuites, imageConfig, buildConfig, networkConfig); err != nil {
return err
}
configStr, err := util.SerializeResource(config, api.Scheme)
if err != nil {
return fmt.Errorf("failed to serialize openshift controller manager configuration: %w", err)
}
cm.Data[configKey] = configStr
return nil
}
func reconcileConfig(cfg *openshiftcpv1.OpenShiftControllerManagerConfig, deployerImage, dockerBuilderImage, minTLSVersion string, cipherSuites []string, imageConfig *configv1.ImageSpec, buildConfig *configv1.Build, networkConfig *configv1.NetworkSpec) error {
cpath := func(volume, file string) string {
dir := volumeMounts.Path(ocmContainerMain().Name, volume)
return path.Join(dir, file)
}
cfg.TypeMeta = metav1.TypeMeta{
Kind: "OpenShiftControllerManagerConfig",
APIVersion: openshiftcpv1.GroupVersion.String(),
}
cfg.Build.ImageTemplateFormat.Format = dockerBuilderImage
cfg.Deployer.ImageTemplateFormat.Format = deployerImage
// registry config
cfg.DockerPullSecret.InternalRegistryHostname = config.DefaultImageRegistryHostname
if imageConfig != nil {
cfg.DockerPullSecret.RegistryURLs = imageConfig.ExternalRegistryHostnames
}
// build config
if hasBuildDefaults(buildConfig) {
cfg.Build.BuildDefaults = &openshiftcpv1.BuildDefaultsConfig{}
if buildConfig.Spec.BuildDefaults.GitProxy != nil {
cfg.Build.BuildDefaults.GitHTTPProxy = buildConfig.Spec.BuildDefaults.DefaultProxy.HTTPProxy
cfg.Build.BuildDefaults.GitHTTPSProxy = buildConfig.Spec.BuildDefaults.DefaultProxy.HTTPSProxy
cfg.Build.BuildDefaults.GitNoProxy = buildConfig.Spec.BuildDefaults.DefaultProxy.NoProxy
}
cfg.Build.BuildDefaults.Env = buildConfig.Spec.BuildDefaults.Env
for _, label := range buildConfig.Spec.BuildDefaults.ImageLabels {
cfg.Build.BuildDefaults.ImageLabels = append(cfg.Build.BuildDefaults.ImageLabels, buildv1.ImageLabel{
Name: label.Name,
Value: label.Value,
})
}
cfg.Build.BuildDefaults.Resources = buildConfig.Spec.BuildDefaults.Resources
} else {
cfg.Build.BuildDefaults = nil
}
if hasBuildOverrides(buildConfig) {
cfg.Build.BuildOverrides = &openshiftcpv1.BuildOverridesConfig{}
cfg.Build.BuildOverrides.ForcePull = buildConfig.Spec.BuildOverrides.ForcePull
for _, label := range buildConfig.Spec.BuildOverrides.ImageLabels {
cfg.Build.BuildOverrides.ImageLabels = append(cfg.Build.BuildOverrides.ImageLabels, buildv1.ImageLabel{
Name: label.Name,
Value: label.Value,
})
}
cfg.Build.BuildOverrides.NodeSelector = buildConfig.Spec.BuildOverrides.NodeSelector
cfg.Build.BuildOverrides.Tolerations = buildConfig.Spec.BuildOverrides.Tolerations
} else {
cfg.Build.BuildOverrides = nil
}
// network config
if networkConfig != nil && networkConfig.ExternalIP != nil && len(networkConfig.ExternalIP.AutoAssignCIDRs) > 0 {
cfg.Ingress.IngressIPNetworkCIDR = networkConfig.ExternalIP.AutoAssignCIDRs[0]
} else {
cfg.Ingress.IngressIPNetworkCIDR = ""
}
cfg.KubeClientConfig.KubeConfig = cpath(ocmVolumeKubeconfig().Name, kas.KubeconfigKey)
cfg.ServingInfo = &configv1.HTTPServingInfo{
ServingInfo: configv1.ServingInfo{
BindAddress: fmt.Sprintf("0.0.0.0:%d", servingPort),
CertInfo: configv1.CertInfo{
CertFile: cpath(ocmVolumeServingCert().Name, corev1.TLSCertKey),
KeyFile: cpath(ocmVolumeServingCert().Name, corev1.TLSPrivateKeyKey),
},
ClientCA: cpath(common.VolumeTotalClientCA().Name, certs.CASignerCertMapKey),
MinTLSVersion: minTLSVersion,
CipherSuites: cipherSuites,
},
}
return nil
}
func hasBuildDefaults(cfg *configv1.Build) bool {
return cfg.Spec.BuildDefaults.GitProxy != nil ||
len(cfg.Spec.BuildDefaults.Env) > 0 ||
len(cfg.Spec.BuildDefaults.ImageLabels) > 0 ||
len(cfg.Spec.BuildDefaults.Resources.Limits) > 0 ||
len(cfg.Spec.BuildDefaults.Resources.Requests) > 0
}
func hasBuildOverrides(cfg *configv1.Build) bool {
return len(cfg.Spec.BuildOverrides.ImageLabels) > 0 ||
len(cfg.Spec.BuildOverrides.NodeSelector) > 0 ||
len(cfg.Spec.BuildOverrides.Tolerations) > 0 ||
cfg.Spec.BuildOverrides.ForcePull != nil
}