prepare manifests for publishing to operator hub

.gitignore

@@ -42,3 +42,5 @@ example/
 
 # OS files
 **/.DS_Store
+/oc-operator/node_modules/
+/oc-operator/tf-controller/*/

Makefile

@@ -192,3 +192,4 @@ release-manifests:
 	kustomize build ./config/crd > ./config/release/tf-controller.crds.yaml
 	kustomize build ./config/rbac > ./config/release/tf-controller.rbac.yaml
 	kustomize build ./config/manager > ./config/release/tf-controller.deployment.yaml
+	(cd ./config/release && yq e . tf-controller.crds.yaml tf-controller.deployment.yaml tf-controller.rbac.yaml > tf-controller.all.yaml)

oc-operator/Dockerfile.opm

@@ -0,0 +1,17 @@
+FROM alpine:3.12
+
+WORKDIR /opt
+RUN wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.6.tgz
+RUN tar xf docker-20.10.6.tgz
+
+RUN wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.6.28/opm-linux-4.6.28.tar.gz
+RUN tar xf opm-linux-4.6.28.tar.gz
+
+FROM centos:8
+
+WORKDIR /opt
+
+COPY --from=0 /opt/docker/docker /usr/bin/
+COPY --from=0 /opt/opm /opt/
+
+ENTRYPOINT ["/opt/opm"]

oc-operator/Makefile

@@ -0,0 +1,11 @@
+release:
+	./release.js
+	operator-sdk bundle validate --select-optional name=operatorhub --verbose "tf-controller/$$(yq e '.images[0].newTag | sub("v","")' ../config/manager/kustomization.yaml)"
+
+opm-index: release
+	./opm-index.sh
+	yq e -i ".spec.startingCSV=\"tf-controller.v$$(yq e '.images[0].newTag | sub("v","")' ../config/manager/kustomization.yaml)\"" \
+	test/004-operator-subscription.yaml
+
+test: opm-index
+	bash -x ./test.sh

oc-operator/bundle.Dockerfile

@@ -0,0 +1,16 @@
+# ref: https://redhat-connect.gitbook.io/certified-operator-guide/ocp-deployment/operator-metadata/bundle-directory
+FROM scratch
+
+LABEL operators.operatorframework.io.bundle.channel.default.v1=stable
+LABEL operators.operatorframework.io.bundle.channels.v1=stable
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=tf-controller
+
+LABEL com.redhat.openshift.versions="v4.6-v4.9"
+LABEL com.redhat.delivery.operator.bundle=true
+LABEL com.redhat.delivery.backport=true
+
+COPY manifests /manifests/
+COPY metadata /metadata/

oc-operator/opm-index.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VERSION=$(yq e '.images[0].newTag | sub("v","")' ../config/manager/kustomization.yaml)
+
+list=""
+for i in $(ls -d tf-controller/${VERSION}/ | xargs -I{} basename {}); do
+  # docker build and push individual bundles
+  docker build -t quay.io/openshift-fluxv2-poc/tf-controller-catalog:bundle-v"${i}" -f bundle.Dockerfile tf-controller/"${i}"
+  docker push quay.io/openshift-fluxv2-poc/tf-controller-catalog:bundle-v"${i}"
+  list="$list,quay.io/openshift-fluxv2-poc/tf-controller-catalog:bundle-v$i"
+done
+
+docker build -t opm -f Dockerfile.opm .
+
+list=${list:1} # remove first comma
+docker run --rm -it \
+  --privileged \
+  -v /var/lib/docker:/var/lib/docker \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  opm:latest index add \
+  --container-tool docker \
+  --bundles "$list" \
+  --tag quay.io/openshift-fluxv2-poc/tf-controller-index:latest
+
+# push index
+docker push quay.io/openshift-fluxv2-poc/tf-controller-index:latest

oc-operator/package.json

@@ -0,0 +1,8 @@
+{
+  "name": "oc-operator",
+  "version": "1.0.0",
+  "dependencies": {
+    "glob": "^7.1.6",
+    "yaml": "^1.10.0"
+  }
+}

oc-operator/release.js

@@ -0,0 +1,126 @@
+#!/usr/bin/env node
+
+const YAML = require("yaml")
+const fs = require("fs")
+const glob = require("glob")
+const { exit } = require("process")
+
+// read manifest file passed as argument
+const version = "0.9.0-rc.3"
+const file = fs.readFileSync("../config/release/tf-controller.all.yaml", "utf8")
+const documents = YAML.parseAllDocuments(file)
+
+// containerImage for CSV
+const CONTROLLER_IMAGE = "ghcr.io/weaveworks/tf-controller:v" + version
+
+const kindMap = {
+  Role: "role",
+  RoleBinding: "rolebinding",
+  ClusterRoleBinding: "clusterrolebinding",
+  Deployment: "deployment",
+  CustomResourceDefinition: "crd",
+  Service: "service",
+  ClusterRole: "clusterrole",
+  ServiceAccount: "serviceaccount",
+}
+
+// setup directory for new version
+const packagePath = "./tf-controller"
+const newVersionDir = `${packagePath}/${version}/`
+
+if (!fs.existsSync(newVersionDir)) {
+  fs.mkdirSync(newVersionDir)
+}
+const manifestsDir = `${newVersionDir}/manifests`
+if (!fs.existsSync(manifestsDir)) {
+  fs.mkdirSync(manifestsDir)
+}
+const metadataDir = `${newVersionDir}/metadata`
+if (!fs.existsSync(metadataDir)) {
+  fs.mkdirSync(metadataDir)
+}
+
+// update annotations
+const annotations = YAML.parse(
+  fs.readFileSync("./templates/annotations.yaml", "utf-8")
+)
+fs.writeFileSync(`${metadataDir}/annotations.yaml`, YAML.stringify(annotations))
+const csv = YAML.parse(
+  fs.readFileSync("./templates/clusterserviceversion.yaml", "utf-8")
+)
+
+const deployments = []
+const crds = []
+documents
+  .filter((d) => d.contents)
+  .map((d) => YAML.parse(String(d)))
+  .filter((o) => o.kind !== "NetworkPolicy" && o.kind !== "Namespace") // not supported by operator-sdk
+  .map((o) => {
+    delete o.metadata.namespace
+    switch (o.kind) {
+      case "Role":
+      case "RoleBinding":
+      case "ClusterRoleBinding":
+      case "ClusterRole":
+      case "SecurityContextConstraints":
+      case "Service":
+        const filename = `${o.metadata.name}.${kindMap[o.kind]}.yaml`
+        fs.writeFileSync(`${manifestsDir}/${filename}`, YAML.stringify(o))
+        break
+      case "Deployment":
+        let deployment = {
+          name: o.metadata.name,
+          label: o.metadata.labels,
+          spec: o.spec,
+        }
+        if (o.spec.template.spec.containers[0].env[1].name === "RUNNER_POD_IMAGE") {
+          o.spec.template.spec.containers[0].env[1].value = "ghcr.io/weaveworks/tf-runner:v" + version
+        }
+        deployments.push(deployment)
+        break
+      case "CustomResourceDefinition":
+        crds.push(o)
+        const crdFileName = `${o.spec.names.singular}.${kindMap[o.kind]}.yaml`
+        fs.writeFileSync(`${manifestsDir}/${crdFileName}`, YAML.stringify(o))
+        break
+      case "ServiceAccount":
+        // CK: removed ServiceAccount because it's recently broke the Kiwi test
+        // if(o.metadata.name === "tf-runner") {
+        //  const filename = `${o.metadata.name}.${kindMap[o.kind]}.yaml`
+        //  fs.writeFileSync(`${manifestsDir}/${filename}`, YAML.stringify(o))
+        // }
+        break
+      default:
+        console.warn(
+          "UNSUPPORTED KIND - you must explicitly ignore it or handle it",
+          o.kind,
+          o.metadata.name
+        )
+        process.exit(1)
+        break
+    }
+  })
+
+// Update ClusterServiceVersion
+csv.spec.install.spec.deployments = deployments
+csv.metadata.name = `tf-controller.v${version}`
+csv.metadata.annotations.containerImage = CONTROLLER_IMAGE
+csv.spec.version = version
+csv.spec.minKubeVersion = "1.19.0"
+csv.spec.maturity = "stable"
+csv.spec.customresourcedefinitions.owned = []
+
+crds.forEach((crd) => {
+  crd.spec.versions.forEach((v) => {
+    csv.spec.customresourcedefinitions.owned.push({
+      name: crd.metadata.name,
+      displayName: crd.spec.names.kind,
+      kind: crd.spec.names.kind,
+      version: v.name,
+      description: crd.spec.names.kind,
+    })
+  })
+})
+
+const csvFileName = `tf-controller.v${version}.clusterserviceversion.yaml`
+fs.writeFileSync(`${manifestsDir}/${csvFileName}`, YAML.stringify(csv))

oc-operator/templates/annotations.yaml

@@ -0,0 +1,7 @@
+annotations:
+  operators.operatorframework.io.bundle.channel.default.v1: stable
+  operators.operatorframework.io.bundle.channels.v1: stable
+  operators.operatorframework.io.bundle.manifests.v1: manifests/
+  operators.operatorframework.io.bundle.mediatype.v1: registry+v1
+  operators.operatorframework.io.bundle.metadata.v1: metadata/
+  operators.operatorframework.io.bundle.package.v1: tf-controller

oc-operator/test/001-flux-system-ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-system

oc-operator/test/002-flux-system-og.yaml

@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1alpha2
+kind: OperatorGroup
+metadata:
+  name: flux-system-group
+  namespace: flux-system
+spec:
+  targetNamespaces:
+    - flux-system

oc-operator/test/003-catalog-source.yaml

@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: custom-tf-controller
+  namespace: flux-system
+spec:
+  displayName: custom-tf-controller
+  description: custom-tf-controller
+  publisher: custom-tf-controller
+  sourceType: grpc
+  image: quay.io/openshift-fluxv2-poc/tf-controller-index:latest
+  updateStrategy:
+    registryPoll:
+      interval: 1m

oc-operator/test/004-operator-subscription.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: tf-controller-subscription
+  namespace: flux-system
+spec:
+  channel: stable
+  name: tf-controller
+  startingCSV: tf-controller.v0.9.0-rc.3
+  source: custom-tf-controller
+  sourceNamespace: flux-system

oc-operator/tf-controller/ci.yaml

@@ -0,0 +1,8 @@
+---
+# Use `replaces-mode` or `semver-mode`. Once you switch to `semver-mode`, there is no easy way back.
+updateGraph: semver-mode
+addReviewers: true
+
+# A list of reviewers to be added to pull requests (GitHub user name)
+reviewers:
+  - chanwit