From ab416d5685eb05edac7b9fba106bc12386b98acb Mon Sep 17 00:00:00 2001 From: Patryk Matuszak Date: Wed, 30 Jul 2025 13:36:57 +0200 Subject: [PATCH 1/3] Special case for Multus which is config-driven --- pkg/healthcheck/microshift_core_workloads.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/healthcheck/microshift_core_workloads.go b/pkg/healthcheck/microshift_core_workloads.go index 6c50d99c50..164ddcb3ac 100644 --- a/pkg/healthcheck/microshift_core_workloads.go +++ b/pkg/healthcheck/microshift_core_workloads.go @@ -119,6 +119,13 @@ func fillOptionalWorkloadsIfApplicable(cfg *config.Config, workloads map[string] Deployments: comps, } } + + if cfg.Network.Multus.IsEnabled() { + workloads["openshift-multus"] = NamespaceWorkloads{ + DaemonSets: []string{"multus", "dhcp-daemon"}, + } + } + return nil } From d4746956a7126c313370d89634a32a5c5de57843 Mon Sep 17 00:00:00 2001 From: Patryk Matuszak Date: Wed, 30 Jul 2025 13:37:18 +0200 Subject: [PATCH 2/3] Get optional (RPM) MicroShift workloads --- pkg/healthcheck/healthcheck.go | 4 ++ .../microshift_optional_workloads.go | 51 +++++++++++++++++++ pkg/healthcheck/workloads.go | 20 ++++++++ 3 files changed, 75 insertions(+) create mode 100644 pkg/healthcheck/microshift_optional_workloads.go diff --git a/pkg/healthcheck/healthcheck.go b/pkg/healthcheck/healthcheck.go index 21e98165e2..bed4114588 100644 --- a/pkg/healthcheck/healthcheck.go +++ b/pkg/healthcheck/healthcheck.go @@ -21,6 +21,10 @@ func MicroShiftHealthcheck(ctx context.Context, timeout time.Duration) error { return err } + if err := fillOptionalMicroShiftWorkloads(workloads); err != nil { + return err + } + if err := waitForWorkloads(ctx, timeout, workloads); err != nil { return err } diff --git a/pkg/healthcheck/microshift_optional_workloads.go b/pkg/healthcheck/microshift_optional_workloads.go new file mode 100644 index 0000000000..163aa31af6 --- /dev/null +++ b/pkg/healthcheck/microshift_optional_workloads.go @@ -0,0 +1,51 @@ +package healthcheck + +import ( + "github.com/openshift/microshift/pkg/util" + "k8s.io/klog/v2" +) + +type optionalWorkloads struct { + Namespace string + Workloads NamespaceWorkloads +} + +// optionalWorkloadPaths defines the mapping of manifest filepath to the namespace and workloads. +var optionalWorkloadPaths = map[string]optionalWorkloads{ + "/usr/lib/microshift/manifests.d/001-microshift-olm": { + Namespace: "openshift-operator-lifecycle-manager", + Workloads: NamespaceWorkloads{Deployments: []string{"olm-operator", "catalog-operator"}}, + }, + + "/usr/lib/microshift/manifests.d/000-microshift-gateway-api": { + Namespace: "openshift-gateway-api", + Workloads: NamespaceWorkloads{ + Deployments: []string{"servicemesh-operator3", "istiod-openshift-gateway-api"}, + }, + }, + + "/usr/lib/microshift/manifests.d/060-microshift-cert-manager": { + Namespace: "cert-manager", + Workloads: NamespaceWorkloads{Deployments: []string{"cert-manager", "cert-manager-webhook", "cert-manager-cainjector"}}, + }, + + "/usr/lib/microshift/manifests.d/010-microshift-ai-model-serving-kserve": { + Namespace: "redhat-ods-applications", + Workloads: NamespaceWorkloads{Deployments: []string{"kserve-controller-manager"}}, + }, +} + +// fillOptionalMicroShiftWorkloads assembles list of optional MicroShift workloads +// existing on the filesystem as manifests (in comparison to Multus which +// manifests are part of MicroShift binary). +func fillOptionalMicroShiftWorkloads(workloadsToCheck map[string]NamespaceWorkloads) error { + for path, ow := range optionalWorkloadPaths { + if exists, err := util.PathExists(path); err != nil { + return err + } else if exists { + klog.Infof("Optional component path exists: %s - expecting %v in namespace %q", path, ow.Workloads.String(), ow.Namespace) + workloadsToCheck[ow.Namespace] = ow.Workloads + } + } + return nil +} diff --git a/pkg/healthcheck/workloads.go b/pkg/healthcheck/workloads.go index ecb5a25cef..091edd96f3 100644 --- a/pkg/healthcheck/workloads.go +++ b/pkg/healthcheck/workloads.go @@ -27,6 +27,26 @@ type NamespaceWorkloads struct { StatefulSets []string `json:"statefulsets"` } +func (nw NamespaceWorkloads) String() string { + var parts []string + + if len(nw.Deployments) > 0 { + parts = append(parts, fmt.Sprintf("Deployments: [%s]", strings.Join(nw.Deployments, ", "))) + } + if len(nw.DaemonSets) > 0 { + parts = append(parts, fmt.Sprintf("DaemonSets: [%s]", strings.Join(nw.DaemonSets, ", "))) + } + if len(nw.StatefulSets) > 0 { + parts = append(parts, fmt.Sprintf("StatefulSets: [%s]", strings.Join(nw.StatefulSets, ", "))) + } + + if len(parts) == 0 { + return "" + } + + return strings.Join(parts, ", ") +} + func waitForWorkloads(ctx context.Context, timeout time.Duration, workloads map[string]NamespaceWorkloads) error { kubeconfigPath := filepath.Join(config.DataDir, "resources", string(config.KubeAdmin), "kubeconfig") restConfig, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath) From 0a2d0dd10b00fce166d42a47d99b2b7900cc240d Mon Sep 17 00:00:00 2001 From: Patryk Matuszak Date: Wed, 30 Jul 2025 13:38:19 +0200 Subject: [PATCH 3/3] Remove healthcheck scripts: optional MicroShift workloads are now part of healthcheck command --- ...croshift-running-check-ai-model-serving.sh | 38 ------------------- .../microshift-running-check-cert-manager.sh | 37 ------------------ .../microshift-running-check-gateway-api.sh | 37 ------------------ .../microshift-running-check-multus.sh | 37 ------------------ .../greenboot/microshift-running-check-olm.sh | 37 ------------------ packaging/rpm/microshift.spec | 13 ++----- 6 files changed, 3 insertions(+), 196 deletions(-) delete mode 100644 packaging/greenboot/microshift-running-check-ai-model-serving.sh delete mode 100755 packaging/greenboot/microshift-running-check-cert-manager.sh delete mode 100644 packaging/greenboot/microshift-running-check-gateway-api.sh delete mode 100755 packaging/greenboot/microshift-running-check-multus.sh delete mode 100755 packaging/greenboot/microshift-running-check-olm.sh diff --git a/packaging/greenboot/microshift-running-check-ai-model-serving.sh b/packaging/greenboot/microshift-running-check-ai-model-serving.sh deleted file mode 100644 index 8d467e8d97..0000000000 --- a/packaging/greenboot/microshift-running-check-ai-model-serving.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# -# AI Model Serving for MicroShift-specific functionality used in Greenboot health check procedures. -# -# If 'microshift-ai-model-serving' RPM is installed, health check needs to include resources -# from the 'redhat-ods-applications' namespace. -# -set -eu -o pipefail - -SCRIPT_NAME=$(basename "$0") - -# Source the MicroShift health check functions library -# shellcheck source=packaging/greenboot/functions.sh -source /usr/share/microshift/functions/greenboot.sh - -# Exit if the current user is not 'root' -if [ "$(id -u)" -ne 0 ] ; then - echo "The '${SCRIPT_NAME}' script must be run with the 'root' user privileges" - exit 1 -fi - -exit_if_fail_marker_exists - -echo "STARTED" - -# Print the boot variable status -print_boot_status - -# Set the wait timeout for the current check based on the boot counter -WAIT_TIMEOUT_SECS=$(get_wait_timeout) - -if ! microshift healthcheck \ - -v=2 --timeout="${WAIT_TIMEOUT_SECS}s" \ - --timeout="${WAIT_TIMEOUT_SECS}s" \ - --namespace redhat-ods-applications \ - --deployments kserve-controller-manager; then - create_fail_marker_and_exit -fi diff --git a/packaging/greenboot/microshift-running-check-cert-manager.sh b/packaging/greenboot/microshift-running-check-cert-manager.sh deleted file mode 100755 index 11be3a14d8..0000000000 --- a/packaging/greenboot/microshift-running-check-cert-manager.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# -# MicroShift Cert-Manager-specific functionality used in Greenboot health check procedures. -# -# If 'microshift-cert-manager' RPM is installed, health check needs to include resources -# from the 'cert-manager' namespace. -# -set -eu -o pipefail - -SCRIPT_NAME=$(basename "$0") - -# Source the MicroShift health check functions library -# shellcheck source=packaging/greenboot/functions.sh -source /usr/share/microshift/functions/greenboot.sh - -# Exit if the current user is not 'root' -if [ "$(id -u)" -ne 0 ] ; then - echo "The '${SCRIPT_NAME}' script must be run with the 'root' user privileges" - exit 1 -fi - -exit_if_fail_marker_exists - -echo "STARTED" - -# Print the boot variable status -print_boot_status - -# Set the wait timeout for the current check based on the boot counter -WAIT_TIMEOUT_SECS=$(get_wait_timeout) - -if ! microshift healthcheck \ - -v=2 --timeout="${WAIT_TIMEOUT_SECS}s" \ - --namespace cert-manager \ - --deployments cert-manager,cert-manager-webhook,cert-manager-cainjector; then - create_fail_marker_and_exit -fi diff --git a/packaging/greenboot/microshift-running-check-gateway-api.sh b/packaging/greenboot/microshift-running-check-gateway-api.sh deleted file mode 100644 index 16ac1682af..0000000000 --- a/packaging/greenboot/microshift-running-check-gateway-api.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# -# MicroShift Gateway API-specific functionality used in Greenboot health check procedures. -# -# If 'microshift-gateway-api' RPM is installed, health check needs to include resources -# from the 'openshift-gateway-api' namespace. -# -set -eu -o pipefail - -SCRIPT_NAME=$(basename "$0") - -# Source the MicroShift health check functions library -# shellcheck source=packaging/greenboot/functions.sh -source /usr/share/microshift/functions/greenboot.sh - -# Exit if the current user is not 'root' -if [ "$(id -u)" -ne 0 ] ; then - echo "The '${SCRIPT_NAME}' script must be run with the 'root' user privileges" - exit 1 -fi - -exit_if_fail_marker_exists - -echo "STARTED" - -# Print the boot variable status -print_boot_status - -# Set the wait timeout for the current check based on the boot counter -WAIT_TIMEOUT_SECS=$(get_wait_timeout) - -if ! microshift healthcheck \ - -v=2 --timeout="${WAIT_TIMEOUT_SECS}s" \ - --namespace openshift-gateway-api \ - --deployments servicemesh-operator3,istiod-openshift-gateway-api; then - create_fail_marker_and_exit -fi diff --git a/packaging/greenboot/microshift-running-check-multus.sh b/packaging/greenboot/microshift-running-check-multus.sh deleted file mode 100755 index 01914faf1e..0000000000 --- a/packaging/greenboot/microshift-running-check-multus.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# -# MicroShift Multus-specific functionality used in Greenboot health check procedures. -# -# If 'microshift-multus' RPM is installed, health check needs to include resources -# from the 'openshift-multus' namespace. -# -set -eu -o pipefail - -SCRIPT_NAME=$(basename "$0") - -# Source the MicroShift health check functions library -# shellcheck source=packaging/greenboot/functions.sh -source /usr/share/microshift/functions/greenboot.sh - -# Exit if the current user is not 'root' -if [ "$(id -u)" -ne 0 ] ; then - echo "The '${SCRIPT_NAME}' script must be run with the 'root' user privileges" - exit 1 -fi - -exit_if_fail_marker_exists - -echo "STARTED" - -# Print the boot variable status -print_boot_status - -# Set the wait timeout for the current check based on the boot counter -WAIT_TIMEOUT_SECS=$(get_wait_timeout) - -if ! microshift healthcheck \ - -v=2 --timeout="${WAIT_TIMEOUT_SECS}s" \ - --namespace openshift-multus \ - --daemonsets multus,dhcp-daemon; then - create_fail_marker_and_exit -fi diff --git a/packaging/greenboot/microshift-running-check-olm.sh b/packaging/greenboot/microshift-running-check-olm.sh deleted file mode 100755 index 8a10d360f8..0000000000 --- a/packaging/greenboot/microshift-running-check-olm.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# -# MicroShift OLM-specific functionality used in Greenboot health check procedures. -# -# If 'microshift-olm' RPM is installed, health check needs to include resources -# from the 'openshift-operator-lifecycle-manager' namespace. -# -set -eu -o pipefail - -SCRIPT_NAME=$(basename "$0") - -# Source the MicroShift health check functions library -# shellcheck source=packaging/greenboot/functions.sh -source /usr/share/microshift/functions/greenboot.sh - -# Exit if the current user is not 'root' -if [ "$(id -u)" -ne 0 ] ; then - echo "The '${SCRIPT_NAME}' script must be run with the 'root' user privileges" - exit 1 -fi - -exit_if_fail_marker_exists - -echo "STARTED" - -# Print the boot variable status -print_boot_status - -# Set the wait timeout for the current check based on the boot counter -WAIT_TIMEOUT_SECS=$(get_wait_timeout) - -if ! microshift healthcheck \ - -v=2 --timeout="${WAIT_TIMEOUT_SECS}s" \ - --namespace openshift-operator-lifecycle-manager \ - --deployments olm-operator,catalog-operator; then - create_fail_marker_and_exit -fi diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec index 07d0761150..5937fbb19c 100644 --- a/packaging/rpm/microshift.spec +++ b/packaging/rpm/microshift.spec @@ -420,7 +420,6 @@ install -d -m755 %{buildroot}/%{_prefix}/lib/microshift/manifests.d/001-microshi # Copy all the OLM manifests except the arch specific ones install -p -m644 assets/optional/operator-lifecycle-manager/0000* %{buildroot}/%{_prefix}/lib/microshift/manifests.d/001-microshift-olm install -p -m644 assets/optional/operator-lifecycle-manager/kustomization.yaml %{buildroot}/%{_prefix}/lib/microshift/manifests.d/001-microshift-olm -install -p -m755 packaging/greenboot/microshift-running-check-olm.sh %{buildroot}%{_sysconfdir}/greenboot/check/required.d/50_microshift_running_check_olm.sh %ifarch %{arm} aarch64 cat assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml >> %{buildroot}/%{_prefix}/lib/microshift/manifests.d/001-microshift-olm/kustomization.yaml @@ -437,7 +436,6 @@ install -p -m644 assets/optional/operator-lifecycle-manager/release-olm-{x86_64, # multus install -d -m755 %{buildroot}%{_sysconfdir}/microshift/config.d install -p -m644 packaging/microshift/dropins/enable-multus.yaml %{buildroot}%{_sysconfdir}/microshift/config.d/00-enable-multus.yaml -install -p -m755 packaging/greenboot/microshift-running-check-multus.sh %{buildroot}%{_sysconfdir}/greenboot/check/required.d/41_microshift_running_check_multus.sh install -p -m755 packaging/crio.conf.d/12-microshift-multus.conf %{buildroot}%{_sysconfdir}/crio/crio.conf.d/12-microshift-multus.conf # multus-release-info @@ -518,7 +516,6 @@ install -p -m755 packaging/tuned/microshift-tuned.py %{buildroot}%{_bindir}/micr install -d -m755 %{buildroot}/%{_prefix}/lib/microshift/manifests.d/000-microshift-gateway-api install -p -m644 assets/optional/gateway-api/0* %{buildroot}/%{_prefix}/lib/microshift/manifests.d/000-microshift-gateway-api install -p -m644 assets/optional/gateway-api/kustomization.yaml %{buildroot}/%{_prefix}/lib/microshift/manifests.d/000-microshift-gateway-api -install -p -m755 packaging/greenboot/microshift-running-check-gateway-api.sh %{buildroot}%{_sysconfdir}/greenboot/check/required.d/41_microshift_running_check_gateway_api.sh %ifarch %{arm} aarch64 cat assets/optional/gateway-api/kustomization.aarch64.yaml >> %{buildroot}/%{_prefix}/lib/microshift/manifests.d/000-microshift-gateway-api/kustomization.yaml @@ -571,7 +568,6 @@ install -d -m755 %{buildroot}/%{_prefix}/lib/microshift/manifests.d/050-microshi install -p -m644 assets/optional/ai-model-serving/runtimes/*.yaml %{buildroot}/%{_prefix}/lib/microshift/manifests.d/050-microshift-ai-model-serving-runtimes rm -v %{buildroot}/%{_prefix}/lib/microshift/manifests.d/050-microshift-ai-model-serving-runtimes/kustomization.x86_64.yaml -install -p -m755 packaging/greenboot/microshift-running-check-ai-model-serving.sh %{buildroot}%{_sysconfdir}/greenboot/check/required.d/41_microshift_running_check_ai_model_serving.sh cat assets/optional/ai-model-serving/runtimes/kustomization.x86_64.yaml >> %{buildroot}/%{_prefix}/lib/microshift/manifests.d/050-microshift-ai-model-serving-runtimes/kustomization.yaml %endif @@ -604,7 +600,6 @@ install -p -m644 assets/optional/cert-manager/manager/*.yaml %{buildroot}/%{_pre install -d -m755 %{buildroot}/%{_prefix}/lib/microshift/manifests.d/060-microshift-cert-manager/rbac install -p -m644 assets/optional/cert-manager/rbac/*.yaml %{buildroot}/%{_prefix}/lib/microshift/manifests.d/060-microshift-cert-manager/rbac install -p -m644 assets/optional/cert-manager/kustomization.yaml %{buildroot}/%{_prefix}/lib/microshift/manifests.d/060-microshift-cert-manager -install -p -m755 packaging/greenboot/microshift-running-check-cert-manager.sh %{buildroot}%{_sysconfdir}/greenboot/check/required.d/60_microshift_running_check_cert_manager.sh # cert-manager-release-info mkdir -p -m755 %{buildroot}%{_datadir}/microshift/release @@ -733,14 +728,12 @@ fi %files olm %dir %{_prefix}/lib/microshift/manifests.d/001-microshift-olm %{_prefix}/lib/microshift/manifests.d/001-microshift-olm/* -%{_sysconfdir}/greenboot/check/required.d/50_microshift_running_check_olm.sh %files olm-release-info %{_datadir}/microshift/release/release-olm-{x86_64,aarch64}.json %files multus %{_sysconfdir}/microshift/config.d/00-enable-multus.yaml -%{_sysconfdir}/greenboot/check/required.d/41_microshift_running_check_multus.sh %{_sysconfdir}/crio/crio.conf.d/12-microshift-multus.conf %files multus-release-info @@ -779,7 +772,6 @@ fi %files gateway-api %dir %{_prefix}/lib/microshift/manifests.d/000-microshift-gateway-api %{_prefix}/lib/microshift/manifests.d/000-microshift-gateway-api/* -%{_sysconfdir}/greenboot/check/required.d/41_microshift_running_check_gateway_api.sh %files gateway-api-release-info %{_datadir}/microshift/release/release-gateway-api-{x86_64,aarch64}.json @@ -791,7 +783,6 @@ fi %dir %{_prefix}/lib/microshift/manifests.d/050-microshift-ai-model-serving-runtimes %{_prefix}/lib/microshift/manifests.d/010-microshift-ai-model-serving-kserve/* %{_prefix}/lib/microshift/manifests.d/050-microshift-ai-model-serving-runtimes/* -%{_sysconfdir}/greenboot/check/required.d/41_microshift_running_check_ai_model_serving.sh %endif %files ai-model-serving-release-info @@ -808,7 +799,6 @@ fi %files cert-manager %dir %{_prefix}/lib/microshift/manifests.d/060-microshift-cert-manager %{_prefix}/lib/microshift/manifests.d/060-microshift-cert-manager/* -%{_sysconfdir}/greenboot/check/required.d/60_microshift_running_check_cert_manager.sh %files cert-manager-release-info %{_datadir}/microshift/release/release-cert-manager-{x86_64,aarch64}.json @@ -817,6 +807,9 @@ fi # Use Git command to generate the log and replace the VERSION string # LANG=C git log --date="format:%a %b %d %Y" --pretty="tformat:* %cd %an <%ae> VERSION%n- %s%n" packaging/rpm/microshift.spec %changelog +* Mon Aug 11 2025 Patryk Matuszak 4.20.0 +- Remove healthcheck scripts: optional MicroShift workloads are now part of healthcheck command + * Wed Aug 06 2025 Evgeny Slutsky 4.20.0 - Remove firewalld service override configuration to avoid flushing of iptables