operator: add image upgrade with env vars

hj-johannes-lee · hj-johannes-lee · commit 6a60c745d2ff · 2023-09-18T11:45:52.000-07:00
Signed-off-by: Hyeongju Johannes Lee &lt;hyeongju.lee@intel.com&gt;
diff --git a/DEVEL.md b/DEVEL.md
@@ -132,6 +132,8 @@ Check if the fields mentioned below in the [base CSV manifest file](deployments/
 - metadata.annotations.containerImage
 - metadata.annotations.createdAT
 
+Check if [manager yaml file](deployments/operator/manager/manager.yaml) `spec.template.spec.containers.env` has correct sha256 digest for each plugin image.
+
 Fork the [Community Operators](https://github.com/k8s-operatorhub/community-operators) repo and clone it:
 ```
 $ git clone https://github.com/<GitHub Username>/community-operators
diff --git a/cmd/operator/README.md b/cmd/operator/README.md
@@ -109,11 +109,13 @@ The upgrade of the deployed plugins can be done by simply installing a new relea
 
 The operator auto-upgrades operator-managed plugins (CR images and thus corresponding deployed daemonsets) to the current release of the operator.
 
-During upgrade the tag in the image path is updated (e.g. docker.io/intel/intel-sgx-plugin:tag), but the rest of the path is left intact.
+From `0.28.0` release, each version of the operator can have a set of images in `deployments/operator/manager/manager.yaml` as env variables.
 
-No upgrade is done for:
-- Non-operator managed deployments
-- Operator deployments without numeric tags
+When env variables are set for specific plugins (and their initcontainers), plugins are upgraded to the images set as env variables and all user input is ignored.
+
+The name of env variables is capitalized image with '_SHA' ending (e.g. in case of the image for `intel-sgx-plugin`, the env variable is `INTEL_SGX_PLUGIN_SHA`).
+
+The value of env variables is the full path of the image (e.g. `docker.io/intel/intel-sgx-plugin@sha256:<digest>`).
 
 ## Limiting Supported Devices
 
diff --git a/pkg/controllers/reconciler.go b/pkg/controllers/reconciler.go
@@ -17,6 +17,8 @@ package controllers
 
 import (
 	"context"
+	"os"
+	"path/filepath"
 	"strings"
 	"sync"
 
@@ -175,6 +177,16 @@ func UpgradeImages(image *string, initimage *string) (upgrade bool) {
 
 		if parts := strings.SplitN(*s, ":", 2); len(parts) == 2 && len(parts[0]) > 0 {
 			name, version := parts[0], parts[1]
+
+			envVarValue := os.Getenv(strings.ReplaceAll(strings.ToUpper(filepath.Base(name)), "-", "_") + "_SHA")
+
+			if envVarValue != "" && *s != envVarValue {
+				*s = envVarValue
+				upgrade = true
+
+				continue
+			}
+
 			if ver, err := versionutil.ParseSemantic(version); err == nil && ver.LessThan(ImageMinVersion) {
 				*s = name + ":" + ImageMinVersion.String()
 				upgrade = true
