Merge pull request #388 from gkurz/revert-385

Revert "Merge pull request #385 from openshift/1.6-bump"
openshift · Apr 3, 2024 · bb538b1 · bb538b1
2 parents 1082483 + f59926a
commit bb538b1
Show file tree

Hide file tree

Showing 35 changed files with 792 additions and 3,481 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,7 +15,6 @@ COPY main.go main.go
 COPY api api/
 COPY config config/
 COPY controllers controllers/
-COPY internal internal/
 
 RUN go mod download
 # needed for docker build but not for local builds

diff --git a/PROJECT b/PROJECT
@@ -1,7 +1,3 @@
-# Code generated by tool. DO NOT EDIT.
-# This file is used to track the info used to scaffold your project
-# and allow the plugins properly work.
-# More info: https://book.kubebuilder.io/reference/project-config.html
 domain: kataconfiguration.openshift.io
 layout:
 - go.kubebuilder.io/v3
@@ -12,9 +8,9 @@ projectName: sandboxed-containers-operator
 repo: github.com/openshift/sandboxed-containers-operator
 resources:
 - group: confidentialcontainers
+  version: v1alpha1
   kind: PeerPodConfig
   path: github.com/confidential-containers/cloud-api-adaptor/peerpodconfig-ctrl/api/v1alpha1
-  version: v1alpha1
 - controller: true
   domain: kataconfiguration.openshift.io
   group: kataconfiguration
@@ -32,9 +28,4 @@ resources:
   kind: PeerPod
   path: github.com/confidential-containers/cloud-api-adaptor/peerpod-ctrl/api/v1alpha1
   version: v1alpha1
-- controller: true
-  group: core
-  kind: Secret
-  path: k8s.io/api/core/v1
-  version: v1
 version: "3"
diff --git a/api/v1/kataconfig_webhook.go b/api/v1/kataconfig_webhook.go
@@ -19,14 +19,12 @@ package v1
 import (
 	"context"
 	"fmt"
-
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
-	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 var (
@@ -51,36 +49,36 @@ func (r *KataConfig) SetupWebhookWithManager(mgr ctrl.Manager) error {
 var _ webhook.Validator = &KataConfig{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *KataConfig) ValidateCreate() (admission.Warnings, error) {
+func (r *KataConfig) ValidateCreate() error {
 	kataconfiglog.Info("validate create", "name", r.Name)
 
 	kataConfigList := &KataConfigList{}
 	listOpts := []client.ListOption{
 		client.InNamespace(corev1.NamespaceAll),
 	}
 	if err := clientInst.List(context.TODO(), kataConfigList, listOpts...); err != nil {
-		return nil, fmt.Errorf("Failed to list KataConfig custom resources: %v", err)
+		return fmt.Errorf("Failed to list KataConfig custom resources: %v", err)
 	}
 
 	if len(kataConfigList.Items) == 1 {
-		return nil, fmt.Errorf("A KataConfig instance already exists, refusing to create a duplicate")
+		return fmt.Errorf("A KataConfig instance already exists, refusing to create a duplicate")
 	}
 
-	return nil, nil
+	return nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *KataConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
+func (r *KataConfig) ValidateUpdate(old runtime.Object) error {
 	kataconfiglog.Info("validate update", "name", r.Name)
 
 	// TODO(user): fill in your validation logic upon object update.
-	return nil, nil
+	return nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *KataConfig) ValidateDelete() (admission.Warnings, error) {
+func (r *KataConfig) ValidateDelete() error {
 	kataconfiglog.Info("validate delete", "name", r.Name)
 
 	// TODO(user): fill in your validation logic upon object deletion.
-	return nil, nil
+	return nil
 }
diff --git a/bundle-custom.Dockerfile b/bundle-custom.Dockerfile
@@ -10,7 +10,6 @@ COPY go.sum go.sum
 COPY api api/
 COPY config config/
 COPY controllers controllers/
-COPY internal internal/
 
 RUN go mod download
 # needed for docker build but not for local builds

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -35,68 +35,66 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       tolerations:
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/master
-          operator: Exists
-        - effect: NoExecute
-          key: node.kubernetes.io/unreachable
-          operator: Exists
-          tolerationSeconds: 120
-        - effect: NoExecute
-          key: node.kubernetes.io/not-ready
-          operator: Exists
-          tolerationSeconds: 120
-        - effect: NoSchedule
-          key: node.kubernetes.io/memory-pressure
-          operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
+      - effect: NoExecute
+        key: node.kubernetes.io/unreachable
+        operator: Exists
+        tolerationSeconds: 120
+      - effect: NoExecute
+        key: node.kubernetes.io/not-ready
+        operator: Exists
+        tolerationSeconds: 120
+      - effect: NoSchedule
+        key: node.kubernetes.io/memory-pressure
+        operator: Exists
       volumes:
-        - name: ssh
-          secret:
-            defaultMode: 384
-            optional: true
-            secretName: ssh-key-secret
+      - name: ssh
+        secret:
+          defaultMode: 384
+          optional: true
+          secretName: ssh-key-secret
       containers:
-        - command:
-            - /manager
-          args:
-            - --enable-leader-election
-          volumeMounts:
-            - mountPath: /root/.ssh/
-              name: ssh
-              readOnly: true
-          envFrom:
-            - secretRef:
-                name: peer-pods-secret
-                optional: true
-            - configMapRef:
-                name: peer-pods-cm
-                optional: true
-          image: controller:latest
-          name: manager
-          env:
-            - name: PEERPODS_NAMESPACE
-              value: "openshift-sandboxed-containers-operator"
-            - name: RELATED_IMAGE_KATA_MONITOR
-              value: quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-monitor:latest
-            - name: SANDBOXED_CONTAINERS_EXTENSION
-              value: kata-containers
-            - name: RELATED_IMAGE_CAA
-              value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9:latest
-            - name: RELATED_IMAGE_PEERPODS_WEBHOOK
-              value: "quay.io/confidential-containers/peer-pods-webhook:latest"
-            - name: RELATED_IMAGE_PODVM_BUILDER
-              value: "quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-podvm-builder:latest"
-          imagePullPolicy: Always
-          resources:
-            limits:
-              cpu: 200m
-              memory: 256Mi
-            requests:
-              cpu: 100m
-              memory: 40Mi
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
+      - command:
+        - /manager
+        args:
+        - --enable-leader-election
+        volumeMounts:
+        - mountPath: /root/.ssh/
+          name: ssh
+          readOnly: true
+        envFrom:
+        - secretRef:
+            name: peer-pods-secret
+            optional: true
+        - configMapRef:
+            name: peer-pods-cm
+            optional: true
+        image: controller:latest
+        name: manager
+        env:
+        - name: PEERPODS_NAMESPACE
+          value: "openshift-sandboxed-containers-operator"
+        - name: RELATED_IMAGE_KATA_MONITOR
+          value: quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-monitor:latest
+        - name: SANDBOXED_CONTAINERS_EXTENSION
+          value: kata-containers
+        - name: RELATED_IMAGE_CAA
+          value: registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9:latest
+        - name: RELATED_IMAGE_PEERPODS_WEBHOOK
+          value: "quay.io/confidential-containers/peer-pods-webhook:latest" 
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: 200m
+            memory: 100Mi
+          requests:
+            cpu: 100m
+            memory: 40Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
       terminationGracePeriodSeconds: 10
diff --git a/config/peerpods/credentials-requests/credentials_request_aws.yaml b/config/peerpods/credentials-requests/credentials_request_aws.yaml
diff --git a/config/peerpods/credentials-requests/credentials_request_azure.yaml b/config/peerpods/credentials-requests/credentials_request_azure.yaml
diff --git a/config/peerpods/local/configuration-remote.toml b/config/peerpods/local/configuration-remote.toml
@@ -565,13 +565,6 @@ experimental=[]
 # (default: false)
 service_offload = true
 
-# Image request timeout in seconds.
-# If specified, indicates the image request timeout in the guest needed for the workload(s)
-# If unspecified then it will be set @DEFIMAGEREQUESTTIMEOUT@ second(s)
-# to reduce image pull failures caused by network problems and quickly obtain request failure information at the same time.
-
-image_request_timeout = 900
-
 # Container image decryption keys provisioning.
 # Applies only if service_offload is true.
 # Keys can be provisioned locally (e.g. through a special command or