Skip to content

MCO-1521: Promote PinnedImageSet to GA #2198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-bot merged 1 commit into from
Mar 20, 2025
Merged

MCO-1521: Promote PinnedImageSet to GA #2198

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion hack/update-payload-crds.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,13 @@ crd_globs="\
operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers*.crd.yaml
config/v1/zz_generated.crd-manifests/0000_10_openshift-controller-manager_01_builds*.crd.yaml
operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigpools*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigs*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosbuilds*.crd.yaml
machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineosconfigs*.crd.yaml
machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes*.crd.yaml
machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets*.crd.yaml
Comment thread
RishabhSaini marked this conversation as resolved.
operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations*.crd.yaml
Expand Down
2 changes: 2 additions & 0 deletions machineconfiguration/v1/register.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&MachineOSConfigList{},
&MachineOSBuild{},
&MachineOSBuildList{},
&PinnedImageSet{},
&PinnedImageSetList{},
)

metav1.AddToGroupVersion(scheme, GroupVersion)
Expand Down
81 changes: 81 additions & 0 deletions ...onfiguration/v1/tests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "PinnedImageSet"
crdName: pinnedimagesets.machineconfiguration.openshift.io
featureGate: PinnedImages
tests:
onCreate:
- name: Should be able to create a minimal PinnedImageSet
initial: |
apiVersion: machineconfiguration.openshift.io/v1
kind: PinnedImageSet
metadata:
name: foobar
labels:
machineconfiguration.openshift.io/role: "master"
spec:
pinnedImages:
- name: registry.example.com/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
expected: |
apiVersion: machineconfiguration.openshift.io/v1
kind: PinnedImageSet
metadata:
name: foobar
labels:
machineconfiguration.openshift.io/role: "master"
spec:
pinnedImages:
- name: registry.example.com/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
- name: Should be able to create a PinnedImageSet with the PinnedImageRef name containing a port
initial: |
apiVersion: machineconfiguration.openshift.io/v1
kind: PinnedImageSet
metadata:
name: foobar
labels:
machineconfiguration.openshift.io/role: "master"
spec:
pinnedImages:
- name: registry.example.com:5000/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
expected: |
apiVersion: machineconfiguration.openshift.io/v1
kind: PinnedImageSet
metadata:
name: foobar
labels:
machineconfiguration.openshift.io/role: "master"
spec:
pinnedImages:
- name: registry.example.com:5000/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
- name: Should be able to create a PinnedImageSet with the PinnedImageRef name containing a namespace
initial: |
apiVersion: machineconfiguration.openshift.io/v1
kind: PinnedImageSet
metadata:
name: foobar
labels:
machineconfiguration.openshift.io/role: "master"
spec:
pinnedImages:
- name: registry.example.com/my-namespace/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
expected: |
apiVersion: machineconfiguration.openshift.io/v1
kind: PinnedImageSet
metadata:
name: foobar
labels:
machineconfiguration.openshift.io/role: "master"
spec:
pinnedImages:
- name: registry.example.com/my-namespace/custom-os-image@sha256:86d26e7ebcccd6f07a75db5b1e56283b25c2ee1c6a755d6ffc5a4d59beb9c504
- name: Fail on invalid PinnedImageRef name
initial: |
apiVersion: machineconfiguration.openshift.io/v1
kind: PinnedImageSet
metadata:
name: foobar
labels:
machineconfiguration.openshift.io/role: "master"
spec:
pinnedImages:
- name: foo.bar
expectedError: "spec.pinnedImages[0].name: Invalid value: \"string\": the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long"
86 changes: 86 additions & 0 deletions machineconfiguration/v1/types_pinnedimageset.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
package v1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:object:root=true
// +kubebuilder:resource:path=pinnedimagesets,scope=Cluster
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2198
// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01
// +openshift:enable:FeatureGate=PinnedImages
// +kubebuilder:metadata:labels=openshift.io/operator-managed=
Comment thread
RishabhSaini marked this conversation as resolved.

// PinnedImageSet describes a set of images that should be pinned by CRI-O and
// pulled to the nodes which are members of the declared MachineConfigPools.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type PinnedImageSet struct {
metav1.TypeMeta `json:",inline"`

// metadata is the standard object metadata.
// +optional
metav1.ObjectMeta `json:"metadata,omitempty"`

// spec describes the configuration of this pinned image set.
// +required
Spec PinnedImageSetSpec `json:"spec"`
}

// PinnedImageSetSpec defines the desired state of a PinnedImageSet.
type PinnedImageSetSpec struct {
// pinnedImages is a list of OCI Image referenced by digest that should be
// pinned and pre-loaded by the nodes of a MachineConfigPool.
// Translates into a new file inside the /etc/crio/crio.conf.d directory
// with content similar to this:
//
// pinned_images = [
// "quay.io/openshift-release-dev/ocp-release@sha256:...",
// "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
// "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
// ...
// ]
//
// Image references must be by digest.
Comment thread
RishabhSaini marked this conversation as resolved.
// A maximum of 500 images may be specified.
// +required
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=500
// +listType=map
// +listMapKey=name
PinnedImages []PinnedImageRef `json:"pinnedImages"`
}

// PinnedImageRef represents a reference to an OCI image
type PinnedImageRef struct {
Comment thread
RishabhSaini marked this conversation as resolved.
// name is an OCI Image referenced by digest.
// The format of the image pull spec is: host[:port][/namespace]/name@sha256:<digest>,
// where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.
// The length of the whole spec must be between 1 to 447 characters.
// +required
Name ImageDigestFormat `json:"name"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// PinnedImageSetList is a list of PinnedImageSet resources
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type PinnedImageSetList struct {
metav1.TypeMeta `json:",inline"`

// metadata is the standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metav1.ListMeta `json:"metadata,omitempty"`

// items contains a collection of PinnedImageSet resources.
// +kubebuilder:validation:MaxItems=500
// +optional
Items []PinnedImageSet `json:"items"`
}
102 changes: 102 additions & 0 deletions ...enerated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-CustomNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/2198
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/feature-set: CustomNoUpgrade
labels:
openshift.io/operator-managed: ""
name: pinnedimagesets.machineconfiguration.openshift.io
spec:
group: machineconfiguration.openshift.io
names:
kind: PinnedImageSet
listKind: PinnedImageSetList
plural: pinnedimagesets
singular: pinnedimageset
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
PinnedImageSet describes a set of images that should be pinned by CRI-O and
pulled to the nodes which are members of the declared MachineConfigPools.

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec describes the configuration of this pinned image set.
properties:
pinnedImages:
description: |-
pinnedImages is a list of OCI Image referenced by digest that should be
pinned and pre-loaded by the nodes of a MachineConfigPool.
Translates into a new file inside the /etc/crio/crio.conf.d directory
with content similar to this:

pinned_images = [
"quay.io/openshift-release-dev/ocp-release@sha256:...",
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
...
]

Image references must be by digest.
A maximum of 500 images may be specified.
items:
description: PinnedImageRef represents a reference to an OCI image
properties:
name:
description: |-
name is an OCI Image referenced by digest.
The format of the image pull spec is: host[:port][/namespace]/name@sha256:<digest>,
where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.
The length of the whole spec must be between 1 to 447 characters.
maxLength: 447
minLength: 1
type: string
x-kubernetes-validations:
- message: the OCI Image reference must end with a valid '@sha256:<digest>'
suffix, where '<digest>' is 64 characters long
rule: (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))
- message: the OCI Image name should follow the host[:port][/namespace]/name
format, resembling a valid URL without the scheme
rule: (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))
required:
- name
type: object
maxItems: 500
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
required:
- pinnedImages
type: object
required:
- spec
type: object
served: true
storage: true
102 changes: 102 additions & 0 deletions ...ated.crd-manifests/0000_80_machine-config_01_pinnedimagesets-DevPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/2198
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/feature-set: DevPreviewNoUpgrade
labels:
openshift.io/operator-managed: ""
name: pinnedimagesets.machineconfiguration.openshift.io
spec:
group: machineconfiguration.openshift.io
names:
kind: PinnedImageSet
listKind: PinnedImageSetList
plural: pinnedimagesets
singular: pinnedimageset
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
PinnedImageSet describes a set of images that should be pinned by CRI-O and
pulled to the nodes which are members of the declared MachineConfigPools.

Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec describes the configuration of this pinned image set.
properties:
pinnedImages:
description: |-
pinnedImages is a list of OCI Image referenced by digest that should be
pinned and pre-loaded by the nodes of a MachineConfigPool.
Translates into a new file inside the /etc/crio/crio.conf.d directory
with content similar to this:

pinned_images = [
"quay.io/openshift-release-dev/ocp-release@sha256:...",
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...",
...
]

Image references must be by digest.
A maximum of 500 images may be specified.
items:
description: PinnedImageRef represents a reference to an OCI image
properties:
name:
description: |-
name is an OCI Image referenced by digest.
The format of the image pull spec is: host[:port][/namespace]/name@sha256:<digest>,
where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9.
The length of the whole spec must be between 1 to 447 characters.
maxLength: 447
minLength: 1
type: string
x-kubernetes-validations:
- message: the OCI Image reference must end with a valid '@sha256:<digest>'
suffix, where '<digest>' is 64 characters long
rule: (self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))
- message: the OCI Image name should follow the host[:port][/namespace]/name
format, resembling a valid URL without the scheme
rule: (self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))
required:
- name
type: object
maxItems: 500
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
required:
- pinnedImages
type: object
required:
- spec
type: object
served: true
storage: true
Loading