OPRUN-3558: Add hostPath mount for /var/lib/kubelet

MCO makes the global pull secrets available in `/var/lib/kubelet`. Catalogd will look for these secrets in `/etc/catalogd` folder, ref [catalogd:416](operator-framework/catalogd#416). This PR hostPath mounts the `/var/lib/kublet` directory from the host to the `/etc/catalogd` directory in the container's filesystem. RFC: [OLMv1 Private registry support](https://docs.google.com/document/d/1BXD6kj5zXHcGiqvJOikU2xs8kV26TPnzEKp6n7TKD4M/edit?usp=sharing) Signed-off-by: Anik Bhattacharjee <anbhatta@redhat.com>
anik120 · Sep 26, 2024 · 41a61a3 · 41a61a3
1 parent 31c5230
commit 41a61a3
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 1 deletion.
diff --git a/openshift/generate-manifests.sh b/openshift/generate-manifests.sh
@@ -31,6 +31,21 @@ declare -A FLAG_MAPPINGS
 # shellcheck disable=SC2016
 FLAG_MAPPINGS[external-address]="catalogd-service.${NAMESPACE}.svc"
 
+##################################################
+ # Determine if using gsed (for macOS) or sed
+ ##################################################
+
+ if [[ "$OSTYPE" == "darwin"* ]]; then
+   if command -v gsed >/dev/null 2>&1; then
+     SED_CMD="gsed"
+   else
+     echo "gsed is not installed. Please install it using 'brew install gnu-sed'."
+     exit 1
+   fi
+ else
+   SED_CMD="sed"
+ fi
+
 ##################################################
 # You shouldn't need to change anything below here
 ##################################################
@@ -52,7 +67,7 @@ mkdir -p "${TMP_ROOT}/openshift"
 cp -a "${REPO_ROOT}/openshift/kustomize" "${TMP_ROOT}/openshift/kustomize"
 
 # Override OPENSHIFT-NAMESPACE to ${NAMESPACE}
-find "${TMP_ROOT}" -name "*.yaml" -exec sed -i "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \;
+find "${TMP_ROOT}" -name "*.yaml" -exec "$SED_CMD" -i "s/OPENSHIFT-NAMESPACE/${NAMESPACE}/g" {} \;
 
 # Create a temp dir for manifests
 TMP_MANIFEST_DIR="${TMP_ROOT}/manifests"

diff --git a/openshift/kustomize/overlays/openshift/kustomization.yaml b/openshift/kustomize/overlays/openshift/kustomization.yaml
@@ -30,3 +30,7 @@ patches:
     kind: Deployment
     name: controller-manager
   path: patches/manager_deployment_mount_etc_containers.yaml
+- target:
+      kind: Deployment
+      name: controller-manager
+  path: patches/manager_deployment_mount_auth_host.yaml
diff --git a/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml b/openshift/kustomize/overlays/openshift/patches/manager_deployment_mount_auth_host.yaml
@@ -0,0 +1,6 @@
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"auth-from-host", "hostPath":{"path":"/var/lib/kubelet", "type": "Directory"}}
+- op: add
+  path: /spec/template/spec/containers/1/volumeMounts/-
+  value: {"name":"auth-from-host", "readOnly": true, "mountPath":"/etc/catalogd"}
diff --git a/openshift/manifests/11-deployment-openshift-catalogd-catalogd-controller-manager.yml b/openshift/manifests/11-deployment-openshift-catalogd-catalogd-controller-manager.yml
@@ -103,6 +103,9 @@ spec:
             - mountPath: /etc/containers
               name: etc-containers
               readOnly: true
+            - mountPath: /etc/catalogd
+              name: auth-from-host
+              readOnly: true
       securityContext:
         runAsNonRoot: true
         seccompProfile:
@@ -120,4 +123,8 @@ spec:
             path: /etc/containers
             type: Directory
           name: etc-containers
+        - hostPath:
+            path: /var/lib/kubelet
+            type: Directory
+          name: auth-from-host
       priorityClassName: system-cluster-critical