From c2e5c642051f53bb8743a32e7712f551916a4d80 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 9 Sep 2022 15:57:44 +0530 Subject: [PATCH] Add internal script to build and push KAO/KCMO images This script is used by crc dev or internal CI and suppose to be a standalone. It suppose to do following steps: - Get the KAO/KCMO components image from openshift release - Get the vcs-ref of these component to know their respective dist-git commit ID - Get the tag of these comonent which used to pull image from brew once it is created. - Clone the respective comonent from dist-git - Add it's upstream component as part of git remote and fetch it. - Merge the vcs-ref of the compnent to rhaos-4.11-rhel-8 branch - Push the branch to dist-git - Create the container build on the brew - Use skopeo to pull that image from brew and mirror it to quay.io/crcont with all the arch --- .gitignore | 2 + build-patched-kao-kcmo-images.sh | 86 ++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100755 build-patched-kao-kcmo-images.sh diff --git a/.gitignore b/.gitignore index f2471ef1..3782fda9 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ yq openshift-clients/ podman-remote/ .sw[a-p] +crc-cluster-kube-apiserver-operator +crc-cluster-kube-controller-manager-operator diff --git a/build-patched-kao-kcmo-images.sh b/build-patched-kao-kcmo-images.sh new file mode 100755 index 00000000..8d658f72 --- /dev/null +++ b/build-patched-kao-kcmo-images.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +# This script is used by crc developer or internal CI to build patched KAO/KCMO images with +# 1 year certificates and then push them to quay.io/crcont. The provided pull secret should allow +# push access to `quay.io/crcont` before providing to this script. +# - Since this script uses rhpkg and kinit commands, it is only tested on linux. +# - As of now this script works with 4.11 releases because only the `rhaos-4.11-rhel-8` branch +# has been created in dist-git and tested. +# - This script is suppose to run standalone without cloning the snc repo so some code is repeated. +# Usage: +# If you want to build latest candidate stream for 4.11 +# - ./internal.sh +# If you want to build specific version of 4.11.3 +# - OPENSHIFT_VERSION=4.11.3 ./internal.sh + +set -exuo pipefail + +export LC_ALL=C.UTF-8 +export LANG=C.UTF-8 + +rm -fr crc-cluster-kube-apiserver-operator +rm -fr crc-cluster-kube-controller-manager-operator + +function check_pull_secret() { + if [ -z "${OPENSHIFT_PULL_SECRET_PATH-}" ]; then + echo "OpenShift pull secret file path must be specified through the OPENSHIFT_PULL_SECRET_PATH environment variable" + exit 1 + elif [ ! -f ${OPENSHIFT_PULL_SECRET_PATH} ]; then + echo "Provided OPENSHIFT_PULL_SECRET_PATH (${OPENSHIFT_PULL_SECRET_PATH}) does not exists" + exit 1 + fi +} + +check_pull_secret + +MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp} + +# If user defined the OPENSHIFT_VERSION environment variable then use it. +if test -n "${OPENSHIFT_VERSION-}"; then + OPENSHIFT_RELEASE_VERSION=${OPENSHIFT_VERSION} + echo "Using release ${OPENSHIFT_RELEASE_VERSION} from OPENSHIFT_VERSION" +else + OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/candidate-4.11/release.txt | sed -n 's/^ *Version: *//p')" + if test -n "${OPENSHIFT_RELEASE_VERSION}"; then + echo "Using release ${OPENSHIFT_RELEASE_VERSION} from the mirror" + else + echo "Unable to determine an OpenShift release version. You may want to set the OPENSHIFT_VERSION environment variable explicitly." + exit 1 + fi +fi + +if test -z "${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE-}"; then + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE="$(curl -L "${MIRROR}/${OPENSHIFT_RELEASE_VERSION}/release.txt" | sed -n 's/^Pull From: //p')" +elif test -n "${OPENSHIFT_VERSION-}"; then + echo "Both OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE and OPENSHIFT_VERSION are set, OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE will take precedence" + echo "OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: $OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE" + echo "OPENSHIFT_VERSION: $OPENSHIFT_VERSION" +fi +echo "Setting OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" + +mkdir -p openshift-clients/linux +curl -L "${MIRROR}/${OPENSHIFT_RELEASE_VERSION}/openshift-client-linux-${OPENSHIFT_RELEASE_VERSION}.tar.gz" | tar -zx -C openshift-clients/linux oc +OC=./openshift-clients/linux/oc + +function patch_and_push_image() { + local image_name=$1 + openshift_version=$(${OC} adm release info -a ${OPENSHIFT_PULL_SECRET_PATH} ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE} -ojsonpath='{.config.config.Labels.io\.openshift\.release}') + image=$(${OC} adm release info -a ${OPENSHIFT_PULL_SECRET_PATH} ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE} --image-for=${image_name}) + vcs_ref=$(${OC} image info -a ${OPENSHIFT_PULL_SECRET_PATH} ${image} -ojson | jq -r '.config.config.Labels."vcs-ref"') + version=$(${OC} image info -a ${OPENSHIFT_PULL_SECRET_PATH} ${image} -ojson | jq -r '.config.config.Labels.version') + release=$(${OC} image info -a ${OPENSHIFT_PULL_SECRET_PATH} ${image} -ojson | jq -r '.config.config.Labels.release') + rhpkg clone containers/crc-${image_name} + pushd crc-${image_name} + git remote add upstream git://pkgs.devel.redhat.com/containers/ose-${image_name} + # Just fetch the upstream/rhaos-4.11-rhel-8 instead of all the branches and tags from upstream + git fetch upstream rhaos-4.11-rhel-8 --no-tags + git checkout --track origin/rhaos-4.11-rhel-8 + git merge --no-edit ${vcs_ref} + git push origin HEAD + rhpkg container-build --target crc-1-rhel-8-candidate + popd + skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all docker://registry-proxy.engineering.redhat.com/rh-osbs/openshift-crc-${image_name}:${version}-${release} docker://quay.io/crcont/openshift-crc-${image_name}:${openshift_version} +} + +patch_and_push_image cluster-kube-apiserver-operator +patch_and_push_image cluster-kube-controller-manager-operator