Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cert manager api as dependency #680

Merged
merged 2 commits into from
Jun 12, 2024
Merged

cert manager api as dependency #680

merged 2 commits into from
Jun 12, 2024

Conversation

eguzki
Copy link
Contributor

@eguzki eguzki commented May 30, 2024
edited
Loading

What

Remove cert-manager operator as dependency and, instead, add cert-manager API as dep.

On openshift, the upstream cert-manager operator can conflict with RH build of the cert manager operator.

Verification steps

# manifests
make bundle VERSION=0.8.0

# bundle image
make bundle-build BUNDLE_IMG=quay.io/kuadrant/kuadrant-operator-bundle:my-bundle

# push bundle image
make bundle-push BUNDLE_IMG=quay.io/kuadrant/kuadrant-operator-bundle:my-bundle

make catalog BUNDLE_IMG=quay.io/kuadrant/kuadrant-operator-bundle:my-bundle
make catalog-build CATALOG_IMG=quay.io/kuadrant/kuadrant-operator-catalog:my-catalog
make catalog-push CATALOG_IMG=quay.io/kuadrant/kuadrant-operator-catalog:my-catalog
  • Create kind cluster
make kind-create-cluster
  • Deploy OLM system
make install-olm
  • Deploy kuadrant operator using OLM. Since the certificate manager API is not installed, the operation should fail.
make deploy-catalog CATALOG_IMG=quay.io/kuadrant/kuadrant-operator-catalog:my-catalog

The subscription status eventually reports constraints not satisfiable

kubectl get subscriptions kuadrant -n kuadrant-system -o jsonpath='{.status.conditions}' | yq e -P

Condition type CatalogSourcesUnhealthy should eventually report that all available catalogsources are healthy. It takes up to few minutes.

- lastTransitionTime: "2024-05-30T15:31:33Z"
  message: all available catalogsources are healthy
  reason: AllCatalogSourcesHealthy
  status: "False"
  type: CatalogSourcesUnhealthy

OLM should have resolved the dependency by installing the cert-manager operator.

❯ kubectl get clusterserviceversions.operators.coreos.com | grep cert-manager
cert-manager.v1.14.2        cert-manager         1.14.2    cert-manager.v1.13.3             Succeeded

@codecov Codecov
Copy link

codecov bot commented May 30, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.83%. Comparing base (ece13e8) to head (a0f33f7).
Report is 118 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #680      +/-   ##
==========================================
+ Coverage   80.20%   82.83%   +2.62%     
==========================================
  Files          64       73       +9     
  Lines        4492     5737    +1245     
==========================================
+ Hits         3603     4752    +1149     
- Misses        600      651      +51     
- Partials      289      334      +45
Flag Coverage Δ
bare-k8s-integration 4.42% <ø> (?)
controllers-integration 72.41% <ø> (?)
gatewayapi-integration 10.96% <ø> (?)
integration ?
istio-integration 56.14% <ø> (?)
unit 32.56% <ø> (+2.52%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
api/v1beta1 (u) 71.42% <ø> (ø)
api/v1beta2 (u) 93.58% <100.00%> (+2.16%) ⬆️
pkg/common (u) 88.13% <ø> (-0.70%) ⬇️
pkg/istio (u) 75.09% <ø> (+1.17%) ⬆️
pkg/log (u) 94.73% <ø> (ø)
pkg/reconcilers (u) ∅ <ø> (∅)
pkg/rlptools (u) 81.59% <ø> (+2.13%) ⬆️
controllers (i) 81.67% <82.44%> (+4.87%) ⬆️

see 36 files with indirect coverage changes

@eguzki eguzki marked this pull request as ready for review May 30, 2024 15:37
@eguzki eguzki requested a review from a team as a code owner May 30, 2024 15:37
@eguzki eguzki added the kind/bug Something isn't working label May 31, 2024
didierofrivia
didierofrivia reviewed Jun 10, 2024
View reviewed changes
config/deploy/olm/catalogsource.yaml
@@ -6,4 +6,6 @@ spec:
sourceType: grpc
image: quay.io/kuadrant/kuadrant-operator-catalog:latest
displayName: Kuadrant Operators
grpcPodConfig:
securityContextConfig: restricted
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this something we need to override in OLM for cert manager to work? What does the securityContextConfig adds to the grpc Pod?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This something we need for the current k8s release version we are using. Try removing those, the catalogsource would not be deployed.

didierofrivia
didierofrivia reviewed Jun 10, 2024
View reviewed changes
utils/generate-catalog.sh
OPM="${1?:Error \$OPM not set. Bye}"
YQ="${2?:Error \$YQ not set. Bye}"
BUNDLE_IMG="${3?:Error \$BUNDLE_IMG not set. Bye}"
REPLACES_VERSION="${4?:Error \$REPLACES_VERSION not set. Bye}"
LIMITADOR_OPERATOR_BUNDLE_IMG="${5?:Error \$LIMITADOR_OPERATOR_BUNDLE_IMG not set. Bye}"
AUTHORINO_OPERATOR_BUNDLE_IMG="${6?:Error \$AUTHORINO_OPERATOR_BUNDLE_IMG not set. Bye}"
DNS_OPERATOR_BUNDLE_IMG="${7?:Error \$DNS_OPERATOR_BUNDLE_IMG not set. Bye}"
CHANNELS="${8:-$DEFAULT_CHANNEL}"
CHANNELS="${8?:Error \$CHANNELS not set. Bye}"
Copy link
Collaborator

@didierofrivia didierofrivia Jun 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No channels, no catalog. We might need to review the release process of setting channel(s) and default channel

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the default channel is set at the makefile level. The script only requires one. I have moved the default from the script to the makefile. The script needs one channel value and fails if not provided. The default value is meaningful outside the script only.

didierofrivia
didierofrivia approved these changes Jun 12, 2024
View reviewed changes
Copy link
Collaborator

@didierofrivia didierofrivia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Considering that we are ignoring CertificateRequest, Order and Challenge GVKs since are not being used... LGTM! 🥇

@eguzki eguzki requested a review from mikenairn June 12, 2024 10:01
@eguzki eguzki merged commit de3417e into main Jun 12, 2024
26 checks passed
@eguzki eguzki deleted the cert-manager-api-as-dep branch June 12, 2024 11:33
dlaw4608 pushed a commit to dlaw4608/kuadrant-operator that referenced this pull request Jun 17, 2024
@eguzki
cert manager api as dependency (Kuadrant#680)
0c271b6 
* cert manager api as dependency

* bundle/metadata/dependencies.yaml: removing unused GVK deps
@eguzki eguzki mentioned this pull request Jul 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikenairn mikenairn mikenairn approved these changes

@didierofrivia didierofrivia didierofrivia approved these changes

Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
Kuadrant
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eguzki @mikenairn @didierofrivia