From 3c009225a78dd5f40930ea42f64ebb169035a48e Mon Sep 17 00:00:00 2001 From: aerosouund Date: Tue, 26 Nov 2024 13:48:22 +0200 Subject: [PATCH 01/15] chore: Bump istio in k8s-1.29 to 1.24.1 Signed-off-by: aerosouund --- cluster-provision/k8s/1.29/provision.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cluster-provision/k8s/1.29/provision.sh b/cluster-provision/k8s/1.29/provision.sh index 76449f76cf..b613ce08ec 100755 --- a/cluster-provision/k8s/1.29/provision.sh +++ b/cluster-provision/k8s/1.29/provision.sh @@ -11,7 +11,7 @@ fi KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex @@ -57,7 +57,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz istio-${ISTIO_VERSION}/bin/istioctl -C ${ISTIO_BIN_DIR} chmod +x "$ISTIO_BIN_DIR/istioctl" ) From c223410e5607873292c4af5c8115a5c05cb89d01 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Tue, 26 Nov 2024 13:50:43 +0200 Subject: [PATCH 02/15] chore: Update istio opt to use 1.24.1 Signed-off-by: aerosouund --- cluster-provision/gocli/opts/istio/istio.go | 2 +- cluster-provision/gocli/opts/istio/testconfig.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index bceb987fed..28c43a7ef2 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -23,7 +23,7 @@ var istioWithCnao []byte //go:embed manifests/istio-operator.cr.yaml var istioNoCnao []byte -const istioVersion = "1.15.0" +const istioVersion = "1.24.1" type istioOpt struct { cnaoEnabled bool diff --git a/cluster-provision/gocli/opts/istio/testconfig.go b/cluster-provision/gocli/opts/istio/testconfig.go index 8b155c0956..16f5cbd08d 100644 --- a/cluster-provision/gocli/opts/istio/testconfig.go +++ b/cluster-provision/gocli/opts/istio/testconfig.go @@ -22,7 +22,7 @@ var IstioReactor = func(action k8stesting.Action) (bool, runtime.Object, error) func AddExpectCalls(sshClient *kubevirtcimocks.MockSSHClient) { cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-1.15.0/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init", + "PATH=/opt/istio-1.24.1/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init", } for _, cmd := range cmds { From ddbc0acd8598edba899127d648a6820600846211 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Thu, 28 Nov 2024 17:08:47 +0200 Subject: [PATCH 03/15] fix: Try strip Signed-off-by: aerosouund --- cluster-provision/k8s/1.29/provision.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-provision/k8s/1.29/provision.sh b/cluster-provision/k8s/1.29/provision.sh index b613ce08ec..c8ba2817e8 100755 --- a/cluster-provision/k8s/1.29/provision.sh +++ b/cluster-provision/k8s/1.29/provision.sh @@ -58,7 +58,7 @@ export PATH="$ISTIO_BIN_DIR:$PATH" set -E mkdir -p "$ISTIO_BIN_DIR" curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O - tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz istio-${ISTIO_VERSION}/bin/istioctl -C ${ISTIO_BIN_DIR} + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) From e8fb567112691e5a4e9b3e7a74398edd39031a5c Mon Sep 17 00:00:00 2001 From: aerosouund Date: Thu, 28 Nov 2024 17:17:23 +0200 Subject: [PATCH 04/15] fix: Upgrade istio version to 1.24 in k8s 1.30 and 1.31 Signed-off-by: aerosouund --- cluster-provision/k8s/1.30/provision.sh | 5 +++-- cluster-provision/k8s/1.31/provision.sh | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/cluster-provision/k8s/1.30/provision.sh b/cluster-provision/k8s/1.30/provision.sh index b1e67ddd69..10da506caf 100755 --- a/cluster-provision/k8s/1.30/provision.sh +++ b/cluster-provision/k8s/1.30/provision.sh @@ -6,7 +6,7 @@ ARCH=$(uname -m) KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex @@ -52,7 +52,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) diff --git a/cluster-provision/k8s/1.31/provision.sh b/cluster-provision/k8s/1.31/provision.sh index a340c63f19..7e281db10d 100755 --- a/cluster-provision/k8s/1.31/provision.sh +++ b/cluster-provision/k8s/1.31/provision.sh @@ -6,7 +6,7 @@ ARCH=$(uname -m) KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex @@ -52,7 +52,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) From 3376636d948f64ef9b8e146531d211f5eaa2c765 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Thu, 28 Nov 2024 17:46:22 +0200 Subject: [PATCH 05/15] fix: run the linux phase Signed-off-by: aerosouund --- cluster-provision/k8s/provision.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-provision/k8s/provision.sh b/cluster-provision/k8s/provision.sh index 45354b59a2..546d965111 100755 --- a/cluster-provision/k8s/provision.sh +++ b/cluster-provision/k8s/provision.sh @@ -4,7 +4,7 @@ set -ex PHASES_DEFAULT="linux,k8s" -PHASES="${PHASES:-$PHASES_DEFAULT}" +PHASES="$PHASES_DEFAULT" CHECK_CLUSTER="${CHECK_CLUSTER:-false}" export SLIM="${SLIM:-false}" BYPASS_PMAN_CHANGE_CHECK=${BYPASS_PMAN_CHANGE_CHECK:-false} From 48091d1aaac7c77a1034d1b6e7c0b7e460e4d174 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Fri, 29 Nov 2024 12:06:10 +0200 Subject: [PATCH 06/15] fix: Use istioctl install Signed-off-by: aerosouund --- cluster-provision/gocli/opts/istio/istio.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index 28c43a7ef2..3c035826f9 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -51,7 +51,7 @@ func (o *istioOpt) Exec() error { cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init", + "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install", } for _, cmd := range cmds { if err := o.sshClient.Command(cmd); err != nil { From 7914229ab8f0450cff99a2a20750c4dc4676f37d Mon Sep 17 00:00:00 2001 From: aerosouund Date: Sun, 1 Dec 2024 15:59:41 +0200 Subject: [PATCH 07/15] fix: Skip confirmation istioctl Signed-off-by: aerosouund --- cluster-provision/gocli/opts/istio/istio.go | 2 +- cluster-provision/gocli/opts/istio/testconfig.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index 3c035826f9..b8910c4e06 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -51,7 +51,7 @@ func (o *istioOpt) Exec() error { cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install", + "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y", } for _, cmd := range cmds { if err := o.sshClient.Command(cmd); err != nil { diff --git a/cluster-provision/gocli/opts/istio/testconfig.go b/cluster-provision/gocli/opts/istio/testconfig.go index 16f5cbd08d..7f5191fe78 100644 --- a/cluster-provision/gocli/opts/istio/testconfig.go +++ b/cluster-provision/gocli/opts/istio/testconfig.go @@ -22,7 +22,7 @@ var IstioReactor = func(action k8stesting.Action) (bool, runtime.Object, error) func AddExpectCalls(sshClient *kubevirtcimocks.MockSSHClient) { cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-1.24.1/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init", + "PATH=/opt/istio-1.24.1/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y", } for _, cmd := range cmds { From f8cef70ee181f01198dea04b3c7470ed88082471 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Sun, 15 Dec 2024 20:59:55 +0200 Subject: [PATCH 08/15] refactor: Patch the CNI security context in another thread since higher privileges are needed Signed-off-by: aerosouund --- cluster-provision/gocli/opts/istio/istio.go | 93 +++++++++------------ 1 file changed, 40 insertions(+), 53 deletions(-) diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index b8910c4e06..0e8bc53172 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -2,12 +2,12 @@ package istio import ( _ "embed" - "fmt" "time" "github.com/cenkalti/backoff/v4" "github.com/sirupsen/logrus" - istiov1alpha1 "istio.io/operator/pkg/apis/istio/v1alpha1" + appsv1 "k8s.io/api/apps/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" k8s "kubevirt.io/kubevirtci/cluster-provision/gocli/pkg/k8s" @@ -49,9 +49,15 @@ func (o *istioOpt) Exec() error { return err } + istioFile := "/opt/istio-operator-with-cnao.yaml" + if !o.cnaoEnabled { + istioFile = "/opt/istio-operator.cr.yaml" + } + cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y", + `echo '` + string(istioWithCnao) + `' | tee /opt/istio-operator-with-cnao.yaml > /dev/null`, + `echo '` + string(istioNoCnao) + `' | tee /opt/istio-operator.cr.yaml > /dev/null`, } for _, cmd := range cmds { if err := o.sshClient.Command(cmd); err != nil { @@ -59,60 +65,41 @@ func (o *istioOpt) Exec() error { } } - obj, err = k8s.SerializeIntoObject(istioWithCnao) - if err != nil { - return err - } - - if o.cnaoEnabled { - if err := o.client.Apply(obj); err != nil { - return err - } - } else { - obj, err = k8s.SerializeIntoObject(istioNoCnao) - if err != nil { - return err - } - - if err := o.client.Apply(obj); err != nil { - return err + go func() { + operation := func() error { + obj, err := o.client.Get(schema.GroupVersionKind{Group: "apps", + Version: "v1", + Kind: "DaemonSet"}, "istio-cni-node", "kube-system") + cniDaemonSet := &appsv1.DaemonSet{} + err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, cniDaemonSet) + if err != nil { + return err + } + + var privileged = true + cniDaemonSet.Spec.Template.Spec.Containers[0].SecurityContext.Privileged = &privileged + newCniDaemonSet, err := runtime.DefaultUnstructuredConverter.ToUnstructured(cniDaemonSet) + if err != nil { + return err + } + + err = o.client.Apply(&unstructured.Unstructured{Object: newCniDaemonSet}) + if err != nil { + return err + } + return nil } - } - operator := &istiov1alpha1.IstioOperator{} + backoffStrategy := backoff.NewExponentialBackOff() + backoffStrategy.InitialInterval = 10 * time.Second + backoffStrategy.MaxElapsedTime = 3 * time.Minute - operation := func() error { - obj, err := o.client.Get(schema.GroupVersionKind{Group: "install.istio.io", - Version: "v1alpha1", - Kind: "IstioOperator"}, "istio-operator", "istio-system") + err = backoff.Retry(operation, backoffStrategy) + }() - err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, operator) - if err != nil { - return err - } - - if operator.Status == nil { - err := fmt.Errorf("Operator status is still not ready") - logrus.Info("Istio operator is still not ready, Backing off and retrying") - return err - } - - if operator.Status.Status != 3 { - err := fmt.Errorf("Istio operator failed to move to Healthy status after max retries") - logrus.Info("Istio operator is still not ready, Backing off and retrying") - return err - } - - return nil - } - - backoffStrategy := backoff.NewExponentialBackOff() - backoffStrategy.InitialInterval = 10 * time.Second - backoffStrategy.MaxElapsedTime = 3 * time.Minute - - err = backoff.Retry(operation, backoffStrategy) - if err != nil { - return fmt.Errorf("Waiting on istio operator to become ready failed after maximum retries: %v", err) + istioInstallCmd := "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y -f " + istioFile + if err := o.sshClient.Command(istioInstallCmd); err != nil { + return err } logrus.Info("Istio operator is now ready!") From 929870545c39b5147207a62cff9e6358e12a9c62 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Sun, 15 Dec 2024 21:05:05 +0200 Subject: [PATCH 09/15] fix: Fix missing error check from the get call Signed-off-by: aerosouund --- cluster-provision/gocli/opts/istio/istio.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index 0e8bc53172..b165624cc4 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -70,6 +70,10 @@ func (o *istioOpt) Exec() error { obj, err := o.client.Get(schema.GroupVersionKind{Group: "apps", Version: "v1", Kind: "DaemonSet"}, "istio-cni-node", "kube-system") + if err != nil { + return err + } + cniDaemonSet := &appsv1.DaemonSet{} err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, cniDaemonSet) if err != nil { From 4149d8efe26b539da18f84182549585c1b77b635 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Sun, 15 Dec 2024 21:08:11 +0200 Subject: [PATCH 10/15] fix: No hub spec in istio operator Signed-off-by: aerosouund --- .../gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml | 1 - .../gocli/opts/istio/manifests/istio-operator.cr.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml b/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml index 7e50e2bc85..8cef51f3e4 100644 --- a/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml +++ b/cluster-provision/gocli/opts/istio/manifests/istio-operator-with-cnao.cr.yaml @@ -5,7 +5,6 @@ metadata: name: istio-operator spec: profile: demo - hub: quay.io/kubevirtci components: cni: enabled: true diff --git a/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml b/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml index 67d7501835..55022b9cfc 100644 --- a/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml +++ b/cluster-provision/gocli/opts/istio/manifests/istio-operator.cr.yaml @@ -5,7 +5,6 @@ metadata: name: istio-operator spec: profile: demo - hub: quay.io/kubevirtci components: cni: enabled: true From 4b045d7c05633c9dd7308e6a5f2e42f4c2ab3ea5 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Sun, 15 Dec 2024 21:46:59 +0200 Subject: [PATCH 11/15] fix: Implement Update on the k8s client and use it to update the daemonset in a separate thread Signed-off-by: aerosouund --- cluster-provision/gocli/opts/istio/istio.go | 9 +++++-- cluster-provision/gocli/pkg/k8s/k8s.go | 27 +++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index b165624cc4..72b0dddd97 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -2,6 +2,7 @@ package istio import ( _ "embed" + "fmt" "time" "github.com/cenkalti/backoff/v4" @@ -71,12 +72,14 @@ func (o *istioOpt) Exec() error { Version: "v1", Kind: "DaemonSet"}, "istio-cni-node", "kube-system") if err != nil { + fmt.Printf("Error getting the CNI DaemonSet: %s\n", err.Error()) return err } cniDaemonSet := &appsv1.DaemonSet{} err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, cniDaemonSet) if err != nil { + fmt.Printf("Error converting the CNI DaemonSet: %s\n", err.Error()) return err } @@ -84,11 +87,13 @@ func (o *istioOpt) Exec() error { cniDaemonSet.Spec.Template.Spec.Containers[0].SecurityContext.Privileged = &privileged newCniDaemonSet, err := runtime.DefaultUnstructuredConverter.ToUnstructured(cniDaemonSet) if err != nil { + fmt.Printf("Error converting the CNI DaemonSet: %s\n", err.Error()) return err } - err = o.client.Apply(&unstructured.Unstructured{Object: newCniDaemonSet}) + err = o.client.Update(&unstructured.Unstructured{Object: newCniDaemonSet}) if err != nil { + fmt.Printf("Error patching the CNI DaemonSet: %s\n", err.Error()) return err } return nil @@ -98,7 +103,7 @@ func (o *istioOpt) Exec() error { backoffStrategy.InitialInterval = 10 * time.Second backoffStrategy.MaxElapsedTime = 3 * time.Minute - err = backoff.Retry(operation, backoffStrategy) + _ = backoff.Retry(operation, backoffStrategy) }() istioInstallCmd := "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y -f " + istioFile diff --git a/cluster-provision/gocli/pkg/k8s/k8s.go b/cluster-provision/gocli/pkg/k8s/k8s.go index c5f91e1256..34418869f8 100644 --- a/cluster-provision/gocli/pkg/k8s/k8s.go +++ b/cluster-provision/gocli/pkg/k8s/k8s.go @@ -3,6 +3,7 @@ package utils import ( "context" "fmt" + "strings" "time" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" @@ -16,6 +17,7 @@ import ( cdiv1beta1 "kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1" "github.com/cenkalti/backoff/v4" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -39,6 +41,7 @@ type K8sDynamicClient interface { Apply(obj *unstructured.Unstructured) error List(gvk schema.GroupVersionKind, ns string) (*unstructured.UnstructuredList, error) Delete(gvk schema.GroupVersionKind, name, ns string) error + Update(newResource *unstructured.Unstructured) error } type k8sDynamicClientImpl struct { @@ -103,9 +106,32 @@ func (c *k8sDynamicClientImpl) Get(gvk schema.GroupVersionKind, name, ns string) if err != nil { return nil, err } + return obj, nil } +func (c *k8sDynamicClientImpl) Update(newResource *unstructured.Unstructured) error { + gv := strings.Split(newResource.GetAPIVersion(), "/") + if len(gv) != 2 { + return fmt.Errorf("Resource has no proper group and version. Got: %s\n", newResource.GetAPIVersion()) + } + + resourceClient, err := c.initResourceClientForGVKAndNamespace(schema.GroupVersionKind{ + Group: gv[0], + Version: gv[1], + Kind: newResource.GetKind(), + }, newResource.GetNamespace()) + if err != nil { + return err + } + + _, err = resourceClient.Update(context.TODO(), newResource, v1.UpdateOptions{}) + if err != nil { + return err + } + return nil +} + func (c *k8sDynamicClientImpl) List(gvk schema.GroupVersionKind, ns string) (*unstructured.UnstructuredList, error) { resourceClient, err := c.initResourceClientForGVKAndNamespace(gvk, ns) if err != nil { @@ -192,6 +218,7 @@ func initSchema() *runtime.Scheme { _ = cdiv1beta1.AddToScheme(s) _ = aaqv1alpha1.AddToScheme(s) _ = corev1.AddToScheme(s) + _ = appsv1.AddToScheme(s) return s } From 831d2748b33433b71c05725c1594f6521bfb3760 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Sun, 15 Dec 2024 21:57:52 +0200 Subject: [PATCH 12/15] fix: Configure istio unit test to use the new configurarion Signed-off-by: aerosouund --- cluster-provision/gocli/opts/istio/istio.go | 2 +- cluster-provision/gocli/opts/istio/istio_test.go | 3 +-- cluster-provision/gocli/opts/istio/testconfig.go | 4 +++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cluster-provision/gocli/opts/istio/istio.go b/cluster-provision/gocli/opts/istio/istio.go index 72b0dddd97..f66c710838 100644 --- a/cluster-provision/gocli/opts/istio/istio.go +++ b/cluster-provision/gocli/opts/istio/istio.go @@ -83,7 +83,7 @@ func (o *istioOpt) Exec() error { return err } - var privileged = true + privileged := true cniDaemonSet.Spec.Template.Spec.Containers[0].SecurityContext.Privileged = &privileged newCniDaemonSet, err := runtime.DefaultUnstructuredConverter.ToUnstructured(cniDaemonSet) if err != nil { diff --git a/cluster-provision/gocli/opts/istio/istio_test.go b/cluster-provision/gocli/opts/istio/istio_test.go index 1f7c324d22..c04d56cb56 100644 --- a/cluster-provision/gocli/opts/istio/istio_test.go +++ b/cluster-provision/gocli/opts/istio/istio_test.go @@ -26,8 +26,7 @@ var _ = Describe("IstioOpt", func() { BeforeEach(func() { mockCtrl = gomock.NewController(GinkgoT()) sshClient = kubevirtcimocks.NewMockSSHClient(mockCtrl) - r := k8s.NewReactorConfig("create", "istiooperators", IstioReactor) - k8sclient = k8s.NewTestClient(r) + k8sclient = k8s.NewTestClient() opt = NewIstioOpt(sshClient, k8sclient, false) AddExpectCalls(sshClient) }) diff --git a/cluster-provision/gocli/opts/istio/testconfig.go b/cluster-provision/gocli/opts/istio/testconfig.go index 7f5191fe78..228abbb1cf 100644 --- a/cluster-provision/gocli/opts/istio/testconfig.go +++ b/cluster-provision/gocli/opts/istio/testconfig.go @@ -22,7 +22,9 @@ var IstioReactor = func(action k8stesting.Action) (bool, runtime.Object, error) func AddExpectCalls(sshClient *kubevirtcimocks.MockSSHClient) { cmds := []string{ "source /var/lib/kubevirtci/shared_vars.sh", - "PATH=/opt/istio-1.24.1/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y", + `echo '` + string(istioWithCnao) + `' | tee /opt/istio-operator-with-cnao.yaml > /dev/null`, + `echo '` + string(istioNoCnao) + `' | tee /opt/istio-operator.cr.yaml > /dev/null`, + "PATH=/opt/istio-" + istioVersion + "/bin:$PATH istioctl --kubeconfig /etc/kubernetes/admin.conf install -y -f /opt/istio-operator.cr.yaml", } for _, cmd := range cmds { From ac32724fc27d1e02682b6bb50ced570ed3693100 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Mon, 16 Dec 2024 17:37:23 +0200 Subject: [PATCH 13/15] chore: Add istio images to 1.32 provider and install the newer istio on it Signed-off-by: aerosouund --- cluster-provision/k8s/1.29/extra-pre-pull-images | 3 +++ cluster-provision/k8s/1.30/extra-pre-pull-images | 3 +++ cluster-provision/k8s/1.31/extra-pre-pull-images | 3 +++ cluster-provision/k8s/1.32/extra-pre-pull-images | 3 +++ cluster-provision/k8s/1.32/provision.sh | 3 ++- 5 files changed, 14 insertions(+), 1 deletion(-) diff --git a/cluster-provision/k8s/1.29/extra-pre-pull-images b/cluster-provision/k8s/1.29/extra-pre-pull-images index 120d4e8225..0036af75b2 100644 --- a/cluster-provision/k8s/1.29/extra-pre-pull-images +++ b/cluster-provision/k8s/1.29/extra-pre-pull-images @@ -14,6 +14,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.30/extra-pre-pull-images b/cluster-provision/k8s/1.30/extra-pre-pull-images index a4e4a55fe7..9236e719b1 100644 --- a/cluster-provision/k8s/1.30/extra-pre-pull-images +++ b/cluster-provision/k8s/1.30/extra-pre-pull-images @@ -14,6 +14,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.31/extra-pre-pull-images b/cluster-provision/k8s/1.31/extra-pre-pull-images index 120d4e8225..0036af75b2 100644 --- a/cluster-provision/k8s/1.31/extra-pre-pull-images +++ b/cluster-provision/k8s/1.31/extra-pre-pull-images @@ -14,6 +14,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.32/extra-pre-pull-images b/cluster-provision/k8s/1.32/extra-pre-pull-images index 120d4e8225..0036af75b2 100644 --- a/cluster-provision/k8s/1.32/extra-pre-pull-images +++ b/cluster-provision/k8s/1.32/extra-pre-pull-images @@ -14,6 +14,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 quay.io/kubevirt/cdi-controller:v1.58.1 quay.io/kubevirt/cdi-operator:v1.58.1 quay.io/kubevirt/cdi-uploadproxy:v1.58.1 +docker.io/istio/install-cni:1.24.1 +docker.io/istio/pilot:1.24.1 +docker.io/istio/proxyv2:1.24.1 quay.io/kubevirt/cluster-network-addons-operator:v0.87.0 quay.io/kubevirt/cni-default-plugins@sha256:825e3f9fec1996c54a52cec806154945b38f76476b160d554c36e38dfffe5e61 quay.io/kubevirt/kubemacpool@sha256:afba7d0c4a95d2d4924f6ee6ef16bbe59117877383819057f01809150829cb0c diff --git a/cluster-provision/k8s/1.32/provision.sh b/cluster-provision/k8s/1.32/provision.sh index a340c63f19..b076eee0d8 100755 --- a/cluster-provision/k8s/1.32/provision.sh +++ b/cluster-provision/k8s/1.32/provision.sh @@ -52,7 +52,8 @@ export PATH="$ISTIO_BIN_DIR:$PATH" ( set -E mkdir -p "$ISTIO_BIN_DIR" - curl "https://storage.googleapis.com/kubevirtci-istioctl-mirror/istio-${ISTIO_VERSION}/bin/istioctl" -o "$ISTIO_BIN_DIR/istioctl" + curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -O + tar -xvf ./istio-${ISTIO_VERSION}-linux-amd64.tar.gz --strip-components=2 -C ${ISTIO_BIN_DIR} istio-${ISTIO_VERSION}/bin/istioctl chmod +x "$ISTIO_BIN_DIR/istioctl" ) From f3014a58d38309d86602e4deb2282f5fef166f58 Mon Sep 17 00:00:00 2001 From: aerosouund Date: Tue, 17 Dec 2024 18:18:45 +0200 Subject: [PATCH 14/15] fix: Use higher istio version in shared vars Signed-off-by: aerosouund --- cluster-provision/k8s/1.32/provision.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-provision/k8s/1.32/provision.sh b/cluster-provision/k8s/1.32/provision.sh index b076eee0d8..7e281db10d 100755 --- a/cluster-provision/k8s/1.32/provision.sh +++ b/cluster-provision/k8s/1.32/provision.sh @@ -6,7 +6,7 @@ ARCH=$(uname -m) KUBEVIRTCI_SHARED_DIR=/var/lib/kubevirtci mkdir -p $KUBEVIRTCI_SHARED_DIR -export ISTIO_VERSION=1.15.0 +export ISTIO_VERSION=1.24.1 cat << EOF > $KUBEVIRTCI_SHARED_DIR/shared_vars.sh #!/bin/bash set -ex From 0c603e501106fc35aa98363754dc2799eb29fbad Mon Sep 17 00:00:00 2001 From: aerosouund Date: Sat, 21 Dec 2024 14:40:42 +0200 Subject: [PATCH 15/15] chore: Remove old istio images Signed-off-by: aerosouund --- cluster-provision/k8s/1.29/extra-pre-pull-images | 3 --- cluster-provision/k8s/1.30/extra-pre-pull-images | 3 --- cluster-provision/k8s/1.32/extra-pre-pull-images | 3 --- 3 files changed, 9 deletions(-) diff --git a/cluster-provision/k8s/1.29/extra-pre-pull-images b/cluster-provision/k8s/1.29/extra-pre-pull-images index 0036af75b2..e9395de4c4 100644 --- a/cluster-provision/k8s/1.29/extra-pre-pull-images +++ b/cluster-provision/k8s/1.29/extra-pre-pull-images @@ -1,6 +1,3 @@ -quay.io/kubevirtci/install-cni:1.15.0 -quay.io/kubevirtci/operator:1.15.0 -quay.io/kubevirtci/pilot:1.15.0 quay.io/kubevirtci/proxyv2:1.15.0 quay.io/calico/cni:v3.26.5 quay.io/calico/kube-controllers:v3.26.5 diff --git a/cluster-provision/k8s/1.30/extra-pre-pull-images b/cluster-provision/k8s/1.30/extra-pre-pull-images index 9236e719b1..91dce92d24 100644 --- a/cluster-provision/k8s/1.30/extra-pre-pull-images +++ b/cluster-provision/k8s/1.30/extra-pre-pull-images @@ -1,6 +1,3 @@ -quay.io/kubevirtci/install-cni:1.15.0 -quay.io/kubevirtci/operator:1.15.0 -quay.io/kubevirtci/pilot:1.15.0 quay.io/kubevirtci/proxyv2:1.15.0 quay.io/calico/cni:v3.26.5 quay.io/calico/kube-controllers:v3.26.5 diff --git a/cluster-provision/k8s/1.32/extra-pre-pull-images b/cluster-provision/k8s/1.32/extra-pre-pull-images index 0036af75b2..e9395de4c4 100644 --- a/cluster-provision/k8s/1.32/extra-pre-pull-images +++ b/cluster-provision/k8s/1.32/extra-pre-pull-images @@ -1,6 +1,3 @@ -quay.io/kubevirtci/install-cni:1.15.0 -quay.io/kubevirtci/operator:1.15.0 -quay.io/kubevirtci/pilot:1.15.0 quay.io/kubevirtci/proxyv2:1.15.0 quay.io/calico/cni:v3.26.5 quay.io/calico/kube-controllers:v3.26.5