From 0208648a4498043ecdc38812994ce125d4225d6e Mon Sep 17 00:00:00 2001 From: Anik Bhattacharjee Date: Thu, 26 Sep 2024 19:34:58 +0530 Subject: [PATCH] UPSTREAM: : Add hostPath mount for `/var/lib/kubelet` MCO makes the global pull secrets available in `/var/lib/kubelet`. Operator-controller will look for these secrets in `/etc/operator-controller` folder, ref [operator-controller:1303](https://github.com/operator-framework/operator-controller/pull/1303). This PR hostPath mounts the `/var/lib/kublet` directory from the host to the `/etc/operator-controller` directory in the container's filesystem. RFC: [OLMv1 Private registry support](https://docs.google.com/document/d/1BXD6kj5zXHcGiqvJOikU2xs8kV26TPnzEKp6n7TKD4M/edit?usp=sharing) Signed-off-by: Anik Bhattacharjee --- openshift/generate-manifests.sh | 2 +- openshift/kustomize/overlays/openshift/kustomization.yaml | 4 ++++ .../patches/manager_deployment_mount_auth_host.yaml | 6 ++++++ ...r-controller-operator-controller-controller-manager.yml | 7 +++++++ 4 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh index 0649a419a..a81b4b163 100755 --- a/openshift/generate-manifests.sh +++ b/openshift/generate-manifests.sh @@ -41,7 +41,7 @@ mkdir -p "${TMP_ROOT}/openshift" cp -a "${REPO_ROOT}/openshift/kustomize" "${TMP_ROOT}/openshift/kustomize" # Override OPENSHIFT-NAMESPACE to ${NAMESPACE} -find "${TMP_ROOT}" -name "*.yaml" -exec sed -i "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \; +find "${TMP_ROOT}" -name "*.yaml" -exec sed -i.tmp "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \; # Create a temp dir for manifests TMP_MANIFEST_DIR="${TMP_ROOT}/manifests" diff --git a/openshift/kustomize/overlays/openshift/kustomization.yaml b/openshift/kustomize/overlays/openshift/kustomization.yaml index 51af01a63..d66252446 100644 --- a/openshift/kustomize/overlays/openshift/kustomization.yaml +++ b/openshift/kustomize/overlays/openshift/kustomization.yaml @@ -22,4 +22,8 @@ patches: kind: Deployment name: controller-manager path: patches/manager_deployment_mount_etc_containers.yaml + - target: + kind: Deployment + name: controller-manager + path: patches/manager_deployment_mount_auth_host.yaml - path: patches/manager_namespace_privileged.yaml diff --git a/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml b/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml new file mode 100644 index 000000000..b1527df57 --- /dev/null +++ b/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/template/spec/volumes/- + value: {"name":"global-auth-file", "hostPath":{"path":"/var/lib/kubelet/config.json", "type": "File"}} +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: {"name":"global-auth-file", "readOnly": true, "mountPath":"/etc/operator-controller/auth.json"} diff --git a/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml b/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml index 1a033e9cf..0ff4277d7 100644 --- a/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml +++ b/openshift/manifests/18-deployment-openshift-operator-controller-operator-controller-controller-manager.yml @@ -81,6 +81,9 @@ spec: - mountPath: /etc/containers name: etc-containers readOnly: true + - mountPath: /etc/operator-controller/auth.json + name: global-auth-file + readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ @@ -122,4 +125,8 @@ spec: path: /etc/containers type: Directory name: etc-containers + - hostPath: + path: /var/lib/kubelet/config.json + type: File + name: global-auth-file priorityClassName: system-cluster-critical