openshift · openshift-merge-robot · Jul 20, 2023 · Apr 19, 2022 · Apr 19, 2022 · Apr 19, 2022
diff --git a/internal/clients/builder.go b/internal/clients/builder.go
@@ -3,7 +3,9 @@ package clients
 import (
 	"os"
 
+	buildclientset "github.com/openshift/client-go/build/clientset/versioned"
 	configclientset "github.com/openshift/client-go/config/clientset/versioned"
+	imageclientset "github.com/openshift/client-go/image/clientset/versioned"
 	operatorclientset "github.com/openshift/client-go/operator/clientset/versioned"
 	mcfgclientset "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned"
 	apiext "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
@@ -56,6 +58,14 @@ func (cb *Builder) APIExtClientOrDie(name string) apiext.Interface {
 	return apiext.NewForConfigOrDie(rest.AddUserAgent(cb.config, name))
 }
 
+func (cb *Builder) BuildClientOrDie(name string) buildclientset.Interface {
+	return buildclientset.NewForConfigOrDie(rest.AddUserAgent(cb.config, name))
+}
+
+func (cb *Builder) ImageClientOrDie(name string) imageclientset.Interface {
+	return imageclientset.NewForConfigOrDie(rest.AddUserAgent(cb.config, name))
+}
+
 // GetBuilderConfig returns a copy of the builders *rest.Config
 func (cb *Builder) GetBuilderConfig() *rest.Config {
 	return rest.CopyConfig(cb.config)

diff --git a/pkg/apis/machineconfiguration.openshift.io/v1/types.go b/pkg/apis/machineconfiguration.openshift.io/v1/types.go
@@ -358,6 +358,14 @@ const (
 
 	// MachineConfigPoolDegraded is the overall status of the pool based, today, on whether we fail with NodeDegraded or RenderDegraded
 	MachineConfigPoolDegraded MachineConfigPoolConditionType = "Degraded"
+
+	MachineConfigPoolBuildPending MachineConfigPoolConditionType = "BuildPending"
+
+	MachineConfigPoolBuilding MachineConfigPoolConditionType = "Building"
+
+	MachineConfigPoolBuildSuccess MachineConfigPoolConditionType = "BuildSuccess"
+
+	MachineConfigPoolBuildFailed MachineConfigPoolConditionType = "BuildFailed"
 )
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

diff --git a/pkg/controller/build/assets/Dockerfile.on-cluster-build-template b/pkg/controller/build/assets/Dockerfile.on-cluster-build-template
@@ -0,0 +1,33 @@
+# This Dockerfile is not intended to be directly built. Instead, it is embedded
+# within the Build Controller binary (see //go:embed) and templatized with
+# certain options around base image pullspecs.
+#
+# Decode and extract the MachineConfig from the gzipped ConfigMap and move it
+# into position. We do this in a separate stage so that we don't have the
+# gzipped MachineConfig laying around.
+FROM {{.BaseImage.Pullspec}} AS extract
+COPY ./machineconfig/machineconfig.json.gz /tmp/machineconfig.json.gz
+RUN mkdir -p /etc/machine-config-daemon && \
+	cat /tmp/machineconfig.json.gz | base64 -d | gunzip - > /etc/machine-config-daemon/currentconfig
+
+{{if .ExtensionsImage.Pullspec}}
+# Pull our extensions image. Not sure yet what / how this should be wired up
+# though. Ideally, I'd like to use some Buildah tricks to have the extensions
+# directory mounted into the container at build-time so that I don't have to
+# copy the RPMs into the container, configure the repo, and do the
+# installation. Alternatively, I'd have to start a pod with an HTTP server.
+FROM {{.ExtensionsImage.Pullspec}} AS extensions
+{{end}}
+
+
+FROM {{.BaseImage.Pullspec}} AS final
+# Copy the extracted MachineConfig into the expected place in the image.
+COPY --from=extract /etc/machine-config-daemon/currentconfig /etc/machine-config-daemon/currentconfig
+# Do the ignition live-apply, extracting the Ignition config from the MachineConfig.
+RUN exec -a ignition-apply /usr/lib/dracut/modules.d/30ignition/ignition --ignore-unsupported <(cat /etc/machine-config-daemon/currentconfig | jq '.spec.config') && \
+	ostree container commit
+
+LABEL machineconfig={{.Pool.Spec.Configuration.Name}}
+LABEL machineconfigpool={{.Pool.Name}}
+LABEL releaseversion={{.ReleaseVersion}}
+LABEL baseOSContainerImage={{.BaseImage.Pullspec}}
diff --git a/pkg/controller/build/assets/README.md b/pkg/controller/build/assets/README.md
@@ -0,0 +1,5 @@
+# assets
+
+These files get embedded within the Go binary and are not intended for direct
+use. In particular, the Dockerfile is interspersed with Go templates and will
+not build unless rendered with a tool such as [Gomplate](https://github.com/hairyhenderson/gomplate). 
diff --git a/pkg/controller/build/assets/buildah-build.sh b/pkg/controller/build/assets/buildah-build.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+#
+# This script is not meant to be directly executed. Instead, it is embedded
+# within the Build Controller binary (see //go:embed) and injected into a
+# custom build pod.
+set -xeuo
+
+build_context="$HOME/context"
+
+# Create a directory to hold our build context.
+mkdir -p "$build_context/machineconfig"
+
+# Copy the Dockerfile and Machineconfigs from configmaps into our build context.
+cp /tmp/dockerfile/Dockerfile "$build_context"
+cp /tmp/machineconfig/machineconfig.json.gz "$build_context/machineconfig/"
+
+# Build our image using Buildah.
+buildah bud \
+	--storage-driver vfs \
+	--authfile="$BASE_IMAGE_PULL_CREDS" \
+	--tag "$TAG" \
+	--file="$build_context/Dockerfile" "$build_context"
+
+# Push our built image.
+buildah push \
+	--storage-driver vfs \
+	--authfile="$FINAL_IMAGE_PUSH_CREDS" \
+	--digestfile="/tmp/done/digestfile" \
+	--cert-dir /var/run/secrets/kubernetes.io/serviceaccount "$TAG"
diff --git a/pkg/controller/build/assets/podman-build.sh b/pkg/controller/build/assets/podman-build.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+#
+# This script is not meant to be directly executed. Instead, it is embedded
+# within the Build Controller binary (see //go:embed) and injected into a
+# custom build pod.
+set -xeuo
+
+build_context="/tmp/context"
+
+# Create a directory to hold our build context.
+mkdir -p "$build_context/machineconfig"
+
+# Copy the Dockerfile and Machineconfigs from configmaps into our build context.
+cp /tmp/dockerfile/Dockerfile "$build_context"
+cp /tmp/machineconfig/machineconfig.json.gz "$build_context/machineconfig/"
+
+# Build our image using Buildah.
+podman build \
+  --storage-driver vfs \
+  --authfile="$BASE_IMAGE_PULL_CREDS" \
+  --tag "$TAG" \
+  --file="$build_context/Dockerfile" "$build_context"
+
+# Push our built image.
+podman push \
+  --storage-driver vfs \
+  --authfile="$FINAL_IMAGE_PUSH_CREDS" \
+  --digestfile="/tmp/digestfile" \
+  --cert-dir /var/run/secrets/kubernetes.io/serviceaccount "$TAG"
+
+# Store the digestfile in a configmap for future retrieval.
+oc create configmap \
+  "$DIGEST_CONFIGMAP_NAME" \
+  --namespace openshift-machine-config-operator \
+  --from-file=digest=/tmp/digestfile
diff --git a/pkg/controller/build/assets/wait.sh b/pkg/controller/build/assets/wait.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+#
+# This script is not meant to be directly executed. Instead, it is embedded
+# within the Build Controller binary (see //go:embed) and injected into a
+# custom build pod.
+
+# Wait until the done file appears.
+while [ ! -f "/tmp/done/digestfile" ]
+do
+	sleep 1
+done
+
+oc create configmap \
+	"$DIGEST_CONFIGMAP_NAME" \
+	--namespace openshift-machine-config-operator \
+	--from-file=digest=/tmp/done/digestfile