Adapt the operator CI install script to work on non OCP-clusters #487
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/cherry-pick release-1.4 |
|
@rm3l: once the present PR merges, I will cherry-pick it on top of In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cc @zdrapela This should help with testing downstream CI builds of the operator on non-OCP clusters. |
rm3l
changed the title
rm3l
force-pushed
the
RHIDP-4994--adapt-operator-ci-script-to-work-on-non-ocp-clusters
branch
from
44f8a23
to
7f29b52
Compare
…on on a standard Kubernetes cluster Just like with OCP clusters with hosted control planes (where we cannot use ICSP/IDMS resources), we are doing the following here: 1. Deploy an authenticated registry (there may not be any internal registry available, unlike OCP) 2. Expose this registry via port-forwarding and using a NodePort (to be able to pull it from within the cluster) 3. Replacing all references to the internal RH registry with quay.io in the bundles, repack and push the bundles to the registry above 4. Regenerate the IIB and build it in the cluster (using Kaniko, because the script might be called from CI where Podman cannot run) 5. Create the CatalogSource using this new IIB ref
…out and also better handle exit codes
rm3l
force-pushed
the
RHIDP-4994--adapt-operator-ci-script-to-work-on-non-ocp-clusters
branch
from
7f29b52
to
4333adf
Compare
Description
As depicted in https://issues.redhat.com/browse/RHIDP-4994, the current script and procedure for installing CI builds of the operator are tied to OpenShift (use of ICSP/IDMS resources, leveraging the internal OCP cluster registry, ...).
To unblock https://issues.redhat.com/browse/RHIDP-4550 (testing operator CI builds on GKE), this PR adapts this script to make it work on standard Kubernetes clusters. Ultimately, we should be able to use the same script to test the operator on our other supported platforms like EKS or AKS.
Note that this requires OLM to be installed in the cluster as a prerequisite since this is what we support.
The logic to install the operator on K8s is quite similar to how we adapted the script in #369 to make it work on OCP clusters with hosted control planes (by unpacking the bundles, replacing the refs to the internal RH registries, then pushing them to the cluster registry ): it starts by deploying a registry and does essentially the same things.
NOTE (for later): the script is getting big => we might need to break it down into smaller files. This is an intentional tech debt that will be addressed later (issue TBD).
Which issue(s) does this PR fix or relate to
PR acceptance criteria
rhdh-operator.clusterserviceversion.yamlfile accordinglyHow to test changes / Special notes to the reviewer
More details in https://github.com/rm3l/redhat-developer-hub-operator/blob/RHIDP-4994--adapt-operator-ci-script-to-work-on-non-ocp-clusters/.rhdh/docs/installing-ci-builds.adoc#prerequisites
.rhdh/scripts/install-rhdh-catalog-source.shscript against a standard Kubernetes cluster. OLM is required.$ .rhdh/scripts/install-rhdh-catalog-source.sh --latest --install-operator rhdh [DEBUG] Falling back to a standard K8s cluster Namespace rhdh-operator does not exist; creating it namespace/rhdh-operator created [INFO] Using iib from image quay.io/rhdh/iib:latest-v4.16-x86_64 /tmp/tmp.6aBt4aLP6K ~/work/projects/backstage/janus-idp/operator >>> WORKING DIR: /tmp/tmp.6aBt4aLP6K <<< [INFO] Detected a Kubernetes cluster [...] INFO[0007] Pushing image to local-registry.rhdh-operator.svc.cluster.local:5000/rhdh/iib:latest-v4.16-x86_64 INFO[0008] Pushed local-registry.rhdh-operator.svc.cluster.local:5000/rhdh/iib@sha256:c6e0e73f3cf1c2179a8bfa5f19afb1acd007f2bd047b2353e5a5900b48138c4b job.batch/kaniko-build-1732913167 condition met [DEBUG] IIB built and pushed to internal cluster registry: localhost:30389/rhdh/iib:latest-v4.16-x86_64... [DEBUG] newIIBImage=localhost:30389/rhdh/iib:latest-v4.16-x86_64 catalogsource.operators.coreos.com/rhdh-fast created Creating OperatorGroup to allow all-namespaces operators to be installed operatorgroup.operators.coreos.com/rhdh-operator-group created subscription.operators.coreos.com/rhdh created [...]$ kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}'