Support IDMS for disconnected automation

This change adds support for IDMS in addition to ICSP when determining
whether the OCP cluster is in a disconnected state.

Signed-off-by: Brendan Shephard <bshephar@bne-home.net>

Author: bshephar

bindata/rbac/rbac.yaml

@@ -241,6 +241,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - imagedigestmirrorsets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - config.openshift.io
   resources:

config/operator/manager_operator_images.yaml

@@ -13,45 +13,3 @@ spec:
       containers:
       - name: operator
         env:
-        - name: RELATED_IMAGE_BARBICAN_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/barbican-operator@sha256:eb79dda1a866cacc9d7421ec78799b7275442c4791d97b8c4f34e1a244adda8b
-        - name: RELATED_IMAGE_CINDER_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/cinder-operator@sha256:af0ea6b60d705ac1fbf84b5c9f675ba7545e34295526e6cabd719df0996ecadd
-        - name: RELATED_IMAGE_DESIGNATE_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/designate-operator@sha256:8d2b27869aefa2ad1ffd20b2f5005c42e4094b2935db61e4c05815997da67125
-        - name: RELATED_IMAGE_GLANCE_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/glance-operator@sha256:a25ff180acd90566cff1e5af86fe52dba649476b3f4e1fb7f8b45396cf8651c9
-        - name: RELATED_IMAGE_HEAT_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/heat-operator@sha256:416387ff4062fc5142e4073fc951c153a2179d70b2361c5ae5fcda87220a0717
-        - name: RELATED_IMAGE_HORIZON_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/horizon-operator@sha256:295faa06074ef530e0482896f593336de9fb5a222e5e8ebdf0ebbf157412febc
-        - name: RELATED_IMAGE_INFRA_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/infra-operator@sha256:a91ff27aad73cb3d6c4e4efd0c109359b24234cf67d287fca62ea3579dc0c976
-        - name: RELATED_IMAGE_IRONIC_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/ironic-operator@sha256:5d79cd225aad4dd90857453c05af7f9a0883372d33e3fadc293f963d664eac1d
-        - name: RELATED_IMAGE_KEYSTONE_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/keystone-operator@sha256:67ebbc377d0e3c4bbba350a6f5af69c96eec6504daedd0270626ba0ce2043c0c
-        - name: RELATED_IMAGE_MANILA_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/manila-operator@sha256:597510f495b3969dc78bd584d788e30dc02a251875164f7a1e0428cd2a8622a2
-        - name: RELATED_IMAGE_MARIADB_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/mariadb-operator@sha256:bd9bafbc04f0a671f102f61e3f41f56bc8561e7bddbd7b3c0e71dce6cd002122
-        - name: RELATED_IMAGE_NEUTRON_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/neutron-operator@sha256:93c2078e50130d79bbeccd8aef2329f22bdaa135912b608649a9ce1acdc7ab9f
-        - name: RELATED_IMAGE_NOVA_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/nova-operator@sha256:ef0823f3503ee8b920e2e4d382db11df9af159409afbfbcccf8d007d6ec81698
-        - name: RELATED_IMAGE_OCTAVIA_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/octavia-operator@sha256:f0516edc774e4b5040d6afc6431775bc2ac0fff5341fca0449b1023370457d67
-        - name: RELATED_IMAGE_OPENSTACK_BAREMETAL_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:2955aa1e2363d28c149ed256d77b5ca0453ecad2bdb36ba19748f8e688cb1312
-        - name: RELATED_IMAGE_OVN_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/ovn-operator@sha256:0b69ca4e3f621d95fc0c27881f4180afa7cc2719066895f47344a6f16fe124e1
-        - name: RELATED_IMAGE_PLACEMENT_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/placement-operator@sha256:1a5af92b7cb62a6be8e215948d30eb47773e42f5e79f1716b22f532bfd03507d
-        - name: RELATED_IMAGE_RABBITMQ_CLUSTER_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/rabbitmq-cluster-operator@sha256:225524223bf2a7f3a4ce95958fc9ca6fdab02745fb70374e8ff5bf1ddaceda4b
-        - name: RELATED_IMAGE_SWIFT_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/swift-operator@sha256:6ae4bfbb80797e43c7325c62632b1eff37f8aac91ef874fecb7ce184474805d9
-        - name: RELATED_IMAGE_TELEMETRY_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/telemetry-operator@sha256:a51b9277b9cf25e2d322cc8f061889adc2108a10e4e15c989a1b9e9ceb89be5d
-        - name: RELATED_IMAGE_TEST_OPERATOR_MANAGER_IMAGE_URL
-          value: quay.io/openstack-k8s-operators/test-operator@sha256:f31430b5bb611f00bfa356f3aa98648a78acbcde0f34cefc3eb7cb46cbcd104a

config/rbac/role.yaml

@@ -198,6 +198,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - imagedigestmirrorsets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - config.openshift.io
   resources:

controllers/dataplane/openstackdataplanenodeset_controller.go

@@ -125,6 +125,7 @@ func (r *OpenStackDataPlaneNodeSetReconciler) GetLogger(ctx context.Context) log
 
 // RBAC for ImageContentSourcePolicy and MachineConfig
 // +kubebuilder:rbac:groups="operator.openshift.io",resources=imagecontentsourcepolicies,verbs=get;list;watch
+// +kubebuilder:rbac:groups="config.openshift.io",resources=imagedigestmirrorsets,verbs=get;list;watch
 // +kubebuilder:rbac:groups="machineconfiguration.openshift.io",resources=machineconfigs,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to

docs/assemblies/proc_deploying-in-disconnected-environments.adoc

@@ -8,9 +8,9 @@ Deploying in disconnected environments can be achieved largely by following the
 == Technical Implementation
 The details provided in this section are for informational purposes only. Users should not need to interact with anything additional after completing the above mentioned OLM mirroring process.
 
-The `openstack-operator` contains a list of related images that will ensure all required images for the deployment are mirrored following the above OpenShift process. Once images are mirrored, the `ImageContentSourcePolicy` custom resource (CR) is created. This process results in a `MachineConfig` called `99-master-genereted-registries` being updated in the cluster. The `99-master-generated-registries` `MachineConfig` contains a `registries.conf` file that is applied to all of the OpenShift nodes in the cluster.
+The `openstack-operator` contains a list of related images that will ensure all required images for the deployment are mirrored following the above OpenShift process. Once images are mirrored, either an `ImageContentSourcePolicy` custom resource (CR), or a `ImageDigestMirrorSet` CR is created. This process results in a `MachineConfig` called `99-master-genereted-registries` being updated in the cluster. The `99-master-generated-registries` `MachineConfig` contains a `registries.conf` file that is applied to all of the OpenShift nodes in the cluster.
 
-In order for dataplane nodes to integrate cleanly with this process, openstack-operator checks for the existence of an `ImageContentSourcePolicy`. If one is found, it will read the `registries.conf` file from the `99-master-generated-registries` `MachineConfig`. The openstack-operator will then set two variables in the Ansible inventory for the nodes.
+In order for dataplane nodes to integrate cleanly with this process, openstack-operator checks for the existence of an `ImageContentSourcePolicy` or an `ImageDigestMirrorSet`. If one is found, it will read the `registries.conf` file from the `99-master-generated-registries` `MachineConfig`. The openstack-operator will then set two variables in the Ansible inventory for the nodes.
 
 [,yaml]
 ----

hack/export_operator_related_images.sh

@@ -1,23 +1,2 @@
 # NOTE: this file is automatically generated by hack/sync-bindata.sh!
 
-export RELATED_IMAGE_BARBICAN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/barbican-operator@sha256:eb79dda1a866cacc9d7421ec78799b7275442c4791d97b8c4f34e1a244adda8b
-export RELATED_IMAGE_CINDER_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/cinder-operator@sha256:af0ea6b60d705ac1fbf84b5c9f675ba7545e34295526e6cabd719df0996ecadd
-export RELATED_IMAGE_DESIGNATE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/designate-operator@sha256:8d2b27869aefa2ad1ffd20b2f5005c42e4094b2935db61e4c05815997da67125
-export RELATED_IMAGE_GLANCE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/glance-operator@sha256:a25ff180acd90566cff1e5af86fe52dba649476b3f4e1fb7f8b45396cf8651c9
-export RELATED_IMAGE_HEAT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/heat-operator@sha256:416387ff4062fc5142e4073fc951c153a2179d70b2361c5ae5fcda87220a0717
-export RELATED_IMAGE_HORIZON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/horizon-operator@sha256:295faa06074ef530e0482896f593336de9fb5a222e5e8ebdf0ebbf157412febc
-export RELATED_IMAGE_INFRA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/infra-operator@sha256:a91ff27aad73cb3d6c4e4efd0c109359b24234cf67d287fca62ea3579dc0c976
-export RELATED_IMAGE_IRONIC_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/ironic-operator@sha256:5d79cd225aad4dd90857453c05af7f9a0883372d33e3fadc293f963d664eac1d
-export RELATED_IMAGE_KEYSTONE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/keystone-operator@sha256:67ebbc377d0e3c4bbba350a6f5af69c96eec6504daedd0270626ba0ce2043c0c
-export RELATED_IMAGE_MANILA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/manila-operator@sha256:597510f495b3969dc78bd584d788e30dc02a251875164f7a1e0428cd2a8622a2
-export RELATED_IMAGE_MARIADB_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/mariadb-operator@sha256:bd9bafbc04f0a671f102f61e3f41f56bc8561e7bddbd7b3c0e71dce6cd002122
-export RELATED_IMAGE_NEUTRON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/neutron-operator@sha256:93c2078e50130d79bbeccd8aef2329f22bdaa135912b608649a9ce1acdc7ab9f
-export RELATED_IMAGE_NOVA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/nova-operator@sha256:ef0823f3503ee8b920e2e4d382db11df9af159409afbfbcccf8d007d6ec81698
-export RELATED_IMAGE_OCTAVIA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/octavia-operator@sha256:f0516edc774e4b5040d6afc6431775bc2ac0fff5341fca0449b1023370457d67
-export RELATED_IMAGE_OPENSTACK_BAREMETAL_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:2955aa1e2363d28c149ed256d77b5ca0453ecad2bdb36ba19748f8e688cb1312
-export RELATED_IMAGE_OVN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/ovn-operator@sha256:0b69ca4e3f621d95fc0c27881f4180afa7cc2719066895f47344a6f16fe124e1
-export RELATED_IMAGE_PLACEMENT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/placement-operator@sha256:1a5af92b7cb62a6be8e215948d30eb47773e42f5e79f1716b22f532bfd03507d
-export RELATED_IMAGE_RABBITMQ_CLUSTER_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/rabbitmq-cluster-operator@sha256:225524223bf2a7f3a4ce95958fc9ca6fdab02745fb70374e8ff5bf1ddaceda4b
-export RELATED_IMAGE_SWIFT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/swift-operator@sha256:6ae4bfbb80797e43c7325c62632b1eff37f8aac91ef874fecb7ce184474805d9
-export RELATED_IMAGE_TELEMETRY_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/telemetry-operator@sha256:a51b9277b9cf25e2d322cc8f061889adc2108a10e4e15c989a1b9e9ceb89be5d
-export RELATED_IMAGE_TEST_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/test-operator@sha256:f31430b5bb611f00bfa356f3aa98648a78acbcde0f34cefc3eb7cb46cbcd104a

pkg/dataplane/util/image_registry.go

@@ -7,8 +7,9 @@ import (
 	"fmt"
 	"strings"
 
+	ocpidms "github.com/openshift/api/config/v1"
 	mc "github.com/openshift/api/machineconfiguration/v1"
-	ocpimage "github.com/openshift/api/operator/v1alpha1"
+	ocpicsp "github.com/openshift/api/operator/v1alpha1"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -35,22 +36,29 @@ type machineConfigIgnition struct {
 	} `json:"storage"`
 }
 
-// IsDisconnectedOCP - Will retrieve a ImageContentSourcePolicyList. If the list is not
+// IsDisconnectedOCP - Will retrieve a CR's related to disconnected OCP deployments. If the list is not
 // empty, we can infer that the OCP cluster is a disconnected deployment.
 func IsDisconnectedOCP(ctx context.Context, helper *helper.Helper) (bool, error) {
-	icspList := ocpimage.ImageContentSourcePolicyList{}
+	icspList := ocpicsp.ImageContentSourcePolicyList{}
+	idmsList := ocpidms.ImageDigestMirrorSetList{}
 
 	listOpts := []client.ListOption{}
-	err := helper.GetClient().List(ctx, &icspList, listOpts...)
+
+	var err error
+	err = helper.GetClient().List(ctx, &icspList, listOpts...)
+	if err != nil {
+		return false, err
+	}
+	err = helper.GetClient().List(ctx, &idmsList, listOpts...)
 	if err != nil {
 		return false, err
 	}
 
-	if len(icspList.Items) != 0 {
-		return true, nil
+	if len(icspList.Items) != 0 || len(idmsList.Items) != 0 {
+		return true, err
 	}
 
-	return false, nil
+	return false, err
 }
 
 // GetMCRegistryConf - will unmarshal the MachineConfig ignition file the machineConfigIgnition object.

tests/functional/dataplane/suite_test.go

@@ -106,6 +106,8 @@ var _ = BeforeSuite(func() {
 	Expect(err).ShouldNot(HaveOccurred())
 	imageContentSourcePolicyCRDs, err := test.GetCRDDirFromModule("github.com/openshift/api", gomod, "operator/v1alpha1/zz_generated.crd-manifests/")
 	Expect(err).ShouldNot(HaveOccurred())
+	imageDigestMirrorSetCRDs, err := test.GetCRDDirFromModule("github.com/openshift/api", gomod, "config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_imagedigestmirrorsets.crd.yaml")
+	Expect(err).ShouldNot(HaveOccurred())
 	machineConfigCRDs, err := test.GetCRDDirFromModule("github.com/openshift/api", gomod, "machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigs.crd.yaml")
 	Expect(err).ShouldNot(HaveOccurred())
 
@@ -118,6 +120,7 @@ var _ = BeforeSuite(func() {
 			certmgrv1CRDs,
 			openstackCRDs,
 			imageContentSourcePolicyCRDs,
+			imageDigestMirrorSetCRDs,
 			machineConfigCRDs,
 		},
 		WebhookInstallOptions: envtest.WebhookInstallOptions{