diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index bceb987fed..f66c710838 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -7,7 +7,8 @@ import ( "github.com/cenkalti/backoff/v4" "github.com/sirupsen/logrus" - istiov1alpha1 "istio.io/operator/pkg/apis/istio/v1alpha1" + appsv1 "k8s.io/api/apps/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" k8s "kubevirt.io/kubevirtci/cluster-provision/gocli/pkg/k8s" @@ -23,7 +24,7 @@ var istioWithCnao []byte //go:embed manifests/istio-operator.cr.yaml var istioNoCnao []byte -const istioVersion = "1.15.0" +const istioVersion = "1.24.1" type istioOpt struct { cnaoEnabled bool @@ -49,9 +50,15 @@ func (o *istioOpt) Exec() error { return err } + istioFile := "/opt/istio-operator-with-cnao.yaml" + if !o.cnaoEnabled { + istioFile = "/opt/istio-operator.cr.yaml" + } + cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init", + `echo '` + string(istioWithCnao) + `' | tee /opt/istio-operator-with-cnao.yaml > /dev/null`, + `echo '` + string(istioNoCnao) + `' | tee /opt/istio-operator.cr.yaml > /dev/null`, } for _, cmd := range cmds { if err := o.sshClient.Command(cmd); err != nil { @@ -59,60 +66,49 @@ func (o *istioOpt) Exec() error { } } - obj, err = k8s.SerializeIntoObject(istioWithCnao) - if err != nil { - return err - } - - if o.cnaoEnabled { - if err := o.client.Apply(obj); err != nil { - return err - } - } else { - obj, err = k8s.SerializeIntoObject(istioNoCnao) - if err != nil { - return err - } - - if err := o.client.Apply(obj); err != nil { - return err + go func() { + operation := func() error { + obj, err := o.client.Get(schema.GroupVersionKind{Group: "apps", + Version: "v1", + Kind: "DaemonSet"}, "istio-cni-node", "kube-system") + if err != nil { + fmt.Printf("Error getting the CNI DaemonSet: %s\n", err.Error()) + return err + } + + cniDaemonSet := &appsv1.DaemonSet{} + err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, cniDaemonSet) + if err != nil { + fmt.Printf("Error converting the CNI DaemonSet: %s\n", err.Error()) + return err + } + + privileged := true + cniDaemonSet.Spec.Template.Spec.Containers[0].SecurityContext.Privileged = &privileged + newCniDaemonSet, err := runtime.DefaultUnstructuredConverter.ToUnstructured(cniDaemonSet) + if err != nil { + fmt.Printf("Error converting the CNI DaemonSet: %s\n", err.Error()) + return err + } + + err = o.client.Update(&unstructured.Unstructured{Object: newCniDaemonSet}) + if err != nil { + fmt.Printf("Error patching the CNI DaemonSet: %s\n", err.Error()) + return err + } + return nil } - } - operator := &istiov1alpha1.IstioOperator{} + backoffStrategy := backoff.NewExponentialBackOff() + backoffStrategy.InitialInterval = 10 * time.Second + backoffStrategy.MaxElapsedTime = 3 * time.Minute - operation := func() error { - obj, err := o.client.Get(schema.GroupVersionKind{Group: "install.istio.io", - Version: "v1alpha1", - Kind: "IstioOperator"}, "istio-operator", "istio-system") + _ = backoff.Retry(operation, backoffStrategy) + }() - err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, operator) - if err != nil { - return err - } - - if operator.Status == nil { - err := fmt.Errorf("Operator status is still not ready") - logrus.Info("Istio operator is still not ready, Backing off and retrying") - return err - } - - if operator.Status.Status != 3 { - err := fmt.Errorf("Istio operator failed to move to Healthy status after max retries") - logrus.Info("Istio operator is still not ready, Backing off and retrying") - return err - } - - return nil - } - - backoffStrategy := backoff.NewExponentialBackOff() - backoffStrategy.InitialInterval = 10 * time.Second - backoffStrategy.MaxElapsedTime = 3 * time.Minute - - err = backoff.Retry(operation, backoffStrategy) - if err != nil { - return fmt.Errorf("Waiting on istio operator to become ready failed after maximum retries: %v", err) + istioInstallCmd := "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y -f " + istioFile + if err := o.sshClient.Command(istioInstallCmd); err != nil { + return err } logrus.Info("Istio operator is now ready!") diff --git a/cluster-provision/gocli/opts/istio/istio_test.go b/cluster-provision/gocli/opts/istio/istio_test.go index 1f7c324d22..c04d56cb56 100644 --- a/cluster-provision/gocli/opts/istio/istio_test.go +++ b/cluster-provision/gocli/opts/istio/istio_test.go @@ -26,8 +26,7 @@ var _ = Describe("IstioOpt", func() { BeforeEach(func() { mockCtrl = gomock.NewController(GinkgoT()) sshClient = kubevirtcimocks.NewMockSSHClient(mockCtrl) - r := k8s.NewReactorConfig("create", "istiooperators", IstioReactor) - k8sclient = k8s.NewTestClient(r) + k8sclient = k8s.NewTestClient() opt = NewIstioOpt(sshClient, k8sclient, false) AddExpectCalls(sshClient) }) diff --git a/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml b/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml index 7e50e2bc85..8cef51f3e4 100644 --- a/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml +++ b/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml @@ -5,7 +5,6 @@ metadata: name: istio-operator spec: profile: demo - hub: quay.io/kubevirtci components: cni: enabled: true diff --git a/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml b/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml index 67d7501835..55022b9cfc 100644 --- a/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml +++ b/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml @@ -5,7 +5,6 @@ metadata: name: istio-operator spec: profile: demo - hub: quay.io/kubevirtci components: cni: enabled: true diff --git a/cluster-provision/gocli/opts/istio/testconfig.go b/cluster-provision/gocli/opts/istio/testconfig.go index 8b155c0956..228abbb1cf 100644 --- a/cluster-provision/gocli/opts/istio/testconfig.go +++ b/cluster-provision/gocli/opts/istio/testconfig.go @@ -22,7 +22,9 @@ var IstioReactor = func(action k8stesting.Action) (bool, runtime.Object, error) func AddExpectCalls(sshClient *kubevirtcimocks.MockSSHClient) { cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-1.15.0/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init", + `echo '` + string(istioWithCnao) + `' | tee /opt/istio-operator-with-cnao.yaml > /dev/null`, + `echo '` + string(istioNoCnao) + `' | tee /opt/istio-operator.cr.yaml > /dev/null`, + "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y -f /opt/istio-operator.cr.yaml", } for _, cmd := range cmds { diff --git a/cluster-provision/gocli/pkg/k8s/k8s.go b/cluster-provision/gocli/pkg/k8s/k8s.go index c5f91e1256..34418869f8 100644 --- a/cluster-provision/gocli/pkg/k8s/k8s.go +++ b/cluster-provision/gocli/pkg/k8s/k8s.go @@ -3,6 +3,7 @@ package utils import ( "context" "fmt" + "strings" "time" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" @@ -16,6 +17,7 @@ import ( cdiv1beta1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" "github.com/cenkalti/backoff/v4" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -39,6 +41,7 @@ type K8sDynamicClient interface { Apply(obj *unstructured.Unstructured) error List(gvk schema.GroupVersionKind, ns string) (*unstructured.UnstructuredList, error) Delete(gvk schema.GroupVersionKind, name, ns string) error + Update(newResource *unstructured.Unstructured) error } type k8sDynamicClientImpl struct { @@ -103,9 +106,32 @@ func (c *k8sDynamicClientImpl) Get(gvk schema.GroupVersionKind, name, ns string) if err != nil { return nil, err } + return obj, nil } +func (c *k8sDynamicClientImpl) Update(newResource *unstructured.Unstructured) error { + gv := strings.Split(newResource.GetAPIVersion(), "/") + if len(gv) != 2 { + return fmt.Errorf("Resource has no proper group and version. Got: %s\n", newResource.GetAPIVersion()) + } + + resourceClient, err := c.initResourceClientForGVKAndNamespace(schema.GroupVersionKind{ + Group: gv[0], + Version: gv[1], + Kind: newResource.GetKind(), + }, newResource.GetNamespace()) + if err != nil { + return err + } + + _, err = resourceClient.Update(context.TODO(), newResource, v1.UpdateOptions{}) + if err != nil { + return err + } + return nil +} + func (c *k8sDynamicClientImpl) List(gvk schema.GroupVersionKind, ns string) (*unstructured.UnstructuredList, error) { resourceClient, err := c.initResourceClientForGVKAndNamespace(gvk, ns) if err != nil { @@ -192,6 +218,7 @@ func initSchema() *runtime.Scheme { _ = cdiv1beta1.AddToScheme(s) _ = aaqv1alpha1.AddToScheme(s) _ = corev1.AddToScheme(s) + _ = appsv1.AddToScheme(s) return s } diff --git a/cluster-provision/k8s/1.29/extra-pre-pull-images b/cluster-provision/k8s/1.29/extra-pre-pull-images index 120d4e8225..e9395de4c4 100644 --- a/cluster-provision/k8s/1.29/extra-pre-pull-images +++ b/cluster-provision/k8s/1.29/extra-pre-pull-images @@ -1,6 +1,3 @@ -quay.io/kubevirtci/install-cni:1.15.0 -quay.io/kubevirtci/operator:1.15.0 -quay.io/kubevirtci/pilot:1.15.0 quay.io/kubevirtci/proxyv2:1.15.0 quay.io/calico/cni:v3.26.5 quay.io/calico/kube-controllers:v3.26.5 @@ -14,6 +11,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.29/provision.sh b/cluster-provision/k8s/1.29/provision.sh index 76449f76cf..c8ba2817e8 100755 --- a/cluster-provision/k8s/1.29/provision.sh +++ b/cluster-provision/k8s/1.29/provision.sh @@ -11,7 +11,7 @@ fi KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex @@ -57,7 +57,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) diff --git a/cluster-provision/k8s/1.30/extra-pre-pull-images b/cluster-provision/k8s/1.30/extra-pre-pull-images index a4e4a55fe7..91dce92d24 100644 --- a/cluster-provision/k8s/1.30/extra-pre-pull-images +++ b/cluster-provision/k8s/1.30/extra-pre-pull-images @@ -1,6 +1,3 @@ -quay.io/kubevirtci/install-cni:1.15.0 -quay.io/kubevirtci/operator:1.15.0 -quay.io/kubevirtci/pilot:1.15.0 quay.io/kubevirtci/proxyv2:1.15.0 quay.io/calico/cni:v3.26.5 quay.io/calico/kube-controllers:v3.26.5 @@ -14,6 +11,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.30/provision.sh b/cluster-provision/k8s/1.30/provision.sh index b1e67ddd69..10da506caf 100755 --- a/cluster-provision/k8s/1.30/provision.sh +++ b/cluster-provision/k8s/1.30/provision.sh @@ -6,7 +6,7 @@ ARCH=$(uname -m) KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex @@ -52,7 +52,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) diff --git a/cluster-provision/k8s/1.31/extra-pre-pull-images b/cluster-provision/k8s/1.31/extra-pre-pull-images index 120d4e8225..0036af75b2 100644 --- a/cluster-provision/k8s/1.31/extra-pre-pull-images +++ b/cluster-provision/k8s/1.31/extra-pre-pull-images @@ -14,6 +14,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.31/provision.sh b/cluster-provision/k8s/1.31/provision.sh index a340c63f19..7e281db10d 100755 --- a/cluster-provision/k8s/1.31/provision.sh +++ b/cluster-provision/k8s/1.31/provision.sh @@ -6,7 +6,7 @@ ARCH=$(uname -m) KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex @@ -52,7 +52,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) diff --git a/cluster-provision/k8s/1.32/extra-pre-pull-images b/cluster-provision/k8s/1.32/extra-pre-pull-images index 120d4e8225..e9395de4c4 100644 --- a/cluster-provision/k8s/1.32/extra-pre-pull-images +++ b/cluster-provision/k8s/1.32/extra-pre-pull-images @@ -1,6 +1,3 @@ -quay.io/kubevirtci/install-cni:1.15.0 -quay.io/kubevirtci/operator:1.15.0 -quay.io/kubevirtci/pilot:1.15.0 quay.io/kubevirtci/proxyv2:1.15.0 quay.io/calico/cni:v3.26.5 quay.io/calico/kube-controllers:v3.26.5 @@ -14,6 +11,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.32/provision.sh b/cluster-provision/k8s/1.32/provision.sh index a340c63f19..7e281db10d 100755 --- a/cluster-provision/k8s/1.32/provision.sh +++ b/cluster-provision/k8s/1.32/provision.sh @@ -6,7 +6,7 @@ ARCH=$(uname -m) KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex @@ -52,7 +52,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) diff --git a/cluster-provision/k8s/provision.sh b/cluster-provision/k8s/provision.sh index 45354b59a2..546d965111 100755 --- a/cluster-provision/k8s/provision.sh +++ b/cluster-provision/k8s/provision.sh @@ -4,7 +4,7 @@ set -ex PHASES_DEFAULT="linux,k8s" -PHASES="${PHASES:-$PHASES_DEFAULT}" +PHASES="$PHASES_DEFAULT" CHECK_CLUSTER="${CHECK_CLUSTER:-false}" export SLIM="${SLIM:-false}" BYPASS_PMAN_CHANGE_CHECK=${BYPASS_PMAN_CHANGE_CHECK:-false}