Add a render command to facilitate install-time customizations #309
Conversation
openshift-ci-robot
added
do-not-merge/work-in-progress
ironcladlou
force-pushed
the
render-command
branch
from
16b0e5b to
4f32269
Compare
| COPY --from=builder /ingress-operator/ingress-operator /usr/bin/ | ||
| COPY manifests /manifests | ||
| RUN useradd ingress-operator | ||
| USER ingress-operator |
There was a problem hiding this comment.
This new user should be unnecessary, and by using, the installer (as an image consumer) must override the user when doing things like running render with a volume mounted output directory (because ingress-operator user doesn't have permissions to write to the volume mount point).
Although I can work around it in the installer, if we have no reason to run as a new user, removing the useradd makes things more consistent with the other images used for the same purpose.
ironcladlou
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
| func render(dir string, prefix string) error { | ||
| files := []string{ | ||
| manifests.CustomResourceDefinitionManifest, | ||
| manifests.NamespaceManifest, |
There was a problem hiding this comment.
Could we also write out a default ingresscontroller resource so the user does not need to write that from scratch?
There was a problem hiding this comment.
Can we have a separate followup discussion about the default handling in that regard? It's not required for this part of the implementation and could have negative consequences to consider.
| # Using "-modtime 1" to make generate target deterministic. It sets all file | ||
| # time stamps to unix timestamp 1 | ||
| GO111MODULE=on GOFLAGS=-mod=vendor go run github.com/kevinburke/go-bindata/go-bindata -mode 420 -modtime 1 -pkg manifests -o ${OUTDIR}/pkg/manifests/bindata.go assets/... | ||
| GO111MODULE=on GOFLAGS=-mod=vendor go run github.com/kevinburke/go-bindata/go-bindata -mode 420 -modtime 1 -pkg manifests -o ${OUTDIR}/pkg/manifests/bindata.go assets/... manifests/... |
There was a problem hiding this comment.
Instead of manifests/..., can we build in only the manifests we need?
There was a problem hiding this comment.
go-bindata takes a directory list, not sure there's any real harm here other than binary size inflation?
There was a problem hiding this comment.
If specifying files individually is not an option, then another option would be to copy the desired files to a temporary directory and specify that directory instead. But you're right, this isn't a major problem, just something that jumped out at me when I glanced at the bindata.
ironcladlou
force-pushed
the
render-command
branch
from
4f32269 to
ec91087
Compare
|
@Miciah latest feedback addressed, PTAL. |
ironcladlou
force-pushed
the
render-command
branch
from
557f522 to
cfcf833
Compare
Introduce a `render` command which emits the most essential manifests required to customize ingress during installation. For now, the command emits the operator namespace and CRD, which should be enough to allow the creation of `ingresscontroller.operator.openshift.io` resources before the operator manifests are created by the CVO. This enables the installer to create a new `ingresscontroller` before the ingress operator starts, effectively allowing users to bring their own complete default `ingresscontroller` resource.
ironcladlou
force-pushed
the
render-command
branch
from
cfcf833 to
c77d6aa
Compare
|
/retest |
|
@Miciah tested with openshift/installer#2523, I think this works. |
cmd/ingress-operator/render.go
Outdated
| fmt.Println("---") | ||
| fmt.Printf("# file: %s\n", filepath.Base(file)) | ||
| fmt.Println(manifests.MustAssetString(file)) | ||
| fmt.Println("...") |
There was a problem hiding this comment.
I tried the render command and got the following output (showing the first few lines):
---
# file: 00-custom-resource-definition.yaml
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: ingresscontrollers.operator.openshift.ioOn investigation, I realized manifests/00-custom-resource-definition.yaml already has a --- marker. We need to delete either the print statements for the markers or the --- marker in the file.
There was a problem hiding this comment.
Of course if this loop does not emit markers, that means we also need to add a --- marker to manifests/00-namespace.yaml so that they will be separated when the render command prints them. I think best would be to remove the marker from manifests/00-custom-resource-definition.yaml and keep the print statements as they are.
There was a problem hiding this comment.
We've spent way more time on this particular code branch than is reasonable — it's not actually used for anything but debugging. I went ahead and deleted the entire functionality. Can this now merge?
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ironcladlou, knobunc The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
5 participants
Introduce a
rendercommand which emits the most essential manifests requiredto customize ingress during installation. For now, the command emits the
operator namespace and CRD, which should be enough to allow the creation of
ingresscontroller.operator.openshift.ioresources before the operatormanifests are created by the CVO.
This enables the installer to create a new
ingresscontrollerbefore theingress operator starts, effectively allowing users to bring their own complete
default
ingresscontrollerresource.