Generate Network.cluster config instead of NetworkConfig.networkoperator

* Add the Network.config.openshift.io CRD
* Generate the network config from the install config
* Remove networkoperator types from install config (but use the same
    schema)
* Move network CRDs to templates to match #943

This doesn't change the json/yaml serialization of the install config, but it
changes it internally.

Author: squeed

data/data/manifests/openshift/cluster-network-crd.yaml

@@ -0,0 +1,16 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: networks.config.openshift.io
+spec:
+  group: config.openshift.io
+  names:
+    kind: Network
+    listKind: NetworkList
+    plural: networks
+    singular: network
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true

data/data/manifests/openshift/cluster-networkconfig-crd.yaml

@@ -0,0 +1,19 @@
+# This is the advanced network configuration CRD
+# Only necessary if you need to tweak certain settings.
+# See https://github.com/openshift/cluster-network-operator#configuring
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: networkconfigs.networkoperator.openshift.io
+spec:
+  group: networkoperator.openshift.io
+  names:
+    kind: NetworkConfig
+    listKind: NetworkConfigList
+    plural: networkconfigs
+    singular: networkconfig
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true

docs/user/troubleshooting.md

@@ -224,19 +224,18 @@ From a deployment perspective, the network operator is often the "canary in the
 First, determine that the network configuration exists:
 
 ```console
-$ kubectl get networkconfigs.networkoperator.openshift.io default -oyaml
-...
+$ kubectl get network.config.openshift.io cluster -oyaml
+apiVersion: config.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
 spec:
-  additionalNetworks: null
-  clusterNetworks:
-  - cidr: 10.2.0.0/16
-    hostSubnetLength: 9
-  defaultNetwork:
-    openshiftSDNConfig:
-      mode: Networkpolicy
-    otherConfig: null
-    type: OpenshiftSDN
-  serviceNetwork: 10.3.0.0/16
+  serviceNetwork:
+  - 172.30.0.0/16
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  networkType: OpenShiftSDN
 ```
 
 If it doesn't exist, the installer didn't create it. You'll have to run `openshift-install create manifests` to determine why.

pkg/asset/installconfig/installconfig_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/golang/mock/gomock"
-	netopv1 "github.com/openshift/cluster-network-operator/pkg/apis/networkoperator/v1"
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -66,11 +65,11 @@ func TestInstallConfigGenerate_FillsInDefaults(t *testing.T) {
 		BaseDomain: "test-domain",
 		Networking: &types.Networking{
 			MachineCIDR: ipnet.MustParseCIDR("10.0.0.0/16"),
-			Type:        "OpenshiftSDN",
+			Type:        "OpenShiftSDN",
 			ServiceCIDR: ipnet.MustParseCIDR("172.30.0.0/16"),
-			ClusterNetworks: []netopv1.ClusterNetwork{
+			ClusterNetworks: []types.ClusterNetworkEntry{
 				{
-					CIDR:             "10.128.0.0/14",
+					CIDR:             *ipnet.MustParseCIDR("10.128.0.0/14"),
 					HostSubnetLength: 9,
 				},
 			},
@@ -125,11 +124,11 @@ pullSecret: "{\"auths\":{\"example.com\":{\"auth\":\"authorization value\"}}}"
 				BaseDomain: "test-domain",
 				Networking: &types.Networking{
 					MachineCIDR: ipnet.MustParseCIDR("10.0.0.0/16"),
-					Type:        "OpenshiftSDN",
+					Type:        "OpenShiftSDN",
 					ServiceCIDR: ipnet.MustParseCIDR("172.30.0.0/16"),
-					ClusterNetworks: []netopv1.ClusterNetwork{
+					ClusterNetworks: []types.ClusterNetworkEntry{
 						{
-							CIDR:             "10.128.0.0/14",
+							CIDR:             *ipnet.MustParseCIDR("10.128.0.0/14"),
 							HostSubnetLength: 9,
 						},
 					},

pkg/asset/manifests/network.go

@@ -1,16 +1,18 @@
 package manifests
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 
 	"github.com/ghodss/yaml"
 	"github.com/pkg/errors"
 
+	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
+	"github.com/openshift/installer/pkg/asset/templates/content/openshift"
 
-	netopv1 "github.com/openshift/cluster-network-operator/pkg/apis/networkoperator/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clusterv1a1 "sigs.k8s.io/cluster-api/pkg/apis/cluster/v1alpha1"
 )
@@ -20,35 +22,18 @@ var (
 	noCfgFilename = filepath.Join(manifestDir, "cluster-network-02-config.yml")
 )
 
-const (
-
-	// We need to manually create our CRD first, so we can create the
-	// configuration instance of it.
-	// Other operators have their CRD created by the CVO, but we manually
-	// create our operator's configuration in the installer.
-	netConfigCRD = `
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: networkconfigs.networkoperator.openshift.io
-spec:
-  group: networkoperator.openshift.io
-  names:
-    kind: NetworkConfig
-    listKind: NetworkConfigList
-    plural: networkconfigs
-    singular: networkconfig
-  scope: Cluster
-  versions:
-    - name: v1
-      served: true
-      storage: true
-`
-)
+// We need to manually create our CRDs first, so we can create the
+// configuration instance of it in the installer. Other operators have
+// their CRD created by the CVO, but we need to create the corresponding
+// CRs in the installer, so we need the CRD to be there.
+// The first CRD is the high-level Network.config.openshift.io object,
+// which is stable ahd minimal. Administrators can override configure the
+// network in a more detailed manner with the operator-specific CR, which
+// also needs to be done before the installer is run, so we provide both.
 
 // Networking generates the cluster-network-*.yml files.
 type Networking struct {
-	config   *netopv1.NetworkConfig
+	config   *configv1.Network
 	FileList []*asset.File
 }
 
@@ -64,60 +49,44 @@ func (no *Networking) Name() string {
 func (no *Networking) Dependencies() []asset.Asset {
 	return []asset.Asset{
 		&installconfig.InstallConfig{},
+		&openshift.NetworkCRDs{},
 	}
 }
 
 // Generate generates the network operator config and its CRD.
 func (no *Networking) Generate(dependencies asset.Parents) error {
 	installConfig := &installconfig.InstallConfig{}
-	dependencies.Get(installConfig)
+	crds := &openshift.NetworkCRDs{}
+	dependencies.Get(installConfig, crds)
 
 	netConfig := installConfig.Config.Networking
 
-	// determine pod address space.
-	// This can go away when we get rid of PodCIDR
-	// entirely in favor of ClusterNetworks
-	var clusterNets []netopv1.ClusterNetwork
+	clusterNet := []configv1.ClusterNetworkEntry{}
 	if len(netConfig.ClusterNetworks) > 0 {
-		clusterNets = netConfig.ClusterNetworks
-	} else if !netConfig.PodCIDR.IPNet.IP.IsUnspecified() {
-		clusterNets = []netopv1.ClusterNetwork{
-			{
-				CIDR:             netConfig.PodCIDR.String(),
-				HostSubnetLength: 9,
-			},
+		for _, net := range netConfig.ClusterNetworks {
+			_, size := net.CIDR.Mask.Size()
+			clusterNet = append(clusterNet, configv1.ClusterNetworkEntry{
+				CIDR:       net.CIDR.String(),
+				HostPrefix: uint32(size) - uint32(net.HostSubnetLength),
+			})
 		}
 	} else {
-		return errors.Errorf("Either PodCIDR or ClusterNetworks must be specified")
-	}
-
-	defaultNet := netopv1.DefaultNetworkDefinition{
-		Type: netConfig.Type,
+		return errors.Errorf("ClusterNetworks must be specified")
 	}
 
-	// Add any network-specific configuration defaults here.
-	switch netConfig.Type {
-	case netopv1.NetworkTypeOpenshiftSDN:
-		defaultNet.OpenshiftSDNConfig = &netopv1.OpenshiftSDNConfig{
-			// Default to network policy, operator provides all other defaults.
-			Mode: netopv1.SDNModePolicy,
-		}
-	}
-
-	no.config = &netopv1.NetworkConfig{
+	no.config = &configv1.Network{
 		TypeMeta: metav1.TypeMeta{
-			APIVersion: netopv1.SchemeGroupVersion.String(),
-			Kind:       "NetworkConfig",
+			APIVersion: configv1.SchemeGroupVersion.String(),
+			Kind:       "Network",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "default",
+			Name: "cluster",
 			// not namespaced
 		},
-
-		Spec: netopv1.NetworkConfigSpec{
-			ServiceNetwork:  netConfig.ServiceCIDR.String(),
-			ClusterNetworks: clusterNets,
-			DefaultNetwork:  defaultNet,
+		Spec: configv1.NetworkSpec{
+			ClusterNetwork: clusterNet,
+			ServiceNetwork: []string{netConfig.ServiceCIDR.String()},
+			NetworkType:    netConfig.Type,
 		},
 	}
 
@@ -126,10 +95,15 @@ func (no *Networking) Generate(dependencies asset.Parents) error {
 		return errors.Wrapf(err, "failed to create %s manifests from InstallConfig", no.Name())
 	}
 
+	crdContents := ""
+	for _, crdFile := range crds.Files() {
+		crdContents = fmt.Sprintf("%s\n---\n%s", crdContents, crdFile.Data)
+	}
+
 	no.FileList = []*asset.File{
 		{
 			Filename: noCrdFilename,
-			Data:     []byte(netConfigCRD),
+			Data:     []byte(crdContents),
 		},
 		{
 			Filename: noCfgFilename,
@@ -155,13 +129,13 @@ func (no *Networking) ClusterNetwork() (*clusterv1a1.ClusterNetworkingConfig, er
 	}
 
 	pods := []string{}
-	for _, cn := range no.config.Spec.ClusterNetworks {
+	for _, cn := range no.config.Spec.ClusterNetwork {
 		pods = append(pods, cn.CIDR)
 	}
 
 	cn := &clusterv1a1.ClusterNetworkingConfig{
 		Services: clusterv1a1.NetworkRanges{
-			CIDRBlocks: []string{no.config.Spec.ServiceNetwork},
+			CIDRBlocks: no.config.Spec.ServiceNetwork,
 		},
 		Pods: clusterv1a1.NetworkRanges{
 			CIDRBlocks: pods,
@@ -189,7 +163,7 @@ func (no *Networking) Load(f asset.FileFetcher) (bool, error) {
 		return false, err
 	}
 
-	netConfig := &netopv1.NetworkConfig{}
+	netConfig := &configv1.Network{}
 	if err := yaml.Unmarshal(cfgFile.Data, netConfig); err != nil {
 		return false, errors.Wrapf(err, "failed to unmarshal %s", noCfgFilename)
 	}

pkg/asset/templates/content/openshift/cluster-network-crds.go

@@ -0,0 +1,69 @@
+package openshift
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/templates/content"
+)
+
+const (
+	netCRDfilename   = "cluster-network-crd.yaml"
+	netopCRDfilename = "cluster-networkconfig-crd.yaml"
+)
+
+var _ asset.WritableAsset = (*NetworkCRDs)(nil)
+
+// NetworkCRDs is the custom resource definitions for the network operator types:
+// - Network.config.openshift.io
+// - NetworkConfig.networkoperator.openshift.io
+type NetworkCRDs struct {
+	FileList []*asset.File
+}
+
+// Dependencies returns all of the dependencies directly needed by the asset
+func (t *NetworkCRDs) Dependencies() []asset.Asset {
+	return []asset.Asset{}
+}
+
+// Name returns the human-friendly name of the asset.
+func (t *NetworkCRDs) Name() string {
+	return "Network CRDs"
+}
+
+// Generate generates the actual files by this asset
+func (t *NetworkCRDs) Generate(parents asset.Parents) error {
+	for _, filename := range []string{netCRDfilename, netopCRDfilename} {
+		data, err := content.GetOpenshiftTemplate(filename)
+		if err != nil {
+			return err
+		}
+		t.FileList = append(t.FileList, &asset.File{
+			Filename: filepath.Join(content.TemplateDir, filename),
+			Data:     []byte(data),
+		})
+	}
+	return nil
+}
+
+// Files returns the files generated by the asset.
+func (t *NetworkCRDs) Files() []*asset.File {
+	return t.FileList
+}
+
+// Load returns the asset from disk.
+func (t *NetworkCRDs) Load(f asset.FileFetcher) (bool, error) {
+	for _, filename := range []string{netCRDfilename, netopCRDfilename} {
+		file, err := f.FetchByName(filepath.Join(content.TemplateDir, filename))
+		if err != nil {
+			if os.IsNotExist(err) {
+				return false, nil
+			}
+			return false, err
+		}
+		t.FileList = append(t.FileList, file)
+	}
+
+	return true, nil
+}

pkg/asset/templates/templates.go

@@ -42,6 +42,7 @@ func (m *Templates) Dependencies() []asset.Asset {
 		&openshift.KubeadminPasswordSecret{},
 		&openshift.RoleCloudCredsSecretReader{},
 		&openshift.InfrastructureCRD{},
+		&openshift.NetworkCRDs{},
 	}
 }