Installation of CAA fails on OSX - arm64

[surajssd]

So I ran this on the latest main: 372e4e7 on an OSX terminal.

✗ CLOUD_PROVIDER=azure make deploy

make: sha256sum: Command not found

kubectl apply -k "github.com/confidential-containers/operator/config/release?ref=v0.8.0"
namespace/confidential-containers-system created
customresourcedefinition.apiextensions.k8s.io/ccruntimes.confidentialcontainers.org created
serviceaccount/cc-operator-controller-manager created
role.rbac.authorization.k8s.io/cc-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/cc-operator-manager-role created
clusterrole.rbac.authorization.k8s.io/cc-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/cc-operator-proxy-role created
rolebinding.rbac.authorization.k8s.io/cc-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/cc-operator-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/cc-operator-proxy-rolebinding created
configmap/cc-operator-manager-config created
service/cc-operator-controller-manager-metrics-service created
deployment.apps/cc-operator-controller-manager created
kubectl apply -k "github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods?ref=v0.8.0"
ccruntime.confidentialcontainers.org/ccruntime-peer-pods created
kubectl apply -k install/overlays/azure
serviceaccount/cloud-api-adaptor created
clusterrole.rbac.authorization.k8s.io/node-viewer created
clusterrole.rbac.authorization.k8s.io/peerpod-editor created
clusterrole.rbac.authorization.k8s.io/pod-viewer created
clusterrolebinding.rbac.authorization.k8s.io/node-viewer created
clusterrolebinding.rbac.authorization.k8s.io/peerpod-editor created
clusterrolebinding.rbac.authorization.k8s.io/pod-viewer created
configmap/peer-pods-cm created
secret/peer-pods-secret created
secret/ssh-key-secret created
daemonset.apps/cloud-api-adaptor-daemonset created
/Library/Developer/CommandLineTools/usr/bin/make -C ./peerpod-ctrl deploy
mkdir -p /Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin
test -s /Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin/controller-gen || GOBIN=/Users/code/work/cloud-api-adaptor-main/peerpod-ctrl/bin go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.10.0
go: downloading sigs.k8s.io/controller-tools v0.10.0
go: downloading golang.org/x/tools v0.1.12
go: downloading github.com/spf13/cobra v1.4.0
go: downloading github.com/fatih/color v1.12.0
go: downloading github.com/gobuffalo/flect v0.2.5
go: downloading github.com/mattn/go-colorable v0.1.8
go: downloading github.com/mattn/go-isatty v0.0.12
go: downloading github.com/google/gofuzz v1.1.0
/Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases-: build constraints exclude all Go files in /Users/suraj/go/pkg/mod/github.com/containernetworking/plugins@v1.1.1/pkg/utils/sysctl
Error: not all generators ran successfully
run `controller-gen rbac:roleName=manager-role crd webhook paths=./... output:crd:artifacts:config=config/crd/bases -w` to see all available markers, or `controller-gen rbac:roleName=manager-role crd webhook paths=./... output:crd:artifacts:config=config/crd/bases -h` for usage
make[1]: *** [manifests] Error 1
make: *** [deploy] Error 2

Running it the second time worked:

✗ CLOUD_PROVIDER=azure make deploy

make: sha256sum: Command not found
kubectl apply -k "github.com/confidential-containers/operator/config/release?ref=v0.8.0"
namespace/confidential-containers-system unchanged
customresourcedefinition.apiextensions.k8s.io/ccruntimes.confidentialcontainers.org unchanged
serviceaccount/cc-operator-controller-manager unchanged
role.rbac.authorization.k8s.io/cc-operator-leader-election-role unchanged
clusterrole.rbac.authorization.k8s.io/cc-operator-manager-role configured
clusterrole.rbac.authorization.k8s.io/cc-operator-metrics-reader unchanged
clusterrole.rbac.authorization.k8s.io/cc-operator-proxy-role unchanged
rolebinding.rbac.authorization.k8s.io/cc-operator-leader-election-rolebinding unchanged
clusterrolebinding.rbac.authorization.k8s.io/cc-operator-manager-rolebinding unchanged
clusterrolebinding.rbac.authorization.k8s.io/cc-operator-proxy-rolebinding unchanged
configmap/cc-operator-manager-config unchanged
service/cc-operator-controller-manager-metrics-service unchanged
deployment.apps/cc-operator-controller-manager unchanged
kubectl apply -k "github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods?ref=v0.8.0"
ccruntime.confidentialcontainers.org/ccruntime-peer-pods configured
kubectl apply -k install/overlays/azure
serviceaccount/cloud-api-adaptor unchanged
clusterrole.rbac.authorization.k8s.io/node-viewer unchanged
clusterrole.rbac.authorization.k8s.io/peerpod-editor unchanged
clusterrole.rbac.authorization.k8s.io/pod-viewer unchanged
clusterrolebinding.rbac.authorization.k8s.io/node-viewer unchanged
clusterrolebinding.rbac.authorization.k8s.io/peerpod-editor unchanged
clusterrolebinding.rbac.authorization.k8s.io/pod-viewer unchanged
configmap/peer-pods-cm unchanged
secret/peer-pods-secret configured
secret/ssh-key-secret configured
daemonset.apps/cloud-api-adaptor-daemonset unchanged
/Library/Developer/CommandLineTools/usr/bin/make -C ./peerpod-ctrl deploy
/Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
test -s /Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin/kustomize || { curl -Ss "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s -- 3.8.7 /Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin; }
Version v3.8.7 does not exist for darwin/arm64, trying darwin/amd64 instead.
{Version:kustomize/v3.8.7 GitCommit:ad092cc7a91c07fdf63a2e4b7f13fa588a39af4f BuildDate:2020-11-11T23:19:38Z GoOs:darwin GoArch:amd64}
kustomize installed to /Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin/kustomize
cd config/manager && /Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin/kustomize edit set image controller=quay.io/confidential-containers/peerpod-ctrl:latest
/Users/suraj/work/cloud-api-adaptor-main/peerpod-ctrl/bin/kustomize build config/default | kubectl apply -f -
namespace/confidential-containers-system configured
customresourcedefinition.apiextensions.k8s.io/peerpods.confidentialcontainers.org created
serviceaccount/peerpod-ctrl-controller-manager created
role.rbac.authorization.k8s.io/peerpod-ctrl-leader-election-role created
clusterrole.rbac.authorization.k8s.io/peerpod-ctrl-manager-role created
clusterrole.rbac.authorization.k8s.io/peerpod-ctrl-metrics-reader created
clusterrole.rbac.authorization.k8s.io/peerpod-ctrl-proxy-role created
rolebinding.rbac.authorization.k8s.io/peerpod-ctrl-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/peerpod-ctrl-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/peerpod-ctrl-proxy-rolebinding created
service/peerpod-ctrl-controller-manager-metrics-service created
deployment.apps/peerpod-ctrl-controller-manager created

So there are multiple problems I see with this:

• There is no sha256sum but the installation still went forward, so it should be just a warning and should clearly show what could wrong without that tool. Right now it doesn't tell me anything.
• Why is go needed at all to deploy a CAA? This means we are not generating and committing something which we should? Adding a dev dependency on users is not the right thing to do.
• Why do we download a tool on the fly and not bail out asking user to install it?
• The tool uses latest peerpod-ctrl:latest and does not allow user to select what version to install.