OSASINFRA-3600: CARRY: OpenShift manifests & Makefile targets

Dockerfile.rhel

@@ -36,6 +36,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \
 FROM registry.ci.openshift.org/ocp/4.19:base-rhel9
 WORKDIR /
 COPY --from=builder /workspace/manager .
+COPY ./openshift/manifests ./manifests
 
 # Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
 USER 65532

Makefile

@@ -263,3 +263,9 @@ mv $(1) $(1)-$(3) ;\
 } ;\
 ln -sf $(1)-$(3) $(1)
 endef
+
+## --------------------------------------
+## Openshift specific include
+## --------------------------------------
+
+include openshift.mk

openshift.mk

@@ -0,0 +1,41 @@
+## --------------------------------------
+## Openshift specific make targets,
+## intended to be included in root Makefile in this repository along with openshift folder.
+## --------------------------------------
+
+OPENSHIFT_DIR=./openshift
+manifests_dir ?= $(OPENSHIFT_DIR)/manifests
+manifests_prefix ?= 0000_30_openstack-resource-controller_
+
+define manifest_name
+    $(addsuffix ".yaml",$(addprefix $(manifests_dir)/$(manifests_prefix),$(1)))
+endef
+
+manifest_names = 04_infrastructure-components
+infrastructure_components = $(OPENSHIFT_DIR)/cluster-capi-configmap/infrastructure-components.yaml
+
+verify-generated: generate-openshift
+
+.PHONY: generate-openshift
+generate-openshift: $(foreach m,$(manifest_names),$(call manifest_name,$(m)))
+
+$(infrastructure_components): $(KUSTOMIZE) ALWAYS
+	$(KUSTOMIZE) build $(OPENSHIFT_DIR)/infrastructure-components > $@
+
+$(call manifest_name,04_infrastructure-components): $(KUSTOMIZE) $(infrastructure_components) ALWAYS | $(manifests_dir)
+	$(KUSTOMIZE) build $(OPENSHIFT_DIR)/cluster-capi-configmap > $@
+
+$(manifests_dir):
+	mkdir -p $(OPENSHIFT_DIR)/$@
+
+#$(KUSTOMIZE):
+#	$(MAKE) -C . kustomize
+
+.PHONY: merge-bot
+merge-bot: full-vendoring generate generate-openshift ## Runs targets that help merge-bot to rebase downstream ORC.
+
+.PHONY: full-vendoring ## Runs commands that complete vendoring tasks for downstream ORC.
+	go mod tidy && go mod vendor
+
+.PHONY: ALWAYS
+ALWAYS:

openshift/cluster-capi-configmap/.gitignore

@@ -0,0 +1 @@
+/infrastructure-components.yaml

openshift/cluster-capi-configmap/kustomization.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+components:
+- ../components/namespaced
+- ../components/common
+- ../components/tech-preview
+
+generatorOptions:
+  disableNameSuffixHash: true
+  labels:
+    provider.cluster.x-k8s.io/name: openstack
+    provider.cluster.x-k8s.io/type: infrastructure
+    provider.cluster.x-k8s.io/version: v0.8.0
+
+configMapGenerator:
+- name: openstack-resource-controller
+  files:
+  - components=infrastructure-components.yaml

openshift/components/common/kustomization.yaml

@@ -0,0 +1,63 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+- vars.yaml
+
+commonAnnotations:
+  exclude.release.openshift.io/internal-openshift-hosted: "true"
+  include.release.openshift.io/self-managed-high-availability: "true"
+
+patches:
+# Common configuration for CAPI controller workloads
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+  patch: |-
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: ignored
+    spec:
+      template:
+        metadata:
+          annotations:
+            # https://github.com/openshift/enhancements/blob/master/enhancements/workload-partitioning/wide-availability-workload-partitioning.md
+            target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
+        spec:
+          priorityClassName: "system-cluster-critical"
+          tolerations:
+          - key: "node-role.kubernetes.io/master"
+            effect: "NoSchedule"
+          - key: "node-role.kubernetes.io/control-plane"
+            effect: "NoSchedule"
+
+# Providers should not create namespaces
+- target:
+    version: v1
+    kind: Namespace
+  patch: |-
+    $patch: delete
+    apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: ignored
+
+replacements:
+# Set resources and limits on all containers
+# https://github.com/openshift/enhancements/blob/master/CONVENTIONS.md#resources-and-limits
+- source:
+    version: v1
+    kind: ConfigMap
+    name: kustomize-vars
+    fieldPath: data.controllerResources
+  targets:
+  - select:
+      group: apps
+      version: v1
+      kind: Deployment
+    fieldPaths:
+    - spec.template.spec.containers.*.resources
+    options:
+      create: true

openshift/components/common/vars.yaml

@@ -0,0 +1,12 @@
+# local-config: referenced, but not emitted by kustomize
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kustomize-vars
+  annotations:
+    config.kubernetes.io/local-config: "true"
+data:
+  controllerResources:
+    requests:
+      cpu: 10m
+      memory: 50Mi

openshift/components/namespaced/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+transformers:
+# Set namespace to openshift-cluster-api on all namespaced objects without an explicit namespace
+- |-
+  apiVersion: builtin
+  kind: NamespaceTransformer
+  metadata:
+    name: _ignored_
+    namespace: openshift-cluster-api
+  setRoleBindingSubjects: none
+  unsetOnly: true
+  fieldSpecs:
+  - path: metadata/name
+    kind: Namespace
+    create: true

openshift/components/tech-preview/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+commonAnnotations:
+  release.openshift.io/feature-set: "TechPreviewNoUpgrade"

openshift/infrastructure-components/kustomization.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+labels:
+- includeSelectors: true
+  pairs:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+
+namePrefix: orc-
+
+resources:
+- orc
+
+components:
+- ../components/namespaced
+- ../components/common
+- ../components/tech-preview
+
+images:
+- name: controller
+  newName: registry.ci.openshift.org/openshift
+  newTag: openstack-resource-controller

openshift/infrastructure-components/orc/kustomization.yaml

@@ -0,0 +1,8 @@
+# The default namespaced component only replaces namespaces which aren't set,
+# but ORC emits resources in the 'system' namespace which we need to override
+namespace: openshift-cluster-api
+
+resources:
+- ../../../config/crd
+- ../../../config/rbac
+- ../../../config/manager