diff --git a/build/Dockerfile b/build/Dockerfile index 94629a4..380aabf 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -8,7 +8,7 @@ COPY . . RUN make go-build #### -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1775623882 +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1776104705 ENV USER_UID=1001 \ USER_NAME=ocm-agent-operator diff --git a/build/Dockerfile.olm-registry b/build/Dockerfile.olm-registry index be9e6c7..6cabec1 100644 --- a/build/Dockerfile.olm-registry +++ b/build/Dockerfile.olm-registry @@ -4,7 +4,7 @@ COPY ${SAAS_OPERATOR_DIR} manifests RUN initializer --permissive # ubi-micro does not work for clusters with fips enabled unless we make OpenSSL available -FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1775623882 +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1776104705 COPY --from=builder /bin/registry-server /bin/registry-server COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe diff --git a/pkg/ocmagenthandler/ocmagenthandler_configmap.go b/pkg/ocmagenthandler/ocmagenthandler_configmap.go index 79e33c9..b1ebc64 100644 --- a/pkg/ocmagenthandler/ocmagenthandler_configmap.go +++ b/pkg/ocmagenthandler/ocmagenthandler_configmap.go @@ -81,22 +81,21 @@ func buildCAMOConfigMap(ocmAgent ocmagentv1alpha1.OcmAgent) (*corev1.ConfigMap, func (o *ocmAgentHandler) ensureAllConfigMaps(ocmAgent ocmagentv1alpha1.OcmAgent) error { // Ensure the OCM Agent ConfigMap - // Determine the cluster ID, used as a configmap value - cv, err := o.fetchClusterVersion() - if err != nil { - o.Log.Error(err, "unable to fetch cluster ID for creating configmap") - return err - } - clusterID := string(cv.Spec.ClusterID) - var oaCM *corev1.ConfigMap + // Only fetch cluster version for non-FleetMode to avoid unnecessary API calls if ocmAgent.Spec.FleetMode { oaCM = buildOCMAgentConfigMap(ocmAgent, "") } else { + cv, err := o.fetchClusterVersion() + if err != nil { + o.Log.Error(err, "unable to fetch cluster ID for creating configmap") + return err + } + clusterID := string(cv.Spec.ClusterID) oaCM = buildOCMAgentConfigMap(ocmAgent, clusterID) } - err = o.ensureConfigMap(ocmAgent, oaCM, true) + err := o.ensureConfigMap(ocmAgent, oaCM, true) if err != nil { return err } diff --git a/pkg/ocmagenthandler/ocmagenthandler_configmap_test.go b/pkg/ocmagenthandler/ocmagenthandler_configmap_test.go index 28e2f96..ec1ccec 100644 --- a/pkg/ocmagenthandler/ocmagenthandler_configmap_test.go +++ b/pkg/ocmagenthandler/ocmagenthandler_configmap_test.go @@ -274,20 +274,16 @@ var _ = Describe("OCM Agent ConfigMap Handler", func() { }) It("ensureAllConfigMaps handles fleet mode and errors", func() { - testClusterVersion := &configv1.ClusterVersion{ - ObjectMeta: metav1.ObjectMeta{Name: "version"}, - Spec: configv1.ClusterVersionSpec{ClusterID: "test-cluster-id"}, - } - - // Test fleet mode (no CAMO, no cluster ID) + // Test fleet mode (no cluster version fetch, no CAMO, no cluster ID) testOcmAgent.Spec.FleetMode = true - mockClient.EXPECT().Get(gomock.Any(), types.NamespacedName{Name: "version"}, gomock.Any()).SetArg(2, *testClusterVersion) + // FleetMode creates: OCM Agent ConfigMap + Trusted CA ConfigMap (not CAMO) mockClient.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any()).Return(k8serrs.NewNotFound(schema.GroupResource{}, "")).Times(2) mockClient.EXPECT().Create(gomock.Any(), gomock.Any()).Return(nil).Times(2) err := testOcmAgentHandler.ensureAllConfigMaps(testOcmAgent) Expect(err).ToNot(HaveOccurred()) - // Test cluster version fetch error + // Test non-fleet mode cluster version fetch error + testOcmAgent.Spec.FleetMode = false fetchError := errors.New("fetch failed") mockClient.EXPECT().Get(gomock.Any(), types.NamespacedName{Name: "version"}, gomock.Any()).Return(fetchError) err = testOcmAgentHandler.ensureAllConfigMaps(testOcmAgent) diff --git a/pkg/ocmagenthandler/ocmagenthandler_deployment.go b/pkg/ocmagenthandler/ocmagenthandler_deployment.go index a4fb836..5a8f154 100644 --- a/pkg/ocmagenthandler/ocmagenthandler_deployment.go +++ b/pkg/ocmagenthandler/ocmagenthandler_deployment.go @@ -238,8 +238,7 @@ func buildOCMAgentArgs(ocmAgent ocmagentv1alpha1.OcmAgent) []string { } if !ocmAgent.Spec.FleetMode { command = append(command, fmt.Sprintf("--cluster-id=@%s", clusterIDPath), fmt.Sprintf("--access-token=@%s", accessTokenPath)) - } - if ocmAgent.Spec.FleetMode { + } else { command = append(command, "--fleet-mode") } diff --git a/pkg/ocmagenthandler/ocmagenthandler_networkpolicy.go b/pkg/ocmagenthandler/ocmagenthandler_networkpolicy.go index d564499..96409dc 100644 --- a/pkg/ocmagenthandler/ocmagenthandler_networkpolicy.go +++ b/pkg/ocmagenthandler/ocmagenthandler_networkpolicy.go @@ -70,13 +70,18 @@ func buildNetworkPolicy(ocmAgent ocmagentv1alpha1.OcmAgent, namespace string) ne return np } -func (o *ocmAgentHandler) ensureAllNetworkPolicies(ocmAgent ocmagentv1alpha1.OcmAgent) error { +func getNetworkPolicyNamespaces(ocmAgent ocmagentv1alpha1.OcmAgent) []string { var namespaces []string if ocmAgent.Spec.FleetMode { namespaces = append(namespaces, oah.NamespaceMonitorng, oah.NamespaceRHOBS, oah.NamespaceOBO) } else { namespaces = append(namespaces, oah.NamespaceMonitorng, oah.NamespaceMUO) } + return namespaces +} + +func (o *ocmAgentHandler) ensureAllNetworkPolicies(ocmAgent ocmagentv1alpha1.OcmAgent) error { + namespaces := getNetworkPolicyNamespaces(ocmAgent) for _, ns := range namespaces { err := o.ensureNetworkPolicy(ocmAgent, ns) if err != nil { @@ -134,12 +139,7 @@ func (o *ocmAgentHandler) ensureNetworkPolicy(ocmAgent ocmagentv1alpha1.OcmAgent } func (o *ocmAgentHandler) ensureAllNetworkPoliciesDeleted(ocmAgent ocmagentv1alpha1.OcmAgent) error { - var namespaces []string - if ocmAgent.Spec.FleetMode { - namespaces = append(namespaces, oah.NamespaceMonitorng, oah.NamespaceRHOBS, oah.NamespaceOBO) - } else { - namespaces = append(namespaces, oah.NamespaceMonitorng, oah.NamespaceMUO) - } + namespaces := getNetworkPolicyNamespaces(ocmAgent) for _, ns := range namespaces { err := o.ensureNetworkPolicyDeleted(ocmAgent, ns) if err != nil {