diff --git a/api/v1alpha1/nicclusterpolicy_types.go b/api/v1alpha1/nicclusterpolicy_types.go index 9d3e09b49..75fdf6ce4 100644 --- a/api/v1alpha1/nicclusterpolicy_types.go +++ b/api/v1alpha1/nicclusterpolicy_types.go @@ -51,7 +51,6 @@ type ImageSpec struct { // +kubebuilder:validation:Pattern=[a-zA-Z0-9\.\-\/]+ Repository string `json:"repository"` // Version of the image to use - // +kubebuilder:validation:Pattern=[a-zA-Z0-9\.-]+ Version string `json:"version"` // ImagePullSecrets is an optional list of references to secrets in the same // namespace to use for pulling the image diff --git a/config/crd/bases/mellanox.com_nicclusterpolicies.yaml b/config/crd/bases/mellanox.com_nicclusterpolicies.yaml index ae1ff9aa9..96dc32eba 100644 --- a/config/crd/bases/mellanox.com_nicclusterpolicies.yaml +++ b/config/crd/bases/mellanox.com_nicclusterpolicies.yaml @@ -121,7 +121,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -208,7 +207,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -280,7 +278,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -552,7 +549,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -887,7 +883,6 @@ spec: type: object version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -965,7 +960,6 @@ spec: type: boolean version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1041,7 +1035,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1108,7 +1101,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1175,7 +1167,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1245,7 +1236,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1324,7 +1314,6 @@ spec: type: boolean version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image diff --git a/controllers/nicclusterpolicy_controller_test.go b/controllers/nicclusterpolicy_controller_test.go index 4f395c6b5..75fe0a917 100644 --- a/controllers/nicclusterpolicy_controller_test.go +++ b/controllers/nicclusterpolicy_controller_test.go @@ -305,7 +305,7 @@ var _ = Describe("NicClusterPolicyReconciler Controller", func() { imageRepo := "nvcr.io/nvidia/doca" imageName := "doca-telemetry-service" imageVersion := "1.15.5-doca2.5.0" - updatedVersion := "v9.9.9-doca2.5.0" + updatedVersion := "sha256:1699d23027ea30c9fa" ctx := context.Background() It("should create, update and delete doca-telemetry-service through NICClusterPolicy", func() { By("Create doca-telemetry-service through NICClusterPolicy") @@ -355,7 +355,7 @@ var _ = Describe("NicClusterPolicyReconciler Controller", func() { }, timeout*3, interval).Should(BeTrue()) By("Update DOCATelemetryService through NICClusterPolicy") - expectedImageName := fmt.Sprintf("%v/%v:%v", imageRepo, imageName, updatedVersion) + expectedImageName := fmt.Sprintf("%v/%v@%v", imageRepo, imageName, updatedVersion) // Patch the NICClusterPolicy with the updated DOCATelemetryService version number. patch := []byte(fmt.Sprintf(`{"spec": {"docaTelemetryService":{"version": %q}}}`, updatedVersion)) diff --git a/deployment/network-operator/crds/mellanox.com_nicclusterpolicies.yaml b/deployment/network-operator/crds/mellanox.com_nicclusterpolicies.yaml index ae1ff9aa9..96dc32eba 100644 --- a/deployment/network-operator/crds/mellanox.com_nicclusterpolicies.yaml +++ b/deployment/network-operator/crds/mellanox.com_nicclusterpolicies.yaml @@ -121,7 +121,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -208,7 +207,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -280,7 +278,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -552,7 +549,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -887,7 +883,6 @@ spec: type: object version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -965,7 +960,6 @@ spec: type: boolean version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1041,7 +1035,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1108,7 +1101,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1175,7 +1167,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1245,7 +1236,6 @@ spec: type: string version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image @@ -1324,7 +1314,6 @@ spec: type: boolean version: description: Version of the image to use - pattern: '[a-zA-Z0-9\.-]+' type: string required: - image diff --git a/manifests/state-container-networking-plugins/0010-container-networking-plugins-ds.yml b/manifests/state-container-networking-plugins/0010-container-networking-plugins-ds.yml index 045837fbb..8e3b9e50d 100644 --- a/manifests/state-container-networking-plugins/0010-container-networking-plugins-ds.yml +++ b/manifests/state-container-networking-plugins/0010-container-networking-plugins-ds.yml @@ -51,7 +51,7 @@ spec: effect: NoSchedule containers: - name: cni-plugins - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} imagePullPolicy: IfNotPresent securityContext: privileged: true diff --git a/manifests/state-doca-telemetry-service/0010-doca-telemetry-service.yaml b/manifests/state-doca-telemetry-service/0010-doca-telemetry-service.yaml index 6ec163328..2d75d3214 100644 --- a/manifests/state-doca-telemetry-service/0010-doca-telemetry-service.yaml +++ b/manifests/state-doca-telemetry-service/0010-doca-telemetry-service.yaml @@ -42,7 +42,7 @@ spec: effect: NoSchedule containers: - name: doca-telemetry-service - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} {{- with .RuntimeSpec.ContainerResources }} {{- with index . "doca-telemetry-service" }} resources: diff --git a/manifests/state-ib-kubernetes/0070-deployment.yaml b/manifests/state-ib-kubernetes/0070-deployment.yaml index 9f82ae917..5dad888a5 100644 --- a/manifests/state-ib-kubernetes/0070-deployment.yaml +++ b/manifests/state-ib-kubernetes/0070-deployment.yaml @@ -67,7 +67,7 @@ spec: effect: NoSchedule containers: - name: ib-kubernetes - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} imagePullPolicy: IfNotPresent command: ["/usr/bin/ib-kubernetes"] {{- with .RuntimeSpec.ContainerResources }} diff --git a/manifests/state-ipoib-cni/0050-ipoib-cni-ds.yml b/manifests/state-ipoib-cni/0050-ipoib-cni-ds.yml index 336961654..1bf0396e5 100644 --- a/manifests/state-ipoib-cni/0050-ipoib-cni-ds.yml +++ b/manifests/state-ipoib-cni/0050-ipoib-cni-ds.yml @@ -57,7 +57,7 @@ spec: effect: NoSchedule containers: - name: ipoib-cni - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} {{- with .RuntimeSpec.ContainerResources }} {{- with index . "ipoib-cni" }} resources: diff --git a/manifests/state-multus-cni/0050-multus-ds.yml b/manifests/state-multus-cni/0050-multus-ds.yml index d30b694f2..a6f58f514 100644 --- a/manifests/state-multus-cni/0050-multus-ds.yml +++ b/manifests/state-multus-cni/0050-multus-ds.yml @@ -45,7 +45,7 @@ spec: terminationGracePeriodSeconds: 10 initContainers: - name: install-multus-binary - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} command: ["/install_multus"] args: - "--type" @@ -64,7 +64,7 @@ spec: {{- end }} containers: - name: kube-multus - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} {{- if hasPrefix .CrSpec.Version "v4" }} command: ["/thin_entrypoint"] args: diff --git a/manifests/state-nic-feature-discovery/030-nic-feature-discovery-ds.yaml b/manifests/state-nic-feature-discovery/030-nic-feature-discovery-ds.yaml index a6a6479b5..c1065a8d1 100644 --- a/manifests/state-nic-feature-discovery/030-nic-feature-discovery-ds.yaml +++ b/manifests/state-nic-feature-discovery/030-nic-feature-discovery-ds.yaml @@ -58,7 +58,7 @@ spec: {{- end }} containers: - name: nic-feature-discovery - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} command: [ "/nic-feature-discovery" ] args: - --v=0 diff --git a/manifests/state-nv-ipam-cni/040-nv-ipam-controller.yaml b/manifests/state-nv-ipam-cni/040-nv-ipam-controller.yaml index 3d2a4865a..eed3187cf 100644 --- a/manifests/state-nv-ipam-cni/040-nv-ipam-controller.yaml +++ b/manifests/state-nv-ipam-cni/040-nv-ipam-controller.yaml @@ -87,7 +87,7 @@ spec: {{- end }} containers: - name: nv-ipam-controller - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} imagePullPolicy: IfNotPresent command: ["/ipam-controller"] args: diff --git a/manifests/state-nv-ipam-cni/040-nv-ipam-node.yaml b/manifests/state-nv-ipam-cni/040-nv-ipam-node.yaml index e1ed8ced2..a68103652 100644 --- a/manifests/state-nv-ipam-cni/040-nv-ipam-node.yaml +++ b/manifests/state-nv-ipam-cni/040-nv-ipam-node.yaml @@ -56,7 +56,7 @@ spec: {{- end }} containers: - name: nv-ipam-node - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} imagePullPolicy: IfNotPresent env: - name: NODE_NAME diff --git a/manifests/state-rdma-shared-device-plugin/0060_rdma-shared-dev-plugin-ds.yaml b/manifests/state-rdma-shared-device-plugin/0060_rdma-shared-dev-plugin-ds.yaml index 1734a3db1..583388973 100644 --- a/manifests/state-rdma-shared-device-plugin/0060_rdma-shared-dev-plugin-ds.yaml +++ b/manifests/state-rdma-shared-device-plugin/0060_rdma-shared-dev-plugin-ds.yaml @@ -40,7 +40,7 @@ spec: {{if .DeployInitContainer}} initContainers: - name: ofed-driver-validation - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} imagePullPolicy: IfNotPresent command: [ 'sh', '-c' ] args: [ "until lsmod | grep mlx5_core; do echo waiting for OFED drivers to be loaded; sleep 30; done" ] @@ -52,7 +52,7 @@ spec: {{- end }} {{- end }} containers: - - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + - image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} name: rdma-shared-dp command: [ "/bin/k8s-rdma-shared-dp" ] {{- if .CrSpec.UseCdi }} diff --git a/manifests/state-sriov-device-plugin/0030-sriov-dp-daemonset.yaml b/manifests/state-sriov-device-plugin/0030-sriov-dp-daemonset.yaml index 2a7378f01..cc2fc2b35 100644 --- a/manifests/state-sriov-device-plugin/0030-sriov-dp-daemonset.yaml +++ b/manifests/state-sriov-device-plugin/0030-sriov-dp-daemonset.yaml @@ -57,14 +57,14 @@ spec: {{- if .DeployInitContainer}} initContainers: - name: ofed-driver-validation - image: {{ .CrSpec.ImageSpec.Repository }}/{{ .CrSpec.ImageSpec.Image }}:{{ .CrSpec.ImageSpec.Version }} + image: {{ imagePath .CrSpec.ImageSpec.Repository .CrSpec.ImageSpec.Image .CrSpec.ImageSpec.Version }} imagePullPolicy: IfNotPresent command: ['sh', '-c'] args: ["until lsmod | grep mlx5_core; do echo waiting for OFED drivers to be loaded; sleep 30; done"] {{- end}} containers: - name: kube-sriovdp - image: {{ .CrSpec.ImageSpec.Repository }}/{{ .CrSpec.ImageSpec.Image }}:{{ .CrSpec.ImageSpec.Version }} + image: {{ imagePath .CrSpec.ImageSpec.Repository .CrSpec.ImageSpec.Image .CrSpec.ImageSpec.Version }} imagePullPolicy: IfNotPresent args: - --log-dir=sriovdp diff --git a/manifests/state-whereabouts-cni/0050-whereabouts-ds.yaml b/manifests/state-whereabouts-cni/0050-whereabouts-ds.yaml index 65833d5ba..42ea6d02e 100644 --- a/manifests/state-whereabouts-cni/0050-whereabouts-ds.yaml +++ b/manifests/state-whereabouts-cni/0050-whereabouts-ds.yaml @@ -54,7 +54,7 @@ spec: effect: NoSchedule containers: - name: whereabouts - image: {{ .CrSpec.Repository }}/{{ .CrSpec.Image }}:{{ .CrSpec.Version }} + image: {{ imagePath .CrSpec.Repository .CrSpec.Image .CrSpec.Version }} command: [ "/bin/sh" ] args: - -c diff --git a/pkg/render/render.go b/pkg/render/render.go index 582dc067b..25be202c4 100644 --- a/pkg/render/render.go +++ b/pkg/render/render.go @@ -103,6 +103,14 @@ func nindentPrefix(spaces int, prefix, v string) string { return strings.Replace(nindent(spaces, prefix+v), " ", "", len(prefix)) } +// imagePath returns contaimer image path, supporting sha256 format +func imagePath(repository, image, version string) string { + if strings.HasPrefix(version, "sha256:") { + return repository + "/" + image + "@" + version + } + return repository + "/" + image + ":" + version +} + // renderFile renders a single file to a list of k8s unstructured objects func (r *textTemplateRenderer) renderFile(filePath string, data *TemplatingData) ([]*unstructured.Unstructured, error) { // Read file @@ -125,6 +133,7 @@ func (r *textTemplateRenderer) renderFile(filePath string, data *TemplatingData) "nindent": nindent, "nindentPrefix": nindentPrefix, "hasPrefix": strings.HasPrefix, + "imagePath": imagePath, }) if data.Funcs != nil { diff --git a/pkg/state/common_test.go b/pkg/state/common_test.go index c1663bf70..648e70e86 100644 --- a/pkg/state/common_test.go +++ b/pkg/state/common_test.go @@ -20,6 +20,7 @@ import ( "context" "encoding/json" "fmt" + "strings" . "github.com/onsi/gomega" @@ -51,6 +52,7 @@ const ( defaultTestRepository = "myRepo" defaultTestImage = "myImage" defaultTestVersion = "myVersion" + defaultTestVersionSha256 = "sha256:1699d23027ea30c9fa" ) var testLogger = log.Log.WithName("testLog") @@ -97,6 +99,10 @@ func (t *testScope) New(fn clientBuilderFunc, dir string) testScope { } } +func getImagePathWithSha256() string { + return defaultTestRepository + "/" + defaultTestImage + "@" + defaultTestVersionSha256 +} + func getTestCatalog() state.InfoCatalog { return getTestCatalogForOpenshift(false) } @@ -159,9 +165,13 @@ func getNADConfigIPAMJSON(ipam nadConfigIPAM) string { func assertCommonPodTemplateFields(template *corev1.PodTemplateSpec, image *mellanoxv1alpha1.ImageSpec) { // Image name - Expect(template.Spec.Containers[0].Image).To(Equal( - fmt.Sprintf("%v/%v:%v", image.Repository, image.Image, image.Version)), - ) + if strings.HasPrefix(image.Version, "sha256:") { + Expect(template.Spec.Containers[0].Image).To(Equal(getImagePathWithSha256())) + } else { + Expect(template.Spec.Containers[0].Image).To(Equal( + fmt.Sprintf("%v/%v:%v", image.Repository, image.Image, image.Version)), + ) + } // ImagePullSecrets Expect(template.Spec.ImagePullSecrets).To(ConsistOf( diff --git a/pkg/state/state_cni_plugins_test.go b/pkg/state/state_cni_plugins_test.go index 17b80306c..b0e057877 100644 --- a/pkg/state/state_cni_plugins_test.go +++ b/pkg/state/state_cni_plugins_test.go @@ -59,6 +59,22 @@ var _ = Describe("CNI plugins state", func() { Expect(ds.Spec).To(BeEquivalentTo(expectedDs.Spec)) }) + It("should create Daemonset - SHA256 version", func() { + By("Sync") + cr := getMinimalNicClusterPolicyWithCNIPlugins() + cr.Spec.SecondaryNetwork.CniPlugins.Version = "sha256:1699d23027ea30c9fa" + status, err := ts.state.Sync(context.Background(), cr, ts.catalog) + Expect(err).NotTo(HaveOccurred()) + Expect(status).To(BeEquivalentTo(state.SyncStateNotReady)) + By("Verify DaemonSet") + ds := &appsv1.DaemonSet{} + err = ts.client.Get(context.Background(), types.NamespacedName{Namespace: ts.namespace, Name: "cni-plugins-ds"}, ds) + Expect(err).NotTo(HaveOccurred()) + expectedDs := getExpectedMinimalCniPluginDS() + expectedDs.Spec.Template.Spec.Containers[0].Image = "myrepo/myimage@sha256:1699d23027ea30c9fa" + Expect(ds.Spec).To(BeEquivalentTo(expectedDs.Spec)) + }) + It("should create Daemonset with ImagePullSecrets when specified in CR", func() { By("Sync") cr := getMinimalNicClusterPolicyWithCNIPlugins() diff --git a/pkg/state/state_doca_telemetry_service_test.go b/pkg/state/state_doca_telemetry_service_test.go index dc68a171c..95e8680d5 100644 --- a/pkg/state/state_doca_telemetry_service_test.go +++ b/pkg/state/state_doca_telemetry_service_test.go @@ -103,4 +103,22 @@ var _ = Describe("DOCATelemetryService Controller", func() { expectedKinds := []string{"ServiceAccount", "DaemonSet", "ConfigMap", "Role", "RoleBinding"} assertUnstructuredListHasExactKinds(got, expectedKinds...) }) + It("should use SHA256 format", func() { + withSha256 := cr.DeepCopy() + withSha256.Spec.DOCATelemetryService.Version = defaultTestVersionSha256 + got, err := s.GetManifestObjects(ctx, withSha256, getTestCatalog(), log.FromContext(ctx)) + Expect(err).ToNot(HaveOccurred()) + expectedKinds := []string{"ServiceAccount", "DaemonSet", "ConfigMap"} + assertUnstructuredListHasExactKinds(got, expectedKinds...) + + for _, obj := range got { + // The image should be in SHA256 format + if obj.GetKind() == "DaemonSet" { + ds := &appsv1.DaemonSet{} + Expect(runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), ds)).To(Succeed()) + Expect(ds.Spec.Template.Spec.Containers[0].Image).To(Equal(getImagePathWithSha256())) + } + + } + }) }) diff --git a/pkg/state/state_ib_kubernetes_test.go b/pkg/state/state_ib_kubernetes_test.go index b5bc452fe..755cb9f55 100644 --- a/pkg/state/state_ib_kubernetes_test.go +++ b/pkg/state/state_ib_kubernetes_test.go @@ -241,5 +241,42 @@ var _ = Describe("IB Kubernetes state rendering tests", func() { limits := resources["limits"] Expect(limits).To(BeNil()) }) + It("Should have image in SHA256 format", func() { + manifestBaseDir := "../../manifests/state-ib-kubernetes" + + files, err := utils.GetFilesWithSuffix(manifestBaseDir, render.ManifestFileSuffix...) + Expect(err).NotTo(HaveOccurred()) + renderer := render.NewRenderer(files) + + ibKubernetesState := stateIBKubernetes{ + stateSkel: stateSkel{ + renderer: renderer, + }, + } + + Expect(err).NotTo(HaveOccurred()) + + ibKubernetesSpec := &mellanoxv1alpha1.IBKubernetesSpec{} + ibKubernetesSpec.Image = "myImage" + ibKubernetesSpec.ImagePullSecrets = []string{} + ibKubernetesSpec.Version = "sha256:1699d23027ea30c9fa" + ibKubernetesSpec.Repository = "myRepo" + cr := &mellanoxv1alpha1.NicClusterPolicy{} + cr.Spec.IBKubernetes = ibKubernetesSpec + + catalog := NewInfoCatalog() + catalog.Add(InfoTypeClusterType, &dummyProvider{}) + + objs, err := ibKubernetesState.GetManifestObjects(context.TODO(), cr, catalog, testLogger) + Expect(err).NotTo(HaveOccurred()) + Expect(len(objs)).To(Equal(4)) + ds := objs[3] + spec := ds.Object["spec"].(map[string]interface{}) + template := spec["template"].(map[string]interface{}) + templateSpec := template["spec"].(map[string]interface{}) + containers := templateSpec["containers"].([]interface{}) + image := containers[0].(map[string]interface{})["image"] + Expect(image).To(Equal("myRepo/myImage@sha256:1699d23027ea30c9fa")) + }) }) }) diff --git a/pkg/state/state_ipoib_cni_test.go b/pkg/state/state_ipoib_cni_test.go index 08e5f4471..0ebd02f8c 100644 --- a/pkg/state/state_ipoib_cni_test.go +++ b/pkg/state/state_ipoib_cni_test.go @@ -46,6 +46,14 @@ var _ = Describe("IPoIB CNI State tests", func() { Expect(len(objs)).To(Equal(1)) GetManifestObjectsTest(ts.context, cr, ts.catalog, cr.Spec.SecondaryNetwork.IPoIB, ts.renderer) }) + It("manifests with IPoIB CNI - image as SHA256", func() { + cr := getNICForIPoIBCNI() + cr.Spec.SecondaryNetwork.IPoIB.Version = defaultTestVersionSha256 + objs, err := ts.renderer.GetManifestObjects(context.TODO(), cr, ts.catalog, testLogger) + Expect(err).NotTo(HaveOccurred()) + Expect(len(objs)).To(Equal(1)) + GetManifestObjectsTest(ts.context, cr, ts.catalog, cr.Spec.SecondaryNetwork.IPoIB, ts.renderer) + }) It("manifests with IPoIB CNI for Openshift", func() { cr := getNICForIPoIBCNI() objs, err := ts.renderer.GetManifestObjects(context.TODO(), cr, ts.openshiftCatalog, testLogger) diff --git a/pkg/state/state_multus_cni_test.go b/pkg/state/state_multus_cni_test.go index e8e98766a..a16282add 100644 --- a/pkg/state/state_multus_cni_test.go +++ b/pkg/state/state_multus_cni_test.go @@ -113,6 +113,22 @@ var _ = Describe("Multus CNI state", func() { })).To(BeTrue()) }) + It("should render Daemonset image with SHA256 format", func() { + cr := getMinimalNicClusterPolicyWithMultus() + cr.Spec.SecondaryNetwork.Multus.Version = "sha256:1699d23027ea30c9fa" + + objs, err := ts.renderer.GetManifestObjects(context.TODO(), cr, ts.catalog, testLogger) + Expect(err).NotTo(HaveOccurred()) + + Expect(runFuncForObjectInSlice(objs, "DaemonSet", func(obj *unstructured.Unstructured) { + var daemonSet appsv1.DaemonSet + err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &daemonSet) + Expect(err).NotTo(HaveOccurred()) + + Expect(daemonSet.Spec.Template.Spec.Containers[0].Image).To(Equal("myrepo/myimage@sha256:1699d23027ea30c9fa")) + })).To(BeTrue()) + }) + It("should render Daemonset with NodeAffinity when specified in CR", func() { cr := getMinimalNicClusterPolicyWithMultus() diff --git a/pkg/state/state_nic_feature_discovery_test.go b/pkg/state/state_nic_feature_discovery_test.go index 0144481fa..16a83c696 100644 --- a/pkg/state/state_nic_feature_discovery_test.go +++ b/pkg/state/state_nic_feature_discovery_test.go @@ -41,4 +41,11 @@ var _ = Describe("NicClusterPolicyReconciler Controller", func() { It("should test fields are set correctly", func() { GetManifestObjectsTest(ctx, cr, getTestCatalog(), imageSpec, s) }) + It("should use SHA256 format", func() { + withSha256 := cr.DeepCopy() + withSha256.Spec.NicFeatureDiscovery.Version = defaultTestVersionSha256 + imageSpecWithSha256 := imageSpec.DeepCopy() + imageSpecWithSha256.Version = defaultTestVersionSha256 + GetManifestObjectsTest(ctx, withSha256, getTestCatalog(), imageSpecWithSha256, s) + }) }) diff --git a/pkg/state/state_nv_ipam_cni_test.go b/pkg/state/state_nv_ipam_cni_test.go index 5a833b5e5..5a458f0a7 100644 --- a/pkg/state/state_nv_ipam_cni_test.go +++ b/pkg/state/state_nv_ipam_cni_test.go @@ -95,6 +95,34 @@ var _ = Describe("NVIPAM Controller", func() { assertCommonDeploymentFields(d, &cr.Spec.NvIpam.ImageSpec) }) + It("should create Daemonset - SHA256 image format", func() { + By("Sync") + cr := getMinimalNicClusterPolicyWithNVIpam("nv-ipam-node") + cr.Spec.NvIpam.Version = defaultTestVersionSha256 + status, err := nvIpamState.Sync(context.Background(), cr, catalog) + Expect(err).NotTo(HaveOccurred()) + Expect(status).To(BeEquivalentTo(state.SyncStateNotReady)) + By("Verify DaemonSet") + ds := &appsv1.DaemonSet{} + err = client.Get(context.Background(), types.NamespacedName{Namespace: namespace, Name: "nv-ipam-node"}, ds) + Expect(err).NotTo(HaveOccurred()) + assertCommonDaemonSetFields(ds, &cr.Spec.NvIpam.ImageSpec, cr) + }) + + It("should create Deployment - SHA256 image format", func() { + By("Sync") + cr := getMinimalNicClusterPolicyWithNVIpam("nv-ipam-controller") + cr.Spec.NvIpam.Version = defaultTestVersionSha256 + status, err := nvIpamState.Sync(context.Background(), cr, catalog) + Expect(err).NotTo(HaveOccurred()) + Expect(status).To(BeEquivalentTo(state.SyncStateNotReady)) + By("Verify Deployment") + d := &appsv1.Deployment{} + err = client.Get(context.Background(), types.NamespacedName{Namespace: namespace, Name: "nv-ipam-controller"}, d) + Expect(err).NotTo(HaveOccurred()) + assertCommonDeploymentFields(d, &cr.Spec.NvIpam.ImageSpec) + }) + It("should create Deployment with Webhook when specified in CR", func() { By("Sync") cr := getMinimalNicClusterPolicyWithNVIpam("nv-ipam-controller") diff --git a/pkg/state/state_rdma_shared_device_plugin_test.go b/pkg/state/state_rdma_shared_device_plugin_test.go index bfc2ecfd9..910467160 100644 --- a/pkg/state/state_rdma_shared_device_plugin_test.go +++ b/pkg/state/state_rdma_shared_device_plugin_test.go @@ -42,6 +42,14 @@ var _ = Describe("RDMA Shared Device Plugin", func() { Expect(len(objs)).To(Equal(1)) GetManifestObjectsTest(ts.context, cr, ts.catalog, &cr.Spec.RdmaSharedDevicePlugin.ImageSpec, ts.renderer) }) + It("manifests with RdmaSharedDevicePlugin - image as SHA256", func() { + cr := getRDMASharedDevicePlugin() + cr.Spec.RdmaSharedDevicePlugin.Version = defaultTestVersionSha256 + objs, err := ts.renderer.GetManifestObjects(ts.context, cr, ts.catalog, testLogger) + Expect(err).NotTo(HaveOccurred()) + Expect(len(objs)).To(Equal(1)) + GetManifestObjectsTest(ts.context, cr, ts.catalog, &cr.Spec.RdmaSharedDevicePlugin.ImageSpec, ts.renderer) + }) It("Openshift manifests", func() { cr := getRDMASharedDevicePlugin() objs, err := ts.renderer.GetManifestObjects(ts.context, cr, ts.openshiftCatalog, testLogger) diff --git a/pkg/state/state_sriov_dp_test.go b/pkg/state/state_sriov_dp_test.go index 770775bf6..6b2bfbd97 100644 --- a/pkg/state/state_sriov_dp_test.go +++ b/pkg/state/state_sriov_dp_test.go @@ -61,6 +61,24 @@ var _ = Describe("SR-IOV Device Plugin State tests", func() { assertSriovDpPodTemplatesVolumeFields(&ds.Spec.Template, false) assertSriovDpPodTemplatesVolumeMountFields(&ds.Spec.Template, false) }) + It("should create Daemonset - minimal spec -SHA256 image format", func() { + By("Sync") + cr := getMinimalNicClusterPolicyWithSriovDp(false) + cr.Spec.SriovDevicePlugin.Version = defaultTestVersionSha256 + status, err := ts.state.Sync(context.Background(), cr, ts.catalog) + Expect(err).NotTo(HaveOccurred()) + Expect(status).To(BeEquivalentTo(state.SyncStateNotReady)) + By("Verify DaemonSet") + ds := &appsv1.DaemonSet{} + err = ts.client.Get(context.Background(), types.NamespacedName{Namespace: ts.namespace, + Name: "network-operator-sriov-device-plugin"}, ds) + Expect(err).NotTo(HaveOccurred()) + assertCommonDaemonSetFields(ds, &cr.Spec.SriovDevicePlugin.ImageSpec, cr) + // expect privileged mode + Expect(*ds.Spec.Template.Spec.Containers[0].SecurityContext.Privileged).To(BeTrue()) + assertSriovDpPodTemplatesVolumeFields(&ds.Spec.Template, false) + assertSriovDpPodTemplatesVolumeMountFields(&ds.Spec.Template, false) + }) It("should create Daemonset with CDI support when specified in CR", func() { By("Sync") cr := getMinimalNicClusterPolicyWithSriovDp(true)