diff --git a/images/virt-artifact/patches/014-delete-apiserver.patch b/images/virt-artifact/patches/014-delete-apiserver.patch index 59c3505fb..e07c16157 100644 --- a/images/virt-artifact/patches/014-delete-apiserver.patch +++ b/images/virt-artifact/patches/014-delete-apiserver.patch @@ -1,8 +1,8 @@ diff --git a/pkg/virt-operator/application.go b/pkg/virt-operator/application.go -index 323d0e34b..f4d52e4db 100644 +index 7d18599755..47b4880c38 100644 --- a/pkg/virt-operator/application.go +++ b/pkg/virt-operator/application.go -@@ -207,7 +207,6 @@ func Execute() { +@@ -188,7 +188,6 @@ func Execute() { DaemonSet: app.informerFactory.OperatorDaemonSet(), ValidationWebhook: app.informerFactory.OperatorValidationWebhook(), MutatingWebhook: app.informerFactory.OperatorMutatingWebhook(), @@ -10,7 +10,7 @@ index 323d0e34b..f4d52e4db 100644 InstallStrategyConfigMap: app.informerFactory.OperatorInstallStrategyConfigMaps(), InstallStrategyJob: app.informerFactory.OperatorInstallStrategyJob(), InfrastructurePod: app.informerFactory.OperatorPod(), -@@ -229,7 +228,6 @@ func Execute() { +@@ -212,7 +211,6 @@ func Execute() { DaemonSetCache: app.informerFactory.OperatorDaemonSet().GetStore(), ValidationWebhookCache: app.informerFactory.OperatorValidationWebhook().GetStore(), MutatingWebhookCache: app.informerFactory.OperatorMutatingWebhook().GetStore(), @@ -19,10 +19,10 @@ index 323d0e34b..f4d52e4db 100644 InstallStrategyJobCache: app.informerFactory.OperatorInstallStrategyJob().GetStore(), InfrastructurePodCache: app.informerFactory.OperatorPod().GetStore(), diff --git a/pkg/virt-operator/kubevirt.go b/pkg/virt-operator/kubevirt.go -index 9152959b4..aff0b023a 100644 +index f795654f5c..9e9ae4f7da 100644 --- a/pkg/virt-operator/kubevirt.go +++ b/pkg/virt-operator/kubevirt.go -@@ -93,7 +93,6 @@ func NewKubeVirtController( +@@ -89,7 +89,6 @@ func NewKubeVirtController( workqueue.NewItemExponentialFailureRateLimiter(5*time.Second, 1000*time.Second), &workqueue.BucketRateLimiter{Limiter: rate.NewLimiter(rate.Every(5*time.Second), 1)}, ) @@ -30,18 +30,18 @@ index 9152959b4..aff0b023a 100644 c := KubeVirtController{ clientset: clientset, aggregatorClient: aggregatorClient, -@@ -114,7 +113,6 @@ func NewKubeVirtController( - DaemonSet: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("DaemonSet")), - ValidationWebhook: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("ValidationWebhook")), - MutatingWebhook: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("MutatingWebhook")), -- APIService: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("APIService")), - SCC: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("SCC")), - Route: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("Route")), - InstallStrategyConfigMap: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("InstallStrategyConfigMap")), -@@ -318,21 +316,6 @@ func NewKubeVirtController( +@@ -110,7 +109,6 @@ func NewKubeVirtController( + DaemonSet: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("DaemonSet")), + ValidationWebhook: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("ValidationWebhook")), + MutatingWebhook: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("MutatingWebhook")), +- APIService: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("APIService")), + SCC: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("SCC")), + Route: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("Route")), + InstallStrategyConfigMap: controller.NewUIDTrackingControllerExpectations(controller.NewControllerExpectationsWithName("InstallStrategyConfigMap")), +@@ -316,21 +314,6 @@ func NewKubeVirtController( return nil, err } - + - _, err = c.informers.APIService.AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { - c.genericAddHandler(obj, c.kubeVirtExpectations.APIService) @@ -61,19 +61,19 @@ index 9152959b4..aff0b023a 100644 AddFunc: func(obj interface{}) { c.sccAddHandler(obj, c.kubeVirtExpectations.SCC) diff --git a/pkg/virt-operator/kubevirt_test.go b/pkg/virt-operator/kubevirt_test.go -index e42648749..dbd20d23c 100644 +index 0d916a4cc1..d89984013a 100644 --- a/pkg/virt-operator/kubevirt_test.go +++ b/pkg/virt-operator/kubevirt_test.go -@@ -211,8 +211,6 @@ func (k *KubeVirtTestData) BeforeTest() { +@@ -217,8 +217,6 @@ func (k *KubeVirtTestData) BeforeTest() { k.stores.ValidationWebhookCache = k.informers.ValidationWebhook.GetStore() k.informers.MutatingWebhook, k.mutatingWebhookSource = testutils.NewFakeInformerFor(&admissionregistrationv1.MutatingWebhookConfiguration{}) k.stores.MutatingWebhookCache = k.informers.MutatingWebhook.GetStore() - k.informers.APIService, k.apiserviceSource = testutils.NewFakeInformerFor(&apiregv1.APIService{}) - k.stores.APIServiceCache = k.informers.APIService.GetStore() - + k.informers.SCC, k.sccSource = testutils.NewFakeInformerFor(&secv1.SecurityContextConstraints{}) k.stores.SCCCache = k.informers.SCC.GetStore() -@@ -506,8 +504,6 @@ func (k *KubeVirtTestData) deleteResource(resource string, key string) { +@@ -551,8 +549,6 @@ func (k *KubeVirtTestData) deleteResource(resource string, key string) { k.deleteValidationWebhook(key) case "mutatingwebhookconfigurations": k.deleteMutatingWebhook(key) @@ -82,10 +82,10 @@ index e42648749..dbd20d23c 100644 case "jobs": k.deleteInstallStrategyJob(key) case "configmaps": -@@ -621,14 +617,6 @@ func (k *KubeVirtTestData) deleteMutatingWebhook(key string) { +@@ -670,14 +666,6 @@ func (k *KubeVirtTestData) deleteMutatingWebhook(key string) { k.mockQueue.Wait() } - + -func (k *KubeVirtTestData) deleteAPIService(key string) { - k.mockQueue.ExpectAdds(1) - if obj, exists, _ := k.informers.APIService.GetStore().GetByKey(key); exists { @@ -97,10 +97,10 @@ index e42648749..dbd20d23c 100644 func (k *KubeVirtTestData) deleteInstallStrategyJob(key string) { k.mockQueue.ExpectAdds(1) if obj, exists, _ := k.informers.InstallStrategyJob.GetStore().GetByKey(key); exists { -@@ -1312,12 +1300,6 @@ func (k *KubeVirtTestData) addAllWithExclusionMap(config *util.KubeVirtDeploymen +@@ -1401,12 +1389,6 @@ func (k *KubeVirtTestData) addAllWithExclusionMap(config *util.KubeVirtDeploymen } all = append(all, mutatingWebhook) - + - apiServices := components.NewVirtAPIAPIServices(config.GetNamespace()) - for _, apiService := range apiServices { - apiService.Spec.CABundle = caBundle @@ -110,7 +110,7 @@ index e42648749..dbd20d23c 100644 validatingWebhook = components.NewOpertorValidatingWebhookConfiguration(NAMESPACE) for i := range validatingWebhook.Webhooks { validatingWebhook.Webhooks[i].ClientConfig.CABundle = caBundle -@@ -3138,7 +3120,6 @@ func syncCaches(stop chan struct{}, kvInformer cache.SharedIndexInformer, inform +@@ -3188,7 +3170,6 @@ func syncCaches(stop chan struct{}, kvInformer cache.SharedIndexInformer, inform go informers.DaemonSet.Run(stop) go informers.ValidationWebhook.Run(stop) go informers.MutatingWebhook.Run(stop) @@ -118,7 +118,7 @@ index e42648749..dbd20d23c 100644 go informers.SCC.Run(stop) go informers.InstallStrategyJob.Run(stop) go informers.InstallStrategyConfigMap.Run(stop) -@@ -3164,7 +3145,6 @@ func syncCaches(stop chan struct{}, kvInformer cache.SharedIndexInformer, inform +@@ -3214,7 +3195,6 @@ func syncCaches(stop chan struct{}, kvInformer cache.SharedIndexInformer, inform cache.WaitForCacheSync(stop, informers.DaemonSet.HasSynced) cache.WaitForCacheSync(stop, informers.ValidationWebhook.HasSynced) cache.WaitForCacheSync(stop, informers.MutatingWebhook.HasSynced) @@ -128,7 +128,7 @@ index e42648749..dbd20d23c 100644 cache.WaitForCacheSync(stop, informers.InstallStrategyConfigMap.HasSynced) diff --git a/pkg/virt-operator/resource/apply/apiservices.go b/pkg/virt-operator/resource/apply/apiservices.go deleted file mode 100644 -index 6d741321e..000000000 +index 6d741321e4..0000000000 --- a/pkg/virt-operator/resource/apply/apiservices.go +++ /dev/null @@ -1,92 +0,0 @@ @@ -225,13 +225,13 @@ index 6d741321e..000000000 - return nil -} diff --git a/pkg/virt-operator/resource/apply/core.go b/pkg/virt-operator/resource/apply/core.go -index 4d507f615..3315598a3 100644 +index 6cc363548f..66a5b1dce5 100644 --- a/pkg/virt-operator/resource/apply/core.go +++ b/pkg/virt-operator/resource/apply/core.go @@ -363,12 +363,6 @@ func (r *Reconciler) createOrUpdateComponentsWithCertificates(queue workqueue.Ra return err } - + - // create/update APIServices - err = r.createOrUpdateAPIServices(caBundle) - if err != nil { @@ -242,7 +242,7 @@ index 4d507f615..3315598a3 100644 err = r.createOrUpdateRoutes(caBundle) if err != nil { diff --git a/pkg/virt-operator/resource/apply/delete.go b/pkg/virt-operator/resource/apply/delete.go -index d2c8b96f5..ecea83a7b 100644 +index aaa62f9962..758474ac36 100644 --- a/pkg/virt-operator/resource/apply/delete.go +++ b/pkg/virt-operator/resource/apply/delete.go @@ -36,7 +36,6 @@ import ( @@ -250,13 +250,13 @@ index d2c8b96f5..ecea83a7b 100644 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - apiregv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" - + v1 "kubevirt.io/api/core/v1" "kubevirt.io/client-go/kubecli" @@ -215,25 +214,6 @@ func DeleteAll(kv *v1.KubeVirt, } } - + - // delete apiservices - objects = stores.APIServiceCache.List() - for _, obj := range objects { @@ -280,10 +280,10 @@ index d2c8b96f5..ecea83a7b 100644 objects = stores.ServiceCache.List() for _, obj := range objects { diff --git a/pkg/virt-operator/resource/apply/patches.go b/pkg/virt-operator/resource/apply/patches.go -index 2bd0c313d..e9cd7d820 100644 +index 1ac284f0a4..4356c6e870 100644 --- a/pkg/virt-operator/resource/apply/patches.go +++ b/pkg/virt-operator/resource/apply/patches.go -@@ -140,10 +140,6 @@ func (c *Customizer) Apply(targetStrategy *install.Strategy) error { +@@ -140,10 +140,6 @@ func (c *Customizer) Apply(targetStrategy install.StrategyInterface) error { if err != nil { return err } @@ -303,13 +303,13 @@ index 61c04595ea..2b31e9f5e8 100644 "k8s.io/client-go/tools/record" "k8s.io/client-go/util/workqueue" - apiregv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" - + v1 "kubevirt.io/api/core/v1" "kubevirt.io/client-go/kubecli" @@ -886,31 +885,6 @@ func (r *Reconciler) deleteObjectsNotInInstallStrategy() error { } } - + - // remove unused APIServices - objects = r.stores.APIServiceCache.List() - for _, obj := range objects { @@ -340,7 +340,7 @@ index 61c04595ea..2b31e9f5e8 100644 for _, obj := range objects { diff --git a/pkg/virt-operator/resource/generate/components/apiservices.go b/pkg/virt-operator/resource/generate/components/apiservices.go deleted file mode 100644 -index cde0dbfc1..000000000 +index cde0dbfc14..0000000000 --- a/pkg/virt-operator/resource/generate/components/apiservices.go +++ /dev/null @@ -1,44 +0,0 @@ @@ -390,7 +390,7 @@ index cde0dbfc1..000000000 -} diff --git a/pkg/virt-operator/resource/generate/components/apiservices_test.go b/pkg/virt-operator/resource/generate/components/apiservices_test.go deleted file mode 100644 -index 8cef02889..000000000 +index 8cef02889b..0000000000 --- a/pkg/virt-operator/resource/generate/components/apiservices_test.go +++ /dev/null @@ -1,19 +0,0 @@ @@ -436,7 +436,7 @@ index f40ae821ef..9768c7d720 100644 @@ -210,10 +208,6 @@ func (ins *Strategy) MutatingWebhookConfigurations() []*admissionregistrationv1. return ins.mutatingWebhookConfigurations } - + -func (ins *Strategy) APIServices() []*apiregv1.APIService { - return ins.apiServices -} @@ -455,7 +455,7 @@ index f40ae821ef..9768c7d720 100644 marshalutil.MarshallObject(entry, writer) } @@ -590,7 +581,6 @@ func GenerateCurrentInstallStrategy(config *operatorutil.KubeVirtDeploymentConfi - + strategy.daemonSets = append(strategy.daemonSets, handler) strategy.sccs = append(strategy.sccs, components.GetAllSCC(config.GetNamespace())...) - strategy.apiServices = components.NewVirtAPIAPIServices(config.GetNamespace()) @@ -476,18 +476,18 @@ index f40ae821ef..9768c7d720 100644 secret := &corev1.Secret{} if err := yaml.Unmarshal([]byte(entry), &secret); err != nil { diff --git a/pkg/virt-operator/util/types.go b/pkg/virt-operator/util/types.go -index 96a2a98da..edbfc5fc1 100644 +index faaa38093c..2a306c1d42 100644 --- a/pkg/virt-operator/util/types.go +++ b/pkg/virt-operator/util/types.go @@ -39,7 +39,6 @@ type Stores struct { - DaemonSetCache cache.Store - ValidationWebhookCache cache.Store - MutatingWebhookCache cache.Store -- APIServiceCache cache.Store - SCCCache cache.Store - RouteCache cache.Store - InstallStrategyConfigMapCache cache.Store -@@ -68,7 +67,6 @@ func (s *Stores) AllEmpty() bool { + DaemonSetCache cache.Store + ValidationWebhookCache cache.Store + MutatingWebhookCache cache.Store +- APIServiceCache cache.Store + SCCCache cache.Store + RouteCache cache.Store + InstallStrategyConfigMapCache cache.Store +@@ -74,7 +73,6 @@ func (s *Stores) AllEmpty() bool { IsStoreEmpty(s.DaemonSetCache) && IsStoreEmpty(s.ValidationWebhookCache) && IsStoreEmpty(s.MutatingWebhookCache) && @@ -495,23 +495,23 @@ index 96a2a98da..edbfc5fc1 100644 IsStoreEmpty(s.PodDisruptionBudgetCache) && IsSCCStoreEmpty(s.SCCCache) && IsStoreEmpty(s.RouteCache) && -@@ -114,7 +112,6 @@ type Expectations struct { - DaemonSet *controller.UIDTrackingControllerExpectations - ValidationWebhook *controller.UIDTrackingControllerExpectations - MutatingWebhook *controller.UIDTrackingControllerExpectations -- APIService *controller.UIDTrackingControllerExpectations - SCC *controller.UIDTrackingControllerExpectations - Route *controller.UIDTrackingControllerExpectations - InstallStrategyConfigMap *controller.UIDTrackingControllerExpectations -@@ -138,7 +135,6 @@ type Informers struct { - DaemonSet cache.SharedIndexInformer - ValidationWebhook cache.SharedIndexInformer - MutatingWebhook cache.SharedIndexInformer -- APIService cache.SharedIndexInformer - SCC cache.SharedIndexInformer - Route cache.SharedIndexInformer - InstallStrategyConfigMap cache.SharedIndexInformer -@@ -164,7 +160,6 @@ func (e *Expectations) DeleteExpectations(key string) { +@@ -122,7 +120,6 @@ type Expectations struct { + DaemonSet *controller.UIDTrackingControllerExpectations + ValidationWebhook *controller.UIDTrackingControllerExpectations + MutatingWebhook *controller.UIDTrackingControllerExpectations +- APIService *controller.UIDTrackingControllerExpectations + SCC *controller.UIDTrackingControllerExpectations + Route *controller.UIDTrackingControllerExpectations + InstallStrategyConfigMap *controller.UIDTrackingControllerExpectations +@@ -148,7 +145,6 @@ type Informers struct { + DaemonSet cache.SharedIndexInformer + ValidationWebhook cache.SharedIndexInformer + MutatingWebhook cache.SharedIndexInformer +- APIService cache.SharedIndexInformer + SCC cache.SharedIndexInformer + Route cache.SharedIndexInformer + InstallStrategyConfigMap cache.SharedIndexInformer +@@ -178,7 +174,6 @@ func (e *Expectations) DeleteExpectations(key string) { e.DaemonSet.DeleteExpectations(key) e.ValidationWebhook.DeleteExpectations(key) e.MutatingWebhook.DeleteExpectations(key) @@ -519,7 +519,7 @@ index 96a2a98da..edbfc5fc1 100644 e.SCC.DeleteExpectations(key) e.Route.DeleteExpectations(key) e.InstallStrategyConfigMap.DeleteExpectations(key) -@@ -188,7 +183,6 @@ func (e *Expectations) ResetExpectations(key string) { +@@ -204,7 +199,6 @@ func (e *Expectations) ResetExpectations(key string) { e.DaemonSet.SetExpectations(key, 0, 0) e.ValidationWebhook.SetExpectations(key, 0, 0) e.MutatingWebhook.SetExpectations(key, 0, 0) @@ -527,7 +527,7 @@ index 96a2a98da..edbfc5fc1 100644 e.SCC.SetExpectations(key, 0, 0) e.Route.SetExpectations(key, 0, 0) e.InstallStrategyConfigMap.SetExpectations(key, 0, 0) -@@ -212,7 +206,6 @@ func (e *Expectations) SatisfiedExpectations(key string) bool { +@@ -230,7 +224,6 @@ func (e *Expectations) SatisfiedExpectations(key string) bool { e.DaemonSet.SatisfiedExpectations(key) && e.ValidationWebhook.SatisfiedExpectations(key) && e.MutatingWebhook.SatisfiedExpectations(key) && diff --git a/images/virt-artifact/patches/023-replace-expressions-for-validating-admission-policy.patch b/images/virt-artifact/patches/023-replace-expressions-for-validating-admission-policy.patch new file mode 100644 index 000000000..1dde13eb0 --- /dev/null +++ b/images/virt-artifact/patches/023-replace-expressions-for-validating-admission-policy.patch @@ -0,0 +1,36 @@ +diff --git a/pkg/virt-operator/resource/generate/components/validatingadmissionpolicy.go b/pkg/virt-operator/resource/generate/components/validatingadmissionpolicy.go +index 5fefec2304..20914e8bf6 100644 +--- a/pkg/virt-operator/resource/generate/components/validatingadmissionpolicy.go ++++ b/pkg/virt-operator/resource/generate/components/validatingadmissionpolicy.go +@@ -117,7 +117,7 @@ func NewHandlerV1ValidatingAdmissionPolicy(virtHandlerServiceAccount string) *ad + Variables: []admissionregistrationv1.Variable{ + { + Name: "oldNonKubevirtLabels", +- Expression: `oldObject.metadata.labels.filter(k, !k.contains("kubevirt.io") && k != "cpumanager")`, ++ Expression: `oldObject.metadata.labels.filter(k, !k.contains("kubevirt") && k != "cpumanager")`, + }, + { + Name: "oldLabels", +@@ -125,7 +125,7 @@ func NewHandlerV1ValidatingAdmissionPolicy(virtHandlerServiceAccount string) *ad + }, + { + Name: "newNonKubevirtLabels", +- Expression: `object.metadata.labels.filter(k, !k.contains("kubevirt.io") && k != "cpumanager")`, ++ Expression: `object.metadata.labels.filter(k, !k.contains("kubevirt") && k != "cpumanager")`, + }, + { + Name: "newLabels", +@@ -133,11 +133,11 @@ func NewHandlerV1ValidatingAdmissionPolicy(virtHandlerServiceAccount string) *ad + }, + { + Name: "oldNonKubevirtAnnotations", +- Expression: `oldObject.metadata.annotations.filter(k, !k.contains("kubevirt.io"))`, ++ Expression: `oldObject.metadata.annotations.filter(k, !k.contains("kubevirt"))`, + }, + { + Name: "newNonKubevirtAnnotations", +- Expression: `object.metadata.annotations.filter(k, !k.contains("kubevirt.io"))`, ++ Expression: `object.metadata.annotations.filter(k, !k.contains("kubevirt"))`, + }, + { + Name: "oldAnnotations", diff --git a/images/virt-artifact/patches/README.md b/images/virt-artifact/patches/README.md index 0a030cec6..4ae99e60c 100644 --- a/images/virt-artifact/patches/README.md +++ b/images/virt-artifact/patches/README.md @@ -78,3 +78,8 @@ Cleanup stale Pods owned by the VMI, keep only last 3 in the Failed phase. Why we need it? Unsuccessful migrations may leave a lot of Pods. These huge lists reduce performance on virtualization-controller and cdi-deployment restarts. + +#### `023-replace-expressions-for-validating-admission-policy.patch` + +Replace the expressions for the ValidatingAdmissionPolicy kubevirt-node-restriction-policy. +This is necessary because of the kube-api-rewriter that changes the labels.