Update Konflux to run on main branch (#1590)

* Update registry.access.redhat.com/ubi9/go-toolset Docker digest to 5049a9d (#1546) Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com> * Red Hat Konflux update endpoint-monitoring-operator-acm-212 (#1541) * Red Hat Konflux update endpoint-monitoring-operator-acm-212 Signed-off-by: red-hat-konflux <[email protected]> * update builder Signed-off-by: Coleen Iona Quadros <[email protected]> --------- Signed-off-by: Coleen Iona Quadros <[email protected]> Co-authored-by: red-hat-konflux <[email protected]> Co-authored-by: Coleen Iona Quadros <[email protected]> * Red Hat Konflux update grafana-dashboard-loader-acm-212 (#1542) * Red Hat Konflux update grafana-dashboard-loader-acm-212 Signed-off-by: red-hat-konflux <[email protected]> * update Signed-off-by: Coleen Iona Quadros <[email protected]> --------- Signed-off-by: Coleen Iona Quadros <[email protected]> Co-authored-by: red-hat-konflux <[email protected]> Co-authored-by: Coleen Iona Quadros <[email protected]> * Red Hat Konflux update metrics-collector-acm-212 (#1543) * Red Hat Konflux update metrics-collector-acm-212 Signed-off-by: red-hat-konflux <[email protected]> * update build Signed-off-by: Coleen Iona Quadros <[email protected]> --------- Signed-off-by: Coleen Iona Quadros <[email protected]> Co-authored-by: red-hat-konflux <[email protected]> Co-authored-by: Coleen Iona Quadros <[email protected]> * Red Hat Konflux update rbac-query-proxy-acm-212 (#1545) * Red Hat Konflux update rbac-query-proxy-acm-212 Signed-off-by: red-hat-konflux <[email protected]> * update Signed-off-by: Coleen Iona Quadros <[email protected]> --------- Signed-off-by: Coleen Iona Quadros <[email protected]> Co-authored-by: red-hat-konflux <[email protected]> Co-authored-by: Coleen Iona Quadros <[email protected]> * Red Hat Konflux update multicluster-observability-operator-acm-212 (#1544) * Red Hat Konflux update multicluster-observability-operator-acm-212 Signed-off-by: red-hat-konflux <[email protected]> * Update Dockerfile Signed-off-by: Coleen Iona Quadros <[email protected]> * update Signed-off-by: Coleen Iona Quadros <[email protected]> * update build Signed-off-by: Coleen Iona Quadros <[email protected]> --------- Signed-off-by: Coleen Iona Quadros <[email protected]> Co-authored-by: red-hat-konflux <[email protected]> Co-authored-by: Coleen Iona Quadros <[email protected]> * Update Konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> * make target branch main for pull request Signed-off-by: Coleen Iona Quadros <[email protected]> --------- Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> Signed-off-by: Coleen Iona Quadros <[email protected]> Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com> Co-authored-by: red-hat-konflux <[email protected]> lint Signed-off-by: Coleen Iona Quadros <[email protected]> lint Signed-off-by: Coleen Iona Quadros <[email protected]> ACM-12794: forward auth header to datasource (#1589) * ACM-12794: forward auth header to datasource This allows rbac-query-proxy to authentication against obs-api. This is needed as Grafana no longer automatically forwards the header (and for now only does so in our patched Grafana version). Signed-off-by: Jacob Baungard Hansen <[email protected]> * Just forward access token We can infer the username, so I think just forwarding what we actually need might make this slightly more resiliant to future Grafana changes. Signed-off-by: Jacob Baungard Hansen <[email protected]> --------- Signed-off-by: Jacob Baungard Hansen <[email protected]> update Signed-off-by: Coleen Iona Quadros <[email protected]> update Signed-off-by: Coleen Iona Quadros <[email protected]> Revert "Avoid Concurrent writes to ManagedClusterList (#1516)" This reverts commit d642b5f. update Signed-off-by: Coleen Iona Quadros <[email protected]>
stolostron · Aug 29, 2024 · d3940c2 · d3940c2
1 parent 858e141
commit d3940c2
Show file tree

Hide file tree

Showing 14 changed files with 50 additions and 41 deletions.
diff --git a/.tekton/endpoint-monitoring-operator-acm-212-pull-request.yaml b/.tekton/endpoint-monitoring-operator-acm-212-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "release-2.12"
+      == "main"
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: release-acm-212

diff --git a/.tekton/grafana-dashboard-loader-acm-212-pull-request.yaml b/.tekton/grafana-dashboard-loader-acm-212-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "release-2.12"
+      == "main"
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: release-acm-212

diff --git a/.tekton/metrics-collector-acm-212-pull-request.yaml b/.tekton/metrics-collector-acm-212-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "release-2.12"
+      == "main"
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: release-acm-212

diff --git a/.tekton/multicluster-observability-operator-acm-212-pull-request.yaml b/.tekton/multicluster-observability-operator-acm-212-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "release-2.12"
+      == "main"
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: release-acm-212

diff --git a/.tekton/rbac-query-proxy-acm-212-pull-request.yaml b/.tekton/rbac-query-proxy-acm-212-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "release-2.12"
+      == "main"
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: release-acm-212

diff --git a/loaders/dashboards/Dockerfile b/loaders/dashboards/Dockerfile
@@ -1,12 +1,12 @@
 # Copyright Contributors to the Open Cluster Management project
 
-FROM registry.ci.openshift.org/stolostron/builder:go1.21-linux AS builder
+FROM registry.ci.openshift.org/stolostron/builder:go1.22-linux AS builder
 
 WORKDIR /workspace
 COPY go.sum go.mod ./loaders/dashboards ./
 COPY ./loaders/dashboards ./loaders/dashboards
 
-RUN CGO_ENABLED=1 go build -a -installsuffix cgo -v -o main loaders/dashboards/cmd/main.go
+RUN CGO_ENABLED=1 GOFLAGS="" go build -a -installsuffix cgo -v -o main loaders/dashboards/cmd/main.go
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
 

diff --git a/...rvability/bundle/manifests/multicluster-observability-operator.clusterserviceversion.yaml b/...rvability/bundle/manifests/multicluster-observability-operator.clusterserviceversion.yaml
@@ -458,13 +458,13 @@ spec:
           - patch
           - delete
         - apiGroups:
-            - image.openshift.io
+          - image.openshift.io
           resources:
-            - imagestreams
+          - imagestreams
           verbs:
-            - get
-            - list
-            - watch          
+          - get
+          - list
+          - watch
         serviceAccountName: multicluster-observability-operator
       deployments:
       - label:

diff --git a/operators/multiclusterobservability/controllers/multiclusterobservability/grafana.go b/operators/multiclusterobservability/controllers/multiclusterobservability/grafana.go
@@ -62,10 +62,11 @@ type JsonData struct {
 	TLSAuth   bool `yaml:"tlsAuth,omitempty"`
 	TLSAuthCA bool `yaml:"tlsAuthWithCACert,omitempty"`
 	// Timeout is the request timeout in seconds for an HTTP datasource.
-	Timeout               string `yaml:"timeout,omitempty"`
-	HttpMethod            string `yaml:"httpMethod,omitempty"`
-	TimeInterval          string `yaml:"timeInterval,omitempty"`
-	CustomQueryParameters string `yaml:"customQueryParameters,omitempty"`
+	Timeout               string   `yaml:"timeout,omitempty"`
+	HttpMethod            string   `yaml:"httpMethod,omitempty"`
+	TimeInterval          string   `yaml:"timeInterval,omitempty"`
+	CustomQueryParameters string   `yaml:"customQueryParameters,omitempty"`
+	ForwardHeaders        []string `yaml:"forwardHeaders,omitempty"`
 }
 
 type SecureJsonData struct {
@@ -104,6 +105,7 @@ func GenerateGrafanaDataSource(
 					Timeout:               "300",
 					CustomQueryParameters: "max_source_resolution=auto",
 					TimeInterval:          fmt.Sprintf("%ds", mco.Spec.ObservabilityAddonSpec.Interval),
+					ForwardHeaders:        []string{"X-Forwarded-Access-Token"},
 				},
 			},
 			{
@@ -120,6 +122,7 @@ func GenerateGrafanaDataSource(
 					Timeout:               "300",
 					CustomQueryParameters: "max_source_resolution=auto",
 					TimeInterval:          fmt.Sprintf("%ds", DynamicTimeInterval),
+					ForwardHeaders:        []string{"X-Forwarded-Access-Token"},
 				},
 			},
 		},

diff --git a/...servability/controllers/multiclusterobservability/multiclusterobservability_controller.go b/...servability/controllers/multiclusterobservability/multiclusterobservability_controller.go
@@ -453,8 +453,6 @@ func (r *MultiClusterObservabilityReconciler) SetupWithManager(mgr ctrl.Manager)
 	cmPred := GetConfigMapPredicateFunc()
 	secretPred := GetAlertManagerSecretPredicateFunc()
 	namespacePred := GetNamespacePredicateFunc()
-	imageStreamPred := GetImageStreamPredicateFunc()
-
 	ctrBuilder := ctrl.NewControllerManagedBy(mgr).
 		// Watch for changes to primary resource MultiClusterObservability with predicate
 		For(&mcov1beta2.MultiClusterObservability{}, builder.WithPredicates(mcoPred)).
@@ -481,9 +479,6 @@ func (r *MultiClusterObservabilityReconciler) SetupWithManager(mgr ctrl.Manager)
 		// Watch the namespace for changes
 		Watches(&corev1.Namespace{}, &handler.EnqueueRequestForObject{},
 			builder.WithPredicates(namespacePred)).
-		// Watch the imagestream for changes
-		Watches(&imagev1.ImageStream{}, &handler.EnqueueRequestForObject{},
-			builder.WithPredicates(imageStreamPred)).
 		// Watch the kube-system extension-apiserver-authentication ConfigMap for changes
 		Watches(&corev1.ConfigMap{}, handler.EnqueueRequestsFromMapFunc(
 			func(ctx context.Context, a client.Object) []reconcile.Request {
@@ -498,6 +493,23 @@ func (r *MultiClusterObservabilityReconciler) SetupWithManager(mgr ctrl.Manager)
 				return nil
 			}), builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}))
 
+	if _, err := mgr.GetRESTMapper().KindFor(schema.GroupVersionResource{
+		Group:    "image.openshift.io",
+		Version:  "v1",
+		Resource: "imagestreams",
+	}); err != nil {
+		if meta.IsNoMatchError(err) {
+			log.Info("image.openshift.io/v1/imagestreams is not available")
+		} else {
+			log.Error(err, "failed to get kind for image.openshift.io/v1/imagestreams")
+			os.Exit(1)
+		}
+	} else {
+		// Images stream is only available in OpenShift
+		imageStreamPred := GetImageStreamPredicateFunc()
+		ctrBuilder = ctrBuilder.Watches(&imagev1.ImageStream{}, &handler.EnqueueRequestForObject{}, builder.WithPredicates(imageStreamPred))
+	}
+
 	mchGroupKind := schema.GroupKind{Group: mchv1.GroupVersion.Group, Kind: "MultiClusterHub"}
 	if _, err := r.RESTMapper.RESTMapping(mchGroupKind, mchv1.GroupVersion.Version); err == nil {
 		mchPred := GetMCHPredicateFunc(c)

diff --git a/operators/multiclusterobservability/controllers/placementrule/customize_img.go b/operators/multiclusterobservability/controllers/placementrule/customize_img.go
@@ -45,6 +45,7 @@ var (
 
 func updateManagedClusterImageRegistry(obj client.Object) {
 	if imageReg, ok := obj.GetAnnotations()[ClusterImageRegistriesAnnotation]; ok {
+		log.Info("Coleen: updateManagedClusterImageRegistry")
 		managedClusterImageRegistryMutex.Lock()
 		managedClusterImageRegistry[obj.GetName()] = imageReg
 		managedClusterImageRegistryMutex.Unlock()

diff --git a/operators/multiclusterobservability/controllers/placementrule/manifestwork.go b/operators/multiclusterobservability/controllers/placementrule/manifestwork.go
@@ -438,6 +438,7 @@ func createManifestWorks(
 	}
 
 	if pullSecret != nil && !hasCustomRegistry {
+		log.Info("Coleen debug: inject pull secret into work")
 		manifests = injectIntoWork(manifests, pullSecret)
 	}
 

diff --git a/operators/multiclusterobservability/main.go b/operators/multiclusterobservability/main.go
@@ -10,9 +10,9 @@ import (
 	"fmt"
 	"os"
 
-	imagev1client "github.com/openshift/client-go/image/clientset/versioned/typed/image/v1"
-	"k8s.io/apimachinery/pkg/api/meta"
+	imagev1 "github.com/openshift/api/image/v1"
 
+	imagev1client "github.com/openshift/client-go/image/clientset/versioned/typed/image/v1"
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
 
@@ -72,6 +72,7 @@ func init() {
 	utilruntime.Must(observatoriumAPIs.AddToScheme(scheme))
 	utilruntime.Must(prometheusv1.AddToScheme(scheme))
 	utilruntime.Must(addonv1alpha1.AddToScheme(scheme))
+	utilruntime.Must(imagev1.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }
 
@@ -285,19 +286,6 @@ func main() {
 		config.MCGHCrdName:                    mcghCrdExists,
 	}
 
-	if _, err := mgr.GetRESTMapper().KindFor(schema.GroupVersionResource{
-		Group:    "image.openshift.io",
-		Version:  "v1",
-		Resource: "imagestreams",
-	}); err != nil {
-		if meta.IsNoMatchError(err) {
-			setupLog.Info("image.openshift.io/v1/imagestreams is not available")
-		} else {
-			setupLog.Error(err, "failed to get kind for image.openshift.io/v1/imagestreams")
-			os.Exit(1)
-		}
-	}
-
 	imageClient, err := imagev1client.NewForConfig(ctrl.GetConfigOrDie())
 	if err != nil {
 		setupLog.Error(err, "failed to create openshift image client")

diff --git a/operators/multiclusterobservability/pkg/rendering/renderer_alertmanager_test.go b/operators/multiclusterobservability/pkg/rendering/renderer_alertmanager_test.go
@@ -40,10 +40,9 @@ func TestAlertManagerRenderer(t *testing.T) {
 	}
 
 	containerNameToMchKey := map[string]string{
-		"alertmanager":       "prometheus_alertmanager",
-		"config-reloader":    "configmap_reloader",
-		"alertmanager-proxy": "oauth_proxy",
-		"kube-rbac-proxy":    "kube_rbac_proxy",
+		"alertmanager":    "prometheus_alertmanager",
+		"config-reloader": "configmap_reloader",
+		"kube-rbac-proxy": "kube_rbac_proxy",
 	}
 	mchImageManifest := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
@@ -75,6 +74,11 @@ func TestAlertManagerRenderer(t *testing.T) {
 			sts := &appsv1.StatefulSet{}
 			runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, sts)
 			for _, container := range sts.Spec.Template.Spec.Containers {
+				// oauth-proxy container is not in the mch-image-manifest configmap
+				// we use image-streams to get image for oauth-proxy
+				if container.Name == "alertmanager-proxy" {
+					continue
+				}
 				assert.Equal(t, mchImageManifest.Data[containerNameToMchKey[container.Name]], container.Image)
 			}
 		}

diff --git a/proxy/Dockerfile b/proxy/Dockerfile
@@ -6,7 +6,7 @@ WORKDIR /workspace
 COPY go.sum go.mod ./
 COPY ./proxy ./proxy
 
-RUN CGO_ENABLED=1 go build -a -installsuffix cgo -v -o main proxy/cmd/main.go
+RUN CGO_ENABLED=1 GOFLAGS="" go build -a -installsuffix cgo -v -o main proxy/cmd/main.go
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
-Original file line number
+Diff line change
@@ Expand Up / @@ -438,6 +438,7 @@ func createManifestWorks( @@
     	}
     	if pullSecret != nil && !hasCustomRegistry {
+    		log.Info("Coleen debug: inject pull secret into work")
     		manifests = injectIntoWork(manifests, pullSecret)
     	}
@@ Expand Down @@