Accepting request 947687 from home:vulyanov:branches:Virtualization

- Drop kubevirt-psp-caasp.yaml and cleanup the spec OBS-URL: https://build.opensuse.org/request/show/947687 OBS-URL: https://build.opensuse.org/package/show/Virtualization/kubevirt?expand=0&rev=76
2022-01-20 12:22:50 +00:00 · 2022-01-20 12:22:50 +00:00 · 3445bb2dd5
commit 3445bb2dd5
parent 52bc143035
3 changed files with 23 additions and 120 deletions
--- a/kubevirt-psp-caasp.yaml
+++ b/kubevirt-psp-caasp.yaml
@ -1,91 +0,0 @@
 #
 # A KubeVirt PSP for CaaSP-based Kubernetes clusters that makes use of the
 # CaaSP privileged PSP.
 #
 # After the KubeVirt operator has sucessfully deployed the KubeVirt service,
 # this PSP can be deployed to the cluster, giving virt-operator and
 # virt-handler access to cluster operations necessary for virtual machine
 # management.
 #
 # kubectl apply -f /usr/share/kube-virt/manifests/release/kubevirt-psp-caasp.yaml
 #
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: kubevirt-controller-caasp
 rules:
 - apiGroups:
  - policy
  resources:
  - podsecuritypolicies
  verbs:
  - use
  resourceNames:
  - suse.caasp.psp.privileged
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: kubevirt-handler-caasp
 rules:
 - apiGroups:
  - policy
  resources:
  - podsecuritypolicies
  verbs:
  - use
  resourceNames:
  - suse.caasp.psp.privileged
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: kubevirt-controller-caasp
 roleRef:
  kind: ClusterRole
  name: kubevirt-controller-caasp
  apiGroup: rbac.authorization.k8s.io
 subjects:
 - kind: ServiceAccount
  name: kubevirt-controller
  namespace: kubevirt
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: kubevirt-handler-caasp
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubevirt-handler-caasp
 subjects:
 - kind: ServiceAccount
  name: kubevirt-handler
  namespace: kubevirt
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: kubevirt-controller-caasp
 roleRef:
  kind: Role
  name: kubevirt-controller-caasp
  apiGroup: rbac.authorization.k8s.io
 subjects:
 - kind: ServiceAccount
  name: kubevirt-controller
  namespace: kubevirt
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: kubevirt-handler-caasp
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubevirt-handler-caasp
 subjects:
 - kind: ServiceAccount
  name: kubevirt-handler
  namespace: kubevirt
--- a/kubevirt.changes
+++ b/kubevirt.changes
@ -2,6 +2,7 @@
 Wed Jan 19 13:30:51 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>
 - Pack nft rules and nsswitch.conf for virt-handler
 - Drop kubevirt-psp-caasp.yaml and cleanup the spec
 -------------------------------------------------------------------
 Wed Jan 12 06:29:18 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>
--- a/kubevirt.spec
+++ b/kubevirt.spec
@ -24,10 +24,9 @@ License:        Apache-2.0
 Group:          System/Packages
 URL:            https://github.com/kubevirt/kubevirt
 Source0:        %{name}-%{version}.tar.gz
-Source1:        kubevirt-psp-caasp.yaml
+Source1:        kubevirt_containers_meta
-Source2:        kubevirt_containers_meta
+Source2:        kubevirt_containers_meta.service
-Source3:        kubevirt_containers_meta.service
+Source3:        %{url}/releases/download/v%{version}/disks-images-provider.yaml
 Source4:        https://github.com/kubevirt/kubevirt/releases/download/v%{version}/disks-images-provider.yaml
 Source100:      %{name}-rpmlintrc
 BuildRequires:  glibc-devel-static
 BuildRequires:  golang-packaging
@ -170,7 +169,7 @@ sed -i"" \
    -e "s#_REGISTRY_#${registry}#g" \
    -e "s#_PKG_VERSION_#%{version}#g" \
    -e "s#_PKG_RELEASE_#%{release}#g" \
-    %{S:2}
+    %{S:1}
 mkdir -p go/src/kubevirt.io go/pkg
 ln -s ../../../ go/src/kubevirt.io/kubevirt
@ -186,16 +185,16 @@ KUBEVIRT_GIT_VERSION='v%{version}' \
 KUBEVIRT_GIT_TREE_STATE="clean" \
 build_tests="true" \
 ./hack/build-go.sh install \
-	cmd/virtctl \
+    cmd/virtctl \
-	cmd/virt-api \
+    cmd/virt-api \
-	cmd/virt-controller \
+    cmd/virt-controller \
-	cmd/virt-chroot \
+    cmd/virt-chroot \
-	cmd/virt-handler \
+    cmd/virt-handler \
-	cmd/virt-launcher \
+    cmd/virt-launcher \
-	cmd/virt-operator \
+    cmd/virt-operator \
-	%{nil}
+    %{nil}
-env DOCKER_PREFIX=$reg_path DOCKER_TAG=%{version}-%{release} KUBEVIRT_NO_BAZEL=true GO_BUILD=true ./hack/build-manifests.sh
+env DOCKER_PREFIX=$reg_path DOCKER_TAG=%{version}-%{release} KUBEVIRT_NO_BAZEL=true ./hack/build-manifests.sh
 %install
 mkdir -p %{buildroot}%{_bindir}
@ -215,33 +214,27 @@ install -p -m 0755 cmd/virt-launcher/node-labeller/node-labeller.sh %{buildroot}
 install -p -m 0644 cmd/virt-handler/virt_launcher.cil %{buildroot}/
 # Install network stuff
-mkdir -p %{buildroot}%{_sysconfdir}/nftables
+install -p -m 0644 cmd/virt-handler/nsswitch.conf %{buildroot}/
-install -p -m 0644 cmd/virt-handler/nsswitch.conf %{buildroot}%{_sysconfdir}/
+install -p -m 0644 cmd/virt-handler/ipv4-nat.nft %{buildroot}/
-install -p -m 0644 cmd/virt-handler/ipv4-nat.nft %{buildroot}%{_sysconfdir}/nftables/
+install -p -m 0644 cmd/virt-handler/ipv6-nat.nft %{buildroot}/
 install -p -m 0644 cmd/virt-handler/ipv6-nat.nft %{buildroot}%{_sysconfdir}/nftables/
 # Install release manifests
 mkdir -p %{buildroot}%{_datadir}/kube-virt/manifests/release
 install -m 0644 _out/manifests/release/kubevirt-operator.yaml %{buildroot}%{_datadir}/kube-virt/manifests/release/
 install -m 0644 _out/manifests/release/kubevirt-cr.yaml %{buildroot}%{_datadir}/kube-virt/manifests/release/
 # TODO:
 # Create a proper Pod Security Policy (PSP) for KubeVirt. For now, add one
 # that uses the CaaSP privileged PSP. It can be used with CaaSP-based
 # Kubernetes clusters.
 install -m 644 %{S:1} %{buildroot}/%{_datadir}/kube-virt/manifests/release/
 # Install manifests for testing
 mkdir -p %{buildroot}%{_datadir}/kube-virt/manifests/testing
 install -m 0644 _out/manifests/testing/* %{buildroot}%{_datadir}/kube-virt/manifests/testing/
 # The generated disks-images-provider.yaml refers to nonexistent container
 # images. Overwrite it with the upstream version for testing.
-install -m 0644 %{S:4} %{buildroot}/%{_datadir}/kube-virt/manifests/testing/
+install -m 0644 %{S:3} %{buildroot}/%{_datadir}/kube-virt/manifests/testing/
 install -m 0644 tests/default-config.json %{buildroot}%{_datadir}/kube-virt/manifests/testing/
 # Install kubevirt_containers_meta build service
 mkdir -p %{buildroot}%{_prefix}/lib/obs/service
-install -m 0755 %{S:2} %{buildroot}%{_prefix}/lib/obs/service
+install -m 0755 %{S:1} %{buildroot}%{_prefix}/lib/obs/service
-install -m 0644 %{S:3} %{buildroot}%{_prefix}/lib/obs/service
+install -m 0644 %{S:2} %{buildroot}%{_prefix}/lib/obs/service
 %files virtctl
 %license LICENSE
@ -266,12 +259,12 @@ install -m 0644 %{S:3} %{buildroot}%{_prefix}/lib/obs/service
 %files virt-handler
 %license LICENSE
 %doc README.md
 %dir %{_sysconfdir}/nftables
 %{_bindir}/virt-handler
 %{_bindir}/virt-chroot
 /virt_launcher.cil
-%{_sysconfdir}/nsswitch.conf
+/nsswitch.conf
-%{_sysconfdir}/nftables
+/ipv4-nat.nft
 /ipv6-nat.nft
 %files virt-launcher
 %license LICENSE