Merge pull request #5519 from pablintino/mco-2033

MCO-2033: Refactor bootstrap dependency handling

Author: openshift-merge-bot[bot]

cmd/machine-config-operator/bootstrap.go

@@ -24,42 +24,31 @@ var (
 	}
 
 	bootstrapOpts struct {
+		destinationDir                 string
 		baremetalRuntimeCfgImage       string
-		cloudConfigFile                string
-		configFile                     string
-		cloudProviderCAFile            string
 		corednsImage                   string
-		destinationDir                 string
 		haproxyImage                   string
-		imagesConfigMapFile            string
-		infraConfigFile                string
 		infraImage                     string
 		releaseImage                   string
 		keepalivedImage                string
-		kubeCAFile                     string
 		mcoImage                       string
 		oauthProxyImage                string
 		kubeRbacProxyImage             string
 		dockerRegistryImage            string
-		networkConfigFile              string
 		oscontentImage                 string
-		pullSecretFile                 string
-		mcsCAFile                      string
-		proxyConfigFile                string
-		additionalTrustBundleFile      string
-		dnsConfigFile                  string
 		imageReferences                string
 		baseOSContainerImage           string
 		baseOSExtensionsContainerImage string
+		dependencyFiles                operator.BootstrapDependenciesFiles
 	}
 )
 
 func init() {
 	rootCmd.AddCommand(bootstrapCmd)
 	// See https://docs.openshift.com/container-platform/4.13/security/certificate_types_descriptions/machine-config-operator-certificates.html
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.mcsCAFile, "root-ca", "/etc/ssl/kubernetes/ca.crt", "Path to installer-generated root MCS CA")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.kubeCAFile, "kube-ca", "", "path to kube-apiserver serving-ca bundle")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.pullSecretFile, "pull-secret", "/assets/manifests/pull.json", "path to secret manifest that contains pull secret.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.MCSCAFile, "root-ca", "/etc/ssl/kubernetes/ca.crt", "Path to installer-generated root MCS CA")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.KubeAPIServerServingCA, "kube-ca", "", "path to kube-apiserver serving-ca bundle")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.PullSecret, "pull-secret", "/assets/manifests/pull.json", "path to secret manifest that contains pull secret.")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.destinationDir, "dest-dir", "", "The destination directory where MCO writes the manifests.")
 	bootstrapCmd.MarkFlagRequired("dest-dir")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.mcoImage, "machine-config-operator-image", "", "Image for Machine Config Operator.")
@@ -70,14 +59,14 @@ func init() {
 	bootstrapCmd.MarkFlagRequired("infra-image")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.releaseImage, "release-image", "", "Release image used for cluster installation.")
 	bootstrapCmd.MarkFlagRequired("release-image")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.configFile, "config-file", "", "ClusterConfig ConfigMap file.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.ClusterConfig, "config-file", "", "ClusterConfig ConfigMap file.")
 	bootstrapCmd.MarkFlagRequired("config-file")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.infraConfigFile, "infra-config-file", "/assets/manifests/cluster-infrastructure-02-config.yml", "File containing infrastructure.config.openshift.io manifest.")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.networkConfigFile, "network-config-file", "/assets/manifests/cluster-network-02-config.yml", "File containing network.config.openshift.io manifest.")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.cloudConfigFile, "cloud-config-file", "", "File containing the config map that contains the cloud config for cloudprovider.")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.proxyConfigFile, "proxy-config-file", "/assets/manifests/cluster-proxy-01-config.yaml", "File containing proxy.config.openshift.io manifest.")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dnsConfigFile, "dns-config-file", "/assets/manifests/cluster-dns-02-config.yml", "File containing dns.config.openshift.io manifest.")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.additionalTrustBundleFile, "additional-trust-bundle-config-file", "/assets/manifests/user-ca-bundle-config.yaml", "File containing the additional user provided CA bundle manifest.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.Infrastructure, "infra-config-file", "/assets/manifests/cluster-infrastructure-02-config.yml", "File containing infrastructure.config.openshift.io manifest.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.Network, "network-config-file", "/assets/manifests/cluster-network-02-config.yml", "File containing network.config.openshift.io manifest.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.CloudConfig, "cloud-config-file", "", "File containing the config map that contains the cloud config for cloudprovider.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.Proxy, "proxy-config-file", "/assets/manifests/cluster-proxy-01-config.yaml", "File containing proxy.config.openshift.io manifest.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.DNS, "dns-config-file", "/assets/manifests/cluster-dns-02-config.yml", "File containing dns.config.openshift.io manifest.")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.AdditionalTrustBundle, "additional-trust-bundle-config-file", "/assets/manifests/user-ca-bundle-config.yaml", "File containing the additional user provided CA bundle manifest.")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.keepalivedImage, "keepalived-image", "", "Image for Keepalived.")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.corednsImage, "coredns-image", "", "Image for CoreDNS.")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.haproxyImage, "haproxy-image", "", "Image for haproxy.")
@@ -88,7 +77,7 @@ func init() {
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.kubeRbacProxyImage, "kube-rbac-proxy-image", "", "Image for origin kube-rbac proxy.")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dockerRegistryImage, "docker-registry-image", "", "Image for docker-registry.")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.imageReferences, "image-references", "", "File containing imagestreams (from cluster-version-operator)")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.cloudProviderCAFile, "cloud-provider-ca-file", "", "path to cloud provider CA certificate")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapOpts.dependencyFiles.CloudProviderCA, "cloud-provider-ca-file", "", "path to cloud provider CA certificate")
 
 }
 
@@ -178,15 +167,7 @@ func runBootstrapCmd(_ *cobra.Command, _ []string) {
 	}
 
 	if err := operator.RenderBootstrap(
-		bootstrapOpts.additionalTrustBundleFile,
-		bootstrapOpts.proxyConfigFile,
-		bootstrapOpts.configFile,
-		bootstrapOpts.infraConfigFile,
-		bootstrapOpts.networkConfigFile,
-		bootstrapOpts.dnsConfigFile,
-		bootstrapOpts.cloudConfigFile,
-		bootstrapOpts.cloudProviderCAFile,
-		bootstrapOpts.mcsCAFile, bootstrapOpts.kubeCAFile, bootstrapOpts.pullSecretFile,
+		bootstrapOpts.dependencyFiles,
 		&imgs,
 		bootstrapOpts.destinationDir,
 		bootstrapOpts.releaseImage,

pkg/operator/bootstrap.go

@@ -9,11 +9,6 @@ import (
 	"k8s.io/klog/v2"
 
 	configv1 "github.com/openshift/api/config/v1"
-	configscheme "github.com/openshift/client-go/config/clientset/versioned/scheme"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/client-go/kubernetes/scheme"
-
 	ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common"
 	templatectrl "github.com/openshift/machine-config-operator/pkg/controller/template"
 )
@@ -26,137 +21,20 @@ type manifest struct {
 
 // RenderBootstrap writes to destinationDir static Pods.
 func RenderBootstrap(
-	additionalTrustBundleFile,
-	proxyFile,
-	clusterConfigConfigMapFile,
-	infraFile, networkFile, dnsFile,
-	cloudConfigFile, cloudProviderCAFile,
-	mcsCAFile, kubeAPIServerServingCA, pullSecretFile string,
+	dependenciesFiles BootstrapDependenciesFiles,
 	imgs *ctrlcommon.Images,
 	destinationDir, releaseImage string,
 ) error {
-	filesData := map[string][]byte{}
-	files := []string{
-		proxyFile,
-		clusterConfigConfigMapFile,
-		infraFile,
-		networkFile,
-		mcsCAFile,
-		pullSecretFile,
-		dnsFile,
-	}
-	if kubeAPIServerServingCA != "" {
-		files = append(files, kubeAPIServerServingCA)
-	}
-	if cloudProviderCAFile != "" {
-		files = append(files, cloudProviderCAFile)
-	}
-	for _, file := range files {
-		data, err := os.ReadFile(file)
-		if err != nil {
-			return err
-		}
-		filesData[file] = data
-	}
-
-	// create ControllerConfigSpec
-	obji, err := runtime.Decode(configscheme.Codecs.UniversalDecoder(configv1.SchemeGroupVersion), filesData[infraFile])
-	if err != nil {
-		return err
-	}
-	infra, ok := obji.(*configv1.Infrastructure)
-	if !ok {
-		return fmt.Errorf("expected *configv1.Infrastructure found %T", obji)
-	}
-
-	obji, err = runtime.Decode(configscheme.Codecs.UniversalDecoder(configv1.SchemeGroupVersion), filesData[proxyFile])
-	if err != nil {
-		return err
-	}
-	proxy, ok := obji.(*configv1.Proxy)
-	if !ok {
-		return fmt.Errorf("expected *configv1.Proxy found %T", obji)
-	}
-
-	obji, err = runtime.Decode(configscheme.Codecs.UniversalDecoder(configv1.SchemeGroupVersion), filesData[networkFile])
-	if err != nil {
-		return err
-	}
-	network, ok := obji.(*configv1.Network)
-	if !ok {
-		return fmt.Errorf("expected *configv1.Network found %T", obji)
-	}
-
-	obji, err = runtime.Decode(configscheme.Codecs.UniversalDecoder(configv1.SchemeGroupVersion), filesData[dnsFile])
+	dependencies, err := NewBootstrapDependencies(dependenciesFiles)
 	if err != nil {
-		return err
-	}
-	dns, ok := obji.(*configv1.DNS)
-	if !ok {
-		return fmt.Errorf("expected *configv1.DNS found %T", obji)
+		return fmt.Errorf("error parsing dependencies for MCO bootstrap: %w", err)
 	}
 
-	spec, err := createDiscoveredControllerConfigSpec(infra, network, proxy, dns)
+	config, err := buildSpec(dependencies, imgs, releaseImage)
 	if err != nil {
-		return err
-	}
-
-	additionalTrustBundleData, err := os.ReadFile(additionalTrustBundleFile)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	if additionalTrustBundleData != nil {
-		obji, err := runtime.Decode(scheme.Codecs.UniversalDecoder(corev1.SchemeGroupVersion), additionalTrustBundleData)
-		if err != nil {
-			return err
-		}
-		additionalTrustBundle, ok := obji.(*corev1.ConfigMap)
-		if !ok {
-			return fmt.Errorf("expected *corev1.ConfigMap found %T", obji)
-		}
-		spec.AdditionalTrustBundle = []byte(additionalTrustBundle.Data["ca-bundle.crt"])
-	}
-
-	// if the cloudConfig is set in infra read the cloudConfigFile
-	if infra.Spec.CloudConfig.Name != "" {
-		cloudConf, err := loadBootstrapCloudProviderConfig(infra, cloudConfigFile)
-		if err != nil {
-			return fmt.Errorf("failed to load the cloud provider config: %w", err)
-		}
-		spec.CloudProviderConfig = cloudConf
-	}
-
-	bundle := make([]byte, 0)
-	bundle = append(bundle, filesData[mcsCAFile]...)
-	// Append the kube-ca if given.
-	if _, ok := filesData[kubeAPIServerServingCA]; ok {
-		spec.KubeAPIServerServingCAData = filesData[kubeAPIServerServingCA]
-	}
-	// Set the cloud-provider CA if given.
-	if data, ok := filesData[cloudProviderCAFile]; ok {
-		spec.CloudProviderCAData = data
+		return fmt.Errorf("error building spec for MCO bootstrap: %w", err)
 	}
 
-	spec.RootCAData = bundle
-	spec.PullSecret = nil
-	spec.BaseOSContainerImage = imgs.BaseOSContainerImage
-	spec.BaseOSExtensionsContainerImage = imgs.BaseOSExtensionsContainerImage
-	spec.ReleaseImage = releaseImage
-	spec.Images = map[string]string{
-		templatectrl.MachineConfigOperatorKey: imgs.MachineConfigOperator,
-
-		templatectrl.APIServerWatcherKey:    imgs.MachineConfigOperator,
-		templatectrl.InfraImageKey:          imgs.InfraImage,
-		templatectrl.KeepalivedKey:          imgs.Keepalived,
-		templatectrl.CorednsKey:             imgs.Coredns,
-		templatectrl.HaproxyKey:             imgs.Haproxy,
-		templatectrl.BaremetalRuntimeCfgKey: imgs.BaremetalRuntimeCfg,
-		templatectrl.KubeRbacProxyKey:       imgs.KubeRbacProxy,
-		templatectrl.DockerRegistryKey:      imgs.DockerRegistry,
-	}
-
-	config := getRenderConfig("", string(filesData[kubeAPIServerServingCA]), spec, &imgs.RenderConfigImages, infra, nil, nil, "2")
-
 	manifests := []manifest{
 		{
 			name:     "manifests/machineconfigcontroller/controllerconfig.yaml",
@@ -171,7 +49,7 @@ func RenderBootstrap(
 			name:     "manifests/bootstrap-pod-v2.yaml",
 			filename: "bootstrap/machineconfigoperator-bootstrap-pod.yaml",
 		}, {
-			data:     filesData[pullSecretFile],
+			data:     []byte(dependencies.PullSecret),
 			filename: "bootstrap/manifests/machineconfigcontroller-pull-secret",
 		}, {
 			name:     "manifests/machineconfigserver/csr-bootstrap-role-binding.yaml",
@@ -182,14 +60,14 @@ func RenderBootstrap(
 		},
 	}
 
-	if infra.Status.ControlPlaneTopology == configv1.HighlyAvailableArbiterMode {
+	if dependencies.Infrastructure.Status.ControlPlaneTopology == configv1.HighlyAvailableArbiterMode {
 		manifests = append(manifests, manifest{
 			name:     "manifests/arbiter.machineconfigpool.yaml",
 			filename: "bootstrap/manifests/arbiter.machineconfigpool.yaml",
 		})
 	}
 
-	manifests = appendManifestsByPlatform(manifests, *infra)
+	manifests = appendManifestsByPlatform(manifests, dependencies.Infrastructure)
 
 	for _, m := range manifests {
 		var b []byte
@@ -222,7 +100,59 @@ func RenderBootstrap(
 	return nil
 }
 
-func appendManifestsByPlatform(manifests []manifest, infra configv1.Infrastructure) []manifest {
+func buildSpec(dependencies *BootstrapDependencies, imgs *ctrlcommon.Images, releaseImage string) (*renderConfig, error) {
+
+	// create ControllerConfigSpec
+	spec, err := createDiscoveredControllerConfigSpec(
+		dependencies.Infrastructure,
+		dependencies.Network,
+		dependencies.Proxy,
+		dependencies.DNS)
+	if err != nil {
+		return nil, err
+	}
+
+	if dependencies.AdditionalTrustBundle != "" {
+		spec.AdditionalTrustBundle = []byte(dependencies.AdditionalTrustBundle)
+	}
+
+	if dependencies.CloudConfig != "" {
+		spec.CloudProviderConfig = dependencies.CloudConfig
+	}
+
+	// Append the kube-ca if given.
+	if dependencies.KubeAPIServerServingCA != "" {
+		spec.KubeAPIServerServingCAData = []byte(dependencies.KubeAPIServerServingCA)
+	}
+	// Set the cloud-provider CA if given.
+	if dependencies.CloudProviderCA != "" {
+		spec.CloudProviderCAData = []byte(dependencies.CloudProviderCA)
+	}
+
+	spec.RootCAData = []byte(dependencies.MCSCA)
+	spec.PullSecret = nil
+	spec.BaseOSContainerImage = imgs.BaseOSContainerImage
+	spec.BaseOSExtensionsContainerImage = imgs.BaseOSExtensionsContainerImage
+	spec.ReleaseImage = releaseImage
+	spec.Images = map[string]string{
+		templatectrl.MachineConfigOperatorKey: imgs.MachineConfigOperator,
+
+		templatectrl.APIServerWatcherKey:    imgs.MachineConfigOperator,
+		templatectrl.InfraImageKey:          imgs.InfraImage,
+		templatectrl.KeepalivedKey:          imgs.Keepalived,
+		templatectrl.CorednsKey:             imgs.Coredns,
+		templatectrl.HaproxyKey:             imgs.Haproxy,
+		templatectrl.BaremetalRuntimeCfgKey: imgs.BaremetalRuntimeCfg,
+		templatectrl.KubeRbacProxyKey:       imgs.KubeRbacProxy,
+		templatectrl.DockerRegistryKey:      imgs.DockerRegistry,
+	}
+
+	config := getRenderConfig("", dependencies.KubeAPIServerServingCA, spec,
+		&imgs.RenderConfigImages, dependencies.Infrastructure, nil, nil, "2")
+	return config, nil
+}
+
+func appendManifestsByPlatform(manifests []manifest, infra *configv1.Infrastructure) []manifest {
 	lbType := configv1.LoadBalancerTypeOpenShiftManagedDefault
 	if infra.Status.PlatformStatus.BareMetal != nil {
 		if infra.Status.PlatformStatus.BareMetal.LoadBalancer != nil {
@@ -300,28 +230,6 @@ func appendManifestsByPlatform(manifests []manifest, infra configv1.Infrastructu
 	return manifests
 }
 
-// loadBootstrapCloudProviderConfig reads the cloud provider config from cloudConfigFile based on infra object.
-func loadBootstrapCloudProviderConfig(infra *configv1.Infrastructure, cloudConfigFile string) (string, error) {
-	data, err := os.ReadFile(cloudConfigFile)
-	if err != nil {
-		return "", err
-	}
-	obji, err := runtime.Decode(scheme.Codecs.UniversalDecoder(corev1.SchemeGroupVersion), data)
-	if err != nil {
-		return "", err
-	}
-	cm, ok := obji.(*corev1.ConfigMap)
-	if !ok {
-		return "", fmt.Errorf("expected *corev1.ConfigMap found %T", obji)
-	}
-	cloudConf, ok := cm.Data["cloud.conf"]
-	if !ok {
-		klog.Infof("falling back to reading cloud provider config from user specified key %s", infra.Spec.CloudConfig.Key)
-		cloudConf = cm.Data[infra.Spec.CloudConfig.Key]
-	}
-	return cloudConf, nil
-}
-
 func getPlatformManifests(manifests []manifest, platformName string, lbType configv1.PlatformLoadBalancerType) []manifest {
 	var corednsName string
 	var corefileName string