Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump k8s to v0.27.2 #2333

Merged
merged 1 commit into from
Jun 8, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
125 changes: 62 additions & 63 deletions cmd/hyperconverged-cluster-operator/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -179,73 +179,72 @@ func main() {

// Restricts the cache's ListWatch to specific fields/labels per GVK at the specified object to control the memory impact
// this is used to completely overwrite the NewCache function so all the interesting objects should be explicitly listed here
func getNewManagerCache(operatorNamespace string) cache.NewCacheFunc {
func getCacheOption(operatorNamespace string) cache.Options {
namespaceSelector := fields.Set{"metadata.namespace": operatorNamespace}.AsSelector()
labelSelector := labels.Set{hcoutil.AppLabel: hcoutil.HyperConvergedName}.AsSelector()
labelSelectorForNamespace := labels.Set{hcoutil.KubernetesMetadataName: operatorNamespace}.AsSelector()
return cache.BuilderWithOptions(
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cache.Options{
SelectorsByObject: cache.SelectorsByObject{
&hcov1beta1.HyperConverged{}: {},
&kubevirtcorev1.KubeVirt{}: {},
&cdiv1beta1.CDI{}: {},
&networkaddonsv1.NetworkAddonsConfig{}: {},
&sspv1beta1.SSP{}: {},
&ttov1alpha1.TektonTasks{}: {},
&schedulingv1.PriorityClass{}: {
Label: labels.SelectorFromSet(labels.Set{hcoutil.AppLabel: hcoutil.HyperConvergedName}),
},
&corev1.ConfigMap{}: {
Label: labelSelector,
},
&corev1.Service{}: {
Field: namespaceSelector,
},
&corev1.Endpoints{}: {
Field: namespaceSelector,
},
&monitoringv1.ServiceMonitor{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&monitoringv1.PrometheusRule{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&rbacv1.Role{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&rbacv1.RoleBinding{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&openshiftroutev1.Route{}: {
Field: namespaceSelector,
},
&imagev1.ImageStream{}: {
Label: labelSelector,
},
&corev1.Namespace{}: {
Label: labelSelectorForNamespace,
},
&openshiftconfigv1.APIServer{}: {},
&consolev1.ConsoleCLIDownload{}: {
Label: labelSelector,
},
&consolev1.ConsoleQuickStart{}: {
Label: labelSelector,
},
&consolev1.ConsolePlugin{}: {
Label: labelSelector,
},
&appsv1.Deployment{}: {
Label: labelSelector,
Field: namespaceSelector,
},

return cache.Options{
ByObject: map[client.Object]cache.ByObject{
&hcov1beta1.HyperConverged{}: {},
&kubevirtcorev1.KubeVirt{}: {},
&cdiv1beta1.CDI{}: {},
&networkaddonsv1.NetworkAddonsConfig{}: {},
&sspv1beta1.SSP{}: {},
&ttov1alpha1.TektonTasks{}: {},
&schedulingv1.PriorityClass{}: {
Label: labels.SelectorFromSet(labels.Set{hcoutil.AppLabel: hcoutil.HyperConvergedName}),
},
&corev1.ConfigMap{}: {
Label: labelSelector,
},
&corev1.Service{}: {
Field: namespaceSelector,
},
&corev1.Endpoints{}: {
Field: namespaceSelector,
},
&monitoringv1.ServiceMonitor{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&monitoringv1.PrometheusRule{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&rbacv1.Role{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&rbacv1.RoleBinding{}: {
Label: labelSelector,
Field: namespaceSelector,
},
&openshiftroutev1.Route{}: {
Field: namespaceSelector,
},
&imagev1.ImageStream{}: {
Label: labelSelector,
},
&corev1.Namespace{}: {
Label: labelSelectorForNamespace,
},
&openshiftconfigv1.APIServer{}: {},
&consolev1.ConsoleCLIDownload{}: {
Label: labelSelector,
},
&consolev1.ConsoleQuickStart{}: {
Label: labelSelector,
},
&consolev1.ConsolePlugin{}: {
Label: labelSelector,
},
&appsv1.Deployment{}: {
Label: labelSelector,
Field: namespaceSelector,
},
},
)
}
}

func getManagerOptions(watchNamespace string, operatorNamespace string, needLeaderElection bool, scheme *apiruntime.Scheme) manager.Options {
Expand All @@ -258,7 +257,7 @@ func getManagerOptions(watchNamespace string, operatorNamespace string, needLead
LeaderElection: needLeaderElection,
LeaderElectionResourceLock: resourcelock.ConfigMapsLeasesResourceLock,
LeaderElectionID: "hyperconverged-cluster-operator-lock",
NewCache: getNewManagerCache(operatorNamespace),
Cache: getCacheOption(operatorNamespace),
Scheme: scheme,
}
}
Expand Down
35 changes: 35 additions & 0 deletions cmd/hyperconverged-cluster-webhook/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,16 @@ package main

import (
"context"
"crypto/tls"
"fmt"
"os"
"path/filepath"

"github.com/openshift/library-go/pkg/crypto"
"sigs.k8s.io/controller-runtime/pkg/webhook"

webhookscontrollers "github.com/kubevirt/hyperconverged-cluster-operator/controllers/webhooks"
"github.com/kubevirt/hyperconverged-cluster-operator/pkg/webhooks/validator"

csvv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
appsv1 "k8s.io/api/apps/v1"
Expand Down Expand Up @@ -71,6 +77,16 @@ func main() {
os.Exit(1)
}

// Make sure the certificates are mounted, this should be handled by the OLM
webhookCertDir := webhooks.GetWebhookCertDir()
certs := []string{filepath.Join(webhookCertDir, hcoutil.WebhookCertName), filepath.Join(webhookCertDir, hcoutil.WebhookKeyName)}
for _, fname := range certs {
if _, err := os.Stat(fname); err != nil {
logger.Error(err, "CSV certificates were not found, skipping webhook initialization")
cmdHelper.ExitOnError(err, "CSV certificates were not found, skipping webhook initialization")
}
}

// Setup Scheme for all resources
scheme := apiruntime.NewScheme()
cmdHelper.AddToScheme(scheme, resourcesSchemeFuncs)
Expand All @@ -84,6 +100,13 @@ func main() {
LivenessEndpointName: hcoutil.LivenessEndpointName,
LeaderElection: false,
Scheme: scheme,
WebhookServer: webhook.NewServer(webhook.Options{
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CertDir: webhooks.GetWebhookCertDir(),
CertName: hcoutil.WebhookCertName,
KeyName: hcoutil.WebhookKeyName,
Port: hcoutil.WebhookPort,
TLSOpts: []func(*tls.Config){MutateTLSConfig},
}),
})
cmdHelper.ExitOnError(err, "failed to create manager")

Expand Down Expand Up @@ -157,3 +180,15 @@ func main() {
os.Exit(1)
}
}

func MutateTLSConfig(cfg *tls.Config) {
// This callback executes on each client call returning a new config to be used
// please be aware that the APIServer is using http keepalive so this is going to
// be executed only after a while for fresh connections and not on existing ones
cfg.GetConfigForClient = func(_ *tls.ClientHelloInfo) (*tls.Config, error) {
cipherNames, minTypedTLSVersion := validator.SelectCipherSuitesAndMinTLSVersion()
cfg.CipherSuites = crypto.CipherSuitesOrDie(crypto.OpenSSLToIANACipherSuites(cipherNames))
cfg.MinVersion = crypto.TLSVersionOrDie(string(minTypedTLSVersion))
return cfg, nil
}
}
15 changes: 10 additions & 5 deletions config/crd/bases/hco.kubevirt.io_hyperconvergeds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,8 @@ spec:
If Requests is omitted for a container,
it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
Expand Down Expand Up @@ -887,7 +888,8 @@ spec:
If Requests is omitted for a container,
it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
Expand Down Expand Up @@ -2365,7 +2367,8 @@ spec:
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
type: object
Expand Down Expand Up @@ -3905,7 +3908,8 @@ spec:
If Requests is omitted for a container,
it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
Expand Down Expand Up @@ -4365,7 +4369,8 @@ spec:
If Requests is omitted for a container,
it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
Expand Down
Loading