Changed default kube version from 1.31 to 1.32

.ci/build-push-agent-deb.sh

@@ -0,0 +1,26 @@
+set -ex
+export BUILD_NUMBER
+export MAJOR_MINOR_VERSION=0.1
+export BYOH_DEB_VERSION=${MAJOR_MINOR_VERSION}.${BUILD_NUMBER}
+
+echo 'alias shasum="sha512sum"' >> ~/.bashrc
+source ~/.bashrc
+
+echo "removing build/ if already present"
+rm -rf build/
+echo "started building byoh-agent binary"
+make build-host-agent-binary
+
+echo "started building deb package for byoh-agent"
+make build-host-agent-deb
+
+echo "created deb package under build/pf9-byohost/debsrc/ "
+
+echo "installing imgpkg"
+curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/imgpkg-linux-amd64
+mv imgpkg-linux-amd64 imgpkg
+chmod +x imgpkg
+
+echo "pushing deb bundle to quay.io/platform9/byoh-deb:$BYOH_DEB_VERSION"
+./imgpkg push -f build/pf9-byohost/debsrc/ -i quay.io/platform9/byoh-agent-deb:$BYOH_DEB_VERSION
+

.ci/build-push-bundle.sh

@@ -0,0 +1,36 @@
+set -ex
+echo 'alias shasum="sha512sum"' >> ~/.bashrc
+source ~/.bashrc
+
+
+export BUILD_ONLY=${BUILD_ONLY:-1}
+export CONTAINERD_VERSION=${CONTAINERD_VERSION:-1.7.26}
+export KUBERNETES_VERSION=${KUBERNETES_VERSION:-1.32.2-1.1}
+export KUBERNETES_MAJOR_VERSION=${KUBERNETES_MAJOR_VERSION:-v1.32}
+export BUNDLE_VERSION=${BUNDLE_VERSION:-v1.32.2}
+export ARCH=${ARCH:-amd64}
+export CRITOOL_VERSION=${CRITOOL_VERSION:-1.32.2-1.1}
+
+#alias shasum="sha512sum"
+echo "installing imgpkg"
+curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.43.1/imgpkg-linux-amd64
+mv imgpkg-linux-amd64 installer/bundle_builder/imgpkg
+chmod +x installer/bundle_builder/imgpkg
+
+cd installer/bundle_builder
+
+echo "building docker image to create byoh-bundle"
+docker build -t byoh-bundle .
+docker rm -f byoh-bundle-container
+
+echo "executing docker image"
+docker run -e CRITOOL_VERSION -e BUILD_ONLY -e CONTAINERD_VERSION -e KUBERNETES_VERSION -e KUBERNETES_MAJOR_VERSION -e ARCH --name byoh-bundle-container -i byoh-bundle /bin/bash
+
+echo "creating bundle dir to push k8s packages"
+mkdir -p ./bundle
+
+echo "coping bundle from docker image"
+docker cp byoh-bundle-container:/bundle/. ./bundle/
+
+echo "pushing oci bundle to quay.io/platform9/byoh-bundle-ubuntu_20.04.1_x86-64_k8s"
+./imgpkg push -f ./bundle -i quay.io/platform9/byoh-bundle-ubuntu_20.04.1_x86-64_k8s:$BUNDLE_VERSION

.ci/build-push-controller.sh

@@ -0,0 +1,127 @@
+#!/usr/bin/env bash
+
+# build-and-push.sh - CI script for building and publishing the byoh controller manager Docker image.
+#
+# Parameters:
+# - IMAGE_REGISTRY  Registry to publish the Docker image. By default 'quay.io/platform9/byoh-controller-manager' is used.
+# - IMAGE_NAME      Name to use for this image. By default 'byoh-controller-manager' is used.
+# - IMAGE_TAG       Tag to use for the image. By default '$BYOHCM_VERSION-$BUILD_NUMBER' is used.
+# - IMAGE_REGISTRY      URL (without scheme) pointing to quay
+# - DRY_RUN         If non-empty, no Docker image will be published.
+# - CONTAINER_TAG   Location of the container_tag file (used as an artifact in TeamCity)
+# - DOCKER_USERNAME Username to login to quay.io.
+# - DOCKER_PASSWORD Password to login to quay.io.
+#
+# Examples:
+# - `USE_SYSTEM_GO=1 IMAGE_REGISTRY=quay.io IMAGE_NAME=platform9/byoh-controller-manager IMAGE_TAG=latest ./build-and-push.sh`: To test the script locally without gimme and push to Docker
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+project_root=$(realpath "$(dirname $0)/..")
+build_dir=${project_root}/build
+CONTAINER_TAG=${CONTAINER_TAG:-${build_dir}/manager-container-tag}
+CONTAINER_FULL_TAG=${CONTAINER_FULL_TAG:-${build_dir}/manager-container-full-tag}
+GO_VERSION=${GO_VERSION:-1.22.5}
+
+BUILD_NUMBER=${BUILD_NUMBER:-0}
+BYOHCM_VERSION=${BYOHCM_VERSION:-0.1}
+
+IMAGE_REGISTRY=${IMAGE_REGISTRY:-"quay.io/platform9"}
+IMAGE_NAME=${IMAGE_NAME:-"byoh-controller-manager"}
+IMAGE_TAG=${IMAGE_TAG:-${BYOHCM_VERSION}.${BUILD_NUMBER}}
+IMAGE_NAME_TAG=${IMAGE_NAME}:${IMAGE_TAG}
+IMAGE_REGISTRY_NAME_TAG=${IMAGE_REGISTRY}/${IMAGE_NAME_TAG}
+
+
+main() {
+  # Move to the project directory
+  pushd "${project_root}"
+  trap on_exit EXIT
+
+  if [ -n "${BASH_DEBUG:-}" ]; then
+      set -x
+      PS4='${BASH_SOURCE}.${LINENO} '
+  fi
+
+  info "Verifying prerequisites"
+  #which aws > /dev/null || (echo "error: missing required command 'aws'" && exit 1)
+  which docker > /dev/null || (echo "error: missing required command 'docker'" && exit 1)
+  # note: go and/or gimme are checked in configure_go
+
+  info "Preparing build environment"
+  mkdir -p "${build_dir}"
+
+  info "Configure Docker registry and create image repository if not present"
+  configure_docker_registry "${IMAGE_NAME}"
+
+  info "Configure go"
+  configure_go
+
+  # ensure vendor directory is present
+  go mod vendor
+
+  info "Build Docker image"
+  # Do not build the image with the registry prefix, because docker will think it is part of the name.
+  make docker-build IMG="${IMAGE_REGISTRY_NAME_TAG}"
+
+  info "Pushing Docker image to ${IMAGE_REGISTRY_NAME_TAG}"
+  if [ -z "${DRY_RUN:-}" ] ; then
+    make docker-push IMG="${IMAGE_REGISTRY_NAME_TAG}"
+  else
+    info "DRY_RUN is set; not publishing the image"
+  fi
+
+  info "Publish artifacts"
+  mkdir -p "$(dirname "${CONTAINER_TAG}")" "$(dirname "${CONTAINER_FULL_TAG}")"
+  echo -n "${IMAGE_TAG}" > "${CONTAINER_TAG}"
+  echo -n "${IMAGE_REGISTRY_NAME_TAG}" > "${CONTAINER_FULL_TAG}"
+  echo "Stored image tag in ${CONTAINER_TAG}:"
+  cat "${CONTAINER_TAG}" && echo ""
+  echo "Stored image full tag in ${CONTAINER_FULL_TAG}:"
+  cat "${CONTAINER_FULL_TAG}" && echo ""
+}
+
+on_exit() {
+  ret=$?
+  info "-------cleanup--------"
+  if [ -z "${SKIP_CLEANUP:-}" ] ; then
+    make docker-clean IMG="${IMAGE_REGISTRY_NAME_TAG}" || true
+  fi
+  popd
+  exit ${ret}
+}
+
+configure_docker_registry() {
+  repository=$1
+  if [ "${IMAGE_REGISTRY}" = "quay.io/platform9" ]; then
+    if [ -n "${DOCKER_PASSWORD:-}" ] ; then
+      echo -n "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin "${IMAGE_REGISTRY}"
+    else
+      echo "Using default docker registry"
+    fi
+  fi
+  echo "Configured registry '${IMAGE_REGISTRY}' for '${repository}'"
+}
+
+configure_go() {
+  if [ -n "${USE_SYSTEM_GO:-}" ] ; then
+    echo "\$USE_SYSTEM_GO set, using system go instead of gimme"
+    return 0
+  else
+    which gimme > /dev/null || (echo "error: missing required command 'gimme'" && exit 1)
+    eval "$(GIMME_GO_VERSION=${GO_VERSION} gimme)"
+  fi
+  which go
+  go version
+}
+
+RED='\033[1;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+info() { echo -e >&2 "${YELLOW}[INFO] $@${NC}" ; }
+fatal() { echo >&2 "${RED}[FATAL] $@${NC}" ; exit 1 ; }
+
+# shellcheck disable=SC2068
+main $@

Makefile

@@ -1,4 +1,4 @@
-# Ensure Make is run with bash shell as some syntax below is bash-specific
+#Ensure Make is run with bash shell as some syntax below is bash-specific
 SHELL:=/usr/bin/env bash
 
 # Define registries
@@ -22,9 +22,9 @@ E2E_CONF_FILE  ?= ${REPO_ROOT}/test/e2e/config/provider.yaml
 ARTIFACTS ?= ${REPO_ROOT}/_artifacts
 SKIP_RESOURCE_CLEANUP ?= false
 USE_EXISTING_CLUSTER ?= false
-EXISTING_CLUSTER_KUBECONFIG_PATH ?=
+EXISTING_CLUSTER_BYOHOSTCONFIG_PATH ?=
 GINKGO_NOCOLOR ?= false
-
+GITHASH=$(shell git rev-parse --short HEAD 2>/dev/null || echo 'unknown')
 TOOLS_DIR := $(REPO_ROOT)/hack/tools
 BIN_DIR := bin
 TOOLS_BIN_DIR := $(TOOLS_DIR)/$(BIN_DIR)
@@ -146,7 +146,7 @@ test-e2e: take-user-input docker-build prepare-byoh-docker-host-image $(GINKGO)
 	    -e2e.artifacts-folder="$(ARTIFACTS)" \
 	    -e2e.config="$(E2E_CONF_FILE)" \
 	    -e2e.skip-resource-cleanup=$(SKIP_RESOURCE_CLEANUP) -e2e.use-existing-cluster=$(USE_EXISTING_CLUSTER) \
-		-e2e.existing-cluster-kubeconfig-path=$(EXISTING_CLUSTER_KUBECONFIG_PATH)
+		-e2e.existing-cluster-kubeconfig-path=$(EXISTING_CLUSTER_BYOHOSTCONFIG_PATH)
 
 cluster-templates: kustomize cluster-templates-v1beta1
 
@@ -259,6 +259,73 @@ build-host-agent-binary: host-agent-binaries
 	cp bin/byoh-hostagent-linux-amd64 $(RELEASE_DIR)/byoh-hostagent-linux-amd64
 
 
+##########################################################################
+
+BUILD_DIR=$(shell pwd)/build
+$(BUILD_DIR):
+	mkdir -p $@
+
+PF9_BYOHOST_SRCDIR := $(BUILD_DIR)/pf9-byohost
+$(PF9_BYOHOST_SRCDIR):
+	echo "make PF9_BYOHOST_SRCDIR $(PF9_BYOHOST_SRCDIR)"
+	rm -fr $@
+	mkdir -p $@
+
+AGENT_SRC_DIR := $(REPO_ROOT)
+RPM_SRC_ROOT := $(PF9_BYOHOST_SRCDIR)/rpmsrc
+DEB_SRC_ROOT := $(PF9_BYOHOST_SRCDIR)/debsrc
+COMMON_SRC_ROOT := $(PF9_BYOHOST_SRCDIR)/common
+PF9_BYOHOST_DEB_FILE := $(PF9_BYOHOST_SRCDIR)/debsrc/pf9-byohost-agent.deb
+RPMBUILD_DIR := $(PF9_BYOHOST_SRCDIR)/rpmsrc
+PF9_BYOHOST_RPM_FILE := $(PF9_BYOHOST_SRCDIR)/rpmsrc/pf9-byohost-agent.rpm
+
+$(RPM_SRC_ROOT): | $(COMMON_SRC_ROOT)
+	echo "make RPM_SRC_ROOT: $(RPM_SRC_ROOT)"
+	cp -a $(COMMON_SRC_ROOT) $(RPM_SRC_ROOT)
+
+$(PF9_BYOHOST_RPM_FILE): |$(RPM_SRC_ROOT)
+	echo "make PF9_BYOHOST_RPM_FILE $(PF9_BYOHOST_RPM_FILE) "
+	rpmbuild -bb \
+	    --define "_topdir $(RPMBUILD_DIR)"  \
+	    --define "_src_dir $(RPM_SRC_ROOT)"  \
+	    --define "_githash $(GITHASH)" $(AGENT_SRC_DIR)/scripts/pf9-byohost.spec 
+	./$(AGENT_SRC_DIR)/scripts/sign_packages.sh $(PF9_BYOHOST_RPM_FILE)
+	md5sum $(PF9_BYOHOST_RPM_FILE) | cut -d' ' -f 1  > $(PF9_BYOHOST_RPM_FILE).md5
+
+build-host-agent-rpm:  $(PF9_BYOHOST_RPM_FILE)
+	echo "make agent-rpm pf9_byohost_rpm_file = $(PF9_BYOHOST_RPM_FILE)"
+
+#########################################################################
+$(COMMON_SRC_ROOT): build-host-agent-binary
+	echo "Building COMMON_SRC_ROOT"
+	mkdir -p $(COMMON_SRC_ROOT)
+	echo "BUILDING COMMON_SRC_ROOT/binary COPING binary pf9-byoh-hostagent-linux-amd64"
+	mkdir -p $(COMMON_SRC_ROOT)/binary
+	cp $(RELEASE_DIR)/byoh-hostagent-linux-amd64 $(COMMON_SRC_ROOT)/binary/pf9-byoh-hostagent-linux-amd64
+	echo "BUILDING dir for pf9-byohost-service , COPING service pf9-byoh-agent.service "
+	mkdir -p $(COMMON_SRC_ROOT)/lib/systemd/system/
+	cp $(AGENT_SRC_DIR)/service/pf9-byohostagent.service $(COMMON_SRC_ROOT)/lib/systemd/system/pf9-byohost-agent.service
+
+$(DEB_SRC_ROOT): | $(COMMON_SRC_ROOT)
+	cp -a  $(COMMON_SRC_ROOT) $(DEB_SRC_ROOT)
+
+$(PF9_BYOHOST_DEB_FILE): $(DEB_SRC_ROOT)
+	fpm -t deb -s dir -n pf9-byohost-agent \
+	 --description "Platform9 Bring Your Own Host deb package" \
+	 --license "Commercial" --architecture all --url "http://www.platform9.net" --vendor Platform9 \
+	 -d socat -d ethtool -d ebtables -d conntrack \
+	 --after-install $(AGENT_SRC_DIR)/scripts/pf9-byohost-agent-after-install.sh \
+	 --before-remove $(AGENT_SRC_DIR)/scripts/pf9-byohost-agent-before-remove.sh \
+	 --after-remove $(AGENT_SRC_DIR)/scripts/pf9-byohost-agent-after-remove.sh \
+	 -p $(PF9_BYOHOST_DEB_FILE) \
+	 -C $(DEB_SRC_ROOT)/ .
+	$(AGENT_SRC_DIR)/sign_packages_deb.sh $(PF9_BYOHOST_DEB_FILE)
+	md5sum $(PF9_BYOHOST_DEB_FILE) | cut -d' ' -f 1 > $(PF9_BYOHOST_DEB_FILE).md5
+
+build-host-agent-deb: $(PF9_BYOHOST_DEB_FILE)
+
+########################################################################
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-get-tool

apis/infrastructure/v1beta1/byohost_webhook.go

@@ -23,9 +23,9 @@ type ByoHostValidator struct {
 }
 
 // To allow byoh manager service account to patch ByoHost CR
-const managerServiceAccount = "system:serviceaccount:byoh-system:byoh-controller-manager"
+const managerServiceAccount = "system:serviceaccount:kaapi:byoh-controller-manager"
 
-//nolint: gocritic
+// nolint: gocritic
 // Handle handles all the requests for ByoHost resource
 func (v *ByoHostValidator) Handle(ctx context.Context, req admission.Request) admission.Response {
 	var response admission.Response
@@ -49,16 +49,15 @@ func (v *ByoHostValidator) handleCreateUpdate(req *admission.Request) admission.
 	}
 	userName := req.UserInfo.Username
 	// allow manager service account to patch ByoHost
-	if userName == managerServiceAccount && req.Operation == v1.Update {
+	if userName == managerServiceAccount {
 		return admission.Allowed("")
 	}
 	substrs := strings.Split(userName, ":")
+
 	if len(substrs) < 2 { //nolint: gomnd
 		return admission.Denied(fmt.Sprintf("%s is not a valid agent username", userName))
 	}
-	if !strings.Contains(byoHost.Name, substrs[2]) {
-		return admission.Denied(fmt.Sprintf("%s cannot create/update resource %s", userName, byoHost.Name))
-	}
+
 	return admission.Allowed("")
 }