Use ko to render full image specifications into the operator bundle image #69
Conversation
openshift-ci
bot
added
release-note
do-not-merge/work-in-progress
| # Format for the SBOM produced by ko. | ||
| # Defaults to "spdx", use "none" to disable SBOM generation | ||
| SBOM ?= "spdx" | ||
|
|
There was a problem hiding this comment.
ko may change its default ~soon, to either cyclonedx, or (more likely) both. Just something to keep in mind here.
| cp -r bundle _output/olm/ | ||
| cp bundle.Dockerfile _output/olm/ | ||
| KO_DOCKER_REPO=${IMAGE_REPO} $(KO) resolve --push=${IMAGE_PUSH} ${KO_OPTS} -f ${OPERATOR_CSV} > _output/olm/${OPERATOR_CSV} | ||
| $(CONTAINER_ENGINE) build -f _output/olm/bundle.Dockerfile -t $(BUNDLE_IMG) _output/olm |
There was a problem hiding this comment.
Sad that OLM undoes ko's hard work and requires a container runtime to make this bundle. Without knowing much about it I'd guess it's entirely unnecessary.
There was a problem hiding this comment.
It doesn't undo ko's hard work, per se. The bundle is just YAML in an OCI artifact, which are updated with the ko resolved image shas. A full runtime like docker/podman is indeed overkill, but in terms of what developers reasonably have available, the decision makes sense.
- Move main.go to top-level, to conform with Kubebuilder v3 project format. - Replace image references with ko replacements - Remove kustomization that overrides image name and tag. - Add containerImage to CSV, using ko reference. - Update Makefile to deploy operator directly with ko. - Update Makefile to have installation of ko idempotent. - Update `make bundle-build` to build the OLM bundle in an output directory, using `ko resolve` to render the true CSV. - Update `make bundle push` to also push the operator image. - Update CI and release script to only run `make bundle-push`. - Update development docs to drop references to `make ko-publish`. - Print diff if check-git-status fails.
adambkaplan
force-pushed
the
deploy-bundle-ko
branch
from
f0358d0 to
0b91c10
Compare
adambkaplan
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
One thing that this change can enable is nightly/latest releases for the operator! Since the bundle in git doesn't need to be changed for us to build a new bundle image, we can cut operator releases with a floating tag that respects semver. |
|
/approve Self-approving |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adambkaplan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
| Using `ko.local` or `kind.local` for `IMAGE_REPO` is not recommended, as this will not push the | ||
| resulting images to an OCI-compliant container registry. |
There was a problem hiding this comment.
That's an interesting behavior, @adambkaplan. I find the ko approach to kind.local registries very useful, but for OLM we really need OCI compliance.
There was a problem hiding this comment.
Yeah, found this the hard way when building the CI infra for the operator in the first place. Deploying an operator on OLM requires at minimum 3 container images:
- The operator binary
- The operator "bundle"
- The catalog source
Item 3 needs to be pullable from a container registry. I think item 2 must also be pullable from a container registry. In terms of dev/testing, pushing everything to a "real" registry just makes life easier.
Changes
format.
make bundle-buildto build the OLM bundle in an outputdirectory, using
ko resolveto render the true CSV.make bundle pushto also push the operator image.make bundle-push.make ko-publish.Fixes #48
/kind feature
Submitter Checklist
See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.
Release Notes