Skip to content

Conversation

anik120
Copy link
Contributor

@anik120 anik120 commented Sep 26, 2024

MCO makes the global pull secrets available in /var/lib/kubelet. Operator-controller will look for these secrets in /etc/operator-controller folder, ref operator-controller:1303.

This PR hostPath mounts the /var/lib/kublet directory from the host to the /etc/operator-controller directory in the container's filesystem.

RFC: OLMv1 Private registry support

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Sep 26, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Sep 26, 2024

@anik120: This pull request references OPRUN-3554 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

MCO makes the global pull secrets available in /var/lib/kubelet. Operator-controller will look for these secrets in /etc/operator-controller folder, ref operator-controller:1303.

This PR hostPath mounts the /var/lib/kublet directory from the host to the /etc/operator-controller directory in the container's filesystem.

RFC: OLMv1 Private registry support

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from oceanc80 and tmshort September 26, 2024 14:12
@anik120 anik120 force-pushed the mount-auth-from-host branch from 6ce7490 to a13a452 Compare September 26, 2024 14:17
@anik120
Copy link
Contributor Author

anik120 commented Sep 26, 2024

/test verify-commits

I'm not sure why this target is failing? The logs say that the pod failed to come up, that doesn't sound like I did anything wrong? 🤷🏽‍♂️

@joelanford
Copy link
Member

I'm not sure why this target is failing?

Need to add UPSTREAM: <carry>: as the prefix of the commit message(s).


# Override OPENSHIFT-NAMESPACE to ${NAMESPACE}
find "${TMP_ROOT}" -name "*.yaml" -exec sed -i "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \;
find "${TMP_ROOT}" -name "*.yaml" -exec "$SED_CMD" -i "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \;
Copy link
Contributor

@tmshort tmshort Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
find "${TMP_ROOT}" -name "*.yaml" -exec "$SED_CMD" -i "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \;
find "${TMP_ROOT}" -name "*.yaml" -exec sed -i.tmp "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \;

Copy link
Contributor

@tmshort tmshort Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because blank arguments are a bit weird, I went the safe route and just specified the backup file for everything. I checked, and this works on macOS and Fedora. Since the files are in ${TMP_ROOT} having a backup is ok, and will be cleaned up when ${TMP_ROOT} is deleted.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aha. TIL. Updated.

Copy link
Contributor

@tmshort tmshort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The macOS compatibility fix is a lot easier than presented.

@@ -0,0 +1,6 @@
- op: add
path: /spec/template/spec/volumes/-
value: {"name":"auth-from-host", "hostPath":{"path":"/var/lib/kubelet", "type": "Directory"}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
value: {"name":"auth-from-host", "hostPath":{"path":"/var/lib/kubelet", "type": "Directory"}}
value: {"name":"global-auth-file", "hostPath":{"path":"/var/lib/kubelet/config.json", "type": "File"}}

value: {"name":"auth-from-host", "hostPath":{"path":"/var/lib/kubelet", "type": "Directory"}}
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-
value: {"name":"auth-from-host", "readOnly": true, "mountPath":"/etc/operator-controller"}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
value: {"name":"auth-from-host", "readOnly": true, "mountPath":"/etc/operator-controller"}
value: {"name":"global-auth-file", "readOnly": true, "mountPath":"/etc/operator-controller/auth.json"}

@anik120 anik120 force-pushed the mount-auth-from-host branch from a13a452 to 045f690 Compare September 26, 2024 17:43
@anik120 anik120 changed the title OPRUN-3554: Add hostPath mount for /var/lib/kubelet OPRUN-3554: UPSTREAM:<carry>:Add hostPath mount for /var/lib/kubelet Sep 26, 2024
@anik120 anik120 force-pushed the mount-auth-from-host branch 3 times, most recently from c02bfae to e65a2cc Compare September 26, 2024 17:49
MCO makes the global pull secrets available in `/var/lib/kubelet`.
Operator-controller will look for these secrets in `/etc/operator-controller`
folder, ref [operator-controller:1303](operator-framework/operator-controller#1303).

This PR hostPath mounts the `/var/lib/kublet` directory from the host to the
`/etc/operator-controller` directory in the container's filesystem.

RFC: [OLMv1 Private registry support](https://docs.google.com/document/d/1BXD6kj5zXHcGiqvJOikU2xs8kV26TPnzEKp6n7TKD4M/edit?usp=sharing)
Signed-off-by: Anik Bhattacharjee <anbhatta@redhat.com>
@anik120 anik120 force-pushed the mount-auth-from-host branch from e65a2cc to 0208648 Compare September 26, 2024 17:53
@anik120 anik120 changed the title OPRUN-3554: UPSTREAM:<carry>:Add hostPath mount for /var/lib/kubelet OPRUN-3554: UPSTREAM: <carry>: Add hostPath mount for /var/lib/kubelet Sep 26, 2024
Copy link
Contributor

@everettraven everettraven left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 26, 2024
Copy link
Contributor

openshift-ci bot commented Sep 26, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anik120, everettraven

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 26, 2024
Copy link
Contributor

openshift-ci bot commented Sep 26, 2024

@anik120: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot bot merged commit ddffae9 into openshift:main Sep 26, 2024
9 checks passed
@openshift-bot
Copy link

[ART PR BUILD NOTIFIER]

Distgit: ose-olm-operator-controller
This PR has been included in build ose-olm-operator-controller-container-v4.18.0-202409262111.p0.gddffae9.assembly.stream.el9.
All builds following this will include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants