openshift · bpradipt · Apr 23, 2024 · Apr 25, 2024 · Apr 23, 2024 · Apr 8, 2024
diff --git a/config/samples/featuregates.yaml b/config/samples/featuregates.yaml
@@ -4,19 +4,46 @@ metadata:
   name: osc-feature-gates
   namespace: openshift-sandboxed-containers-operator
 data:
-  # timeTravel allows navigating through cluster states across time.
-  # It is useful for scenarios where you want to view historical data or
-  # predict future states based on current trends. Default is "false".
-  # timeTravel: "false"
+  # OpenShift supports image layering, that allows deployment of packages by
+  # providing a custom RHCOS image. LayeredImageDeployment feature enables the
+  # support for Kata artifacts deployment using RHCOS image layer
 
-  # quantumEntanglementSync enables instant state consistency across clusters
-  # using principles of quantum mechanics. This advanced feature ensures
-  # data is synchronized across different locations without traditional
-  # network latency. Default is "false".
-  # quantumEntanglementSync: "false"
+  # Additionally you'll need to create a configmap named layeredimagedeployment-config to provide relevant
+  # configurations for this feature. Check the example yaml later on in this file
 
-  # autoHealingWithAI employs artificial intelligence to automatically
-  # detect and resolve cluster issues. It leverages machine learning algorithms
-  # to predict potential problems before they occur, ensuring high availability.
-  # Default is "true".
-  # autoHealingWithAI: "true"
+  #LayeredImageDeployment: "false"
+
+  # AdditionalRuntimeClasses feature is enables creating additional runtimeClasses
+  # This feature typically will be used with other features.
+  # For example this feature can be used with the layered image based deployment feature as well.
+  # The layered image based deployment might have configuration for multiple
+  # runtimeclasses which is then exposed to users as RuntimeClass objects
+  # created by OSC operator when this feature gate is enabled.
+
+  # Additionally you'll need to create a configmap named additionalruntimeclasses-config to provide relevant
+  # configurations for this feature. Check the example yaml later on in this file
+
+  #AdditionalRuntimeClasses: "false"
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: layeredimagedeployment-config
+  namespace: openshift-sandboxed-containers-operator
+data:
+  # Provide the configurations for the LayeredImageDeployment feature
+  # osImageURL is mandatory and should be a valid URL containing the RHCOS layered image
+  #osImageURL: "quay.io/...."
+  #kernelArguments: "a=b c=d ..."
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: additionalruntimeclasses-config
+  namespace: openshift-sandboxed-containers-operator
+data:
+  # Use any one of the formats below to provide the runtime class configurations
+  #runtimeClassConfig: "name1:cpuOverHead1:memOverHead1, name2:cpuOverHead2:memOverHead2"
+  #runtimeClassConfig: "name1, name2"
diff --git a/controllers/cm_event_handler.go b/controllers/cm_event_handler.go
@@ -0,0 +1,74 @@
+package controllers
+
+import (
+	"context"
+
+	"github.com/openshift/sandboxed-containers-operator/internal/featuregates"
+	"k8s.io/client-go/util/workqueue"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+)
+
+type ConfigMapEventHandler struct {
+	reconciler *KataConfigOpenShiftReconciler
+}
+
+func (ch *ConfigMapEventHandler) Create(ctx context.Context, event event.CreateEvent, queue workqueue.RateLimitingInterface) {
+
+	if ch.reconciler.kataConfig == nil {
+		return
+	}
+
+	cm := event.Object
+
+	// Check if the configmap name is one of the feature gates configmap or
+	// feature config
+	if cm.GetNamespace() != OperatorNamespace || !featuregates.IsFeatureGateConfigMap(cm.GetName()) {
+		return
+	}
+	log := ch.reconciler.Log.WithName("CMCreate").WithValues("cm name", cm.GetName())
+	log.Info("FeatureGates configmap created")
+
+	queue.Add(ch.reconciler.makeReconcileRequest())
+}
+
+func (ch *ConfigMapEventHandler) Update(ctx context.Context, event event.UpdateEvent, queue workqueue.RateLimitingInterface) {
+
+	if ch.reconciler.kataConfig == nil {
+		return
+	}
+
+	cm := event.ObjectNew
+
+	// Check if the configmap name is one of the feature gates configmap or
+	// feature config
+	if cm.GetNamespace() != OperatorNamespace || !featuregates.IsFeatureGateConfigMap(cm.GetName()) {
+		return
+	}
+
+	log := ch.reconciler.Log.WithName("CMUpdate").WithValues("cm name", cm.GetName())
+	log.Info("FeatureGates configmap updated")
+
+	queue.Add(ch.reconciler.makeReconcileRequest())
+
+}
+
+func (ch *ConfigMapEventHandler) Delete(ctx context.Context, event event.DeleteEvent, queue workqueue.RateLimitingInterface) {
+	if ch.reconciler.kataConfig == nil {
+		return
+	}
+
+	cm := event.Object
+
+	// Check if the configmap name is one of the feature gates configmap or
+	// feature config
+	if cm.GetNamespace() != OperatorNamespace || !featuregates.IsFeatureGateConfigMap(cm.GetName()) {
+		return
+	}
+	log := ch.reconciler.Log.WithName("CMDelete").WithValues("cm name", cm.GetName())
+	log.Info("FeatureGates configmap deleted")
+
+	queue.Add(ch.reconciler.makeReconcileRequest())
+}
+
+func (ch *ConfigMapEventHandler) Generic(ctx context.Context, event event.GenericEvent, queue workqueue.RateLimitingInterface) {
+}
diff --git a/controllers/credentials_controller.go b/controllers/credentials_controller.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"path/filepath"
 
 	"github.com/go-logr/logr"
 	v1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1"
@@ -293,7 +294,8 @@ func (kh *KataConfigHandler) getCredentialsRequest() (*v1.CredentialsRequest, er
 	}
 
 	fileName := fmt.Sprintf(peerpodsCredentialsRequestFileFormat, provider)
-	yamlData, err := readCredentialsRequestYAML(fileName)
+	credentialsRequestsYamlFile := filepath.Join(peerpodsCredentialsRequestsPathLocation, fileName)
+	yamlData, err := readYamlFile(credentialsRequestsYamlFile)
 	if os.IsNotExist(err) {
 		kh.reconciler.Log.Info("no CredentialsRequestYAML for provider", "err", err, "provider", provider)
 		return nil, nil
@@ -324,7 +326,8 @@ func (kh *KataConfigHandler) skipCredentialRequests() bool {
 	// check if CredentialsRequest implementation exists for the cloud provider
 	if provider, err := getCloudProviderFromInfra(kh.reconciler.Client); err == nil {
 		fileName := fmt.Sprintf(peerpodsCredentialsRequestFileFormat, provider)
-		if _, err := readCredentialsRequestYAML(fileName); os.IsNotExist(err) {
+		credentialsRequestsYamlFile := filepath.Join(peerpodsCredentialsRequestsPathLocation, fileName)
+		if _, err := readYamlFile(credentialsRequestsYamlFile); os.IsNotExist(err) {
 			kh.reconciler.Log.Info("no CredentialsRequest yaml file for provider, skipping", "provider", provider, "filename", fileName)
 			return true
 		}

diff --git a/controllers/image_generator.go b/controllers/image_generator.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
@@ -242,7 +243,9 @@ func newImageGenerator(client client.Client) (*ImageGenerator, error) {
 func (r *ImageGenerator) createJobFromFile(jobFileName string) (*batchv1.Job, error) {
 	igLogger.Info("Create Job out of YAML file", "jobFileName", jobFileName)
 
-	yamlData, err := readJobYAML(jobFileName)
+	jobYamlFile := filepath.Join(peerpodsImageJobsPathLocation, jobFileName)
+
+	yamlData, err := readYamlFile(jobYamlFile)
 	if err != nil {
 		return nil, err
 	}
@@ -630,7 +633,8 @@ func (r *ImageGenerator) createImageConfigMapFromFile() error {
 	}
 
 	filename := r.provider + "-podvm-image-cm.yaml"
-	yamlData, err := readConfigMapYAML(filename)
+	configMapYamlFile := filepath.Join(peerpodsImageJobsPathLocation, filename)
+	yamlData, err := readYamlFile(configMapYamlFile)
 	if err != nil {
 		return err
 	}

diff --git a/controllers/mc_handler.go b/controllers/mc_handler.go
@@ -0,0 +1,195 @@
+package controllers
+
+/*
+This code handles the installation of Kata artifacts using an RHCOS extension or image and deploying it
+via MachineConfig
+*/
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	ignTypes "github.com/coreos/ignition/v2/config/v3_2/types"
+	mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
+	"github.com/openshift/sandboxed-containers-operator/internal/featuregates"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+const (
+	extension_mc_name = "50-enable-sandboxed-containers-extension"
+	image_mc_name     = "50-enable-sandboxed-containers-image"
+)
+
+type DeploymentState struct {
+	PreviousMethod string
+	PreviousMcName string
+}
+
+// If the first return value is 'true' it means that the MC was just created
+// by this call, 'false' means that it's already existed.  As usual, the first
+// return value is only valid if the second one is nil.
+func (r *KataConfigOpenShiftReconciler) createMc(machinePool string) (bool, error) {
+
+	// In case we're returning an error we want to make it explicit that
+	// the first return value is "not care".  Unfortunately golang seems
+	// to lack syntax for creating an expression with default bool value
+	// hence this work-around.
+	var dummy bool
+
+	/* Create Machine Config object to deploy sandboxed containers artifacts */
+	mcName := extension_mc_name
+	if r.FeatureGatesStatus[featuregates.LayeredImageDeployment] {
+		mcName = image_mc_name
+	}
+
+	r.Log.Info("Checking if MachineConfig exists", "mc.Name", mcName)
+	mc := &mcfgv1.MachineConfig{}
+	err := r.Client.Get(context.TODO(), types.NamespacedName{Name: mcName}, mc)
+	if err != nil && (k8serrors.IsNotFound(err) || k8serrors.IsGone(err)) {
+		r.Log.Info("creating new MachineConfig")
+		mc, err = r.newMCForCR(machinePool)
+		if err != nil {
+			return dummy, err
+		}
+
+		err = r.Client.Create(context.TODO(), mc)
+		if err != nil {
+			r.Log.Error(err, "Failed to create a new MachineConfig ", "mc.Name", mc.Name)
+			return dummy, err
+		}
+		r.Log.Info("MachineConfig successfully created", "mc.Name", mc.Name)
+		return true, nil
+	} else if err != nil {
+		r.Log.Info("failed to retrieve MachineConfig", "err", err)
+		return dummy, err
+	} else {
+		r.Log.Info("MachineConfig already exists")
+		return false, nil
+	}
+}
+
+// Create a new MachineConfig object for the Custom Resource
+func (r *KataConfigOpenShiftReconciler) newMCForCR(machinePool string) (*mcfgv1.MachineConfig, error) {
+	r.Log.Info("Creating MachineConfig for Custom Resource")
+
+	ic := ignTypes.Config{
+		Ignition: ignTypes.Ignition{
+			Version: "3.2.0",
+		},
+	}
+
+	icb, err := json.Marshal(ic)
+	if err != nil {
+		return nil, err
+	}
+
+	if r.FeatureGatesStatus[featuregates.LayeredImageDeployment] {
+		r.Log.Info("Creating MachineConfig for Custom Resource with image")
+		return r.newImageMCForCR(machinePool, icb)
+	} else {
+		r.Log.Info("Creating MachineConfig for Custom Resource with extension")
+		return r.newExtensionMCForCR(machinePool, icb)
+	}
+
+}
+
+// Create a new MachineConfig object for the Custom Resource with the extension
+func (r *KataConfigOpenShiftReconciler) newExtensionMCForCR(machinePool string, icb []byte) (*mcfgv1.MachineConfig, error) {
+	extension := getExtensionName()
+
+	mc := mcfgv1.MachineConfig{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "machineconfiguration.openshift.io/v1",
+			Kind:       "MachineConfig",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: extension_mc_name,
+			Labels: map[string]string{
+				"machineconfiguration.openshift.io/role": machinePool,
+				"app":                                    r.kataConfig.Name,
+			},
+			Namespace: OperatorNamespace,
+		},
+		Spec: mcfgv1.MachineConfigSpec{
+			Extensions: []string{extension},
+			Config: runtime.RawExtension{
+				Raw: icb,
+			},
+		},
+	}
+
+	return &mc, nil
+}
+
+// Create a new MachineConfig object for the Custom Resource with the image
+func (r *KataConfigOpenShiftReconciler) newImageMCForCR(machinePool string, icb []byte) (*mcfgv1.MachineConfig, error) {
+
+	// Get the LayeredImageDeployment feature gate parameters
+	imageParams := r.FeatureGates.GetFeatureGateParams(context.TODO(), featuregates.LayeredImageDeployment)
+	// Ensure at least osImageURL is set
+	if _, ok := imageParams["osImageURL"]; !ok {
+		return nil, fmt.Errorf("osImageURL not set in feature gate %s", featuregates.LayeredImageDeployment)
+	}
+
+	mc := mcfgv1.MachineConfig{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "machineconfiguration.openshift.io/v1",
+			Kind:       "MachineConfig",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: image_mc_name,
+			Labels: map[string]string{
+				"machineconfiguration.openshift.io/role": machinePool,
+				"app":                                    r.kataConfig.Name,
+			},
+			Namespace: OperatorNamespace,
+		},
+		Spec: mcfgv1.MachineConfigSpec{
+			OSImageURL: imageParams["osImageURL"],
+			Config: runtime.RawExtension{
+				Raw: icb,
+			},
+		},
+	}
+
+	if kernelArguments, ok := imageParams["kernelArguments"]; ok {
+		// Parse the kernel arguments and set them in the MachineConfig
+		// Note that in the configmap the kernel arguments are stored as a single string
+		// eg. "a=b c=d ..." and we need to split them into individual arguments
+		// eg ["a=b", "c=d", ...]
+		// Split the kernel arguments string into individual arguments
+		mc.Spec.KernelArguments = strings.Fields(kernelArguments)
+	}
+
+	return &mc, nil
+}
+
+// Delete the MachineConfig object
+func (r *KataConfigOpenShiftReconciler) deleteMc(mcName string) error {
+	r.Log.Info("Deleting MachineConfig", "mc.Name", mcName)
+	mc := &mcfgv1.MachineConfig{}
+	err := r.Client.Get(context.TODO(), types.NamespacedName{Name: mcName}, mc)
+	if err != nil {
+		if k8serrors.IsNotFound(err) || k8serrors.IsGone(err) {
+			r.Log.Info("MachineConfig not found. Most likely it was already deleted.")
+			return nil
+		}
+		r.Log.Info("failed to retrieve MachineConfig", "err", err)
+		return err
+	}
+
+	r.Log.Info("deleting MachineConfig")
+	err = r.Client.Delete(context.TODO(), mc)
+	if err != nil {
+		r.Log.Error(err, "Failed to delete MachineConfig")
+		return err
+	}
+
+	r.Log.Info("MachineConfig successfully deleted")
+	return nil
+}