[1.1.x] Avoid hardcoded images (#196)

openshift-cherrypick-robot · gazarenkov · rm3l · web-flow · commit 59c878f80a94 · 2024-02-13T08:43:15.000Z
* remove hardcoded images

* fix image

* Update examples/janus-cr-with-app-configs.yaml

Co-authored-by: Armel Soro &lt;armel@rm3l.org&gt;

* change lookup

* Update config/manager/default-config/db-statefulset.yaml

Co-authored-by: Armel Soro &lt;armel@rm3l.org&gt;

* Update config/manager/default-config/deployment.yaml

Co-authored-by: Armel Soro &lt;armel@rm3l.org&gt;

* change lookup

* change lookup

* Update config/manager/default-config/deployment.yaml

Co-authored-by: Armel Soro &lt;armel@rm3l.org&gt;

* add generated files

* fix image

---------

Co-authored-by: gazarenkov &lt;gazarenkov@gmail.com&gt;
Co-authored-by: Armel Soro &lt;armel@rm3l.org&gt;
diff --git a/api/v1alpha1/backstage_types.go b/api/v1alpha1/backstage_types.go
@@ -27,12 +27,6 @@ const (
 	DeployInProgress  string = "DeployInProgress"
 )
 
-// Constants for image placeholders
-const (
-	EnvPostGresImage  string = "RELATED_IMAGE_postgresql"
-	EnvBackstageImage string = "RELATED_IMAGE_backstage"
-)
-
 // BackstageSpec defines the desired state of Backstage
 type BackstageSpec struct {
 	// Configuration for Backstage. Optional.
diff --git a/bundle/manifests/backstage-default-config_v1_configmap.yaml b/bundle/manifests/backstage-default-config_v1_configmap.yaml
@@ -62,9 +62,13 @@ data:
             janus-idp.io/app: backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
           name: backstage-db-cr1 # placeholder for 'backstage-psql-<cr-name>'
         spec:
-          persistentVolumeClaimRetentionPolicy:
-            whenDeleted: Retain
-            whenScaled: Retain
+          automountServiceAccountToken: false
+          ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
+          ## The optional .spec.persistentVolumeClaimRetentionPolicy field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.
+          ## You must enable the StatefulSetAutoDeletePVC feature gate on the API server and the controller manager to use this field.
+    #      persistentVolumeClaimRetentionPolicy:
+    #        whenDeleted: Retain
+    #        whenScaled: Retain
           containers:
             - env:
                 - name: POSTGRESQL_PORT_NUMBER
@@ -76,7 +80,8 @@ data:
               envFrom:
                 - secretRef:
                     name: <POSTGRESQL_SECRET>  # will be replaced with 'backstage-psql-secrets-<cr-name>'
-              image: <RELATED_IMAGE_postgresql> # will be replaced with the actual image
+              # image will be replaced by the value of the `RELATED_IMAGE_postgresql` env var, if set
+              image: quay.io/fedora/postgresql-15:latest
               imagePullPolicy: IfNotPresent
               securityContext:
                 runAsNonRoot: true
@@ -120,7 +125,9 @@ data:
                   cpu: 250m
                   memory: 256Mi
                 limits:
+                  cpu: 250m
                   memory: 1024Mi
+                  ephemeral-storage: 20Mi
               volumeMounts:
                 - mountPath: /dev/shm
                   name: dshm
@@ -164,7 +171,7 @@ data:
           labels:
             janus-idp.io/app:  # placeholder for 'backstage-<cr-name>'
         spec:
-          #      serviceAccountName: default
+          automountServiceAccountToken: false
           volumes:
             - ephemeral:
                 volumeClaimTemplate:
@@ -188,7 +195,8 @@ data:
               env:
                 - name: NPM_CONFIG_USERCONFIG
                   value: /opt/app-root/src/.npmrc.dynamic-plugins
-              image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+              # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+              image: quay.io/janus-idp/backstage-showcase:latest
               imagePullPolicy: IfNotPresent
               name: install-dynamic-plugins
               volumeMounts:
@@ -199,10 +207,15 @@ data:
                   readOnly: true
                   subPath: .npmrc
               workingDir: /opt/app-root/src
-
+              resources:
+                limits:
+                  cpu: 1000m
+                  memory: 2.5Gi
+                  ephemeral-storage: 5Gi
           containers:
             - name: backstage-backend
-              image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+              # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+              image: quay.io/janus-idp/backstage-showcase:latest
               imagePullPolicy: IfNotPresent
               args:
                 - "--config"
@@ -241,6 +254,11 @@ data:
               volumeMounts:
                 - mountPath: /opt/app-root/src/dynamic-plugins-root
                   name: dynamic-plugins-root
+              resources:
+                limits:
+                  cpu: 1000m
+                  memory: 2.5Gi
+                  ephemeral-storage: 5Gi
   dynamic-plugins-configmap.yaml: |-
     apiVersion: v1
     kind: ConfigMap
diff --git a/bundle/manifests/backstage-operator.clusterserviceversion.yaml b/bundle/manifests/backstage-operator.clusterserviceversion.yaml
@@ -21,7 +21,7 @@ metadata:
         }
       ]
     capabilities: Seamless Upgrades
-    createdAt: "2024-01-29T20:18:14Z"
+    createdAt: "2024-02-13T07:11:47Z"
     operatorframework.io/suggested-namespace: backstage-system
     operators.operatorframework.io/builder: operator-sdk-v1.33.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -185,6 +185,7 @@ spec:
                         operator: In
                         values:
                         - linux
+              automountServiceAccountToken: true
               containers:
               - args:
                 - --secure-listen-address=0.0.0.0:8443
@@ -219,7 +220,7 @@ spec:
                 - name: RELATED_IMAGE_postgresql
                   value: quay.io/fedora/postgresql-15:latest
                 - name: RELATED_IMAGE_backstage
-                  value: quay.io/janus-idp/backstage-showcase:next
+                  value: quay.io/janus-idp/backstage-showcase:latest
                 image: quay.io/janus-idp/operator:0.0.1
                 livenessProbe:
                   httpGet:
@@ -237,6 +238,7 @@ spec:
                 resources:
                   limits:
                     cpu: 500m
+                    ephemeral-storage: 20Mi
                     memory: 128Mi
                   requests:
                     cpu: 10m
@@ -322,6 +324,6 @@ spec:
   relatedImages:
   - image: quay.io/fedora/postgresql-15:latest
     name: postgresql
-  - image: quay.io/janus-idp/backstage-showcase:next
+  - image: quay.io/janus-idp/backstage-showcase:latest
     name: backstage
   version: 0.0.1
diff --git a/config/manager/default-config/db-statefulset.yaml b/config/manager/default-config/db-statefulset.yaml
@@ -33,7 +33,8 @@ spec:
           envFrom:
             - secretRef:
                 name: <POSTGRESQL_SECRET>  # will be replaced with 'backstage-psql-secrets-<cr-name>'
-          image: <RELATED_IMAGE_postgresql> # will be replaced with the actual image
+          # image will be replaced by the value of the `RELATED_IMAGE_postgresql` env var, if set
+          image: quay.io/fedora/postgresql-15:latest
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true
diff --git a/config/manager/default-config/deployment.yaml b/config/manager/default-config/deployment.yaml
@@ -36,7 +36,8 @@ spec:
           env:
             - name: NPM_CONFIG_USERCONFIG
               value: /opt/app-root/src/.npmrc.dynamic-plugins
-          image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+          # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+          image: quay.io/janus-idp/backstage-showcase:latest
           imagePullPolicy: IfNotPresent
           name: install-dynamic-plugins
           volumeMounts:
@@ -54,7 +55,8 @@ spec:
               ephemeral-storage: 5Gi
       containers:
         - name: backstage-backend
-          image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+          # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+          image: quay.io/janus-idp/backstage-showcase:latest
           imagePullPolicy: IfNotPresent
           args:
             - "--config"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -76,7 +76,7 @@ spec:
         - name: RELATED_IMAGE_postgresql
           value: quay.io/fedora/postgresql-15:latest
         - name: RELATED_IMAGE_backstage
-          value: quay.io/janus-idp/backstage-showcase:next
+          value: quay.io/janus-idp/backstage-showcase:latest
         image: controller:latest
         name: manager
         securityContext:
diff --git a/controllers/backstage_controller.go b/controllers/backstage_controller.go
@@ -41,6 +41,11 @@ const (
 	BackstageAppLabel = "janus-idp.io/app"
 )
 
+var (
+	envPostgresImage  string
+	envBackstageImage string
+)
+
 // BackstageReconciler reconciles a Backstage object
 type BackstageReconciler struct {
 	client.Client
@@ -56,10 +61,6 @@ type BackstageReconciler struct {
 	Namespace string
 
 	IsOpenShift bool
-
-	PsqlImage string
-
-	BackstageImage string
 }
 
 //+kubebuilder:rbac:groups=janus-idp.io,resources=backstages,verbs=get;list;watch;create;update;patch;delete
@@ -295,14 +296,13 @@ func (r *BackstageReconciler) labels(meta *v1.ObjectMeta, backstage bs.Backstage
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *BackstageReconciler) SetupWithManager(mgr ctrl.Manager, log logr.Logger) error {
-	if len(r.PsqlImage) == 0 {
-		r.PsqlImage = "quay.io/fedora/postgresql-15:latest"
-		log.Info("Enviroment variable is not set, default is used", bs.EnvPostGresImage, r.PsqlImage)
-	}
 
-	if len(r.BackstageImage) == 0 {
-		r.BackstageImage = "quay.io/janus-idp/backstage-showcase:next"
-		log.Info("Enviroment variable is not set, default is used", bs.EnvBackstageImage, r.BackstageImage)
+	var ok bool
+	if envPostgresImage, ok = os.LookupEnv("RELATED_IMAGE_postgresql"); !ok {
+		log.Info("RELATED_IMAGE_postgresql environment variable is not set, default will be used")
+	}
+	if envBackstageImage, ok = os.LookupEnv("RELATED_IMAGE_backstage"); !ok {
+		log.Info("RELATED_IMAGE_backstage environment variable is not set, default will be used")
 	}
 
 	builder := ctrl.NewControllerManagedBy(mgr).
diff --git a/controllers/backstage_controller_test.go b/controllers/backstage_controller_test.go
@@ -61,12 +61,12 @@ var _ = Describe("Backstage controller", func() {
 		Expect(err).To(Not(HaveOccurred()))
 
 		backstageReconciler = &BackstageReconciler{
-			Client:         k8sClient,
-			Scheme:         k8sClient.Scheme(),
-			Namespace:      ns,
-			OwnsRuntime:    true,
-			PsqlImage:      "test-postgresql-15:latest",
-			BackstageImage: "test-backstage-showcase:next",
+			Client:      k8sClient,
+			Scheme:      k8sClient.Scheme(),
+			Namespace:   ns,
+			OwnsRuntime: true,
+			//PsqlImage:      "test-postgresql-15:latest",
+			//BackstageImage: "test-backstage-showcase:next",
 		}
 	})
 
diff --git a/controllers/backstage_deployment.go b/controllers/backstage_deployment.go
@@ -33,103 +33,6 @@ const (
 	_containersWorkingDir              = "/opt/app-root/src"
 )
 
-//var (
-//	DefaultBackstageDeployment = fmt.Sprintf(`
-//apiVersion: apps/v1
-//kind: Deployment
-//metadata:
-// name: backstage
-//spec:
-// replicas: 1
-// selector:
-//   matchLabels:
-//     janus-idp.io/app:  # placeholder for 'backstage-<cr-name>'
-// template:
-//   metadata:
-//     labels:
-//       janus-idp.io/app:  # placeholder for 'backstage-<cr-name>'
-//   spec:
-//#      serviceAccountName: default
-//
-//     volumes:
-//       - ephemeral:
-//           volumeClaimTemplate:
-//             spec:
-//               accessModes:
-//               - ReadWriteOnce
-//               resources:
-//                 requests:
-//                   storage: 1Gi
-//         name: dynamic-plugins-root
-//       - name: dynamic-plugins-npmrc
-//         secret:
-//           defaultMode: 420
-//           optional: true
-//           secretName: dynamic-plugins-npmrc
-//
-//     initContainers:
-//       - command:
-//         - ./install-dynamic-plugins.sh
-//         - /dynamic-plugins-root
-//         env:
-//         - name: NPM_CONFIG_USERCONFIG
-//           value: %[3]s/.npmrc.dynamic-plugins
-//         image: 'quay.io/janus-idp/backstage-showcase:next'
-//         imagePullPolicy: IfNotPresent
-//         name: %[1]s
-//         volumeMounts:
-//         - mountPath: /dynamic-plugins-root
-//           name: dynamic-plugins-root
-//         - mountPath: %[3]s/.npmrc.dynamic-plugins
-//           name: dynamic-plugins-npmrc
-//           readOnly: true
-//           subPath: .npmrc
-//         workingDir: %[3]s
-//
-//     containers:
-//       - name: %[2]s
-//         image: quay.io/janus-idp/backstage-showcase:next
-//         imagePullPolicy: IfNotPresent
-//         args:
-//           - "--config"
-//           - "dynamic-plugins-root/app-config.dynamic-plugins.yaml"
-//         readinessProbe:
-//           failureThreshold: 3
-//           httpGet:
-//             path: /healthcheck
-//             port: 7007
-//             scheme: HTTP
-//           initialDelaySeconds: 30
-//           periodSeconds: 10
-//           successThreshold: 2
-//           timeoutSeconds: 2
-//         livenessProbe:
-//           failureThreshold: 3
-//           httpGet:
-//             path: /healthcheck
-//             port: 7007
-//             scheme: HTTP
-//           initialDelaySeconds: 60
-//           periodSeconds: 10
-//           successThreshold: 1
-//           timeoutSeconds: 2
-//         ports:
-//           - name: http
-//             containerPort: 7007
-//         env:
-//           - name: APP_CONFIG_backend_listen_port
-//             value: "7007"
-//         envFrom:
-//           - secretRef:
-//               name: postgres-secrets
-//#            - secretRef:
-//#                name: backstage-secrets
-//         volumeMounts:
-//           - mountPath: %[3]s/dynamic-plugins-root
-//             name: dynamic-plugins-root
-//`, _defaultBackstageInitContainerName, _defaultBackstageMainContainerName, _containersWorkingDir)
-//)
-
 // ContainerVisitor is called with each container
 type ContainerVisitor func(container *v1.Container)
 
@@ -291,11 +194,12 @@ func (r *BackstageReconciler) validateAndUpdatePsqlSecretRef(backstage bs.Backst
 }
 
 func (r *BackstageReconciler) setDefaultDeploymentImage(deployment *appsv1.Deployment) {
-	visitContainers(&deployment.Spec.Template, func(container *v1.Container) {
-		if len(container.Image) == 0 || container.Image == fmt.Sprintf("<%s>", bs.EnvBackstageImage) {
-			container.Image = r.BackstageImage
-		}
-	})
+	if envBackstageImage != "" {
+		visitContainers(&deployment.Spec.Template, func(container *v1.Container) {
+			container.Image = envBackstageImage
+
+		})
+	}
 }
 
 func (r *BackstageReconciler) applyBackstageLabels(backstage bs.Backstage, deployment *appsv1.Deployment) {
diff --git a/controllers/local_db_statefulset.go b/controllers/local_db_statefulset.go
diff --git a/examples/janus-cr-with-app-configs.yaml b/examples/janus-cr-with-app-configs.yaml
diff --git a/main.go b/main.go
