allow templating for registry overrides and azure KV client id

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>
openshift · Oct 25, 2024 · a45df44 · a45df44
1 parent 97e99b6
commit a45df44
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 48 deletions.
diff --git a/cmd/install/assets/hypershift_operator.go b/cmd/install/assets/hypershift_operator.go
@@ -381,6 +381,7 @@ type HyperShiftOperatorDeployment struct {
 	EnableCPOOverrides                      bool
 	AROHCPKeyVaultUsersClientID             string
 	TechPreviewNoUpgrade                    bool
+	RegistryOverrides                       string
 }
 
 // String returns a string containing all enabled feature gates, formatted as "key1=value1,key2=value2,...".
@@ -408,6 +409,9 @@ func (o HyperShiftOperatorDeployment) Build() *appsv1.Deployment {
 	if o.TechPreviewNoUpgrade {
 		args = append(args, fmt.Sprintf("--feature-gates=%s", featureGateString()))
 	}
+	if o.RegistryOverrides != "" {
+		args = append(args, fmt.Sprintf("--registry-overrides=%s", o.RegistryOverrides))
+	}
 
 	var volumeMounts []corev1.VolumeMount
 	var initVolumeMounts []corev1.VolumeMount

diff --git a/cmd/install/install.go b/cmd/install/install.go
@@ -107,6 +107,7 @@ type Options struct {
 	EnableCPOOverrides                        bool
 	AroHCPKeyVaultUsersClientID               string
 	TechPreviewNoUpgrade                      bool
+	RegistryOverrides                         string
 	RenderNamespace                           bool
 }
 
@@ -243,6 +244,7 @@ func NewCommand() *cobra.Command {
 	cmd.PersistentFlags().BoolVar(&opts.EnableCPOOverrides, "enable-cpo-overrides", opts.EnableCPOOverrides, "If true, the HyperShift operator uses a set of static overrides for the CPO image given specific release versions")
 	cmd.PersistentFlags().StringVar(&opts.AroHCPKeyVaultUsersClientID, "aro-hcp-key-vault-users-client-id", opts.AroHCPKeyVaultUsersClientID, "The client ID of the managed identity which can access the Azure Key Vaults, in an AKS management cluster, to retrieve secrets and certificates.")
 	cmd.PersistentFlags().BoolVar(&opts.TechPreviewNoUpgrade, "tech-preview-no-upgrade", opts.TechPreviewNoUpgrade, "If true, the HyperShift operator runs with TechPreviewNoUpgrade features enabled")
+	cmd.PersistentFlags().StringVar(&opts.RegistryOverrides, "registry-overrides", "", "registry-overrides contains the source registry string as a key and the destination registry string as value. Images before being applied are scanned for the source registry string and if found the string is replaced with the destination registry string. Format is: sr1=dr1,sr2=dr2")
 
 	cmd.RunE = func(cmd *cobra.Command, args []string) error {
 		opts.ApplyDefaults()
@@ -715,6 +717,7 @@ func setupOperatorResources(opts Options, userCABundleCM *corev1.ConfigMap, trus
 		EnableCPOOverrides:                      opts.EnableCPOOverrides,
 		AROHCPKeyVaultUsersClientID:             opts.AroHCPKeyVaultUsersClientID,
 		TechPreviewNoUpgrade:                    opts.TechPreviewNoUpgrade,
+		RegistryOverrides:                       opts.RegistryOverrides,
 	}.Build()
 	operatorService := assets.HyperShiftOperatorService{
 		Namespace: operatorNamespace,

diff --git a/cmd/install/install_helm.go b/cmd/install/install_helm.go
@@ -12,21 +12,23 @@ import (
 )
 
 var helmTemplateParams = TemplateParams{
-	Namespace:                ".Release.Namespace",
-	HyperShiftImage:          ".Values.image",
-	HyperShiftImageTag:       ".Values.imagetag",
-	OIDCS3Name:               ".Values.oidc.s3.name",
-	OIDCS3Region:             ".Values.oidc.s3.region",
-	OIDCS3CredsSecret:        ".Values.oidc.s3.credsSecret",
-	OIDCS3CredsSecretKey:     ".Values.oidc.s3.credsSecretKey",
-	AWSPrivateRegion:         ".Values.aws.private.region",
-	AWSPrivateCredsSecret:    ".Values.aws.private.credsSecret",
-	AWSPrivateCredsSecretKey: ".Values.aws.private.credsSecretKey",
-	ExternalDNSCredsSecret:   ".Values.externaldns.credsSecret",
-	ExternalDNSDomainFilter:  ".Values.externaldns.domainFilter",
-	ExternalDNSTxtOwnerID:    ".Values.externaldns.txtOwnerId",
-	ExternalDNSImage:         ".Values.externaldns.image",
-	TemplateNamespace:        false,
+	Namespace:                   ".Release.Namespace",
+	HyperShiftImage:             ".Values.image",
+	HyperShiftImageTag:          ".Values.imagetag",
+	OIDCS3Name:                  ".Values.oidc.s3.name",
+	OIDCS3Region:                ".Values.oidc.s3.region",
+	OIDCS3CredsSecret:           ".Values.oidc.s3.credsSecret",
+	OIDCS3CredsSecretKey:        ".Values.oidc.s3.credsSecretKey",
+	AWSPrivateRegion:            ".Values.aws.private.region",
+	AWSPrivateCredsSecret:       ".Values.aws.private.credsSecret",
+	AWSPrivateCredsSecretKey:    ".Values.aws.private.credsSecretKey",
+	ExternalDNSCredsSecret:      ".Values.externaldns.credsSecret",
+	ExternalDNSDomainFilter:     ".Values.externaldns.domainFilter",
+	ExternalDNSTxtOwnerID:       ".Values.externaldns.txtOwnerId",
+	ExternalDNSImage:            ".Values.externaldns.image",
+	RegistryOverrides:           ".Values.registryOverrides",
+	AROHCPKeyVaultUsersClientID: ".Values.azure.keyVault.clientId",
+	TemplateNamespace:           false,
 	TemplateParamWrapper: func(name string) string {
 		return fmt.Sprintf("{{ %s }}", name)
 	},

diff --git a/cmd/install/install_render.go b/cmd/install/install_render.go
@@ -28,22 +28,24 @@ var (
 )
 
 var openshiftTemplateParams = TemplateParams{
-	HyperShiftImage:            "OPERATOR_IMG",
-	HyperShiftImageTag:         "IMAGE_TAG",
-	Namespace:                  "NAMESPACE",
-	HypershiftOperatorReplicas: "OPERATOR_REPLICAS",
-	OIDCS3Name:                 "OIDC_S3_NAME",
-	OIDCS3Region:               "OIDC_S3_REGION",
-	OIDCS3CredsSecret:          "OIDC_S3_CREDS_SECRET",
-	OIDCS3CredsSecretKey:       "OIDC_S3_CREDS_SECRET_KEY",
-	AWSPrivateRegion:           "AWS_PRIVATE_REGION",
-	AWSPrivateCredsSecret:      "AWS_PRIVATE_CREDS_SECRET",
-	AWSPrivateCredsSecretKey:   "AWS_PRIVATE_CREDS_SECRET_KEY",
-	ExternalDNSCredsSecret:     "EXTERNAL_DNS_CREDS_SECRET",
-	ExternalDNSDomainFilter:    "EXTERNAL_DNS_DOMAIN_FILTER",
-	ExternalDNSTxtOwnerID:      "EXTERNAL_DNS_TXT_OWNER_ID",
-	ExternalDNSImage:           "EXTERNAL_DNS_IMAGE",
-	TemplateNamespace:          true,
+	HyperShiftImage:             "OPERATOR_IMG",
+	HyperShiftImageTag:          "IMAGE_TAG",
+	Namespace:                   "NAMESPACE",
+	HypershiftOperatorReplicas:  "OPERATOR_REPLICAS",
+	OIDCS3Name:                  "OIDC_S3_NAME",
+	OIDCS3Region:                "OIDC_S3_REGION",
+	OIDCS3CredsSecret:           "OIDC_S3_CREDS_SECRET",
+	OIDCS3CredsSecretKey:        "OIDC_S3_CREDS_SECRET_KEY",
+	AWSPrivateRegion:            "AWS_PRIVATE_REGION",
+	AWSPrivateCredsSecret:       "AWS_PRIVATE_CREDS_SECRET",
+	AWSPrivateCredsSecretKey:    "AWS_PRIVATE_CREDS_SECRET_KEY",
+	ExternalDNSCredsSecret:      "EXTERNAL_DNS_CREDS_SECRET",
+	ExternalDNSDomainFilter:     "EXTERNAL_DNS_DOMAIN_FILTER",
+	ExternalDNSTxtOwnerID:       "EXTERNAL_DNS_TXT_OWNER_ID",
+	ExternalDNSImage:            "EXTERNAL_DNS_IMAGE",
+	RegistryOverrides:           "REGISTRY_OVERRIDES",
+	AROHCPKeyVaultUsersClientID: "AZURE_KEYVAULT_CLIENT_ID",
+	TemplateNamespace:           true,
 	TemplateParamWrapper: func(name string) string {
 		return fmt.Sprintf("${%s}", name)
 	},

diff --git a/cmd/install/render.go b/cmd/install/render.go
@@ -7,23 +7,25 @@ import (
 )
 
 type TemplateParams struct {
-	HyperShiftImage            string
-	HyperShiftImageTag         string
-	Namespace                  string
-	HypershiftOperatorReplicas string
-	OIDCS3Name                 string
-	OIDCS3Region               string
-	OIDCS3CredsSecret          string
-	OIDCS3CredsSecretKey       string
-	AWSPrivateRegion           string
-	AWSPrivateCredsSecret      string
-	AWSPrivateCredsSecretKey   string
-	ExternalDNSCredsSecret     string
-	ExternalDNSDomainFilter    string
-	ExternalDNSTxtOwnerID      string
-	ExternalDNSImage           string
-	TemplateNamespace          bool
-	TemplateParamWrapper       func(string) string
+	HyperShiftImage             string
+	HyperShiftImageTag          string
+	Namespace                   string
+	HypershiftOperatorReplicas  string
+	OIDCS3Name                  string
+	OIDCS3Region                string
+	OIDCS3CredsSecret           string
+	OIDCS3CredsSecretKey        string
+	AWSPrivateRegion            string
+	AWSPrivateCredsSecret       string
+	AWSPrivateCredsSecretKey    string
+	ExternalDNSCredsSecret      string
+	ExternalDNSDomainFilter     string
+	ExternalDNSTxtOwnerID       string
+	ExternalDNSImage            string
+	RegistryOverrides           string
+	AROHCPKeyVaultUsersClientID string
+	TemplateNamespace           bool
+	TemplateParamWrapper        func(string) string
 }
 
 func hyperShiftOperatorTemplateManifest(opts *Options, templateParamConfig TemplateParams) ([]crclient.Object, []crclient.Object, error) {
@@ -60,6 +62,12 @@ func hyperShiftOperatorTemplateManifest(opts *Options, templateParamConfig Templ
 		opts.ExternalDNSTxtOwnerId = templateParamConfig.TemplateParamWrapper(templateParamConfig.ExternalDNSTxtOwnerID)
 	}
 
+	// registry overrides
+	opts.RegistryOverrides = templateParamConfig.TemplateParamWrapper(templateParamConfig.RegistryOverrides)
+
+	// azure key vault client id
+	opts.AroHCPKeyVaultUsersClientID = templateParamConfig.TemplateParamWrapper(templateParamConfig.AROHCPKeyVaultUsersClientID)
+
 	// create manifests
 	opts.RenderNamespace = templateParamConfig.TemplateNamespace
 	crds, objects, err := hyperShiftOperatorManifests(*opts)