From a47abed649db25992765743b88123a3ba5189355 Mon Sep 17 00:00:00 2001
From: Dharaneeshwaran Ravichandran
Date: Mon, 13 Jun 2022 18:41:25 +0530
Subject: [PATCH] Add PowerVS Ingress Operator Changes
---
api/fixtures/example.go | 3 ++
api/fixtures/example_ibmcloud_powervs.go | 5 +++
api/v1alpha1/hostedcluster_types.go | 13 +++++++
api/v1alpha1/zz_generated.deepcopy.go | 1 +
cmd/cluster/powervs/create.go | 1 +
...ypershift.openshift.io_hostedclusters.yaml | 18 ++++++++++
...hift.openshift.io_hostedcontrolplanes.yaml | 18 ++++++++++
.../controllers/resources/resources.go | 31 ++++++++++++++++
docs/content/reference/api.md | 26 ++++++++++++++
hack/app-sre/saas_template.yaml | 36 +++++++++++++++++++
.../internal/platform/powervs/powervs.go | 36 +++++++++++++++++++
support/globalconfig/infrastructure.go | 5 +--
12 files changed, 191 insertions(+), 2 deletions(-)
diff --git a/api/fixtures/example.go b/api/fixtures/example.go
index ca0cda1a70..1f8cbb1e07 100644
--- a/api/fixtures/example.go
+++ b/api/fixtures/example.go
@@ -438,6 +438,7 @@ web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
buildIBMCloudCreds(o.Name+"-cloud-ctrl-creds", o.PowerVS.ApiKey),
buildIBMCloudCreds(o.Name+"-node-mgmt-creds", o.PowerVS.ApiKey),
buildIBMCloudCreds(o.Name+"-cpo-creds", o.PowerVS.ApiKey),
+ buildIBMCloudCreds(o.Name+"-ingress-creds", o.PowerVS.ApiKey),
}
resources = powerVSResources.AsObjects()
platformSpec = hyperv1.PlatformSpec{
@@ -447,6 +448,7 @@ web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
ResourceGroup: o.PowerVS.ResourceGroup,
Region: o.PowerVS.Region,
Zone: o.PowerVS.Zone,
+ CISInstanceCRN: o.PowerVS.CISInstanceCRN,
ServiceInstanceID: o.PowerVS.CloudInstanceID,
Subnet: &hyperv1.PowerVSResourceReference{
Name: &o.PowerVS.Subnet,
@@ -460,6 +462,7 @@ web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token
KubeCloudControllerCreds: corev1.LocalObjectReference{Name: powerVSResources.KubeCloudControllerCreds.Name},
NodePoolManagementCreds: corev1.LocalObjectReference{Name: powerVSResources.NodePoolManagementCreds.Name},
ControlPlaneOperatorCreds: corev1.LocalObjectReference{Name: powerVSResources.ControlPlaneOperatorCreds.Name},
+ IngressOperatorCloudCreds: corev1.LocalObjectReference{Name: powerVSResources.IngressOperatorCloudCreds.Name},
},
}
services = getIngressServicePublishingStrategyMapping(o.NetworkType)
diff --git a/api/fixtures/example_ibmcloud_powervs.go b/api/fixtures/example_ibmcloud_powervs.go
index 2694d41450..9f8aa49180 100644
--- a/api/fixtures/example_ibmcloud_powervs.go
+++ b/api/fixtures/example_ibmcloud_powervs.go
@@ -11,6 +11,7 @@ type ExamplePowerVSOptions struct {
ResourceGroup string
Region string
Zone string
+ CISInstanceCRN string
CloudInstanceID string
Subnet string
SubnetID string
@@ -30,6 +31,7 @@ type ExamplePowerVSResources struct {
KubeCloudControllerCreds *corev1.Secret
NodePoolManagementCreds *corev1.Secret
ControlPlaneOperatorCreds *corev1.Secret
+ IngressOperatorCloudCreds *corev1.Secret
}
func (o *ExamplePowerVSResources) AsObjects() []crclient.Object {
@@ -43,5 +45,8 @@ func (o *ExamplePowerVSResources) AsObjects() []crclient.Object {
if o.ControlPlaneOperatorCreds != nil {
objects = append(objects, o.ControlPlaneOperatorCreds)
}
+ if o.IngressOperatorCloudCreds != nil {
+ objects = append(objects, o.IngressOperatorCloudCreds)
+ }
return objects
}
diff --git a/api/v1alpha1/hostedcluster_types.go b/api/v1alpha1/hostedcluster_types.go
index 5f6585c365..349e91655f 100644
--- a/api/v1alpha1/hostedcluster_types.go
+++ b/api/v1alpha1/hostedcluster_types.go
@@ -590,6 +590,13 @@ type PowerVSPlatformSpec struct {
// +immutable
AccountID string `json:"accountID"`
+ // CISInstanceCRN is the IBMCloud CIS Service Instance's Cloud Resource Name
+ // This field is immutable. Once set, It can't be changed.
+ //
+ // +kubebuilder:validation:Pattern=`^crn:`
+ // +immutable
+ CISInstanceCRN string `json:"cisInstanceCRN"`
+
// ResourceGroup is the IBMCloud Resource Group in which the cluster resides.
// This field is immutable. Once set, It can't be changed.
//
@@ -663,6 +670,12 @@ type PowerVSPlatformSpec struct {
//
// +immutable
ControlPlaneOperatorCreds corev1.LocalObjectReference `json:"controlPlaneOperatorCreds"`
+
+ // IngressOperatorCloudCreds is a reference to a secret containing ibm cloud
+ // credentials for ingress operator to get authenticated with ibm cloud.
+ //
+ // +immutable
+ IngressOperatorCloudCreds corev1.LocalObjectReference `json:"ingressOperatorCloudCreds"`
}
// PowerVSVPC specifies IBM Cloud PowerVS LoadBalancer configuration for the control
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 8a9b53c984..06c97a30b1 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -1777,6 +1777,7 @@ func (in *PowerVSPlatformSpec) DeepCopyInto(out *PowerVSPlatformSpec) {
out.KubeCloudControllerCreds = in.KubeCloudControllerCreds
out.NodePoolManagementCreds = in.NodePoolManagementCreds
out.ControlPlaneOperatorCreds = in.ControlPlaneOperatorCreds
+ out.IngressOperatorCloudCreds = in.IngressOperatorCloudCreds
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PowerVSPlatformSpec.
diff --git a/cmd/cluster/powervs/create.go b/cmd/cluster/powervs/create.go
index 414981a2e6..08a3bf03d0 100644
--- a/cmd/cluster/powervs/create.go
+++ b/cmd/cluster/powervs/create.go
@@ -157,6 +157,7 @@ func applyPlatformSpecificsValues(ctx context.Context, exampleOptions *apifixtur
ResourceGroup: opts.PowerVSPlatform.ResourceGroup,
Region: opts.PowerVSPlatform.Region,
Zone: opts.PowerVSPlatform.Zone,
+ CISInstanceCRN: infra.CisCrn,
CloudInstanceID: infra.PowerVSCloudInstanceID,
Subnet: infra.PowerVSDhcpSubnet,
SubnetID: infra.PowerVSDhcpSubnetID,
diff --git a/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedclusters.yaml b/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedclusters.yaml
index f5fd43c9e0..25502788e7 100644
--- a/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedclusters.yaml
+++ b/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedclusters.yaml
@@ -2339,6 +2339,12 @@ spec:
description: AccountID is the IBMCloud account id. This field
is immutable. Once set, It can't be changed.
type: string
+ cisInstanceCRN:
+ description: CISInstanceCRN is the IBMCloud CIS Service Instance's
+ Cloud Resource Name This field is immutable. Once set, It
+ can't be changed.
+ pattern: '^crn:'
+ type: string
controlPlaneOperatorCreds:
description: "ControlPlaneOperatorCreds is a reference to
a secret containing cloud credentials with permissions matching
@@ -2351,6 +2357,16 @@ spec:
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ ingressOperatorCloudCreds:
+ description: IngressOperatorCloudCreds is a reference to a
+ secret containing ibm cloud credentials for ingress operator
+ to get authenticated with ibm cloud.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
kubeCloudControllerCreds:
description: "KubeCloudControllerCreds is a reference to a
secret containing cloud credentials with permissions matching
@@ -2446,7 +2462,9 @@ spec:
type: string
required:
- accountID
+ - cisInstanceCRN
- controlPlaneOperatorCreds
+ - ingressOperatorCloudCreds
- kubeCloudControllerCreds
- nodePoolManagementCreds
- region
diff --git a/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml b/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml
index 97c74af3c2..2a48c3d0d4 100644
--- a/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml
+++ b/cmd/install/assets/hypershift-operator/hypershift.openshift.io_hostedcontrolplanes.yaml
@@ -2247,6 +2247,12 @@ spec:
description: AccountID is the IBMCloud account id. This field
is immutable. Once set, It can't be changed.
type: string
+ cisInstanceCRN:
+ description: CISInstanceCRN is the IBMCloud CIS Service Instance's
+ Cloud Resource Name This field is immutable. Once set, It
+ can't be changed.
+ pattern: '^crn:'
+ type: string
controlPlaneOperatorCreds:
description: "ControlPlaneOperatorCreds is a reference to
a secret containing cloud credentials with permissions matching
@@ -2259,6 +2265,16 @@ spec:
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ ingressOperatorCloudCreds:
+ description: IngressOperatorCloudCreds is a reference to a
+ secret containing ibm cloud credentials for ingress operator
+ to get authenticated with ibm cloud.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
kubeCloudControllerCreds:
description: "KubeCloudControllerCreds is a reference to a
secret containing cloud credentials with permissions matching
@@ -2354,7 +2370,9 @@ spec:
type: string
required:
- accountID
+ - cisInstanceCRN
- controlPlaneOperatorCreds
+ - ingressOperatorCloudCreds
- kubeCloudControllerCreds
- nodePoolManagementCreds
- region
diff --git a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
index 2030a33aa4..1d0e091bf2 100644
--- a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
+++ b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go
@@ -876,6 +876,37 @@ func (r *reconciler) reconcileCloudCredentialSecrets(ctx context.Context, hcp *h
}); err != nil {
errs = append(errs, fmt.Errorf("failed to reconcile csi driver secret: %w", err))
}
+ case hyperv1.PowerVSPlatform:
+ var ingressCredentials corev1.Secret
+ err := r.cpClient.Get(ctx, client.ObjectKey{Namespace: hcp.Namespace, Name: hcp.Spec.Platform.PowerVS.IngressOperatorCloudCreds.Name}, &ingressCredentials)
+ if err != nil {
+ errs = append(errs, fmt.Errorf("failed to get ingress operator cloud credentials secret %s from hcp namespace : %w", hcp.Spec.Platform.PowerVS.IngressOperatorCloudCreds.Name, err))
+ return errs
+ }
+
+ cloudCredentials := &corev1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: "openshift-ingress-operator",
+ Name: "cloud-credentials",
+ },
+ }
+
+ _, err = r.CreateOrUpdate(ctx, r.client, cloudCredentials, func() error {
+ credData, credHasData := ingressCredentials.Data["ibmcloud_api_key"]
+ if !credHasData {
+ return fmt.Errorf("ingress cloud credentials secret %q is missing credentials key", ingressCredentials.Name)
+ }
+ cloudCredentials.Type = corev1.SecretTypeOpaque
+ if cloudCredentials.Data == nil {
+ cloudCredentials.Data = map[string][]byte{}
+ }
+ cloudCredentials.Data["ibmcloud_api_key"] = credData
+ return nil
+ })
+
+ if err != nil {
+ errs = append(errs, fmt.Errorf("failed to reconcile powervs cloud credentials secret %w", err))
+ }
}
return errs
}
diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md
index e70c57ca27..98f4e8d8b6 100644
--- a/docs/content/reference/api.md
+++ b/docs/content/reference/api.md
@@ -5467,6 +5467,18 @@ This field is immutable. Once set, It can’t be changed.
+cisInstanceCRN
+
+string
+
+ |
+
+ CISInstanceCRN is the IBMCloud CIS Service Instance’s Cloud Resource Name
+This field is immutable. Once set, It can’t be changed.
+ |
+
+
+
resourceGroup
string
@@ -5598,6 +5610,20 @@ This field is immutable. Once set, It can’t be changed.
TODO(dan): document the “control plane operator policy”
|
+
+
+ingressOperatorCloudCreds
+
+
+Kubernetes core/v1.LocalObjectReference
+
+
+ |
+
+ IngressOperatorCloudCreds is a reference to a secret containing ibm cloud
+credentials for ingress operator to get authenticated with ibm cloud.
+ |
+
###PowerVSResourceReference { #hypershift.openshift.io/v1alpha1.PowerVSResourceReference }
diff --git a/hack/app-sre/saas_template.yaml b/hack/app-sre/saas_template.yaml
index fb593338d9..a428f010dc 100644
--- a/hack/app-sre/saas_template.yaml
+++ b/hack/app-sre/saas_template.yaml
@@ -22335,6 +22335,12 @@ objects:
description: AccountID is the IBMCloud account id. This
field is immutable. Once set, It can't be changed.
type: string
+ cisInstanceCRN:
+ description: CISInstanceCRN is the IBMCloud CIS Service
+ Instance's Cloud Resource Name This field is immutable.
+ Once set, It can't be changed.
+ pattern: '^crn:'
+ type: string
controlPlaneOperatorCreds:
description: "ControlPlaneOperatorCreds is a reference to
a secret containing cloud credentials with permissions
@@ -22347,6 +22353,16 @@ objects:
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ ingressOperatorCloudCreds:
+ description: IngressOperatorCloudCreds is a reference to
+ a secret containing ibm cloud credentials for ingress
+ operator to get authenticated with ibm cloud.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
kubeCloudControllerCreds:
description: "KubeCloudControllerCreds is a reference to
a secret containing cloud credentials with permissions
@@ -22442,7 +22458,9 @@ objects:
type: string
required:
- accountID
+ - cisInstanceCRN
- controlPlaneOperatorCreds
+ - ingressOperatorCloudCreds
- kubeCloudControllerCreds
- nodePoolManagementCreds
- region
@@ -25316,6 +25334,12 @@ objects:
description: AccountID is the IBMCloud account id. This
field is immutable. Once set, It can't be changed.
type: string
+ cisInstanceCRN:
+ description: CISInstanceCRN is the IBMCloud CIS Service
+ Instance's Cloud Resource Name This field is immutable.
+ Once set, It can't be changed.
+ pattern: '^crn:'
+ type: string
controlPlaneOperatorCreds:
description: "ControlPlaneOperatorCreds is a reference to
a secret containing cloud credentials with permissions
@@ -25328,6 +25352,16 @@ objects:
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ ingressOperatorCloudCreds:
+ description: IngressOperatorCloudCreds is a reference to
+ a secret containing ibm cloud credentials for ingress
+ operator to get authenticated with ibm cloud.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
kubeCloudControllerCreds:
description: "KubeCloudControllerCreds is a reference to
a secret containing cloud credentials with permissions
@@ -25423,7 +25457,9 @@ objects:
type: string
required:
- accountID
+ - cisInstanceCRN
- controlPlaneOperatorCreds
+ - ingressOperatorCloudCreds
- kubeCloudControllerCreds
- nodePoolManagementCreds
- region
diff --git a/hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go b/hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
index e7e6e529ee..57087623d4 100644
--- a/hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
+++ b/hypershift-operator/controllers/hostedcluster/internal/platform/powervs/powervs.go
@@ -262,6 +262,42 @@ func (p PowerVS) ReconcileCredentials(ctx context.Context, c client.Client, crea
if err != nil {
return fmt.Errorf("failed to reconcile control plane operator provider creds: %w", err)
}
+
+ // Reconcile the platform provider ingress operator credentials secret by
+ // resolving the reference from the HostedCluster and syncing the secret in
+ // the control plane namespace.
+ err = c.Get(ctx, client.ObjectKey{Namespace: hcluster.GetNamespace(), Name: hcluster.Spec.Platform.PowerVS.IngressOperatorCloudCreds.Name}, &src)
+ if err != nil {
+ return fmt.Errorf("failed to get ingress operator provider creds %s: %w", hcluster.Spec.Platform.PowerVS.IngressOperatorCloudCreds.Name, err)
+ }
+ dest = &corev1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: controlPlaneNamespace,
+ Name: src.Name,
+ },
+ }
+ _, err = createOrUpdate(ctx, c, dest, func() error {
+ apiKeySrcData, apiKeySrcHasData := src.Data["ibmcloud_api_key"]
+ if !apiKeySrcHasData {
+ return fmt.Errorf("hostedcluster ingress operator credentials secret %q must have a credentials key ibmcloud_api_key", src.Name)
+ }
+ dest.Type = corev1.SecretTypeOpaque
+ if dest.Data == nil {
+ dest.Data = map[string][]byte{}
+ }
+ dest.Data["ibmcloud_api_key"] = apiKeySrcData
+
+ envSrcData, envSrcHasData := src.Data["ibm-credentials.env"]
+ if !envSrcHasData {
+ return fmt.Errorf("hostedcluster ingress operator credentials secret %q must have a credentials key ibm-credentials.env", src.Name)
+ }
+ dest.Data["ibm-credentials.env"] = envSrcData
+
+ return nil
+ })
+ if err != nil {
+ return fmt.Errorf("failed to reconcile ingress operator provider creds: %w", err)
+ }
return nil
}
diff --git a/support/globalconfig/infrastructure.go b/support/globalconfig/infrastructure.go
index b6b31541cd..3052690507 100644
--- a/support/globalconfig/infrastructure.go
+++ b/support/globalconfig/infrastructure.go
@@ -71,8 +71,9 @@ func ReconcileInfrastructure(infra *configv1.Infrastructure, hcp *hyperv1.Hosted
}
case hyperv1.PowerVSPlatform:
infra.Status.PlatformStatus.PowerVS = &configv1.PowerVSPlatformStatus{
- Region: hcp.Spec.Platform.PowerVS.Region,
- Zone: hcp.Spec.Platform.PowerVS.Zone,
+ Region: hcp.Spec.Platform.PowerVS.Region,
+ Zone: hcp.Spec.Platform.PowerVS.Zone,
+ CISInstanceCRN: hcp.Spec.Platform.PowerVS.CISInstanceCRN,
}
}
}