From 00dcad041eca1615b4fb8f0b668d6069155d1908 Mon Sep 17 00:00:00 2001 From: Sirajudeen Date: Wed, 9 Dec 2020 14:09:32 +0000 Subject: [PATCH] Image override for cluster components * Used images tag to inject image override to clustetctl object, the same way the image override is done for cert-manager. * Using this way, the upstream manifests for cluster components does not need any customization (IMAGE URL as variable) and can be consumed as is. * If this approach is approved, then will update the same for other proviers ( CAPO, CAPD, CAPZ, cAPG ) and will get tested. Change-Id: If920f544d111d94e5b7075d5406ed2f87a5e6929 Closes: #431 --- .../versions-airshipctl.yaml | 32 +++++++++++++----- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.3/manager/manager_image_patch.yaml | 2 +- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.7/manager/manager_image_patch.yaml | 2 +- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.3/manager/manager_image_patch.yaml | 2 +- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.7/manager/manager_image_patch.yaml | 2 +- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.3/manager/manager_image_patch.yaml | 2 +- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.7/manager/manager_image_patch.yaml | 2 +- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.1/manager/manager_image_patch.yaml | 2 +- .../manager/manager_auth_proxy_patch.yaml | 2 +- .../v0.3.2/manager/manager_image_patch.yaml | 2 +- manifests/function/clusterctl/clusterctl.yaml | 33 ++++++++++++++----- .../clusterctl/replacements/versions.yaml | 16 ++++----- 19 files changed, 73 insertions(+), 40 deletions(-) diff --git a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml index 3037a6975..5084ae5f3 100644 --- a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml +++ b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml @@ -23,14 +23,26 @@ files: images: capm3: # Images specific to the camp3 function; etc. - manager: quay.io/metal3-io/cluster-api-provider-metal3:v0.3.2 - auth_proxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + manager: + repository: quay.io/metal3-io + tag: v0.3.2 + auth_proxy: + repository: gcr.io/kubebuilder + tag: v0.4.0 cacpk: - manager: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.7 - auth_proxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + manager: + repository: us.gcr.io/k8s-artifacts-prod/cluster-api + tag: v0.3.7 + auth_proxy: + repository: gcr.io/kubebuilder + tag: v0.4.1 cabpk: - manager: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.7 - auth_proxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + manager: + repository: us.gcr.io/k8s-artifacts-prod/cluster-api + tag: v0.3.7 + auth_proxy: + repository: gcr.io/kubebuilder + tag: v0.4.1 capd: manager: gcr.io/k8s-staging-cluster-api/capd-manager:v20201019-v0.3.10-86-gc1647481f auth_proxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 @@ -38,8 +50,12 @@ images: manager: gcr.io/k8s-staging-capi-openstack/capi-openstack-controller-amd64:v20200707-v0.3.1 auth_proxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 capi: - manager: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7 - auth_proxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 + manager: + repository: us.gcr.io/k8s-artifacts-prod/cluster-api + tag: v0.3.7 + auth_proxy: + repository: gcr.io/kubebuilder + tag: v0.4.1 baremetal_operator: ironic: # ironic Deployment init_bootstrap: centos diff --git a/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml b/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml index 27f69c5b8..61cb5e7cb 100644 --- a/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/cabpk/v0.3.3/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CABPK_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml b/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml index fe42af8f1..a6b620a9f 100644 --- a/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml +++ b/manifests/function/cabpk/v0.3.3/manager/manager_image_patch.yaml @@ -7,5 +7,5 @@ spec: template: spec: containers: - - image: ${CONTAINER_CABPK_MANAGER} + - image: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.3 name: manager diff --git a/manifests/function/cabpk/v0.3.7/manager/manager_auth_proxy_patch.yaml b/manifests/function/cabpk/v0.3.7/manager/manager_auth_proxy_patch.yaml index 27f69c5b8..61cb5e7cb 100644 --- a/manifests/function/cabpk/v0.3.7/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/cabpk/v0.3.7/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CABPK_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/cabpk/v0.3.7/manager/manager_image_patch.yaml b/manifests/function/cabpk/v0.3.7/manager/manager_image_patch.yaml index fe42af8f1..a73cd4dfc 100644 --- a/manifests/function/cabpk/v0.3.7/manager/manager_image_patch.yaml +++ b/manifests/function/cabpk/v0.3.7/manager/manager_image_patch.yaml @@ -7,5 +7,5 @@ spec: template: spec: containers: - - image: ${CONTAINER_CABPK_MANAGER} + - image: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.7 name: manager diff --git a/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml b/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml index bcfccd4ed..61cb5e7cb 100644 --- a/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/cacpk/v0.3.3/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CACPK_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml b/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml index 760dee339..52efc6131 100644 --- a/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml +++ b/manifests/function/cacpk/v0.3.3/manager/manager_image_patch.yaml @@ -7,5 +7,5 @@ spec: template: spec: containers: - - image: ${CONTAINER_CACPK_MANAGER} + - image: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.3 name: manager diff --git a/manifests/function/cacpk/v0.3.7/manager/manager_auth_proxy_patch.yaml b/manifests/function/cacpk/v0.3.7/manager/manager_auth_proxy_patch.yaml index bcfccd4ed..61cb5e7cb 100644 --- a/manifests/function/cacpk/v0.3.7/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/cacpk/v0.3.7/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CACPK_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/cacpk/v0.3.7/manager/manager_image_patch.yaml b/manifests/function/cacpk/v0.3.7/manager/manager_image_patch.yaml index 760dee339..b9f5dad5a 100644 --- a/manifests/function/cacpk/v0.3.7/manager/manager_image_patch.yaml +++ b/manifests/function/cacpk/v0.3.7/manager/manager_image_patch.yaml @@ -7,5 +7,5 @@ spec: template: spec: containers: - - image: ${CONTAINER_CACPK_MANAGER} + - image: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.7 name: manager diff --git a/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml b/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml index 3b74f310a..a5a737f7b 100644 --- a/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/capi/v0.3.3/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CAPI_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml b/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml index c2bbf8cf8..3ac912f26 100644 --- a/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml +++ b/manifests/function/capi/v0.3.3/manager/manager_image_patch.yaml @@ -7,5 +7,5 @@ spec: template: spec: containers: - - image: ${CONTAINER_CAPI_MANAGER} + - image: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.3 name: manager diff --git a/manifests/function/capi/v0.3.7/manager/manager_auth_proxy_patch.yaml b/manifests/function/capi/v0.3.7/manager/manager_auth_proxy_patch.yaml index 6d25032f6..5f81a5233 100644 --- a/manifests/function/capi/v0.3.7/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/capi/v0.3.7/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CAPI_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/capi/v0.3.7/manager/manager_image_patch.yaml b/manifests/function/capi/v0.3.7/manager/manager_image_patch.yaml index c2bbf8cf8..40c4684c2 100644 --- a/manifests/function/capi/v0.3.7/manager/manager_image_patch.yaml +++ b/manifests/function/capi/v0.3.7/manager/manager_image_patch.yaml @@ -7,5 +7,5 @@ spec: template: spec: containers: - - image: ${CONTAINER_CAPI_MANAGER} + - image: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7 name: manager diff --git a/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml b/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml index 64a47e6f9..989d69887 100644 --- a/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CAPM3_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml b/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml index 96567a806..692b73bd7 100644 --- a/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml +++ b/manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml @@ -8,5 +8,5 @@ spec: spec: containers: # Change the value of image field below to your controller image URL - - image: ${CONTAINER_CAPM3_MANAGER} + - image: quay.io/metal3-io/cluster-api-provider-metal3:v0.3.1 name: manager diff --git a/manifests/function/capm3/v0.3.2/manager/manager_auth_proxy_patch.yaml b/manifests/function/capm3/v0.3.2/manager/manager_auth_proxy_patch.yaml index 64a47e6f9..989d69887 100644 --- a/manifests/function/capm3/v0.3.2/manager/manager_auth_proxy_patch.yaml +++ b/manifests/function/capm3/v0.3.2/manager/manager_auth_proxy_patch.yaml @@ -10,7 +10,7 @@ spec: spec: containers: - name: kube-rbac-proxy - image: ${CONTAINER_CAPM3_AUTH_PROXY} + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" diff --git a/manifests/function/capm3/v0.3.2/manager/manager_image_patch.yaml b/manifests/function/capm3/v0.3.2/manager/manager_image_patch.yaml index 96567a806..2ff933e04 100644 --- a/manifests/function/capm3/v0.3.2/manager/manager_image_patch.yaml +++ b/manifests/function/capm3/v0.3.2/manager/manager_image_patch.yaml @@ -8,5 +8,5 @@ spec: spec: containers: # Change the value of image field below to your controller image URL - - image: ${CONTAINER_CAPM3_MANAGER} + - image: quay.io/metal3-io/cluster-api-provider-metal3:v0.3.2 name: manager diff --git a/manifests/function/clusterctl/clusterctl.yaml b/manifests/function/clusterctl/clusterctl.yaml index c9b0e714d..4167b0d8c 100644 --- a/manifests/function/clusterctl/clusterctl.yaml +++ b/manifests/function/clusterctl/clusterctl.yaml @@ -39,20 +39,37 @@ providers: images: cert-manager: repository: "quay.io/jetstack" + cluster-api/cluster-api-controller: + repository: "us.gcr.io/k8s-artifacts-prod/cluster-api" + tag: "v0.3.7" + cluster-api/kube-rbac-proxy: + repository: "gcr.io/kubebuilder" + tag: "v0.4.1" + bootstrap-kubeadm/kubeadm-bootstrap-controller: + repository: "us.gcr.io/k8s-artifacts-prod/cluster-api" + tag: "v0.3.7" + bootstrap-kubeadm/kube-rbac-proxy: + repository: "gcr.io/kubebuilder" + tag: "v0.4.1" + control-plane-kubeadm/kubeadm-control-plane-controller: + repository: "us.gcr.io/k8s-artifacts-prod/cluster-api" + tag: "v0.3.7" + control-plane-kubeadm/kube-rbac-proxy: + repository: "gcr.io/kubebuilder" + tag: "v0.4.1" + infrastructure-metal3/cluster-api-provider-metal3: + repository: "quay.io/metal3-io" + tag: "v0.3.2" + infrastructure-metal3/kube-rbac-proxy: + repository: "gcr.io/kubebuilder" + tag: "v0.4.0" + # These default images can be overridden via the `replacements/` entrypoint additional-vars: - CONTAINER_CAPM3_MANAGER: quay.io/metal3-io/cluster-api-provider-metal3:v0.3.2 - CONTAINER_CACPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.7 - CONTAINER_CABPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.7 - CONTAINER_CAPI_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7 CONTAINER_CAPD_MANAGER: gcr.io/k8s-staging-cluster-api/capd-manager:v20201019-v0.3.10-86-gc1647481f CONTAINER_CAPO_MANAGER: gcr.io/k8s-staging-capi-openstack/capi-openstack-controller-amd64:v20200707-v0.3.1 CONTAINER_CAPZ_MANAGER: gcr.io/k8s-staging-cluster-api-azure/cluster-api-azure-controller:v0.4.9 - CONTAINER_CAPM3_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 - CONTAINER_CACPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 - CONTAINER_CABPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 - CONTAINER_CAPI_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 CONTAINER_CAPD_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 CONTAINER_CAPO_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 CONTAINER_CAPZ_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 diff --git a/manifests/function/clusterctl/replacements/versions.yaml b/manifests/function/clusterctl/replacements/versions.yaml index 9e996fe04..26b65126f 100644 --- a/manifests/function/clusterctl/replacements/versions.yaml +++ b/manifests/function/clusterctl/replacements/versions.yaml @@ -18,7 +18,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CAPM3_MANAGER}"] + fieldrefs: ["{.images.infrastructure-metal3/cluster-api-provider-metal3}"] - source: objref: kind: VariableCatalogue @@ -28,7 +28,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CAPM3_AUTH_PROXY}"] + fieldrefs: ["{.images.infrastructure-metal3/kube-rbac-proxy}"] # Replace cacpk versions - source: objref: @@ -39,7 +39,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CACPK_MANAGER}"] + fieldrefs: ["{.images.control-plane-kubeadm/kubeadm-control-plane-controller}"] - source: objref: kind: VariableCatalogue @@ -49,7 +49,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CACPK_AUTH_PROXY}"] + fieldrefs: ["{.images.control-plane-kubeadm/kube-rbac-proxy}"] # Replace cabpk versions - source: objref: @@ -60,7 +60,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CABPK_MANAGER}"] + fieldrefs: ["{.images.bootstrap-kubeadm/kubeadm-bootstrap-controller}"] - source: objref: kind: VariableCatalogue @@ -70,7 +70,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CABPK_AUTH_PROXY}"] + fieldrefs: ["{.images.bootstrap-kubeadm/kube-rbac-proxy}"] # Replace capd versions - source: objref: @@ -123,7 +123,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CAPI_MANAGER}"] + fieldrefs: ["{.images.cluster-api/cluster-api-controller}"] - source: objref: kind: VariableCatalogue @@ -133,7 +133,7 @@ replacements: objref: kind: Clusterctl name: clusterctl_init - fieldrefs: ["{.additional-vars.CONTAINER_CAPI_AUTH_PROXY}"] + fieldrefs: ["{.images.cluster-api/kube-rbac-proxy}"] # Replace the cert-manager image repository in the Clusterctl - source: