weaveworks / flux2-openshift Goto Github PK

View Code? Open in Web Editor NEW

4.0 4.0 4.0 406 KB

OperatorHub submission repo for Flux2

License: Apache License 2.0

Makefile 2.57% JavaScript 50.61% Shell 34.20% Dockerfile 12.62%

flux2-openshift's People

Contributors

Stargazers

Watchers

Forkers

kingdonb yuriolisa isabella232 souleb

flux2-openshift's Issues

Publish v0.16.2 to Operator Hub and RH Community Operators

Tasks:

generated
tested with OLM lcally
fixed labels on deployments #7
published to Operator Hub
k8s-operatorhub/community-operators#101
published to RH Community Operators
redhat-openshift-ecosystem/community-operators-prod#90

Add app.kubernetes.io/instance label for flux logs

This bug reported by @kingdonb.

We require a proper set of labels for flux logs to work properly.

Previously proposed PR #5

OperatorHub instructions result in ClusterRoleBindings that are ineffective

Following the OperatorHub instructions literally results in the flux operator going in the operators namespace

https://operatorhub.io/operator/flux

The ClusterRoleBindings have hardcoded references to flux-system for the service accounts that should be used as the default SA for Flux reconcilers. The result is some ineffective ClusterRoleBindings that do not grant any permission to any extant service accounts.

I mentioned this in:

fluxcd/flux2#1673

but wanted to open a separate issue to track it here, since it is definitely not a flux CLI problem.

Enable Multi-tenancy lockdown

Enable multi-tenancy lockdown as described in the doc.

Make sure to ship both v1beta1 and v1beta2 of KS CRDs

Make install error

Trying to build new Operator and with the latest version of 0.34.0, I get the following error:

make release
./release.sh
Flux version: 0.34.0
Generating the manifests using the built CLI ...
Exporting gotk-components.yaml ...
make: *** [Makefile:2: release] Error 1

I also tried version 0.33.0 with no success. I went back to version 0.32 and this worked fine.

Looks like there were some changes after version 0.32.0, that is causing this issue.

flux-error.mp4

Flux namespace is missing labels

Comparing the result of kubectl describe ns flux-system after flux bootstrap on a Kind cluster:

app.kubernetes.io/instance=flux-system
app.kubernetes.io/part-of=flux
app.kubernetes.io/version=v0.31.2
kubernetes.io/metadata.name=flux-system
kustomize.toolkit.fluxcd.io/name=flux-system
kustomize.toolkit.fluxcd.io/namespace=flux-system
pod-security.kubernetes.io/warn=restricted
pod-security.kubernetes.io/warn-version=latest

and install via the operator:

kubernetes.io/metadata.name=flux-system

This results in the Flux Runtime view in Weave GitOps failing to display any controllers. Which can be resolved by manually adding the part-of label i.e. kubectl label ns flux-system app.kubernetes.io/part-of='flux'

weaveworks/weave-gitops#2382

Updating Flux 0.36 -> 0.37 gives error: CannotUpdate

A few days ago, Flux started trying to update itself from 0.36 to 0.37. It then began failing. The 0.37 version is stuck in a Pending state due to a RequirementsNotMet: one or more requirements couldn't be found error. 0.36 was in a Failing state.

OLM Logs:

I1128 02:12:22.717658       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, subscription flux exists, subscription flux requires @existing/flux-system//flux.v0.37.0, @existing/flux-system//flux.v0.37.0 and @existing/flux-system//flux.v0.36.0 provide HelmRelease (helm.toolkit.fluxcd.io/v2beta1)
time="2022-11-28T02:12:23Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:23.716878       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: @existing/flux-system//flux.v0.37.0 and @existing/flux-system//flux.v0.36.0 originate from package flux, clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, subscription flux exists, subscription flux requires @existing/flux-system//flux.v0.37.0
time="2022-11-28T02:12:24Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:24.717529       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: subscription flux requires @existing/flux-system//flux.v0.37.0, @existing/flux-system//flux.v0.37.0 and @existing/flux-system//flux.v0.36.0 provide Kustomization (kustomize.toolkit.fluxcd.io/v1beta2), clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, subscription flux exists
time="2022-11-28T02:12:25Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:25.716471       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: subscription flux exists, clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, @existing/flux-system//flux.v0.37.0 and @existing/flux-system//flux.v0.36.0 provide Bucket (source.toolkit.fluxcd.io/v1beta1), subscription flux requires @existing/flux-system//flux.v0.37.0
time="2022-11-28T02:12:26Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:26.717348       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: @existing/flux-system//flux.v0.37.0 and @existing/flux-system//flux.v0.36.0 provide ImagePolicy (image.toolkit.fluxcd.io/v1beta1), clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, subscription flux exists, subscription flux requires @existing/flux-system//flux.v0.37.0
time="2022-11-28T02:12:27Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:27.718395       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: subscription flux exists, @existing/flux-system//flux.v0.36.0 and @existing/flux-system//flux.v0.37.0 originate from package flux, clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, subscription flux requires @existing/flux-system//flux.v0.37.0
time="2022-11-28T02:12:28Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:28.718722       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: subscription flux exists, clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, @existing/flux-system//flux.v0.36.0 and @existing/flux-system//flux.v0.37.0 provide ImageRepository (image.toolkit.fluxcd.io/v1beta1), subscription flux requires @existing/flux-system//flux.v0.37.0
time="2022-11-28T02:12:29Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:29.718087       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: subscription flux exists, clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, @existing/flux-system//flux.v0.36.0 and @existing/flux-system//flux.v0.37.0 provide Provider (notification.toolkit.fluxcd.io/v1beta1), subscription flux requires @existing/flux-system//flux.v0.37.0
time="2022-11-28T02:12:30Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:30.717538       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: subscription flux requires @existing/flux-system//flux.v0.37.0, subscription flux exists, @existing/flux-system//flux.v0.37.0 and @existing/flux-system//flux.v0.36.0 provide HelmChart (source.toolkit.fluxcd.io/v1beta2), clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription
time="2022-11-28T02:12:31Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
I1128 02:12:31.717771       1 event.go:282] Event(v1.ObjectReference{Kind:"Namespace", Namespace:"", Name:"flux-system", UID:"203c94e7-1df1-4a48-a2e2-d882dd13c68d", APIVersion:"v1", ResourceVersion:"539695358", FieldPath:""}): type: 'Warning' reason: 'ResolutionFailed' constraints not satisfiable: subscription flux exists, subscription flux requires @existing/flux-system//flux.v0.37.0, clusterserviceversion flux.v0.36.0 exists and is not referenced by a subscription, @existing/flux-system//flux.v0.37.0 and @existing/flux-system//flux.v0.36.0 provide HelmChart (source.toolkit.fluxcd.io/v1beta1)

I attempted to perform the steps in this RedHat article, but they didn't work (Delete the Subscription and CSVs, re-install).

Logs post re-install

time="2022-11-28T02:24:22Z" level=info msg=syncing event=update reconciling="*v1alpha1.Subscription" selflink=
time="2022-11-28T02:24:22Z" level=info msg=syncing id=b/zWa ip=install-k8vlf namespace=flux-system phase=Installing
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=ocirepository.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=Service" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=webhook-receiver.service.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=ClusterRole" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=crd-controller-flux-system.clusterrole.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=kustomization.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=ClusterRoleBinding" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=cluster-reconciler-flux-system.clusterrolebinding.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=receiver.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=provider.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=Service" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=source-controller.service.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=helmrelease.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=imageupdateautomation.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=imagepolicy.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=gitrepository.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=helmrepository.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=helmchart.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=imagerepository.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=bucket.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=ClusterServiceVersion" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=flux.v0.37.0.clusterserviceversion.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=CustomResourceDefinition" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=alert.crd.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=ClusterRoleBinding" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=crd-controller-flux-system.clusterrolebinding.yaml
time="2022-11-28T02:24:23Z" level=info msg="added to bundle, Kind=Service" configmap=openshift-marketplace/117acbb8c3636cc0e69f7d4db4f352bb74df05c0154698c1603646f69a7a6d8 key=notification-controller.service.yaml
time="2022-11-28T02:24:23Z" level=error msg="risk of data loss updating \"imagepolicies.image.toolkit.fluxcd.io\": new CRD removes version v1alpha1 that is listed as a stored version on the existing CRD"

Anyone seen this issue before? I must admit, I'm not all that familiar with how operators work, so any help or advice would be appreciated.

Changes on Flux v0.26.0

We are rolling out a few security related changes in flux2 that may impact flux2-openshift.
Here's a summary of them:

Enable Seccomp by default using new API (requires Kubernetes 1.19).
Hard-code userId on container images and enable securityContext.runAsNonRoot.
Drop all capabilities that are not being used.

I will link the PRs here to keep track of progress.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble