Adapt testpmd-lb-operator to operator-sdk v1.33.0

[ramperher]

• Created new testpmd-lb-operator folder and creating operator-sdk v1.33.0 skeleton with the following command:

$ operator-sdk init --domain openshift.io --plugins ansible
$ operator-sdk create api --version v1 --generate-role --group examplecnf --kind LoadBalancer

• Rest of the work was mainly to move most of loadbalancer role to the project, check all files created, and adapt Makefile to the new structure

[ramperher]

Okey, so the issue with the operator build process is really because of the new Makefile format, I'll be adding the new features step by step to detect what was wrong.

[ramperher]

I've managed to correctly build the operator, the issue was with some new comments labelled in this way: ##@, related to a new task called help that was added to the Makefile. I don't consider it useful so I've removed that code, and now it's passing fine. Testing now a job.

[ramperher]

The job I've launched will fail in one of the tasks from new sriov config role included in the collections, that needs to be fixed before, cc @tonyskapunk

[dcibot]

from change #53:

• ERROR https://www.distributed-ci.io/jobs/da00757a-7a97-4993-9e8d-c7b573bb4346/jobStates

[dcibot]

from change #53:

• FAILURE https://www.distributed-ci.io/jobs/75a67fb1-a99b-4cb5-8092-ba6393c431dd/jobStates

[ramperher]

Current issue is with LoadBalancer creation:

"message": "An unhandled exception occurred while running the lookup plugin 'k8s'. Error was a \u003cclass 'kubernetes.dynamic.exceptions.ForbiddenError'\u003e, original message: 403\nReason: Forbidden\nHTTP response headers: HTTPHeaderDict({'Audit-Id': '4719ab14-22f2-49a9-9239-1fdfc9cbbd7f', 'Cache-Control': 'no-cache, private', 'Content-Length': '502', 'Content-Type': 'application/json', 'Date': 'Fri, 09 Feb 2024 08:44:54 GMT', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '62b8d4ee-6c12-4f3f-b4d6-40e63ce92262', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'c42a983d-b10c-4afb-999e-f72d5948a03a'})\nHTTP response body: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"network-attachment-definitions.k8s.cni.cncf.io \\\\\"intel-numa0-net1\\\\\" is forbidden: User \\\\\"system:serviceaccount:example-cnf:testpmd-lb-operator-controller-manager\\\\\" cannot get resource \\\\\"network-attachment-definitions\\\\\" in API group \\\\\"k8s.cni.cncf.io\\\\\" in the namespace \\\\\"example-cnf\\\\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"intel-numa0-net1\",\"group\":\"k8s.cni.cncf.io\",\"kind\":\"network-attachment-definitions\"},\"code\":403}\\n'\nOriginal traceback: \n File \"/usr/local/lib/python3.9/site-packages/kubernetes/dynamic/client.py\", line 55, in inner\n resp = func(self, *args, **kwargs)\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/dynamic/client.py\", line 270, in request\n api_response = self.client.call_api(\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 348, in call_api\n return self.__call_api(resource_path, method,\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 180, in __call_api\n response_data = self.request(\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 373, in request\n return self.rest_client.GET(url,\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py\", line 241, in GET\n return self.request(\"GET\", url,\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py\", line 235, in request\n raise ApiException(http_resp=r)\n. 403\nReason: Forbidden\nHTTP response headers: HTTPHeaderDict({'Audit-Id': '4719ab14-22f2-49a9-9239-1fdfc9cbbd7f', 'Cache-Control': 'no-cache, private', 'Content-Length': '502', 'Content-Type': 'application/json', 'Date': 'Fri, 09 Feb 2024 08:44:54 GMT', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '62b8d4ee-6c12-4f3f-b4d6-40e63ce92262', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'c42a983d-b10c-4afb-999e-f72d5948a03a'})\nHTTP response body: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"network-attachment-definitions.k8s.cni.cncf.io \\\\\"intel-numa0-net1\\\\\" is forbidden: User \\\\\"system:serviceaccount:example-cnf:testpmd-lb-operator-controller-manager\\\\\" cannot get resource \\\\\"network-attachment-definitions\\\\\" in API group \\\\\"k8s.cni.cncf.io\\\\\" in the namespace \\\\\"example-cnf\\\\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"intel-numa0-net1\",\"group\":\"k8s.cni.cncf.io\",\"kind\":\"network-attachment-definitions\"},\"code\":403}\\n'\nOriginal traceback: \n File \"/usr/local/lib/python3.9/site-packages/kubernetes/dynamic/client.py\", line 55, in inner\n resp = func(self, *args, **kwargs)\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/dynamic/client.py\", line 270, in request\n api_response = self.client.call_api(\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 348, in call_api\n return self.__call_api(resource_path, method,\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 180, in __call_api\n response_data = self.request(\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py\", line 373, in request\n return self.rest_client.GET(url,\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py\", line 241, in GET\n return self.request(\"GET\", url,\n\n File \"/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py\", line 235, in request\n raise ApiException(http_resp=r)\n",

I need to recheck the Role we're creating here, it's not allowing network-attachment-definitions by default and we should add it, in the same way we were doing before.

[dcibot]

from change #53:

• FAILURE https://www.distributed-ci.io/jobs/450ebd50-b3c6-423d-ba58-2da3a95444fa/jobStates

[dcibot]

from change #53:

• SUCCESS https://www.distributed-ci.io/jobs/daa8e6a0-5051-4290-b900-e78854f90af6/jobStates

[ramperher]

from change #53:

• SUCCESS https://www.distributed-ci.io/jobs/daa8e6a0-5051-4290-b900-e78854f90af6/jobStates

Change looks good, I've tested the whole chain with tnf and preflight, example-cnf test looks good too.

This is ready for review, @tkrishtop , could you have some time to take a look to confirm the structure is fine? There are a lot of files that have been modified but I've just put what was generated by operator-sdk v1.33.0

[manurodriguez]

• Created new testpmd-lb-operator folder and creating operator-sdk v1.33.0 skeleton with the following command:

$ operator-sdk init --domain openshift.io --plugins ansible
$ operator-sdk create api --version v1 --generate-role --group examplecnf --kind LoadBalancer

• Rest of the work was mainly to move most of loadbalancer role to the project, check all files created, and adapt Makefile to the new structure

Nice work Ramon, it would be great to have these steps somewhere in the doc, if they are not already : )

[ramperher]

• Created new testpmd-lb-operator folder and creating operator-sdk v1.33.0 skeleton with the following command:

$ operator-sdk init --domain openshift.io --plugins ansible
$ operator-sdk create api --version v1 --generate-role --group examplecnf --kind LoadBalancer

• Rest of the work was mainly to move most of loadbalancer role to the project, check all files created, and adapt Makefile to the new structure

Nice work Ramon, it would be great to have these steps somewhere in the doc, if they are not already : )

Sure, I can add the steps I have followed to the README, then I will rebase because I have merged the change for the service accounts. I will do this on Monday :)

[ramperher]

@manurodriguez , I've updated the README and I've rebased the change, hope it's fine now.

[manurodriguez]

Thanks, Looks good to me!

[tkrishtop]

Hi @ramperher I have only checked a part of the PR (it's huge), so only submitting partial review for the moment, sorry for that.

[ramperher]

Hi @ramperher I have only checked a part of the PR (it's huge), so only submitting partial review for the moment, sorry for that.

@tkrishtop , just FYI, most of the changes are formatting changes related to the new structure generated by operator-sdk v1.33.0, compared to v1.10.0

I've also addressed all your comments, please take a look when you have some time. Thanks.

[tkrishtop]

Hi @ramperher thank you for the great work!

I carefully validated the logs of the job running grep on the log archive $ grep -a testpmd-lb *, I see testpmd-lb pod running fine and there are no errors related to the deployment

Created container manager
events.txt:example-cnf                                        14m         Normal    Started                                      pod/testpmd-lb-operator-controller-manager-7bdd56f9b6-m9xk5               Started container manager
events.txt:example-cnf                                        14m         Normal    LeaderElection                               lease/testpmd-lb-operator                                                 testpmd-lb-operator-controller-manager-7bdd56f9b6-m9xk5_4fdc01b1-c1df-4815-84ff-7e37a7dc0310 became leader


example-cnf_events.log:14m         Normal    SuccessfulCreate      replicaset/testpmd-lb-operator-controller-manager-7bdd56f9b6              Created pod: testpmd-lb-operator-controller-manager-7bdd56f9b6-m9xk5

Normal    InstallSucceeded      clusterserviceversion/testpmd-lb-operator.v0.2.13-pr53.49669774           install strategy completed with no errors

[ramperher]

Thank you @manurodriguez and @tkrishtop for the review, I'll merge this and rebase the change for cnf-app-mac-operator, thanks!