Support patching installer manifests

[2uasimojo]

With this change, you can use new API field ClusterDeployment.Spec.Provisioning.CustomizationRef to point to a ClusterDeploymentCustomization (hereinafter "CDC") object in the same namespace as the ClusterDeployment (CD).

ClusterDeploymentCustomizations:
CDC accepts a new subfield, Spec.InstallerManifestPatches, which consists of:

• Glob: a string representing a file glob, relative to the installer working directory, matching one or more manifest files.
• Patches: a list of PatchEntity representing RFC6902 JSON patches to apply to the matched manifest(s).

Also, I got really annoyed having to type out clusterdeploymentcustomizations on the CLI, so I added abbreviation cdc to the schema.

ClusterPools:
CDC was already being used by ClusterPool-owned CDs to allow patching the install-config generated from the template referred to by ClusterPool.Spec.InstallConfigSecretTemplateRef. With this change, ClusterPool-owned CDs can start using manifest patches in two ways (not mutually exclusive):

• Patches specific to the CD can be included in the InstallerManifestPatches field of the existing Inventory CDCs.
• Patches applicable to all CDs in the pool can be provided by a CDC referenced via a new ClusterPool.Spec.CustomizationRef field.

HIVE-1793

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 2uasimojo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [2uasimojo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[2uasimojo]

/test e2e

[2uasimojo]

This is going well:

efried@efried-thinkpadp16vgen1:~/go/src/github.com/openshift/hive$ oc get cd efried416 -o yaml | yq r - spec.provisioning.customizationRef
name: mycdc

mycdc looks like:

apiVersion: hive.openshift.io/v1
kind: ClusterDeploymentCustomization
metadata:
  name: mycdc
  namespace: efried
spec:
  installerManifestPatches:
  - manifestSelector:
      glob: cluster-api/*/*machine*.yaml
    patches:
    - op: add
      path: /metadata/labels
      valueJSON: |
        {"efried.openshift.io/foo": "bar"}

The installmanager logs include:

time="2024-11-09T23:44:50Z" level=info msg="Found 1 InstallerManifestPatch entries from ClusterDeployment.Spec.CustomizationRef mycdc" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="manifest patch glob 0 (cluster-api/*/*machine*.yaml) matched 8 files" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_inframachine_efried416-ttb8s-bootstrap.yaml" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_inframachine_efried416-ttb8s-master-0.yaml" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_inframachine_efried416-ttb8s-master-1.yaml" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_inframachine_efried416-ttb8s-master-2.yaml" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_machine_efried416-ttb8s-bootstrap.yaml" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_machine_efried416-ttb8s-master-0.yaml" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_machine_efried416-ttb8s-master-1.yaml" installID=qgwtrjmj
time="2024-11-09T23:44:50Z" level=info msg="patching manifest /output/cluster-api/machines/10_machine_efried416-ttb8s-master-2.yaml" installID=qgwtrjmj

and a sample manifest in the in-progress provision pod was correctly patched:

apiVersion: cluster.x-k8s.io/v1beta1
kind: Machine
metadata:
  creationTimestamp: null
  labels:
    efried.openshift.io/foo: bar    # <=== L@@K
  name: efried416-ttb8s-master-0
spec:
  bootstrap:
    dataSecretName: efried416-ttb8s-master
  clusterName: efried416-ttb8s
  infrastructureRef:
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
    kind: AWSMachine
    name: efried416-ttb8s-master-0
status:
  bootstrapReady: false
  infrastructureReady: false

[2uasimojo]

I just need to test the clusterpool path (and maybe noodle how the error conditions manifest) and we'll be good to land this.

[2uasimojo]

/cc @abraverm

[abraverm]

In Clusterpool we do reservation of the CDC, should this mechanism somewhat migrate/copied to CD controller?

[2uasimojo]

In Clusterpool we do reservation of the CDC, should this mechanism somewhat migrate/copied to CD controller?

For pool inventory, reserving CDCs makes sense because they're intended to enable exclusive/unique settings such as reserved IP addresses. And manifest-patching CDCs used for clusterpool inventory will still be subject to reservation as usual. But for this use case -- CDs' CustomizationRef-named CDCs -- I think we explicitly want manifest patching to be usable by multiple CDs without restriction. Does that make sense?

[codecov]

Codecov Report

Attention: Patch coverage is 63.54167% with 70 lines in your changes missing coverage. Please review.

Project coverage is 49.92%. Comparing base (41f153f) to head (8dfac7a).
Report is 3 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/installmanager/installmanager.go	25.00%	29 Missing and 1 partial ⚠️
.../clusterdeployment/clusterdeployment_controller.go	30.00%	28 Missing ⚠️
...g/controller/clusterpool/clusterpool_controller.go	74.46%	11 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2499      +/-   ##
==========================================
+ Coverage   49.86%   49.92%   +0.06%     
==========================================
  Files         281      281              
  Lines       32968    33135     +167     
==========================================
+ Hits        16439    16544     +105     
- Misses      15196    15257      +61     
- Partials     1333     1334       +1     

Files with missing lines	Coverage Δ
pkg/controller/clusterpool/collections.go	75.74% <100.00%> (+0.16%)	⬆️
pkg/controller/utils/clusterdeployment.go	77.48% <100.00%> (+6.05%)	⬆️
pkg/controller/utils/sa.go	67.90% <ø> (ø)
...entcustomization/clusterdeploymentcustomization.go	93.33% <100.00%> (+1.12%)	⬆️
pkg/test/clusterpool/clusterpool.go	95.23% <100.00%> (+0.18%)	⬆️
...shift/hive/apis/hive/v1/clusterdeployment_types.go	0.00% <ø> (ø)
...is/hive/v1/clusterdeploymentcustomization_types.go	0.00% <ø> (ø)
...m/openshift/hive/apis/hive/v1/clusterpool_types.go	0.00% <ø> (ø)
...g/controller/clusterpool/clusterpool_controller.go	58.04% <74.46%> (+1.45%)	⬆️
.../clusterdeployment/clusterdeployment_controller.go	66.15% <30.00%> (-0.88%)	⬇️
... and 1 more

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[2uasimojo]

Forgot to submit these queued up comments that came out of the live review we did on 11/19.

[openshift-ci]

@2uasimojo: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-vsphere	c8f29d8	link	true	/test e2e-vsphere

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[suhanime]

Post merge review
Did 2 passes so I think we're good? Just a few nits/minor changes if you feel a fup is worthwhile @2uasimojo

[suhanime]

I understand the point of this note, but I feel that cdc related things should be added as a comment right before the definition of cdc struct, that way, in case the cdc is expanded in the future, the comment is more likely to be amended and not go out-of-date

[2uasimojo]

Sorry, I don't follow. This is CD's type file, not CDC's. InstallConfigPatches are not ignored when this is used in an inventory CDC.

[suhanime]

Eh it's fine, I'm not too attached to moving the comment either ways. When I commented on it, I was thinking about what if an option 3 is introduced in cdc def in the future, and we forget to edit the comment here to say 3 will also be ignored? But it's fine, you have a similar comment on clusterpool's cdc ref, so we can let it be.

[suhanime]

Name/namespace here would help

[2uasimojo]

This is an error setting up the Watch() for any instance of CDC. We don't have a ns/name in this context. (The resolution done in the func is only triggered for a specific instance when the Watch() actually pops.)

[suhanime]

nit: Add a space before this line to keep the k8s deps separate

[suhanime]

nit: Not related to your PR but the logrus dep above should be separate from k8s dep

[suhanime]

Typo in Leetle? Or can leave, apparently it was the spelling using in the 1600s. Love the helper!

[2uasimojo]

Heh, this is just me trying to be cute.

[2uasimojo]

Post merge review Did 2 passes so I think we're good? Just a few nits/minor changes if you feel a fup is worthwhile @2uasimojo

Thanks @suhanime -- fup via #2598