Merge pull request #363 from gkurz/merge-to-main-for-1.5

Merge to main for 1.5

Makefile

@@ -49,7 +49,7 @@ ifeq ($(USE_IMAGE_DIGESTS), true)
 endif
 
 # Image URL to use all building/pushing image targets
-IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+IMG ?= $(IMAGE_TAG_BASE):v$(VERSION)
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.24
 

controllers/image_generator.go

@@ -67,12 +67,13 @@ Every image deletion job should preform the following:
 */
 
 const (
-	peerpodsCMName          = "peer-pods-cm"
-	peerPodsSecretName      = "peer-pods-secret"
-	peerpodsCMAWSImageKey   = "PODVM_AMI_ID"
-	peerpodsCMAzureImageKey = "AZURE_IMAGE_ID"
-	fipsCMKey               = "BOOT_FIPS"
-	defaultVMType           = "VM"
+	unsupportedCloudProvider = "unsupported"
+	peerpodsCMName           = "peer-pods-cm"
+	peerPodsSecretName       = "peer-pods-secret"
+	peerpodsCMAWSImageKey    = "PODVM_AMI_ID"
+	peerpodsCMAzureImageKey  = "AZURE_IMAGE_ID"
+	fipsCMKey                = "BOOT_FIPS"
+	defaultVMType            = "VM"
 )
 
 type ImageGenerator struct {
@@ -98,6 +99,11 @@ func ImageCreate(c client.Client) (bool, ctrl.Result) {
 		}
 	}
 
+	if ig.provider == unsupportedCloudProvider {
+		igLogger.Info("unsupported cloud provider, skipping image creation")
+		return true, ctrl.Result{}
+	}
+
 	if err := ig.validatePeerPodsConfigs(); err != nil {
 		igLogger.Info("error validating peer-pods configs", "err", err)
 		return false, ctrl.Result{Requeue: true, RequeueAfter: 30 * time.Second}
@@ -117,6 +123,11 @@ func ImageDelete(c client.Client) (bool, ctrl.Result) {
 		}
 	}
 
+	if ig.provider == unsupportedCloudProvider {
+		igLogger.Info("unsupported cloud provider, skipping image deletion")
+		return true, ctrl.Result{}
+	}
+
 	if err := ig.validatePeerPodsConfigs(); err != nil {
 		igLogger.Info("error validating peer-pods configs", "err", err)
 		return false, ctrl.Result{Requeue: true, RequeueAfter: 30 * time.Second}
@@ -155,48 +166,39 @@ func newImageGenerator(client client.Client) (*ImageGenerator, error) {
 	}
 	ig.fips = fips == 1
 
-	err = ig.setupCloudProvider()
-	if err != nil {
-		return nil, fmt.Errorf("failed to setup cloud provider: %v", err)
+	if provider, err := ig.getCloudProviderFromInfra(); err != nil {
+		return nil, fmt.Errorf("failed to get cloud provider from infra: %v", err)
+	} else {
+		switch provider {
+		case "aws":
+			ig.CMimageIDKey = peerpodsCMAWSImageKey
+			ig.provider = provider
+		case "azure":
+			ig.CMimageIDKey = peerpodsCMAzureImageKey
+			ig.provider = provider
+		default:
+			igLogger.Info("unsupported cloud provider, image creation will be disabled", "provider", provider)
+			ig.provider = unsupportedCloudProvider
+		}
 	}
 
 	igLogger.Info("ImageGenerator instance has been initialized successfully", "fips", ig.fips)
 	return &ig, nil
 }
 
-func (r *ImageGenerator) getCloudProviderFromInfra() string {
+func (r *ImageGenerator) getCloudProviderFromInfra() (string, error) {
 	// TODO: first check if it's indeed openshift
 	infrastructure := &configv1.Infrastructure{}
 	err := r.client.Get(context.TODO(), types.NamespacedName{Name: "cluster"}, infrastructure)
 	if err != nil {
-		igLogger.Info("getCloudProviderInfra: Error getting Infrastructure object", "err", err)
-		return ""
+		return "", err
 	}
 
 	if infrastructure.Status.PlatformStatus == nil {
-		igLogger.Info("getCloudProviderInfra: Infrastructure.status.platformStatus is empty")
-		return ""
+		return "", fmt.Errorf("Infrastructure.status.platformStatus is empty")
 	}
 
-	igLogger.Info("Got cloud provider from infrastructure object")
-	return strings.ToLower(string(infrastructure.Status.PlatformStatus.Type))
-}
-
-func (r *ImageGenerator) setupCloudProvider() error {
-	provider := r.getCloudProviderFromInfra()
-
-	switch provider {
-	case "aws":
-		r.CMimageIDKey = peerpodsCMAWSImageKey
-	case "azure":
-		r.CMimageIDKey = peerpodsCMAzureImageKey
-	default:
-		return fmt.Errorf("getCloudProvider: Unsupported cloud provider: %s", provider)
-	}
-	r.provider = provider
-
-	igLogger.Info("Cloud provider fetched successfully", "provider", r.provider, "keyID", r.CMimageIDKey)
-	return nil
+	return strings.ToLower(string(infrastructure.Status.PlatformStatus.Type)), nil
 }
 
 func (r *ImageGenerator) createJobFromFile(jobFileName string) (*batchv1.Job, error) {

controllers/openshift_controller.go

@@ -1962,17 +1962,17 @@ func (r *KataConfigOpenShiftReconciler) resetInProgressCondition() {
 func (r *KataConfigOpenShiftReconciler) isInstalling() bool {
 	cond := r.findInProgressCondition()
 	if cond == nil {
-		return false;
+		return false
 	}
-	return cond.Status == corev1.ConditionTrue && cond.Reason == "Installing";
+	return cond.Status == corev1.ConditionTrue && cond.Reason == "Installing"
 }
 
 func (r *KataConfigOpenShiftReconciler) isUpdating() bool {
 	cond := r.findInProgressCondition()
 	if cond == nil {
-		return false;
+		return false
 	}
-	return cond.Status == corev1.ConditionTrue && cond.Reason == "Updating";
+	return cond.Status == corev1.ConditionTrue && cond.Reason == "Updating"
 }
 
 func (r *KataConfigOpenShiftReconciler) createAuthJsonSecret() error {

go.mod

@@ -3,7 +3,7 @@ module github.com/openshift/sandboxed-containers-operator
 go 1.19
 
 require (
-	github.com/confidential-containers/cloud-api-adaptor/peerpod-ctrl v0.0.0-20230512144533-a9941bba4692
+	github.com/confidential-containers/cloud-api-adaptor/peerpod-ctrl v0.8.0-alpha.1.0.20231117105612-4bb0a8dfe349
 	github.com/confidential-containers/cloud-api-adaptor/peerpodconfig-ctrl v0.7.1-0.20230905053535-9fc762f85a98
 	github.com/coreos/ignition/v2 v2.9.0
 	github.com/ghodss/yaml v1.0.0
@@ -22,34 +22,34 @@ require (
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.2 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2 v2.2.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/IBM-Cloud/power-go-client v1.2.3 // indirect
 	github.com/IBM/go-sdk-core/v5 v5.13.1 // indirect
 	github.com/IBM/platform-services-go-sdk v0.36.0 // indirect
 	github.com/IBM/vpc-go-sdk v0.35.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/avast/retry-go/v4 v4.3.3 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.16.5 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.21.0 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.15.11 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.12.6 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.6 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.12 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ec2 v1.31.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ec2 v1.117.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.11.9 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.16.7 // indirect
-	github.com/aws/smithy-go v1.11.3 // indirect
+	github.com/aws/smithy-go v1.14.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/confidential-containers/cloud-api-adaptor v0.5.1-0.20230504043629-580abeb128aa // indirect
-	github.com/containerd/containerd v1.6.6 // indirect
+	github.com/confidential-containers/cloud-api-adaptor v0.8.1-0.20231116150709-232acecae0ca // indirect
+	github.com/containerd/containerd v1.6.8 // indirect
 	github.com/containerd/ttrpc v1.2.2 // indirect
 	github.com/containernetworking/plugins v1.1.1 // indirect
 	github.com/containers/podman/v4 v4.2.0 // indirect
@@ -79,7 +79,7 @@ require (
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gobuffalo/flect v0.3.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
@@ -94,19 +94,21 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/kata-containers/kata-containers/src/runtime v0.0.0-20220913141151-9b49a6ddc6fd // indirect
+	github.com/kata-containers/kata-containers/src/runtime v0.0.0-20231109143605-6c2a2a14fe78 // indirect
+	github.com/kdomanski/iso9660 v0.3.5 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/moby/sys/mountinfo v0.6.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 // indirect
+	github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -117,7 +119,7 @@ require (
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/vincent-petithory/dataurl v0.0.0-20191104211930-d1553a71de50 // indirect
-	github.com/vishvananda/netlink v1.1.1-0.20220115184804-dd687eb2f2d4 // indirect
+	github.com/vishvananda/netlink v1.2.1-beta.2 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/vmware/govmomi v0.30.0 // indirect
 	go.mongodb.org/mongo-driver v1.11.2 // indirect
@@ -135,7 +137,7 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
-	google.golang.org/grpc v1.54.0 // indirect
+	google.golang.org/grpc v1.56.3 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -147,7 +149,7 @@ require (
 	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
 	libvirt.org/go/libvirt v1.8002.0 // indirect
-	libvirt.org/go/libvirtxml v1.8002.0 // indirect
+	libvirt.org/go/libvirtxml v1.9004.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect