AGENT-1330: machineconfiguration/v1alpha1: add InternalReleaseImage

hack/update-payload-crds.sh

@@ -24,6 +24,7 @@ crd_globs="\
     config/v1/zz_generated.crd-manifests/0000_10_openshift-controller-manager_01_builds*.crd.yaml
     operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers*.crd.yaml
     machineconfiguration/v1/zz_generated.crd-manifests/*.crd.yaml
+    machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_internalreleaseimages-*.crd.yaml
     operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations*.crd.yaml
     config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring*.crd.yaml
     operator/v1/zz_generated.crd-manifests/*_storage_01_storages*.crd.yaml

machineconfiguration/v1/tests/machineconfignodes.machineconfiguration.openshift.io/NoRegistryClusterOperations.yaml

@@ -0,0 +1,87 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "[TechPreview] InternalReleaseImage"
+crdName: machineconfignodes.machineconfiguration.openshift.io
+featureGates:
+- MachineConfigNodes
+- NoRegistryClusterOperations
+tests:
+  onUpdate:
+    - name: Should be able to update a MachineConfigNode with a minimal internalReleaseImage status field.
+      initial: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: MachineConfigNode
+        metadata:
+          name: foobar
+        spec:
+          node:
+            name: foobar
+          pool:
+            name: master
+          configVersion:
+            desired: rendered-master-abc
+      updated: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: MachineConfigNode
+        metadata:
+          name: foobar
+        spec:
+          node:
+            name: foobar
+          pool:
+            name: master
+          configVersion:
+            desired: rendered-master-abc
+        status:
+          internalReleaseImage:
+            releases:
+              - name: ocp-release-bundle-4.18.0-x86_64
+                image: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607f
+                conditions:
+                  - type: Mounted
+                    status: "False" 
+                    reason: "Mounted"
+                    message: ""
+                    lastTransitionTime: "2024-12-01T08:04:21Z"
+                  - type: Available
+                    status: "True"               
+                    reason: "Available"
+                    message: "Release ocp-release-bundle-4.18.0-x86_64 is currently available on node master-0"
+                    lastTransitionTime: "2024-12-01T08:04:21Z"
+                  - type: Degraded
+                    status: "False"               
+                    reason: "Degraded"
+                    message: ""
+                    lastTransitionTime: "2024-12-01T08:04:21Z"
+      expected: |
+        apiVersion: machineconfiguration.openshift.io/v1
+        kind: MachineConfigNode
+        metadata:
+          name: foobar
+        spec:
+          node:
+            name: foobar
+          pool:
+            name: master
+          configVersion:
+            desired: rendered-master-abc
+        status:
+          internalReleaseImage:
+            releases:
+              - name: ocp-release-bundle-4.18.0-x86_64
+                image: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607f
+                conditions:
+                  - type: Mounted
+                    status: "False" 
+                    reason: "Mounted"
+                    message: ""  
+                    lastTransitionTime: "2024-12-01T08:04:21Z"
+                  - type: Available
+                    status: "True"               
+                    reason: "Available"
+                    message: "Release ocp-release-bundle-4.18.0-x86_64 is currently available on node master-0"
+                    lastTransitionTime: "2024-12-01T08:04:21Z"
+                  - type: Degraded
+                    status: "False"               
+                    reason: "Degraded"
+                    message: ""
+                    lastTransitionTime: "2024-12-01T08:04:21Z"

machineconfiguration/v1/types_machineconfignode.go

@@ -158,8 +158,88 @@ type MachineConfigNodeStatus struct {
 	// +kubebuilder:validation:MaxItems=32
 	// +optional
 	IrreconcilableChanges []IrreconcilableChangeDiff `json:"irreconcilableChanges,omitempty"`
+	// internalReleaseImage describes the status of the release payloads stored in the node.
+	// When specified, an internalReleaseImage custom resource exists on the cluster, and the specified images will be made available on the control plane nodes.
+	// This field will reflect the actual on-disk state of those release images.
+	// +openshift:enable:FeatureGate=NoRegistryClusterOperations
+	// +optional
+	InternalReleaseImage MachineConfigNodeStatusInternalReleaseImage `json:"internalReleaseImage,omitzero,omitempty"`
+}
+
+// MachineConfigNodeStatusInternalReleaseImage holds information about the current and discovered release bundles for the observed machine
+// config node.
+type MachineConfigNodeStatusInternalReleaseImage struct {
+	// releases is a list of the release bundles currently owned and managed by the
+	// cluster.
+	// A release bundle content could be safely pulled only when its Conditions field
+	// contains at least an Available entry set to "True" and Degraded to "False".
+	// Entries must be unique, keyed on the name field.
+	// This field can contain between 1 and 32 entries.
+	// +listType=map
+	// +listMapKey=name
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=32
+	// +required
+	Releases []MachineConfigNodeStatusInternalReleaseImageRef `json:"releases,omitempty"`
+}
+
+// MachineConfigNodeStatusInternalReleaseImageRef is used to provide a more detailed reference for
+// a release bundle.
+type MachineConfigNodeStatusInternalReleaseImageRef struct {
+	// conditions represent the observations of an internal release image current state. Valid types are:
+	// Mounted, Installing, Available, Removing and Degraded.
+	//
+	// If Mounted is true, that means that a a valid ISO has been mounted on the current node.
+	// If Installing is true, that means that a new release bundle is currently being copied on the current node, and not yet completed.
+	// If Available is true, it means that the release has been previously installed on the current node, and it can be used.
+	// If Removing is true, it means that a release deletion is in progress on the current node, and not yet completed.
+	// If Degraded is true, that means something has gone wrong in the current node.
+	//
+	// +listType=map
+	// +listMapKey=type
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=5
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+	// name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=64
+	// +kubebuilder:validation:XValidation:rule=`size(self) <= 64 && self.matches('^ocp-release-bundle-[0-9]+\\.[0-9]+\\.[0-9]+-[A-Za-z0-9_-]+$')`,message="must be ocp-release-bundle-<version>-<arch|stream> and <= 64 chars"
+	// +required
+	Name string `json:"name,omitempty"`
+	// image is an OCP release image referenced by digest.
+	// The format of the image pull spec is: host[:port][/namespace]/name@sha256:<digest>,
+	// where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.
+	// The length of the whole spec must be between 0 to 447 characters.
+	// The field is optional, and it will be provided after a release will be successfully installed.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=447
+	// +kubebuilder:validation:XValidation:rule=`self == '' || (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"
+	// +kubebuilder:validation:XValidation:rule=`self == '' || (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme"
+	// +optional
+	Image string `json:"image,omitempty"`
 }
 
+// InternalReleaseImageConditionType is each possible state for each possible MachineConfigNodeStatusInternalReleaseImageRef
+// conditions type.
+// +enum
+type InternalReleaseImageConditionType string
+
+const (
+	// InternalReleaseImageConditionTypeMounted describes a new release, not yet installed, that has been discovered when an ISO has been attached to
+	// the current node
+	InternalReleaseImageConditionTypeMounted InternalReleaseImageConditionType = "Mounted"
+	// InternalReleaseImageConditionTypeInstalling describes a new release that is getting installed on the current node. Due the size of the data
+	// transfered, the operation could take several minutes
+	InternalReleaseImageConditionTypeInstalling InternalReleaseImageConditionType = "Installing"
+	// InternalReleaseImageConditionTypeAvailable describes a release that has been successfully installed on the current node, ready to be consumed
+	InternalReleaseImageConditionTypeAvailable InternalReleaseImageConditionType = "Available"
+	// InternalReleaseImageConditionTypeRemoving describes an existing release that is getting removed from the current node
+	InternalReleaseImageConditionTypeRemoving InternalReleaseImageConditionType = "Removing"
+	// InternalReleaseImageConditionTypeDegraded describes a failure for the current release
+	InternalReleaseImageConditionTypeDegraded InternalReleaseImageConditionType = "Degraded"
+)
+
 // IrreconcilableChangeDiff holds an individual diff between the initial install-time MachineConfig
 // and the latest applied one caused by the presence of irreconcilable changes.
 type IrreconcilableChangeDiff struct {