extend osbuilder exporter job and osartifact crd spec

2025-09-12 13:26:44 +00:00 · 2025-01-30 15:02:51 +01:00
parent 3b76681196
commit 2a3c0c9f33
12 changed files with 660 additions and 152 deletions
--- a/api/v1alpha2/osartifact_types.go
+++ b/api/v1alpha2/osartifact_types.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha2

 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

@@ -40,45 +41,101 @@ type OSArtifactSpec struct {
 	// +kubebuilder:validation:Enum:=rpi3;rpi4
 	Model *Model `json:"model,omitempty"`

-	CloudConfigRef *SecretKeySelector `json:"cloudConfigRef,omitempty"`
+	// +optional
+	CloudConfigRef *corev1.SecretKeySelector `json:"cloudConfigRef,omitempty"`

-	Bundles     []string          `json:"bundles,omitempty"`
+	// +optional
+	Bundles []string `json:"bundles,omitempty"`
+
+	// +optional
 	FileBundles map[string]string `json:"fileBundles,omitempty"`

-	OutputImage *OutputImage `json:"outputImage,omitempty"`
-}
-
-type SecretKeySelector struct {
-	Name string `json:"name"`
+	// Exporter when provided it will spawn an exporter job that
+	// pushes images built by the osbuilder to the provided registry.
 	// +optional
-	Key string `json:"key,omitempty"`
+	Exporter *ExporterSpec `json:"exporter,omitempty"`
 }

-type RegistryCloud string
+type RegistryType string

 const (
-	// RegistryCloudECR ensures that special env variables will be injected
+	// RegistryTypeECR ensures that special env variables will be injected
 	// into the exporter job to allow kaniko to automatically auth with the
 	// ecr registry to push the images.
-	RegistryCloudECR RegistryCloud = "ecr"
-	// RegistryCloudOther requires from user to provide username/password secret
+	RegistryTypeECR RegistryType = "ecr"
+	// RegistryTypeOther requires from user to provide username/password secret
 	// in order for kaniko to be able to authenticate with the container registry.
-	RegistryCloudOther RegistryCloud = "other"
+	RegistryTypeOther RegistryType = "other"
 )

-type OutputImage struct {
+type ExporterSpec struct {
+	// Registry is a registry spec used to push the final images built by the osbuilder.
+	// +required
+	Registry RegistrySpec `json:"registry"`
+
+	// ServiceAccount allows overriding 'default' SA bound to the exporter pods.
+	// +optional
+	ServiceAccount *string `json:"serviceAccount,omitempty"`
+
+	// ExtraEnvVars allows to append extra env vars to the exporter pods.
+	// +optional
+	ExtraEnvVars *[]corev1.EnvVar `json:"extraEnvVars,omitempty"`
+}
+
+func (in *ExporterSpec) IsECRRegistry() bool {
+	return in.Registry.Type == RegistryTypeECR
+}
+
+func (in *ExporterSpec) HasDockerConfigSecret() bool {
+	return in.Registry.DockerConfigSecretKeyRef != nil
+}
+
+func (in *ExporterSpec) HasExtraEnvVars() bool {
+	return in.ExtraEnvVars != nil && len(*in.ExtraEnvVars) > 0
+}
+
+func (in *ExporterSpec) ServiceAccountName() string {
+	if in.ServiceAccount == nil || len(*in.ServiceAccount) == 0 {
+		// Default SA name. Always exists.
+		return "default"
+	}
+
+	return *in.ServiceAccount
+}
+
+type ImageSpec struct {
+	// Repository is the name of repository where image is being pushed.
+	// +required
+	Repository string `json:"repository"`
+
+	// Tag is the tag name of the image being pushed. Defaults to 'latest' if not provided.
+	// +optional
+	Tag string `json:"tag,omitempty"`
+}
+
+type RegistrySpec struct {
+	// Name is a DNS name of the registry. It has to be accessible by the pod.
+	// +required
+	Name string `json:"name"`
+
+	// Type is a kind of registry being used. Currently supported values are:
+	// 	- ecr 	- Amazon Elastic Container Registry. Use only if a pod runs on
+	//			  an eks cluster and has permissions to push to the registry.
+	//	- other - Any other type of the registry. It requires DockerConfigSecretKeyRef
+	//			  to be provided in order to auth to the registry.
 	// +kubebuilder:validation:Enum=ecr;other
 	// +kubebuilder:default=other
 	// +required
-	Cloud RegistryCloud `json:"cloud"`
+	Type RegistryType `json:"type"`
+
+	// Image defines the image details required to push image to the registry.
+	// +required
+	Image ImageSpec `json:"image"`
+
+	// DockerConfigSecretKeyRef is a reference to the secret that holds the `config.json` auth file.
+	// It should be in a format that `docker login` can accept to auth to the registry.
 	// +optional
-	Registry string `json:"registry,omitempty"`
-	// +optional
-	Repository string `json:"repository,omitempty"`
-	// +optional
-	Tag string `json:"tag,omitempty"`
-	// +optional
-	DockerConfigSecretKeyRef *SecretKeySelector `json:"dockerConfigSecretKeyRef,omitempty"`
+	DockerConfigSecretKeyRef *corev1.SecretKeySelector `json:"dockerConfigSecretKeyRef,omitempty"`
 }

 type ArtifactPhase string
--- a/api/v1alpha2/zz_generated.deepcopy.go
+++ b/api/v1alpha2/zz_generated.deepcopy.go
@@ -21,10 +21,58 @@ limitations under the License.
 package v1alpha2

 import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExporterSpec) DeepCopyInto(out *ExporterSpec) {
+	*out = *in
+	in.Registry.DeepCopyInto(&out.Registry)
+	if in.ServiceAccount != nil {
+		in, out := &in.ServiceAccount, &out.ServiceAccount
+		*out = new(string)
+		**out = **in
+	}
+	if in.ExtraEnvVars != nil {
+		in, out := &in.ExtraEnvVars, &out.ExtraEnvVars
+		*out = new([]v1.EnvVar)
+		if **in != nil {
+			in, out := *in, *out
+			*out = make([]v1.EnvVar, len(*in))
+			for i := range *in {
+				(*in)[i].DeepCopyInto(&(*out)[i])
+			}
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExporterSpec.
+func (in *ExporterSpec) DeepCopy() *ExporterSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ExporterSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ImageSpec) DeepCopyInto(out *ImageSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec.
+func (in *ImageSpec) DeepCopy() *ImageSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ImageSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OSArtifact) DeepCopyInto(out *OSArtifact) {
 	*out = *in
@@ -94,8 +142,8 @@ func (in *OSArtifactSpec) DeepCopyInto(out *OSArtifactSpec) {
 	}
 	if in.CloudConfigRef != nil {
 		in, out := &in.CloudConfigRef, &out.CloudConfigRef
-		*out = new(SecretKeySelector)
-		**out = **in
+		*out = new(v1.SecretKeySelector)
+		(*in).DeepCopyInto(*out)
 	}
 	if in.Bundles != nil {
 		in, out := &in.Bundles, &out.Bundles
@@ -109,9 +157,9 @@ func (in *OSArtifactSpec) DeepCopyInto(out *OSArtifactSpec) {
 			(*out)[key] = val
 		}
 	}
-	if in.OutputImage != nil {
-		in, out := &in.OutputImage, &out.OutputImage
-		*out = new(OutputImage)
+	if in.Exporter != nil {
+		in, out := &in.Exporter, &out.Exporter
+		*out = new(ExporterSpec)
 		(*in).DeepCopyInto(*out)
 	}
 }
@@ -131,7 +179,7 @@ func (in *OSArtifactStatus) DeepCopyInto(out *OSArtifactStatus) {
 	*out = *in
 	if in.Conditions != nil {
 		in, out := &in.Conditions, &out.Conditions
-		*out = make([]v1.Condition, len(*in))
+		*out = make([]metav1.Condition, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -149,36 +197,22 @@ func (in *OSArtifactStatus) DeepCopy() *OSArtifactStatus {
 }

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OutputImage) DeepCopyInto(out *OutputImage) {
+func (in *RegistrySpec) DeepCopyInto(out *RegistrySpec) {
 	*out = *in
+	out.Image = in.Image
 	if in.DockerConfigSecretKeyRef != nil {
 		in, out := &in.DockerConfigSecretKeyRef, &out.DockerConfigSecretKeyRef
-		*out = new(SecretKeySelector)
-		**out = **in
+		*out = new(v1.SecretKeySelector)
+		(*in).DeepCopyInto(*out)
 	}
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutputImage.
-func (in *OutputImage) DeepCopy() *OutputImage {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrySpec.
+func (in *RegistrySpec) DeepCopy() *RegistrySpec {
 	if in == nil {
 		return nil
 	}
-	out := new(OutputImage)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.
-func (in *SecretKeySelector) DeepCopy() *SecretKeySelector {
-	if in == nil {
-		return nil
-	}
-	out := new(SecretKeySelector)
+	out := new(RegistrySpec)
 	in.DeepCopyInto(out)
 	return out
 }