MCO-1961: Introduce the OSImageStream controller

Author: pablintino

cmd/machine-config-controller/start.go

@@ -16,6 +16,7 @@ import (
 	kubeletconfig "github.com/openshift/machine-config-operator/pkg/controller/kubelet-config"
 	machinesetbootimage "github.com/openshift/machine-config-operator/pkg/controller/machine-set-boot-image"
 	"github.com/openshift/machine-config-operator/pkg/controller/node"
+	"github.com/openshift/machine-config-operator/pkg/controller/osimagestream"
 	"github.com/openshift/machine-config-operator/pkg/controller/pinnedimageset"
 	"github.com/openshift/machine-config-operator/pkg/controller/render"
 	"github.com/openshift/machine-config-operator/pkg/controller/template"
@@ -149,6 +150,29 @@ func runStartCmd(_ *cobra.Command, _ []string) {
 			ctrlctx.OperatorInformerFactory.Start(ctrlctx.Stop)
 		}
 
+		if ctrlctx.FeatureGatesHandler.Enabled(features.FeatureGateOSStreams) {
+			osImageStreamController := osimagestream.NewController(
+				ctrlctx.ClientBuilder.KubeClientOrDie("osimagestream-controller"),
+				ctrlctx.ClientBuilder.MachineConfigClientOrDie("osimagestream-controller"),
+				ctrlctx.InformerFactory.Machineconfiguration().V1().ControllerConfigs(),
+				ctrlctx.KubeNamespacedInformerFactory.Core().V1().ConfigMaps(),
+				ctrlctx.InformerFactory.Machineconfiguration().V1alpha1().OSImageStreams(),
+				ctrlctx.ConfigInformerFactory.Config().V1().ClusterVersions(),
+				nil,
+			)
+
+			go osImageStreamController.Run(ctrlctx.Stop)
+			// start the informers again to enable feature gated types.
+			// see comments in SharedInformerFactory interface.
+			ctrlctx.KubeNamespacedInformerFactory.Start(ctrlctx.Stop)
+			ctrlctx.InformerFactory.Start(ctrlctx.Stop)
+			ctrlctx.ConfigInformerFactory.Start(ctrlctx.Stop)
+
+			if err = osImageStreamController.WaitBoot(); err != nil {
+				klog.Fatal(fmt.Errorf("failed to initialize the OSImageStream controller %w", err))
+			}
+		}
+
 		for _, c := range controllers {
 			go c.Run(2, ctrlctx.Stop)
 		}
@@ -187,17 +211,21 @@ func createControllers(ctx *ctrlcommon.ControllerContext) []ctrlcommon.Controlle
 			rootOpts.templates,
 			ctx.InformerFactory.Machineconfiguration().V1().ControllerConfigs(),
 			ctx.InformerFactory.Machineconfiguration().V1().MachineConfigs(),
+			ctx.InformerFactory.Machineconfiguration().V1().MachineConfigPools(),
+			ctx.InformerFactory.Machineconfiguration().V1alpha1().OSImageStreams(),
 			ctx.OpenShiftConfigKubeNamespacedInformerFactory.Core().V1().Secrets(),
 			ctx.ConfigInformerFactory.Config().V1().APIServers(),
 			ctx.ClientBuilder.KubeClientOrDie("template-controller"),
 			ctx.ClientBuilder.MachineConfigClientOrDie("template-controller"),
+			ctx.FeatureGatesHandler,
 		),
 		// Add all "sub-renderers here"
 		kubeletconfig.New(
 			rootOpts.templates,
 			ctx.InformerFactory.Machineconfiguration().V1().MachineConfigPools(),
 			ctx.InformerFactory.Machineconfiguration().V1().ControllerConfigs(),
 			ctx.InformerFactory.Machineconfiguration().V1().KubeletConfigs(),
+			ctx.InformerFactory.Machineconfiguration().V1alpha1().OSImageStreams(),
 			ctx.ConfigInformerFactory.Config().V1().FeatureGates(),
 			ctx.ConfigInformerFactory.Config().V1().Nodes(),
 			ctx.ConfigInformerFactory.Config().V1().APIServers(),
@@ -211,6 +239,7 @@ func createControllers(ctx *ctrlcommon.ControllerContext) []ctrlcommon.Controlle
 			ctx.InformerFactory.Machineconfiguration().V1().MachineConfigPools(),
 			ctx.InformerFactory.Machineconfiguration().V1().ControllerConfigs(),
 			ctx.InformerFactory.Machineconfiguration().V1().ContainerRuntimeConfigs(),
+			ctx.InformerFactory.Machineconfiguration().V1alpha1().OSImageStreams(),
 			ctx.ConfigInformerFactory.Config().V1().Images(),
 			ctx.ConfigInformerFactory.Config().V1().ImageDigestMirrorSets(),
 			ctx.ConfigInformerFactory.Config().V1().ImageTagMirrorSets(),
@@ -231,6 +260,7 @@ func createControllers(ctx *ctrlcommon.ControllerContext) []ctrlcommon.Controlle
 			ctx.InformerFactory.Machineconfiguration().V1().ContainerRuntimeConfigs(),
 			ctx.InformerFactory.Machineconfiguration().V1().KubeletConfigs(),
 			ctx.OperatorInformerFactory.Operator().V1().MachineConfigurations(),
+			ctx.InformerFactory.Machineconfiguration().V1alpha1().OSImageStreams(),
 			ctx.ClientBuilder.KubeClientOrDie("render-controller"),
 			ctx.ClientBuilder.MachineConfigClientOrDie("render-controller"),
 			ctx.FeatureGatesHandler,

pkg/controller/bootstrap/bootstrap.go

@@ -2,13 +2,18 @@ package bootstrap
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
+	"time"
 
+	"github.com/openshift/api/features"
 	imagev1 "github.com/openshift/api/image/v1"
+	"github.com/openshift/api/machineconfiguration/v1alpha1"
+	"github.com/openshift/machine-config-operator/pkg/controller/osimagestream"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	corev1 "k8s.io/api/core/v1"
@@ -68,7 +73,7 @@ func (b *Bootstrap) Run(destDir string) error {
 		return err
 	}
 
-	psraw, err := getPullSecretFromSecret(psfraw)
+	pullSecret, err := getValidatePullSecretFromBytes(psfraw)
 	if err != nil {
 		return err
 	}
@@ -195,15 +200,46 @@ func (b *Bootstrap) Run(destDir string) error {
 		return fmt.Errorf("error creating feature gates handler: %w", err)
 	}
 
-	iconfigs, err := template.RunBootstrap(b.templatesDir, cconfig, psraw, apiServer)
+	var osImageStream *v1alpha1.OSImageStream
+	if fgHandler.Enabled(features.FeatureGateOSStreams) {
+		ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
+		defer cancel()
+
+		// TODO @pablintino we need to change the factory API to avoid passing that cmLister at bootstrap
+		osImageStream, err = osimagestream.BuildOsImageStreamBootstrap(ctx,
+			pullSecret,
+			cconfig,
+			imageStream,
+			&osimagestream.OSImageTuple{
+				OSImage:           cconfig.Spec.BaseOSContainerImage,
+				OSExtensionsImage: cconfig.Spec.BaseOSExtensionsContainerImage,
+			},
+			osimagestream.NewDefaultStreamSourceFactory(nil, &osimagestream.DefaultImagesInspectorFactory{}),
+		)
+		if err != nil {
+			return fmt.Errorf("error inspecting available OSImageStreams: %w", err)
+		}
+
+		// For sanity reasons we override the ControllerConfig URLs with the default stream ones
+		defaultStreamSet, err := osimagestream.GetOSImageStreamSetByName(osImageStream, "")
+		if err != nil {
+			// Should never happen
+			return fmt.Errorf("error getting default OSImageStreamSet: %w", err)
+		}
+		cconfig.Spec.BaseOSContainerImage = string(defaultStreamSet.OSImage)
+		cconfig.Spec.BaseOSExtensionsContainerImage = string(defaultStreamSet.OSExtensionsImage)
+	}
+
+	pullSecretBytes := pullSecret.Data[corev1.DockerConfigJsonKey]
+	iconfigs, err := template.RunBootstrap(b.templatesDir, cconfig, pools, pullSecretBytes, apiServer, osImageStream)
 	if err != nil {
 		return err
 	}
 	klog.Infof("Successfully generated MachineConfigs from templates.")
 
 	configs = append(configs, iconfigs...)
 
-	rconfigs, err := containerruntimeconfig.RunImageBootstrap(b.templatesDir, cconfig, pools, icspRules, idmsRules, itmsRules, imgCfg, clusterImagePolicies, imagePolicies, fgHandler)
+	rconfigs, err := containerruntimeconfig.RunImageBootstrap(b.templatesDir, cconfig, pools, icspRules, idmsRules, itmsRules, imgCfg, clusterImagePolicies, imagePolicies, fgHandler, osImageStream)
 	if err != nil {
 		return err
 	}
@@ -212,7 +248,7 @@ func (b *Bootstrap) Run(destDir string) error {
 	configs = append(configs, rconfigs...)
 
 	if len(crconfigs) > 0 {
-		containerRuntimeConfigs, err := containerruntimeconfig.RunContainerRuntimeBootstrap(b.templatesDir, crconfigs, cconfig, pools)
+		containerRuntimeConfigs, err := containerruntimeconfig.RunContainerRuntimeBootstrap(b.templatesDir, crconfigs, cconfig, pools, osImageStream)
 		if err != nil {
 			return err
 		}
@@ -221,7 +257,7 @@ func (b *Bootstrap) Run(destDir string) error {
 	klog.Infof("Successfully generated MachineConfigs from containerruntime.")
 
 	if featureGate != nil {
-		featureConfigs, err := kubeletconfig.RunFeatureGateBootstrap(b.templatesDir, fgHandler, nodeConfig, cconfig, pools, apiServer)
+		featureConfigs, err := kubeletconfig.RunFeatureGateBootstrap(b.templatesDir, fgHandler, nodeConfig, cconfig, pools, apiServer, osImageStream)
 		if err != nil {
 			return err
 		}
@@ -238,7 +274,7 @@ func (b *Bootstrap) Run(destDir string) error {
 		}
 	}
 	if nodeConfig != nil {
-		nodeConfigs, err := kubeletconfig.RunNodeConfigBootstrap(b.templatesDir, fgHandler, cconfig, nodeConfig, pools, apiServer)
+		nodeConfigs, err := kubeletconfig.RunNodeConfigBootstrap(b.templatesDir, fgHandler, cconfig, nodeConfig, pools, apiServer, osImageStream)
 		if err != nil {
 			return err
 		}
@@ -247,7 +283,7 @@ func (b *Bootstrap) Run(destDir string) error {
 	klog.Infof("Successfully generated MachineConfigs from node.Configs.")
 
 	if len(kconfigs) > 0 {
-		kconfigs, err := kubeletconfig.RunKubeletBootstrap(b.templatesDir, kconfigs, cconfig, fgHandler, nodeConfig, pools, apiServer)
+		kconfigs, err := kubeletconfig.RunKubeletBootstrap(b.templatesDir, kconfigs, cconfig, fgHandler, nodeConfig, pools, apiServer, osImageStream)
 		if err != nil {
 			return err
 		}
@@ -267,7 +303,7 @@ func (b *Bootstrap) Run(destDir string) error {
 		klog.Infof("Successfully created %d pre-built image component MachineConfigs for hybrid OCL.", len(preBuiltImageMCs))
 	}
 
-	fpools, gconfigs, err := render.RunBootstrap(pools, configs, cconfig)
+	fpools, gconfigs, err := render.RunBootstrap(pools, configs, cconfig, osImageStream)
 	if err != nil {
 		return err
 	}
@@ -345,16 +381,12 @@ func (b *Bootstrap) Run(destDir string) error {
 		return err
 	}
 
-	if imageStream != nil {
-		klog.Infof("ImageStream found!")
-	}
-
 	klog.Infof("writing the following controllerConfig to disk: %s", string(buf.Bytes()))
 	return os.WriteFile(filepath.Join(cconfigDir, "machine-config-controller.yaml"), buf.Bytes(), 0o664)
 
 }
 
-func getPullSecretFromSecret(sData []byte) ([]byte, error) {
+func getValidatePullSecretFromBytes(sData []byte) (*corev1.Secret, error) {
 	obji, err := runtime.Decode(kscheme.Codecs.UniversalDecoder(corev1.SchemeGroupVersion), sData)
 	if err != nil {
 		return nil, err
@@ -366,7 +398,7 @@ func getPullSecretFromSecret(sData []byte) ([]byte, error) {
 	if s.Type != corev1.SecretTypeDockerConfigJson {
 		return nil, fmt.Errorf("expected secret type %s found %s", corev1.SecretTypeDockerConfigJson, s.Type)
 	}
-	return s.Data[corev1.DockerConfigJsonKey], nil
+	return s, nil
 }
 
 type manifest struct {

pkg/controller/common/helpers.go

@@ -28,6 +28,7 @@ import (
 	ign2types "github.com/coreos/ignition/config/v2_2/types"
 	validate2 "github.com/coreos/ignition/config/validate"
 	ign3error "github.com/coreos/ignition/v2/config/shared/errors"
+	"github.com/openshift/api/machineconfiguration/v1alpha1"
 
 	ign3 "github.com/coreos/ignition/v2/config/v3_5"
 	ign3types "github.com/coreos/ignition/v2/config/v3_5/types"
@@ -68,7 +69,7 @@ func boolToPtr(b bool) *bool {
 // It uses the Ignition config from first object as base and appends all the rest.
 // Kernel arguments are concatenated.
 // It defaults to the OSImageURL provided by the CVO but allows a MC provided OSImageURL to take precedence.
-func MergeMachineConfigs(configs []*mcfgv1.MachineConfig, cconfig *mcfgv1.ControllerConfig) (*mcfgv1.MachineConfig, error) {
+func MergeMachineConfigs(configs []*mcfgv1.MachineConfig, cconfig *mcfgv1.ControllerConfig, imageStream *v1alpha1.OSImageStreamSet) (*mcfgv1.MachineConfig, error) {
 	if len(configs) == 0 {
 		return nil, nil
 	}
@@ -187,15 +188,15 @@ func MergeMachineConfigs(configs []*mcfgv1.MachineConfig, cconfig *mcfgv1.Contro
 	// For layering, we want to let the user override OSImageURL again
 	// The template configs always match what's in controllerconfig because they get rendered from there,
 	// so the only way we get an override here is if the user adds something different
-	osImageURL := GetDefaultBaseImageContainer(&cconfig.Spec)
+	osImageURL := GetBaseImageContainer(&cconfig.Spec, imageStream)
 	for _, cfg := range configs {
 		if cfg.Spec.OSImageURL != "" {
 			osImageURL = cfg.Spec.OSImageURL
 		}
 	}
 
 	// Allow overriding the extensions container
-	baseOSExtensionsContainerImage := cconfig.Spec.BaseOSExtensionsContainerImage
+	baseOSExtensionsContainerImage := GetBaseExtensionsImageContainer(&cconfig.Spec, imageStream)
 	for _, cfg := range configs {
 		if cfg.Spec.BaseOSExtensionsContainerImage != "" {
 			baseOSExtensionsContainerImage = cfg.Spec.BaseOSExtensionsContainerImage
@@ -1035,9 +1036,20 @@ func GetIgnitionFileDataByPath(config *ign3types.Config, path string) ([]byte, e
 	return nil, nil
 }
 
-// GetDefaultBaseImageContainer returns the default bootable host base image.
-func GetDefaultBaseImageContainer(cconfigspec *mcfgv1.ControllerConfigSpec) string {
-	return cconfigspec.BaseOSContainerImage
+// GetBaseImageContainer returns the default bootable host base image.
+func GetBaseImageContainer(cconfigspec *mcfgv1.ControllerConfigSpec, imageStream *v1alpha1.OSImageStreamSet) string {
+	if imageStream == nil {
+		return cconfigspec.BaseOSContainerImage
+	}
+	return string(imageStream.OSImage)
+}
+
+// GetBaseExtensionsImageContainer returns the default bootable host base image.
+func GetBaseExtensionsImageContainer(cconfigspec *mcfgv1.ControllerConfigSpec, imageStream *v1alpha1.OSImageStreamSet) string {
+	if imageStream == nil {
+		return cconfigspec.BaseOSExtensionsContainerImage
+	}
+	return string(imageStream.OSExtensionsImage)
 }
 
 // Configures common template FuncMaps used across all renderers.

pkg/controller/container-runtime-config/container_runtime_config_bootstrap.go

@@ -4,15 +4,17 @@ import (
 	"fmt"
 
 	mcfgv1 "github.com/openshift/api/machineconfiguration/v1"
+	"github.com/openshift/api/machineconfiguration/v1alpha1"
 	ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common"
+	"github.com/openshift/machine-config-operator/pkg/controller/osimagestream"
 	"github.com/openshift/machine-config-operator/pkg/version"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/klog/v2"
 )
 
 // RunContainerRuntimeBootstrap generates ignition configs at bootstrap
-func RunContainerRuntimeBootstrap(templateDir string, crconfigs []*mcfgv1.ContainerRuntimeConfig, controllerConfig *mcfgv1.ControllerConfig, mcpPools []*mcfgv1.MachineConfigPool) ([]*mcfgv1.MachineConfig, error) {
+func RunContainerRuntimeBootstrap(templateDir string, crconfigs []*mcfgv1.ContainerRuntimeConfig, controllerConfig *mcfgv1.ControllerConfig, mcpPools []*mcfgv1.MachineConfigPool, osImageStream *v1alpha1.OSImageStream) ([]*mcfgv1.MachineConfig, error) {
 	var res []*mcfgv1.MachineConfig
 	managedKeyExist := make(map[string]bool)
 	for _, cfg := range crconfigs {
@@ -32,7 +34,12 @@ func RunContainerRuntimeBootstrap(templateDir string, crconfigs []*mcfgv1.Contai
 			}
 			role := pool.Name
 			// Generate the original ContainerRuntimeConfig
-			originalStorageIgn, _, _, err := generateOriginalContainerRuntimeConfigs(templateDir, controllerConfig, role)
+			originalStorageIgn, _, _, err := generateOriginalContainerRuntimeConfigs(
+				templateDir,
+				controllerConfig,
+				role,
+				osimagestream.TryGetOSImageStreamFromPoolListByPoolName(osImageStream, mcpPools, pool.Name),
+			)
 			if err != nil {
 				return nil, fmt.Errorf("could not generate origin ContainerRuntime Configs: %w", err)
 			}