HOSTEDCP-591: Amend OLM catalog IS according to OpenShiftImageRegistryOverrides

[tiraboschi]

What this PR does / why we need it:
Amend the image address used for the imageStreams
used for the OLM catalog source according to the value
of OpenShiftImageRegistryOverrides as genetically used
in the control plane operator in order to handle the disconnected use case.
This will implicitly assume that the images used for
the 4 default OLM catalogs got mirrored to the internal registry
using the original name and tag.

An annotation based escape mechanism is also defined:
the owner of the hostedcluster will be able to inject custom
addresses (only by digest) for the catalog images.
In that case the imageStream mechanism is completely skipped
and the catalog deployments are directly with the values
in the annotations.
It will be completely up to the user to manually refresh
them when the internal mirror will get refreshed.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes https://issues.redhat.com/browse/HOSTEDCP-591

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

[netlify]

✅ Deploy Preview for hypershift-docs ready!

Name	Link
🔨 Latest commit	01b4580
🔍 Latest deploy log	https://app.netlify.com/sites/hypershift-docs/deploys/64f5f0ed20786d00083eee81
😎 Deploy Preview	https://deploy-preview-2947--hypershift-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[tiraboschi]

/retest

[csrwng]

Some comments, thx!

[csrwng]

instead of doing a string check, I'd rather parse the image ref and match the registry exactly, using reference.Parse() from

hypershift/support/thirdparty/library-go/pkg/image/reference/reference.go

Line 32 in 8b4b529

func Parse(spec string) (DockerImageReference, error) {

then replace the registry in the reference object

[tiraboschi]

This is a bit ambiguous: reference.Parse("registry.redhat.io/redhat/redhat-operator-index:v4.14") will return a DockerImageReference where Registry=registry.redhat.io and Namespace=redhat but (probably) we don't want to replace just the registry forcing the customers to keep using the same namespace in their mirrored registry.

And indeed in the cmd help of the control-plane-operator (see: https://github.com/openshift/hypershift/blob/main/control-plane-operator/main.go#L177 ) we say:
Images before being applied are scanned for the source registry string and if found the string is replaced with the destination registry string.

which is exactly what is done in:

hypershift/support/releaseinfo/registry_image_content_policies.go

Lines 26 to 28 in 068f642

	if strings.Contains(image, registrySource) {
	for _, registryReplacement := range registryDest {
	image = strings.Replace(image, registrySource, registryReplacement, 1)

I'm not directly calling that method since here we lack the pullSecret that is used to validate the replacement upfront, but at least the implementation is coherent.

[csrwng]

/approve

[tiraboschi]

/test e2e-aws

[tiraboschi]

/test e2e-kubevirt-aws-ovn

[bryan-cox]

Updating the title so the Jira ticket is linked and the label is added. This is going to be required soon "DPTP will be adding the requirement of PRs having a jira/valid-reference label for a PR to merge. Currently PRs will get this label added automatically by referencing a Jira in their title...".

/retitle HOSTEDCP-591: Amend OLM catalog IS according to OpenShiftImageRegistryOverrides

[openshift-ci-robot]

@tiraboschi: This pull request references HOSTEDCP-591 which is a valid jira issue.

In response to this:

What this PR does / why we need it:
Amend the image address used for the imageStreams
used for the OLM catalog source according to the value
of OpenShiftImageRegistryOverrides as genetically used
in the control plane operator in order to handle the disconnected use case.
This will implicitly assume that the images used for
the 4 default OLM catalogs got mirrored to the internal registry
using the original name and tag.

An annotation based escape mechanism is also defined:
the owner of the hostedcluster will be able to inject custom
addresses (only by digest) for the catalog images.
In that case the imageStream mechanism is completely skipped
and the catalog deployments are directly with the values
in the annotations.
It will be completely up to the user to manually refresh
them when the internal mirror will get refreshed.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes https://issues.redhat.com/browse/HOSTEDCP-591

Checklist

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[bryan-cox]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox, csrwng, tiraboschi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [csrwng]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 32f3ced and 2 for PR HEAD 5af4213 in total

[openshift-ci]

@tiraboschi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ibmcloud-iks	5af4213	link	false	/test e2e-ibmcloud-iks
ci/prow/e2e-ibmcloud-roks	5af4213	link	false	/test e2e-ibmcloud-roks

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 8c24b8c and 1 for PR HEAD 5af4213 in total